cisco press - ccie routing and switching flash cards

GeneraQuick R

OSI Models

This gure shows the cthe Department of Def

DoD T

Proce

Ho

Netw

1291_Section 1QR.book Page 48 Wednesday, November 3, 2004 7:49 AMl Networking Theoryeference Sheets

lassic Open System Interconnection model and compares the model to ense oD) TCP/IP model:

CP/IP Model

OSI

Application

Presentation

Networking Communications Modelsss/Application

st to Host

Internet

ork Access

Session

Transport

Network

Data Link

Physical

General Routing Concepts

General Routing Concepts

Link State Versus D

Distance Vector

Examples: RIPv1,

Features periodic

Mathematically co

Features hop coun

Link State

Examples: OSPF,

Sends local conne

Hybrid

Example: EIGRP

Features propertie

Administrative Dist

If a router learns of a nit uses the administrati(forwarding) table. The

Source

Connected Interface

Static Route

EIGRP Summary Route

External BGP

Internal EIGRP

IGRP

OSPF

IS-IS

RIP

Exterior Gateway Proto

On Demand Routing

External EIGRP

Internal BGP

Unknown

1291_Section 1QR.book Page 49 Wednesday, November 3, 2004 7:49 AMistance Vector

RIPv2, IGRP

transmission of entire routing tables to directly connected neighbors

mpares routes using some measurement of distance

t limitation

IS-IS

ction information to all nodes in the internetwork

s of both distance vector and link-state routing protocols

ance

etwork from multiple sources (routing protocols or static congurations), ve distance value to determine which route to install in the routing default administrative distance values are listed here:

Administrative Distance

0

1

5

20

90

100

110

115

120

col 140

160

170

200

255

General Networking Theory Quick Reference Sheets

Administrators can create static routes that oat. A oating static route means the administra-tor increases the administrative distance of the static route to be greater than the administrative distance of the dynamiwhen the dynamic rou

Split Horizon

Split horizon is a technhorizon rule states thatwhich the routing infosome topologies, such

Loops

Routing loops are disaeven worse consequencfollowing:

Split horizon

Awhich the routing

Route poisoning

the local router.

Poison reverse

interface from wh

Hold-down timer

reachability has b

Maximum metric

ple, Routing Info

Summarization

Summarization is the pmask to form another rrouting tables and makmake networks more schange state. Route suVariable-length subnetdynamic routing protoclassful networkwhi

To engage in route summask that encompasse

The following routes e

10.108.48.0 = 000

10.108.49.0 = 000

1291_Section 1QR.book Page 50 Wednesday, November 3, 2004 7:49 AMc routing protocol in use. This means the static route is relied upon only te does not exist.

ique used by routing protocols to help prevent routing loops. The split an interface will not send routing information out an interface from rmation was originally received. Split horizon can cause problems in as hub and spoke Frame Relay congurations.

strous to the health of the network. They can lead to lost packetsor es. Many mechanisms exist to prevent routing loops. These include the

n interface will not send routing information out an interface from information was originally received.

A directly connected network failure is advertised as unreachable by

An exception to split horizon; the poisoned route can be sent out an ich the route was originally learned.

A router will not listen to route updates regarding a network whose een reported as down.

There is a metric value that is considered unreachablefor exam-rmation Protocol (RIP) uses a maximum metric of 15 hops.

rocess in which the administrator collapses many routes with a long oute with a shorter mask. Route summarization reduces the size of es routing function more efciently. Route summarization also helps to table by reducing the number of updates that are sent when subnets mmarization makes classless interdomain routing (CIDR) possible. masking (VLSM) promotes the use of route summarization. Some cols engage in route summarization automatically for changes in major le others do not and require manual route summarization.

marization, nd all of the leftmost bits that are in common and create a s them. Here is an example:

xist in the routing tableall routes use a 24-bit mask:

01010 01101100 00110000 00000000

01010 01101100 00110001 00000000

Networking Standards

10.108.50.0 = 00001010 01101100 00110010 00000000

10.108.51.0 = 00001010 01101100 00110011 00000000

10.108.52.0 = 000

10.108.53.0 = 000

10.108.54.0 = 000

10.108.55.0 = 000

Notice that the rst 21The single route entry

10.108.48.0/21

Tunneling

Tunneling refers to encso that all of that inforallowing a company tonetwork. Two popular (PPTP) and generic roIPSec also supports thesecure Tunnel mode hatravels on the network.

Tunneling is also usedtomers in the ISP netwan additional 802.1Q h

Networking S

Cable Specification

10BASE5 (Thicknet

0.4 inch, 50 ohm c

max. segment leng

max. attachments

max. network leng

max. number of st

10BASE2 (Thinnet)

0.2 inch, 50 ohm c

max. segment leng

max. attachments

1291_Section 1QR.book Page 51 Wednesday, November 3, 2004 7:49 AM01010 01101100 00110100 00000000

01010 01101100 00110101 00000000

01010 01101100 00110110 00000000

01010 01101100 00110111 00000000

bits of the subnetwork IDs are all common. These can be masked off. you can use for all of these subnetworks is as follows:

apsulating header, trailer, and data information inside another protocol mation appears to be just data. Tunneling often involves security transmit data intended for use in the private network across a public security tunneling protocols include Point-to-Point Tunneling Protocol uting encapsulation (GRE). operation of Tunnel mode as opposed to Transport mode. The more s the ability to secure both the header and the payload of data as it

in Metro Ethernet environments in order to separate trafc from cus-ork. Q-in-Q tunneling refers to further encapsulating 802.1Q packets in eader to distinguish the trafc.

tandards

s

)

able

th is 500 m

per segment is 100

th is 5 segments

ations on network 1024

able

th is 185 m

per segment is 30


10BASE-T

24 AWG UTP 0.4/0.6 mm cable

max. segment length is 100 m

1 device per cable

100BASE-TX

100 Mbps technol

Uses Category 5 U

100BASE-T4

Not widely deploy

Uses Category 3,

Full duplex not po

100BASE-FX

Operates over mu

Greater distances

Uses MIC, ST, or

1000BASE-LX (Lon

Uses long wave (1 Operates over mu

max. lengths 62.5

max. length for si

1000BASE-SX (Sho

Uses short wave ( Operates over mu

max. lengths 62.5

1000BASE-CX (GE

Used on short run

Used over a pair o

max. length 25 m

Typically used for

1291_Section 1QR.book Page 52 Wednesday, November 3, 2004 7:49 AMogy

TP or Type 1 STP wire

ed

4, or 5 UTP wiring

ssible

ltimode or single-mode ber cabling

supported compared to copper

SC ber connectors

g Wavelength GE)

300 nm)ltimode or single-mode ber cabling

um ber = 440 m; 50 um ber = 550 m

ngle-mode ber is 10 km

rt Wave GE)

850 nm)ltimode ber cabling

um ber = 260 m; 50 um ber = 550 m

over Coaxial Cable)

copper

f 150-ohm balanced coaxial (twinax)

server connections

Protocol Mechanics

1000BASE-T (GE over UTP)

Uses Category 5 4-pair UTP

max. length is 100 m

Protocol Mec

Handshaking

Handshaking often refentities that want to co

TCP/IP uses a three-wdomly chooses a sequereceiving. The rst hossequence number (X) a(Host B) receives the SSYN (with an ACK = Xtial sequence number (19 and expects byte 20acknowledges all bytesHost A expects to rece

Windowing/ACK

Windowing refers to aIn the case of TCP/IP,

With TCP/IP sliding wThe window is the numan acknowledgment. Inthroughout the data traSend no data. This voutgoing TCP segmen

In a TCP sliding-windoto send (numbered 1 toset the initial window srst 5 bytes and transm

The receiver would resexpecting byte 6 next. The sender then wouldThe receiver would res11 next.

1291_Section 1QR.book Page 53 Wednesday, November 3, 2004 7:49 AMhanics

ers to the process of establishing a connection between two network mmunicate with each other. Consider the following example on TCP/IP.

ay handshake mechanism to establish a connection. Each host ran-nce number used to track bytes within the stream it is sending and t (Host A) initiates a connection by sending a packet with the initial nd SYN bit set to indicate a connection request. The second host YN, records the sequence number X, and replies by acknowledging the + 1).Host B also sets the SYN indication. Host B includes its own ini-

SEQ = Y). An ACK = 20 means the host has received bytes 0 through next. This technique is called forward acknowledgment. Host A then Host B sent with a forward acknowledgment indicating the next byte

ive (ACK = Y + 1). Data transfer can then begin.

protocols ability to send more data than just a single packet at a time. a concept called sliding windows is used.

indows, the receiver species the current window size in every packet. ber of data bytes that the sender is allowed to send before waiting for itial window sizes are indicated at connection setup, but might vary

nsfer to provide ow control. A window size of 0, for example, means, ariation during communication is set because the TCP header of every t indicates to the receiver the window size of the sender.

w operation, for example, the sender might have a sequence of 10 bytes 10) to a receiver who has a window size of 5. Notice the receiver has ize to 5, therefore. The sender then would place a window around the it them together. It would then wait for an acknowledgment.

pond with an ACK = 6, indicating that it has received bytes 1 to 5 and is In the same packet, the receiver would indicate that its window size is 5. move the sliding window 5 bytes to the right and transmit bytes 6 to 10. pond with an ACK = 11, indicating that it is expecting sequenced byte


MTU

A maximum transmission unit (MTU) is the largest size packet or frame that can be sent in a network. TCP/IP uses mission. Too large an Mcannot handle that larghead and more acknow

Fragmentation

To support different Mtionthe process of dicussing this process insegmentation. IP fragmbe reassembled later. Tset elds, along with thused for IP fragmentat

Excessive fragmentatiomenting and reassembing a refragmenting of 4 through Layer 7 inforectly. If the IP fragmebecause they do not cathat the original IP datcongured to allow nolter, a noninitial fragmdevices (such as Conteinformation, and if a paits policies.

Termination

Just as the handshakiners, a termination proc

carries a FIN bit used fsets this bit to indicate

Commands

show Commands

show

commands provitings at the time that thshould use debug com

switch, however. As a rwith

show

commands.

1291_Section 1QR.book Page 54 Wednesday, November 3, 2004 7:49 AMthe MTU to determine the maximum size of each packet in any trans-TU might mean retransmissions if the packet encounters a router that

e a packet. Too small an MTU size means relatively more header over-ledgements that have to be sent and processed.

TUs in the network, TCP/IP and other protocols engage in fragmenta-viding the data into smaller packets for transmission. When you are dis- terms of the OSI reference model, the process is known as entation involves breaking a datagram into a number of pieces that can he IP source, destination, identication, total length, and fragment off-e more fragments and dont fragment ags in the IP header, are

ion and reassembly.

n can become an issue due to the overhead that is involved with frag-ly. Also, lost fragments necessitate a complete retransmissioninclud-the data. Also, rewalls that lter or manipulate packets based on Layer rmation in the packet might have trouble processing IP fragments cor-nts are out of order, a rewall might block the noninitial fragments rry the information that would match the packet lter. This would mean agram could not be reassembled by the receiving host. If the rewall is ninitial fragments with insufcient information to properly match the

ent attack through the rewall could occur. Also, some network nt Switch Engines) direct packets based on Layer 4 through Layer 7 cket spans multiple fragments, the device might have trouble enforcing

g process begins a communication session between two TCP/IP speak-ess must also be used. The FLAGS eld of the TCP/IP packet header or connection termination. When the send has nished sending data, it this fact.

de you with a snapshot of performance statistics or router/switch set-e command is executed. If you need to see processes as they occur, you mands instead. debug commands place more overhead on the router or esult, you will nd that almost all troubleshooting can be accomplished

Commands

Some key show commands you should be familiar with are:

show interfaces

This command displays information about interfaces on the device. It includes the following

Field D

Is Up...Is Down Inin

Line Protocol Is Inus

Hardware In

Internet Address IP

MTU M

BW B

DLY D

Rely R

Load L

Encapsulation E

ARP Type Ty

Loopback In

Keepalive In

Last Input Tpr

Output T

Output Hang Tto

Last Clearing Tla

Output Queue, Input Queue, Drops

Nslbe

5 Minute Input Rate, 5 Minute Output Rate

A

Packets Input To

Bytes To

No Buffer Nm

Received Broadcasts

To

Runts Nm

1291_Section 1QR.book Page 55 Wednesday, November 3, 2004 7:49 AM information:

escription

dicates the physical layer status of the interface; administratively down dicates that the administrator has downed the interface

dicates whether or not software processes (above Layer 1) consider the line able or not

dicates the hardware type and address

address and mask

aximum transmission unit of the interface

andwidth of the interface

elay of the interface

eliability of the interface

oad on the interface

ncapsulation used by the interface

pe of ARP resolution in use

dicates whether loopback is set or not

dicates whether keepalives are set or not

ime since the last packet was successfully received by an interface and ocessed locally on the router

ime since the last packet was successfully transmitted

ime since the interface was last reset because of a transmission that took o long

ime at which the counters used for the show interface command were st cleared

umber of packets in output and input queues; each number is followed by a ash, the maximum size of the queue, and the number of packets dropped cause of a full queue

verage number of bits and packets transmitted per second in the last 5 minutes

tal number of error-free packets received by the system

tal number of bytes in the error-free packets received

umber of received packets discarded because there was no buffer space in the ain system

tal number of broadcast or multicast packets received by the interface

umber of packets that are discarded because they are smaller than the inimum packet size of the medium


Field Description

Giants Number of packets that are discarded because they exceed the maximum packet si

Input Errors In

CRC Cinco

Frame N

Overrun Nhath

Ignored Nha

Abort N

Watchdog N

Multicast N

Input Packets with Dribble Condition Detected

In

Packets Output To

Bytes To

Underruns Nca

Output Errors Suin

Collisions N

Interface resets Nbese

no

Restarts N

Babbles T

Late Collisions Nth

Deferred Dbe

Lost Carrier N

No Carrier N

Output Buffer Failures

N

1291_Section 1QR.book Page 56 Wednesday, November 3, 2004 7:49 AMze of the medium

cludes runts, giants, no buffer, CRC, frame, overrun, and ignored counts

RC failed; usually indicates noise or transmission problems on the LAN terface or the LAN bus itself; a high number of CRCs is usually the result of llisions or a station transmitting bad data

umber of packets received incorrectly due to CRC error

umber of times the receiver hardware was unable to hand received data to a rdware buffer because the input rate exceeded the receivers ability to handle e data

umber of received packets ignored by the interface because the interface rdware ran low on internal buffers

umber of packets whose receipt was aborted

umber of times a packet was receiving with length greater than 2048

umber of multicast packets received

dicates that frame was received that is slightly too long

tal number of packets sent by the system

tal number of bytes transmitted by the system

umber of times that the transmitter has been running faster than the router n handle

m of all errors that prevented the nal transmission of datagrams out of the terface being examined

umber of messages retransmitted because of an Ethernet collision

umber of times an interface has been completely reset; often this occurs cause packets were queued for transmission but were not sent within several conds; for serial lines, this can be caused by a malfunctioning modem that is t supplying the transmit clock signal, or by a cable problem

umber of times a Type 2 Ethernet controller was restarted because of errors

he transmit jabber timer expiredumber of collisions that occur after transmitting the preamble; often indicates at cable runs are too long

eferred indicates that the chip had to defer while ready to transmit a frame cause the carrier was asserted

umber of times the carrier was lost during transmission

umber of times the carrier was not present during the transmission

umber of failed buffers and number of buffers swapped out

Commands

show line

to display parameters of a terminal line, you should use the show line command. It displays the following information:

Field

Tty

Typ

Tx/Rx

A

Modem

Roty

AccO, AccI

Uses

Noise

Overruns

A (or I or *)

Line

Location

Type

Length

Width

Baud rate (TX/RX)Status

Capabilities

Modem state

Special chars

Timeouts

Session limit

Time since activation

Editing

History

DNS resolution in

show

commands is

1291_Section 1QR.book Page 57 Wednesday, November 3, 2004 7:49 AMDescription

Line number

Type of line

Transmit/receive rate

Indicates whether autobaud is congured

Types of modem signals congured

Rotary group congured

Access list congured

Number of connections established to or from the line since the system was restarted

Number of times noise has been detected on the line since the system restarted

Hardware Universal Asynchronous Receiver/Transmitter (UART) overruns or software buffer overows

Indicates that the user is running an asynchronous interface; an I indicates that the line has an asynchronous interface available; an asterisk (*) indicates that the line is otherwise active (in character mode)Denition of the specied protocol and address of the line

Location of the current line

Type of line

Length of the terminal or screen display

Width of the terminal or screen display

Transmit rate/receive rate of the line

State of the line

Current terminal capabilities

Modem control state

Current settings of special characters that were input by the user (or taken by default) from the following global conguration commandsCurrent settings that were input by the user

Maximum number of sessions

Last time start_process was run

Whether command-line editing is enabled

Current history list size

Whether Open Shortest Path First (OSPF) is congured to look up Domain Name System NS) names for use in show EXEC command displays


show diag

Use this cRAM) and static RAM

show version

The

sh

use; verify the uptime device; and also verifysome common naming

show module

This im

devicefor example, a

Debug Commands

While

debug

comman

about activity on your

You execute most

debu

use the

no

keyword be

To view the status of d

all possible debugging

By default, debug mes

also display the output

Field Description

Full user help Whether full user help has been set by the user with the terminal

full-help

Allowed input transports are

Allowed output transports are

Preferred transport is

...characters are padded

...data dispatching characters

IOS Feature

IP Plus

IP

Enterprise Plus IPSec 5

Enterprise Plus

Enterprise

1291_Section 1QR.book Page 58 Wednesday, November 3, 2004 7:49 AMommand to display hardware information including dynamic RAM (SRAM) on line cards.ow version command allows you to verify the specic Cisco device in of the device; determine the amount of RAM and Flash memory in the the image in use. When examining system image lenames, here are conventions:

portant show command details the hardware installed in a modular 6500 series switch.

ds require a lot of overhead, they can provide you with important data router or switch as it occurs.

g commands from privileged mode. To easily turn off the command, fore the command or use the undebug keyword as opposed to debug. ebugging on a system, use the show debugging command. To turn off you can use the commands no debug all or undebug all.

sages are sent to the console. Use the terminal monitor command to on Telnet lines.

EXEC command or by the administrator with the full-help line conguration command

Current set transport method



Current set padding

Current dispatch character

Filename Component

is

i

6 jk8sjsj

Cisco Device Infrastructures

You can use the

logging

command to direct syslog and debug messages to other destinations. For example, to direct this output to an internal buffer (the most efcient logging mechanism), you can use the command

logging buffered

.

Cisco Device

NVRAM

The nonvolatile RAM This area is typically uboots.

The commands used tostartup conguration in

new leuse the copyg. If you want to savefollows

copy nvram

as using the

erase

nv

Flash

Flash is a critical area operating system and o

There are currently thrClass C systems. ComSeveral of the le syste

les, respectively. Thememory. Often times, tem. To view the conte

Memory and CPU

Memory and the CPU You can obtain memormum amount of memoresources demanded by

First, generate a list of

command not only listsfor each running proce

Once you have the PIDUse the command

sho

To display detailed CP

cpu

command. To show

1291_Section 1QR.book Page 59 Wednesday, November 3, 2004 7:49 AMInfrastructures

(NVRAM) is an important storage location on the router or the switch. sed to store the startup conguration used when the router or switch

interact with NVRAM include show nvram:startup-cong to view the NVRAM. You can easily replace the contents of startup-cong with a command to do thisfor example, copy source-url nvram:startup-con- the conguration to a new location, this also uses the copy command as :startup-cong destination-url. Erasing the NVRAM is as simple ram: command.

of memory on routers and switches. This area is often used to store the ther important les.

ee different Flash memory le system typesClass A, Class B, and mands that you use to work with these different le systems might vary. m types use the delete and undelete commands to delete and undelete

squeeze command can be used to permanently delete les from Flash the erase command can be used to delete all les from the Flash le sys-nts of Flash memory, remember you can use the show ash command.

resources that are available are very important on the router or switch. y and CPU usage statistics of running processes, including the maxi-ry used by the process (in bytes) and the average amount of CPU the process (in percent).

currently running processes, using the show processes command. This the running processes on the device, but also lists the PID (Process ID) ss.

, you can display memory and CPU utilization for a specic process. w processes pid.

U utilization statistics (CPU use per process), use the show processes memory used, use the show processes memory command.


Cisco IOS File System

The Cisco IOS le system provides a single interface for all of the le systems available on the device including:

Flash

NVRAM

Network le syste

ROM

The IOS le system (IFmands can be entered idesired, this method is

Files can now be copie

ccccooooppppyyyy ssssoooouuuurrrrcccceeee----uuuurrrrllll ddddeeeessss

To specify a le on a n

ftp:[[//[username rcp:[[//[username tftp:[[//location]/

The following exampleTransport Protocol (TFdirectory named /imag

ttttffffttttpppp::::////////sssseeeerrrrvvvveeeerrrr....aaaabbbbcccc----cccc

To specify a local le, easy it is to refer to the

nnnnvvvvrrrraaaammmm::::ssssttttaaaarrrrttttuuuupppp----ccccoooonnnnffffiiii

Here are some commo

ash:

bootash:

nvram:

system:

slot0:

slot1:

For partitioned devices

device:partition-num

to the second partition

1291_Section 1QR.book Page 60 Wednesday, November 3, 2004 7:49 AMms (TFTP)

S) allows for command standardization across platforms. Also, com-n a single line and prompting can be minimized. If prompting is still available.

d using URLs. This is accomplished easily using the following syntax:

ttttiiiinnnnaaaattttiiiioooonnnn----uuuurrrrllll

etwork server, use one of the following forms:

[:password]@]location]/directory]/lename@]location]/directory]/lename

directory]/lename species the le named c7200-j-mz.112-current on the Trivial File TP) server named server.abc-company.com. The le is located in the es.

oooommmmppppaaaannnnyyyy....ccccoooommmm////iiiimmmmaaaaggggeeeessss////cccc7777222200000000----jjjj----mmmmzzzz....111111112222----ccccuuuurrrrrrrreeeennnntttt

use the prex:[directory/]lename syntax. For example, this is how startup-cong le in NVRAM:

gggg

n local prexes you should be aware of:

, the URL prex includes the partition number. The syntax is ber: for the prex on a partitioned device. For example, ash:2: refers in Flash memory.

Cisco Device Infrastructures

You should use context-sensitive help to determine which le systems are supported on your particular device. For example, using the

copy ?

command allows you to see the possible le systems for sourcing a

On some systems you c

For most commands, iftory, as specied by th

system, you can check

You can use the follow

dir [/all] [lesyste

show le informa

show le descrip

To display the contentsfollowing command:

mmmmoooorrrreeee [[[[////aaaasssscccciiiiiiii

|

////bbbbiiiinnnnaaaa

File Transfers

The Cisco IOS File Syto transfer images or have network access? Yfrom a local or remotemon protocols used to (TERMINAL.EXE), WWindows NT 4.0 (HypXmodem and Ymodemcommand:

xxxxmmmmooooddddeeeemmmm [[[[----yyyy]]]] [[[[----cccc]]]] [[[[----

The -y option uses the console port data rate.

Configuration Regi

The common uses of th

Password recovery

Enable/disable the

Change boot beha

Maintenance testi

To display the current

The conguration regis

1291_Section 1QR.book Page 61 Wednesday, November 3, 2004 7:49 AM copy operation.

an use the show le systems command to view the available le systems.

no le system is specied, the le is assumed to be in the default direc-e cd command. If you use the cd command to change the default le the default le system with the pwd command.

ing commands to obtain information about les:

m:][lename]Displays a list of les on a le systemtion le-urlDisplays information about a specic le

torsDisplays a list of open le descriptors

of any readable le, including a le on a remote le system, use the

rrrryyyy | ////eeeebbbbccccddddiiiicccc]]]] ffffiiiilllleeee----uuuurrrrllll

stem section of the study sheets revealed the use of the copy command les. But what about transferring a system image to a device that does not ou can use the Xmodem or Ymodem protocols to download an image

computer through the console port. Xmodem and Ymodem are com-transfer les and are included in applications such as Windows 3.1 indows 95 (HyperTerminal), Windows NT 3.5x (TERMINAL.EXE), erTerminal), and Linux UNIX freeware (minicom). le transfers are performed from ROM monitor with the following

ssss ddddaaaattttaaaa----rrrraaaatttteeee]]]]

Ymodem protocol, -c provides CRC-16 checksumming, and -s sets the

ster

e conguration register value on a router are as follows:

console Break key

vior to allow boot from Flash or ROM

ng

value of the conguration register, use the show version command.

ter value is actually a 16-bit boot register; it is displayed in hexadecimal.


The default settings of the 16 bits of the boot register are as follows:

Notice the default hex

The uses of the bits are

Bits 03Boot F0xF = boot from

Bit 4Fast Boot

Bit 5High Spee11 and 12

Bit 6Ignore Sta

Bit 7OEM Bit

Bit 8Break Key

Bit 9Not Used

Bit 10Netboot B

Bits 11-12Consrates

Bit 13Responseboot

Bit 14Netboot S

Bit 15Enable Dsages

To change the congur

ccccoooonnnnffffiiiigggg----rrrreeeeggggiiiisssstttteeeerrrr

To determine if the set

sssshhhhoooowwww vvvveeeerrrrssssiiiioooonnnn

Basic Device

Accessing the Devi

Most routers and switcadministrative access. iary port is for remote

15 14 13 1

0 0 1 0

2

1291_Section 1QR.book Page 62 Wednesday, November 3, 2004 7:49 AMdisplay in show version is 0x2102 as shown in the preceding example.

as follows:

ield0x0 = boot ROM monitor; 0x1 = boot from ROM; 0x2 through Flash, boot using boot system commands, or boot from system image

Force load through the boot system commands

d Console1 = console operates at 19.2 or 38.4 kbps; works with bits

rtup Cong File1 = ignore NVRAM

1 = disables Cisco banner display

1 = disable

roadcast Format1 = all zeros broadcast

ole Baud RateSee documentation for combinations and resultant

to Netboot Failure1 = boot to ROM after failure; 0 = continue to net-

ubnet Broadcast1 = force subnet broadcast

iagnostic Messages1 = ignore NVRAM and display diagnostic mes-

ation register settings on a router, use the following command:

tings have taken effect, use the following command to view the register:

Operations

ce

hes feature an asynchronous serial console port and auxiliary port for The console port is for local access from a workstation, and the auxil-access via a modem.

2 11 10 9 8 7 6 5 4 3 2 1 0

0 0 0 1 0 0 0 0 0 0 1 0

1 0 2

Basic Device Operations

Cisco typically providecables/adapters includeadapter cable (RJ-45-toTo access the device frappropriate cable and anal) for 9600 baud, 8 dFor use of the auxiliaryrect cable and adapter.congured for the samData Carrier Detect CD

Most routers and switcwizard-like series of p

Once you work througprivileged mode. Addienter this mode for con

Password Recovery

Most Routers

Step 1 Connect via

Step 2 Power cycle

Step 3 Press the B

Step 4 Run the con

Step 5 Answer yes

Step 6 Reload the

Step 7 Abort the S

Step 8 Enter privilcopy star r

Step 9 Run confre

1291_Section 1QR.book Page 63 Wednesday, November 3, 2004 7:49 AMs cables and adapters for accessing the device via these ports. These one console adapter cable (RJ-45-to-DB-9, blue) and one modem -DB-25, black).

om a workstation, connect the device to the console port using the dapter. Congure your PC terminal emulation software (HyperTermi-ata bits, no parity, and 2 stop bits. port with a modem, connect the modem to the AUX port using the cor-

Make sure that your modem and the auxiliary port on the router are e transmission speed (up to 115200 bps) and hardware ow control with

) and data terminal ready TR) operations.hes present a Setup script following the initial boot output. This is a rompts that aids in the basic conguration of the device.

h the Setup script or skip it, you can use the enable command to enter tional congurations are made in global conguration mode. You can gurations from the terminal using the congure terminal command.

the console port.

the router.

reak key within 60 seconds of initialization.

guration register utility by entering confreg.

to ignore system cong info.

router with the reset command.

etup script.

eged mode and copy the cong in NVRAM to RAM using the command un.

g and restore the default conguration register values.


Step 10 Issue no shut on interfaces.

Step 11 Set the privileged mode password to a new value.

Step 12 Save the new conguration with copy run star.

Most Switches

Step 1 Power cycle the switch.

Step 2 As soon as

Step 3 For the rst

Step 4 Use the app

Step 5 If prompted

SNMP

Simple Network Manapermits powerful moniSNMP and various oth

At a minimum, to conas community strings iconguration and mon

ssssnnnnmmmmpppp----sssseeeerrrrvvvveeeerrrr ccccoooommmmmmmmuuuunnnniiiissssnnnnmmmmpppp----sssseeeerrrrvvvveeeerrrr ccccoooommmmmmmmuuuunnnniiii

Typically, you view infprovided by CiscoWor

1291_Section 1QR.book Page 64 Wednesday, November 3, 2004 7:49 AMpossible, enter enable to enter privileged mode.

30 seconds the password is the Enter key.

ropriate command to set the new password.

for the old password, use the Enter key.

gement Protocol (SNMP) is a part of the TCP/IP suite of protocols. It toring capabilities for networking equipment. CiscoWorks relies upon er protocols to congure and monitor Cisco equipment.

gure a Cisco device for SNMP, you need to assign passwordsknown n SNMP. Here are typical IOS commands for setting strings that permit itoring, respectively:

ttttyyyy [[[[ssssttttrrrriiiinnnngggg]]]] rrrrwwwwttttyyyy [[[[ssssttttrrrriiiinnnngggg]]]] rrrroooo

ormation obtained by SNMP using a graphical user interface, like that ks.

!

"!

Basic Device Operations

You should be aware of several show commands for monitoring SNMP activities on the equip-ment. Here are some examples:

no snmp-server

show snmp enginremote engines th

show managemenon your routing d(MIB)

show snmpChe

show snmp groupthe status of the d

show snmp pend

show snmp sessio

show snmp usertable

SPAN

Network analysis in a Analyzer). Trafc is manalyzer should be loc

SPAN is available in se

Local SPANSPdevice

VLAN-based SPAor more ports

Remote SPAN (Rent switches; a spin the network

1291_Section 1QR.book Page 65 Wednesday, November 3, 2004 7:49 AMDisables SNMP agent operation

eidDisplays the identication of the local SNMP engine and all at have been congured on the router

t eventDisplays the SNMP Event values that have been congured evice through the use of the Event Management Information Base

cks the status of SNMP communications

Displays the names of groups on the router and the security model, ifferent views, and the storage type of each group

ingDisplays the current set of pending SNMP requests

nsDisplays the current SNMP sessions

Displays information on each SNMP username in the group username

switched Cisco environment is handled using SPAN (Switched Port irrored from source ports to a destination port on the switch; a network ated at the destination switch.

veral forms:

AN source port(s) and the destination port are located on the same

N (VSPAN)The source is a virtual LAN (VLAN) as opposed to one

SPAN)The SPAN source and destination ports are located on differ-ecial purpose VLAN carries the mirrored frames to the destination port


The following gure demonstrates a sample RSPAN conguration.

You should be aware o

You can congure

A port specied asanother SPAN ses

A port channel int

If you specify mu

Destination ports

Sw

Switch A

A

2. monitor semonitor se

RSPAN: Configuration Example

1291_Section 1QR.book Page 66 Wednesday, November 3, 2004 7:49 AMf important guidelines regarding SPAN:

destination ports as trunks to capture tagged trafc.

a destination port in one SPAN session cannot be a destination port for sion.

erface (an EtherChannel) cannot be a destination.ltiple ingress source ports, the ports can belong to different VLANs.

never participate in any spanning tree instance.

Switch DD1

D2

Probe

itch C

Switch B

C1 C2

C3

1A2

A3

B1B2

B3

B4

Destination Switch(Data Center)

Immediate Switch(Building Distribution)

Source Switches(Building Access)

3. monitor session 1 source remote vlan999monitor session 1 destination interface fa4/48

1.VTP Servervlan999remote span

ssion 1 source interface fast ethernet 1/1 bothssion 1 destination remote vlan999

1291_Section 1QR.book Page 67 Wednesday, November 3, 2004 7:49 AM

BridginQuick RData Link LayThe data link layer prodata link layer specicacteristics include the f

Physical addressi

Network topologdevices are to be

Error notication

Sequencing of fra

Flow controlMoverwhelmed wit

The Institute of Electriinto two sublayers:

Logical Link Con

Media Access Con

1291_Section 1QR.book Page 104 Wednesday, November 3, 2004 7:49 AMg and LAN Switchingeference Sheets

ervides reliable transit of data across a physical network link. Different ations dene different network and protocol characteristics. These char-ollowing:

ngDenes how devices are addressed at the data link layer

yConsists of the data link layer specications that often dene how physically connected, such as in a bus or a ring topology

Alerts upper-layer protocols that a transmission error has occurredmesReorders frames that are transmitted out of sequence

oderates the transmission of data so that the receiving device is not h more trafc than it can handle at one time

cal and Electronic Engineers (IEEE) has subdivided the data link layer

trol (LLC)trol (MAC)

Ethernet

The Logical Link Conbetween devices over ation and supports bothprotocols. IEEE 802.2 higher-layer protocols

The Media Access Conthe physical network maddresses enable multi

Examples of data link pLink Control (HDLC),point-to-point connect

EthernetEthernet refers to the fstandard. This standardprotocol. Four data rattwisted-pair cables:

10 Mbps10BA

100 MbpsFast

1000 MbpsGig

10,000 Mbps10

Ethernet has replaced jfollowing reasons:

It is easy to under

It features relative

It provides extens

It is a standards-co

D

Sublayers of the Data Link Layer

1291_Section 1QR.book Page 105 Wednesday, November 3, 2004 7:49 AMtrol (LLC) sublayer of the data link layer manages communications single link of a network. LLC is dened in the IEEE 802.2 specica-

connectionless and connection-oriented services used by higher-layer denes a number of elds in data link layer frames that enable multiple to share a single physical data link.

trol (MAC) sublayer of the data link layer manages protocol access to edium. The IEEE MAC specication denes MAC addresses. MAC

ple devices to uniquely identify one another at the data link layer.

rotocols are Ethernet for local area networks and PPP, High-Level Data and Advanced Data Communications Control Protocol (ADCCP) for ions.

amily of local-area network (LAN) products covered by the IEEE 802.3 denes the carrier sense multiple access collision detect (CSMA/CD)

es are currently dened for operation over optical ber and

SE-T Ethernet

Ethernet

abit Ethernet

Gigabit Ethernet

ust about every other LAN technology because of the

stand, implement, manage, and maintain.

ly low costs.

ive topological exibility.

mpliant technology.

ata Link Layer

MAC Layer

LLC Layer

Bridging and LAN Switching Quick Reference Sheets

802.3

802.3 denes the original shared media LAN technology. This early Ethernet specication runs at 10 Mbps.

Ethernet possesses theYou often see 802.3 Etunderlying media. Her

10BASE-TEthe

10BASE-FEthe

10BASE2Ether

10BASE5Ether

802.3U (Fast Ethern

Fast Ethernet refers to implies, Fast Ethernet

While Fast Ethernet ismat, MAC mechanismyou to use existing 10BEthernet networks.

802.3Z (Gigabit Eth

Once again, this Ethernspeeds tenfold over Fa

802.3AB (Gigabit E

Gigabit Ethernet over Cexisting Fast Ethernet gory 5e/6 cabling systemake 802.3AB a highl

10 Gigabit Etherne

The latest in Ethernet t

High bandwidth

Low cost of owne

Scalability from 1

Long Reach Ethern

The Cisco Long Reachexisting Category 1/2/3to 35005000 feet.

1291_Section 1QR.book Page 106 Wednesday, November 3, 2004 7:49 AM capability to run over various media such as twisted pair and coaxial. hernet referred to as different terms because of the differences in the e are examples:

rnet over Twisted Pair Media

rnet over Fiber Media

net over Thin Coaxial Media

net over Thick Coaxial Media

et)

any one of a number of 100-Mbps Ethernet specications. As its name offers speeds ten times that of the 10BASE-T Ethernet specication.

a much faster technology, it still preserves such qualities as frame for-s, and maximum transmission unit (MTU). These similarities permit ASE-T applications and network management tools on Fast

ernet)

et technology builds upon the foundations of the old, but increases st Ethernet to 1000 Mbps, or 1 gigabit per second (Gbps).

thernet over Copper)

opper (also known as 1000BASE-T) is yet another extension of the standard. 802.3AB species Gigabit Ethernet operation over the Cate-ms already installed. This reuse of the existing infrastructure helps to y cost-effective solution.

t

echnologies, 10 Gigabit Ethernet provides the following features:

rship

0 Mbps to 10,000 Mbps

et (LRE)

Ethernet (LRE) networking solution delivers 515 Mbps speeds over wiring. As the name conveys, this Ethernet-like performance extends

Transparent Bridging

Gigabit Interface Converter (GBIC)

The Gigabit Interface Converter (GBIC) is a Cisco standards-based hot-swappable input/out-put device that plugs inallows you to inexpensmedia that might be in

You can intermix GBIC1000BASE-SX, 1000Binterface technologies

Transparent B

IEEE/DEC Spanning

Spanning Tree Protocorible because of no Timtable corruption, and m

The STP Process

The Bridge ID is a criticBridge ID consists of ais 32,768.

Path cost is the measurlower cost.

Conguration bridge pSwitches use a four-steport receives a better B(default), it begins senStep 1 Lowest Roo

Step 2 Lowest Path

Step 3 Lowest Sen

Step 4 Lowest Por

1291_Section 1QR.book Page 107 Wednesday, November 3, 2004 7:49 AMto a Gigabit Ethernet slot on a Cisco network device. This exibility ively adapt your network equipment to any changes in the physical troduced.

s in a Cisco device to support any combination of 802.3z-compliant ASE-LX/LH, or 1000BASE-ZX interfaces. Upgrading to the latest is simple thanks to these Gigabit Interface Converters.

ridging

Tree

l (STP) is a Layer 2 loop prevention mechanism. Layer 2 loops are ter-e to Live (TTL) value in frame. Loop can cause broadcast storm, MAC ultiple-frame copies.

al element for the creation of the spanning-tree loop free topology. The 2-byte bridge priority and a 6-byte MAC address. The default priority

e of distance from one bridge to another. Greater bandwidth features

rotocol data units (BPDUs) are sent between switches for each port. p process to save a copy of the best BPDU seen on every port. When a PDU, it stops sending them. If the BPDUs stop arriving for 20 seconds

ding them again.

t Bridge ID (BID) Cost to Root Bridge

der BID

t ID


The initial convergence process takes place in three steps:

Step 1 Elect a Root BridgeLowest BID wins

Step 2 Elect Root

Step 3 Elect Desigdesignated pbridge are d

Once convergence occ

Ports have a port state stated in reality:

DisabledAdmin

BlockingBPDU

Listening BPD

LearningBridg

ForwardingSe

Timers are used in the

Hello2 secTi

Forward Delay

Max Age20 sec

Default convergence tibridge.

Topology Changes

Topology Change NotiBPDU0x80 in Typewhen failure in networaddress tables.

1 A bridge sends a

a It takes a por

b A port goes f

TCNs go out the

3 Upstream bridges

4 Upstream switch BPDU it receivessending TCN BPD

5 Upstream switch

1291_Section 1QR.book Page 108 Wednesday, November 3, 2004 7:49 AMPortsEvery nonroot bridge selects one root port

nated PortsEach segment has one designated port (the bridge with the ort is the designated bridge for that segment); all active ports on the root esignated (unless you connect two ports to each other).urs, BPDUs radiate out from the root bridge over loop-free paths.

under 802.1D STP. They have more than just forwarding or blocking

istratively down

s received only (20 sec)Us sent and received (15 sec)ing table is built (15 sec)nding/receiving data

process to control convergence.

me between each conguration BPDU

15 secList/learning states

Time BPDU stored

me is 30 to 50 seconds. Timer modication is possible from the root

cation (TCN) BPDU is used. Type Field of BPDU signies this eld used for TCN BPDU. TCN BPDU improves convergence time k occursprimarily because it helps in a rapid updating of MAC

TCN BPDU in two cases:

t into forwarding, and it has at least one designated port (DP).rom Forwarding/Learning to Blocking.

root port; sends them each Hello interval until they are acknowledged.

process TCN on DPs.

sets the Topology Change Acknowledgement (TCA) eld of next cong and sends downstream. This causes the downstream switch to stop

Us.

sends TCN further upstream.

Transparent Bridging

6 This continues until the root receives the TCN.

7 Root sets TCA and Topology Change ags in the next cong BPDU.

8 Root sets TC agswitches to age M

Root Bridge Placem

You should set the rooIOS command. You sh

set spantree priority example, set spantreeIf all switches are at thnot specify a VLAN wpriority value of 200 in

set spantree root is acand sets the priority onority is set to 8,192. To

sssseeeetttt ssssppppaaaannnnttttrrrreeeeeeee sssseeeeccccoooonnnndddd

This command sets the

Remember, in a Cisco VLAN basis. This is c

In the Cisco IOS envir

ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn [[[[ddddiiiiaaaammmmeeeetttteeeerrrr hhhhooooppppssss [[[[hhhheeeessssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn [[[[ddddiiiiaaaammmmeeeetttteeeerrrr hhhhooooppppssss [[[[hhhheeee

Load Balancing

One method of load baVLANs on different sw

Another technique is to

sssseeeetttt ssssppppaaaannnnttttrrrreeeeeeee ppppoooorrrrttttvvvvllll

This command allows of VLANs in the trunk

Finally, set spantree pthe command to be entbe performed.

The equivalent Cisco I

ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee ppppoooorrrrtttt----ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn

1291_Section 1QR.book Page 109 Wednesday, November 3, 2004 7:49 AM in all BPDUs sent for Forward Delay + Max Age. This instructs all AC table address entries faster.

ent

t bridge location in your network using the appropriate CatOS or Cisco ould also select a secondary root in the event the primary root fails.

allows you to modify the priority value and rig the root election. For priority 100 1 sets the priority to 100 for VLAN 1 on the local switch. e default priority value of 32,768, the bridge becomes the root. If you do ith the set spantree command, VLAN 1 is assumed. You can use the this case on another switch to elect it as the secondary root bridge.

tually a macro command that examines the priority of the existing root the local switch to be one less. If the default is used on the root, the pri- create a secondary root, you can use the following command:

aaaarrrryyyy

priority value to 16,384.

environment, all spanning-tree mechanisms occur on a VLAN-by-alled Per-VLAN Spanning Tree (PVST+).onment, the following commands are available:

vvvvllllaaaannnn____IIIIDDDD rrrrooooooootttt pppprrrriiiimmmmaaaarrrryyyylllllllloooo----ttttiiiimmmmeeee sssseeeeccccoooonnnnddddssss]]]]]]]]vvvvllllaaaannnn____IIIIDDDD rrrrooooooootttt sssseeeeccccoooonnnnddddaaaarrrryyyylllllllloooo----ttttiiiimmmmeeee sssseeeeccccoooonnnnddddssss]]]]]]]]

lancing with Spanning Tree Protocol is to place the root for different itches.

use the following command:

aaaannnnpppprrrriiii

you to congure load balancing by setting the port priority for a subset port.

ortvlancost can be utilized. This is the most exible option; it allows ered and observed on the switch where the load balancing is to

OS commands include:

pppprrrriiiioooorrrriiiittttyyyy ppppoooorrrrtttt____pppprrrriiiioooorrrriiiittttyyyyvvvvllllaaaannnn____IIIIDDDD ccccoooosssstttt ppppoooorrrrtttt____ccccoooosssstttt


Fast STP Convergence

PortFast PortFast is a Cisco proprietary enhancement to the 802.1D STP implementation. You apply the command to specic ports, and that application has two effects:

Ports coming up a

The switch does nPortFast is going

Therefore, consider en

UplinkFast Congurfailure and allows for a

When you are congur3000 to the cost of all MAC address tables fo

BackboneFast Confailure occurs and is ingence from about 50 se

MISTP

MISTP (802.1s) is an Inumber of spanning-trogies need only a few

You congure a set of sSpanning Tree (MST) of representing the entity with earlier IEEE im

Follow these steps to c

Step 1 Globally en

ssssppppaaaannnnnnnniiiinnnngggg----tttt

Step 2 Enter MST

ssssppppaaaannnnnnnniiiinnnngggg----tttt

Step 3 Set the MST

nnnnaaaammmmeeee nnnnaaaammmmeeee

Step 4 Set a cong

rrrreeeevvvviiiissssiiiioooonnnn rrrr

Step 5 Map your V

iiiinnnnssssttttaaaannnncccceeee iiii

1291_Section 1QR.book Page 110 Wednesday, November 3, 2004 7:49 AMre put directly into the forwarding STP mode.

ot generate a Topology Change Notication when a port congured for up or downfor example, when a workstation power cycles.

abling PortFast on ports that are connected to end user workstations.

e UplinkFast on wiring closet switches. It detects a directly connected new root port to come up almost immediately.

ing UplinkFast, the local switch has a priority set to 49,152, and it adds links. Finally, a mechanism is included that causes the manipulation of r other bridges.

gure BackboneFast on all switches. It speeds convergence when the directly located, such as in the core of the backbone. Reduces conver-conds to about 30 seconds.

EEE standard that allows several VLANs to be mapped to a reduced ee instances. This provides advantages over PVST+ since typical topol-spanning-tree topologies to be optimized.

witches with the same MISTP parameters, and this becomes a Multiple region. With MISTP, you have an Internal Spanning Tree that is capable ire MST region as a Common Spanning Tree for backward compatibil-

plementations.

ongure MISTP:

able MISTP (MSTP) on your switches:rrrreeeeeeee mmmmooooddddeeee mmmmsssstttt

conguration submode:

rrrreeeeeeee mmmmsssstttt ccccoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnn

region name:

uration revision number:

eeeevvvv____nnnnuuuummmm

LANs to MST instances:

nnnntttt vvvvllllaaaannnn rrrraaaannnnggggeeee

LAN Switching

You can easily verify an MISTP conguration using the following commands:

sssshhhhoooowwww ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee mmmmsssstttt ccccoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnnsssshhhhoooowwww ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee

LAN Switchin

VLAN Trunking

802.1Q

The IEEE 802.1Q stanthe VLAN membershiService (QoS) priority

The VLAN ID (VID) athat switches need to pbytes longer than an unand two bytes of TCI (frame are described in

TPIDThe Tag PType set at 8100,

PriorityThe reight (23) possiblority bits.

CFIThe Canonswitches. CFI is uToken Ring.

1291_Section 1QR.book Page 111 Wednesday, November 3, 2004 7:49 AMmmmmsssstttt vvvvllllaaaannnn____iiiidddd

g

dard trunking protocol uses an extra tag in the MAC header to identify p of a frame across bridges. This tag is used for VLAN and quality of identication.

ssociates a frame with a specic VLAN and provides the information rocess the frame across the network. Notice that a tagged frame is four tagged frame and contains two bytes of TPID (Tag Protocol Identier)

Tag Control Information). These components of an 802.1Q tagged more detail here:

rotocol Identier has a dened value of 8100 in hex; with the Ether-this frame is identied as carrying the IEEE 802.1Q/802.1P tag.st 3 bits of the Tag Control Information dene user priority; notice the e priority levels. IEEE 802.1P denes the operation for these 3 user pri-

ical Format Indicator is a single-bit ag, always set to zero for Ethernet sed for compatibility reasons between Ethernet networks and

!"#$


VIDVLAN ID identies the VLAN; notice it allows the identication of 4096 (212) VLANs. Two of these identications are reserved, permitting the creation of 4094 VLANs.

On most set-based (Cafore, you must use the

802.1Q trunks feature which frames are not t

The VLAN a port

The VLAN from w

The VLAN to whi

To successfully trunk bmatch. The default nat

You can control the 80purposes or load balan

802.1Q trunks can be d

ISL

Cisco features its own not modify the frame winformation and is, the

The 26-byte ISL heade

DADestination

TYPE4-bit des

USER4-bit des

SASource addr

LEN16-bit fram

1291_Section 1QR.book Page 112 Wednesday, November 3, 2004 7:49 AMtOS) Catalyst switches, ISL trunk encapsulation is the default; there-set trunk dot1q command to use 802.1Q as your trunk protocol.a concept called the native VLAN. The native VLAN is a VLAN for agged. Here are all aspects of the native VLAN:

is in when not trunking

hich frames are sent untagged on an 802.1Q portch frames are forwarded if received untagged on an 802.1Q portetween two devices using 802.1Q, the native VLAN setting must

ive VLAN in Cisco devices is VLAN 1.

2.1Q VLAN trafc that is sent over a trunk; this is possible for security cing.

ynamically formed using the Dynamic Trunking Protocol (DTP).

proprietary trunking protocol called Inter-Switch Link (ISL). ISL does ith tagging as 802.1Q does; it instead encapsulates the frame with new

refore, protocol-independent.

r contains the following elds in an Ethernet environment:

addressIt is a 40-bit multicast address

criptor of the encapsulated frame type0000 for Ethernet

criptor used to dene Ethernet priority value

ess48-bit source MAC address

e length descriptor

LAN Switching

AAAA03SNAP 802.2 LLC header

HSAFirst 3 bytes of the SA

VLAN ID15-bi

BPDU1-bit descol (CDP) frame

INDX16-bit va

ENCAP FRAME(CRC)

FCS4-byte fram

RES16-bit rese

Just as with 802.1Q, ISload balancing.

DISL

Dynamic Inter-Switchinterconnected Fast Ettrunk pair. This technoused to negotiate trunk(DTP), which functionDISL is a Layer 2 prottocols. The Subnetwor

DISL offers one of ve

OffLocally disa

OnLocally enab

DesirableNegoappropriate mode

AutoPort cong

NonegotiateCa

Note that the following

OFF

OFF No Trun

ON No Trun

AUTO No Trun

DESIR. No Trun

NONEG. No Trun

1291_Section 1QR.book Page 113 Wednesday, November 3, 2004 7:49 AMt VID in which only the low 10 bits are used for 1024 possible VLANs

criptor that identies the frame as a BPDU or a Cisco Discovery Proto-

lue that indicates the port index

The encapsulated data packet including its cyclic redundancy check

e check sequence including a 32-bit CRC

rved eld for additional information

L supports the assignment of VLANs to trunk links for security and/or

Link Protocol (DISL) allows the creation of an ISL trunk from two hernet devices with the administrator only conguring one link of the logy was Ciscos rst attempt at a trunk negotiation protocol. It was s for ISL only. DISL has been replaced with Dynamic Trunk Protocol s for both ISL and 802.1Q on the latest switch operating systems.ocol that uses a multicast destination address used by several Cisco pro-k Access Protocol (SNAP) value distinguishes the frame purpose. trunk modes (very similar to DTP):bles trunk and negotiates other side to disable as well

les trunk and negotiates other side to enable if possible

tiates with other side to enable and locally enables if the other side is in

ured to receive a request to trunk and does so when requested

uses local trunk, but no request is sent for trunking

combinations are possible resulting in the trunk status shown:

ON AUTO DESIR. NONEG.

k No Trunk No Trunk No Trunk No Trunk

k Trunk Trunk Trunk Trunk

k Trunk No Trunk Trunk No Trunk

k Trunk Trunk Trunk Trunk

k Trunk No Trunk Trunk Trunk


Dynamic trunk negotiations are not recommended in high security and/or critical/core areas of the network. Also, remember that dynamic negotiations fail if the links participate in different VLAN Trunking Proto

VTP

VTP is a Cisco proprieinformation across all ts of VTP, your switc

You must congucase sensitive.

The switches mus

The switches mus

The same VTP pa

Generally, you nd fou

VTP protocol vers

VTP message typ

Management dom

Management dom

VTP has four possible

Summary advertis

Subset advertisem

Advertisement req

VTP join messageThe VTP congurationmine if a switch has stnot the switch overwriincrements each time aThe number is one frommode switches that yohigher conguration reparent mode helps to e

You have three possibl

ServerThis moadvertised to VTP

ClientThis modon the local devictem(s).

1291_Section 1QR.book Page 114 Wednesday, November 3, 2004 7:49 AMcol (VTP) domains.

tary Layer 2 multicast messaging protocol that synchronizes VLAN media types and tagging methods on your switches. To enjoy the bene-hes must meet the following requirements:

re the VTP domain name identically on each device; domain names are

t be adjacent.t be connected with trunk links.

ssword must be congured if used in the domain.

r items in all VTP messages:

ion (either 1 or 2)e

ain name length

ain name

message types:

ements

ents

uests

s (used for pruning) revision number is extremely important. This value is used to deter-

ale information regarding VLANs and ultimately controls whether or tes its VLAN database with new information. The revision number change is made to the VLAN database on a Server mode VTP system. 0 to 4,294,967,295. You must ensure when introducing new Server

u do not inadvertently overwrite the VLAN database because of a vision number on the new switch. Introducing new switches in Trans-nsure this problem never results.

e modes your VTP servers. These modes are as follows:

de enables you to create, modify, and delete VLANs; these changes are Client mode systems; Catalyst switches default to this mode.

e does not allow for the creation, modication, or deletion of VLANs e ; VLAN congurations are synchronized from Server mode sys-

LAN Switching

TransparentThis mode permits the addition, deletion, and modication of VLAN information, but the information resides only locally on the Transparent device; these systems forward a

Here is an example con

Console> (enable) ssssVTP domain Lab_NetwConsole> (enable) ssssChanging VTP mode fVTP domain Lab_Netw


Router# ccccoooonnnnffffiiiigggguuuurrrreeee ttttRouter(config)# vvvvttttppppSetting device to VRouter(config)# vvvvttttppppSetting VTP domain Router(config)# eeeennnnddddRouter#

VTP Pruning

VTP pruning allows yotion of ooded frames enable VTP pruning in

sssseeeetttt vvvvttttpppp pppprrrruuuunnnniiiinnnngggg eeeennnnaaaa

When you enable prunof VLAN 1). You needcally propagates. You cineligible. This is done

cccclllleeeeaaaarrrr vvvvttttpppp pppprrrruuuunnnneeeeeeeelllliiiiggggsssseeeetttt vvvvttttpppp pppprrrruuuunnnneeeeeeeelllliiiiggggiiiibbbb

The Cisco IOS comma

vvvvttttpppp pppprrrruuuunnnniiiinnnnggggsssswwwwiiiittttcccchhhhppppoooorrrrtttt ttttrrrruuuunnnnkkkk pppprrrrvvvvllllaaaannnn[[[[,,,,vvvvllllaaaannnn[[[[,,,,vvvvllllaaaannnn[[[[,,

EtherChannel

EtherChannels allow yachieving substantial btrunks in your campusment, because ordinari

Be aware of the follow

All Ethernet interf

You have a maxim

1291_Section 1QR.book Page 115 Wednesday, November 3, 2004 7:49 AMdvertisements from Servers, but do not process these advertisements

guration of VTP for a Server mode system in CatOS mode:

eeeetttt vvvvttttpppp ddddoooommmmaaaaiiiinnnn LLLLaaaabbbb____NNNNeeeettttwwwwoooorrrrkkkkork modifiedeeeetttt vvvvttttpppp mmmmooooddddeeee sssseeeerrrrvvvveeeerrrror all featuresork modified

guration of VTP for a Server mode system in IOS mode:

eeeerrrrmmmmiiiinnnnaaaallll mmmmooooddddeeee sssseeeerrrrvvvveeeerrrrTP SERVER mode. ddddoooommmmaaaaiiiinnnn LLLLaaaabbbb____NNNNeeeettttwwwwoooorrrrkkkkname to Lab_Network

u to limit the amount of trafc sent on trunk ports. It limits the distribu-to only switches that have members of the particular VLAN. You can CatOS with this command:

bbbblllleeee

ing on the switch, all VLANs are pruned by default (with the exception to congure pruning on only one VTP server, and the setting automati-an change this behavior by making select VLANs you choose prune in CatOS with the following commands:

iiiibbbblllleeeelllleeee

nds are as follows:

uuuunnnniiiinnnngggg vvvvllllaaaannnn {{{{nnnnoooonnnneeee | {{{{{{{{aaaadddddddd | eeeexxxxcccceeeepppptttt | rrrreeeemmmmoooovvvveeee}}}} ,,............]]]]]]]]}}}}}}}}

ou to bundle redundant links and treat them as a single link, thus andwidth benets. It is often advisable to use an EtherChannel for key design. EtherChannel is actually a Spanning Tree Protocol enhance-ly one or more of the links would be disabled to prevent a loop.

ing guidelines regarding EtherChannel:

aces on all modules must support EtherChannel.

um of eight interfaces per EtherChannel.


The ports do not need to be contiguous or on the same module.

All ports in the EtherChannel must be set for the same speed and duplex.

Enable all interfaces in the EtherChannel.

An EtherChannel will not form if one of the ports is a SPAN destination.

For Layer 3 EtherChannels, assign a Layer 3 address to the port-channel logical interface, not the physical i

Assign all EtherCtrunk encapsulati

The same allowed

Interfaces with dif

Once an EtherChaeffects the physic

Port aggregation protopackets are sent betweNote this is very similaure the link.

EtherChannel load baleither source, destinati

Here is a CatOS EtherC

Console> (enable) ssssPorts 2/2-8 left adPorts 2/2-8 joined Console> (enable)Here is an example Router# ccccoooonnnnffffiiiigggguuuurrrreeee ttttRouter(config)# iiiinnnnttttRouter(config-if)# Router(config-if)#

UDLD

Unidirectional Link Detional link occurs whenbut trafc sent from thincluding spanning-tre

To perform UDLD, paBoth sides of the link mcopper interfaces and i

1291_Section 1QR.book Page 116 Wednesday, November 3, 2004 7:49 AMnterfaces.

hannel ports to the same VLAN or ensure they are all set to the same on and trunk mode.

range of VLANs must be congured on all ports in an EtherChannel.

ferent STP port path costs can form an EtherChannel.

nnel is congured, a conguration made to the physical interfaces al interfaces only.

col (PAgP) aids in the automatic creation of EtherChannel links. PAgP en EtherChannel-capable ports to negotiate the forming of a channel. r to DISL/DTP. Only one switch needs to be congured to fully cong-

ancing can use MAC addresses, IP addresses, or Layer 4 port numbers; on, or both source and destination addresses.

hannel conguration example:

eeeetttt ppppoooorrrrtttt cccchhhhaaaannnnnnnneeeellll 2222////2222----8888 mmmmooooddddeeee ddddeeeessssiiiirrrraaaabbbblllleeeemin_group 1.admin_group 2.

from Cisco IOS:eeeerrrrmmmmiiiinnnnaaaalllleeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 2222////2222 ----8888cccchhhhaaaannnnnnnneeeellll----ggggrrrroooouuuupppp 2222 mmmmooooddddeeee ddddeeeessssiiiirrrraaaabbbblllleeeeeeeennnndddd

tection (UDLD) detects and disables unidirectional links. A unidirec- trafc transmitted from the local switch is received by the neighbor,

e neighbor is not. Unidirectional links can cause a variety of problems, e loops. UDLD performs tasks that autonegotiation cannot perform.

ckets are sent to neighbor devices on interfaces with UDLD enabled. ust support UDLD, therefore. By default, UDLD is locally disabled on

s locally enabled on all Ethernet ber-optic interfaces.

Security

The CatOS command to enable UDLD on an interface is as follows:

sssseeeetttt uuuuddddlllldddd eeeennnnaaaabbbblllleeee mod/port

The Cisco IOS command to enable UDLD on an interface is simply this:

uuuuddddlllldddd eeeennnnaaaabbbblllleeee

Security

VACL

Cisco multilayer switc

Router access cosable memory) ha

Quality of Servic VLAN access con

some platforms

Catalyst switches, therand QoS ACLs. VACLaccess maps. If a matcthe default action is to the map. If no match cVACLs have no directiinclude an ACL with s

VACLs support three a

Permit

Redirect

Deny

Here is an example fro

Console> (enable) ssssIPACL1 editbuffer mConsole> (enable)Console> (enable) ssssIPACL1 editbuffer mConsole> (enable)Console> (enable) ccccACL commit in progrACL IPACL1 is commiConsole> (enable)

1291_Section 1QR.book Page 117 Wednesday, November 3, 2004 7:49 AMhes support three types of access control lists (ACLs):ntrol lists (RACLs)Supported in the TCAM (ternary content-addres-rdwaree (QoS) access control listsSupported in the TCAMtrol lists (VACLs)Supported in software and hardware on

efore, support four ACL lookups per packetinput/output, security, s follow route map conventions. In fact, they are referred to as VLAN h clause for that type of packet (IP or MAC) exists in the VLAN map, drop the packet if the packet does not match any of the entries within lause exists for that type of packet, the default is to forward the packet. on. To lter trafc in a specic direction by using a VACL, you need to pecic source or destination addresses.

ctions:

m CatOS:

eeeetttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll iiiipppp IIIIPPPPAAAACCCCLLLL1111 ppppeeeerrrrmmmmiiiitttt aaaannnnyyyyodified. Use commit command to apply changes.

eeeetttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll iiiipppp IIIIPPPPAAAACCCCLLLL1111 ddddeeeennnnyyyy hhhhoooosssstttt 111177771111....3333....8888....2222odified. Use commit command to apply changes.

oooommmmmmmmiiiitttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll aaaalllllllless.tted to hardware.


Here is an example from the Cisco IOS that uses an ACL, as well:

Switch(config)# iiiipppp aaaacccccccceeeessssssss----lllliiiisssstttt eeeexxxxtttteeeennnnddddeeeedddd iiiipppp1111Switch(config-ext-nacl)# ppppeeeerrrrmmmmiiiitttt ttttccccpppp aaaannnnyyyy aaaannnnyyyy Switch(config-ext-nSwitch(config)# vvvvllllaaaaSwitch(config-accesSwitch(config-acces

Private VLANs

Private VLANs allow yprovider (ISP) can creanizations. These servercommunicate with a ga

Private VLANs functioHosts that reside in the(the gateway, for examVLAN. Secondary VL

Isolated VLANs

Community VLAin the communityanother secondary

The following guidelin

All secondary VL

Private VLANs ar

VLAN Trunking P

Each switch port t

Ports must be de

Promiscuousary VLANs (it

HostThis pthe promiscuopromiscuous p


Switch(config)# vvvvllllaaaaSwitch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)

1291_Section 1QR.book Page 118 Wednesday, November 3, 2004 7:49 AMacl)# eeeexxxxiiiittttnnnn aaaacccccccceeeessssssss----mmmmaaaapppp mmmmaaaapppp____1111 11110000s-map)# mmmmaaaattttcccchhhh iiiipppp aaaaddddddddrrrreeeessssssss iiiipppp1111s-map)# aaaaccccttttiiiioooonnnn ddddrrrroooopppp

ou to segment trafc within a VLANfor example, an Internet service te a VLAN for a server farm that consists of servers from various orga-s can be isolated from each other in the VLAN, but they can all still teway to reach clients beyond the local network.

n by associating a primary VLAN with special secondary VLANs. secondary VLAN can communicate with ports in the primary VLAN ple), but they cannot communicate with hosts of another secondary ANs can be set up as follows:

A port within an isolated VLAN can reach only the primary VLAN.

NsPorts in a community VLAN can communicate with other ports VLAN and the primary VLAN; these ports cannot communicate with VLAN, however.

es apply to the creation of private VLANs:

ANs must be associated with one primary VLAN.

e created using special cases of regular VLANs.

rotocol (VTP) does not pass any information about private VLANs.hat uses a private VLAN must be congured with a VLAN association.

ned with one of the following roles:

This port can communicate with anything in the primary and second- is typically for the gateway device).ort is in the isolated or community VLAN; it communicates with only us port (isolated port)or with other hosts in the community and the ort (community port).guration of private VLANs in the Cisco IOS:

nnnn 11110000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn ccccoooommmmmmmmuuuunnnniiiittttyyyy# vvvvllllaaaannnn 22220000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn ccccoooommmmmmmmuuuunnnniiiittttyyyy# vvvvllllaaaannnn 33330000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn iiiissssoooollllaaaatttteeeedddd# vvvvllllaaaannnn 111100000000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn pppprrrriiiimmmmaaaarrrryyyy# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 11110000,,,,22220000,,,,33330000

MLS

Switch(config-vlan)# eeeexxxxiiiittttSwitch(config)# iiiinnnntttteeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////1111 2222Switch(config-if-range)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 11110000Switch(config-if-range)# iiiinnnntttteeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////4444 5555Switch(config-if-range)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 22220000Switch(config-if-range)# iiiinnnntttteeeerrrrffffaaaacccceeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////3333Switch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 33330000Switch(config-if)# iiiinnnntttteeeerrrrffffaaaacccceeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 2222////1111Switch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt mmmmooooddddeeee pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn pppprrrroooommmmiiiissssccccuuuuoooouuuussssSwitch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn mmmmaaaappppppppiiiinnnngggg 111100000000 11110000,,,,22220000,,,,33330000

MLS

Switching Table Ar

Both a content-addressswitch equipment.

Content-Addressab

The CAM is useful whAn excellent example the match must be an e

Cat 6500Layer

Cat 4000Layer

With CAM table technhashing algorithm. Thithe table without produ

Notice that the CAM aof the address as a mata 32-bit address. The Cis used in this case.

Ternary Content-Ad

The TCAM table has amask values, each withvalue in VMR refersassociated with the pata match on pattern andpointer to other more c

1291_Section 1QR.book Page 119 Wednesday, November 3, 2004 7:49 AMchitectures

able memory (CAM) and a TCAM can be used with modern multilayer

le Memory Table

enever the switch needs to do a lookup and needs to be an exact match. is a Layer 2 lookup. The switch needs to match on a MAC address and xact match. Examples of CAM table usage include the following:

2 tables and NetFlow tables

2 tables

ology, the destination MAC address is the key, and this key is fed into a s hash produces a pointer into a table. This allows for fast lookups in cing a table scan.

pproach does not help when you are interested only in a certain portion ch. For example, perhaps you want to match on only the rst 16 bits of AM does not help because it uses an exact match approach. The TCAM

dressable Memory Table

limited number of entries that are populated with pattern values and an associated result. These entries are referred to as VMR entries. The to the pattern that is to be matched. The mask refers to the mask bits tern. The result refers to the result or action that occurs in the case of mask. This result might be a simple permit or deny, or it might be a omplex information.


Currently three platforms rely on the TCAM for Layer 3 switching:

Catalyst 6500

Catalyst 4000

Catalyst 3550

The TCAM table cons

Exact-match reghost entry.

Longest-match r

First-match regio

You can congure the

Multilayer Switchin

Two main multilayer s

NetFlow-Based Sw

NetFlow-based switchswitching. The rst pain the hardware forwarthe term route once-s

1291_Section 1QR.book Page 120 Wednesday, November 3, 2004 7:49 AMists of these types of regions:

ionUsed anytime an exact match entry is required for example, a

egionUsed for routing decisions.

nConsists of ACL entries; lookup stops after rst match of the entry.

size of your TCAM based on your network requirements.

g Architectures

witching architectures are used today.

itching

ing is also known as ow-based, route caching, or demand-based cket in a ow is switched in software; subsequent packets are switched ding table. This is classic multilayer switching that is often known by witch many.

MLS

Topology-Based Switching

With the latest topology-based switching, a route cache approach is not used. The forwarding structures required in h

The Cisco implementaExpress Forwarding). T

FIB (Forwardingbased switching dtion base. The FIBthe IP routing tab

Adjacency tablesreach each other wadjacency tables tLayer 2 next-hop

Configuring CEF

CEF switching is permequipped with the follo

Supervisor Engine

Policy Feature Ca

Multilayer Switch

Distributed Forwa

You can use the no ip

1291_Section 1QR.book Page 121 Wednesday, November 3, 2004 7:49 AMardware are built in advance without waiting for trafc ows.

tion of topology-based multilayer switching is called CEF (Cisco he two main components of CEF operation are the following:

Information Base)CEF uses an FIB to make IP destination prex-ecisions. The FIB is conceptually similar to a routing table or informa- maintains a mirror image of the forwarding information contained in

le.

Network nodes in the network are said to be adjacent if they can ith a single hop across a link layer. In addition to the FIB, CEF uses

o prepend Layer 2 addressing information. The adjacency table maintains addresses for all FIB entries. This structure is built from the ARP table.

anently enabled on the Catalyst 6500 series switches when they are wing hardware:

2

rd 2 (PFC2) Feature Card 2 (MSFC2)rding Card (DFC)cef command to disable CEF on the Catalyst 4000.

!

"#

!

!#

"$


The default conguration on devices with CEF enabled is for CEF to be functional on all Layer 3 interfaces. If you disable CEF on an interface, you can enable CEF as follows:

On the Catalyst 3550 switch, use the ip route-cache cef interface conguration command to enab

On the Catalyst 40CEF on an interfa

On the Catalyst 65

Per-destination load ba

Configuring CEF

You can use the follow

sssshhhhoooowwww iiiinnnntttteeeerrrrffffaaaacccceeee ttttyyyyppppeeee

Another option for viewfollowing command:

sssshhhhoooowwww iiiinnnntttteeeerrrrffffaaaacccceeeessss ttttyyyypppp

To view all of the FIB

sssshhhhoooowwww iiiipppp cccceeeeffff

To view details from a

sssshhhhoooowwww iiiipppp cccceeeeffff ddddeeeettttaaaaiiiillll

Use the following com

sssshhhhoooowwww aaaaddddjjjjaaaacccceeeennnnccccyyyy [[[[{{{{{{{{tttt ssssuuuummmmmmmmaaaarrrryyyy]]]]

Debugging commands

ddddeeeebbbbuuuugggg iiiipppp cccceeeeffff {{{{ddddrrrrooooppppssss pppprrrreeeeffffiiiixxxx----iiiippppcccc [[[[aaaacccccccceeeessssssssrrrreeeeccccuuuurrrrssssiiiivvvveeee

Catalyst IOS Cisco is attempting to alyst switches. Thanksof the past might run th

This standardization onengineers that are alrea

While the appropriate CCIE candidate shouldconguration modes an

1291_Section 1QR.book Page 122 Wednesday, November 3, 2004 7:49 AMle CEF on an interface.

00 switch, use the ip cef interface conguration command to enable ce after it has been disabled.

00 with PFC2, DFCs, and MSFC2, you cannot disable CEF.

lancing is enabled by default when you enable CEF.

ing command to display a summary of IP unicast trafc on an interface:

ssssllllooootttt////iiiinnnntttteeeerrrrffffaaaacccceeee | bbbbeeeeggggiiiinnnn LLLL3333

ing this information on some platforms, such as the 6500, is to use the

eeee ssssllllooootttt////iiiinnnntttteeeerrrrffffaaaacccceeee | iiiinnnncccclllluuuuddddeeee SSSSwwwwiiiittttcccchhhheeeedddd

entries on a multilayer switch, use the following command:

ll of the FIB entries, use the following command:

mand to view adjacency table information:yyyyppppeeee1111 ssssllllooootttt////ppppoooorrrrtttt}}}} | {{{{ppppoooorrrrtttt----cccchhhhaaaannnnnnnneeeellll nnnnuuuummmmbbbbeeeerrrr}}}}}}}} | ddddeeeettttaaaaiiiillll | iiiinnnntttteeeerrrrnnnnaaaallll |

for CEF are also available. These include the following:

[[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] | rrrreeeecccceeeeiiiivvvveeee [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] | eeeevvvveeeennnnttttssss [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] |----lllliiiisssstttt]]]] | ttttaaaabbbblllleeee [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]]}}}} ddddeeeebbbbuuuugggg iiiipppp cccceeeeffff aaaaccccccccoooouuuunnnnttttiiiinnnngggg nnnnoooonnnn----

Configuration Commandsstandardize on a single base operations system for its broad line of Cat- to the acquisition of several different switch vendors, Catalyst switches e CatOS (set-based) operation system or an entirely unique OS. an Cisco IOS-based operating system is a welcome switch for many dy very familiar with the operating systems found on modern routers.

sections of these study sheets demonstrate specic commands that a be familiar with, this section covers three important Cisco IOS-based d associated commands that are not covered elsewhere.

Catalyst IOS Configuration Commands

Command Modes

The conguration modes from a router-based environment are present on the switch. In addi-tion to those, you also

(cong-vlan)Uing vlan number

(vlan)This is anthe vlan databas

(if-range)Use tenter this mode u

1291_Section 1QR.book Page 123 Wednesday, November 3, 2004 7:49 AMhave the following modes:

se this mode to congure VLAN parameters; enter this mode by enter- in global conguration mode.

alternative to VLAN conguration mode; you enter this mode using e command.

he mode to apply a conguration to a range of interfaces on the switch; sing the interface range command.

IP QuicAddressing

IPv4 Addresses

IPv4 addresses consistcalled octets. Addresse

10.200.34.201

Subnet masks identify portion identies a hos

The address classes demasks:

Class A 255.0.0

Class B 255.25

Class C 255.25

Class A addresses begibegin with 10 and rang192223.

ARP

Address Resolution PrEthernet network. A ho

1291_Section 1QR.book Page 150 Wednesday, November 3, 2004 7:49 AMk Reference Sheets

of 32 bits. These 32 bits are divided into four sections of 8 bits, each s are typically represented in dotted decimal notation. For example:

which portion of the address identies a particular network and which t on the network.

ned for public and private networks consist of the following subnet .0 (8 bits)5.0.0 (16 bits)5.255.0 (24 bits)n with 0 and have a rst octet in decimal of 1127. Class B addresses e from 128191. Class C addresses begin with 110 and range from

otocol (ARP) is used to resolve IP addresses to MAC addresses in an st wanting to obtain a physical address broadcasts an ARP request onto

Addressing

the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address. Once a MAC address is determined, the IP address associ-ation is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and seand replies on IEEE (InEthernet is specied by

Reverse Address ResoRARP request packet ra RARP server on the diskless nodes that do attempts to use RARP routers can act as RAR

Defining Static ARP

To congure static ma

Router(config)# arp

Use the following com

Router(config-if)#

Setting ARP Encaps

Cisco routers can actua(ARP), proxy ARP, anPackard Company (HPBy default, standard Eenabled on the IP interas required by your netinto 48-bit Ethernet ha

To specify the ARP en

Router(config-if)#

Enabling Proxy ARP

Cisco routers use proxaddresses of hosts on onot on the same networhost through other inteaddress. The host that sthem to the intended h

To enable proxy ARP i

Router(config-if)#

1291_Section 1QR.book Page 151 Wednesday, November 3, 2004 7:49 AMnt over the network. Encapsulation of IP datagrams and ARP requests stitute of Electrical and

cisco press - ccie routing and switching flash cards

Documents

routing information

routing infosome topologies

amc routing protocol

oating static route

route summask

poisoned route

static routes

static congurations