Summary of CCNA and CCNP for quick reference
1
NUMPAGES 1
NUMPAGES 1
NUMPAGES 1
NUMPAGES 1
NUMPAGES 1
(CCNA)
CREATED BY MUKESH KOTHARI
(CCNA&MCSE CERTIFIED)
CCNA and CCNP for quick reference
Why Cisco internetworking required?
To sort out the problems in LAN like
( Too many hosts in a broadcast domain,
Broadcast Storm
Multiplexing
Low Bandwidth
Routers, Switches, Bridges and Hubs are used
Routers are used to break the broadcast domain,
Routers can filter the network based on IP Address and forwards the packet to other network
Switch breaks collision domain (every port is collision domain), but one broadcast domain
Switches are used to optimize the performance of LAN,
Switch switches frames from one port to another, does not forward it to other network
More manageable with VLANS, STP etc. than Bridge
100s of ports available
Bridge breaks collision domain (each port is collision domain like switch), but one broadcast domain, same function as switch
16 ports maximum
Not manageable like switch
Hub does not break any domain. One Broadcast domain, one collision domain
Not manageable
Networking basics A network is, fundamentally, a system of senders and receivers a common feature of any communication system.
The sender, or source, is a computer which sends information to another.
The receiver, or destination computer, is the computer to which the information is sent.
Any machine capable of communicating on the network is a device or node In order to communicate the devices must be connected to each other.
Most networks are connected by cable.
Cables can use either copper or optical fibre to carry the signals
Radio and microwave transmission are becoming increasingly common.
If two or more networks are connected to each other this is known as an internet work.
A network which covers a single floor, or perhaps an entire building, is known as a Local Area Network (LAN).
LANs connected using high speed links across a metropolitan area is known as a MAN.
If the public switched telephone network is used to connect the networks this is known as a Wide Area Network, or WAN.
If a number of LANs are connected to a larger central network this is known as a Backbone Network, or BN (eg University of Wolverhampton).
Local Area Networks
Now an essential part of everyday functioning in schools, business, government etc
Saves time, resources, allows information to be held securely and centrally
Improves collaboration between colleagues
May be used for training capable of carrying audio and video Several devices connected via cable to a hub
Hubs are the most common device found on a network
Some organisations will have LANs on each floor of a building connected by a bridge or router All devices on the LAN communicate via network interface cards (NICsCharacteristics include:
Used in small geographical areas
Offer high-speed communications (>10Mbps)
Provide access to many devices
Use LAN-specific devices such as repeaters, hubs and network interface cards
Metropolitan Area Networks
Made up of LANs which are interconnected across a metropolitan area
Have become increasingly popular, eg among local government
Allows sharing of resources, plus the provision of a large-scale private phone service
Expensive to implement, provides high speed service (compared to WANs)
Requires use of high-performance cable and equipment to implement them
Also may appeal to regional businesses
Can span up to 75 miles
Gives access speeds in hundreds of megabits per second (or even gigabits speeds)
Uses a single connection point to connect LANs
As well as using routers will also use switches
Wide Area Networks
Interconnects two or more LANs or WANs
Uses slow connections leased from a Telco
Spans cities, countries or even continents
Requires co-ordination and expensive equipment
Speeds may be 56Kbps to 1.5 Mbps (speeds of 45Mbs are available)
Slow is comparative faster speeds are emerging for use in WANsCharacteristics include:
Cover large areas may span the world
Compared to LANs slow speed communication
Access to WANs is limited a LAN will access a WAN through a single point (often a bottleneck)
Will use devices such as routers, modems and WAN switches
1876 March 10 The telephone is invented 1982 February - The Mercury consortium received a licence to build and operate an independent network to compete across the full range of telecoms services.
1983 April - Mercury launched its first telecoms services in the City of London. May Licences were granted to Cellnet and Vodafone to provide national cellular radio networks.
1986 May - Mercury began offering basic network services
Early 1960s Advanced Research Projects Agency (ARPA) begins work on ARPAnet
First nodes connected to University of California
1971 23 nodes now connected
1974 - Packets and TCP established
1976 - The queen sends her first email
TCP/IP defines future communications
1986 - sees 5000 hosts and 241 newsgroups
1987 - sees 28000 hosts
1988 - Internet Relay Chat (IRC) developed
1989 - Military portion split off as DARPAnet, leaving public infrastructure now known as Internet
Success of Internet due to BSD UNIX
Major American universities form first backbone for the Internet known as NSFNET
1989 - hosts now over 100 000
1990 - First ISP The World comes on line
1991 - sees first commercial use of Internet
1991 - A Briton (Tim Berners-Lee) establishes World Wide Web (released by CERN)
1994 - Commercialisation Begins (3 million hosts, 10 000 WWW sites, 10 000 News Groups
1994 - First pizza from Pizza Hut online in US
1995 - 6.5 Million hosts, 100 000 web sites
1995 - Search Engines
1996 - Microsoft enter. Browser war begins
1997 - 20 Million hosts, 1 1 Million WWW sites
1997 onwards growth is exponential .
The Abilene Project (Internet 2), 95 universities, 12 regional gigaPOPs
SHAPE \* MERGEFORMAT
What is the OSI model ? Open Systems Interconnection model is fundamental to all communications between network devices.
Developed in 1974 by ISO after the American Department of Defence began using the TCP/IP suite of protocols.
Finally adopted in 1977. It is now the theoretical model for how communication takes place between network devices
Encapsulation
Layer NamealiasLayer FunctionType of Application / Protocols Used
ApplicationUpper
LayersProvides a User Interface / file, print, message, database and application servicesWWW, E-mail gateways (SMTP or X.400)
EDI (Electronic data interchange flow control of accounting, shipping, inventory tracking)
Special Interest bulleting boards chat rooms
Internet navigation utilities Google & Yahoo! Search engines, Gopher, WAIS
Financial transaction services currency exchange rates, market trading,commodities etc.
PresentationPresents Data, Handles processes of encryption, compression and translation servicesPICT, TIFF, JPEG, MIDI, MPEG, RTF, Quick Time (manages audio and video applications of Macintosh programmes)
SessionSetting up, managing and ending up sessions between presentation layer entities,
Keeps different applications data separate / Dialog ControlNFS, SQL, RPC, X Window (GUI based protocol like GUI interface in Linux), Apple Talk Session Protocol (ASP), Digital Network Architecture Session Control Protocol (DNA SC) DECnet session layer protocol
TransportLower
LayersEnd to End Connectivity / Provides reliable or unreliable deliver, Performs error correction before retransmit. Known as Communication Layer also(TCP/UDP) Flow Control: prevents buffer from overflowing in receiving host no loss of data, Connection Oriented Protocol, Windowing Acknowledgement
NetworkRouting / Provides logical addressing, which routers use for path determinationPasses User Data Packets routed protocols (IP/IPX)
Passes Route Update Packets routing protocols (RIP, IGRP, EIGRP, OSPF, BGP)
Routing Tables : Protocol-specific network address, Exit Interface, Metric (load, reliability, bandwidth, MTU, hop count distance), Access lists, VLAN Connections, QoS for specific network traffic
Data LinkFraming / Combines packets into bytes and bytes into frames, Provides access to media using MAC address, Performs error detection not correctionProvides physical transmission of data and handles error notification, network topology and flow control.
MAC Layer (802.3): Defines how packets are placed on media. Physical addressing, logical topologies (signal path through physical topology), line discipline, error notification (not correction), ordered delivery of frames, optional flow control.
LLC Layer (802.2): Identify the network layer protocols and then encapsulate them. Decides where to destined the packed when frame received (IP Protocol at the network layer), flow control and sequencing of control bits.
Layer 2 Switches and Bridges work here.
PhysicalPhysical topology / Moves bits between devices, specifies voltage, wire speed and pin-out of cablesSends / receives bits. (0s/1s). Different signaling methods for different type of medias. We can identify the interface between DTE (attached device) and DCE (located at service provider) DTE can be accessed through modem or CSU/DSU.
Lab Equipment
Although lab equipment is not needed to benefit from this book, having your own equipment is highly recommended. By being able to follow the commands outlined in this book, you will experience for yourself the process of configuring a network from the ground up. If you choose to obtain your own equipment, Table 1-3 lists all the needed equipment for this lab network.
Table 1-3. Lab Equipment
Hardware: Quantity
Catalyst 1900 series switch 1
Cisco 2501 3
Cisco 2504 2
Cisco 2514 1
Cisco 2523 1
Cisco 2511 1
Black Box ISDN Simulator 1
Cables:
Cat 5 straight-through cables with RJ-45 connectors (for ISDN ports) 2
Cat 5 Ethernet cables with RJ-45 connectors 6
Token Ring DB9toType 1 interface cable 2
Standard power cables 9
V.35 DTE-DCE back-to-back cables (DB60 to DB60) 4
Octal cable (For terminal server 2511) 1
Miscellaneous:
Ethernet AUItoRJ-45 Transceiver 6
Token Ring MAU 2
Power strips[1] ***
Ethernet Networking:
( A media access method that allows all hosts on a network to share the same bandwidth of a link
( It is scalable to Fast Ethernet and Giga Ethernet
( Easy to implement and troubleshoot
( Use Data Link and Physical layer specifications
( Uses CSMA/CD protocol to avoid collision of data being transferred by two devices at the same time
( Effect of CSMA/CD network sustaining heavy collision like Delay, Low throughput and Congestion
( Half Duplex (802.3) uses one pair of wire with a signal running in both directions on the wire
( Full Duplex uses two pairs of wire and sends and receives the data on separate pair makes data transfer faster
( Full Duplex can be used between Switch to host, Switch to Switch, Host to Host
( When powered on, first connects to remote end, negotiate with the other end (called auto detect mechanism method) which decides the exchange capability (10/100/1000 Mbps).
Ethernet at the Data Link Layer :MAC Addressing and data transfer takes place through the form of frames like Ethernet II frame, 802.3 Ethernet frame, 802.2 SNAP frame and 802.2 SAP frame.
10 Base 2 : 10 Mbps, baseband technology, 185 Mtrs. length, thinnet, supports up to 30 nodes on a single segment. Use BNC (British Naval Connector) and T-connectors. Use logical and physical bus with AUI (15 pins) connectors. (Attachment Unit Interface allows one bit-at-a-time transfer to the physical layer from data link media access method.)
10 Base 5 : 10 Mbps, baseband technology, 500 Mtrs. length, thicknet, up to 1024 users with 2500 meters with repeaters. Use logical and physical bus with AUI connectors.
10 Base T : 10 Mbps using Cat 3 UTP wiring, each device must connect to hub/switch so one host per segment or wire. Uses RJ-45 connector (8 pin modular connector) with physical star and logical bus topology.
100 Base TX : EIA/TIA Cat 5,6,or 7 UTP two-pair wiring. One user per segment, up to 100 Mtrs. long. RJ-45 Connector with a physical star and a logical bus topology. Use MII -- Media Independent Interface (uses nibble, defined as 4 bits) which provides 100 Mbps throughput.
100 Base FX : Use fiber cabling 62.5/125-micron multimode fiber. Point-to-point technology, up to 412 Mtrs. long, ST or SC connector which are MII.
1000 Base CX : Copper twisted-pair called twinax (a balanced coaxial pair) that can run up to only 25 meters. GMII interface.
1000 Base T : Cat 5 UTP four pair wiring up to 100 meters long.
1000 Base SX : MMF using 62.5/50 micron core, uses 850 nano-meter laser, and range is from 3 Kms to 10 Kms
The Cisco Three-Layer Hierarchical Model
The Core Layer
= Backbone
The Distribution Layer = Routing
The Access Layer
= Switching
The Core Layer:
( Responsible for transporting large amounts of traffic reliably and quickly
( Only purpose is to switch traffic as fast as possible
( If failure, every single user will be affected
( FDDI, Fast Ethernet and ATMs are suitable technologies
( Routing protocols with lower convergence time
The Distribution Layer:
( Referred to as Workgroup Layer also
( Communication point between core and access layers
( Provides routing, filtering and WAN access and how packets access to the core if needed
( Place where policies are defined for network like ----
Routing
Access lists, packet filtering, queuing
Security and network policies, including address translation and firewalls
Redistributing between routing protocols and static routing
Routing between VLANs
Definitions of broadcast and multicast domains
The Access Layer:
( Also known as Desktop Layer
( Controls user and workgroup access to inter network resources
( Layer where end user directly connects
( Continued access control and policies from distribution layer
( Creates separate collision domain
( Workgroup connectivity into the distribution layer
( DDR and Ethernet Switching technologies
TCP/IP & DoD Model
TCP/IP suit was created by the Department of Defense to ensure and preserve data integrity.
DoD ModelOSI ModelProtocols UsedFunction
Process/ ApplicationApplicationTelnet, FTP,
LPD, SNMP, TFTP, SMTP, NFS, X WindowDefines protocols for node-to-node application communication and also controls user-interface specifications.
Presentation
Session
Host-to-HostTransportTCP, UDPDefines protocols for transmission service, creates reliable end-to-end error free communication, handles packet-sequencing and maintains data integrity.
InternetNetworkICMP, ARP, IP RARP, EIGRP, IGRP, OSPFDesignates the packet for transmission over network, provides IP addresses to hosts and handles routing of packets among multiple networks.
Network AccessData link
PhysicalEthernet, Fast Ethernet, Token Ring, FDDIMonitors the data exchange between the host and the network. Oversees hardware addressing and defines protocols for physical transmission of data.
TCP Header Format
Bit 0
Bit 15 Bit16
Bit 31
Source Port (16)Destination Port (16)
Sequence Number (32)
Acknowledgement Number (32)
Header Length (4)Reserved (6)Code Bits (6)Window (16)
Checksum (16)Urgent (16)
Options (0 or 32 if any)
Data (varies)
The TCP header is 20 bytes long, or 24 bytes with options.
UDP Header Format
Bit 0 Bit 15 Bit 16 Bit 31
Source Port (16)Destination Port (16)
Length (16)Checksum (16)
Data (if any)
Differences:
TCPUDP
SequencedUn sequenced
ReliableUnreliable
Connection-orientedConnectionless
Virtual circuitLow overhead
AcknowledgementsNo acknowledgements
Windowing flow controlNo windowing or flow control
Port Numbers:TCP and UDP must use port numbers to communicate with upper layers, because they keeps track of different conversations crossing the network simultaneously. Source port numbers are assigned by the source host dynamically with port starting number 1024.
Port Numbers for TCP and UDP
Application Layer
Port Numbers
Transport LayerFTPTelnetDoomDNSTFTPPOP3News
TCPUDP
Port Numbers below 1024 are well-known ports and defined in RS 3232
1024 & above are used by upper layers to set up sessions with other hosts, and by TCP to use as source and destination addresses in TCP segment
IP Header
Bit 0
Bit 15 Bit 16
Bit 31
Version (4)Header Length (4)Priority and Type of Service (8)Total Length
(16)
Identification (16)Flags (3)Fragment Offset (13)
Time to Live (8)Protocol (8)Header Checksum (16)
Source IP Address (32)
Destination IP Address (32)
Options (0 or 32 if any)
Data (varies if any)
Protocol field in the IP header
Transport Layer
Protocol Number
Internet LayerTCPUDP
IP
In this example, protocol field tells IP header to send the data to either TCP (6) or UDP (17) port.
Possible protocols found in protocol field of the IP header
ProtocolProtocol Number
ICMP1
IGRP9
EIGRP88
OSPF89
Ipv641
GRE47
IPX in IP111
Layer 2 Tunnel (L2TP)115
ICMP
Internet Control Message Protocol works at the Network layer and is used by IP for many different services. ICMP is a management protocol and messaging service provider for IP.
Its messages are carried as IP datagrams.
Events of ICMP:Destination Unreachable: If router doesnt know about the destination for packet it received, it will send and ICMP-Destination Unreachable message back to the sending station.
Buffer Full: If a routers memory buffer for receiving incoming datagrams is full, it will send the message until the congestion abates.
Hops: Each IP datagram is allotted a certain number of routers, called hops, to pass through. If it reaches its limit of hops before arriving at its destination, the last router to receive that datagram deletes it.
Ping (Packet Internet Gropher): Uses ICMP echo messages to check the physical and logical connectivity of machines on an internetwork.
Traceroute: Using ICMP timeouts, traceroute is used to discover the path a packet takes as it traverses an internetwork.
ARP (Address Resolution Protocol)
( ARP finds hardware address from known IP address
( When IP has a packet to send, it must inform the Network Access Protocol (Ethernet or Token Ring) of the destinations hardware address on the local network.
( If IP doesnt find the destination hosts hardware address in the ARP cache, it uses ARP to find this information.
( ARP will work as IPs detective by interrogating the local network by sending out a broadcast with hosts IP address and asking for the hardware address.
RARP (Reverse Address Resolution Protocol)( Resolves MAC address into IP address
( When any machine without disks know its MAC address, not IP address, so it broadcast its MAC address to get its IP address to communicate to the network.
( Then this request go to the RARP Server through RARP request and that server will assign one IP address to the received MAC address and thus the sending host will receive the MAC and IP address from the server.
Binary to Decimal and Hexadecimal ConversionNibble Values (4 bits)
=8 4 2 1
Byte Values (8 bits)
=128 64 32 16 8 4 2 1
Hexa to Binary to Decimal Chart
Hexadecimal ValueBinary ValueDecimal Value
000000
100011
200102
300113
401004
501015
601106
701117
810008
910019
A101010
B101111
C110012
D110113
E111014
F111115
Example :
1)0x6A=(to convert hex value to binary/decimal, take 4 bits as a nibble)
Hexa use nibble (4 bits) to represent one character
Here two characters = 6 and A. (0x is a cisco style to know that they are a hex value, no any special meaning otherwise) So 6 = 0110 and A = 1010
Total 8 bits = 01101010 = binary
And decimal would be the total of binary, that is = 106
2)01010101 =(to convert from binary to hex value, take a byte and break it into nibble)
so it would be two nibble here like 0101 and 0101
now 0101 = 5 (see the table) and other 0101 is also = 5
so hex value would be 55 for 01010101 binary number (75 in binary)
IP Addressing( An IP address is a numeric identifier assigned to each machine on an IP network
( It designates the specific location of a device on the network
( It is a software (logical) address, not a hardware (physical) address like NIC
( It was designed to allow host on one network to communicate the with a host on other network regardless of the types of LANs the hosts are participating in
IP TerminologyBit
A bit is one digit; either a 1 or a 0
Byte
A byte is 7 or 8 bits, depending on whether parity is used. Mostly 8 bits.
Octet
Made up of 8 bits, same as byte
Network addressThe designation used in routing to send packets to a remote network
Example : 10.0.0.0, 172.16.0.0 and 192.168.0.0
Broadcast addressThe address used by the applications and hosts to send information to all nodes on a network is called the broadcast address.
Example : 255.255.255.255 which is all networks, all nodes on network
172.16.255.255 which is all subnets, all hosts on network 172.16.0.0
10.255.255.255 which broadcasts to all subnets and hosts on
network 10.0.0.0
The hierarchical IP Addressing Scheme
The IP address consists of 32 bits of information which are divided into 4 octets or bytes of 8 bits each. You can depict an IP address using one of the three methods:
1) Dotted-decimal, as in 172.16.30.56
2) Binary, as in 10101100.00010000.00011110.00111000
3) Hexadecimal, as in AC.10.1E.38
( All these examples represent the same IP address
( The Windows Registry key is a program that stores machines IP address in hex values
( Maximum 4.3 billion (4,29,49,67,296)
( It is a structured two-three layer numbering scheme which is based on telephone numbering system like one large geographical code, then prefix, narrows the scope to a local calling area and then the final segment zooms with direct customer number.
( Same in IP network and host, or network, subnet and host.
Network AddressingMedia Access Control address (MAC addressEthernet Hardware Address (EHA), hardware address, adapter address or physical address is a quasi-unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number.
Three numbering spaces, managed by the Institute of Electrical and Electronics Engineers (IEEE), are in common use for formulating a MAC address: MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names "EUI-48" and "EUI-64", where "EUI" stands for Extended Unique Identifier.
In TCP/IP networks, the MAC address of a subnet interface can be queried with the IP address using the Address Resolution Protocol (ARP) for Internet Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. On broadcast networks, such as Ethernet, the MAC address uniquely identifies each node and allows frames to be marked for specific hosts. It thus forms the basis of most of the Link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, functioning networks.
The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) or colons (:), in transmission order, e.g. 01-23-45-67-89-ab, 01:23:45:67:89:ab. This form is also commonly used for EUI-64. Other less common conventions use three groups of four hexadecimal digits separated by dots (.), e.g. 0123.4567.89ab; again in transmission order.
Address details
All three numbering systems use the same format and differ only in the length of the identifier. Addresses can either be "universally administered addresses" or "locally administered addresses."
A universally administered address is uniquely assigned to a device by its manufacturer; these are sometimes called "burned-in addresses" (BIA). The first three octets (in transmission order) identify the organization that issued the identifier and are known as the Organizationally Unique Identifier (OUI).[2] The following three (MAC-48 and EUI-48) or five (EUI-64) octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100; EUI-64s are not expected to run out in the foreseeable future[citation needed].
A locally administered address is assigned to a device by a network administrator, overriding the burned-in address. Locally administered addresses do not contain OUIs.
Universally administered and locally administered addresses are distinguished by setting the second least significant bit of the most significant byte of the address. In EUI-64 addresses, if the bit is 0, the address is universally locally administered. If it is 1, the address is locally globally administered. The bit is 0 in all OUIs. For example, 02-00-00-00-00-01. The most significant byte is 02h. The binary is 00000010 and the second least significant bit is 1. Therefore, it is a locally administered address.[3]If the least significant bit of the most significant byte is set to a 0, the packet is meant to reach only one receiving NIC. This is called unicast. If the least significant bit of the most significant byte is set to a 1, the packet is meant to be sent only once but still reach several NICs. This is called multicast.
The following technologies use the MAC-48 identifier format:
Ethernet
802.11 wireless networks
Bluetooth
IEEE 802.5 token ring
most other IEEE 802 networks
FDDI
ATM (switched virtual connections only, as part of an NSAP address)
Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
The distinction between EUI-48 and MAC-48 identifiers is purely semantic: MAC-48 is used for network hardware; EUI-48 is used to identify other devices and software. (Thus, by definition, an EUI-48 is not in fact a "MAC address", although it is syntactically indistinguishable from one and assigned from the same numbering space.)
The IEEE now considers the label MAC-48 to be an obsolete term which was previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications and should not be used in the future. Instead, the term EUI-48 should be used for this purpose.
( It uniquely identifies each network
( Every machine on the same network shares that network address as part of its IP address
( In IP address 172.16.30.56, 172.16 is network number and 30.56 is node number
The networks are classified into three classes
Class A : small number of networks with large number of hosts
Class B : between very large networks and large hosts
Class C : numerous networks with small amount of hosts
Class ANetworkHostHostHost
Class BNetworkNetworkHostHost
Class CNetworkNetworkNetworkHost
Class DMulticast
Class EResearch
Defined heading bit for classes to make routing decision faster
Class A : 0, Class B : 10, Class C : 110
(which helps router to decide which class an IP address belongs and make faster routing decision)
Reserved IP Addresses
AddressFunction
Network address of all 0sthis network or segment
Network address of all 1sAll networks
Network 127.0.0.1Reserved for loopback tests. Designates the local node and allows that node to send a test packet to itself without generating network traffic
Node address of all 0sNetwork address or any host on specified network
Node address of all 1sAll nodes, on the specified network, for example, 128.2.255.255 means all nodes on network 128.2 (class B network)
Entire IP address set to all 0sUsed by Cisco routers to designate the default root. Could also mean any network
Entire IP address set to all 1s (same as 255.255.255.255)Broadcast to all nodes on the current network; sometimes called an all 1s broadcast or limited broadcast
Class A addresses:
Network.node.node.node
Range : 1.0.0.0 to 127.255.255.254
Class A Valid Host IDs
( All host bits off is the network address: 10.0.0.0
( All host bits on is the broadcast address: 10.255.255.255
( Valid hosts are between the network address and broadcast address: 10.0.0.1 through 10.255.255.254.
Class B addresses:
Network.network.node.node
Range: 128.0.0.1 to 191.255.255.254
Class B Valid Host IDs
( All host bits turned off is the network address: 172.16.0.0
( All host bits turned on is the broadcast address: 172.16.255.255
( Valid hosts between network and broadcast address: 172.16.0.1 through 172.16.255.254
Class C addresses:
Network.network.network.node
Range: 192.0.0.0 to 223.255.255.254
Class C Valid Host IDs
( All host bits turned off is the network ID: 192.168.100.0
( All host bits turned on is the broadcast address: 192.168.100.255
( Valid hosts between network and broadcast address:192.168.100.1 through 192.168.100.254
Private IP Addresses
( These addresses can be used on a private network, but they are not routable through the Internet
( This is designed for the purpose of creating a measure of well-needed security, but it also conveniently saves valuable IP address space
Reserved IP Address Space
Address ClassReserved Address Space
Class A10.0.0.0 through 10.255.255.255
Class B172.16.0.0 through 172.31.255.255
Class C192.168.0.0 through 192.168.255.255
Broadcast Addresses
Four types of broadcast address:
Layer 2 broadcasts
These are sent to all nodes on a LAN. (one to all comm.)
Layer 3 broadcasts
These are sent to all nodes on the network. (one to all comm..)
Unicast
These are sent to a single destination host. (one to one comm.)
MulticastThese are packets sent from a single source, and transmitted to many devices on different networks (sends message to group of users only one to many communication).
Router Components
Cisco routers have various components that are controlled by the Cisco IOS. These components include such things as memory, interfaces, and ports. Each component has a purpose that provides added functionality to a router. A review of these components will be useful in understanding each of their roles within a router.
Memory
A router contains different types of memory, where it can store images, configuration files, and microcode. The types of memory and their purposes are as follows:
RAM Often referred to as dynamic random-access memory (DRAM). RAM is the working area of memory storage used by the CPU to execute Cisco IOS software and to hold the running configuration file, routing tables, and ARP cache. The running configuration file (running-config) contains the current configuration of the software. Information in RAM is cleared when the router is power-cycled or reloaded.
ROM Sometimes referred to as erasable programmable read-only memory (EPROM). ROM is hard-wired read-only memory in the router. ROM contains power-on self-test (POST) diagnostics and the bootstrap or boot-loader software. This code allows the router to boot from ROM when it cannot find a valid Cisco IOS software image. This is known as ROM Monitor mode. This is a diagnostic mode that provides a user interface when the router cannot find a valid image.
Flash Available as EPROMs, single in-line memory modules (SIMMs), or PCMCIA cards. Flash is the default location where a router finds and boots its IOS image. On some platforms, additional configuration files or boot images can be stored in Flash. The contents of Flash are retained when the router is power-cycled or reloaded.
NVRAM Nonvolatile random-access memory. NVRAM stores the startup configuration file (startup-config), which is used during system startup to configure the software. In addition, NVRAM contains the software configuration register, a configurable setting in Cisco IOS software that determines which image to use when booting the router. The contents of NVRAM are retained when the router is power-cycled or reloaded.
Table 2-1 provides a summary of these memory types, their function, and useful Cisco IOS software commands when managing these different types of memory.
Table 2-1. Memory Types
Memory Type Contents Useful Cisco IOS Software Commands
RAM Running configuration file
Routing tables
ARP cache
Working memoryshow running-configshow ip routeshow arpshow memory
ROM POST
Bootstrap
ROM Monitor mode
Locate and load IOS
Flash IOS
Additional configuration files
Additional IOS imagesshow flash
NVRAM Startup configuration file
Configuration registershow startup-configshow version
An understanding of the different types of memory and their function within the router helps not only clarify where the IOS image and configuration files are stored, but also proves useful by allowing the user to manipulate these configuration files during the configuration process and understand what area of memory is being changed.
Interfaces and Ports
Routers contain different types of interfaces and ports. Interfaces assist the router in routing packets and bridging frames between network segments, and they provide a connection point to different types of transmission media. Ports, on the other hand, provide management access to the router.
Some common interface types are as follows:
Serial
Ethernet
Token Ring
Asynchronous
FDDI
The preceding types of interfaces are some of the most common; however, interface types are in no way static. Interface types are added as new technologies evolve and methods are needed to interconnect and integrate network devices. An example of this is the voice interface available in the Cisco 2600 series that connects to a private branch exchange (PBX) or standard analog phone.
Ports on the router enable a user to connect to the router for management and configuration purposes. You can connect either a terminal (DTE) or a modem (DCE) to these ports. Some of the common ports are:
Console
Auxiliary (AUX)
The console and auxiliary ports are physical ports on the router that provide management access to the router. In addition to these, there are also vty lines, which are software-defined lines that allow Telnet access to the router. The default vty configuration is vty lines 0 through 4, allowing five simultaneous Telnet sessions to the router. Passwords can be configured on each vty line to secure access to the router.
Command-Line Interface
CLI is the acronym used by Cisco to denote the command-line interface of the IOS. CLI is the primary interface used to configure, manage, and troubleshoot Cisco devices. This user interface enables you to directly execute IOS commands, and it can be accessed through a console, modem, or Telnet connection. Access by any of these methods is generally referred to as an EXEC session.
EXEC Levels or Modes
Two different EXEC sessions exist, user EXEC level and privileged EXEC level. Each level provides a different amount of access to the commands within the IOS. User EXEC provides access to a limited number of commands that allow basic troubleshooting and monitoring of the router. Privileged EXEC level allows access to all router commands, such as configuration and management settings. Password protection to the privileged EXEC level is highly recommended to prevent unauthorized configuration changes from being made to the router. Upon initiating an EXEC session on the router, a user is placed in user EXEC mode. This is denoted in the router with the > promptfor example:
Router>
To change to the privileged EXEC level, type in the command enable, as shown:
Router> enablePassword: [enable password]
If an enable password has been set, the router prompts you for it. When you enter the correct enable password, the prompt changes from Router> to Router#. This indicates that you have successfully entered into privileged EXEC mode, as shown:
Router>
Password: [enable password]
Router#
TIP
Enable passwords show up as clear text in the running configuration file. If this is undesirable for your environment, Cisco IOS software offers another optionencrypt the enable password using the enable secret command. Using the enable secret command ensures that the password is not displayed as clear text in the running configuration file.
IOS CLI Hierarchy
Cisco IOS software is structured in a hierarchical manner. It is important to understand this structure to successfully navigate within Cisco IOS software. As mentioned previously, there are two EXEC modes: user EXEC and privileged EXEC. Privileged EXEC mode is composed of various configuration modes:
Global configuration mode
Interface configuration mode
Router configuration mode
Line configuration mode
Figure 2-1 provides a visual breakdown of the configuration modes.
Figure 2-1. Cisco IOS Software CLI Hierarchy
Within each mode, certain commands are available for execution. Using the context-sensitive help, you can see a list of which commands are available. While navigating the CLI, the router prompt changes to reflect your current position within the CLI hierarchy. Table 2-2 summarizes the main command prompts within the CLI hierarchy.
Table 2-2. CLI Command Prompts by Mode
Command Prompt Mode IOS Command to Enter Command Mode Description
Router> User EXEC mode Default mode upon login Limited inspection of router information
Router # Privileged EXEC mode From Router>, type enable Detailed inspection, testing, debug, and configuration commands
Router(config)# Configuration mode From Router#, type config terminal High-level configuration or global configuration changes
Router (config-if)# Interface level (submenu of configuration mode) From Router(config)#, type interface [interface name]for example, Ethernet0 Interface-specific commands
Router (config-router)# Routing engine level (submenu of configuration mode) From Router(config)#, type router [routing protocol]for example, rip, igrp, and so forth Routing engine commands
Router (config-line)# Line level (submenu of configuration mode) From Router(config)#, type line [port]for example, aux0, console0, vty 0 4 Line-configuration commands
Context-Sensitive Help
In both user and privileged EXEC modes, you can see a listing of available commands by typing a question mark (?) at the Router> or Router# prompts. This is referred to as context-sensitive help. Example 2-1 shows context-sensitive help from user EXEC mode.
Example 2-1 Context-Sensitive Help from User EXEC Mode
Router>?Exec commands:
Session number to resume
access-enable Create a temporary Access-List entry
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lat Open a lat connection
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
--More--
Example 2-1 displays the commands available for execution from user EXEC mode. When the number of commands available exceed that which can be displayed on the screen, the IOS displays the --More-- prompt. Pressing the Spacebar presents the next page of commands, often followed by another --More-- until all remaining commands are displayed and you're returned to the Router> prompt, as demonstrated in Example 2-2.
Example 2-2 Hitting the Spacebar Continues the Context-Sensitive Help Listing and Returns You to the User EXEC Mode Prompt
Logout Exit from the EXEC
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
where List active connections
x3 Set X.3 parameters on PAD
xremote Enter XRemote mode
Router>
You can repeat the same process to get a list of available commands from privileged EXEC mode. The only difference is that more commands are available within privileged EXEC mode.
To find out what commands are available that begin with the letter c, you would type the letter c immediately followed by a ?. This is referred to as word help, and it is useful when you know what the command begins with, but not the exact syntax. Example 2-3 demonstrates this concept.
Example 2-3 Using Word Help to Find the Exact Syntax of a Command
Router#c?clear clock configure connect copy
As more letters are added to the command you need help for, the context-sensitive help feature narrows down the available commands to choose from. Example 2-4 demonstrates what you would see if you narrowed your search by adding additional letters such as co? or con?.Example 2-4 Adding Characters in a Command Immediately Followed by a ? Helps You Narrow Your Command Search
Router#c?clear clock configure connect copy
Router#co?configure connect copy
Router#con?configure connect
Suppose that you need more information on the syntax of the configure command. Command help is available to list arguments that are available with a given command by typing the command, followed by a space and a ?. For example, if you want to find out what commands were available to use with the configure command, you would type configure ?, as demonstrated in Example 2-5.
Example 2-5 Entering Characters in a Command Followed by ? Helps You Find the Exact Syntax of a Command
Router#configure ? memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host
terminal Configure from the terminal
Finally, the command parser has the capability to distinguish erroneous commands that are entered incorrectly, as well as prompt you when more specific command arguments are needed. When an erroneous command is entered, the help feature returns the output shown in Example 2-6.
Example 2-6 Entering an Erroneous Command Generates a Message to Indicate the Syntax Error
Router#show rnning-config ^
% Invalid input detected at '^' marker.
The ^ marker indicates where the error in the syntax occurred. When a more specific command argument is needed to distinguish among multiple possibilities, the help feature returns %Ambiguous command:, as shown in Example 2-7.
Example 2-7 Entering a Command Requiring More Specific Parameters Generates an Ambiguous Command Message
Router#show access% Ambiguous command: "show access"
This is easily corrected by typing more of the command so that multiple possibilities no longer exist, as shown in Example 2-8.
Example 2-8 Entering a Command with the Required Arguments to Eliminate the Ambiguous Command Error
Router#show access-listsStandard IP access list 1
permit any
Each of these context-sensitive help features is useful in helping you determine whether the command syntax is incorrect.
Hot Keys
The CLI also provides hot keys for easier navigation within the IOS and provide shortcuts for editing functions. Table 2-3 provides a list of shortcuts that are available.
Table 2-3. CLI Hot Keys for Cisco IOS Software Command Editing Functions
Key Sequence Description
Ctrl-A Moves the cursor to the beginning of the current line
Ctrl-R Redisplays a line
Ctrl-U Erases a line
Ctrl-W Erases a word
Ctrl-Z Ends configuration mode and returns to privileged EXEC mode
Tab Finishes a partial command
Backspace Removes one character to the left of the cursor
Ctrl-P or Up Arrow Allows you to scroll forward through former commands
Ctrl-N or Down Arrow Allows you to scroll backward through former commands
Ctrl-E Moves the cursor to the end of the current line
Ctrl-F or right arrow Moves forward one character
Ctrl-B or left arrow Moves back one character
Esc+B Moves back one word
Esc+F Moves forward one word
Direct Access to Routers and Switches Through a Console Port
Most Cisco devices use a rollover cable connected to the console port on the router or switch. For exceptions, consult the product documentation to verify whether you should use a straight-through or rollover cable. The cable is then connected to an RJ-45toDB-9 or RJ-45toDB-25 terminal adapter that is attached to a serial communications port (COM1, COM2, or other COM port) on the PC. Figure 4-1 shows how this is done.
Figure 4-1. Connecting a Device with a Console Cable
Components of Routing Data
Routing Tables:router#sh ip route
R or I or D175.21.0.0/16 [120/1] or [100/1535548] via 10.10.10.1, 00:00:18, serial0/0
C
10.10.10.0 is directly connected, serial0/0
Where R means by which the entry was learned on this router. Here it is RIP. I means IGRP, D means EIGRP
175.21.0.0/16 is the network address and number of bits in subnet mask of the destination network
[120 or 100 is the administrative distance of the route.
/1 or /1535548 is the metric of the route specific to the routing protocol used to determine the route. RIP uses hops (max.15) as its metric. A hop is how many routers away the destination network is. And composite metric (with bandwidth, delay of line by default plus reliability, load, MTU in igrp, eigrp)
via 10.10.10.1 is the next hop address for the route. This is the address the packet will need to be sent to in order for the packet to reach its destination.
00:00:18 the length of the time since the route has been updated in the routing table. In this case the route was updated 18 seconds ago.
Serial0/0 the interface the route was learned through. This is also the interface the packet will be switched to I order for the packet to be forwarded toward its destination.
Statically Defined Routes
A statically defined route is one in which a route is manually entered into the router. A static route can be entered into the router with the following command in global configuration mode:
2501(config)#ip route prefix mask {address | interface} distance2501(config)#ip route 192.168.20.0 255.255.255.0 172.16.50.1
Default Route:ip route 0.0.0.0 0.0.0.0 172.16.50.1
Dynamic Routes:A dynamic routing is a process in which a routing protocol will find the best path in a network and maintain that route. It will discover all the possible routes to one destination, implement its predefined rules, and come up with the best route to the destination.
Dynamic Routing Protocols
Interior Gateway Protocol (IGP)
Exterior Gateway Protocol (EGP)
Border Gateway Protocol
Categorized into two categories:
1.Classful Routing Protocol
Classless Routing Protocol
RIPv1, IGRP
RIPv2, EIGRP, OSPF, IS-IS, BGP
2.Distance-Vector Routing Protocol
Link State Routing Protocol
RIP, IGRP, EGRP
OSPF, IS-IS
Distance-Vector Comparisons
CharacteristicRIPv1RIPv2IGRPEIGRP
Count to infinityXXX
Split horizon with poison reverseXXXX
Hold down timerXXX
Triggered update with route poisoningXXXX
Load balancing with equal pathsXXXX
Load balancing with unequal pathsXX
VLSM supportXX
Automatic SummarizationXXXX
MetricHopsHopsCompositeComposite
Hop count limit1616255 (100 by def.)255 (100 by def.)
Support for size of networkMediumMediumLargeLarge
IGRP & EIGRP are the only Cisco proprietary routing protocols.
Most distance-vector routing protocols have following characteristics:
Periodic Updates:The length of time before a router will send out an update. For RIP, its 30 seconds and for IGRP, its 90 seconds.
Neighbors:
Other routers on the same logical, or data link, connection.
Broadcast Updates:When a router becomes active it will send out a message to the broadcast address stating that it is alive. In return, neighboring routers participating in the same routing protocol will respond to this broadcast.
Full Routing Table Updates: Most d-v routing protocols will send their entire routing table to their neighbors. This occurs when the periodic update timer expires.
Routing by Rumor:A router will send its routing table to all of its directly connected neighbors. In return, all of the neighboring routers will send their routing tables to all of their directly connected neighbors. This will continue until all routers running the same distance-vector routing protocol are reached.
Invalid Timer: Determines the length of time that must elapse (180 seconds for RIP) before a router determines that a route has become invalid. It happens when a router interface not heard any updates about a particular route for that period.
Split Horizon: Prevents what is known as a reverse route. A reverse route occurs when a router learns a route from a neighbor and the router turns around and sends that route back to the neighbor that the router learned it from, causing an infinite loop. The split horizon prevents this by setting a rule that a route cannot be advertised out the same interface the route was learned out.
Counting to Infinity: In networks that are slow to converge, another type of routing loop can occur. This loop occurs when routers have multiple paths to the same destination. What happens in this case is the routing table is populated with the best route to the destination even though it has two routes to the e destination. So, when the destination network goes down, the updates about the destination being unreachable can arrive at the router at different times. The router in turn advertises out that it has another route to the destination. This will continue across the network, incrementing the hop count at each router it encounters. Even though the destination network is down, all of the routers participating in the routing process think they have an alternate route to the network, causing a loop. This issue has been corrected by enforcing maximum hop counts. When a route reaches the maximum hop count limit, the route is marked as unreachable and removed from the routers routing table.
Triggered Updates:It increases the speed of convergence on a network. Instead of the routers having to wait until the periodic update timer expires and sends out an update, a triggered update will send out an update as soon as a significant event occurs and speeding up convergence and cutting down on the risk of the network loops due to convergence issues.
Hold-down Timer: It is used when information about a route changes. When the new information is received or a route is removed, the router will place that route in a hold-down state. This means that the router will not advertise, nor will it accept advertisements about this route for the time period specified by the hold-down timer. After the time period expires, the router will start accepting and sending advertisements about the route.
ROUTING INFORMATION PROTOCOL (RIP)
RIPv1= Classful routing protocol (will not send a subnet mask in the routing update)
RIPv2= Classless routing protocol (will send a subnet mask in the routing update)
Authentication of routing updates through clear text or md5 (optional)
Multicast route updates
Next-hop addresses carried with each route entry
Router(config)#router rip, version 2 command to use RIPv2
Characteristics of RIP
Distance-Vector Routing Protocol
Use Bellman-Ford algorithm
Use hop count as metric, maximum 15, 16 is unreachable
Route update timer, periodic updates is set to 30 seconds by default
Route invalid timer is set to 180 seconds. This is the time it will take before a route will be marked as unreachable.
Route flush timer is 240 seconds. This is the time between the route being marked as unreachable and the route being removed from the routing table. In the time period between the invalid timer and the flush timer, neighboring routers will be notified about the routes unreachable.
Link-State Routing:
( In link-state routing, each router knows the exact topology of the network.
( This will limit the number of bad routing decisions that can be made because each router in the process has an
identical view of the network.
( Each router in the network will report on its state, the directly connected links, and the state of each link. The router
will then propagate this information to all routers in the network.
( It does not pass the entire routing table, only the changed information or a message of no change after a given period of time is passed. This is known as LSA (Link state advertisement).
( Each LSA will include an identifier for the link, the state of the link and a metric for the link.( Use of LSA will reduce the bandwidth utilization.
( But more complex to configure than distance-vector routing protocol
( OSPF and IS-IS (Integrated Intermediate System to Intermediate System) LSR protocols
How LSR works:
( When router becomes active, it has to form adjacency with its directly connected neighbors
( After forming adjacencies, the router then sends out link-state advertisements to each of its neighbors. After receiving
and copying the information from the LSA, the router forwards, or floods, the LSA to each of its neighbors.
( All of the routers then store the LSAs in their own database. This means all routers have the same view of the network
topology.
( Each router then uses the Dijkstra algorithm to compute its best route to a destination.Link-State Comparisons
EIGRP is a hybrid protocol, contains the characteristics from both d-v and l-s routing protocols.
CharacteristicOSPFIS-ISEIGRP
Hierarchical topology neededXX
Retains knowledge of all possible routesXXX
Manual route summarizationXXX
Automatic route summarizationX
Event-triggered announcementXXX
Load balancing with unequal pathsX
Load balancing with equal pathsXXX
VLSM supportXXX
MetricCostCostComposite
Hop count limitUnlimited1024100 by def.
Support for size of networkLargeVery largeLarge
Default Administrative Distance
Source of RouteDefault ADSource of RouteDefault AD
Connected Interface0IS-IS115
Static Route1RIP120
EIGRP Summary5EGP140
External BGP20External EIGRP170
EIGRP90Internal BGP200
IGRP100Unknown255
OSPF110
Verifying routes:
2501>sh ip route
Testing and troubleshooting:ping, traceroute
Network Address Translation:
NAT (Network Address Translation) and PAT (Port Address Translation) are used to extend the current address space by translating one address to another and help to alleviate shortage.
NAT Terminology:
( NAT can be broken into two types, NAT and PAT.
( NAT is the one-to-one translation of IP addresses from an inside local IP address to an outside global IP address that is unique and routable on the Internet.
( PAT is sometimes referred to as NAPT (Network Address and Port Translation). It is a many-to-one translation because it can take multiple inside local IP addresses and translate them to one inside global IP address.
Inside local: The inside local address is the IP address used by a host on the private side of the network.
Inside Global: The inside global address is the public IP address into which the inside local address will be translated. This is typically a globally unique and routable IP address, which hosts on the outside network would use to communicate with the inside local IP address.
Outside global: The outside global address is the actual IP address of a host that resides on the outside public network and is usually a globally unique and routable IP address.
Outside local: The outside local address is the IP address used to translate an outside global IP address. This may or may not be a registered IP address, but it must be routable on the inside of your network.
How NAT works:
( Traffic that is sourced on the inside of the network from inside host (Inside Host), coming to an interface marked as inside, will have an inside local address as its source IP address (SA Inside Local) and an outside local address as the destination IP address (DA Outside Local).
( When that traffic reaches the NAT process and is switched to the outside network, going out an interface marked as outside, the source IP address will be known as the inside global address (SA Inside Global) and the destination IP address will be known as the outside global address (DA Outside Global).
( When traffic is sourced on the outside of the network from outside host (Outside Host), coming to an interface marked as outside, the source IP address is known as the outside global address (SA Outside Global), while the destination IP address is known as the inside global address (DA Inside Global).
( When the traffic reaches the NAT process and is switched to the inside network, going out an interface marked as an inside, the source IP address will be known as the outside local address (SA Outside Local) and the destination IP address will be known as the inside local address (DA Inside Local).
Advantage of NAT:
( NAT allows you to incrementally increase or decrease the number of registered IP addresses without changing devices (hosts, switches, routers etc.) in the network. But sometimes you need to change the device with NAT.
( NAT can be used either statically or dynamically:
( Static translations are manually configured to translate a single global IP address to a single local IP address and vice versa. This transaction always exists in the NAT table until it is manually removed. Optionally, this translation could be configured between a single inside IP address and port pair to a single outside IP address and port pair using either TCP or UDP. These port values neednt be the same value.
( Dynamic mappings are configured on the NAT border router by using a pool of one or more registered IP addresses. Devices on the inside of the network that wish to communicate with a host on the outside network can use these addresses in the pool. This allows multiple internal devices to utilize a single pool of IP addresses. You can also use a single IP address by configuring overloading, which will translate both the IP address and port number.
( NAT can be configured to allow the basic load sharing of packets among multiple servers using the TCP load distribution feature. TCP load distribution uses a single outside IP address, which is mapped to multiple internal IP addresses. Incoming connections are distributed in a round robin fashion among the IP addresses in the internal pool. The packets for each individual connection, or flow, are sent to the same IP address to ensure proper session communications.
( If you switch Internet Service Providers and need to change the registered IP addresses you are using, NAT makes it so you dont have to renumber every device in your network. The only change is the addresses that are being used in the NAT pool.
( You can configure NAT on the border router between your routing domain to translate the address from one network to the other and vice versa.
Disadvantage of NAT:( NAT increases latency (delay)
( NAT hides end-to-end IP addresses that render some applications unusable.
( Since NAT changes IP addresses, there is a loss in the ability to track an IP flow end-to-end.
( NAT also makes troubleshooting or tracking down where malicious traffic is coming from more troublesome.
( A host needs to be accessed from the outside network will have two IP addresses, one inside and one outside, this creates a problem called split DNS. You need to setup two DNS servers, one for external addresses and one for internal addresses. This can lead to administrative nightmares and problems if internal hosts are pointing to the external DNS server.
Supported NAT Traffic Types:( TCP/UDP traffic that does not carry source and destination IP addresses inside the application stream
( HTTP, TFTP, NFS, ICMP, NTP (Network Time Protocol), FTP (FTP PORT and PASV command)
( Archie, which provides lists of anonymous FTP archives
( Finger, a tool that determines whether a person has an account on a particular computer
( Many of the r* Unix utilities (rlogin, rsh, rcp)
( NetBIOS over TCP (datagram, name and session services)
( Progressive Networks RealAudio, White Pines CusSeeMe, Xing Technologies Stream Works
( DNS A and PTR queries
( H.323 (IOS releases 12.0(1)/12.0(1)T or later), VDOLive (IOS releases 11.3(4)/11.3(4)T or later)
( NetMeeting (IOS releases 12.0(1)/12.0(1)T or later), Vxtreme (IOS 11.2(4)/11.3(4)T or later)
( IP Multicastsource address translation only (IOS releases 12.0(1)T or later)
( PPTP support with Port Address Translation (PAT) (IOS releases 12.0(2)T or later)
( Skinny Client Protocol, IP Phone to Cisco CallManager (IOS releases 12.0(5)T or later)
Unsupported Traffic Types:
( Routing protocols, DNS zone transfers, BOOTP / DHCP, Talk, Ntalk, SNMP, Netshow
NAT Operations:
1. Translating inside local addresses
2. Overloading inside global addresses
3. Using TCP load distribution
4. Overlapping networks
Configuring NAT:
Border(config)#interface e0
Border(config)#interface s0
Border(config-if)#ip nat inside
Border(config-if)#ip nat outside
Border(config-if)#exit
Border(config-if)#exit
Static NAT:
Border(config)#ip nat inside source static 10.1.2.25 200.1.1.25
Border(config)#
This creates a permanent entry in the NAT table, and now when traffic is sent to IP address 200.1.1.25 from the outside network, it will be translated to 10.1.2.25 on the inside of the network and vice versa.
Optionally, you can configure just a certain port to be translated. Adding a protocol and port numbers to the above command does this.
Border(config)#ip nat inside source static tcp 10.1.2.25 80 200.1.1.25 80
Border(config)#ip nat inside source static tcp 10.1.2.24 80 200.1.1.25 81
Border(config)#Dynamic NAT:Dynamic NAT is used to map inside IP addresses to outside IP addresses on the fly from a pool of available IP addresses. Again, you must have IP addresses assigned to the interfaces on the router that will be participating in the NAT process.
Border(config)#int e0
Border(config-if)#ip nat inside
Border(config-if)#exit
Border(config)#int s0
Border(config-if)#ip nat outside
Border(config-if)#exit
Border(config)#access-list 12 permit 10.1.2.0 0.0.0.255
Border(config)#ip nat pool outbound 200.1.1.2 200.1.1.254 prefix- length 24
Ip nat pool pool name (outbound/inbound) start ip end ip(200.1.1.2 200.1.1.254) netmask net-mask or prefix-length length (prefix- length 24=CIDR/subnet bits)
Border(config)#ip nat inside source list 12 pool outbound
Border(config)#
( When source wants to send packet to host on the Internet, the nat border router receives a packet from an interface NAT inside.
( Then any access lists or policy routing will be applied to the packet. So the routing will take place.
( The next step is to configure a pool of IP addresses that will be allocated to outbound sessions.
( Then the router will choose an available IP address from the pool and assign it to the NAT table entry. Then that same IP will not be allocated to another translation entry until that entry times out or is manually removed.
( Finally, you need to tie the access list and pool together with the ip nat inside source command.
Configuring NAT Using Overloading
( Once all IP addresses in a pool have been allocated, any new connection attempts will fail. So if your ISP allocated you only 14 IP addresses, then only the first 14 users will be able to access the Internet unless any existing user entry expires and release the IP address. This is not very efficient manner.
( So, configuring overloading allows the router to reuse each IP address in the pool. Because it changes not only the IP address but also the port number. This is called Port Address Translation (PAT) or Network Address and Port Translation (NPAT). The router will add the protocol and port information for each translation entry, which allows more inside IP addresses to access the outside network than there are IP addresses in the pool.
Border(config)#ip nat inside source list 12 pool outbound overloadThe pool of addresses can even be just one IP address in size, but it can support approximately 64,000 inside users, using a single protocol by varying the outbound port numbers.
Border(config)#ip nat inside source list 12 interface ethernet1 overload (if DHCP used on outbound interface)
Configuring TCP Load Distribution
( This allows a host that is heavily used, such as a web server, be able to handle the load of incoming requests by spreading the load among several hosts. Destination addresses that match an access list are replaced with addresses from a pool that has been designated as a rotary pool by adding the type rotary keyword in the command.
Border(config)#int e0
Border(config-if)#ip nat inside
Border(config-if)#exit
Border(config)#int s0
Border(config-if)#ip nat outside
Border(config-if)#exit
Border(config)#ip nat pool web-hosts 10.1.1.1 10.1.1.9 netmask 255.255.255.0 type rotary
Border(config)#access-list 12 permit 10.1.1.254
Border(config)#ip nat inside destination list 12 pool web-hosts
Border(config)#
Configuring NAT for Overlapping Addresses
( Configuring NAT for overlapping address translation is similar to configuring dynamic NAT. The --difference is that you must create and apply a pool of IP addresses for the traffic to the inside of the network, as well as a pool for the outbound traffic.
( You still need to create an access list to identify the traffic to NAT, but you need to create second pool. Then you need to use the ip nat outside source command to tie the access list and second pool to NAT traffic coming from the outside interface.
Border(config)#access-list 12 permit 10.1.1.0 0.0.0.255
Border(config)#ip nat pool insidepool 10.1.2.1 10.1.2.254 netmask 255.255.255.0
Border(config)#ip nat pool outsidepool 200.1.1.2 200.1.1.254 prefix- length 24
Border(config)#ip nat inside source list 12 pool insidepool
Border(config)#ip nat outside source list 12 pool outsidepool
Border(config)#
Troubleshooting and Verifying NAT Configuration
( show ip nat translations
( show ip nat translations verbose
( ip nat statistics
( debug ip nat
IGRP(Interior Gateway Routing Protocol)
( IGRP was developed by Cisco to overcome the limitations of RIP in mid-1980s.
( Instead of hop count used by RIP, it uses composite metric of bandwidth, delay, load and reliability, MTU to decide best path.
( IGRP does not use hop count as a metric, it only tracks hop count. It can travel up to 100 hops by default, which can be changed to accommodate up to 255 hops.
( IGRP is Cisco proprietary protocol. It will not run on other routers.
( IGRP is a Classful distance-vector routing protocol, not scale well for large internetworks (does not support VLSM)
Features and Operation:( IGRP sends out periodic broadcasts of its entire routing table
( Upon initialization, IGRP broadcast a request out all IGRP-enabled interfaces.
( Then it performs a check on received update with the previous update and confirm that it is of same subnet
( Each router will then use the learned routes to determine the best route to every destination network
( IGRP recognizes three types of routes within its updates:
Interior:Network directly connected to a router interface
System:Routes advertised by other IGRP neighbors within the same IGRP AS
Exterior:Routes learned via GIFP from a different IGRP AS, which provides information used by the router to set the gateway of last resort. The gateway of last resort is the path a packet will take if a specific route isnt found on the router.
IGRP Timers:
Update Timer = 90 seconds
Invalid Timer = 270 seconds
Hold down Timer = 280 seconds
Flush Timer = 630 seconds
IGRP Metrics:Metrics are the mathematics used to select a route. Use Bellman-Ford algorithm to calculate metric. Lower metric route is the desirable route. K values are metrics.
K1=Bandwidth (Be), K2=Delay (Dc), K3=Reliability(r ), K4=Load (utilization on path), K5=MTU
Metric = [K1 x BW) + [(K2 x Bw) / (256 Load)] + (K3 x Delay)] + [K5/(Rel + K4)]
By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0.
If necessary, you can adjust metrics within the router configuration interface after enabling IGRP on a router with the command: metric weights tos K1 K2 K3 K4 K5Default metric is 100, you can change it with distance 1-255
Default-metric bandwidth delay reliability load MTU
(bandwidth-0 to 4294967295 kbps, delay=0-4294967295 in 10-microsecond units,
reliability=0-255 (255 is the most reliable), load=0-255 (255 means the link is completely loaded)
MTU = 0-4294967295 kbps.
Load Balancing: It is a way a router can send traffic over multiple paths to the same direction.
Maximum-paths number of paths (IGRP/EIGRP can load balance across unequal-cost paths)
The unequal-cost load balancing can occur is because of a variance. Variance is a multiplier that is used to determine what the acceptable metric for a route is for it to be included in the routing table.
Variance multiplierThe path with the lowest metric is entered into the routing table. The variance is then applied to the lowest metric to determine what other routes can be included in the routing table. Routes with a lower metric than the product of the lowest metric and variance are known as feasible successor routes. A feasible successor is a predetermined route to use should the optimal path be lost. These routes are then added to the routing table. Once the paths have been selected, the traffic is then divided up according to the metric of each path.
IGRP Redistribution: It is a process in which routes known to one routing protocol are shared with another routing protocol. If you have Router1 with IGRP 100 and Router3 with EIGRP 150 AS, then Router2 l knows about all the routes in both IGRP 100 and EIGRP 150. So, we need to able Router1 and Router3 to have all routes of both the protocol. For that, we redistribute IGRP 100 into EIGRP 150 and EIGRP 150 into IGRP 100 on Router2. So now all routes will be known to all routers.
IGRP Configuration:Router IGRP AS#,network a.b.c.d,neighbor x.x.x.x
Passive-interface: As IGRP is the Classful routing protocol, it will advertise the interface status in the broadcast. When you dont want to do the same, use this command.
Passive-interface interface (on router configuration mode)
The passive-interface command will allow an interface to be advertised in IGRP, but the interface will not listen to or send IGRP updates itself.
Router1>enable
Router1#config t
Router1(config)#router IGRP 100
Router1(config-router)#passive-interface E0
Sh ip route, sh ip protocol, sh int s2/0.1, debub ip igrp events, debug ip igrp transactions.
EIGRP (Enhanced Interior Gateway Routing Protocol)
( EIGRP allows for incremental routing updates, and formal neighbor relationships
( Uses DUAL (Diffusing Update Algorithm) for metric calculation, which allows the following:
( Backup route determination if one is available, VLSM support, Dynamic route recoveries, Querying neighbors for unknown alternate routes, Sending out queries for an alternate route if no route can be found
( Have features of both link-state and distance-vector routing protocol.
( Use protocol-dependent modules (PDMs) that is used on layer 3 for IP, IPX and AppleTalk, Reliable Transport Protocol (RTP) which allows for guaranteed delivery in sequential order of EIGRP routing updates), Neighbor discovery/recovery, DUAL.
( It reduces bandwidth by sending updates only when a topology change occurs which requires a path or metric change to the routers require to receive the updates
( Can run only on cisco routers and route switch processors
Route Tagging: It is used to distinguish routes learned by the different EIGRP sessions. With different AS number, EIGRP can run multiple sessions on a single router. With same AS numbers speak to each other and share routing information, which includes the routes learned and the advertisement of topology changes.
Neighbor Relationships and Route Calculation and Redundant Link Calculation: Uses Hello multicast message every 5 seconds (224.0.0.10) (for x.25, Frame Relay and ATM with less than speed of T1, the hello packet will be unicast every 60 seconds) (do not broadcast) to establishes and maintains neighbor relationships with neighboring routers. Hello packet will contain EIGRP version number, the AS number, K-values and hold time. To form the adjacencies, they must use the same AS number and K-values). When Hello packets are sent out, replies to it will be sent to neighboring routers topology table (which is diff from the routing table and can store up to 6 routes to a destination network means six redundant route information. Out of these six paths, router will decide the best path or primary and standby or secondary paths to forward the data, the path with the lowest metric will become the successor or the primary path and be added to the routing table. Any route that has an advertised distance lower than the successors feasible distance will become a feasible successor route). The path-cost decision will be made with the bandwidth and delay from the local and adjacent routers from routing table, using this the composite metric is calculated, the local router adds its cost to the cost advertised by the adjacent router, the total cost is the metric) and include each routes metric information. Then the Acknowledgement message will be sent out from the receiving router and the routing table will be updated. Then this table will be advertised to the new router which will come online. Then the route calculation process will begin. EIGRP uses 32-bit format for updates (IGRP uses 24-bit format). Then it exchanges route information. When two new neighbors start working, they will exchange full routing table, after that only updates.
Neighbor Table: directly connected neighbors, neighboring routers IP address, hold time interval, smooth round-trip timer (SRTT) and queue information which helps determine the topology changes need to be propagated to neighboring routers.
Update and Changes:
An IP frame showing the protocol type to be EIGRP 6500136Frame HeaderIP HeaderProtocol (88=EIGRP)Packet PayloadCRC
Frame Payload
EIGRP uses RTP and pacing (in order to prevent routing updates from consuming too much bandwidth on lower speed links. Pacing allows EIGRP to regulate the amount of traffic it sends to a portion of the interfaces bandwidth. The traffic contains Hello packets, routing updates, queries, replies and acknowledgements. The default setting for pacing in EIGRP is 50 percent of the bandwidth on any given interface. This can be changed on the interface config mode with the following command:
Ip bandwidth-percent eigrp as-number percent
Diffusing Update Algorithm: DUAL is the algorithm by which all computation of routes for EIGRP occurs. If a feasible successor not found, then DUAL will start recalculating to find a new successor.
There are three instances that will cause DUAL to recalculate:
( An alternate route is not found, ( the new best route still goes through the original successor, ( The new best route doesnt go through a feasible successor.
EIGRP Metrics: EIGRP utilizes several databases or tables of information to calculate routes:
( The route database (routing table) where the best routes are stored, ( The topology database (topology table) where all route information resides, ( A neighbor table that is used to house information concerning other EIGRP neighbors.
Each of these databases exists separately for IP, IPX and AppleTalk sessions if all there in router.
IP-EIGRP, IPX-EIGRP, AT-EIGRP
Metric = 256 x [K1 x Bw + (K2 x Bw) / (256 load) + K3 x Delay] + [K5 / (Rel + K4)]
The only difference between IGRP and EIGRP metric is the first multiplication of 256 for EIGRP.
EIGRP Tuning: (in router config mode) metric weights tos K1 K2 K3 K4 K5 (Same command in IGRP / EIGRP)
By default, administrative distance is 90 for EIGRP you can change it with distance 1-255 command.
RouterA(config-if)#int s0
RouterA(config-if)#ip hello-interval eigrp AS# seconds (default hello time = 60 seconds for low-speed NBNA network and 5 seconds for all other networks)
RouterA(config-if)#ip hold-time eigrp AS# seconds
Redistribution: If another routing protocol is being redistributed into EIGRP, EIGRP will accept routes that have implemented VLSM and routes that havent implemented VLSM.
Configuring EIGRP
Dallas>enable, Dallas#configure terminal, Dallas(config)#router EIGRP 100
Dallas(config-router)#network 172.20.0.0, Dallas(config-router)#network 192.168.24.0
Dallas(config-router)#no auto-summary (will show u the route information with show route command, by default, auto summary is on so it will show u only one route)
Can change the summary information with this command also:
Dallas(config-router)#ip summary-address eigrp AS# address mask
Other Commands: sh ip route, sh ip route eigrp, sh ip eigrp topology, sh ip protocols, sh ip eigrp interfaces, sh ip eigrp neighbor/detail, debug eigrp neighbors, debug ip eigrp, debug eigrp packets, sh ip eigrp traffic, sh ip eigrp events.
OSPF Operation in a Single Area
OSPF is an open standard link-state routing protocol. It utilizes Dijkstras Shortest Path First (SPF) algorithm which allows faster convergence. It is more popular because it supports Multi-Protocol Label Switching (MPLS). (OSPF and IS-IS). OSPF can be used on multi vendor platforms.
Advantage of OSPF:
( Supports hierarchical network design through the use of areas
( The use of link-state databases reduces the chances of routing loops
( Full support of classless routing behavior
( Decrease size in routing tables through the use of route summarization
( Sends the routing information only when needed, decreasing the use of the network bandwidth
( Utilization of multicast packets decreases the impact on routers not running OSPF and end stations.
( Support of authentication, which allows the user to implement more secure networks
OSPF Terminology:
Neighbor: A neighbor is found via Hello packet, it is a connected (adjacent) router running OSPF process within the same area.
Adjacency: It is a logical connection between a router and its corresponding designated routers and backup designated routers.
Link: In OSPF, a link refers to a network or router interface assigned to any given network. It is a synonymous of interface.
Interface: It is a logical or physical interface on a router. OSPF will consider it as a link. OSPF will build link database on this basis.
Link-state Advertisement: LSA is an OSPF data packet containing link-state and routing information that is shared among OSPF routers.
Designated Router: A DR is only used when the OSPF router is connected to a broadcast (multi-access) network. It will receive and send the information to the broadcast network or link.
Backup Designated Router: A BDR is a hot standby for the DR on broadcast (multi-access) networks. It receives all routing updates from OSPF adjacent routers but does not flood LSA updates.
OSPF Areas: It is similar to AS of EIGRP. It is used to establish hierarchical network. Four types of areas are there.
Internal Router: An internal router is a router that has all of its interfaces participating in one area.
Area Border Router: It is a router with multiple area assignments with multiple interfaces.
Autonomous System Boundary Router: ASBR is a router with an interface connected to an external network or a different AS like EIGRP. An ASBR is responsible for injecting route information learned by routing protocol into OSPF.
Non-broadcast Multi Access: NBMA networks are networks like Frame Relay, X.25 and ATM. This network allows for multi-access but has no broadcast ability like Ethernet.
Broadcast (multi-access): Network such as Ethernet allow multiple-access as well as provide broadcast ability. A DR and BDR must be elected for multi-access broadcast network.
Point-to-Point: This type of network connection consists of a unique NBMA configuration. The network can be configured using Frame Relay and ATM to allow point-to-point connectivity. This eliminates the need for DRs and BDRs.
Router ID: It is an IP used to identify the router. If router id is not configured, the highest IP address of all configured loopback interfaces will be considered as router id. If no loopback addresses are configured, OSPF will choose the highest IP address of all configured interfaces.
OSPF Operation: (In three categories)
1. Neighbor and adjacency initialization, 2. LSA Flooding, 3. SPF Tree calculation.
Before detailed operation, step-by-step short operation is as under:
( OSPF routers send Hello packets out all interfaces participating in the OSPF process. If the router on the other side of the connection agrees on the parameters set forth in the Hello packet, both the routers form neighbor relationship.
( Some of the neighbors form adjacencies. It depends upon the Hello packets send by the router and receiving router participating in the type of networks.
( The router will send link-state advertisements (LSAs), which contain description of the routers links and the state of each link to the adjacent router.
( The routers that receive the LSAs will add the link-state information into its database and forwards the same to the other connected router which allows all routers have the same view of the network.
( After learning all LSAs, each router will run Dijkstra SPF algorithm to learn the shortest path to all the known destinations. All routers will use this information to build their SPF tree and will be used to populate the routing table.
Detailed information about all categories:
1. Neighbor and Adjacency Initialization:
( The Hello packets are used to discover neighbors and establish adjacencies. Hello packets are multicast out every interface on a 10-second interval by default.
OSPF Hello Packet information
Originating Router CharacteristicsDescription
Router IDThe configured router id OR highest loopback IP OR highest interface IP
Area IDThe area to which the originating router interface belongs
Authentication InformationThe authentication type and corresponding information
Network MaskThe IP mask of the originating routers interface IP address
Hello IntervalThe period between Hello packets
OptionsOSPF options for neighbor formation
Router PriorityAn 8-bit value used to aid in the election of the DR and BDR (not set on point-to-point links)
Router Dead IntervalThe length of time allotted for which a Hello packet must be received before considering the neighbor down--four times the Hello packet, if not changed
DRThe router ID of the current DR
BDRThe router ID of the current BDR
Neighbor router IDsA list of the router IDs for all the originating routers neighbors
Neighbor States: There are a total of eight states for OSPF neighbors:
Down: No hello packets have been received from the neighbor
Attempt: Neighbors must be configured manually. It applies to the NBMA connections only.
Init: A hello packet has been received from another router, but the local router has not seen itself in the other routers hello packets. Bi-directional communication has not yet been established.
2Way: Hello packets have been received that include their own Router ID in the neighbor field. Bi-directional communication has been established.
ExStart: Master/Slave relationship is established in order to form an adjacency by exchanging Database Description (DD) packets. (The router with the highest router id becomes the master).
Exchange: Routing information is exchanged using DD and LSR packets.
Loading: Link-state request packets are sent to neighbors