Sunteți pe pagina 1din 87

TCL Network Associate

Handout
Networking Level – 1

TCL TRAINNG DIVISION


CONTENT

Section 1 Basics of Networking

Section 2 OSI Reference Model

Section 3 Ethernet Technology

Section 4 Networking devices like HUB, SWITCH, ROUTER

Section 5 Switching

Section 6 Spanning Tree Protocol

Section 7 IPV4 Address and Subnet

Section 8 Router Components

Section 9 Cisco IOS Configuration

Section 10 Cisco Advanced IOS Configuration

Section 11 Routing Fundamentals

Section 12 Static Routing

Section 13 Routing Information protocol (RIP)

Section 14 Enhanced Interior Gateway Routing Protocol (EIGRP)

Section 15 Open Shortest Path First (OSPF)

Section 16 Virtual LAN (VLAN)

Section 17 Access Control Lists (ACL)

Section 18 WAN Wide Area Network

Section 19 PPP and HDLC

Section 20 Frame Relay

Section 21 Network Address Translation (NAT)


Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 2
Section 1

Basics of Networking

Network

Network can be said as devices connected together to share information, resources and
Services. Some types of data or services that can be shared on a network are documents,
music, email, websites, databases, printers, faxes, telephony, videoconferencing, etc.

As network grows, Traffic also increases and the flow becomes inefficient and overloaded.
Devices like Router, Switch and bridges perform segmentation to manage the traffic flow.

Protocols are set of rules, which define the method by which devices share data and services.

Basic Network Types

Networks are generally broken down into five types:

LAN (Local Area Networks) - a high-speed network that covers a relatively small geographic
area.

WAN (Wide Area Networks) – A WAN is a collection of networks that spans large
geographical locations, usually to interconnect multiple LANs.

MAN (Metropolitan Area Network). A MAN is defined as a network that spans several LAN‟s
across a city-wide geographic area.

CAN (Campus Area Network). A CAN is defined as a network that confines within a campus
area.

PAN (Personnel Area Network) - A personal area network (PAN) is the interconnection of
information technology devices within the range of an individual person. Example: like
connecting Mobile, PDA to LAPTOP.

Network Types:

• Peer-to-Peer networks
• Client/Server networks
• Mainframe/Terminal networks

When using a peer-to-peer architecture, all hosts on the network can both request and
service data. For example, configuring two Windows XP workstations to share files would be
considered a peer-to-peer network.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 3
Disadvantages of this type are that the data is spread across multiple devices, making it difficult
to manage and back-up that data. And more ever, security becomes non manageable, as you
must configure individual permissions and user accounts on each host. And this is not a Scalable
solution for enterprise, but can be used for very small networks.

When using client/server architecture, hosts are assigned specific roles. Clients request data
and services stored on Servers. Example: Connecting Windows XP workstations to a Windows
2003 Domain.
Advantage is that the data is now centrally located on a server or servers, and hence only one
or few entities to manage, back-up, and secure the data and is more scalable.
The Disadvantage here is being a single point of failure, but this can be overcome by using
Clustering.

Mainframe/terminal architecture is often referred to as a thin client environment, a single


device (the mainframe) stores all data and services for the network. This is similar to
client/Server Architecture but the mainframe performs all processing functions for the dumb
terminals (or thin-clients) that connect to the mainframe. The thin clients perform no
processing whatsoever, but serve only as input and output devices into the mainframe.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 4
Section 2
OSI Reference Model

The Open Systems Interconnection (OSI) model was developed in early 1970‟s and
formulated in 1983 by the International Organization for Standardization (ISO). It was the first
networking model, and provided the framework governing how information is sent across a
network. It is a set of guidelines for communicating between two end users.

The OSI Model consists of seven layers, each corresponding to a particular network function:

Layer 7 Application
Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical

A more practical model was developed by the Department of Defense, and became the basis
for the TCP/IP protocol suite.

The Upper Layers:


The top three layers of the OSI model are often referred to as the upper Layers. The protocols
used here are generally implemented in software.

The Application layer (Layer 7) provides the actual interface between the user application
and the network. This is the layer where user directly interacts. This layer ensures that the
remote communication peer is available and agrees upon the data integrity, privacy etc.
Examples of application layer protocols include:
• FTP (via an FTP client)
• HTTP (via a web-browser)
• SMTP (via an email client)
• Telnet

The Presentation layer (Layer 6) controls the formatting of user data, whether it is text,
video, sound, or an image. The presentation layer ensures that data from the sender to receiver
are in understandable format. This layer also performs encryption and compression of data.
Examples of presentation layer formats include:
• Text (RTF, ASCII, EBCDIC)
• Music (MIDI, MP3, WAV)
• Images (GIF, JPG, TIF, PICT)
• Movies (MPEG, AVI, MOV)

The Session layer (Layer 5) establishes, maintains, and finally terminates connections
between devices. Sessions can be full-duplex or half-duplex. Sessions might be for just a second

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 5
for sending one message or for longer duration. Each session to related to certain ports which
might be static or dynamic (Static ports are defined as well-known ports)

The four layers below the upper layers are referred as the lower Layers.

The Transport layer (Layer 4) is concerned with the reliable transfer of data, end-to-end.
This layer ensures transporting data in two methods that is Connection-oriented (reliable) or
Connectionless (Unreliable).

Two types of transport layer communication:

Connection-oriented - parameters must be agreed upon by both parties before a


connection is established.
Connectionless – no parameters are established before data is sent.

Parameters that are negotiated by connection-oriented protocols include:

Flow Control (Windowing) – Dictating how much data can be sent between
acknowledgements
TCP uses a series of acknowledgements enforcing flow control. When a router receives a
packet, it sends an acknowledgement back to the sender. If the sender does not receive
acknowledge the segment will be resent and reassembled in the correct order at the receiver.

Congestion Control:
This prevents the receiver‟s buffer from being overloaded, since packets that are not received
due to a full buffer are not acknowledged.

Error-Checking:
The transport layer does not actually send data. Instead, it segments data into smaller pieces for
transport. Each segment is assigned a sequence number, so that the receiving device can
reassemble the data on arrival.

Examples of transport layer protocols include Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP).

Three Way Handshake:

Steps involved in this are:


1. The sender requests SYN with the receiver,
2. The request is acknowledged by sending ACK and rules are agreed upon. The receiver
then requests SYN with the sender (bi directional).
3. The sender acknowledges the connection and the connection is established through
with data can be transferred.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 6
Windowing:
The term refers to data sent during the time after the sender sent a packet, but before it
completes processing the acknowledgement it receives.

Size of window means the number of packets the sender can transmit before it must wait for an
acknowledgement. Sliding windows is nothing but changing the window size dynamically based
on the traffic.

Example: Transport control Protocol (TCP) and User Datagram Protocol (UDP). Sequenced
Packet Exchange (SPX) is the transport layer protocol in the IPX protocol suite.

TCP Header

Field Length Description

Source Port 16 bits Source TCP Port


Destination Port 16 bits Destination TCP Port
Sequence Number 32 bits Initial Sequence Number
Ack Number 32 bits Acknowledgement Number
Data Offset 4 bits Indicates where the data begins in a TCP segment
Reserved 6 bits Always set to 0
Control Bits 6 bits URG, ACK, PSH, RST, SYN and FIN flags
Windows 16 bits Used for Flow Control
Checksum 16 bits Used for Error-Checking
Urgent Pointer 16 bits
Options Variable
Padding Variable To ensure the TCP header ends at a 32 bit boundary

UDP – User Datagram Protocol:

UDP is considered as Connectionless Unreliable Protocol as there is no Handshake before


transmission. No acknowledgement are sent or received. It does not guarantee delivery only
Best effort. There is no Windowing or flow control.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 7
UDP Header

Field Length Description

Source Port 16 bits Source UDP Port


Destination Port 16 bits Destination UDP Port
Length 16 bits Length of the header and the data
Checksum 16 bits Used for Error-Checking

TCP and UDP use ports to identify the different types of service,

TCP/UDP ports Numbers

20, 21 TCP FTP


22 TCP SSH
23 TCP TELNET
25 TCP SMTP
53 UDP DNS
80 TCP HTTP
110 TCP POP3
443 TCP SSL
666 TCP DOOM

The Network layer (Layer 3) has two key responsibilities. First, this layer controls the
logical addressing of devices. Logical addresses are organized as a hierarchy, and are not
embedded on devices. And also the network layer determines the best path to a particular
destination network, and routes the data appropriately.
Examples: Internet Protocol (IP) and Internetwork Packet Exchange (IPX).

Routed Protocol means the one which are routed like IP and Routing Protocol means the
one which determine the path by exchanging the routes.

The Data-Link layer (Layer 2) actually consists of two sub-layers:


Logical Link Control (LLC) sub-layer
Media Access Control (MAC) sub-layer
The LLC sub-layer serves as the intermediary between the physical link and all higher layer
protocols. It ensures that protocols like IP can function regardless of what type of physical link
is being used. It is also used for flow-control and error-checking, with the help of transport
layer protocol such as TCP or UDP.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 8
The MAC sub-layer controls access to the physical medium, serving as mediator if multiple
devices are trying to utilize the same physical link. Specific technologies have various methods
of accomplishing this.
Example: Ethernet uses CSMA/CD, Token Ring utilizes a token.

A frame contains a source and destination hardware or physical address. Hardware addresses
usually contain no hierarchy, and are often hard-coded on a device. Each device must have a
unique hardware address on the network.

As data is passed from the Application layer down the virtual layers of the OSI model, each of
the lower layers adds a header/Trailer containing protocol information specific to that layer.
These headers are called Protocol Data Units (PDUs), and the process of adding these headers
is called encapsulation.

Order of Encapsulation:

Layer 7 Application Data


Layer 6 Presentation Data
Layer 5 Session Data
Layer 4 Transport Segment
Layer 3 Network Packet
Layer 2 Data Link Frame
Layer 1 Physical Bits

OSI Reference Model Example

The following illustrates the OSI model in more practical terms, using a FTP request as an
example:

• At the Application layer, a web browser serves as the user interface for accessing FTP sites.
Specifically, FTP interfaces between the web browser and the FTP server.

• The format of the data being accessed is a Presentation layer function. Common data formats
on the Internet include HTML, XML, PHP, GIF, JPG, ASCII etc. Additionally, any encryption or
compression mechanisms used on a FTP page are a function of this layer.

• The Session layer establishes the connection between the Requestor and FTP Server. It
determines whether the communication is half-duplex or full-duplex.
Since FTP is the protocol used it takes the help of TCP for connection oriented data transfer.

• The TCP protocol ensures the reliable delivery of data from the FTP server to the client.
These are functions of the Transport layer.
Here before sending the Data three-way handshake is performed for which it takes the help of
IP to send the SYN packet to the destination. Get the SYN, ACK packet from the destination
and send back ACK packet before sending the FTP request data.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 9
• The logical in this case, IP addresses configured on the client and FTP server are a Network
Layer function. Additionally, the routers that determine the best path from the client to the
FTP server operate at this layer.
The network layer takes the help of Data link layer to identify the Layer 3 to Layer 2 mapping
using ARP
Note: ARP is used when the devices wants to map a Known IP to an Unknown MAC Address.
When devices learn MAC address it builds & maintains an ARP Cache table. The devices lookup
these ARP cache for proper MAC Address, if not found sends an ARP Broadcast with the
Known IP Address and for which gets an ARP Reply from the destination with the required
MAC Address.

• IP addresses are translated to hardware addresses at the Data-Link layer.

• The actual cabling, network cards, hubs, and other devices that provide the physical
connection between the client and the web server operate at the Physical layer.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 10
Section 3
Ethernet Technology

Ethernet has become the standard technology used in LAN networking. It is a transmission
method where each host on the network shares bandwidth on the link. There are different
IEEE categories of Ethernet:
802.3 - Ethernet (10 Mbps)
802.3u - Fast Ethernet (100 Mbps)
802.3z or 802.3ab - Gigabit Ethernet (1000 Mbps)

10base2 Coaxial - thinnet 10 Mbps 185 meters

10base5 Coaxial - thicknet 10 Mbps 500 meters

10baseT Twisted - pair 10 Mbps 100 meters

100baseT Twisted - pair 100 Mbps 100 meters

1000baseSX Fiber multi-mode 1 Gbps >500 meters

1000baseLX Fiber single-mode 1 Gbps > 3 km

Half-Duplex
Half duplex, devices can either transmit or receive data, but not simultaneously. Devices
connected to a hub operate at half-duplex

Full-Duplex
Full-duplex allows devices to both transmit and receive at the same time. Devices connected to
a switch can operate at full-duplex.

Twisted-Pair Cabling
Twisted-pair cable contains 2 or 4 pairs of wire, which are twisted around each other to
reduce crosstalk. Crosstalk is a form of electromagnetic interference EMI that reduces the
strength and
Quality of the signal. Twisted-pair cabling can be either shielded or unshielded.

Various categories of twisted-pair cable, identified by the number of twists per


inch.

• Category 3 (three twists per inch)


• Category 5 (five twists per inch)
• Category 5e (five twists per inch, pairs are twisted around each other)

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 11
Types of twisted Pair cables:

Straight-through Cable

Straight cables are used to connect


Host to a hub or switch
Router to a hub or switch

Crossover Cable

Crossover cables are used to connect


Host to a host
Hub to a hub
Switch to a switch
Hub to a switch
Router to a router

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 12
Rollover Cable

Rolled over cables are used to connect


PC into a Cisco router or Switch console or auxiliary port.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 13
Section 4

NETWORKING DEVICES LIKE HUB, SWITCH, ROUTER

Before knowing the difference between different networking devices, let us define two terms
Broadcast Domain and Collision Domain.

Broadcast Domain:

It‟s a set of networking devices that will receive all broadcasts sent on that segment. Broadcast
message will not have a specific destination, and will be received by each single device. If too
many devices are there in the broadcast domain, congestion can occur.

Collision Domain:

Any part of the network where there is a possibility that packets from two or more nodes will
interfere with each other is considered to be part of the same collision domain.
A network with a large number of nodes on the same segment will often have a lot of
collisions and therefore a large collision domain.

Hubs are Layer 1 devices that physically connect network devices together for
communication.
Hubs do not look at the Data-Link header, and thus cannot make intelligent forwarding
decisions based on MAC address. Thus, hubs will always forward every frame, including
unicasts, out every port, excluding the port that frame originated from. Hubs are basically
multiport repeaters. Hub cannot be used to break up a broadcast domain or a collision domain.

Repeaters are used to regenerate an electrical signal to allow the signal to travel long distance.

Bridges are used to break up collision domains but not broadcast domain.

Switches are basically a highly intelligent bridge. Switches also offer many more ports than a
bridge. Switches break up collision domains by logically placing hosts into their own, smaller
collision domains. Consider an Ethernet network with 50 hosts. Using CSMA/CD, if one host is
transmitting then the other 49 hosts cannot transmit. Switches can be used to create virtual
networks, each containing a smaller amount of hosts. In a network of 10 hosts if switches are
used and if one host is transmitting data would not affect the other nine users in that virtual
network. The chance of collisions decreases as well. Both Bridges and Switches operate at
Layer 2 of OSI model.

Router breaks up a broadcast domain due to one simple rule: routers do not forward
broadcasts. Routers also break up collision domains, but not by default. Router operate at
Layer 3 of OSI model

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 14
In the above example, there are THREE broadcast domains, and FIVE separate collision
domains. In this all ports coming from Router creates a separate broadcast AND collision domain
and each port of a switch creates a separate collision domain but whereas Hubs belong to only
one collision domain.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 15
Section 5

SWITCHING

Switches build CAM (Content Addressable memory) tables, to make intelligent forwarding
decisions on frames. The MAC address table maintains a list of MAC addresses and the switch
port each MAC is associated with.
When a Layer-2 switch is first powered on, it behaves much like a hub. The switch will flood
every frame, including unicasts, out every port except for the port the frame was received on.
The switch will then build a MAC address table by looking at the source MAC address of
each frame.
Layer-2 switches will forward a broadcast or multicast out every port, except for the port the
broadcast or multicast was received on.
Only Layer-3 devices can break apart broadcast domains. Because of this, Layer-2 switches are
not well suited for large, scalable networks. Layer-2 switches make forwarding decisions solely
based on Data-Link layer MAC addresses, and cannot differentiate different networks for which
Routers are must.

The three main functions of Switch are:


• Address Learning
• Intelligent forwarding and filtering
• Loop Avoidance

Device MAC Address Port


Comp-A aaaa.aaaa.aaaa E0
Comp-B bbbb.bbbb.bbbb E1

In the above diagram, Comp-A is attached to interface E0 and Comp-B is attached to interface
E1. When Comp-A sends a frame to Comp-B, the switch will add Comp-A‟s MAC address to
its table and associate it with port E0. Since the Switch does not have the MAC of Comp-B in
its CAM table it will send a flood the frame out all ports except on which it was received, for
Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 16
which it will get a reply from only Comp-B. Once it receives a frame from Comp-B, the switch
will add Comp-B‟s MAC address to its table and associate it with port E1. In future any frame
Comp-A to Comp-B will be sent out only from port E0 through E1.
A switch is always in a perpetual state of learning. However, as the MAC address table becomes
populated, the flooding of frames will decrease, allowing the switch to perform more intelligent
forwarding decisions.
These forwarding decisions are made at wire speed, due to specialized hardware circuits called
ASICs (Application-Specific Integrated Circuits).

Switching Methods:
Switches support three methods of forwarding frames.

Cut-Through method reads only the header of a frame to determine its destination address.
This method transfers frames at wire speed, and has the least latency. No error checking is
attempted when using the cut-through method.

FragmentFree - Modified Cut-Through method reads only the first 64 bytes of a frame,
which is minimize size of an Ethernet packet. Most collisions or corruption occurs in the first
64 bytes of a frame.

Store-and-Forward method reads the entire frame, and performs a Cycle Redundancy Check (CRC)
to ensure complete reliability. However, this additional error-checking causes store-and-forward to have
the highest latency of any of the switching methods.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 17
Section 6
Spanning Tree Protocol

Switching Loops

By default, a switch will forward a broadcast or multicast out all ports, except for the port the
broadcast or multicast was received on.
When a loop is introduced into the network, a highly destructive broadcast storm can develop
within seconds. Broadcast storms occur when broadcasts are endlessly switched through the
loop, choking off all other traffic.

If the computer connected to Switch 3 sends out a broadcast, the switch will forward the
broadcast out all ports, including the ports connecting to Switch 1 and Switch 4. Those
switches, likewise, will forward that broadcast out all ports, including to their neighboring
switches.
The broadcast will loop around the switches infinitely. In fact, there will be two separate
broadcast storms cycling in opposite directions through the switching loop. Only powering off
the switch or physically removing the loop will stop the storm. Along with this it creates
problems like Inconsistency in CAM table and multiple frame copies to the gateway. To avoid
all these Spanning tree Protocol is used.

MAC Address Default Priority Bridge ID


Switch 1 aaaa.aaaa.aaaa 32768 32768:aaaa.aaaa.aaaa
Switch 2 bbbb.bbbb.bbbb 32768 32768:bbbb.bbbb.bbbb
Switch 3 cccc.cccc.cccc 32768 32768:cccc.cccc.cccc
Switch 4 dddd.dddd.dddd 32768 32768:dddd.dddd.dddd

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 18
STP enabled switches communicate to form a topology of the entire switching network, and
then blocks a port if a loop exists. The blocked port can be reactivated if another link on the
switching network goes down, thus preserving fault-tolerance.
STP switches send BPDU’s (Bridge Protocol Data Units) to each other to form their
topology databases. BPDU‟s are sent out all ports every two seconds, are forwarded to a
specific MAC multicast address: 0180.c200.0000.

STP Process

To maintain a loop-free environment, STP performs the following functions:


• A Root Bridge is elected
• Root Ports are identified
• Designated Ports are identified
• If a loop exists, a port is placed in Blocking state or Non Designated port. If the loop is
removed the blocked port is activated again.

Step 1: Root Bridge

Elect a Root Bridge, which serves as the centralized point of the STP topology. Good design
practice dictates that the Root Bridge be placed closest to the center of the STP topology.
The Root Bridge is determined by a switch‟s priority. The default priority is 32,768, and the
lowest priority wins. In case of a tie in priority, the switch with the lowest MAC address will be
elected root bridge. The combination of a switch‟s priority and MAC address make up that
switch‟s Bridge ID.
In the above example:
Switches 1 to 4 have the default priority set. However, Switch 1 will become the root bridge, as
it has the lowest MAC address.
Switches exchange BPDU‟s to perform the election process. By default, all switches believe they
are the Root Bridge, until a switch with a lower Bridge ID is discovered.
Root Bridge elections are a continuous process. If a new switch with a lower Bridge ID is added
to the topology, it will be elected as the new Root Bridge.

Step 2: Root Port

Root Ports are the port on each switch that has the lowest path cost to get to the Root Bridge.
Each switch has only one Root Port, and the Root Bridge cannot have a Root Port.
Path Cost is a cumulative cost based on the bandwidth of the links. The higher the bandwidth,
the lower the Path Cost:
Bandwidth Cost
4 Mbps 250
10 Mbps 100
16 Mbps 62
100 Mbps 19
1 Gbps 4
10 Gbps 2

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 19
Assume the links between all switches are 100Mbps Ethernet, with a Path Cost of 19. Each
switch will identify the port with the least cumulative Path Cost to get to the Root Bridge.
For Switch 2, the port leading up to Switch 1 has a Path Cost of 19, and becomes the Root
Port. For Switch 3, the port leading up to Switch 1 has a Path Cost of 19, and becomes the
Root Port.
For Switch 4, the port leading up to Switch 1 via Switch 2 and Switch 3 has a Path Cost of 38,
but the lowest senders (either Switch 2 or Switch 3) Bridge ID becomes the tie breaker and
hence for Switch 3, the port leading up to Switch 1 via switch 2 becomes the Root Port.

Step 3: Designated Ports


Designated Ports are identified for each network segment and requires a Port, which has the
lowest path cost leading to the Root Bridge. This port will not be placed in a blocking state. A
port cannot be both a Designated Port and a Root Port.

Ports on the Root Bridge are never placed in a blocking state, and hence all ports originating
from Root bride will become Designated Ports for directly attached segments.
For the network segments between Switches 1 and 3, and between Switches 1 and 2, Switch 1‟s
port will become the designated port. But for the network segments between Switches 2 and 4,
and between Switches 3 and 4, both require a Designated Port. The ports on Switch 2 and
Switch 3 have the lowest Path Cost to the Root Bridge for the two respective segments, and
thus both become Designated Ports.

Step 4: Non Designated Port:

The segment between Switch 3 and Switch 4 does not contain a Root Port but one of the ports
must be elected the Designated Port for that segment, and Switch 3 have the lowest Path Cost
to the Root Bridge and hence become designated port, the other must be placed in a blocking
state.

Electing Root Port if the Bridge ID and the Port Cost is same

In case if the bandwidth of two links are equal as above, then both of Switch 2‟s interfaces have
an equal path cost to the Root Bridge. The tiebreaker to elect Root Port should be the lowest
bridge ID but if that is same then in these circumstances, Port ID will be used as the

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 20
tiebreaker. An interface‟s Port ID consists of two parts - a 6-bit port priority value, and the
MAC address for that port. Whichever interface has the lowest Port ID will become the Root
Port.

STP Port States

Switch ports participating in STP progress through five port states:

Blocking – The default state of an STP port when a switch is powered on, Ports in a blocking
state do not forward frames or learn MAC addresses. It will still listen for BPDUs from other
switches.

Listening – A port will progress from a Blocking to a Listening state only if the switch believes
that the port will not be shut down to eliminate a loop. The port will listen for BPDU‟s to
participate in the election of a Root Bridge, Root Ports, and Designated Ports. Ports in a
listening state will not forward frames or learn MAC addresses.

Learning – After a brief period of time, called a Forward Delay, a port in a listening state
will be elected either a Root Port or Designated Port, and placed in a learning state. Ports in a
learning state listen for BPDUs, and also begin to learn MAC addresses. However, ports in a
learning state will still not forward frames.

Forwarding – After another Forward Delay, a port in learning mode will be placed in
forwarding mode. Ports in a forwarding state can send and receive all data frames, and continue
to build the MAC address table. All designated, root, and non-uplink ports will eventually be
placed in a forwarding state.

Disabled – A port in disabled state has been administratively shut down, and does not
participate in STP or forward frames at all.

On average, a port in a blocking state will take approx. 50 seconds to reach a forwarding state.

STP Timers

• Hello Timer – Default is 2 seconds. Indicates how often BPDU‟s are sent by switches.

• Forward Delay – Default is 15 seconds. This timer indicates a delay period in both the
listening and learning states of a port, for a total of 30 seconds.

• Max Age – Default is 20 seconds. Indicates how long a switch will keep BPDU information
from a neighboring switch before discarding it.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 21
Section 7

IPV4 Address and Subnet

There are two types of Addressing Hardware Addressing and Logical Addressing,

Hardware Addressing
The hardware address is used by devices to communicate on the local network. Hardware
addressing is a function of the data-link layer of the OSI model (Layer-2). The hardware address
for Ethernet networks is the MAC address, a 48-bit hexadecimal address that is usually hard-
coded on the network card. The first six hexadecimal digits of a MAC identify the manufacturer
of the network card (referred to as the OUI (Organizational Unique Identifier)), and the last 6
digits identify the host device (referred to as the host ID).

MAC addresses can be represented as below in HEX,


00:00:AB:AB:11:12 or 0000.ABAB.1112

Logical Addressing
Logical addressing is a function of the network layer-3 of the OSI Model. Logical addresses
provide a hierarchical structure to separate networks. A logical address identifies not only a
unique Host ID, but also the network that host belongs to. Additionally, logical addresses are
rarely hard-coded onto hosts, and can be changed freely.

IPv4 Addressing
An IP address is separated into four octets and represented in decimal as 192.168.10. Each
octet is 8 bits long, resulting in a 32-bit IP address. A computer understands an IP address in
its binary form; the above address in binary would look as follows:
11000000.10101000.00001010.00000001

In the above IP address one part identifies the network and the other part address identifies the
host. A subnet mask helps make this distinction.

Consider the following: IP Address: 192.168.10.1 Subnet Mask: 255.255.255.0


• If a binary bit is set to a 1 (or on) in a subnet mask, the corresponding bit in the address
identifies the network.
• If a binary bit is set to a 0 (or off) in a subnet mask, the corresponding bit in the address
identifies the host.
Looking at the above address and subnet mask in binary:
Address: 11000000.10101000.00001010.00000001
Subnet Mask: 11111111.11111111.11111111.00000000
The first 24 bits of the subnet mask are set to 1. Thus, the first 24 bits 192.168.10 of the
address 192.168.10.1 identify the network. The last 8 bits of the subnet mask are set to 0. Thus,
the last 8 bits .1of the address 192.168.10.1identify the unique host on that network.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 22
Hosts on the same logical network will have identical network addresses, and can communicate
freely. For example, the following two hosts are on the same network:
Host A: 192.168.10.1 255.255.255.0
Host B: 192.168.10.2 255.255.255.0
Both share the same network address of 192.168.10., which is determined by the 255.255.255.0
subnet mask.

Hosts that are on different networks cannot communicate without an intermediating device.
For example:
Host A: 192.168.10.1 255.255.255.0
Host B: 192.168.11.1 255.255.255.0

IP Address Classes
The IPv4 address has three classes of Addresses. The value of the first octet of an address
determines the class of the network:

Class Address Range Default Subnet Mask


Class A 1 - 127 255.0.0.0
Class B 128 - 191 255.255.0.0
Class C 192 - 223 255.255.255.0

Class A networks range from 1 to 127. The default subnet mask is 255.0.0.0; thus, by default,
the first octet defines the network, and last three octets define the host. This results in a
maximum of 127 Class A networks, with 16,777,214 hosts per network.
Class A address: Address: 10.0.0.1, Subnet Mask: 255.0.0.0

Class B networks range from 128 to 191. The default subnet mask is 255.255.0.0; thus, by
default, the first two octets define the network, and the last two octets define the host. This
results in a maximum of 16,384 Class B networks, with 65,534 hosts per network.
Class B address: Address: 172.16.12.195, Subnet Mask: 255.255.0.0

Class C networks range from 192 to 223. The default subnet mask is 255.255.255.0; thus, by
default, the first three octets define the network, and the last octet defines the host. This
results in a maximum of 2,097,152 Class C networks, with 254 hosts per network.
Class C address: Address: 192.168.10.1, Subnet Mask: 255.255.255.0

CIDR (Classless Inter-Domain Routing)

Classless Inter-Domain Routing (CIDR) is another of representing a subnet mask. CIDR


identifies the number of binary bits set to a 1 (or on) in a subnet mask, preceded by a slash.

Consider the following subnet mask: 255.255.255.224

Looking at the above subnet mask in binary:

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 23
11111111.11111111.11111111.11100000

The first 28 bits of the above subnet mask are set to 1. To represent this in CIDR notation: /27

Subnet and Broadcast Addresses

Two addresses have been reserved on each network for special use. Each network must have a
subnet / network address, and a broadcast address. Neither of these addresses can be assigned
to a host device. The subnet address is used to identify the network itself. Routing tables
contain lists of networks, and each network is identified by its subnet address.

Subnet addresses contain all 0 bits in the host portion of the address.
Example the following is a subnet address: 192.168.1.0/24

The broadcast address identifies all hosts on a particular network. A packet sent to the
broadcast address will be received and processed by every device on that network. Broadcast
addresses contain all 1 bits in the host portion of the address.
Example, the following is a broadcast address: 192.168.1.255/24

Broadcasts are one of three types of IP packets:


• Unicasts are packets sent from one host to another host
• Multicasts are packets sent from one host to a group of hosts
• Broadcasts are packets sent from one host to all other hosts on the local network

Subnetting

Subnetting is the process of dividing Major Network into smaller networks or subnets by
taking bits from the host portion of a subnet mask.

Consider the following Class C network: 192.168.10.0

The default subnet mask for this network is 255.255.255.0. This single network can be
subnetted into multiple networks. For example, assume a minimum of 14 new networks are
required. Resolving this is possible using the following magical formula:

2n – 2, where n identifies the number of bits to be considered from the host portion of the
subnet mask.

By default in Class C Subnet mask of 255.255.255.0 binary:


11111111.1111111.1111111.00000000

There are a total of 24 bits set to 1, which are used to identify the network.

There are a total of 8 bits set to 0, which are used to identify the host, and these host bits can
be considered for Subnets.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 24
Taking bits from host essentially means changing host bits from 0 or off to 1 or on.

Network bits in a subnet mask must always be sequential, skipping bits is not allowed.

Consider the result if four bits are taken. Using the formula:

2n – 2= 24 – 2 = 16 – 2 = 14 new networks created with subnet mask


11111111.11111111.11111111.11110000 = 255.255.255.240.

To determine the number of hosts in each network, the same formula can be used: 2n – 2

2n – 2= 24 – 2 = 16 – 2 = 14 Valid hosts per network

Thus, subnetting a Class C network with a /28 mask creates fourteen new networks, with
fourteen usable hosts per network.

Determining the Range of Subnetted Networks:

Calculating the ranges of subnetted networks can be quickly calculated using shortcut method
by taking the subnet mask 255.255.255.240 and subtracting the subnetted octet that is, 240
from 256.

256 – 240 = 16

Assuming ip subnet-zero is enabled; the first network will begin at 0. Then, simply continue
adding 16 to list the first address of each new network:

0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240

Knowing the first address of each new network makes it simple to determine the last address
of each network:

First Address 0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Valid Host 1 17 33 49 65 81 97 113 129 145 161 177 193 209 225 241
Range 14 30 46 62 78 94 110 126 142 158 174 190 206 222 238 254
Last Address 15 31 47 63 79 95 111 127 143 159 175 191 207 223 239 255

The last address of each network becomes the broadcast address for that network.

Note: There is a specific purpose for the „– 2‟ portion of the 2n – 2formula. Earlier it was not
acceptable to use an address that contained all 0 or all 1 bits in the network portion of the
address.

However, this is no longer true on modern systems. Specifically, on Cisco IOS devices, the
following command is now enabled by default:

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 25
Router(config)# ip subnet-zero

The ip subnet-zero commands allows for the use of networks with all „0‟ or all „1‟ bits in the
network portion of the address. Thus, the formula for calculating the number of new network
is slightly altered, to simply 2n.

Hence if four bits are considered for networks: then it would be 2n = 24 = 16 networks.

A public address is a unique address on the internet and can be routed on the Internet.
Hence devices that should be Internet accessible must be configured with public addresses.

A private address is only used within an organization, and can never be routed on the
internet. Three private addressing ranges were allocated, one for each IPv4 class:

Class Range
Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255
Diagnostic Purposes - Loop Back Testing 127.0.0.0 – 127.255.255.255
Automatic Private IP Addressing (APIPA) 169.254.0.0 – 169.254.255.255

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 26
Section 8
Router Components

Router Memory Components

Cisco routers and switches generally contain four types of memory:

• ROM (Read-Only Memory)

• Flash

• NVRAM (Non-Volatile RAM)

• RAM (Random-Access Memory)

Boot Sequence:

ROM contains a bootstrap program called ROM Monitor also referred as ROMmon. When a
router is powered on, the bootstrap runs a hardware diagnostic called POST (Power-On Self
Test). If POST completes successfully, the bootstrap then attempts to locate an IOS based on
the configuration file present in NVRAM, wherein we might have Boot System command
configured to locate a particular IOS (Internetwork Operating System) file, if not it will load
the Cisco IOS stored in Flash memory. Flash memory can be erased or overwritten, thus
making the Cisco IOS upgradeable. If the bootstrap cannot find the IOS in Flash, a basic version
of the IOS will be loaded from ROM. The contents of ROM cannot be altered or erased; the
entire ROM chip must be replaced if an upgrade/repair is necessary. If the bootstrap does find
the IOS in Flash, it is loaded into RAM and attempts to find a Startup Configuration file in
NVRAM. NVRAM is non-volatile, thus its contents will survive a power-cycle. If the IOS cannot
find a startup-config file in NVRAM, it will attempt to load a configuration file from a TFTP
server where in the request is broadcasted to 255.255.255.255. If no TFTP server responds,
the IOS will enter Initial Configuration Mode, a series of interactive questions intended for
quick configuration of the router. If the IOS does find a startup-config file in NVRAM, this file is
loaded into RAM, and becomes the Running Configuration (running-config). RAM is a volatile
memory, and thus its contents will be lost if the router is power cycled.

Interfaces vs Lines

Cisco devices contain two different types of ports that are, interfaces and lines.

Interfaces connect routers and switches to each other. In other words, traffic is actually
routed or switched across interfaces. Some of the interfaces include:

• Serial interfaces
• Ethernet interfaces

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 27
• Fast Ethernet interfaces
• Token Ring interfaces
• ATM interfaces
• BRI/PRI interfaces

Interfaces are identified by both the type of interface, and the interface number which usually
begins with 0.Example: Ethernet 0, Serial 0 etc. There are other router families such as the
3600 series which are modular, and have multiple slots for interfaces. In which case, the
interfaces on these routers are identified by both the module number and the interface
number. Example: The Second Serial interface on the first modular slot would be identified as
Serial0/1.

Lines identify ports that allow us to connect into, and then configure, Cisco devices. The most
common examples of lines include:

• Console ports
• Auxiliary ports
• VTY or telnet ports

Just like interfaces, lines are identified by both the type of line and the line number Example:
The first console port on a router would be identified as Console0.

Using Lines to Configure the IOS

All Cisco router or switch includes a console port, sometimes labeled on the device simply as
con. The console port is generally a RJ-45 connector, and requires a rollover cable to connect
to. The opposite side of the rollover cable connects to a PC‟s serial port using a serial terminal
adapter.

From the PC, software such as HyperTerminal is required to make a connection from the
local serial port to the router console port. The following settings are necessary for a
successful connection:

• Bits per second - 9600 baud


• Data bits - 8
• Parity - None
• Stop bits - 1
• Flow Control - None

Cisco devices also include an auxiliary port, which is similarly to a console port, and can be
accessed using a rollover cable. Additionally, auxiliary ports support modem commands, thus
providing dial-in access to Cisco devices.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 28
Telnet, and secured SSH, are the most common methods of remote access to routers and
switches. The standard edition of the IOS supports up to 5 simultaneous VTY connections.
Enterprise editions of the IOS support up to 255 VTY connections.

There are two requirements before a router/switch will accept a VTY connection:

• An IP address must be configured on an interface


• At least one VTY port must be configured with a password

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 29
Section 9
Cisco IOS Configuration

Cisco IOS

The Cisco IOS (Internetwork Operating System) is a command-line interface used by


nearly all current Cisco routers and Catalyst switches. The IOS provides the mechanism to
configure all Layer 2 and Layer 3 functions on Cisco devices.

IOS Version Numbers

IOS version numbers are represented as: x.y(z)t example: 12.4(3)

Router# show version

The Cisco IOS is stored in Flash on Cisco routers and Catalyst switches, in a .BIN file format.
It can be upgraded using one of several methods:

IOS Up gradation Methods

• Replacing the existing Flash stick


• Via a TFTP server
• Via Xmodem
• Via a PCMCIA slot (not supported by all Cisco devices)

The IOS .bin file stored in flash follows a specific naming convention. Observe the following IOS
image: c3640-advipservicesk9-mz.121-3.S.bin

C3640 advipservicesk9 M z 121 3 T


Cisco Feature Set Memory Compression Maintenance Minor identifier
H/w location format release release

IOS Modes on Cisco Devices

There are different modes as explained below:

By default the first mode you enter when logged into a Cisco device is User EXEC mode. We
can identify the User EXEC mode by the prompt “>” after the device hostname:

Router>

In this mode no configuration can be changed or viewed. Only basic status information can be
viewed from this mode.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 30
Next mode is Privileged EXEC mode allows all configuration files, settings, and status
information to be viewed. We can identify the Privileged mode by the prompt “#” after the
device hostname:

Router#

To enter Privileged mode, type enable from User mode:

Router> enable

Router#

To return back to User mode from Privileged mode, type disable:

Router# disable

Router>

Only very little configuration can be done directly from Privileged mode.

The mode where we do most of the configuration is Global Configuration mode:

Router(config)#

To enter Global Configuration mode, type configure terminal from Privileged Mode:

Router# configure terminal

Router(config)#

To return back to Privileged mode, type exit:

Router(config)# exit

Router#

Further the GCM is sub sectioned as below

• Interface Configuration mode - Router(config-if)#


• Line Configuration mode - Router(config-line)#
• Router Configuration mode - Router(config-router)#

To configure an interface:

Router(config)# interface Fastethernet 0/0

Router(config-if)#

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 31
To configure a line:

Router(config)# line console 0

Router(config-line)#

Key Board Shortcuts when terminal editing feature is enabled:

CTRL-B Moves cursor one character backward


CTRL-F Moves cursor one character forward
CTRL-A Moves cursor to the beginning of the line
CTRL-E Moves cursor to the end of the line
ESC-B Moves cursor one work back
ESC-F Moves cursor one word forward
CTRL-P Returns previous commands from buffer
CTRL-N Returns next commands from buffer
CTRL-Z Exits to Privileged mode
TAB Completes the word
CTRL-C Exits from initial configuration mode

Commands and Description:

Command Description
Router# show history Displays previously entered commands
Router# ? Displays all available commands in that mode
Router# cl? Displays all commands which starts with cl
Router# clock ? Displays available options and Arguments for that
command
Router# show version Displays all info about the device including
Configuration register value
Router# show hardware Similar to show version
Router# show protocols Displays routed protocol information
Router# show ip protocols Displays routing protocol information
Router# show running-configure Displays the contents Active configuration or content
of RAM
Router# show startup-configure Displays startup configuration or content of NVRAM
Router# show terminal Displays information of Terminal and history size
Router# show ip interface brief Displays ip information of all interfaces
Router# show interface Fa0/0 Displays status if a specific interface
Router# show ip route Displays Routing table
Router# show process cpu Displays CPU usage and interrupts.
Router# show interfaces Displays information of all interfaces
Router# show controllers serial 0 Displays information about DCE / DTE and clock rate
interface brief
Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 32
Router(config)# hostname R1 Changes the host name
Router(config-if)#description link Gives a description to the interface
is connected to TCL
Router(config)# banner motd # Creates a banner
Router# copy run start Copies content from RAM to NVRAM
Router# copy start run Copies content from NVRAM to RAM

Line Passwords and Configuration

Passwords can be configured on router lines, such as telnet (vty), console, and auxiliary ports.
To set or change the password for a console port and all telnet ports:

Router(config)# line console 0

Router(config-line)# login

Router(config-line)# password cisco

Router(config-line)# exec-timeout 0 0

Router(config-line)# logging synchronous

Router(config)# line vty 0 4

Router(config-line)# login

Router(config-line)# password cisco

Router(config-line)# exec-timeout 0 0

Router(config-line)# logging synchronous

The exec-timeout 0 0 command is optional, and disables the automatic timeout of your
connection. The two zeroes represent the timeout value in minutes and seconds, respectively.
Thus, to set a timeout for 5 minutes and 20 seconds:

Router(config-line)# exec-timeout 5 20

The logging synchronous command is also optional, and prevents system messages from
interrupting your command prompt.

Privilege mode Passwords and Configuration

Router(config)# enable password Cisco

Router(config)# enable secret cisco

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 33
The enable password command sets an unencrypted password and the enable secret command
sets an MD5-hashed password and is more secured. The enable password and enable secret
passwords cannot be the same.

By default line passwords are stored in clear-text in configuration files. To ensure that these
passwords are encrypted in all configuration files:

Router(config)# service password–encryption

To assign an IP address to an interface:

Router(config)# interface fa0/0

Router(config-if)# ip address 192.168.1.1 255.255.255.0

By default, all router interfaces are administratively shutdown. To take an interface out of
an administratively shutdown state:

Router(config)# interface fa0/0

Router(config-if)# no shutdown

On the DCE (Data Communication Equipment) side of a serial connection we must set the
speed, or clock rate, for the DTE (Data Terminal Equipment) side. Clock rate is in BPS (bits-
per-second).

To set the clock rate, if you are the DCE side of a serial connection:

Router(config)# interface serial 0

Router(config-if)# clock rate 64000

Status of Router Interfaces

Serial 0 is up, line protocol is up – This means that the interface is up and running and both
ends are sending and receiving keepalives as well as traffic can be routed across an interface.

The first part of this status Serial0 is up refers to the physical layer status of the interface. The
second part line protocol is up refers to the data-link layer status of the interface.

Serial 0 is down, line protocol is down – This means that the interface is physically down,
this may be because a defective or unplugged cable or interface.

Serial 0 is up, line protocol is down – This means that line protocol is down which refers
to data-link layer functions. This may be because of:

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 34
• Absence of keepalives being sent or received
• Clock rate not set on the DCE side of a serial connection
• Different encapsulation types set on either side of the link

Serial 0 is administratively down, line protocol is down – This means the interface has
been administratively shutdown.

IOS Troubleshooting commands:

Command Description
Router# show tech-support Displays every config file and many show commands
together.
Router# debug ip packet Displays real time info of each and every packet
Router# debug all Debugs all possible options
Router# undebug all Stop all debug options
Router# ping 192.168.10.1 Checks connectivity to a particular IP
Router# traceroute 192.168.10.1 Checks hop by hop connectivity
Router# telnet 192.168.10.1 telnet to a remote device

To exit a telnet session:

Router# exit

To return to the router you telnetted from, without exiting the session:

• Hold CTRL+SHIFT+6 and then release


• Type the character x

To view all open telnet sessions:

Router# show sessions

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 35
Section 10
Cisco Advanced IOS Configuration

Configuration register (config-register) is a hexadecimal value that controls various


aspects of how a router boots, including:

• Baud Rate
• Boot Messages (enable/disable)
• Break (disable/ignore)
• Flash (read-only, read-write)
• NVRAM (use startup-config/bypass startup-config)
• The default config-register is 0x2102.

To change the config-register from the IOS:

Router(config)# config-register 0x2142

This configuration change does not take effect until the next reboot.

Backing up and Restoring the Cisco IOS

The Cisco IOS is stored in flash. Multiple IOS files can be loaded into flash, assuming there is
enough free space. You can view available free space, and the name of any file(s) in flash, by
typing:

Router# show flash

Router# copy flash tftp

You will be prompted for the following information:

• Address of remote host (the TFTP server)


• Source file name (the name of the file in flash)
• Destination file name

To load an IOS file from a TFTP server to the router‟s flash:

Router# copy tftp flash

The process is nearly identical to copy a startup-configuration file to or from a router‟s


NVRAM:

Router# copy startup tftp and Router# copy tftp startup

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 36
CDP - Cisco Discovery Protocol

CDP is a Cisco propriety protocol used to collect information about locally attached Cisco
switches and routers. CDP is enabled by default on all routers and switches, and sends out
updates every 60 seconds and hold time is 180 seconds. CDP protocol is used to identify
the VOICE VLAN information.

CDP will provide the following information about directly connected neighbors:

• Device ID – hostname of remote router/switch


• Local Interface – interface that remote router/switch is directly connected to
• Hold time – amount of time before remote device information is removed from
CDP table
• Capability – Type of remote device like whether it is router, switch, host
• Platform – Model of remote device
• IP Address – IP Address of the remote device

To view CDP timers and hold-down information:

Command Description
Router# show cdp Displays CDP timer and hold down information
Router# show cdp neighbors Displays neighbor information
Router# show cdp traffic Displays CDP traffic stats
Router# show cdp interface Displays CDP interface and port information
Router(config)# no cdp run To disable CDP globally
Router(config-if)# no cdp enable To disable CDP at an interface

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 37
Section 11
Routing Fundamentals

Routing is done by Router or Layer 3 Switch which helps in sending information from one
network to another network. Devices use paths usually based on the destination network, and
not the destination host.

Routing table consists of:

• The destination network and subnet mask


• The next hop address or router to get to the destination network
• Routing metrics and Administrative Distance
• Exit interface

Best Path Lookup:

To determine the best route to a destination, a router considers three important aspects
Prefix-length of the Network, Metric and Administrative distance in the same order as listed.

Prefix-length is the number of bits used to identify the network, and is used to determine the
most specific route. A longer prefix-length indicates a more specific route.

Example, if there are three routes to reach a host address of 172.16.0.0/16 in the routing table
like,

172.16.0.0/16

172.16.1.0/24

172.16.1.0/26

The router will do a bit-by-bit comparison to find the most specific route i.e., longest matching
prefix. Since the 172.16.1.0/26 network is more specific, that route will be used, irrespective of
the metric or Administrative distance.

Metric allows a router to choose the best path within a routing protocol. That means it will
choose the best among two or more paths as suggested by the same routing protocol. Distance
vector routing protocols use distance and direction as their metric. Link state protocols utilize
cost as their metric. Example: RIP uses hop count as the metric, so if there are two paths to
reach a particular destination with Hop count of 2 and 3 respectively, then the best path would
be the one with lesser hops (i.e. 2 hops) as this would be having lesser metric. Only routes with
the best metric are added to the routing table. If multiple equal-metric routes exist to a
particular network, most routing protocols will load-balance.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 38
Administrative Distance is used to determine which routing protocol to trust the most.
This parameter will come to play when two or more routing protocols are used. Always lowest
administrative distance will win. If a router receives a route from RIP and OSPF to the same
network, then it will use Administrative Distance to determine which routing path to choose.

Administrative Distance for Routing protocols:

Protocol Administrative Distance


Connected 0
Static 1
EIGRP Summary 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
External EIGRP 170
Internal BGP 200
Unknown 255

So always remember that the best path to a destination is firstly based on highest Prefix-length,
then the Metric and finally AD between routing protocols.

STATIC ROUTING:

There are two basic methods of building a routing table: Statically or Dynamically.
A static routing table is created, maintained, and updated by a network administrator,
manually.

Advantages of Static Routing:


• Minimal CPU Usage
• Minimal Memory overhead
• No bandwidth used as there is no exchanging of routing Updates.
• Administrator can control as to how traffic is routed

Disadvantages of Static Routing


• Any changes in the topology must be manually configured by the administrator.
• There is no fault tolerance if a link goes down and hence Administrator has to
configure an alternate path if the primary link fails.
• Not scalable for larger networks

Static routes have an AD of 1, will always be preferred over dynamic routes, unless the default
AD is changed. A static route with an adjusted AD is called a floating static route.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 39
DYNAMIC ROUTING

Advantages of Dynamic Routing


• Simpler to configure on larger networks
• Will dynamically choose a different route if the primary link goes down
• Ability to load balance between multiple links

Disadvantages of Dynamic Routing


• More Bandwidth used as updates are shared between routers.
• Routing protocols put additional load on router CPU/RAM for running algorithm to calculate
the path to the destination.
• Best route is defined by the routing protocol based on protocol characteristics and not the
network administrator

Dynamic routing protocols can be broadly classified as Distance Vector Protocol


and Link State Protocol.

Distance-vector Routing Protocols


• Distance vector protocols send Periodic updates of the full routing table to
routing neighbors.
• Distance-vector protocols suffer from slow convergence, and are highly susceptible
to loops.
• Some form of distance is used to calculate a route‟s metric.
• The Bellman-Ford algorithm is used to determine the shortest path.

A distance-vector routing protocol advertises its directly-connected networks to its neighbors.


These updates are sent regularly like in RIP – every 30 seconds and IGRP every 90 seconds.
Neighbors will add the routes from these updates to their own routing tables. Each neighbor
trusts this information completely, and will forward their full routing table along with their
connected routes to every other neighbor. This phenomenon of route exchange is known as
routing by rumor.
Since Periodic updates of full routing table is exchanged from neighbor to neighbor its
convergence is slow, this results in routing loops.
Examples of Distance vector Protocol are RIP and IGRP
RIP uses hop count as its distance metric, and IGRP uses a composite of bandwidth and
delay.

Link-State Routing Protocols


Link-state protocols do not the concept of routing by rumor. Instead, routers send updates
advertising the state of their directly connected links. All routers know the state of all existing
links within their area, and store this information in a topology table. All routers within an
area have identical topology tables.

Link state Protocol does not send periodic updates, but instead exchange updates only when
there is a topology change.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 40
Link-state protocols maintain three separate tables:
• Neighbor table – contains a list of all neighbors, and the interface each neighbor is
connected off of. Neighbors are formed by sending Hello packets.
• Topology table – contains a map of all links within an area, including each link‟s status.
• Routing table – contains the best routes to each particular destination

Link-state protocols can converge very quickly and are immune to routing loops. Additionally,
because updates are sent only during a link-state change, and contain only the change and not
the full table, link-state protocols are less bandwidth intensive than distance-vector protocols.

Link-state protocol utilizes more RAM and CPU on the router itself. Link-state protocols uses
the metric of cost, usually based on bandwidth, to calculate a route‟s metric. The Dijkstra
formula is used to determine the shortest path.

Dynamic routing protocols can also be classified as Classful or Classless routing


Protocol.

Classful routing protocols

Classful routing protocols do not send subnet mask information along with their routing
updates.

• If the router has a directly connected interface belonging to the same major
network, it will apply the same subnet mask as that of the interface on which it
received.
• If the router does not have any interfaces belonging to the same major network, it
will apply the classful subnet mask to the route once it is received.
• Classful routing protocol does not support VLSM (Variable Length Subnet Masks).
Examples of Classful routing protocol are RIP v1, IGRP.
• Always ensure that if networks are subnetted then all are in the same major
network and using the same subnet mask.

Classless routing protocols:

Classless routing protocols do send the subnet mask with their updates. Class less routing
supports VLSM. Examples: RIP v2, EIGRP, OSPF, IS-IS

Note: IP Classless Command


Unlike Routing protocol behaving as classful or classless the router itself behaves as a classful
router. If the classful router receives a packet destined for a 192.168.10.x subnet that is not in
the routing table, it will drop that packet, even if there is a default route. To overcome these
use the ip classless command under global configuration mode.

Router(config)# ip classless

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 41
Section 12

STATIC ROUTING

Configuring Static Routes


The basic syntax for a static route is as follows:
Router(config)# ip route [destination_network] [subnet_mask] [next-hop] {AD}

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

RouterA has 192.168.20.0/24 and 192.168.30.0/24 networks in its routing table as directly-
connected routes.

To add a static route on RouterA to reach the 192.168.40.0/24 network via RouterB:
RouterA(config)# ip route 192.168.40.0 255.255.255.0 192.168.30.2
RouterB(config)# ip route 192.168.20.0 255.255.255.0 192.168.20.1

To remove a static route, simply type no in front of it:


RouterA(config)# no ip route 192.16.40.0 255.255.255.0 192.168.30.2

On point-to-point links an exit-interface can be specified instead of a next hop address as


below.
RouterA(config)# ip route 192.168.40.0 255.255.255.0 fa0/1
RouterB(config)# ip route 192.168.20.0 255.255.255.0 fa0/0

Always a static route configured using an exit-interface will have an Administrative Distance of
0. But if configured with next hop Administrative distance will be default AD of 1.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 42
Floating Static Routing:

The Administrative Distance of a static route can be changed to create a floating static route. A
floating static route is often used as a backup route to a dynamic routing protocol.

To change the Administrative Distance of a static route to 201:

RouterA(config)# ip route 192.168.40.0 255.255.255.0 192.168.30.2 201

Static routes will only remain in the routing table as long as the interface connecting to the
next-hop router is up. To ensure a static route remains permanently in the routing table, even if
the next-hop interface is down:

RouterA(config)# ip route 192.168.12.0 255.255.255.0 192.168.11.2 permanent

Static routes can be used to discard traffic to specific networks by sending that traffic to a
logical null interface:

RouterA(config)# ip route 10.0.0.0 255.0.0.0 null0

Static Default Route

If a specific route to a particular network does not exist in the routing table the router will
drop all traffic destined to that network.

A default route, or gateway of last resort, allows traffic to be forwarded, even when a specific
route to that particular network is not there in the routing table.

The default route is identified by all zeros in both the network and subnet mask that is 0.0.0.0
0.0.0.0

The word “gateway of last resort” is used since it is the lastly used route, and will be used
only if a more specific route does not exist.

To configure a default route:

RouterA(config)# ip route 0.0.0.0 0.0.0.0 192.168.30.2

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 43
Section 13

Routing Information Protocol – RIP

RIP is an Open standard Distance Vector protocol that means it can be used on multiple
vendor environments. RIP is used for smaller networks.

RIP has the following Distance Vector characteristics:


• RIP sends out periodic routing updates every 30 seconds
• RIP sends out the full routing table every periodic update
• RIP uses a form of distance as its metric which is hop count
• RIP uses the Bellman-Ford Distance Vector algorithm to determine the best path to
a particular destination
• RIP utilizes UDP port 520
• RIP routes have an administrative distance of 120.
• RIP has a maximum hop count of 15 hops. Any network that is 16 hops away or
more is considered unreachable to RIP.
• RIP will load balance on multiple equal metric paths (by default, up to 4). If the
metric (hop count) is equal on multiple paths but with different bandwidth then RIP
uses a round-robin system of load-balancing between equal metric routes which can
cause Pinhole congestion.

RIP has got two versions that is Version 1 and Version 2:

Similarities and Differences between RIP v1 and RIP v2:

RIP V1 RIP v2
Classful Classless
Does not support VLSM Does support VLSM
Send updates as Broadcast Send updates as Multicast to IP 224.0.0.9
Max Hop count 15 Max Hop count 15
Does not support Authentication of Does support Authentication of Routing
Routing updates updates
RIP v1 routers will sent only Version 1 RIP v2 routers will sent only Version 2 packets
packets
RIP v1 routers will receive both Version RIP v2 routers will receive only Version 2
1 and 2 updates updates

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 44
RIP Loop Avoidance Mechanisms

RIP, as a Distance Vector routing protocol, is susceptible to loops due to its slow convergence.
Let‟s assume no loop avoidance mechanisms are configured on either router.

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

Routing Loop Example:

As in the above example if the 192.168.40.0 network fails, Router B will send out an update to
Router A within 30 seconds when its update timer expires informing Router A that route is
unreachable with a metric = 16. But before the update is sent from Router B to Router A, if an
update from Router A reaches Router B, then Router A believes it can reach the 192.168.40.0
network in one hop through Router B. This update will cause Router B to believe it can reach
the failed 192.168.40.0 network in two hops, through Router A. Both routers will continue to
increment the metric for the network until they reach a hop count of 16, which is unreachable.
This behavior is known as counting to infinity.

Loop avoidance mechanisms:

Split-Horizon – Prevents a routing update from being sent out the interface on which it was
received. In our above example, this would prevent Router A from sending an update for the
192.168.40.0 network back to Router B, as it originally learned the route from Router B. Split-
horizon is enabled by default on Cisco Routers.

Route-Poisoning – Works in conjunction with split-horizon, by triggering an automatic


update for the failed network, without waiting for the update timer to expire. This update is
sent out all interfaces with infinity metric for that network.

Hold-Down Timers – Prevents RIP from accepting any new updates for routes in a hold-
down state, until the hold-down timer expires. If Router A sends an update to Router B with a
higher metric than what is currently in Router B‟s routing table, that route will be placed in a
hold-down state.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 45
RIP Timers:

Update Timer 30 Seconds


Invalid Timer 180 Seconds
Hold down Timer 180 Seconds
Flush Timer 240 Seconds

To configure the RIP timers:

Router(config)# router rip

Router(config-router)# timers basic 15 120 120 180

The timers basic command allows us to change the update, invalid, hold-down, and flush timers.

RIP Configuration:

Router(config)#router rip

Router(config-router)#network x.x.x.x (Where x.x.x.x is major network information)

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

RouterA(config)# router rip


RouterA(config-router)# network 192.168.20.0
RouterA(config-router)# network 192.168.30.0

The first command, router rip, enables the RIP process. The network statements tell RIP which
networks you wish to advertise to other RIP routers.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 46
To enable RIP v2
RouterA(config)# router rip
RouterA(config-router)# version 2

Even when router sends a RIPv2 update, by default it will still summarize the network to its
Classful boundary. Thus, RIPv2 acts like RIPv1, unless we disable auto summarization:

RouterA(config)# router rip


RouterA(config-router)# version 2
RouterA(config)# no auto-summary

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 47
Section 14

Enhanced Interior Gateway Routing Protocol

Features and Characteristic of EIGRP:

• EIGRP is a Cisco-proprietary protocol


• EIGRP is a Hybrid routing protocol, having features of both Distance-Vector and
Link-State routing protocols. As per distance vector characteristic EIGRP uses
Routing by rumors‟ and as per the link state characteristic doesn‟t send periodic full
routing updates but send updates only when there is a topology change.
• EIGRP uses Diffusing Update Algorithm (DUAL) to determine the best path among
all “feasible” paths. DUAL also helps ensure a loop free routing environment.
• EIGRP will form neighbor relationships with adjacent routers in the same
Autonomous System (AS).
• EIGRP traffic is either sent as unicasts, or as multicasts on address 224.0.0.10,
depending on the EIGRP packet type.
• Reliable Transport Protocol (RTP) is used to ensure delivery of most EIGRP packets.
• EIGRP is a classless protocol, and thus supports VLSMs.
• EIGRP supports IP, IPX, and AppleTalk routing.
• EIGRP applies an Administrative Distance of 90 for routes originating within the
local Autonomous System.
• EIGRP applies an Administrative Distance of 170 for external routes coming from
outside the local Autonomous System
• EIGRP uses Bandwidth and Delay of the Line, by default, to calculate its distance
metric. It also supports three other parameters to calculate its metric: Reliability,
Load, and MTU.
• EIGRP has a maximum hop-count of 224, though the default maximum hop-count is
set to 100.
• EIGRP builds three separate tables:
• Neighbor table – list of all neighboring routers. Neighbors must belong to the same
Autonomous System
• Topology table – list of all routes in the Autonomous System
• Routing table – contains the best route for each known network

EIGRP Neighbor Table:


A neighbor table is constructed from the EIGRP Hello packets, which includes the following
information:
• The IP address of the neighboring router.
• The local interface that received the neighbor‟s Hello packet.
• The Hold timer.
• A sequence number indicating the order neighbors were learned.
Adjacencies will not form unless the primary IP addresses on connecting interfaces are on the
same subnet. Neighbors cannot be formed on secondary addresses. EIGRP forms neighbor
relationships, called adjacencies, with other routers in the same AS by exchanging Hello
Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 48
packets. Only after an adjacency is formed can routers share routing information. Hello packets
are sent as multicasts to address 224.0.0.10. Also “K” values should match to form adjacency.
Hello and Hold timers do not need to match between routers for an EIGRP neighbor
relationship to form.
By default, on LAN and high-speed WAN interfaces, EIGRP Hellos are sent every 5 seconds.
On slower WAN links lesser than T1 speed, EIGRP Hellos are sent every 60 seconds by
default.

The EIGRP Topology Table:


Once EIGRP neighbors form adjacencies, they will begin to share routing information. Each
router‟s update contains a list of all routes known by that router, and the respective metrics for
those routes.
All such routes are added to an EIGRP router‟s topology table. The route with the lowest
metric to each network will become the Feasible Distance (FD). The Feasible Distance for
each network will be installed into the routing table. The best route which is both in the
Topology table and Routing table is referred as Successor Route
The Feasible Distance is derived from the Advertised Distance of the router sending the
update, and the local router‟s metric to the advertising router.

As shown in the diagram RouterA has three paths to reach the Destination Network RouterH,
either through Router B, C, or D. If we sum up the metrics to form a distance, we can
determine the following:
• RouterB‟s Feasible Distance to the Destination Network is 10.
• RouterC‟s Feasible Distance to the Destination Network is 25.
• RouterD‟s Feasible Distance to the Destination Network is 11.
RouterB sends an update to RouterA, it will provide an Advertised Distance of 10 to the
Destination Network. RouterC will provide an AD of 25, and D will provide an AD of 11.
RouterA calculates the total distance to the Destination network by adding the AD of the
advertising router, with its own distance to reach that advertising router. For example,
RouterA‟s metric to RouterB is 9; thus, the total distance will be 19 to reach the Destination
Network through RouterB.

From RouterA the successor route must be the route with the lowest metric. If we add the
Advertised Distance with the local metric between each router, we would see that:
• The route through RouterB has a distance of 19 to the destination
• The route through RouterC has a distance of 30 to the destination

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 49
• The route through RouterD has a distance of 14 to the destination

Hence route through RouterD (metric of 14) would become the Feasible Distance for
RouterA, and is added to the routing table as the best route.
To allow convergence to occur quickly if a link fails, EIGRP includes backup routes in the
topology table called Feasible Successors (FS). A route will only become a Successor if its
Advertised Distance is less than the current Feasible Distance. This is known as a Feasible
Condition (FC).
For example, we determined that RouterA‟s Feasible Distance to the destination is 14, through
RouterD. RouterC‟s Advertised Distance is 25, and thus would not become a feasible
successor, as it has a higher metric than RouterA‟s current Feasible Distance. Routes that are
not Feasible Successors become route Possibilities. RouterB‟s Advertised Distance is 8, which
is less than RouterA‟s current Feasible Distance. Thus, the route through RouterB to the
Destination Network would become a Feasible Successor. Feasible Successors provide EIGRP
with redundancy, without forcing routers to re-converge (thus stopping the flow of traffic)
when a topology change occurs. If no Feasible Successor exists and a link fails, a route will enter
an Active (converging) state until an alternate route is found.

EIGRP Packet Types: EIGRP has five packet types:

Packet Type
Hello Packet Multicast
Update Packet Unicasts or Multicast
Query Packet Multicast
Reply Packet Unicasts
Acknowledgement Packet Unicasts

EIGRP Metrics
EIGRP can utilize 5 separate metrics to determine the best route to a destination:

Bandwidth K1 Slowest link in the route path, measured in kilobits


Load K2 Cumulative load of all outgoing interfaces in the path.
Delay of the K3 Cumulative delay of all outgoing interfaces in the path in tens of microseconds
Line
Reliability K4 Average reliability of all outgoing interfaces in the path
MTU K5 Smallest Maximum Transmission Unit in the path.

By default it uses only K1 and K3 that is Bandwidth and Delay as the cumulative metric. And
moreover The MTU value is actually never used to calculate the metric. And by default the
formula is [10000000/bandwidth + delay] * 256. Else the complete formula is:
[K1 * bandwidth * 256 + (K2 * bandwidth) / (256 - load) + K3 * delay * 256] * [K5 / (reliability
+ K4)]

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 50
EIGRP Configuration:

Router(config)# router eigrp AS

Router(config-router)# network x.x.x.x (Where x.x.x.x is major network information)

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

RouterA(config)# router eigrp 100


RouterA(config-router)# network 192.168.20.0
RouterA(config-router)# network 192.168.30.0

The first command, router eigrp 100, enables the EIGRP process. The 100 indicates the
Autonomous System number. The Autonomous System number can range from 1 to 65535.
Only other EIGRP routers in Autonomous System 100 will form neighbor adjacencies and share
updates with this router.

The network statements serve two purposes in EIGRP:


• First, they identify which networks you wish to advertise to other EIGRP routers.
• Second, they identify which interfaces on the local router to attempt to form neighbor
relationships out of those interfaces.

EIGRP Route States

An EIGRP route can exist in one of two states, in the topology table:
• Active state
• Passive State
A Passive state indicates that a route is reachable, and that EIGRP is fully converged. A stable
working EIGRP network will have all routes in a Passive state.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 51
Stuck in Active (SIA)

Routes will become Stuck-in-Active (SIA) when a router sends out an EIGRP Query packet, but
does not receive an EIGRP Reply packet within three minutes. In other words, a route will
become SIA if EIGRP fails to re-converge.

EIGRP Load-Balancing

By default, EIGRP will automatically load-balance across equal-metric routes four by default, six
maximum depending on the IOS. EIGRP also supports load-balancing across routes with an
unequal metric using the Variance command. The variance command assigns a “multiplier,”
in this instance of X. Multiply this variance value by the metric of our Successors Feasible
Distance to balance load on all paths equal or up to the value calculated.

EIGRP COMMAND REFERENCES

Command Description
Router(config-if)# ip hello-interval eigrp 100 8 Changes the hello interval to 8 seconds for
AS 100
Router(config-if)# ip hold-interval eigrp 100 24 Changes the dead interval to 24 seconds for
AS 100
Router(config-router)# no auto-summary Disables auto summarization
RouterC(config-router)# passive-interface s0 Displays EIGRP updates being sent out of an
interface as well will not form neighbor
relationship
Router(config-if)# bandwidth 64000 Changes Bandwidth on an interface
Router(config-if)# ip bandwidth-percent eigrp Limits EIGRP usage of bandwidth on an
10 30 interface.
Router(config-if)# delay 10000 Changes delay on an interface
RouterA(config-router)# variance 2 Used for Un-equal load balancing
Router# show ip eigrp neighbor View EIGRP neighbor table
Router# show ip eigrp topology View EIGRP topology table
Router# show ip eigrp traffic View EIGRP traffic sent and received
Router# debug eigrp neighbors
Router# debug eigrp packet Debug EIGRP
Router# debug eigrp route
Router# debug eigrp summary

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 52
Section 15

OSPF (Open Shortest Path First)

Features and characteristics of OSPF are as follows:

• OSPF is a open standard protocol


• OSPF is a link state routing protocol, designed to scale efficiently to support larger
networks.
• OSPF allows for a hierarchical network design through the use of Areas
• OSPF will form neighbor relationships with adjacent routers in the same Area.
• OSPF advertises the status of directly connected links in the form of Link-State
Advertisements (LSAs).
• OSPF will only send out updates when there is a topology change
• OSPF traffic is multicast either to address 224.0.0.5 which is all OSPF routers or
224.0.0.6 to all Designated Routers.
• OSPF uses the Dijkstra Shortest Path First algorithm to determine the shortest path.
• OSPF is a classless protocol, and thus supports VLSMs.
• OSPF supports only IP routing.
• OSPF routes have an administrative distance is 110.
• OSPF uses cost as its metric, which is computed based on the bandwidth of the link.
OSPF has no hop-count limit.
• OSPF is a hierarchical system that separates an Autonomous System into individual
areas.
• OSPF traffic can either be intra-area (within the area), inter-area (between different
areas), or external (from another AS).
• OSPF routers build a Topology Database of all links within their area, and all routers
within an area will have an identical topology database. Routing updates between
these routers will only contain information about links local to their area. Limiting
the topology database to include only the local area conserves bandwidth and
reduces CPU loads.
• Area 0 is required for OSPF to function, and is considered the “Backbone” area. As
a rule, all other areas must have a connection into Area 0, though this rule can be
bypassed using virtual links.
• Area 0 is often referred to as the transit area to connect all other areas.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 53
Different OSPF router types:

• Internal Routers – all router interfaces belong to only one Area.


(Area 1 – R4, R5, R6 and Area 2 – R7, R8, R9)
• Area Border Routers (ABRs) – contains interfaces in at least two separate areas
(R2 is ABR in Area 0 and Area 1, R3 is ABR in Area 0 and Area 2)
• Backbone Routers – contain at least one interface in Area 0
(R1, R2 and R3 area Backbone Routers)
• Autonomous System Border Routers (ASBRs) – contain a connection to a separate
Autonomous System
(R1 is an ASBR)

The OSPF process builds and maintains three separate tables:


• A neighbor table – contains a list of all neighboring routers.
• A topology table – contains a list of all possible routes to all known networks within an area.
• A routing table – contains the best route for each known network.

OSPF Neighbor Table:

• OSPF forms neighbor relationships, called adjacencies, with other routers in the
same Area by exchanging Hello packets to multicast address 224.0.0.5. Only after an
adjacency is formed can routers share routing information. Each OSPF router is
identified by a unique Router ID. The Router ID can be configured in three ways:
• The Router ID can be manually specified.
• If not manually specified, the highest IP address configured on any Loopback
interface on the router will become the Router ID.
• If no loopback interface exists, the highest IP address configured on any Physical
interface will become the Router ID.
• By default, Hello packets are sent out OSPF-enabled interfaces every 10 seconds
for broadcast and point-to-point interfaces, and 30 seconds for non-broadcast and

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 54
point-to-multipoint interfaces. Dead interval is four times the hello interval, that
means dead interval on a broadcast or point-to-point interface is 40 where as on a
non-broadcast and point-to-multipoint interface is 120.
• OSPF routers will form adjacency only if the following parameters within a Hello
packet are same on each router:

 Area ID
 Authentication
 Subnet Mask
 Hello Interval
 Dead Interval

OSPF Designated router:

In multi-access networks such as Ethernet, we will have many neighbor relationships on the
same physical segment. As in the above example there are five routers connected into the same
multi-access segment. Hence total number of neighbor relationship would be n(n-1)/2, where
n is the number of routers, hence we require 10 separate adjacencies for a fully meshed
network. As the number of devices increases it leads to unnecessary Link State Advertisement
(LSA) traffic. And more ever if a link on one of the Router fails; it would flood this information
to all neighbors and each neighbor, in turn, would then flood that same information to all other
neighbors. This is a waste of bandwidth and processor load. To prevent this, OSPF will elect a
Designated Router (DR) for each multi-access networks, accessed via multicast address
224.0.0.6. As always for redundancy purposes, a Backup Designated Router (BDR) is also
elected.
OSPF routers will form adjacencies with the DR and BDR. If a change occurs to a link, the
update is forwarded only to the DR, which then forwards it to all other routers. This greatly
reduces the flooding of LSAs. DR and BDR elections are determined by a router‟s OSPF
priority, which is configured on a per-interface basis. The router with the highest priority
becomes the DR; second highest becomes the BDR. If priorities are same then the tie breaker

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 55
would be the routers Router ID, Which ever the router has the highest Router ID will become
the DR.
Default priority on Cisco routers is 1.
A priority of 0 will prevent the router from being elected DR or BDR.
Example: As per the above diagram RouterE will be the DR and RouterD will be the
BDR.

OSPF Neighbor States

As neighbor adjacencies are formed, they will progress through several “states,” including:

State Description
Down No Hellos have been heard from the neighboring router.
Init Hello packet has been heard from the neighbor, but two way communication
has not yet been initialized.
2-Way Indicates Neighbor adjacency, and is possible if a router sees its own Router
ID in its neighbor‟s hello packet. DR and BDR is also elected in this state.
EXSTART Election of Master/slave relationships are formed between routers to
determine who will begin the exchange.
Exchange Routers exchanging Database Descriptors (DBDs). DBDs contain a
description of the router‟s Topology Database. A router will examine a
neighbor‟s DBD to determine if it has information to share.
Loading Exchange of Link State Advertisements, containing information about all
links connected to each router. Essentially, routers are sharing their
topology tables with each other by sending and receiving LSU’s
Full Routers are fully synchronized and have exchanges LSAcks.

OSPF Network Types

Network Type DR, BDR Election Neighbor Statement


Broadcast Multi-Access OSPF will elect DR, BDR No neighbor statement
Point-to-Point OSPF will not elect DR, BDR No neighbor statement
Point-to-Multipoint OSPF will not elect DR, BDR No neighbor statement
Non-broadcast Multi-access OSPF will elect DR, BDR Neighbor statement is
Network (NBMA) required

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 56
LSA TYPES:

Type Description Generated By


LSA Type 1 Router LSA‟s All Routers
LSA Type 2 Network LSA‟s Designated Router
LSA Type 3 Network Summary LSA‟s Area Border Router
LSA Type 4 ASBR Summary LSA‟s Area Border Router
LSA Type 5 External LSA‟s Autonomous System Border Router

The OSPF Metric


OSPF determines the best path to a destination network based on based on metric cost, which
is based on the bandwidth of interfaces. The total cost of a route is the sum of all outgoing
interface costs. Lowest cost is preferred. It uses the formula 108/Bandwidth

Interface Type Cost


Serial – 64 Kbps 1562
T1 – 1.544 Mbps 64
Ethernet – 10 Mbps 10
Token Ring – 16 Mbps 6
Fast Ethernet – 100 Mbps 1

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 57
OSPF Configuration:

Router(config)#router ospf [process ID]

Router(config-router)#network x.x.x.x y.y.y.y area z (Where x.x.x.x is network information,


y.y.y.y is wildcard information and z is area)

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

RouterA(config)# router ospf 100


RouterA(config-router)# network 192.168.20.0 0.0.0.255 area 1
RouterA(config-router)# network 192.168.30.0 0.0.0.255 area 0

The 100 in the router ospf statement, indicates the OSPF process ID, and can be unique on
each router. The process ID allows multiple OSPF processes to run on the same router.
After the network we are using wildcard mask instead of a subnet mask in the network
statement. With OSPF, we don‟t advertise the networks instead we enable the interfaces to be
in specific areas, so that those routers can form neighbor relationships. The wildcard mask
0.0.0.255 tells us that the last octet can match any number.
The first network statement places interface Fa0/0 on RouterA into Area 1, and the second
network statement places interface Fa0/1 on RouterA into Area 0. We could also have written
the network statement more specifically like

RouterA(config)# router ospf 100


RouterA(config-router)# network 192.168.20.1 0.0.0.0 area 1
RouterA(config-router)# network 192.168.30.1 0.0.0.0 area 0

In order for Router B to form a neighbor relationship with RouterA, its connecting interface
must be put in the same Area and subnet as RouterA:

RouterB(config)# router ospf 101


RouterB(config-router)# network 192.168.40.1 0.0.0.0 area 1
RouterB(config-router)# network 192.168.30.2 0.0.0.255 area 0
In the above configuration please observer that the process Id is 101 which is not same as in
RouterA as this is locally significant, and RouterB‟s fa0/0 is in area 0 and fa0/1 in area 1.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 58
OSPF COMMAND REFERENCES

Command Description
RouterC(config-router)# passive-interface s0 Prevents Neighbor relationship as well, will
not send and receive updates.
RouterC(config-router)# router-id 1.1.1.1 Manually specifies the Router-Id
RouterC(config-router)# area 1 virtual-link 3.3.3.3 Create Virtual Links, where Virtual links can
be used as a workaround, to allow logically
connect separated areas to Area 0
Router(config-if)# bandwidth 64000 Change the bandwidth on an interface
Router(config-if)# ip ospf cost 5 Change the cost of an interface
Router(config-router)# ospf auto-cost reference- Changes the reference used in calculating
bandwidth 100 the metric
Router(config-if)# ip ospf priority 2 Changes the ospf priority of an interface
Router# show ip ospf neighbor Displays Neighbor Table
Router# show ip ospf database Displays Database table
Router# show ip ospf 100 View Specific OSPF process
Router# show ip ospf interface fa0/0 View Specific OSPF process on an interface
Router# debug ip ospf adj
Router# debug ip ospf events Debug OSPF in real time
Router# debug ip ospf hello

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 59
Section 16

Virtual LANs (VLANs)

Features and Characteristics of VLAN

Virtual LANs separate a Layer 2 switch into multiple broadcast domains.


Each VLAN is its own individual broadcast domain
Most commonly each VLAN will be in its own Subnet.
One or more ports can be assigned to a specific VLAN.
Only ports belonging to the same VLAN can freely communicate;
Inter VLAN communication requires a router to communicate.
Broadcasts from one VLAN will never be sent out ports belonging to another VLAN.

As in above diagram six computers are connected to a Layer 2 switch. PC1, PC3 and PC5
belong to VLAN 1, and PC2, PC4 and PC6 belong to VLAN 2. Since PC1, PC3 and PC5 belong
to the same VLAN, IP subnet and broadcast domain they can communicate to each other
without the need of a router. Similarly PC2, PC4 and PC6 belong to the same VLAN, IP subnet
and broadcast domain they can communicate to each other without a router, But PC1, PC3
and PC5 will not be able to communicate with PC2, PC4, or PC6 as they belong to separate
VLANs and separate IP subnets. Broadcasts from VLAN 1 will never go out ports configured
for VLAN 2. A router will be necessary for both VLANs to communicate.
Most Catalyst multi-layer switches have integrated or modular routing processors. Otherwise,
an external router is required for inter-VLAN communication.

By default with Cisco Catalysts, all ports on every switch belong to VLAN 1. VLAN 1 is also
considered the management VLAN.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 60
Advantages of VLAN:

Broadcast Control: In a generic Layer 2 switched environment, broadcasts are received by


every host on the switched network. But at the same time if VLANs are configured then, each
VLAN belongs to its own broadcast domain; thus broadcast traffic from one VLAN will never
reach another VLAN.
Security – We can logically separate PC based on functions, Department etc by creating
multiple VLANs.
Flexibility and Scalability – Irrespective of the geographical position, users and devices can
be added or moved anywhere on the physical network, but remain to be in the same VLAN.
Thus, access to resources will never be interrupted.

VLAN Membership

VLAN membership of two ways:

Statically – One or more switch-ports must be manually assigned to a VLAN. Any device
connecting to these switch-ports becomes a member of that VLAN.

Dynamically – Devices are automatically assigned into a VLAN based on its MAC address.
Cisco developed a dynamic VLAN product called the VLAN Membership Policy Server
(VMPS). In more sophisticated systems, a user‟s network account can be used to determine
VLAN membership.

VLAN Port Types

There are two types of ports supported on a VLAN-enabled switch, access ports and trunk
ports.

An access port belongs to only one VLAN. Host devices, such as computers and printers, plug
into access ports. A host automatically becomes a member of the VLAN, which the switch-port
is assigned to. This is done transparently, and the host is usually unaware of the VLAN
infrastructure. By default, all switch ports are access ports.
Trunk ports do not belong to a single VLAN. Any or all VLANs can traverse trunk links to
reach other switches. Only Fast or Gigabit Ethernet ports can be used as trunk links.

VLAN Frame-Tagging

On trunk links, switches need to differentiate the frames with respect to VLAN it belongs to.
Frame tagging places a VLAN ID in each frame, identifying which VLAN the frame belongs
to. Tagging occurs only when a frame is sent out a trunk port.

Cisco switches support two frame-tagging protocols, Inter-Switch Link (ISL) and IEEE 802.1Q.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 61
Inter-Switch Link (ISL) is a Cisco‟s proprietary frame-tagging protocol, and supports frames
like Ethernet, Token Ring, FDDI, and ATM frames. ISL encapsulates a frame with an additional
header (26 bytes) and trailer (4 bytes), increasing the size of an Ethernet frame up to 30 bytes.
The header contains the 10 byte VLAN ID. Since ISL increases the size of a frame, non-Cisco
devices will actually drop ISL-tagged frames. Many devices are configured with a maximum
acceptable size for Ethernet frames (usually 1518 bytes). ISL frames can be as large as 1544
bytes, and thus are considered to be “giants” or corrupt.

IEEE 802.1Q is an Open standard frame tagging protocol supported by most switch
manufacturers, including Cisco. Instead of adding an additional header and trailer, 802.1Q
actually embeds a 4-byte VLAN ID into the Layer 2 frame header. This still increases the size of
a frame from its usual 1518 bytes to 1522 bytes which is supported by most of the devices.

Manual vs. Dynamic Trunking

ISL or 802.1Q tagging can either be manually configured on Catalyst trunk ports, or dynamically
decided using Cisco‟s proprietary Dynamic Trunking Protocol (DTP).

A port can be placed into a dynamic trunk mode, or into static trunk mode. The either ends
can be different modes to create a trunk link.

Trunk Static trunking. Interface enters permanent


trunk mode, and will negotiate trunking
Dynamic Desirable Attempts to trunk with remote port.
Dynamic Auto Does not actively attempt to trunk with
remote port, but will form trunk if remote
port negotiates for trunking.

Possible Combinations to form trunk is as below:

Port End 1 Port end 2 Trunking


Trunk Trunk Yes
Trunk Dynamic Desirable Yes
Trunk Dynamic Auto Yes
Trunk Access No
Dynamic Desirable Dynamic Desirable Yes
Dynamic Desirable Dynamic Auto Yes
Dynamic Desirable Trunk Yes
Dynamic Desirable Access No
Dynamic Auto Dynamic Desirable Yes
Dynamic Auto Dynamic Auto No
Dynamic Auto Trunk Yes

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 62
Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 63
Switch Configuration:

To configure IP address to a Switch

Switch(config)# int vlan 1


Switch(config-if)# ip address 192.168.10.2 255.255.255.0

To configure Default gateway on a Switch

Switch(config)# ip address 192.168.10.1

To configure Static VLAN

Switch(config)# vlan 100


Switch(config-vlan)# name CCNA_VLAN

The above command creates VLAN 100 in the name CCNA_VLAN.

Note: VLANs is stored in Flash in a database file named vlan.dat.


However, information concerning which ports are assigned to a specific VLAN is not stored in
this file; it is stored in the startup-config file instead.

Assign an interface to this VLAN.

Switch(config)# interface fa0/1


Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 100

The above command configures the interface fa0/1 as an access port, and assigns this access
port to VLAN 100.

To view the list of VLANs, including which ports are assigned to each VLAN:
Switch# show vlan

Configuring Trunk Links


To manually configure a trunk port, either for ISL or 802.1Q tagging:

Switch(config)# interface fa0/10


Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation [isl] [dot1q]

The command sets the interface as a trunk port and also manually sets the tagging protocol the
trunk link will use. Both sides of the trunk line must be configured with the same tagging
protocol.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 64
The Catalyst switch can negotiate the tagging protocol:

Switch(config)# interface fa0/1


Switch(config-if)# switchport trunk encapsulation negotiate

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 65
VLAN Trunking Protocol (VTP)

In large switched networks, it will be difficult to maintain a consistent VLAN database across all
switches on the network. VLAN Trunking Protocol (VTP) allows the VLAN database to be
easily managed and consistent throughout the network.
Switches configured with VTP are joined to a VTP domain. Only switches belonging to the same
domain will share VLAN information, and a switch can only belong to a single domain. When an
update is made to the VLAN database, this information is propagated to all switches via VTP
advertisements.
By default, VTP updates are sent out every 300 seconds, or anytime a change to the database
occurs. VTP updates are sent across VLAN 1 and are only sent out trunk ports.

VTP Modes

Server – Switches can create, modify or delete entries in the VLAN database. Servers
advertise their VLAN database to all other switches on the network. Servers can synchronize
their database along with other Servers switches or Client switches. This is the default mode
for Cisco Catalyst switches. Servers can only advertise VLANs 1 - 1005.

Client – Switches cannot make modifications to the VLAN database, and will receive all of
their VLAN information from VTP servers. A client will also forward an update from a server
to other clients.

Transparent – Switches will not advertise or accept any VLAN database information from
other switches. Changes made are only local to the transparent switch. However, transparent
VTP switches will forward VTP information from servers to clients.

All synchronize their database based on their revision number.

Catalyst switches that participate in a VTP domain support up to 1005 VLANs. Catalyst
switches configured in VTP transparent mode support up to 4094 VLANs.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 66
Configuring VTP

To configure VTP domain:


Switch(config)# vtp domain Cisco

To configure a switch‟s VTP Mode:


Switch(config)# vtp mode server
Switch(config)# vtp mode client
Switch(config)# vtp mode transparent

VTP domain can be password protected using:


Switch(config)# vtp password P@ssw0rd

All switches participating in the VTP domain must be configured with the same password.

VTP versions: Version 1 and Version 2

VTP version 2 supports additional functionality, including error checking and support for token
Ring. VTP version 2 also allows transparent switches to always forward update information
from servers to clients, even if the transparent switch is in a separate domain. By default, a
Catalyst switch uses VTP version 1.

To configure the VTP version:

Switch(config)# vtp version 2

To view status information about VTP, including version, domain and mode:
Switch# show vtp status

Message and error counters can also be viewed:


Switch# show vtp counters

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 67
VTP Pruning

VTP pruning is a process of preventing unnecessary VLAN broadcast or multicast traffic.


With VTP pruning, traffic is only sent out the necessary VLAN trunk ports where those VLANs
exist.

In the above example, VTP pruning would prevent VLAN 3, VLAN 4 and VLAN 5 broadcasts
from being sent to Switch 3. Also Pruning would prevent VLAN 5 broadcasts from being sent
to Switch 2.

VTP pruning is disabled by default on Catalyst IOS switches. To enable VTP pruning:

Switch(config)# vtp pruning

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 68
Section 17

Access Control Lists (ACLs)

Access control lists is used not only to filter traffic, but also to identify traffic.

Access lists are a set of rules or written statements, organized in a rule table. Each rule or line
in an access-list provides a condition, to either permit or deny:
When access-list is used to filter traffic, and when the permit statement is used, it means to
allow the traffic and when a deny statement is used it means to block the traffic.
And as with the second functionality of using an access list to identify traffic, the permit
statement is used to include traffic and a deny statement is used to not to include the
traffic.

Examples of filtering traffic:

Permit only a particular host to telnet to a router not others


Permit only HTTP traffic from one network to an other and at the same time block all other
traffic.

Examples of identifying traffic:

• Identifying interesting traffic to bring up an ISDN link or VPN tunnel


• Identifying routes to filter or allow in routing updates
• Identifying traffic for QoS purposes

Here will be working with ACL to filter traffic:

After configuring ACL or set of rules, these ACL are applied on interfaces. When a packet
enters or exits an interface with an ACL applied, the packet is compared against the criteria of
the ACL. If the packet matches the first line of the ACL, the appropriate action as to whether
permit or deny is taken. If there is no match, then the second line criteria is examined. Again, if
there is a match, the appropriate action is taken; if there is no match, the third line of the ACL
is compared to the packet and the process continues until a match is found, at which time the
ACL stops running. If no match is found, then there is an implicit ‘deny all’ at the end of all
access lists which will deny all traffic. You don‟t create it, and you can‟t delete it. Thus, access
lists that contain only deny statements will prevent all traffic.

Access lists are applied either inbound or outbound


Inbound ACL: Packets received on an interface will be checked against ACL and then
Routing table before sending the packets out.
Outbound ACL: Here Packets will be checked against routing table and then ACL
before leaving the Router.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 69
Only one access list per interface, per protocol, per direction is allowed. More specific
and frequently used rules should be at the top of your access list, to optimize CPU usage. New
entries to an access list are added to the bottom. You cannot remove individual lines from
numbered access list. You must delete and recreate the access to truly make changes.
Types of Access Lists

There are two categories of access lists: numbered and named.

Numbered access lists is based on several ranges of numbers dedicated to a specific protocol,
ACL are defined. Example:
1–99 IP standard access list
100-199 IP extended access list
1300-1999 IP standard access list (expanded range)
2000-2699 IP extended access list (expanded range)

Named access lists provide a bit more flexibility. Descriptive names can be used to identify
your access-lists. Additionally, individual lines can be added and removed from a named access-
list. However, like numbered lists, all new entries are still added to the bottom of the access
list.

Standard IP Access List

Standard IP access-lists are based upon the source host or network IP address, and should be
placed closest to the destination network.

Example:

access-list 10 permit 192.168.10.0 0.0.0.255

This list allows traffic from all addresses in the range 192.168.10.0 to 192.168.10.255

Extended IP Access List

Extended IP access-lists block based upon the source IP address, destination IP address, and
TCP or UDP port number. Extended access-lists should be placed closest to the source
network.

Example:

access-list 101 permit tcp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 eq 80

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 70
ACL 100 says to permit only HTTP traffic originating from any address on the 192.168.10.0/24 network
to 192.168.20.0/24 network.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 71
Standard IP Access List Example:

Syntax: access-list [1-99] [permit | deny] [source address] [wildcard mask] [log]

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

Example: To block Hosts in network 192.168.20.0 from accessing the hosts in the
192.168.40.0 network

RouterB(config)# access-list 10 deny 192.168.20.0 0.0.0.255


RouterB(config)# access-list 10 permit any

To apply this access list,

RouterB(config)# int fa0/1


RouterB(config-if)# ip access-group 10 out

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 72
Extended IP Access List Example:

Syntax: access-list [100-199] [permit | deny] [protocol] [source address] [wildcard mask]
[destination address] [wildcard mask] [operator [port]] [log]

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

Example: If a file server is on the 192.168.40.x network with an IP address of 192.168.40.2.


To block network 192.168.30.0 from accessing anything on the 192.168.40.0 network, EXCEPT
for the FTP port on the file server.

RouterA(config)# access-list 101 permit tcp 192.168.20.0 0.0.0.255 host 192.168.40.2 eq 20


RouterA(config)# access-list 101 permit tcp 192.168.20.0 0.0.0.255 host 192.168.40.2 eq 21
RouterA(config)# access-list 101 deny ip192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255
RouterA(config)# access-list 101 permit ip any any

To apply this access list:

RouterB(config)# int fa0/0


RouterB(config-if)# ip access-group 101 in

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 73
Telnet Access List Example

Even though telnet access can be restricted using extended ACL it would be of more overhead
on Routers memory since it has to check for each packet entering or leaving the router, hence
we use telnet access lists which gives us the flexibility of applying the same on telnet lines rather
on an interface.

Router A:
Fa0/0 – 192.168.20.1 /24, Fa0/1- 192.168.30.1 /24

Router B:
Fa0/0 – 192.168.30.2 /24, Fa0/1- 192.168.40.1 /24

Example: Create an access list that prevents anyone from 192.168.40.x network from
telneting into Router A, but allow all other networks telnet access to RouterA.

RouterA(config)# access-list 10 deny 192.168.40.0 0.0.0.255


RouterA(config)# access-list 10 permit any

To apply it to telnet line:

RouterA(config)# line vty 0 4


RouterA(config-line)# access-class 10 in

Access lists can be verified using:

Router# show access-list 101


Router# show ip interface

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 74
Section 18

WAN – Wide Area Network

WAN spans a large geographic area, such as a state, province or country. WANs often connect
multiple smaller networks, such as local area networks or metro area networks.
The world's most popular WAN is the Internet. WANs generally utilize different and much
more expensive networking equipment than do LANs. Key technologies often found in WANs
include SONET, Frame Relay, and ATM.

WAN Connection Types


WANs are generally grouped into three separate connection types:
• Point-to-Point technologies
• Circuit-switched technologies
• Packet-switched technologies

Point-to-Point connection also known as leased line is used to provide full connectivity
between two sites in a point-to-point manner. This type of connection is purchased from the
telephone company and uses a permanent path through the Telco‟s infrastructure, from one
site to another. There is no call setup and teardown, which means the circuit, is always
available.

Since the company owns the line, it has full use of the bandwidth, whether it is used or not. The
speed of the link can range up to a T3, which is approximately 45 Mbps. This is a very costly
connection type as the distance increases. This type of connection is usually done with a
synchronous serial type of connection. Cisco supports this type with virtually all of their
routers, using one or more different types of synchronous serial connections, including

EIA/TIA-232

V.35

HSSI

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 75
In Circuit-Switched Connections the circuit, or dedicated path, is created when the call is
initiated to the remote site and the circuit is destroyed when the call ends. The best example of
a circuit-switched network is the Public Switched Telephone Network (PSTN). There are two
types of circuit-switched connections available: Asynchronous and ISDN (Integrated
Services Digital Network).

Asynchronous circuits for data transfer are accomplished through a modem and the use of
the telephone network. The cost is less when compared to other types of WAN connections,
but at the same time low bandwidth is available. Depending on the setup of the connection, the
best that can be accomplished is 56 Kbps.

ISDN has two flavors that are used for WAN connections. The first is Basic Rate Interface
(BRI) and has a maximum bandwidth of 128 Kbps and the other is Primary Rate Interface (PRI)
and can reach speeds up to 2 Mbps.

Packet-Switched Connections is a method where two or more sites are connected


through a shared network, typically called a cloud. By shared network, we mean that more than
one company has access to the cloud. Remote sites are connected via a virtual circuit (VC) that
allows data to traverse the cloud and arrive at the correct location. Within the cloud, each
packet can take a different path to reach the final destination. Because the data travels through
a shared cloud, the cost tends to be lower than the same bandwidth used for a dedicated line.
Although usually more expensive and not as freely available as circuit-switched networks, the
additional bandwidth is up to T1 speeds. Also, it is cheaper over longer distances than
dedicated lines.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 76
WAN Terminologies

Router of the customer is connected to a CSU/DSU (Channelized Service Unit/Data Service


Unit), which provides the clocking and channelization for T1 or T3 technology. The CSU/DSU
converts the signal for use on an Ethernet or other LAN technology network. If other WAN
technology is used then a different device will be required, like

• ISDN – a terminal adapter


• Dialup – a modem

The Demarc refers to the point of last responsibility for the service provider. All equipment
on the Customer Premises side of the Demarc is the customer‟s responsibility to maintain.

The Smart Jack physically terminates the T1 line. If there is a connectivity issue, the provider
will perform a ping test to the smart jack.

The Local Loop or Last Mile refers to the physical line connecting from the Customer
Premises to the provider‟s nearest Central Office (CO).

Protocols Used on WANs

There are many different types of protocols used on WAN. These protocols all operate at
layer 2 (at least) of the OSI model (data-link layer).

Point-to-Point Protocol (PPP)


Serial Line Internet Protocol (SLIP)
High-Level Data Link Control (HDLC)
Frame Relay (FR)
X.25

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 77
Section 19

PPP and HDLC

High-Level Data-link Control (HDLC) is a WAN encapsulation protocol used on dedicated


point-to-point serial lines. Though HDLC is technically an ISO standard protocol, Cisco‟s
implementation of HDLC is proprietary, and will not work with other routers. HDLC is also
Cisco‟s default encapsulation type for serial point-to-point links. HDLC provides no
authentication mechanism.

Point-to-Point Protocol (PPP) is a standardized WAN encapsulation protocol that can be


used on a wide variety of WAN technologies, including:

• Serial dedicated point-to-point lines


• Asynchronous dial-up (essentially dialup)
• ISDN

PPP uses:

• LCP – for establishing, setting-up, and terminating point-to-point links


• NCP – allows multiple Layer-3 protocols (such as IP and IPX) to be encapsulated
into frames

PPP Features:

• Authentication
• Compression
• Multi-link
• Error Control

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 78
Configuring HDLC

Router(config)# int s0/0


Router(config-if)# encapsulation hdlc

Configuring PPP

Router(config)# int s0/0


Router(config-if)# encapsulation ppp

PPP Authentication Methods

PPP supports PAP (Password Authentication Protocol) and CHAP (Challenge


Handshake Authentication Protocol). PAP sends passwords in clear text, and thus does
not provide much security. CHAP uses MD5 to apply an irreversible hash.

To configure PPP authentication:

Router(config)# hostname RouterA


RouterA(config)# username RouterB password P@ssw0rd
RouterA(config)# int s0/0
RouterA(config-if)# ppp authentication chap

After setting the hostname the username and password used for PPP authentication is set. The
username must be the hostname of the remote router, and the password must be the same on
both routers.

The above configuration sets the authentication to chap. To instead configure pap
authentication:

Router(config)# int s0/0


Router(config-if)# ppp authentication pap

To view the encapsulation configured on the interface:

Router# show interface s0/0

To troubleshoot PPP authentication:

Router# debug ppp authentication

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 79
Section 20
Frame Relay

Frame-Relay is a packet-switched technology, which shares bandwidth between users on the


switched network. Frame-relay costs less compared to dedicated, leased Lines.

All customer devices connect into the frame relay cloud, this cloud contains many Frame-Relay
switches and routers. Virtual circuits (VC) must be created for each end to end
communication. A VC is a one-way path through the Frame-Relay cloud.

In the above example, in order to establish full communication between all the four, A virtual
circuit between all of them which can be calculated using the formula n(n-1)/2, which in this
case would be 6 Virtual Circuits. Frame-relay circuits can either be permanent (PVC), or
switched (SVC). A permanent virtual circuit is always kept active and most commonly used
virtual circuit. A switched virtual circuit is created and terminated as and when required like a
circuit switched network. Like in Ethernet where Layer 2 to layer 3 mapping with respect to
MAC Address and IP Address, Frame relay uses Data Link Connection Identifiers (DLCIs)
to create virtual circuits. Frame-Relay switches make forwarding decisions based on DLCIs.

Frame-Relay Encapsulation Types

Cisco supports two types Frame relay encapsulations.

• Cisco – the default, and proprietary, Frame-Relay encapsulation


• IETF – the standardized Frame-Relay encapsulation.

By default it uses Cisco Frame encapsulation.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 80
Frame-Relay Local Management Interface (LMI)

LMI is the type of signaling used between the customer router and provider‟s Frame-Relay
switch. LMI provides status updates of Virtual Circuits between the Frame switch and the
router. It is also the keepalive mechanism.

There are three LMI-types:

• Cisco – default and proprietary (naturally)


• ANSI
• Q.933a

Frame Relay Point –to-Point Configuration:

INDIA SINGAPORE

Router Configuration on INDIA

INDIA(config)# int s0
INDIA(config-if)# ip address 192.168.30.1 255.255.0.0
INDIA(config-if)# encapsulation frame-relay
INDIA(config-if)# frame-relay lmi-type cisco
INDIA(config-if)# frame-relay interface-dlci 102
INDIA(config-if)# no shut

Router Configuration on SINGAPORE

SINGAPORE (config)# int s0


SINGAPORE (config-if)# ip address 192.168.30.2 255.255.0.0
SINGAPORE (config-if)# encapsulation frame-relay
SINGAPORE (config-if)# frame-relay lmi-type cisco
SINGAPORE (config-if)# frame-relay interface-dlci 102
SINGAPORE (config-if)# no shut

The frame-relay interface-dlci command identifies the one-way PVC on a point-to-point


connection. DLCI between INDIA – SINGAPORE is 102. DLCI between SINGAPORE - INDIA
is 201. These DLCI numbers are assigned by the provider, as the provider‟s Frame switch is
configured with the appropriate DLCI information.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 81
Router can get all PVC and DLCI information directly from the Frame-Relay switch via LMI,
using Inverse-ARP. Inverse-ARP is enabled by default on Cisco routers.

If Inverse-ARP has to be disabled on an interface the following command is used:


Router(config)# int s0/0
Router(config-if)# no frame-relay inverse-arp

Frame Relay Multipoint / Full Mesh Configuration:

Router Configuration on INDIA

INDIA(config)# int s0
INDIA(config-if)# ip address 192.168.30.1 255.255.0.0
INDIA(config-if)# encapsulation frame-relay ietf
INDIA(config-if)# frame-relay lmi-type cisco
INDIA(config-if)# no frame-relay inverse-arp
INDIA(config-if)# frame-relay map ip 192.168.30.2 102 broadcast
INDIA(config-if)# frame-relay map ip 192.168.30.3 103 broadcast
INDIA(config-if)# no shut

Router Configuration on SINGAPORE

SINGAPORE (config)# int s0


SINGAPORE (config-if)# ip address 192.168.30.2 255.255.0.0
SINGAPORE (config-if)# encapsulation frame-relay ietf
SINGAPORE(config-if)# frame-relay lmi-type cisco
SINGAPORE (config-if)# no frame-relay inverse-arp
SINGAPORE (config-if)# frame-relay map ip 192.168.30.1 201 broadcast
SINGAPORE (config-if)# frame-relay map ip 192.168.30.3 203 broadcast
SINGAPORE (config-if)# no shut

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 82
Router Configuration on MALAYSIA

MALAYSIA(config)# int s0
MALAYSIA (config-if)# ip address 192.168.30.1 255.255.0.0
MALAYSIA(config-if)# encapsulation frame-relay ietf
MALAYSIA(config-if)# frame-relay lmi-type cisco
MALAYSIA(config-if)# no frame-relay inverse-arp
MALAYSIA(config-if)# frame-relay map ip 192.168.30.1 301 broadcast
MALAYSIA(config-if)# frame-relay map ip 192.168.30.2 302 broadcast
MALAYSIA(config-if)# no shut

Full-mesh Frame-Relay environments can get quite expensive. Partial-mesh environments are
often more cost-effective. Example of partial Mesh topology is hub-and-spoke, with one
central or hub location that connects all other locations called spokes. In a partial-mesh
environment, if both spokes terminate on the Hub router‟s physical serial interface, split-
horizon will prevent one spokes network reaching the other spokes. To overcome this, at
Hub we can use sub-interfaces with different subnets creating Point-to-point links with
each spoke.

Frame-Relay Commands:

Router# show frame-relay pvc Displays information about each PVC


Router# show frame-relay map Displays Frame-Relay DLCI-mappings,
Router# show frame-relay lmi Displays the LMI-type and traffic on each interface.
Router# debug frame-relay lmi Used in troubleshooting communication problems
between the router and Frame-Relay Switch
Router# debug frame-relay Displays packets received on a Frame-Relay interface:
Router# debug frame-relay Displays Frame Relay packets sent on a interface:
packet

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 83
Section 21

NAT -Network Address Translation

IP Address can be either Private Address or Public Address,

A public address is a unique address on the internet and can be routed on the Internet.
Hence devices that should be Internet accessible must be configured with public addresses.

A private address is only used within an organization, and can never be routed on the
internet. Three private addressing ranges were allocated, one for each IPv4 class:

Class Range
Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255

NAT is used to translate between private addresses and public addresses. NAT allows devices
configured with a private address to be changed to public address and vice versa allowing those
devices to communicate across the Internet.

NAT helps in conserving IP Address

NAT provides an additional benefit – hiding the specific addresses and addressing structure of
the internal network.

NAT Types

Static NAT – Static NAT does an one-to-one translation between two addresses, or between
a port on one address to a port on another address. Static NAT is most often used to assign a
public address to a device behind a NAT-enabled firewall/router.

Dynamic NAT – Uses a pool of global addresses to dynamically translate the outbound traffic
of clients.

NAT Overload or Port Address Translation (PAT) – Translates to a single global


address with unique port numbers. PAT is necessary when the number of internal clients
exceeds the available global addresses.

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 84
NAT Terminology

Inside Local – the specific IP address assigned to an inside host – usually a Private address.
Inside Global – the address that identifies an inside host to the outside world - usually a
public address.
Outside Global – the address assigned to an outside host - usually a public address at the
remote site.
Outside Local – the address that identifies an outside host to the inside network.

Configuration of NAT

Configuring Static NAT

Router(config)# int e0/0


Router(config-if)# ip nat inside
Router(config)# int s0/0
Router(config-if)# ip nat outside
Router(config)# ip nat inside source static 192.168.20.1 128.168.1.1

The above command translates Inside Local address of 192.168.20.1 to inside global of
128.168.1.1. Also the inside and outside interfaces are identified:

Configuring Dynamic NAT

Router(config)# int e0/0


Router(config-if)# ip nat inside
Router(config)# int s0/0
Router(config-if)# ip nat outside
Router(config)# ip nat pool Outpool 128.168.1.1 128.168.1.62 netmask 255.255.255.192
Router(config)# access-list 10 permit 192.168.20.0 0.0.0.255
Router(config)# ip nat inside source list 10 pool Outpool

The above command creates a Pool of Inside Global IP‟s in the name of Outpool, so that the
clients as identified by the ACL can pick an address dynamically from the pool before exiting
the network. Also the inside and outside interfaces are identified:

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 85
Configuring NAT Overload (or PAT)

Router(config)# int e0/0


Router(config-if)# ip nat inside
Router(config)# int s0/0
Router(config-if)# ip nat outside
Router(config)# ip nat inside source list 10 interface Serial0/0 overload
Router(config)# access-list 10 permit 192.168.20.0 0.0.0.255

Any inside host with a source that matches access-list 10 will be translated with overload to the
IP address configured on the Serial0/0 interface. Also the inside and outside interfaces are
identified.

NAT Commands

Router# show ip nat translations Displays all current static and dynamic translations
Router# show ip nat statistics Displays an interface Status of inside or outside, displays
NAT translations statistics:
Router# debug ip nat Displays NAT translations in real-time
Router# clear ip nat translation Clear all dynamic NAT entries from the translation
table

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 86
TCL Network Associate Handout

TCL TRAINING DIVISION


Shivaramakrishna. S, CCIE #24937, MCT #3089724
CCNP, CCIP, MCSE NT/2000/2003, MCITP, MCDBA, JNCIA - ER/EX
shivaramakrishna.s@tatacommunications.com

Special Thanks To:


Rajesh Kumar, General Manager – HR
rajesh.kumar@tatacommunications.com

Designed & Developed by TATA Communications Ltd. for internal purpose | Confidential 87