hijratafghan.yolasite.comhijratafghan.yolasite.com/resources/ccna release notes … · web...

SAFI CISCO CONSULTANT

LOCAL AREA NETWORK

A local area network (LAN) connects personal computers, printers, and othercomputer resources together within a building or campus. Many schools, offices, andeven homes now have LANs. These networks allow printers, as well as documents andprojects, to be shared. LANs also enable computers to talk to one another and areoften used to share Internet access across all of the computers in a building or school.Most LANs use wires, or cables, to connect computers and other peripheral devices. Inmost networks, a network cable (which generally looks like an oversized telephonecord) connects a computer to a network jack in the wall. Sometimes, in classrooms orbusiness offices, many computers are connected to an intermediate hub or switch,not directly to the network jack. The hub or switch into which all of the computersare plugged is the device that is connected to the network jack. In both cases, thenetwork jack is connected to a small router by another cable. Printers are also oftenshared using this method of hubs and switches.Some LANs are now wireless. Wireless LANs are fundamentally the same as wiredLANs, but the cabling is replaced by small "radios" that are contained inside thecomputers. Wireless LANs are generally somewhat slower than the wired networks,but they are much easier to set up and allow users to move their machines aroundwithout having to reconnect network cables.Wireless LANs have moved into the mainstream in schools and classrooms during thelast few years; however, it is important to note that security is much more difficultwhen using a wireless network. Additionally, the adoption of competing protocols iscreating some confusion in the marketplace. Agencies need to select a wirelessprotocol with care, considering how the network can be upgraded and whether it iscompatible with existing wireless protocols.Telekomunikasi dan Elektronikakomlek.net@2008Where a LAN may connect all of the computers within a building or campus, a widearea network (WAN) connects multiple LANs. Many districts now have WANsconnecting all of the schools within the district for the sharing of Internet access,selected files, or other resources.

What Are Servers, Routers, and Firewalls?LANs often involve a number of different components, including a dizzying variety ofservers, switches, routers, firewalls, and the like. This section provides descriptionsof many of these items.ServersWhile servers often are spoken of in almost mystical tones, they are really justpowerful computers running specialized software designed to share files, manageprinters, or perform any other specialized task assigned. Most of these computers are

Prepared and Design by Mr. Hijrat Afghan


powerful enough to do more than one thing at a time; for example, a single networkserver might be a file server, a print server, and a mail server simultaneously.File server. A file server is essentially the computer equivalent of a filing cabinet.Documents, spreadsheets, and other (computer) files are stored on a file server, justas paper documents are stored in a filing cabinet. The file server's job is to makethose files available to computer users on the LAN and, when appropriate, allow theusers to update the files.Print server. A print server is a piece of software or hardware that manages printjobs submitted by users. When a document is sent to a networked printer, the printserver receives the job and queues it (puts it in line behind previously submittedjobs). When a job gets to the front of the queue, the print server sends it to theprinter. It is not necessary to buy an individual printer for each personal computer.Users in classrooms or offices often share printers, since not everyone is typicallyprinting at the same time. This option can save an agency a great deal of money.Mail server. The third common type of server is a mail server. The mail server acts asthe conduit to the outside world as messages are sent and received. Some servers areset up so that all of the mail stays on the mail server until a user actively deletes it.In other configurations, the user is able to move the mail from the server to thedesktop computer. This process, called "downloading," uses less space on the mailserver.RouterA router is a piece of equipment that acts as the interface between a local networkand the Internet, by routing traffic from one to the other. A router may be aTelekomunikasi dan Elektronikakomlek.net@2008computer dedicated to managing the traffic of a WAN, or it may be a piece ofsoftware running on a computer that is configured for other tasks as well. Routersalso may be used in LANs to route internal traffic.FirewallA critical component of any network is a firewall. A firewall in layman's terms is awall that acts as a firebreak—it keeps a fire from spreading. In this sense, a computerfirewall keeps a network secure from hackers (the "arsonists" of the Internet) bydenying access to all or part of the network. Management of firewalls requires a greatdeal of expertise. While the network administrator must ensure that no unwantedtraffic can enter the network from outside, a level of access to and from the Internetmust be created that will permit authorized users to conduct their business safely andefficiently.A solid, well-designed firewall is critical to ensure that only authorized users haveaccess to a restricted network. Like routers and servers, firewalls are available aseither hardware or software. Choosing a firewall for a particular network is an issuebest addressed at the local level, after reviewing the options available.Server vs Desktop ComputerAdvances in technology have blurred the distinctions between the computer on thedesktop and a network server. Computing power has continued to grow



exponentially—in fact, most users do not need all the computing power available tothem (at least for now). The same is true of network servers, which have become sopowerful that some network administrators run applications, in addition to the serversoftware, from the network server, rather than installing applications directly on eachof the computers connected to the network. Servers are capable of managing a muchgreater workload today than they were in past years.Running applications from a server has a number of advantages. One key advantage isin licensing, since it is much easier to track usage. Another is that local users areprevented from altering the configuration of applications, which can create softwarefailure and cause problems for other users. In addition, it is much easier to upgradesoftware since only one copy needs to be upgraded, instead of upgrading one copy foreach personal computer. Applications run from a network server, however, are oftencomparatively slower than applications running directly on a desktop computer.Another benefit to server-run applications is the cost-saving use of thin clients. Thinclients are basic, low-cost computers with insufficient power to run sophisticatedsoftware applications, but with enough power to access applications installed on theserver. By purchasing a single copy of an application that can run on a network, withTelekomunikasi dan Elektronikakomlek.net@2008licenses for multiple users, the organization can save the cost of multiple softwarecopies and can purchase less powerful computers at a much lower cost.In addition, by instituting a thin client environment, older computers in schools havelonger useful lives. In recent years, more and more LANs have incorporated thinclients for a variety of purposes. In addition, more and more computer applicationsare written to take advantage of the web to run remotely. The user's desktopcomputer essentially acts as a "dumb" terminal, simply displaying the web pagesbroadcast by the server. The computing actually takes place on an Internet server,and users transmit their commands via the web page. This web-based model worksbest when users have high-speed Internet connections.Computing today occurs on the desktop, on network servers, and Internet serversalike. The distinctions between the various types of computers and servers, in manycases, matter less and less. As computer and network transmission speeds improve,the differences will be even harder to grasp. The increasing complexities ofcomputing and networking reinforce the need for agencies to employ the services of aqualified network administrator.Connecting to the InternetThere are many different ways to connect to the Internet. Agencies can generallypurchase several different kinds of on-ramps to the information superhighway based



on their particular need. Depending on the kind of connection to the Internet, accessto information may be fast or slow.The key to Internet speed is bandwidth. Bandwidth refers to the amount of datatransferred within a specified time. Greater bandwidth increases the speed of datatransfer. A general overview of the various types of Internet connections is listedbelow, starting with the slowest (smallest bandwidth) and moving up to the faster(greater bandwidth) technologies. Cost and service quality can vary widely. Use of acompetitive bid process, with an appropriate Request for Proposal (RFP), can betterenable agencies to obtain needed service while controlling cost. In other words, theagency should not commit to service from a provider based on advertisements.Acronyms and abbreviations referenced in this appendix are defined in the glossary. Areference table is provided at the end of this appendix for quick comparison of thevarious Internet connection options discussed below.Internet Service ProvidersInternet Service Providers (ISPs) provide the portals, or access, that allow computerusers to connect to the Internet. There are numerous ways for education agencies toTelekomunikasi dan Elektronikakomlek.net@2008connect with an ISP. Before selecting an ISP, the agency should determine its needsfor bandwidth, speed, and services.The agency should secure the services of an ISP through the RFP process. Using theRFP process, the ISP should be required to identify the available connection speedand the reliability of the system, sometimes measured by the amount of time the ISP'sservices were down during the previous 6 months. Although most ISPs will advertise ahigh connection speed, the agency should determine whether the full bandwidth isavailable at all times by requesting an assessment of the provider's typical bandwidthand connection speed at different times of the day and on different days of the week.The chief technology officer or technology director should review any ISP proposal.Following are descriptions of the various Internet connections available.Dial-UpDial-up services connect to the Internet using modems over a traditional telephoneline. The vast majority of Internet users connect to the Internet from home via dialupservice. The maximum connection speed is 56 kilobits per second (Kbps), which isslow when supporting bandwidth-intensive services, such as video conferencing orstreaming video. Dial-up service is typically sufficient for using web and e-mailapplications. It is not recommended for multiple users, such as a number of students,who need to access the Internet at the same time. Dial-up service is available almosteverywhere in the United States and is the least expensive way of connecting to theInternet/World Wide Web.ISDN



Developed and marketed through the 1980s and early 1990s, the Integrated ServicesDigital Network (ISDN) was the telephone company's first attempt at providing fasteronline services. As with dial-up service, ISDN is generally insufficient for serving alarge number of users with the same connection. The service provides up to 128 Kbps,approximately twice the speed of dial-up. ISDN tends to be much more expensive thandial-up, costing generally $100 to $300 per month. For the most part, DSL technologyhas replaced ISDN; however, in some areas where DSL is not available, ISDN may bethe best option. If available, most of the other services mentioned in this appendixprovide greater capacity at lower cost than ISDN.DSLDigital Subscriber Line (DSL) technologies have largely replaced ISDN service as theproduct telephone companies want consumers to use when connecting to theInternet. Like dial-up service, DSL connects to the Internet over ordinary coppertelephone lines, but is faster-at rates of 1.5 to 6.1 megabits per second (Mbps)-enabling continuous transmission of video and audio. DSL service is primarilymarketed to home and small business users, but the service is adequate to meet theTelekomunikasi dan Elektronikakomlek.net@2008needs of education agencies. While it does not have the same quality of service interms of speed or support that dedicated fiber optic lines typically provide, DSL ismuch more affordable. DSL is available in much of the United States, particularly inurban areas. Commercial DSL service generally runs from $100 to $250 per month, butcan run significantly higher.DSL service quality can vary from area to area and from service provider to serviceprovider. Additionally, the speed of access to the Internet depends on the distancebetween the user and the DSL relay station.Cable ModemsCable modems have become, in recent years, the most popular broadband technologyfor home computer users. The cable modem uses the same coaxial cable that carriescable TV signals for high-speed data transmission. While not as robust as fiber opticconnections, cable modems can provide similar quality service at a fraction of thecost. The quality of a cable modem connection, however, is dependent on the overallquality of the cable modem provider's network, and the more people accessing theprovider's network at the same time, the slower each individual's connection to theInternet will be. Speed ranges from under 1 to 8 Mbps; costs are generally $100 to$250 per month for commercial users.Because of the historically strong connection between education and the cabletelevision community, many schools are using cable modems. When contracting toprovide cable service to a city or county, the cable company typically makes thecommitment to provide one cable connection and one modem to each school within



the service area of the cable company. There are cases, however, in which cablecompanies have provided additional services.Higher Bandwidth Connections (including fiber optics)Many businesses and schools today connect to the Internet through larger cables,typically referred to as T1 (copper wire), T3 (coaxial cable or fiber optic cable), orOC3c (fiber optic) connections. These services are widely available, are highlyflexible, and provide high quality, fast broadband service. Costs are comparativelyhigh and vary widely from area to area. In urban areas, T1 connections (providing 1.5Mbps) are generally available for approximately $200 to $500 per month. In ruralareas, the same connection usually costs much more. Larger T3 and OC3cconnections, which provide 45 Mbps and 155 Mbps, respectively, generally costseveral thousands of dollars per month in urban areas and tens of thousands of dollarsper month in rural areas. Depending on the bandwidth needs of the school or district,it may be more sensible to utilize a less expensive connection.For some agencies, a more feasible option in the T-carrier system may be a"fractional" T1 line, which utilizes a portion of the T1. Fractional T1 lines areTelekomunikasi dan Elektronikakomlek.net@2008available to meet almost any speed requirement for a reduced price. This optionmakes sense for those agencies that may not need a full T1 line today, but might needincreased bandwidth in the future. In addition, upgrading fractional T1 to use more ofthe T1 line can usually be done without purchasing new hardware.Larger organizations, such as state government agencies or large school districts, mayrequire the faster OC3c connection. These high-speed connections are not alwaysavailable and, as mentioned, can cost tens of thousands of dollars per month. Wherethese networks exist, however, states (or counties or large districts) may be able todivide the bandwidth, according to the needs of smaller districts or schools. By doingthis, the cost of connecting to the Internet could be reduced for smaller agencies orschools. Districts or schools should, when considering which kind of connectivity topurchase, determine if there is a preexisting network to which they can connect.SatelliteSome larger agencies have considered buying space on a satellite to upload anddownload files. While the cost of transmitting information over wires would beremoved, satellite reliability is debatable. Weather (such as rain) or even sunspotscan affect satellite transmission.Cellular WirelessTraditionally, Internet access over cellular telephone networks has been slow andsomewhat unreliable. Wireless technology, however, is coming of age, and new,significantly faster Internet connection services are offered throughout the UnitedStates. While these "third generation wireless" services (generally referred to as 3Gservices) are not necessarily suitable for building use, they may suit the needs ofindividuals within the agency as they maintain contact with each other during theworkday. Already, cellular phones are replacing "walkie-talkies" in many secondary



schools. It is still too soon to tell how much these services will cost, but they willprobably be metered, with cost depending upon the amount of usage.Fixed WirelessFixed wireless refers to the operation of wireless devices in a fixed location. Unlikemobile wireless devices, which are battery powered, fixed wireless devices areelectrically powered. The basic idea behind fixed wireless is that the traditional wiredconnection (e.g., fiber optic, telephone line, or cable TV line) is replaced by a highspeedwireless connection. Depending on the technology, bad weather (such as rain)can significantly interfere with fixed wireless services. This service is usually mostattractive in communities where traditional wired connections are not available;however, the technology is also suitable for urban areas. Fixed wireless speed variesconsiderably, from under 1 Mbps to upwards of 15 Mbps. Cost also varies widely.

Wide-Area Networking OverviewCisco IOS software provides a range of wide-area networking capabilities to fit almost every networkenvironment need. Cisco offers cell relay via the Switched Multimegabit Data Service (SMDS), circuitswitching via ISDN, packet switching via Frame Relay, and the benefits of both circuit and packetswitching via Asynchronous Transfer Mode (ATM). LAN emulation (LANE) provides connectivitybetween ATM and other LAN types. Refer to the Cisco IOS Dial Technologies Configuration Guide:Volume 1 of 2 for further information on configuring ISDN. Refer to the Cisco IOS Switching ServicesConfiguration Guide for information on configuring LANE.



ObjectivesThe Cisco IOS Wide-Area Networking Configuration Guide presents a set of general guidelines forconfiguring the following software components:• ATM• Broadband Access: PPP and Routed Bridge Encapsulation• Frame Relay• Frame Relay-ATM Internetworking• SMDS• Link Access Procedure, Balanced and X.25This overview chapter gives a high-level description of each technology. For specific configurationinformation, see the appropriate chapter in this document.

OrganizationThe Cisco IOS Wide-Area Networking Configuration Guide includes the following chapters:• Configuring ATM• Configuring Broadband Access: PPP and Routed Bridge Encapsulation• Configuring Frame Relay• Configuring Frame Relay-ATM Interworking• Configuring SMDS• Configuring X.25 and LAPB

Introduction to NETWORKINGNetwork is the method to share hardware resources and software resources. We can share the resources with the help of operating system like windows, Linux, UNIX etc. To connect multiple networks we have to use internetworking devices like router, bridge, layer 3, switches etc.

Administrator model for NetworksWe can say that there are four components which are required to create

networks1. Software2. Protocol Stack3. Network Interface Card4. Media

SoftwareNetworking software can be divided in two categories:

Server software: - The software used to provide a particular service.Client software: - The software which is used to access service

provided by server.

Apache, Internet Explorer,



IIS, Outlook Express, Exchange 2003, Yahoo messenger, FTP Server, Cute FTP Send Mail

TCP/IP, IPX/SPX, AppleTalk, Netbeui

Design ConsiderationsServer software and Client software should be compatible.Protocol stack must be same.Connectivity can be performed via switch/hub etc.If NIC standards are different then translational bridge is required. If media is different then Trans-Receiver is required.


P R O T O C O L Stack

P R O T O C O L Stack

NIC NIC


OSI ModelOSI model is the layer approach to design, develop and implement networks. OSI model provides following advantages: -

(i) Designing of network will be standards based.(ii)Development time of new technologies will be reduced.(iii) Devices from multiple vendors can communicate with each other.(iv) Implementation and troubleshooting of network will be easier.

Application Layer: -sales manApplication layer accepts data and forward into the protocol stack. It creates user interface between application software and protocol stack.

Presentation Layer: -This layer decides presentation format of the data. It also able to performs other function like compression/decompression and encryption/decryption.



Jpg fileOnline song

Session Layer: -This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time.Telephone trun

Transport Layer: -Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like

Positive Acknowledgement & ResponseError checking Flow ControlBuffering WindowingMultiplexing Sequencing

Connection Oriented Communication

Connection less Communication

Send

(i) Error checking


Sender Receiver


Transport layer generates cyclic redundancy check (CRC) and forward the CRC value to

destination along with data. The other end will generate CRC according to data and match the

CRC value with received value. If both are same, then data is accepted otherwise discarded.

(ii) Flow ControlFlow control is used to control the flow of data during communication.

For this purpose following methods are used: -

(a) Buffering Buffer is the temporary storage area. All the data is stored in the

buffer memory and when communication ability is available the data is forward to another.(b) WindowingWindowing is the maximum amounts of the data that can be send to

destination without receiving Acknowledgement. It is limit for buffer to send data without

getting Acknowledgement.(c) MultiplexingMultiplexing is used for multiple application on same IP.

(iii) SequencingTransport layer add sequence number to data, so that out of sequence

data can be detected and rearranged in proper manner.

(iv) Positive Acknowledgement and ResponseWhen data is send to destination, the destination will reply with

Acknowledgement to indicate the positive reception of data. If Acknowledgement is not received within

a specified time then the data is resend from buffer memory.

Network LayerThis layer performs function like logical addressing and path determination. Each networking device has a physical address that is MAC address. But logical addressing is easier to communicate on large size network.

Its other responsibilities are:Fragmentation Quality of ServiceHeader checksum Protocol

Identification



Logical addressing defines network address and host address. This type of addressing is used to simplify implementation of large network. Some examples of logical addressing are: - IP addresses, IPX addresses etc. Path determinationNetwork layer has different routing protocols like RIP, EIGRP, BGP, and ARP etc. to perform the path determination for different routing protocol.

Data Link LayerThe functions of Data Link layer are divided into two sub layers

Logical Link Control Media Access Control

Logical Link Control defines the encapsulation that will be used by the NIC to delivered data to destination. Some examples of Logical Link Control are ARPA (Ethernet), 802.11 wi-fi.

Media Access Control defines methods to access the shared media and establish the identity with the help of MAC address. Some examples of Media Access Control are CSMA/CD, Token Passing.

Physical LayerPhysical Layer is responsible to communicate bits over the media this layer deals with the standard defined for media and signals. This layer may also perform modulation and demodulation as required.

Data Encapsulation

Data => Segment => Packet => Frames => Bits

Devices at different Layers



Physical Layer DevicesHub, Modem, Media, DCE (Data comm. Equipment)CSU/DSU, Repeater, Media converter

Data Link LayerNIC, Switch, Bridge

Network Layer DeviceRouter, Layer 3 Switch

All Layers DevicePC, Firewall

DCE: - DCE convert the bits into signal & send them on media.FDDI – Fiber Distributed Data InterfaceSwitch forwards frames on the base of MAC address.Router forwards packets on the base of IP address.

LAN Technologies

10 – 10000 mbps 4 – 16 mbps 4 – 16 mbps 1 – 108 mbpsEthernet Ethernet is the most popular LAN technology. It can support verity of media like copper (UTP, Coaxial, fiber optic). This technology supports wide range of speed from 10mbps to 10000 mbps.

Ethernet at Logical Link ControlTo create logical link control Ethernet uses ARPA protocol also called IEEE802.3. Ethernet adds source MAC, destination MAC, error checking information and some other information to data. Ethernet encapsulation explain as follows


LAN

Ethernet Token Ring FDDI Wi-Fi


Ethernet framePreamble An alternating 1,0 pattern provides a 5MHz clock at the start of each packet, which allows the receiving devices to lock the incoming bit stream.

Start Frame Delimiter (SFD)/Synch The preamble is seven octets and the SFD is one octet (synch). The SFD is 10101011, where the last pair of 1s allows the receiver to come into the alternating 1,0 pattern somewhere in the middle and still sync up and detect the beginning of the data.

Length or type 802.3 uses a length field, but the Ethernet frame uses a type field to identify the network layer protocol. 802.3 cannot identify the upper-layer protocol and must be used with a proprietary LAN-IPX, for exampleEthernet at Media Access ControlEthernet at Media Access Control layer uses CSMA/CD protocol to access the shared media.In these days, we use Ethernet with switches and in switches the technology is made CSMA/CA (Collision Avoidance). So this reason Ethernet is best compare with Token Ring, FDDI & Wi-Fi.

CSMA/CD



This algorithm runs when a collision created.

Ethernet FamilySpeed Base band10 Base 2 200-meter Coaxial cable10 Base 5 500-meter Thick Coaxial cable10 Base T 100 meter Twisted Pair (UTP)10/100(present) Base TX 100 meter UTP100 Base T4 100 meter UTP 4 Pairs used100 Base FX up to 4 kms Fiber Optic


Detect the Collision

Stop transmitting receiving data

Generate a random Number

Try to communicate after delay in multiple of random no.


1000(Server) Base TX 100 meter UTP1000 Base FX up to 100 kms Fiber Optic10000 Base FX Fiber Optic

Ethernet CablingCoaxial cablingT connector, Terminator, BNC connector, Coaxial cable, 10 base2 lan cards

UTP CablingIn the UTP, we have used different topology to create the network.

In any Ethernet UTP topology we have to use one of the two types of cables Straight cable Cross cable

Structure CablingRequirement: -

Rack, patch panel, Switch/ Hub( Rack Mounable), patch cord, I/O connector, I/O box, UTP cable

Tool: - Punching tool

Problems of Ethernet technology In Ethernet only one pc is able to send data at a time, due to this

the bandwidth of Ethernet will be shared. Not an equal access technology. One pc will send data, which will be received by the all devices of

network. Due to this data communication will not be secured.



Collision will occur in the network and collision will lead to other problems like latency, delay and reduce throughput.

Latency – time duration to send packet from start to end.

Throughput – speed to send data (output) All PCs will have single broadcast domain. Due to this the

bandwidth will be reduced.

LAN Segmentation of Ethernet NetworkThere are three methods to perform LAN segmentation

(1) LAN segmentation using bridge.(2) LAN segmentation using switches.(3) LAN segmentation using Routers.

LAN segmentation using bridge.Existing

New

1st collision domain 2nd collision domain 3rd collision domain

1 broadcast domainWorking of Bridge: -Working of Bridge explains in following steps: -

(i) Bridge can receives a frame in the buffer memory.(ii)The source MAC address of frame this stored to the bridging table.

Port number MAC address123

(iii) According to the destination MAC address the frame will be forwarded or drop

(a)If destination MAC address of the frame is known then frame is forwarded to the particular port.(b)If destination MAC address is unknown by bridging table then frame is forwarded to the all port except receiving port.(c) If destination MAC address is broadcast MAC address ff.ff.ff.ff.ff.ff.



(d)If destination MAC address exist on the same port from which port received then frame is dropped.

Collision domainA group of pc, in which collision can occur, is called a collision domain.Broadcast domainA group of pc in which broadcast message is delivered is called broadcast domain.

LAN segmentation using SwitchesDue to perform Lan segmentation using switches. We have to remove hubs from the network and replace hub with switches the working of switches. The working of switch is exactly like a bridge. A multiport bridge can be used as a bridge.

1 Broadcast domain Multiple Collision domain = micro segmentation

Switch’s working is similar to the bridge.Advantages of Switches: -

(1) Bandwidth will not be shared and overall throughput will depend on wire speed of the switch. Wire speed is also called switching capacity measured in mbps or gbps.

Minimum port on switches = 4Maximum port on switches = 48

(2) Any time access technology.(3) One to one communication so that network will be more secures.(4) Switches will perform micro segmentation and no collision will occur in network.

Lan segmentation using routerIf we are facing high concession in the n/w due to the large number of broadcast then we can divide broadcast domain of network. So that number of broadcast message will be reduced.



1st Broadcast Domain 2nd Broadcast Domain 3rd Broadcast DomainWe have to install router between multiple switches to divide the broadcast domain. Each broadcast domain has to used different network address and router will provide inter network communication between them.



Router AdministrationIn this chapter we will study hardware architecture, Router Booting behavior, Command Line Usage and administration.

Pc Architecture

Router Architecture

IOS

Components of ROUTERRouter operation When a pc has to send data to a different network address, then data will be forwarded to the router. It will analysis IP address of the data and obtain a route from the routing table. According to the route data will be dropped, If route not available.

(1) ProcessorSpeed: - 20 MHz to 1GHzArchitecture: - RISC

Reduce Instruction set computerManufacturers: - Motorola, IBM, Power PC, Texas, Dallis, Intel.


I/OController

K/BController

Keyboard

DisplayCard

V.D.U

SerialParallelUSB

SoundCard

Processor

RAM

Memory controller

BIOSROM

CMOSRAM

HDD FD CDD

Processor

Memory Controller

BIOS ROM

NVRAM

RAM

Flash RAM O/S

I/O Controller

LAN

WAN

Ports


(2) Flash RAMFlash Ram is the permanent read/write memory. This memory is used to store one or more copies of router o/s. Router o/s is also called IOS (Internetwork Operating System).

Flash Ram stores the only o/s.The size of flash ram in the router is 4mb to 128mb. The flash ram may be available in one of the following three packages: -

SIMM Flash: - Single In-Line Memory ModulePCMCIA Flash: - Personal Computer Memory Card Interface ArchitectureCompact Flash: - (Small Memory)

(3) NVRAMNVRAM is a “Non Volatile Random Access Memory”. It is used to store the configuration of the Router. The size of NVRAM is 8 KB to 512 KB.

(4) RAMRam of the router is divided into two logical parts.

(i) Primary RAM(ii) Shared RAM

Primary RAMPrimary RAM is used for: -

(a)Running copy of IOS.(b)Running configuration(c) Routing table(d)ARP table (IP address to MAC address)(e)Processor & other data structure

Shared RAMShared RAM is used as a buffer memory to shared the data received from different interfaces. Size of ram in a router may vary from 2 mb to 512 mb. The types of memory that may be present in a ram are: -

(a)DRAM Dynamic RAM(b)EDORAM Extended Data Out RAM(c) SDRAM Synchronous Dynamic RAM

(5) BIOS ROMThe BIOS ROM is the permanent ROM. This memory is used to store following program & Routines: -

(i) Boot strap loader (doing booting)(ii) Power on self test routines(iii) Incomplete IOS(iv) ROM Monitor (ROM-MON)

Router & PC termsRouter PCROM-MON CMOS Setup



Incomplete IOS Bootable Floppy/CDFLASH O/S From HDD

Router Interfaces & PortsInterface is used to connect LAN networks or wan networks to the router. Interface will use protocol stacks to send/receive data. Ports are used for the configuration of routers. Ports are not used to connect different networks. The primary purpose of port is the management of router.

Router InterfacesInterface Connector color Speed UseEthernet RJ45 yellow 10 mbps To connect Ethernet LAN

Using UTP media

AUI DB15 yellow 10 mbps To connect Ethernet LAN

Using Trans-Receiver

Fast Ethernet RJ45 yellow 100 mbps To connect Ethernet LAN

Serial DB60 blue E1-2 mbps To connect WAN T1-1.5 mbps Technology like Leased

Lines, Radio link, Frame Relay, X.25, ATM

Smart Serial SS blue “ “

BRI ISDN RJ45 orange 192 kbps To connect ISDN Basic Rate Interface

VOIP RJ11 white - to connect Phones, Fax,

EPABX

AUI – Attachment Unit Interface EPABX – Electronic Private Automatic BranchPSTN – Public Services Telephone Network

Router PortsPort Connector Color Speed DetailsConsole RJ45 sky blue 9600bps Used for configuration

using PC

Auxiliary RJ45 black depend on To connect remote



Modem router using PSTN line

Virtual terminal - - - To connect remote router Vty with telnet protocol via interface

Other interfaces:-(1) Token Ring RJ45 Violet 4/16 mbps To connect Token Ring network.

(2) E1/T1 controller RJ45 White E1-2048 kbps Connect E1/T1lines

T1-1544 kbps

(3) ADSL RJ11 - UP- 1 mbps For ADSL Broadband (Asynchronous Digital Subscriber Line) Down- 8 mbps

Types of routers:-(1) Fixed configuration router(2) Modular router(3) Chassis based router

Access Router using consoleConnect PC serial port to router Console using console cable.

Step 1 Click the Start button on the Windows Taskbar, and select Programs > Accessories > Communications > HyperTerminal. HyperTerminal launches and displays the Connection Description dialog box.Type any name

Step 2 Select com port



Step 3 On the Port Settings tab, enter the following settings:

Speed - 9600 Data Bits - 8 Parity - none Stop bits - 1 Flow Control - none

Step 4 Click ok

Router Access ModesWhen we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user.

User modeIn this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not configure to manage & configure router.

Privileged modeIn this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router.

The command to enter in this mode is ‘enable’. We have to enter enable password or enable secret password to enter in this mode. Enable secret has more priority than enable password. If both passwords are configured then only enable secret will work.

Global configurationThis mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router. The command enter in this mode is ‘configure terminal’.For e.g: - router hostname or access list of router

Line configuration modeThis mode is used to configure lines like console, vty and auxiliary. There are main types of line that are configured.

(i) Console router(config)#line console 0(ii) Auxiliary router(config)#line aux 0(iii) Telnet or vty router(config)#line vty 0 4

Interface configuration modeThis mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc. Router(config)#interface <type> <number>e.g.



Router(config)#interface serial 1

Routing configuration modeThis mode is used to configure routing protocol like RIP, EIGRP, OSPF etc.

Router(config)#router <protocol> [<option>]

Router(config)#router ripRouter(config)#router eigrp 10

Configuring PasswordsThere are five types of password available in a router

(5) Enable Secret PasswordEnable Password is the clear text password. It is stored as clear text in configuration where as enable secret password is the encrypted password with MD5 (Media Digest 5) algorithm.

Router#configure terminalRouter(config)#enable secret <word>Router(config)#exit

Encryption all passwordsAll passwords other than enable secret password are clear text password. We can encrypt all passwords using level 7 algorithm. The command to encrypt all passwords are:

Router#configure terminalRouter(config)#service password-encryption

TIP: In CISCO router any configuration can be removed by using ‘no’ prefix to the same command.


(1) Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit

(2) Vty Passwordrouter#configure terminalrouter(config)#line vty 0 4router(config-line)#password <word>

(3) Auxiliary Passwordrouter#configure terminalrouter(config)#line Aux 0router(config-line)#password <word>router(config-line)#loginrouter(config-line)#exit

(4) Enable Passwordrouter>enablerouter#configure terminalrouter(config)#enable password <word>


Managing ConfigurationThere are two types of configurations present in a router

(1) Startup Configuration (2) Running Configuration

Startup configuration is stored in the NVRAM. Startup configuration is used to save settings in a router. Startup configuration is loaded at the time of booting in to the Primary RAM.

Running Configuration is present in the Primary RAM wherever we run a command for configuration, this command is written in the running configuration.

CISCO command line editing & shortcuts

Configuring HostNameRouter#configure terminalRouter#hostname <name>

Configuration InterfacesInterfaces configuration is one of the most important part of the router configuration. By default, all interfaces of Cisco router are in disabled mode. We have to use different commands as our requirement to enable and configure the interface.

Configuring IP, Mask and Enabling the InterfaceRouter#configure terminalRouter(config)#interface <type> <no>Router(config-if)#ip address <ip> <mask>


To display running-configuration

Router#show running-configuration

To display startup configurationRouter#show startup-

configuration

To erase old configuration

To save configurationRouter#copy running-config startup-configOrRouter#write

To abort configurationRouter#copy startup-config running-config

Command line shortcutsTab – to auto complete command? – To take helpCtrl+P – to recall previous commandCtrl+N – next commandCtrl+Z – alternate to ‘end’ commandCtrl+C – to abort

Command line editing shortcutsCtrl+A – to move cursor at start of lineCtrl+E – to move cursor at end of lineCtrl+ B – to move cursor one character backCtrl+F – to move cursor one character forwardCtrl+W – to delete word one by one


Router(config-if)#no shutdownRouter(config-if)#exit

Interface NumbersInterface numbers start from 0 for each type of interface some routers will directly used interface number while other router will use slot no/port no addressing technique.

Eth 0 Slot 1 Slot 0Serial 0 Serial 1/0 Serial 0/0Serial 1 Serial 1/1

Show interfaces command will display following parameters about an interface

Configuring sub interfaceSub interface are required in different scenario. For e.g:- in Ethernet we need sub interface for Vlan communication and in frame relay we need sub interface for multipoint connectivity. Sub interface means creating a logical interface from physical interface.

Router#config terRouter(config)#interface <type> <no>.<subint no>Router(config-subif)#Router(config)#interface serial 0.2


To configure Interface descriptionRouter#configure terminalRouter(config)#interface <type> <no>Router(config-if)#description <line>

Configuring parameters on LAN interfaceRouter#configure terminalRouter(config)#interface <type> <no>

Configuring parameters on WAN interfaceRouter#configure terminalRouter(config)#interfac <type> <no>Router(config-if)#encapsulation <protocol>Router(config-if)#clock rate <value>Router(config-if)#end

To display interface status

StatusMac address IP addressSubnet maskHardware type / manufacturerBandwidthReliabilityDelayLoad ( Tx load Rx load)Encapsulation

Keep aliveQueuing strategyInput queue detail Output queue detailsTraffic rate (In packet per second,bit per second)Input packet detailsOutput packet detailsModem signals (wan interface only)M.T.U maximum transmission rate (mostly 1500 bytes)


Configuring secondary IPRouter(config-if)#IP address 192.168.10.5 255.255.255.0Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondary

Managing Command Line HistoryWe can use CTRL+P & CTRL+N shortcuts to display command history. By default router will up to 10 commands. In the command line history, we can use following commands to edit this setting

Configuring BannersBanners are just a message that can appear at different prompts according to the type. Different banners are: Message of the day (motd)-This banner appear at every access method

Login-Appear before login promptExec- Appear after we enter to the execution modeIncoming-Appear for incoming connections

Logging configurationRouter generates the log message, which has stored in the router internal buffer and also displayed on the console.

Download Syslog Server Software from internet & install it on PC to store syslog messages.Configuring Router ClockWe can configure router clock with the help of two methods.

(1) Configure clock locally (2) Configure clock on NTP server (Network Time Protocol)


To display commands present in history

Router#show history

To display history sizeRouter#show terminal

To change history sizeRouter#config terminalRouter(config)#line console 0Router(config-if)#history size <value>Router(config-if)#exit

Syntax:-Router#config terminalRouter(config)#banner <type> <delim. char>

Text Massage<delimation char>

Router(config)#

Example:-Router#config terminalRouter(config)#banner motd $This router is distribution 3600 router connected to Reliance$

To send log messages to sys log serverRouter#config terRouter(config)#logging <IP address>Router(config)#exit

To display log buffer

Synchronous Logging on consoleRouter#config terminalRouter(config)#line console 0Router(config)#logging synchronousRouter(config)#exit


Router does not have battery to save the clock setting. So that clock will reset to the default on reboot. In new routers clock battery will be available for time keeping.

Use “C:\>ping pool.ntp.org” To get ntp server ip from internet

Status message of InterfacesWhen we use “Show Interfaces” command on router. The first two lines will display the status message. It will display one of the following four messages.

Interface is administratively down, line protocol is down.This message means that the interface is shutdown by the administrator using “shutdown” command. We can change this status with help of “no shutdown” command.Interface is up, line protocol is up.This message will appear when everything working fine and interface is able to communicate with other devices. In case of Ethernet, this message will display when interface is connected and enabled. In case of serial, this message will display when end to end connectivity is established.Interface is down, line protocol is downIn case of serial, this message will appear due to loss in connectivity with modem.Interface is up, line protocol is downThis message will appear due to the encapsulation failure. In case of Ethernet, this message may appear when interface is not connected properly. In case of serial, this message may appear due connectivity problem with far end router.

Setup ModeThe router will enter in setup mode if there is no configuration is present in NVRAM. The router will display following message


To display clockRouter#show clock

To configure clockRouter#clock set hh:mm:ss day month year

To configure clock from NTP serverRouter#config terminalRouter(config)#ntp server <IP address>Router(config)#exit


“Would you like to enter in initial configuration dialog [ y / n ]: “There are two types of setup modes:

Basic setup mode Extended setup mode

In basic mode only one interface is configured which will be used for telnet or web access connectivity. In extended mode all interfaces are configured. At the end we can save configuration changes or discard changes

Telnet access :Telnet is a virtual port through which we can access router command line using interfaces

Switch Router

To accept telnet connection we have to configure following options on router:Configure IP on interfaceConfigure VTY, enable secret password

On client PC test connectivity with router & use command ‘telnet <router_ip>’

SSH access to Router or SwitchThere are four steps required to enable SSH support on an IOS router:

1. Configure the hostname, domain name command. 2. Generate the SSH key to be used.

3. Enable SSH transport support for the virtual type terminal (vtys).

4.

5.


PC


Router Booting Sources

A router can boot from various sources. By default, it will boot from the flash memory and we can control the sequence with the help of configuration system or commands. A router can boot from following sources: -

(1) First file in flash (2) Specific file in flash (3) Incomplete IOS(4) TFTP Server(5) Rom Monitor (from Bios)

The first to control boot sequence using configuration system register. We can modify configuration register value with the help of “config-register” command in global configuration mode. We can also modify register value from ROM monitor mode.

Configuration RegisterConfiguration Register is 16-bit value, which is stored in the NVRAM. At

the time of booting the Bootstrap Loader reads the value of configuration Register and according to the value it configure its booting behavior.

0x2102 (IOS with Config)With this value the router will boot from first file present in the flash memory. This is the default value of configuration register. After loading IOS the router will also load startup-config into running-config.0x2101 (Incomplete IOS with Config)The router will boot from incomplete IOS and then load the startup-config.0x2100 (Rom Monitor)With this router will not boot, but enters in the Rom Monitor mode.0x2142 (IOS without Config)The router will boot from first file in flash. But bypass the startup configuration0x2141 (Incomplete IOS without Config)The router will boot from Incomplete IOS but bypass the startup-config.

Note: - this is the only value, which is configured in the configuration mode and does not need to be saved.

To change Config-Register using Rom Monitor Steps: -

(1) Power on the router(2) Press “ctrl+break” from console with in 60 sec.(3) The router will enter to the Rom Monitor. Type following commands


To change Config-Register from global mode

Router#configure terminalRouter(config)#config-register <value>Router(config)#exitRouter#reload


Rommon 1> confreg <value>Rommon 2> i

Note: - in 2500 series router “o/r” command should be used in place of “confreg” command.Boot System commands

Boot system command is the second method to control sequence of router. These commands will be executed only when configuration register is set to 0x2102. Boot system commands are executed in global configuration mode. These commands are executed in the same sequence they are applied to the router. If one boot system command is successful then next boot system command is not executed in the router.

TFTP serverTFTP server is modified form of FTP. It is used to transfer file without

performing authentication. TFTP has only home directory, in which subdirectories are not allowed. Directory browsing is not allowed in the home directory.

TFTP is the udp-based protocol, which works on port no 69. TFTP has following features in comparison to the FTP.(1) Only get file and put file service is available.(2) Authentication is not supported.(3) Home directory may not have subdirectories(4) Directory browsing is not allowed

Installation and Configuration of TFTP server In windows system, we have to execute following steps to use the pc as TFTP server.

(1) Download TFTP server software from Internet.(2) Install the TFTP server software on pc.(3) If software is not installed as the service then software should be running on screen. Configure home directory of server or use default.

Functions to be perform with the help of TFTP server(1) To boot router from TFTP server(2) Backup IOS and configuration(3) Restore IOS and configuration(4) Upgrade IOS

(1) To boot from TFTP server i) Run the tftp server s/w on pc. And copy IOS image file in the Home directory of tftp server. ii) Test connectivity between router and tftp server. iii) On router use following commands:- Router#conf ter Router(config)#boot system tftp c1700-1s-mz.122.3.bin 10.0.0.18Prepared and Design by Mr. Hijrat Afghan

To boot router from specific file in flashRouter(config)#boot system flash <file name>

To boot router from TFTP server/networkRouter(config)#boot system tftp <file name>

To boot from first file in flashRouter(config)#boot system flash

To boot from


Router(config)#exit Router#copy runn start Reload the device. Make sure that configuration register set as 0x2102.

2) To backup IOS i) Test connectivity and make sure TFTP server is running. ii) Type command: - Router#show flash (note the IOS filename) Router#copy flash TFTP

Source filename = ?Destination filename=?IP of TFTP server=?

(3) To backup Configuration i) Test connectivity and make sure TFTP server is running. ii) Type commands: - Router#copy running-config tftp

Or Router#copy startup-config tftp

Remote IP: ________Destination Filename: ________

3) To restore Configuration i) Test connectivity and make sure TFTP server is running. ii) Make sure configuration file is present in home directory and note the filename. iii) Type commands: - Router#copy tftp running-config

Remote IP: __________ Source Filename: ___________Destination Filename[running-config]: _ Press enter here

4) Restore/Upgrade IOSThere are four different conditions in which we can restore/upgrade IOS.

Case 1: old IOS is present and flash is in read/write mode. Copy IOS image in tftp server’s home directory. Test connectivity and make sure tftp server is running. On router use commands: -

Router# copy tftp flash Source file: -

Destination file: - IP address: -

Erase Flash [y/n]:

Case2: Old IOS is present but flash is in read only mode.



In this case, we have to set config-register to 0x2101 to boot the router from incomplete IOS.

After booting the flash will be read/write mode. Now use same command as in condition case 1.

When IOS loading is complete reset config-register to 0x2102.

Case3: old IOS is not present but incomplete IOS is present in bios.The router will automatically boot from incomplete IOS. And we have to execute same commands as in case1 and case2.

Case4: Complete IOS and incomplete IOS is not present in router. There are two methods to load IOS with the help of Rom Monitor mode.

Method1: Loading IOS using xmodemIn this case we have to use xmodem command and the IOS will be loaded with the help of console cable. Tftp is not required in this case.

Enter to the Rom Monitor and type following command. Rom Mon 1>xmodem <filename>

When router display a message “ Ready to receive file” then click on HyperTerminal then Transfer>> Send file>> use browse to select file>> select protocol xmodem>> send.

Method2: In this case we have to use tftp server in Rom Monitor. Connect the pc tftp server make sure tftp is running and IOS image

present in the home directory. Enter to the Rom Monitor mode and type following command.

Rom Mon>IP_ADDRESS=10.0.0.2Rom Mon> TFTP_SERVER=10.0.0.1Rom Mon> TFTP_FILE=<filename>Rom Mon> DEFAULT_GATEWAY=10.0.0.1Rom Mon> IP_SUBNET_MASK=255.0.0.0Rom Mon> tftpdnld

When IOS transfer is completed then type command. Rom Mon>bootTo view source from which router boots.

Router#show version

Resolving Host NamesIn router, we can communicate with the help of IP address as well as host name and domain name. There are two methods to resolve hostname into IP address.

1) Using local hostname database We can use local hostname database by using IP host command. We can use this command with following syntax: -


To create local hostname databaseRouter(config)#IP host <name> <IP

To display hostsRouter#show hosts


2) Using a DNS server We can configure router to send DNS queries to DNS server. The DNS server will resolve hostname and then pc or router will try to communicate with destination. We can create maximum 6 IP.

Router#config terminalRouter(config)#IP name-server <IP> [<IP2>]Router(config)#IP name-server 202.56.230.6Router(config)#exit

Managing Telnet connectionOur router is able to telnet other devices as well as other devices can also perform telnet to our router.

To allow Telnet access to routerFor this purpose we have to configure IP address, vty password and

enable secret password. IP must exist between client and router. When router will be able to perform telnet access.

On telnet client we have to use following command: -Router#Telnet <IP of router>

TIP: If we want to allow telnet router without password then on the VTY type command “No Login”.


To display connected usersRouter#show users

To disconnect a userRouter#clear line <no>

To display connected sessionRouter#show sessions

To telnet a device from routerRouter#telnet <IP>

To exit from telnet sessionRouter#exit

To exit from a hanged telnet session

Ctrl+shft+6 X


TCP/IP MODELTCP/IP is the most popular protocol stack, which consist of large no of protocol. According to the OSI model TCP/IP consist of only four layers. TCP/IP model is modified form of DOD (Department of Defense) model.

Application Layer

This layer contains a large no. of protocols. Each protocol is designed to act as server & client. Some of protocol will need connection oriented. TCP and others may need connection less UDP for data transfer.

Application layer use port no.s to identity each application at Transport layer. This layer performs most of functions, which are specified by the Application, Presentation, and Session layer of OSI model.

Transport Layer Two protocols are available on Transport layer Transmission Control Protocol User Datagram Protocol

1) Transmission Control Protocol: TCP performs connection-oriented communication. Its responsibilities are: -

Error Checking AcknowledgementSequencing Flow ControlWindowing



Source Port and Destination Port fields together identify the two local end points of the particular connection. A port plus its hosts’ IP address forms a unique end point. Ports are used to communicate with the upper layer and distinguish different application sessions on the host.

The Sequence Number and Acknowledgment Number fields specify bytes in the byte stream. The sequence number is used for segment differentiation and is useful for reordering or retransmitting lost segments. The Acknowledgment number is set to the next segment expected.

Data offset or TCP header length indicates how many 4-byte words are contained in the TCP header.

The Window field indicates how many bytes can be transmitted before an acknowledgment is received.

The Checksum field is used to provide extra reliability and security to the TCP segment. The actual user data are included after the end of the header.

2) User Datagram ProtocolUDP is considered to be a connectionless protocol. It leaves reliability to be handled by the

application layer. All it cares about is fast transmission.UDP header is responsible for error checking and identifying applications using port numbers.



Internet LayerThe main function of Internet layer is routing and providing a single network interface to the upper layers protocols. Upper or lower protocols have not any functions relating to routing. To prevent this, IP provides one single network interface for the upper layer protocols. After that it is the job of IP and the various Network Access protocols to get along and work together. The main protocols are used in Internet layer:-

1) Internet Protocol (IP)2) Internet Control Message Protocol (ICMP)3) Address Resolution Protocol (ARP)4) Reverse Address Resolution Protocol (RARP)5) Proxy ARP

Internet ProtocolThis protocol works at internet layer. It is responsible for logical addressing, defining type of service and fragmentation.

Source Port and Destination Port fields together identify the two local end points of the particular connection. A port plus its hosts IP address forms a unique end point. Ports are used to communicate with the upper layer and distinguish different application sessions on the host.

The Sequence Number and Acknowledgment Number fields specify bytes in the byte stream. The sequence number is used for segment differentiation and is useful for reordering or retransmitting lost segments. The Acknowledgment number is set to the next segment expected.

Data offset or TCP header length indicates how many 4-byte words are contained in the TCP header.



Window indicates how many bytes can be transmitted before an acknowledgment is received.

Checksum is used to provide extra reliability and security to the TCP segment. User data represents the actual data which are always included at end of the header.

IP SubnetIn TCP/IP by default three sizes of networks are available: -(1) Class A -224 PC -> 16777216(2) Class B - 216 PC-> 65536(3) Class C – 28 PC -> 256

In subneting, we will divide class A,B & C network into small size sub networks. This procedure is called subneting.

Subneting is performed with the help of subnet mask. There are two types of subneting that we performed: -

(1) FLSM Fixed Length Subnet Mask(2) VLSM Variable Length Subnet Mask

Why to Sub? (i) Default Class Network provide us large no. of PCs in comparison to the requirement of PCs in the network.(ii) It is practical never possible to create a class A or class B sized network.

To reduce the broadcast of network, we have to perform LAN segmentation of routers. In each sub network, we need different network addresses.

How to Subnet? In this formula, we will first modify our requirement according to the no. of subnet possible then we calculate new subnet mask and create IP range.

Example 1 Class = CNo. of subnet =5

Step1No. of subnet possible is 2,4,8,16,32……Class= CNo. of subnets= 8

Step 2Calculate key value2? = No. of subnets2? = 823= 8

Step 3Calculate new subnet mask



In class CNet id Host id24+key 8-key24+3 8-327 5

11111111.11111111.11111111.11100000 255. 255. 255. 224

We add this address to make subnet mask

Step 4RangeNo. of Pc/Subnet= Total Pc/ No. of Subnet

= 256/8 =32

In Class Cx.x.x.0 – x.x.x.31 (1)- (30)x.x.x.32- x.x.x.63 64- 95 96- 127 128- 159 160- 191 192- 223x.x.x.224-x.x.x.255

The first IP of each subnet will be subnet id and last IP will be sub network broadcast address.

Example 2 Class= CNo. of subnet= 10

Step 1No. of subnet= 16

Step 224= 16

Step 3Net id Host id24+4 8-411111111.11111111.11111111.11110000

Subneting method 2Class=No. of Pc/Sub= 8Mask= ?



Range= ?

In this case we have to calculate the key according to the no. of per subnet according to the key value the bits of subnet mask from right hand side are set to zero then range is calculated.

ExampleClass= CNo. of Pc/Sub=5

Step 1No. of Pc/Subnet possible 4,8,16,32,64….

New requirementClass= CNo. of Pc/Sub= 8

Step 22?= No. of Pc/Sub2?= 823= 8

key 3

11111111.11111111.11111111.11111000 255. 255. 255. 248

No. of Subnet= Total Pc/(Pc/Sub) = 256/8

Class C Sub Pc/Sub255.255.255.248 32 8

200.100.100.0 200.100.100.7 .8 .15 .16 .23 .24 .31 .

.

Example 2Class CNo. of Pc/Sub=50

Step 1Class= CNo. of Pc/Sub= 64

Step 2



26= 6411111111.11111111.11111111.11000000 255. 255. 255. 192

No. of subnet= 256/64= 4

Class C Sub Pc/Sub255.255.255.192 4 64

Method 3No. of Pc/Sub= 50

New req.No. of Pc/Sub= 64

No. of Subnet= 256/64= 4

Class= CNo. of Sub= 422= 424+2 8-211111111.11111111.11111111.11000000 255. 255. 255. 192

Zero SubnetAccording to the rules of IP Addressing the first subnet and last subnet is not useable due to routing problem. In new Cisco router a command is present in default configuration. With this command, we are able to use first and last Subnet after Subneting.Command is Router#config terRouter(config)#ip subnet-zeroRouter(config)#exit

Example: - Check whether an address is valid IP, N/w address or Broadcast address. If IP is valid then calculate its N/w & Broadcast address.

200.100.100.197255.255.255.240

28 4

200.100.100.197200.100.100.1100 0101 Valid IP

200.100.100.192200.100.100.1100 0000 Network address



200.100.100.207200.100.100.1100 1111 Broadcast address

Example: - Class= BNo. of subnet= 64

26= 6411111111.11111111.11111111.11000000 255. 255. 255. 192

No. of Pc/Sub= 65536/64= 1024

150.20.0.0 – 150.20.3.255150.20.4.0 – 150.20.7.255150.20.8.0 – 150.20.11.255

Prefix Notation of representing IP AddressIP address can be written as IP & Mask as well as IP/Prefix.

200.100.100.18255.255.255.248200.100.100.18/29

170.20.6.6255.255.255.224.0170.20.6.6/19

This method is representing IP address also called CIDR (Classless Inter Domain Routing) notation.

No Subneting

200.100.8.X 200.100.1.X

200.100.7.X 200.100.9.X

200.100.4.X 200.100.6.X200.100.5.X

200.100.3.X 200.100.2.X

FLSM

200.100.1.112-127/28 200.100.1.128-143/28



200.100.1.95-111/28

200.100.1.48-63/28

200.100.1.80-95/28

200.100.1.64-79/28 200.100.1.32-47/28

200.100.0-15/28200.100.1.16-31/28

Remaining Subnet144 – 159160 – 175176 – 191192 – 207208 – 223224 – 239240 – 255

Problem with FLSMIn FLSM, we have to create subnet of equal size. All N/w will be allotted constant size subnet instead of their IP addresses requirement. Due to this a N/w may be allotted more than required IP address and less than required IP addresses.

VLSM /25 /26 /27 /28 /29

255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248

Sub Pc/Sub Sub Pc/Sub Sub Pc/Sub Sub Pc/Sub Sub Pc/Sub 2 128 4 64 8 32 16 16 32 8

0 – 127 0 – 63 0 – 31 0 – 15 0 – 7128 – 255 64 – 127 32 – 63 16 – 31 8 – 15

128 – 191 64 – 95 32 – 47 16 – 23 192 – 255 96 – 127 48 – 63 24 - 31



64 –79 80 – 95 96 – 111

/30255.255.255.252

Sub Pc/Sub 64 4

0 – 3 4 – 7 8 – 11 20 64 12 – 15 32-63/30 64-95/27

2 IP 2 0-3/30

4-7/302 2

8-11/30 12-15/30

5 16-23/29

10 50 96-111/28 128-191/26

Remaining 24 – 31112 – 127

If we are using VLSM and Dynamic Routing then routing be compatible to VLSM. This will happen only if Subnet masks are also sends in the routing updates.

Super Netting Combining small N/w to create a large size N/w is called Super Network. Super netting is mostly used to define route summarizations in routing tables. It is not used for the implementation of large network.

170.10.0.0 170.00001010.00000000.00000000

170.11.0.0 170.00001011.00000000.00000000



IP RoutingWhen we want to connect two or more networks using different n/w addresses then we have to use IP Routing technique. The router will be used to perform routing between the networks. A router will perform following functions for routing.

(1) Path determination(2) Packet forwarding

(1) Path determination The process of obtaining path in routing table is called path determination. There are three different methods to which router can learn path.i) Automatic detection of directly connected n/w.ii) Static & Default routingiii) Dynamic routing

(2) Packet forwarding It is a process that is by default enable in router. The router will perform packet forwarding only if route is available in the routing table.

Routing Process(i) The pc has a packet in which destination address is not same as the local n/w address.(ii) The pc will send an ARP request for default gateway. The router will reply to the ARP address and inform its Mac address to pc.(iii) The pc will encapsulate data, in which source IP is pc itself, destination IP is server, source Mac is pc’s LAN interface and destination Mac is router’s LAN interface.

R1

10.0.0.1

PC1 10.0.0.6 172.16.0.5

S. MAC D. MACPC1 R1D. IP 172.16.0.5S. IP 10.0.0.6

The router will receive the frame, store it into the buffer. When obtain packet from the frame then forward data according to the destination IP of packet.



The router will obtain a route from routing table according to which next hop IP and interface is selected (iv) According to the next hop, the packet will encapsulated with new frame and data is send to the output queue of the interface.

Static RoutingIn this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router.

Steps to perform static routing(1) Create a list of all n/w present in internetwork.(2) Remove the n/w address from list, which is directly connected to n/w.(3) Specify each route for each routing n/w by using IP route command.

Router(config)#ip route <destination n/w> <mask> <next hop ip>

Next hop IP it is the IP address of neighbor router that is directly connected our router.

Static Routing Example: -Router#conf terRouter(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2

Advantages of static routing(1) Fast and efficient.(2) More control over selected path.(3) Less overhead for router.(4) Bandwidth of interfaces is not consumed in routing updates.

Disadvantages of static routing(1) More overheads on administrator.(2) Load balancing is not easily possible.(3) In case of topology change routing table has to be change manually.

Alternate command to specify static routeStatic route can also specify in following syntax: -Old Router(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2OrRouter(config)#ip route 172.16.0.0 255.255.0.0 serial 0

Backup route or loading static route If more than one path are available from our router to destination then we can specify one route as primary and other route as backup route.



Administrator Distance is used to specify one route as primary and other route as backup. Router will select lower AD route to forward the traffic. By default static route has AD value of 1. With backup path, we will specify higher AD so that this route will be used if primary route is unavailable.

Protocols ADDirectly Connected 0Static 1BGP 20EIGRP 90IGRP 100OSPF 110RIP 120

Syntax: - To set backup pathRouter(config)#ip route <dest. n/w> <mask> <next hop> <AD>

Or<exit interface>

Example: -Router#conf terRouter(config)#ip route 150.10.0.0 255.255.0.0 150.20.0.5Router(config)#ip route 150.10.0.0 25.255.0.0 160.20.1.1 8 (below 20)Router(config)#exitDefault RoutingDefault routing means a route for any n/w. these routes are specify with the help of following syntax: -Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>

Or<exit interface>

This type of routing is used in following scenario.

Scenario 1: -Stub networkA n/w which has only one exit interface is called stub network.


R


If there is one next hop then we can use default routing.

Scenario 2Internet connectivityOn Internet, million of n/ws are present. So we have to specify default routing on our router. Default route is also called gateway of last resort. This route will be used when no other routing protocol is available.

200.100.100.11

172.16.0.5

10.0.0.0

Router(config)#ip route 10.0.0.0 255.0.0.0 172.16.0.5Router(config)#ip route 0.0.0.0 0.0.0.0 200.100.100.11

To display routing tableRouter#sh ip route

To display static routes onlyRouter#sh ip route static

To display connected n/ws onlyRouter#sh ip route connected

S 192.168.10.0/28 [1/0] via 172.16.0.5

To check all the interface of a routerRouter#sh interface brief


ISP

R1 R2


Dynamic RoutingIn dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table.

The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected. Some examples of dynamic protocol are: -RIP, IGRP, EIGRP, OSPF

Types of Dynamic Routing ProtocolsAccording to the working there are two types of Dynamic Routing Protocols.(1) Distance Vector(2) Link State

According to the type of area in which protocol is used there are again two types of protocol: -(1) Interior Routing Protocol(2) Exterior Routing Protocol

Autonomous systemAutonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in single domain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 – 200 bytes information. For example: - if there are 1000 n/ws then size of update will be

200*1000 = 200000 bytesThe routing information is send periodically so it may consume a large amount of bandwidth in our n/w.

Domain


Interior Routing

Exterior Routing

Border Routing

AS 200AS 400

AS 500


ProtocolsInterior Routing Exterior RoutingRIP BGPIGRP EXEIGRPEIGRPOSPF

Distance Vector RoutingThe Routing, which is based on two parameters, that is distance and direction is called Distance Vector Routing. The example of Distance Vector Routing is RIP & IGRP.

Operation: -(1) Each Router will send its directly connected information to the neighbor router. This information is send periodically to the neighbors.(2) The neighbor will receive routing updates and process the route according to following conditions: - (i) If update of a new n/w is received then this information is stored in routing table. (ii) If update of a route is received which is already present in routing table then route will be refresh that is route times is reset to zero. (iii) If update is received for a route with lower metric then the route, which is already present in our routing table. The router will discard old route and write the new route in the routing table. (iv) If update is received with higher metric then the route that is already present in routing table, in this case the new update will be discard.

(3) A timer is associated with each route. The router will forward routing information on all interfaces and entire routing table is send to the neighbor. There are three types of timers associated with a route. (i) Route update timer It is the time after which the router will send periodic update to the neighbor. (ii) Route invalid timer It is the time after which the route is declared invalid, if there are no updates for the route. Invalid route are not forwarded to neighbor routers but it is still used to forward the traffic. (iii) Route flush timer It is the time after which route is removed from the routing table, if there are no updates about the router.

Metric of Dynamic RoutingMetric are the measuring unit to calculate the distance of destination n/w. A protocol may use a one or more than one at a time to calculate the distance. Different types of metric are: -(1) Hop Count(2) Band Width



(3) Load(4) Reliability(5) Delay(6) MTU

Hop Count:It is the no. of Hops (Routers) a packet has to travel for a destination n/w.Bandwidth : Bandwidth is the speed of link & path with higher bandwidth is preferred to send data.Load : Load is the amount of traffic present in the interface. Paths with lower load and high throughput

is used to send data.Reliability : Reliability is up time of interface over a period of time.Delay : Delay is the time period b/w a packet is sent and received by the destination.MTU : Maximum Transmission Unit It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500.

Problems of Distance VectorThere are two main problems of distance vector routing

(1) Bandwidth Consumption(2) Routing Loops

Bandwidth ConsumptionThe problem of accessive bandwidth consumption is solved out with the help of autonomous system. It exchanges b/w different routers. We can also perform route summarization to reduce the traffic.

Routing LoopsIt may occur between adjacent routers due to wrong routing information. Distance Vector routing is also called routing by Rumor. Due to this the packet may enter in the loop condition until their TTL is expired.

Method to solve routing loopsThere are five different methods to solve or reduce the problem of routing loop.

(1) Maximum Hop Count(2) Flash Updates/Triggered Updates(3) Split Horizon(4) Poison Reverse(5) Hold Down

Maximum Hop Count This method limits the maximum no. of hops a packet can travel. This method does not solve loop problem. But it reduce the loop size in the n/w. Due to this method the end to end size of a n/w is also limited.

Flash Updates/Triggered UpdatesIn this method a partial update is send to the all neighbors as soon as there is topology change. The router, which receives flash updates, will also send the flash updates to the neighbor routers.



Split HorizonSplit Horizon states a route that update receive from an interface can not be send back to same interface.

Poison ReverseThis method is the combination of split Horizon and Flash updates. It implements the rule that information received from the interface can not be sent back to the interface and in case of topology change flash updates will be send to the neighbor.

Hold DownIf a route changes frequently then the route is declared in Hold Down state and no updates are received until the Hold Down timer expires.

Routing Information ProtocolFeatures of RIP: -

Distance Vector Open standard Broadcast Updates

(255.255.255.255) Metric - Hop Count

TimersUpdate 30 secInvalid 180 secHold 180 secFlush 240 sec

* Loop ControlSplit HorizonTriggered UpdatesMaximum Hop CountHold Down

* Maximum Hop Count 15* Administrative Distance 120* Equal Path Cost Load Balancing* Maximum Load path 6

Default 4* Does not support VLSM* Does not support Autonomous system

Configuring RIPRouter#conf terRouter(config)#router ripRouter(config-router)#network <own net address>Router(config-router)#network <own net address>----------------------------Router(config-router)#exit



172.16.0.6

10.0.0.1 172.16.0.5 175.2.1.1

200.100.100.12

Router(config-router)#network 10.0.0.0Router(config-router)#network 172.16.0.0Router(config-router)#network 200.100.100.0

175.2.0.0 via 172.16.0.6

Display RIP RoutersRouter#sh ip route rip

R 192.168.75.0/24 [120/5] via 172.30.0.2 00:00:25 serial 1/0

RIP Dest. n/w mask AD Metric Next Hop Timer own Interface

RIP advanced configurationPassive InterfacesAn interface, which is not able to send routing updates but able to receive routing update only is called Passive Interface. We can declare an interface as passive with following commands: -Router#conf terRouter(config)#router ripRouter(config-router)#Passive-interface <type> <no>Router(config-router)#exit

Neighbor RIPIn RIP, by default routing updates are send to the address 255.255.255.255. In some scenarios, it may be required to send routing updates as a unicast from router to another. In this case, we have to configure neighbor RIP.For example: - in a Frame Relay n/w the broadcast update is discarded by the switches, so if we want to send RIP updates across the switches then we have to unicast updates using Neighbor RIP.

Unicast 10.0.0.2


R1

Frame Relay Cloud


255.255.255.255

10.0.0.1 10.0.0.2

R1 R2Router(config)#router rip Router(config)#router ripRouter(config-router)#neighbor 10.0.0.2 Router(config-router)#neighbor 10.0.0.1

Configuring TimersRouter(config)#router ripRouter(config-router)#timers basic <update> <invalid> <hold down> <flush>Router(config-router)#exit

Example: -Router(conf)#timer basic 50 200 210 300

Update 50 secInvalid 200 secHold 210 secFlush 300 sec

To change Administrative DistanceRouter(config)#router ripRouter(config-router)#distance <value>Router(config-router)#exit 95 or 100

To configure Load BalanceRIP is able to perform equal path cost Load Balancing. If multiple paths are available with equal Hop Count for the destination then RIP will balance load equally on all paths.

Load Balancing is enabled by default 4 paths. We can change the no. of paths. It can use simultaneously by following command: -Router(config)#router ripRouter(config-router)#maximum-path <1-6>

To display RIP parameters Router#sh ip protocolOrRouter#sh ip protocol RIP

This command display following parameters: -(i) RIP Timers(ii) RIP Version


R1 R2


(iii) Route filtering(iv) Route redistribution(v) Interfaces on which update send(vi) And receive(vii) Advertise n/w(viii) Passive interface(ix) Neighbor RIP(x) Routing information sources(xi) Administrative Distance

RIP version 2RIP version 2 supports following new features: -(1) Support VLSM (send mask in updates)(2) Multicast updates using address 224.0.0.9(3) Support authentication

Commands to enable RIP version 2We have to change RIP version 1 to RIP version 2. Rest all communication will remain same in RIP version 2.

Router(config)#Router RIPRouter(config-router)#version 2Router(config-router)#exit

To debug RIP routingRouter#debug ip rip

To disable debug routingRouter#no debug ip ripOrRouter#no debug allOrRouter#undebug allInterior Gateway Routing ProtocolFeatures: -* Cisco proprietary * Distance vector* Timers

Update 90 secInvalid 270 secHold time 280 secFlush 630 sec

* Loop controlAll methods

* Max hop count100 upto 255

* Metric (24 bit composite)Bandwidth (default)



Delay (default)Load ReliabilityMTU

* Broadcast updates to address 255.255.255.255* Unequal path cost load balancing* Automatic route summarization* Support AS* Does not support VLSM

Configuring IGRPRouter(config)#router igrp <as no>(1 – 65535)Router(config-router)#network <net address>Router(config-router)#network <net address>Router(config-router)#exit

Configuring Bandwidth on Interface for IGRPBy default the router will detect maximum speed of interface and use this value as the bandwidth metric for IGRP. But it may be possible that the interfaces and working at its maximum speed then we have to configure bandwidth on interface, so that IGRP is able to calculate correct method.

Router(config)#interface <type> <no>Router(config-if)#bandwidth <value in kbps>Router(config-if)#exit

Router(config)#interface serial 0Router(config-if)#bandwidth 256Router(config-if)#exit

Serial E1 modem Serial E1

2048 k 2048 k256 ksync

Configuring Unequal path cost load balancingTo configure load balancing, we have to set two parameters (1) Maximum path (by default 4)(2) Variance (default 1)

Maximum Path: - it is maximum no. of paths that can be used for load balancing simultaneously.



Variance: - it is the multiplier value to the least metric for a destination n/w up to which the load can be balanced. Router(config)#Router igrp <as no>Router(config-router)#variance <value>Router(config-router)#exit

Configuring following options in IGRP as same as in case of RIP: -(1) Neighbor (2) Passive interface(3) Timer(4) Distance (AD)(5) Maximum path

Neighbor Topology Routing11.0.0.1 R1 11.0.0.0 dc 13.0.0.2 12.0.0.0 dc

13.0.0.0 dc

R2 11.0.0.0 10.0.0.0

R3 13.0.0.0 14.0.0.0 15.0.0.0 16.0.0.0

R4 16.0.0.0 17.0.0.0

R5 18.0.0.0 19.0.0.0 20.0.0.0 14.0.0.0

R6 20.0.0.0 19.0.0.0 21.0.0.0

20.0.0.0 18.0.0.0

21.0.0.0 14.0.0.0

15.0.0.0 13.0.0.0 11.0.0.0 10.0.0.0Prepared and Design by Mr. Hijrat Afghan

R6

R5

R3

R1

R2


16.0.0.0 12.0.0.0

17.0.0.0


R4


Link State RoutingThis type of routing is based on link state. Its working is explain as under

(1) Each router will send Hello packets to all neighbors using all interfaces.(2) The router from which Hello reply receive are stored in the neighborship table. Hello packets are send periodically to maintain the neighbor table. (3) The router will send link state information to the all neighbors. Link state information from one neighbor is also forwarded to other neighbor.(4) Each router will maintain its link state database created from link state advertisement received from different routers.(5) The router will use best path algorithm to store the path in routing table.

Problems of Link State RoutingThe main problems of link state routing are: -(1) High bandwidth consumption.(2) More hardware resources required that is processor and memory (RAM)

The routing protocols, which use link state routing are: -(1) OSPF (2) EIGRP



Enhanced Interior Gateway Routing ProtocolFeatures: -

EIGRP Protocols & Modules(1) Protocol depended module This module is used to perform multi protocol routing that is the router will maintain 3 routing table for TCP/IP, IPX/SPX and Appletalk. It will analyze the update packet and send to the corresponding routing table.

Reliable Transport Protocol RTP is used to exchange routing updates with neighbor routers. It will also maintain neighbor relationship with the help of Hello packet. RTP has following features: -(1) Multicast updates (224.0.0.10)(2) Neighbor recovery: If neighbor stops responding to the Hello packets then RTP will send 16 unicast Hello packet for that neighbor.(3) Partial updates(4) No updates are send if there is no topology change. Due to this feature it is also called quiet protocol.

Diffusing Update Algorithm (DUAL)DUAL is responsible for calculating best path from the topology table. Dual has following features: -* Backup Path * VLSM* Route queries to neighbor for unknown n/w.

Configuring EIGRPRouter(config)#router eigrp <as no>Router(config-router)#network <net addr.>Router(config-router)#network <net addr.>Router(config-router)#exit

Advanced Configuration EIGRPConfiguring following options are same as configuring IGRP(1) Bandwidth on InterfacesPrepared and Design by Mr. Hijrat Afghan

* Cisco proprietary* Hybrid protocol

Link StateDistance Vector

* Multicast Updates usingAddress 224.0.0.10

* Support AS* Support VLSM* Automatic Route Summarization* Unequal path cost load balancing

* Metric (32 bit composite)BandwidthDelayLoadReliabilityMTU

* Neighbor Recovery* Partial updates* Triggered updates* Backup Route* Multi Protocol Routing


(2) Neighbor(3) Load balancing

Max pathVariance

Open Shortest Path FirstFeatures: -

OSPF TerminologyAlready known topics in this: -(1) Hello packets(2) LSA (Link State Advertisement)(3) Neighbor(4) Neighbor table(5) Topology table (LSA database)

Router IDRouter ID is the highest IP address of router interfaces. This id is used as the identity of the router. It maintaining stale databases. The first preference for selecting router ID is given to the Logical interfaces. If logical interface is not present then highest IP of physical interface is selected as router id.


* Link State* Open standard* Multicast updates

224.0.0.5224.0.0.6

* Support VLSM* Support Area similar to AS* Manual Route Summarization

* Hierarchical model

* MetricBandwidth

* Equal path cost load balancing* Support authentication* Unlimited hop count

Display CommandsRouter#clear ip route *Flush routing table.

Router#sh ip eigrp topologyIt shows topology database.P-> passive-> stable A->active->under updation

Router#sh ip eigrp neighborIt shows neighbor table

Debug IGRPRouter#debug ip igrp eventsIts display info. On special event

Router#debug ip igrp transactionsIt shows every update

Debug EIGRPRouter#debug ip eigrpRouter#debug ip eigrp summary


AreaArea is the group of routers & n/ws, which can share their routing information directly with each other.

AdjacencyA router is called adjacency when neighbor relationship is established. We can also say adjacency relationship is formed between the routers.

OSPF Hierarchical Model Area 0

Area 20 Area 70 Area 90

Area RouterA router, which has all interfaces member of single area, is called area router.Backbone AreaArea 0 is called backbone area. All other areas must connect to the backbone area for communication.Backbone RouterA router, which has all interfaces members of area 0, is called backbone router.Area Border RouterA router, which connects an area with area 0, is called area border router.


br br br

abr abr abr

ar ar ar ar

ar ar ar


LSA Flooding in OSPFIf there are multiple OSPF routers on multi access n/w then there will be excessive no. of LSA generated by the router and they can choke bandwidth of the network.

Designated RouterA router with highest RID (router id) will be designated router for a particular interface. This router is responsible for receiving LSA from non-DR router and forward LSA to the all DR router.

Backup Designated RouterThis router will work as backup for the designated router. In BDR mode, it will receive all information but do not forward this information to other non-DR router.

L K M N

A B C D

Switch

A B C DB A A A NeighborC C B BD D D CL K M N

This problem is solved with the help of electing a router as designated router and backup designated router.



Commands to configure OSPFRouter#conf terRouter(config)#router ospf <process no>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#exit

Wild Mask – Complement of subnet mask

Example 255.255.0.0 0.0.255.255

Configuring bandwidth on interfaceIf the actual bandwidth of interface is not equal to the maximum speed of interface then we have to use bandwidth command to specify the actual bandwidth.

Router(config)#interface <type> <no>Router(config-if)#bandwidth <speed>

Configuring logical interface for OSPFBy default the highest IP address of interface will be elected as Router id. If there is a change in status of interface then router will reelect some IP as Router id. So if we create logical interface, it will never go down and first preference give to the logical interface for RID.

Command: -Router(config)#interface loopback <no>Router(config-if)#ip address 200.100.100.1 255.255.255.255Router(config-if)#no shRouter(config-if)#exit

The subnet mask 255.255.255.255 is called host mask. It is recommended to use this mask due to which minimum IP address will be wasted.

Command to display OSPF parameterRouter#show ip protocolRouter#show ip ospf

Display Neighbor TableRouter#show ip ospf neighbor


255.255.255.255 - Subnet mask Wild mask

255.255.255.255 - 0.255.255.192 0 . 0 . 0 . 63


Display DatabaseRouter#show ip ospf database

To display DR/BDR ElectionsRouter#show ip ospf interfaces

Area 20

200.100.100.2/24

215.1.13/24

Router(config)#router ospf 32Router(config-router)#network 200.100.100.0 0.0.0.255 area 20Router(config-router)#network 215.1.1.0 0.0.0.255 area 20Router(config-router)#exit



Area 0

200.100.100.33/30 200.100.100.34/30

200.100.100.66/27 200.100.100.160/26

R1Router(config)#router ospf 33Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.64 0.0.0.31 area 0Router(config-router)#exit

R2Router(config)#router ospf 2Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.128 0.0.0.63 area 0Router(config-router)#exit

200.100.100.5/30 200.100.100.17/30

200.100.100.6/30 200.100.100.18/30

200.100.100.230/27

200.100.100.38/28 200.100.100.161/28

R1Router(config-router)#network 200.100.100.4 0.0.0.3Router(config-router)#network 200.100.100.32 0.0.0.15

R2Router(config-router)#network 200.100.100.4 0.0.0.3Router(config-router)#network 200.100.100.160 0.0.0.15Router(config-router)#network 200.100.100.16 0.0.0.3


R1

R2

R1

R2

R3


R3Router(config-router)#network 200.100.100.16 0.0.0.3Router(config-router)#network 200.100.100.224 0.0.0.31



LAN SwitchingEthernet switches are used in LAN to create Ethernet networks. Switches forward the traffic on the basis of MAC address. Switches maintain a switching table in which MAC addresses and Port No are used to perform switching decision. Working of bridge and switch is similar to each other.

Classification of switchesSwitches are classified according to the following criteria: -Types of switches based on working(1) Store & Forward This switch receives entire frame then perform error checking and start forwarding data to the destination.(2) Cut through This switch starts forwarding frame as soon as first six bytes of the frame are received.(3) Fragment-free This switch receives 64 bytes of the frame, perform error checking and then start forwarding data.(4) Adaptive cut-through It changes its mode according the condition. If there are errors in frames then it changes its mode to Store & Forward.

Features of switch- No. of ports - Speed of ports- Type of media - Switching or Wire speed or Throughput

Basic Switch AdministrationIOS based switches are similar to the routers. We can perform following function on switches in a similar manner as performed on router.


Types of switches based on management(1) Manageable switches(2) Non-Manageable switches

Types of switches based on OSI layer (1) Layer 2 switches (only switching)

Types of switches based on command mode (only in Cisco)(1) IOS based(2) CLI based

Switches based on hierarchical model(1) Core layer switches(2) Distribution layer switches

Access switch using consoleCommands to enter & exit from different modeCommands to configure passwordsManage configurationBackup IOS and configurationConfiguring and resolving hostnames

Configuring CDPConfiguring time clockConfiguring BannersCommand line shortcuts and editing shortcutsManaging historyConfigure loggingBoot system commands


Following function and options are not similar in router and switch.

Configuring IP and Gateway on switch We can configure IP address on switch for web access or telnet IP address is required for the administration of the switch. If we have to access switch from remote n/w then we will configure default gateway in addition to IP address.

Breaking Switch Password(1) Power off switch press mode button present in front of switch then power on the switch.(2) Keep mode button press until ‘Switch:’ prompt appears on console.(3) In switch monitor mode, type following commands: - flash_init load_helper rename flash:config.text flash:<anyname> dir flash: boot(4) After booting switch will prompt to enter in initial configuration dialog. Enter ‘no’ here and type. Switch>enable Rename flash:<anyname> Flash:config.text


Default hostname is ‘Switch’Auxiliary port is not present VTY ports are mostly 0 to 15By default interfaces are enabledIP address cannot be assign to interfacesRouting configuration mode is not

Interface no. starts from 1Web access is by default enabledConfiguration register is not sameFlash memory may contain multiple filesStartup-configuration is also saved in flash

Assigning IP to logical interface:-Switch(config)#interface vlan 1Switch(config)#IP address <ip> <mask>Switch(config)#no sh

Configuring GatewaySwitch(config)#ip default-gateway <ip>Switch(config)#exit


Configure memory

Change password and save config. Then copy run strat_config.

Cisco Hierarchal ModelWhen we want to create a large sized LAN network then we may face following problems if we are going design the network in flat model.

High latency Conjunction between switches between switches Large broadcast domain

Cisco hierarchal model recommends three layer design of the network o Core layer o Distribution layer o Access layer

On each layer there are some rules which we have to follow Highest performance devices are connected on Core

layer. Resources should be placed on Core layer. Polices should not be applied on core layer. On distribution layer, we can implement policies. Distribution and Core devices should be connected with

high-speed links. Access layer devices are basic devices and may be non

manageable.

Hierarchal model

After using hierarchal model the most of LAN problem will be solved but one problem still remain same that is all pc s will be in single broadcast domain. We have to implement following solution for this problem.

(1) Physical Segmentation (2) Logical Segmentation



Logical Segmentation of NetworkTo perform logical segmentation, we have to create VLAN in the network. With the help of VLAN, we can logically divide the broadcast domain of the network.

VLAN (Virtual LAN)VLAN provides Virtual Segmentation of Broadcast Domain in the network. The devices, which are member of same Vlan, are able to communicate with each other. The devices of different Vlan may communicate with each other with routing. So that different Vlan devices will use different n/w addresses. Vlan provides following advantages: -

(1) Logical Segmentation of network (2) Enhance network security



Creating port based VlanIn port based Vlan, first we have to create a VLAN on switch then we have to add ports to the Vlan.

By default, all ports are member of single vlan that is Vlan1. we can change vlan membership according to our requirement.

Commands to configure multiple ports in a vlanSwitch#conf terSwitch(config)#interface range <type> <slot/port no (space)–(space)

port no>Switch(config-if)#switchport access vlan <no>Switch(config-if)#exit

Example: - Suppose we want to add interface fast Ethernet 0/10 to 0/18 in vlan5

Switch#config terSwitch(config)#interface range fastethernet 0/10 – 18Switch(config-if)#switchport access vlan 5 Switchconfig-if#exit

TrunkingWhen there are multiple switches then we have to use trunk links to connect one switch with other. If we are not using trunk links then we have to connect one cable from each VLAN to the corresponding VLAN of the other switch.

Normal: -

Vlan 1 7 3 1 3 7

In Trunking: - Vlan 1, 3, 7

1 7 3 1 3 7


Commands to create VlanSwitch#config terSwitch(config)#vlan <no>Switch(config)#name <word>Switch(config)#exit

Commands to configure ports for a VlanSwitch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport access

To display mac address table

Switch#sh mac-address-table

To Display Vlan and port membership

Switch#sh vlan


Trunk TrunkSwitches will perform trunking with the help of frame tagging. The trunk port will send data frames by adding a Vlan id information to the frame, at the receiving end vlan id information is removing from the end and according to the tag data is delivered to the corresponding vlan. There are two protocols to perform frame tagging.

(1) Inter switch link (cisco propietry) (2) IEEE 802.1 q

Configuring Trunking In cisco switches all switch ports may be configured in three modes(1) Trunk desirable (default)(2) Trunk on(3) Trunk off

Switch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport mode <trunk|access|auto>Switch(config-if)#exit on off desirable

To configure Vlans allowed on TrunkBy default all Vlans are allowed on Trunk port. We can add/remove a partucular Vlan from trunk port with following commandSwitch#config terSwitch(config)#interface <type> <no>Switch(config-if)#switchport trunk allowed vlan all

Remove <vlan> Add <vlan>



Except <vlan>

To display trunk interfacesSwitch#sh interface trunkSwitch#sh interface <type> <no> trunk

Vlan Trunking Protocol (VTP)With the help of VTP, we can simplify the process of creating Vlan. In multiple switches, we can configure one switch as VTP server and all other switches will be configured as VTP client. We will create Vlans on VTP server switch. The server will send periodic updates to VTP client switches. The clients will create Vlans from the update received from the VTP server.

VTP serverVTP server is a switch in which we can create, delete or modify Vlans. The server will send periodic updates for VTP clients.

VTP clientOn VTP client, we are not able to create, modify or delete Vlans. The client will receive and forward vtp updates. The client will create same Vlans as defined in vtp update.

VTP TransparentTransparent is a switch, which will receive and forward VTP update. It is able to create, delete and modify Vlans locally. A transparent will not send its own VTP updates and will not learn any information from received vtp update.



VTP Server Vlan 1,3,5,10,20

Vlan Client Client Clinet Vlan 1,3,10,20,40,901,3,5,10,20

Client Client Client Client

VTP TransparentCommandsSwitch#conf terSwitch(config)#vtp domain <name>Switch(config)#vtp password <word>Switch(config)#vtp mode <server|client|transparent>Switch(config)#exit

By default in cisco switches the VTP mode is set as VTP server with no domain and no password.

To display VTP statusSwitch#sh vtp status

VTP PruningPruning is the VTP feature through which a trunk link can be

automatically disable, for a particular Vlan if neighbor switch does not contain ports in that Vlan. Vlan1 is not prun eligible.

Command to configure VTP PruningWe have to use only one command on VTP server for VTP Pruning.Switch#conf terSwitch(config)#vtp pruningSwitch(config)#exit

ServerVlan 1,3,5,7



Client Client Client

Vlan 1 3 5 7 1 3 5 7 1 3 5 7



Inter Vlan Communication After creating Vlans, each Vlan has own broadcast domain. If we want communication from one Vlan to another Vlan then we need to perform routing. There are three methods for inter vlan communication.

(1) Inter Vlan using router on a stick method(2) Inter Vlan using layer 3 switch

(1) Inter Vlan using router on a stick method In this method a special router is used for Inter Vlan. In this router, we can create one interface for each Vlan. The physical interface of router will be connected on trunk port switch. This router will route traffic on the same interface by swapping vlan id information with the help of frame tagging protocol.

Fa 0/0.1 – 10.0.0.1 -> Vlan1Fa 0/0.2 – 11.0.0.1 -> Vlan3Fa 0/0.3 – 12.0.0.1 -> Vlan5

Vlan 1, 3, 5

T T T

N/w 10.x.x.x 11.x.x.x 12.x.x.x Gateway 10.0.0.1 11.0.0.1 12.0.0.1


Router

Fa 0/0

Trunk T T T

1 3 5 1 3 5 1 3 5

Configuration on RouterRouter#config terRouter(config)#interface fastethernet 0/0Router(config-if)#no ip addressRouter(config-if)#no shRouter(config-if)#exit

Router(config)#interface fastethernet 0/0.1Router(config-if)#encapsulation dot1q 1Router(config-if)#ip address 10.0.0.1

Router(config)#interface fastethernet 0/0.2Router(config-if)#encapsulation dot1q 3Router(config-if)#ip address 11.0.0.1 255.0.0.0Router(config-if)#no shRouter(config-if)#exit

Router(config)#interface fastethernet 0/0.3Router(config-if)#encapsulation dot1q 5


Configuration on Core switch(1) Configure switch as VTP server(2) Create Vlans(3) Configure interface connected to router as Trunk(4) Configure interfaces connected to other switches as trunk (if required)

Configuration on Distribution layer switches(1) Configure switch as VTP client(2) Configure required interface as Trunk (optional)(3) Add ports to Vlan

Configuration on PcConfigure IP and Gateway

Spanning Tree ProtocolWhen we connect multiple switches with each other and multiple path exist from one switch to another switch then it may lead to the switching loop in the network. Multiple paths are used to create redundancy in the network. STP is only required when multiple path exist then there is possibility of loop in n/w.

Packets

Problems the occur with redundancy path(1) Multiple copies of the frame will be received by destination.(2) Frequent changes in the mac address table of switch.(3) A mac address may appear at multiple ports in a switch.(4) Packets may enter in the endless loop. Spanning Tree Protocol will solve this problem by blocking the redundancy interface. So that only one path will remain active in the switches. If the primary path goes down then disabled link will become enable and data will be transferred through that path.

Working of STPThe STP will create a topology database in which one switch will be elected as root switch. Path cost is calculated on the basis of bandwidth. The lowest path cost link will be enable mode and another path will be disable.


Switch Switch Switch

Root Switch


1 Gb 1 Gb

100 Mb 100 Mb

100 Mb

Lowest cost(Disable)

STP terminology (1) Bridge id It is the combination of bridge priority and base mac address. In Cisco switches default priority no. is 32768.

(2) Root Bridge The Bridge/Switch with lowest Bridge id will become the Root Bridge. The Root Bridge is used as the center point for calculating path cost in topology.

(3) BPDU Bridging Protocol Data Units It is the STP information, which is exchange between the switches to create topology and path selection.

(4) STP port mode An STP is enabled a port may be in one of the following mode. (i) Listening: - in this mode a port will send/receive BPD. (ii) Learning: - a port will learn mac address table. (iii) Forwarding: - the port will forward data based on mac address table. (iv) Blocking: - the port is block to send/receive data by Spanning Tree Protocol. (v) Disable: - the port is administratively disabled.Path cost calculationThe links in switches will be enable or disabled on the basis of path cost. The path cost for each link is calculated according to following table.

Old IEEE New IEEESpeed Cost Cost10 Mb 100 100100 Mb 10 191 Gb 1 410 Gb 1 2

To configure ports for forwarding mode directlySwitch#config terSwitch(config)#interface <type> <no>Switch(config-if)#switchport host


Switch Switch

Switch Switch


Configuring port securityIn manageable switches, we can restrict the no. of mac addresses that a port can learn. Even we can specify the mac address statically with a command. With port security, we can also specify the action to be perform if port security violation is detected.

Switch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security maximum <no. of mac>Switch(config-if)#switchport port-security violation <shutdown|restrict|reject>Switch(config-if)#switchport port-security mac-address stickySwitch(config-if)#switchport port-security mac-address sticky <mac address>Switch(config-if)#exit



Access Control ListACL are the basic security feature that is required in any network to

control the flow of traffic. Most of time our network may have servers and clients for which traffic control is required. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of Service), Prioritize traffic and interesting traffic for ISDN.

Classification Access Control List: -

Flow chart of Inbound ACL

No

Yes

No

Yes

Yes No


A Packet is received

Is there any Access-list applied on interface in Inbound direction?

Is there any macthing rule in ACL from top-down order?

Is it permit?

The packet is dropped.

The packet is dropped.

The packet is passed to RE

The packet is passed to Routing Engine

Types of ACL based on Protocol: -(1) IP Access Control List(2) IPX Access Control List(3) Appletalk Access Control List

Types of ACL based on Feature: -(1) Standard ACL(2) Extended ACL

Types of ACL based on Access mode: -

(1) Numbered ACL(2) Named ACL

Types of ACL based on Order of rules: -

(1) Deny, permit(2) Permit, deny

Types of ACL based on direction: -(1) Inbound ACL


IP Standard ACL (Numbered)In Standard ACL, we are only able to specify source address for the filtering of packets. The syntax to create IP standard ACL are: -Router#conf terRouter(config)#access-list <no> <permit|deny> <source>Router(config)#exit

<source> Single pc host 192.168.10.5192.168.10.5192.168.10.5 0.0.0.0

N/w 200.100.100.0 0.0.0.255

Subnet 200.100.100.32 0.0.0.15

All any

Applying ACL on interfaceRouter#conf terRouter(config)#interface <type> <no>Router(config-if)#ip access-group <ACL no.> <in|out>Router(config-if)#exit

Rule for applying ACL Only one ACL can be applied on each interface, in each direction for each protocol.

Example: - Suppose we want to allow Internet only for 192.168.10.32 – 70.

Internet

IP Standard ACL (Named)In Numbered ACL editing feature is not available that is we are not able to delete single rule from the ACL. In Named ACL editing feature is available.

Router#config terRouter(config)#ip access-list standard <name>Router(config-std-nacl)#<deny|permit> <source>Prepared and Design by Mr. Hijrat Afghan

Router

Router(config)#access-list 25 permit 192.168.10.32 0.0..31Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3Router(config)#access-list 25 permit 192.168.10.68Router(config)#access-list 25 permit 192.168.10.69Router(config)#access-list 25 permit 192.168.10.70


Router(config-std-nacl)#exit

To control Telnet access using ACLIf we want to control telnet with the help of ACL then we can create a standard ACL and apply this ACL on vty port. The ACL that we will create for vty will be permit – deny order.Example: - suppose we want to allow telnet to our router from 192.168.10.5 & 200.100.100.30 pc.Router#conf terRouter(config)#access-list 50 permit 192.168.10.5Router(config)#access-list 50 permit 192.168.10.30Router(config)#access-list 50 denyRouter(config)#line vty 0 4Router(config-line)#access-class 50 inRouter(config)#exit

IP Extended ACL (Numbered)Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis of five different parameters that are: -(i) Source address (ii) Destination address (iii) Source port(iv) Destination port (v) Protocol (layer 3/layer 4)

The syntax to create Extended ACLRouter#conf terRouter(config)#access-list <no> <deny|permit> <protocol> <source> [<s.port>]<destination> [<d.port>]router(config)#exit

<no> -> 100 to 199<protocol>-> layer 3 or layer 4 IP TCP UDP ICMP IGRP<Source port> no (1 to 65535) or<Destination port> telnet/www/ftp etc.<Source><Destination>

Example rules of Extended ACLRouter(config)#access-list 140 deny ip 192.168.10.3 0.0.0.0 any(All tcp/ip data is denied from source 192.168.10.3 to any destination)

Router(config)#access-list 120 permit ip any any


Router#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#deny 172.16.0.16Router(config-std-nacl)#deny 172.16.0.17Router(config-std-nacl)#deny

To modify the ACLRouter#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#no deny 172.16.0.17Router(config-std-nacl)#exit


(All tcp/ip data permit from any source to any destination)

Router(config)#access-list 145 deny tcp any host 200.100.100.5(All tcp data is denied from any source to host 200.100.100.5)

Router(config)#access-list 130 permit tcp any host 200.100.100.10 eq 80(All tcp based data from any source is allowed to access destination 200.100.100.10 on port no. 80 that is www(http) ) – web access

Router(config)#access-list 130 permit udp any host 200.100.100.10 eq 53(Any pc is able to access our DNS service running on port no. 53)

Router(config)#access-list 150 deny tcp any any eq 23 [or telnet](Telnet traffic is not allowed)

Router(config)#access-list 160 deny icmp any any(All icmp data from any source to any destination is denied)

Example: - Extended ACLSuppose we want to control inbound traffic for our network. ACL should be designed according the following policy.

(1) Access to web server (200.100.100.3) is allowed from any source.(2) FTP server (200.100.100.4) should be accessible only from branch office n/w (200.100.175.0/24).(3) ICMP & Telnet should be allowed only from remote pc 200.100.175.80(4) Any pc can access DNS (200.100.100.8)

200.100.175.x


Router

Router

To display ACLRouter#show access-lists orRouter#show access-list <no>

To display ACL applied on interfaceRouter#show ip interface


200.100.100.x

Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80Router(config)#access-list 130 permit tcp 200.100.175.0 0.0.0.255 200.100.100.4 0.0.0.0

Eq 21Router(config)#access-list 130 permit icmp 200.100.175.80 0.0.0.0 anyRouter(config)#access-list 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23Router(config)#access-list 130 permit udp any host 200.100.100.8 eq 53

Switch port ACLYou can only apply port ACLs to layer 2 interfaces on your switches because they are only supported on physical layer 2 interfaces. You can apply them as only inbound lists on your interfaces, and you can use only named lists as well.

Extended IP access lists use both source and destination addresses as well as optional protocol information and port number. There are also MAC extended access lists that use source and destination MAC addresses and optional protocol type information.

Switches scrutinize all inbound ACLs applied to a certain interface and decide to allow traffic through depending on whether the traffic is a good match to the ACL or not. ACLs can also be used to control traffic on VLANs. You just need to apply a port ACL to a trunk port.

Switch#conf terSwitch(config)#mac access-list extended abcSwitch(config-ext-mac)#deny any host 000d.29bd.4b85Switch(config-ext-mac)#permit any anySwitch(config-ext-mac)#do show access-list

Switch(config-ext-mac)#int f0/6Switch(config-if)#mac access-group abc

Lock and Key (Dynamic ACLs)These ACLs depends on either remote or local Telnet authentication in combination with extended ACLs. Before you can configure a dynamic ACL, you need to apply an extended ACL on your router to stop the flow of traffic through it.

Reflexive ACLsThese ACLs filter IP packets depending upon upper-layer session information, and they often permit outbound traffic to pass but place limitations on inbound traffic. You can not define reflexive ACLs with numbered or standard IP ACLs, or any other protocol ACLs. They can be used along with other standard or static extended ACLs, but they are only defined with extended named IP ACLs.

Time-Based ACLsIn this you can specify a certain time of day and week and then identity that particular period by giving it a name referenced by a task. The reference



function will fall under whatever time constraints you have dictated. The time period is based upon the router’s clock, but it is highly recommended that using it in conjunction with Network Time Protocol (NTP) synchronization.

Router#conf terRouter(config)#time-range no-httpRouter(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00Router(config-time-range)#exit

Router(config)#time-range tcp-yesRouter(config-time-range)#periodic weekend 06:00 to 12:00Router(config-time-range)#exit

Router(config)ip access-list extended timeRouter(config-ext-nacl)#deny tcp any any eq www time-range no-httpRouter(config-ext-nacl)#permit tcp any any time-range tcp-yes

Router(config-ext-nacl)#interface f0/0Router(config-if)#ip access-group time inRouter(config-if)#do show time-range

Remarks Remarks are the comments or remarks regarding the entries you have made in both your IP Standard and Extended ACLs.

Router#conf terRouter(config)#access-list 110 remark <remark words>

permit rahul from admin only to saleRouter(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255

Router(config)#ip access-list extended no_telnetRouter(config-ext-nacl)#remark deny all of finance from telnetting to saleRouter(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 23Router(config-ext-nacl)#permit ip any anyRouter(config-ext-nacl)#do show run

Cisco Discovery ProtocolThis protocol is by default enabled in Cisco devices. It will send periodic update after every one minute on all interfaces. The neighbors will receive this information and store in the CDP neighborship table. CDP is helpful in troubleshooting or to create documentation of CDP. We can obtain following information about neighbor automatically.

(1) HostnamePrepared and Design by Mr. Hijrat Afghan


(2) Device type(3) Model/Platform(4) IOS version(5) Local connected interface(6) Remote device connected interface(7) Entry IP address etc.

Display CDP statusRouter#sh cdp

To display CDP enabled interfacesRouter#sh cdp interface

To display CDP neighborsRouter#sh cdp neighborOrRouter#sh cdp neighbor detail

To disable CDP from deviceRouter#conf terRouter(config)#no cdp run

To disable CDP on particular interfaceRouter#conf terRouter(config)#int <type> <no.>Router(config-if)#no cdp enableRouter(cobfig-if)#exit

To change CDP timersRouter#conf terRouter(config)#cdp timer <value> (by default 60 sec)Router(config)#cdp holdtime <value> (by default 180 sec)(Value in seconds)

Wide Area NetworkThe network that is design for long distance communication is called Wide Area Network. A WAN network uses WAN protocols, WAN interface card to communicate with remote network.

Leased line ISDN Frame Relay ATMMLLN PSTN X.25Radio LinkFor 2 locations Unlimited Maximum Maximum


WAN

Point-to-Point Circuit Switching Packet Switching Cell Switching


Factors to be considered while selecting a WAN technology(1) No. of locations(2) Hours of connectivity(3) Speed(4) Cost (Bandwidth + Distance)(5) Reliability

WAN EncapsulationWAN encapsulation is used to convert a packet into frame and transfer data to WAN links, Different type of encapsulation are designed for different WAN technologies. The general format of WAN encapsulation is: -

FH Packet FT

Common WAN Encapsulation

Point-to-Point High level data link control HDLCPoint-to-Point, Point-to-Point Protocol PPPCircuit SwitchFrame Relay Frame Relay CiscoFrame Relay Frame Relay IETF X.25 Link Access Procedure Based LAPBISDN Link Access Procedure Based for D channel LAPDATM ATM Adaptation layer 5 AAL5

Point-to-Point WAN technologiesThese WAN technologies are used to connect two locations with each other. It is the 24-hour high speed and reliable connectivity. We can setup this WAN technology in three steps: -Step 1: - Connect the devices according to topology.Step 2: - Configure Modems.Step 3: - Configure Router.

Step 1Point-to-Point WAN Topology(a) Campus n/w or Drop wire n/w

V.35 Line LineRS 232

EIA/TIA 530 2 wire TP Or

4 wire TP


Flag Address Control Data FCS Flag

Modem


DB-60 Smart Serial

RJ-45* Distance depends on modems & mostly up to 10-15 kms.

(b) Leased line via Service Provided

G703G704

Line

Local Loop Local Loop

Line

V.35RS 232, EIA/TIA 530

SS, DB-60

(c) Managed Leased Line n/w (MLLN)


Serial

Router eth

Router

Modem

Modem

Modem

Modem

R R

ExchangeMux Mux

ExchangeMLLNMUX

MLLNMUX

MLLNModem

MLLNModem


(d) Radio Link

Antenna

V.35RS 232EIA 530

DB-60Smart Serial

(e) Radio Link using IDU & ODU

ODU ODU

UTP orCoaxial

IDU IDU

ODU – Out Door Unit


Router

Router

RadioModem

RadioModem

Router Router

RadioModem

RadioModem

RadioModem

RadioModemRoute

r

Router


IDU – In Door Unit

Line

4 Wire 2 Wire1 ------- 12 ------- Loop 1 23 34 ------- Loop2 4 ------- Signal5 ------- 5 -------6 67 78 8

Step 2 Configurations of ModemsWe have to configure various parameters in the modem. There are three

different methods to configure these parameters according to Modem.

Method1) Configuration of modem using Jumper setting/ Dip switches.2) Configuration of modem using LCD menu.3) Configuration of Modem using Console/ Terminal.

Step 3 Configuration of RouterTo configure Router for a Leased line scenario or Point-to-Point n/w, we

have to set following parameters: -1) IP addresses2) IP routing3) WAN encapsulation

172.16.0.1 172.16.0.2

192.168.5.1 10.0.0.1

In Point-to-Point WAN n/w any type of routing be perform on routers.



WAN EncapsulationTwo routers interfaces in Point-to-Point WAN must required to have same WAN encapsulation. Two types of WAN encapsulation are supported in this type of network.(1) HDLC(2) PPP

HDLCPPP

Same Manufacturer

PPP

Different ManufacturerBy default, Cisco routers will use Cisco HDLC encapsulation. We can change encapsulation by following command: -

Router#conf terRouter(config)#interface <type> <no>Router(config-if)#encapsulation ppp|hdlc



HDLCHigh Level Data Link ControlHDLC is the modified form of SDLC (Synchronous Data Link Control). SDLC was developed by IBM for router to main frame communication. HDLC is modified for router-to-router communication. Most of manufacturer has developed their proprietary HDLC protocol. So HDLC from one manufacturer is not compatible for other.

HDLC encapsulation is designed for Point-to-Point router communication. In HDLC no addressing is required, but still all station address is used in encapsulation. HDLC provides only basic features and error checking for the frame.

PPP – Point-to-Point ProtocolPPP is an open standard WAN protocol that can be used in Point-to-Point and circuit switching networks. PPP provides various advantages as compared to HDLC. PPP has following special features: -(1) Authentication(2) Multi Link(3) Compression(4) Call Back

PPP at OSI layer

AP TCP/IPS IPX/SPXTN

Lan, Wan Protocols DL

P

NetworkDA NCPT -------------------ALCP PPPL I --------------------N

K HDLC

Physical


PPP

HDLC

LAPB

EE 8023 ARPA


Three Phases of PPP(1) Link Control Protocol (LCP) This protocol negotiates the basic feature of PPP. It exchanges the parameter and option to be used with link. LCP supported features are: -Authentication, Compression, Multi link & Call back

(2) Authentication Phase - optional In this phase authentication is performed with peers with the help of one of the following protocol.(i) Password Authentication Protocol(ii) Challenge Handshake Authentication Protocol(iii) Microsoft CHAP(iv) Shiva PAP (clear text)

(3) Network Control Protocol Phase (NCP) In this phase parameters for routed protocol are established. In NCP, there is one module for each router protocol.IPCP for TCP/IPIPXCP for IPX/SPXCDPCP for CDP etc.

Configuring Authentication in PPPExample: -

Router 1 Router 2

Router 1Router#config terRouter(config)#int serial 0Router(config-if)# encapsulation pppRouter(config-if)# ppp authentication chapRouter(config-if)#ip address 10.0.0.1 255.0.0.0Router(config-if)#no shRouter(config-if)#exitRouter(config)#hostname chdRouter(config)#username ldh password net123Router(config)#exit

Router 2Router#config terRouter(config)#int serial 1Router(config-if)#encapsulation pppRouter(config-if)#ppp authentication chapRouter(config-if)#ip address 10.0.0.2 255.0.0.0


S0

S1


Router(config-if)#no shRouter(config-if)#exitRouter(config)#hostname ldhRouter(config)#username chd password net123Router(config)#exit

Configuring Compression in PPPIn PPP, one of the following three protocols can be used for compression(1) Stac(2) Predictor(3) Microsoft Point-to-Point Compression

Router#config terRouter(config)#interface <type> <no>Router(config-if)#encapsulation pppRouter(config-if)#compress <Stac|MPPC|Predictor>Router(config-if)#exit

To display CompressionRouter#show compress

PPP debug commandsRouter#debug ppp errorRouter#debug ppp authenticationRouter#debug ppp negotiation

To display PPP statusRouter#show interface

LCP Open LCP ClosedLCP Request sentLCP Listen

IPCP OpenIPCP Closed

CDPCP OpenCDPCP Closed

Circuit SwitchingIn Circuit Switching, all users are connected to the Circuit Switching. Exchange cloud depending upon user request. A circuit is established between two locations and then data is transferred. A signaling protocol is used to establish the connectivity then data is transferred with the help of protocol used Point-to-Point WAN.Examples of Circuit Switching are: -ISDN (Integrated Services Digital Network)



PSTN (Public Switched Telephone Network)

Integrated Services Digital NetworkISDN is the high-end circuit switching technology, which is designed for voice, data and video. ISDN is the time division multiplexing technology, in which multiple channels are used to transfer rate.

2 B Channels1 D Channel

30 B Channels 23 B Channels1 D Channel 1 D Channel

B Channel (Bearer Channel)This channel carries data using data encapsulation.

D Channel (Data Channel)This channel carries signal using signaling protocol.

Time Division Multiplexing in ISDN BRI

TB1 ------- 64 kbpsB2 ------- 64 kbpsD Ch ------- 16 kbpsS ------- 48 kbps

ISDN BRI Topology


ISDN

PRI BRI

E1 T1

B1 S1 B2 S D Ch S B1 S B2 S --

ISDN Cloud


S T U 2 wire

S

R

NT 1 Network Termination 1Send/Receive ISDN BRI Signals

NT 2 Network Termination 2Share ISDN between multiple users

TE 1 Terminal Equipment 1ISDN compatible device

TE 2 Terminal Equipment 2Non-ISDN device

TA Terminal AdapterConnects ISDN line with Non-ISDN device

Topology 1: - Voice

4 2 wire

4

Topology 2: - Voice

Topology 3: - Voice + Data

USB Serial


TE 1 NT 2 NT 1

TE 2 TA

ISDN Phone 1

ISDN Phone 2

NT 1 ISDN Cloud

Phone 1

Phone 1

TA NT 1 ISDN Cloud

PC TA NT 1 ISDN Cloud


Install TA in Pc, similar to External modem installation. Use “Dialup Networking” to connect Remote location.

Topology 3: - Data

ISDN BRI S/T

ISDNBRIU

Configuring ISDN BRIWe will configure ISDN BRI for following two scenarios: -

(1) ISDN Branch office to Branch office connectivity.(2) ISDN Branch office to ISP Connectivity.

ISDN Branch office to Branch office

Switch type Switch type Basic-net3 Basic-ni

306306 288288


Ph 1 Ph 2

Router

Router

NT 1 ISDN Cloud

ISDN CloudNT 1

ISDN Cloud

ISDNSwitch

ISDNSwitch


192.168.10.5 192.168.10.6

Encapsulation - PPP Authentication - CHAP

172.16.0.1 Hostname R1 - Chd 172.30.0.1 Hostname R2 - Del Password – net123 Routing - Static

172.16.X.X 172.30.X.X

Demand Dial RoutingSteps: -(1) Specify interesting Topic(2) Configure Route(3) Dial to Remote location(4) Negotiate Parameters(5) Transfer Data(6) Monitor interesting traffic(7) Disconnect the call

R1Router#config terRouter(config)#int eth0Router(config-if)#ip address 172.16.0.1 255.255.0.0Router(config-if)#no shRouter(config-if)#exit

Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.0.6Router(config)#ip route 192.168.0.6 255.255.255.255 BRI 0

Router(config)#dialer-list 5 protocol ip permitOrRouter(config)#access-list 20 deny 172.16.0.32 0.0.0.15Router(config)#access-list 20 deny 172.16.0.20Router(config)#access-list 20 permit anyRouter(config)#dialer-list 8 protocol ip list 20

Router(config)#isdn switch-type basic-net3Router(config)#hostname ChdRouter(config)#username Del password net123

Router(config)#int bri 0Router(config-if)#encapsulation pppRouter(config-if)#ppp authentication chap


R1 R2


Router(config-if)#ip address 192.168.10.5 255.255.255.0Router(config-if)#dialer map ip 192.168.10.6 name Del 288288Router(config-if)#dialer hold-queue 10 (no. of packets range 1 – 100)Router(config-if)#dialer-group 8Router(config-if)#dialer idle-timeout 180Router(config-if)#no sh (if no response from the dialer connection break)Router(config-if)#exit


Router(config)#ip route 172.16.0.0 255.255.0.0 192.168.0.5Router(config)#ip route 192.168.0.5 255.255.255.255 BRI 0

Router(config)#dialer-list 5 protocol ip permitOrRouter(config)#access-list 30 deny 172.30.0.32 0.0.0.15Router(config)#access-list 30 deny 172.30.0.20Router(config)#access-list 30 permit anyRouter(config)#dialer-list 8 protocol ip list 30

Router(config)#isdn switch-type basic-net3Router(config)#hostname DelRouter(config)#username Chd password net123

Router(config)#int bri 0Router(config-if)#encapsulation pppRouter(config-if)#ppp authentication chapRouter(config-if)#ip address 192.168.10.6 255.255.255.0Router(config-if)#dialer map ip 192.168.10.5 name Chd 306306Router(config-if)#dialer hold-queue 10 Router(config-if)#dialer-group 8Router(config-if)#dialer idle-timeout 180Router(config-if)#no sh Router(config-if)#exit

ISDN Branch office to ISP

E1/T1

Prepared and Design by Mr. Hijrat Afghan ISDN Cloud

RAS

Internet


383843 Basic-net3

DNS Authentication Accounting Authorization

ISP ParameterPh no.UsernamePasswordISDN Service Provider Switch Type

Router#config terRouter(config)#int eth 0Router(config-if)#ip address 10.0.0.1 255.0.0.0Router(config-if)#no shRouter(config-if)#exit

Router(config)#ip route 0.0.0.0 0.0.0.0 bri 0Router(config)#dialer-list 7 protocol ip permitRouter(config)#isdn switch-type basic-net3

Router(config)#int bri 0Router(config-if)#ip address negotiatedRouter(config-if)#encapsulation pppRouter(config-if)#ppp authentication chap pap call inRouter(config-if)#ppp pap sent-username <ispuser> password <word>Router(config-if)#ppp chap hostname <ispuser>Router(config-if)#ppp chap password <word>Router(config-if)#dialer string 383843Router(config-if)#dialer-group 7Router(config-if)#dialer-idle timeout 180Router(config-if)#dialer hold-queue 10Router(config-if)#no shRouter(config-if)#exit

NAT for ISDN dialup ISP connectivityRouter#conf terRouter(config)#int eth 0Router(config-if)#ip nat insideRouter(config-if)#int bri 0


Router

NT1

R


Router(config-if)#ip nat outsideRouter(config-if)#exitRouter(config)#access-list 50 permit anyRouter(config)#ip nat inside source list 50 interface bri 0 overload

Testing and Troubleshooting of ISDN (i) To display present active call Router#sh isdn active

(ii) To display history of calls Router#sh isdn history

(iii) To display ISDN status Router#sh isdn status

Layer1 = Active Layer2 Multiple frame established Layer3 1 Active layer call or 2 Active layer 3 call

(iv) To place ISDN test call Router#isdn call interface <type> <no> <phone no>

(v) To disconnect a call Router#isdn disconnect interface bri 0 <no> all

Debug CommandsInteresting traffic or dialerRouter#debug dialer eventsRouter#debug dialer packets

ISDN problemRouter#debug isdn eventsRouter#debug isdn 2921

Error code at cisco.comRouter#debug isdn 2931

PPP problemRouter#debug ppp negotiationRouter#debug ppp authenticationRouter#debug ppp error

Configuring ISDN multi-linkAn ISDN multiple channels can be combined to dial the same location and transport data for this purpose. We will use PPP multi-link and Cisco bandwidth on demand configuration.Router#conf terRouter(config)#int bri 0



Router(config-if)#ppp multilinkRouter(config-if)#dialer load-throshold <value> either (inbound or outbound)

1-255Router(config-if)#exit



Packet SwitchingPacket Switching is the wan technology in which all devices are connected to the packet switching exchange. The devices will request packet switching exchange to create a virtual connection then data is transferred over the virtual connection. It is possible to create more than one virtual connection and transfer data over them one by one.

Example of Packet Switching Technology are: -(1) X.25 (2) Frame Relay

Frame RelayFrame Relay is the Packet switching technology in which virtual connections are established. The frame relay supports only permanent virtual connections. Frame used special addresses called DLCI to create common and virtual connections.

Frame Relay Topology

V.35 232

4 wire Tp 530 LineLocal loop

Line

V.35, RS232, EIA 530

DB-60, Smart Serial

Frame Relay DLCIDLCI stands for Data Link Control Identifier. It is used for addressing purpose. In frame Relay Encapsulation, Virtual Circuits are established and data is


Router

FRModem

FRModem

FR SW

Switch

Virtual CircuitIn packet switching technology there are two types of virtual circuits: -(1) Switched Virtual Circuit (SVC)(2) Permanent Virtual Circuit (PVC)

Only PVC is supported in Frame Relay technology.


transferred on the basis of DLCI. DLCI addresses are different from general addressing scheme. One DLCI address provided for each virtual circuit that we want to create.

DLCI range 16 - 1017Frame Relay EncapsulationFrame Relay use special type of Encapsulation, Which is specifically designed for this technology. There are two encapsulations are available: -(1) Frame Relay Cisco(2) Frame Relay IETF (Internet Engineering Task Force)

Cisco FRIETF FR

Cisco Cisco

IETF FR

Non Cisco any

Frame Relay Local Management InterfaceLMI are the keepalive signals, which are used to keep the virtual circuit up and running. LMI are exchange between frame relay switch and router. We have to set same LMI on router as specified by the service provider. There are three types of LMI that we can use (1) CISCO(2) Q933a(3) ANSIR1Router#config terRouter(config)#int eth0Router(config-if)#ip address 172.16.0.1 255.255.0.0Router(config-if)#no shRouter(config-if)#exit

Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.10.2

Router(config)#int serial 0Router(config-if)#encapsulation frame-relayRouter(config-if)#frame-relay lmi-type ciscoRouter(config-if)#ip address 192.168.10.1 255.255.255.0Router(config-if)#frame-relay interface-dlci 300Router(config-dlci)#exitRouter(config-if)#frame-relay map ip 192.168.10.2 300Prepared and Design by Mr. Hijrat Afghan

R R

R R


Router(config-if)#no shRouter(config-if)#exit


Router(config)#ip route 172.16.0.0 255.255.0.0 192.168.10.1

Router(config)#int serial 0Router(config-if)#encapsulation frame-relayRouter(config-if)#frame-relay lmi-type ciscoRouter(config-if)#ip address 192.168.10.2 255.255.255.0Router(config-if)#frame-relay interface-dlci 400Router(config-dlci)#exitRouter(config-if)#frame-relay map ip 192.168.10.1 400Router(config-if)#no sh Router(config-if)#exit

Configuring Frame Relay Point to Point connectivity

Cisco ANSI

300 for R2 400 for R1

encap: - Cisco FR

192.168.10.1 192.168.10.2

172.16.0.1 172.30.0.1


R1 R2

M M

M M

FRSW SW


Network Address TranslationNAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of NAT, we

are able to translate network layer addresses that are IP addresses of packets. With Port Address Translation, we are also able to translate port numbers present in transport layer header.

Advantage of NATThere are two reasons due to which we use NAT: -

(1) Conserve Live IP addressOn Internet, there are limited no of IP addresses. If our Clients wants to communicate on

Internet then it should have a Live IP address assigned by our ISP. So that IP address request will depend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IP addresses. To reduce wastage, we can share live IP addresses between multiple PCs with the help of NAT.(2) NAT enhances the network security by hiding PC & devices behind NAT.

NAT Terms: Inside Interface: The interface connected to inside local networkOutside Interface: The interface connected to outside internet.Inside Local: IP address assigned to local network by administrator from Private IP range. Inside Global: IP address assigned by ISP for Local LAN from Public IP range.

Working of NAT & PAT

10.0.0.5

10.0.0.6 10.0.0.1 200.100.100.12

10.0.0.7

10.0.0.8


NAT

Internet

Switch

10.0.0.5200.100.100.12

1080

10.0.0.6200.100.100.12

1085


Port Translation1100

Types of NATStatic NATThis NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NAT will forward on the traffic for the Live IP to the Local PC in the n/w.

Static NAT 200.1.1.5 = 192.168.10.6

Live 200.1.1.5

Local 192.168.10.6Port Based Static NATThis NAT is also used for servers. It provides port-based access to the servers with the help of NAT.

200.1.1.5:80 -> 192.168.10.6200.1.1.5:53 -> 192.168.10.7


10.0.0.7200.100.100.12

1024

10.0.0.8200.100.100.12

1024

Router

Internet

Router

Internet


Web DNS192.168.10.6 192.168.10.7

Dynamic NAT using PoolDynamic NAT is used for clients, which want to access Internet. The request from multiple client IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based Dynamic NAT.

Pool => 200.1.1.8 – 200.1.1.12/28Local address => 172.16.X.XExcept => 172.16.0.5

172.16.0.6 172.16.0.7

Web Server DNS Full access 172.16.X.X 172.16.0.5 172.16.0.6 172.16.0.7

Pool allotted => 200.1.1.0 – 15/28Server

Static => 200.1.1.3 = 172.16.0.7Port Based Static NAT

200.1.1.4:53 = 172.16.0.6 200.1.1.4:80 = 172.16.0.5

ClientDynamic NATPool => 200.1.1.8 – 200.1.1.12/28

Local address => 172.16.0.XConfiguring NATRouter#conf terRouter(config)#int serial 0Router(config-if)#ip nat outsideRouter(config-if)#int eth 0Router(config-if)#ip nat insideRouter(config-if)#exit

Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53


Router

Internet


Router(config)#access-list 30 permit any

Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240Router(config)#ip nat inside source list 30 pool abc overload

To display NAT translationRouter#sh ip nat translations(after ping any address, it shows ping details)

To clear IP NAT TranslationRouter#clear ip nat Translation *
