View
356
Download
33
Category
Tags:
Preview:
Citation preview
1
2
Course Introduction
3
Cisco Career Certifications
Professional
CCIE
CCNP
CCNAAssociate
http://www.cisco.com/go/certifications
Recommended Training Through
Cisco Learning Partners
Required Exam
CCNA Cisco Certified Network Associate
Expert
CCNA Exam 640-802
4
Cisco Different Certifications Fields
CCIE Routing
and Switching
CCNP
CCNA
Network Implementation Network Design
None
CCNP
CCDA
or
CCNA
CCIE
Service Provider
CCIP
CCNA
Network Service Provider
CCIE
Security
CCSP
CCNA
Network Security Voice Networks
CCIE
Service Provider
CCIP
CCNA
Storage Networking
CCIE
Voice
CCVP
CCNA CCNA
None
CCIE
Storage Networking
5
Course Topics
- Introduction , OSI & TCP/IP
- OSI & TCP/IP Layers
- IP Addressing & Subnetting
- Introduction to Cisco IOS
- Routing
- Access lists
- Switching
- WAN
6
• Network:
is basically all the components (H/W &
S/W) involved in connecting computer across
small and large distance
• Importance of Networks:
Easy access and sharing of information
Sharing of expensive devices and network
resources
Modern Technologies (IP telephony, Video
on Demand, ….etc)
Networking Technologies
7
Network components
• Network has three main components
Computers (servers and hosts)
- Source of applications (network aware applications)
- ex: HTTP (Hyper Text Transmission Protocol),
FTP (File Transfer Protocol),
SNMP (Simple Network Management Protocol)
Telnet
Network Devices
- Devices that interconnect different computers together
- ex: Repeaters, hub, bridge, switch, router, NIC and modems
Connectivity
- Media that physically connect the computers and network devices
- ex: Wireless and cables
8
Network Types
• LAN (Local Area Network):
It is a group of network components that work
within small area
• WAN (Wide Area Network):
It is a group of LANs that are interconnected
within large area
9
Reference Models
- describe data transfer standards
- a framework (guideline) for network
implementation and troubleshooting
- Reference model types :
- OSI
- TCP/IP
10
Reference Models
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Application
Transport
Internet
Network
Access
11
The OSI Reference model
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Transmission example:-
AB
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Segment
Packet
Frame
Bits
User Data
12
Encapsulation Process
13
The Application Layer-7 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
This layer deals with
networking applications.
Examples:
Web browsers
Each application uses a
certain service from
Transport Layer
(reliable or unreliable)
PDU - User Data
14
The Presentation Layer-6 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
This layer is responsible
for presenting the data in
the required format which
may include:
Encryption
Compression
PDU - Formatted Data
15
The Session Layer-5 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
This layer establishes, manages,
and terminates sessions between
two communicating hosts.
Example:
Client Software
( Used for logging in)
PDU - Formatted Data
16
The Transport Layer-4 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
- This layer breaks up the data
from the sending host and then
reassembles it in the receiver.
(segmentation)
- It also is used to insure reliable
data transport across the
network
(reliability and flow control)
PDU - Segments
17
The Network Layer-3 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
- Logical addressing (IP address)
- Best Path Determination
(routing)
PDU - Packets
18
The Data Link Layer-2 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
This layer provides reliable
transit of data across a physical
link hop by hop .
Makes decisions based on
physical addresses
(usually MAC addresses)
PDU - Frames
19
The Physical Layer-1 Layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
This is the physical media
through which the data,
represented as electronic
signals, is sent from the source
host to the destination host.
Examples:
UTP
Coaxial (like cable TV)
Fiber optic
PDU - Bits
20
TCP/IP model
Application
Transport
Internet
Network
Access
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
21
Hierarchical Network Model
22
22
The Physical Layer
23
Physical Layer Responsibilities
Description of LAN/WAN cables & connectors
Description of LAN/WAN standards
(maximum length, bit rates, pin assignment, voltage levels)
Physical Layer Devices
24
LAN Physical Layer
Ethernet cables :
- Copper ( UTP , STP , Coaxial )
- Fiber
25
Unshielded Twisted Pair (UTP) Cable
CAT5 CAT 5e , CAT6
RJ-45
prevents EMI , RFI
to avoid attenuation
26
Using UTP cable to connect devices
1- straight cable
2- cross cable
3- roll over cable
27
Through or Crossover cables -Straight
PC
router
switch
hub
modem
Cross
cable
straight
cable
Cross
cable
28
Shielded Twisted Pair (STP) Cable
29
Coaxial Cable
thick coaxial , thin coaxial (200 m)
30
Fiber Optic Cable
31
Fiber Optic Connectors
single mode fiber
multimode fiber
32
WAN Physical Layer
serial cables
33
WAN Terminologies
DTE : DCE :
34
Transmission modes
- Full duplex :
devices can send , receive data at the
same time (two ways for transmission)
- Half duplex:
one circuit for transmission , so only one
device can use the bus (send or receive)
at a time , if two devices sent at the same
time collision occurs .
35
devices 1 Layer
Repeater-1
A repeater is a network device used to regenerate a signal.
Repeaters regenerate analog or digital signals distorted by
transmission loss due to attenuation. Rule : no more than four
repeaters can be used between hosts on a LAN.
36
Hub-2
Hubs takes data bits from
input port and forward it to
all other ports
A Hub is a multi-port
Repeater
repeater and hub work in
half duplex mode
37
37
The Data-Link Layer
38
Link Layer Responsibilities-Data
Description of H/W addressing
MAC (Media Access Control) address
frame format
Error detection between hop to hop
Data-Link layer standards :
LAN: Ethernet, Token Ring, FDDI
WANs: HDLC, PPP, ISDN, X.25, Frame-Relay, ATM
39
Ethernet Overview
- Ethernet is now the dominant LAN technology in the world.
- Ethernet is not one technology but a family of LAN
technologies.
- Ethernet specifications support different media,
bandwidths, and other Layer 1 and 2 variations.
40
MAC Address
- MAC address is 48 bits in length and expressed as twelve
hexadecimal digits.
- MAC addresses are burned into read-only memory (ROM) of the NIC
- each NIC has a unique MAC address
- MAC address can represent unicast , broadcast and multicast
ex. A34C.52BD.1234
41
Host can not send
whenever bus is busy
CSMA/CD operation in half duplex media
42
Ethernet Frame Structure
DataTypeIEEE802.2
43
devices2 Layer
• A layer 2 device is a device that understand MAC,
for example:
NIC (Network Interface Card)
Bridge :
- address learning
- forwarding decisions are based on software
- bridge is used for LAN segmentation
Switch:
- a multi-port bridge
- forwarding decisions are based on hardware ASIC
(faster than bridge)
44
• Transparent Bridge and Switche has 3 main functions Address learning
Forward/filter decision
Loop avoidance
Ethernet Switches and Bridges
All ports of the
Switch and Bridge
are members in
single broadcast
domain, and
multiple collision
domains
45
Address Learning-1
Switch learns which MAC’s are connected to which
ports by checking the frame source MAC address .
46
Forwarding-2
- Forwarding is done by checking the destination MAC address
-- If the destination MAC is unknown unicast or broadcast or multicast
the frame will be flooded (sent out of all switch ports)
- for the known unicast, switch will forward frame through the learned port only
47
Types of frame errors
1 – CRC error :
Frame contents changed during transmission
2 – Runt frame :
Frame size is less than 64 byte
3 – Giant Frame :
Frame size is larger than 1518 byte
48
Store and Forward
Complete frame is received
and checked before
forwarding.
Forwarding modes
Cut-Through
• Switch checks destination
address and immediately
begins forwarding frame.
Fragment-Free
• Switch checks
the first 64 bytes, then
begins forwarding frame.
49
loops2 Remove Layer -3
MAC port
A
A
3
1• Solution : using Spanning tree protocol (STP)
50
Frame creation
Destination
MAC
Source
MAC
Source
IP
Destination
IP
Burned
on the NIC
- ARP
- Proxy ARP
- Static
- Dynamic
(RARP ,
BOOTP ,
DHCP)
DNS
51
Source MAC-
Burned
on the NIC
52
Source IP-
1- by static configuration
53
Source IP-DHCP :-
- Dynamic host configuration
protocol
- DHCP allows a host to obtain
an IP address dynamically
without the network
administrator having to set
up an individual profile for
each device.
- a range of IP addresses on a
DHCP server is defined .
- the entire network
configuration of a computer
can be obtained in one
message from the server.
54
Destination IP-
• Application specified in the TCP/IP suite
• Means to translate human-readable names into IP addresses
DNS :
55
Destination MAC-
- ARP :
- each PC
form an
ARP table
containing
the learned
MAC’s
56
Destination MAC-
A
Router R
Broadcast Message to all:
If your IP address matches “B”
then please tell me your
Ethernet address
B
A
B
Yes, I know the destination
network, let me give you my
Ethernet address
I take care, to forward
IP packets to B
Proxy ARP :-
57
57
The Transport Layer
58
The Transport Layer
reliable
service
unreliable
service
Flow Control
- Windowing (PAR):
2error in
2
2 2
3
3
60
Flow Control- Windowing (PAR):
61
Addressing4 Layer
• Port Numbers :
• Port numbers are classified to
Well Known port (0-1023):
it identifies different applications,
ex:FTP(20,21), Telnet(23), SMTP(25), DNS(53), HTTP(80)
User defined port (1024-65535):
it is given randomly by the operating system for
each session initiated by the hot
62
Multiplexing applications
12.0.0.1
12.0.0.213.0.0.1
web server
1
2
3
13.0.0.112.0.0.1 1200 801
13.0.0.112.0.0.1 1500 80
13.0.0.112.0.0.2 1200 80
2
3
Source IP Destination IP Source port Destination port
TCP Header
UDP Header
65
65
The Application Layer
66
• File transfer
– FTP
– TFTP
– Simple Mail Transfer Protocol
• Remote login
– Telnet
• Network management
– Simple Network Management Protocol
• Name management
– Domain Name System
TCP/IP Application Layer Overview
67
Port Numbers
68
68
The TCP/IP Internet Layer
69
Internet Layer
• Internet Layer is responsible for the following:
Support of logical addressing for network components
Routing (Finding the best path for data)
Layer 3 devices
• Internet Layer protocols are
IP (Internet Protocol)
ICMP (Internet Control Management Protocol)
ARP (Address Resolution Protocol), RARP (Revere ARP)
Routing Protocols ex. OSPF , EIGRP ,
• IP has the following characteristics
Provide Logical addressing
Provide connectionless “best effort” delivery of data
70
IP Packet
IP packets consist of the data from upper layers plus an IP
header. The IP header consists of the following:
71
IP addressing
- Each host in the network must have a unique IP address
because duplicate addresses would make routing impossible
- IP Addressing is a hierarchical structure as the IP address
combines two identifiers into one number .
the first part identifies the network address , the second part,
called the host part, identifies which particular machine
it is on the network.
- IP address is a 32 bit (4 bytes= 4 octets) address that is
mainly divided to network part (representing the network ID
where the device is located in) & Host part (representing the
ID of the host)
- It is represented in a dotted decimal form, where each octet
is transformed to its decimal value.
ex. 192.168.1.3
72
IP Address Classes
IP addresses are divided into classes to define the large,
medium, and small networks.Class A addresses are assigned to larger networks.
Class B addresses are used for medium-sized networks,
Class C for small networks,
Class D for Multicasting
Class E for Experimental purposes
73
Identifying Address Classes
Note : for Class A , networks 0 & 127 are reserved (class A range 1 - 126)
74
Public IP Addresses
- Unique addresses are required for each device on a network
- Originally, an organization known as the Internet Assigned
Numbers Authority (IANA) handled this procedure.
- No two machines that connect to a public network can have
the same IP address because public IP addresses are global
and standardized.
75
Private IP Addresses
Private IP addresses are another solution to the problem of
the impending exhaustion of public IP addresses.As
mentioned, public networks require hosts to have unique IP
addresses.
However, private networks that are not connected to the
Internet may use any host addresses, as long as each host
within the private network is unique.
76
IP address types
• IP address could be one of three categories
Network address
Host address
Broadcast address
77
Network / Broadcast Addresses
- Network address :
the first IP address in it which all host part bits = 0
- Broadcast address:
the last IP address in the network which all host part bits = 1
no. of host bits
- other addresses are host addresses = 2 - 2
- Here are some examples:
Class Network Address Broadcast Address
A 12.0.0.0 12.255.255.255
B 172.16.0.0 172.16.255.255
C 192.168.1.0 192.168.1.255
78
Subnet Mask
- 32 bit mask ( 1’s followed by 0’s )
- Used by routers and hosts to determine the number of
network- significant bits ( identified by 1’s )
and host- significant bits in an IP address (identified by 0’s)
- example :Class Network Address Default subnet mask
A 12.0.0.0 255.0.0.0 or /8
B 172.16.0.0 255.255.0.0 or /16
C 192.168.0.0 255.255.255.0 or /24
79
Octet Values of a Subnet Mask
• Subnet masks like IP addresses can be represented in the dotted decimal format like 255.255.255.0.
80
Subnetting
- Subnetting a network means to use the subnet mask to divide the
network and break a large network up into smaller, more efficient and
manageable segments, or subnets.
- Subnetting is done by taking part of host bits then add it to
the network part
Network part Host part
Subnet
bits
Network part Host part
IP
address
81
Subnetting Example
Divide network 192.168.1.0/24 into 4 subnets
bits2 subnets need 4 Solution:
192.168.1 . 0
11 1111 00to 00 0000 00. 1 .168.192
11 1111 01to 00 0000 01. 1 .168.192
11 111110to 00 0000 10. 1 .168.192
11 111111to 00 0000 11. 1 .168.192
subnet mask is 255.255.255.192 or /26
The first subnet is 192.168.1.0/26
The second subnet is 192.168.1.64/26
The third subnet is 192.168.1.128/26
The fourth subnet is 192.168.1.192/26
0 - 63
64 - 127
128 - 191
192 - 255
82
Divide network 192.168.1.0/24 into 4 subnets
Solution :
- 4 subnets need 2 bits
- subnet mask = 255.255.255.192
- interesting octet is 192
- hop count = 256 – 192 = 64
- The first subnet is 192.168.1.0/26
- The second subnet is 192.168.1.64/26
- The third subnet is 192.168.1.128/26
- The fourth subnet is 192.168.1.192/26
83
Determine if this IP is network address or host
address or broadcast address
172.16.5.0/23
Solution :
- subnet mask = 255.255.254.0
- interesting octet is 254
- hop count = 256 – 254 = 2
- The first subnet is 172.16.0.0/23
- The second subnet is 172.16.2.0/23
- The third subnet is 172.16.4.0/23
- The fourth subnet is 172.16.6.0/23
So 172.16.5.0/23 is a host address 172.16.5.0/23
84
- Which IP address should be assigned to PC B ?
A . 192.168.5.5
B . 192.168.5.32
C . 192.168.5.40
D . 192.168.5.63
E . 192.168.5.75 192.168.5.33/27
?
A
B
Answer : C
85
- Given the choices below, which address
represents a unicast address?
Answer : E
A . 224.1.5.2
B . FFFF. FFFF. FFFF.
C . 192.168.24.59/30
D . 255.255.255.255
E . 172.31.128.255/18
86
ICMP
D:\>ping 192.110.1.140
Pinging 192.110.1.140 with 32 bytes of data:
Request timed out
Internet control message protocol verifies
network devices connectivity (Ping)
87
devices3 Layer
Router :- best path determination
- creating routing table
- connecting different LANs
All interfaces of the
router are members
in multiple broadcast
domains, and
multiple collision
domains
88
Find number of broadcast domains and number
of collision domains
Solution :
no. of broadcast domains = 2
no. of collision domains = 4
89
90
90
Operating Cisco IOS Software
91
Cisco Software components
• Cisco IOS (Internetwork Operating System)
It is the operating system that manages the hardware
platform it is working on.
• Configuration File
It is a program file that contains commands that
reflect how the router will react.
92
Router Internal Components
Configuration
file
IOS
Current
Config.
93
Router2600 External Components of a
94
Computer/Terminal Console Connection
95
HyperTerminal Session Properties
96
Setup mode
- Permit the administrator to install a minimal configuration for a router
( appeared if no saved configuration , Ctrl-C to skip )
97
Other Router Modes
98
IOS Features
• Support context help and abbreviations ( ? )
• Support of auto complete ( Tab button )
• Support syntax error detection
99
Context help features
100
Configuring Router Identification
101
Configuring a Router Password
102
Configuring Interfaces
Router#config t
RouterA(config)# interface serial 0/0
RouterA(config-if)# ip address 192.168.1.1 255.255.255.252
RouterA(config-if)# no shutdown
RouterA(config-if)# clock rate 56000 (required for serial DCE only)
RouterB(config)# int serial 0/1
RouterB(config-if)# ip address 192.168.1.2 255.255.255.252
RouterB(config-if)# no shutdown
RouterB(config-if)# exit
RouterB(config)# exit
Router#
To know which interface is the DCE :
RouterA# show controller s0/0
S0/0S0/1
192.168.1.1/30192.168.1.2/30
103
monitoring and debuggingshow commands are typed in the privileged EXEC mode (enable mode)
#show interface – Displays all the statistics for all the interfaces
#show interface s0/1 – Displays statistics for interface Serial 0/1
#show ip interface brief – Displays a summary about interfaces
#show controllers s0/0 – Displays information-specific to the
interface hardware
#show flash – Displays info about flash memory and what IOS in it
#show start – Displays the saved configuration located in NVRAM
#show run – Displays the configuration currently running in RAM
#show version – Displays info about the router and the IOS
#show ARP – Displays the ARP table of the router
#erase start – erase the saved configuration file in NVRAM
#reload – restart the router
#copy run start – save the current configuration in RAM into the NVRAM
104
show flash command
105
• Displays the current and saved configuration
config and -show running
config Commands-show startup
106
show interfaces Command
107
• Shows the cable type of serial cables
Serial Interface show controller
Command
108
Using Telnet to Connect to
Remote Devices
Telnet is used to check all the TCP/IP stack
109
Using the ping and trace
Commands
Ping commands tests the connectivity and path to a remote device
( test layer 3 in TCP/IP )
110
Interpreting the Interface Status
Layer 1 status Layer 2 status
- Serial0/1 is administratively down , line protocol is down
interface is shut down
- Serial0/1 is down , line protocol is down
interface or cable H/W failure ( no keep-alives )
- Serial0/1 is up , line protocol is down
different encapsulation type ( PPP , HDLC , FR ) or no clock rate
on the DCE device.
Interface
is working
properly
Other interface status :
S0/1S0/0
111
show version Command
112
Configuration Register Values
0x2100
0x2101
0x2102 to
0x210F
The configuration register value set the boot option
The value 0x2142 is used to bypass the NVRAM
113
Boot system command
- beside the configuration register you can
use the boot system command to force
booting location.
Router(config)# boot system flash
Router(config)# boot system rom
Router(config)# boot system tftp
114
Discovering Neighbors with CDP
• CDP runs on routers with Cisco IOS
to get information about the direct
connected Cisco devices.
• Summary information
includes:
– Device identifiers
– Address list
– Port identifier
– Capabilities list
– Platform
115
Using the show cdp
neighbors Command
RouterA# show cdp neighbors detail
provide also the neighbors ip addresses.
116
Cisco IOS copy Command
#
#
#
#
#
#
To save IOS image or
configuration file
TFTP
application
FLASH
Managing configuration file with
TFTP application
wg_ro_a#copy tftp flashAddress or name of remote host [10.1.1.1]?
Source filename []? c2500-js-l_120-3.bin
Destination filename [c2500-js-l_120-3.bin]?
Accessing tftp://10.1.1.1/c2500-js-l_120-3.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeee (output omitted) ...erased
Erase of flash: complete
Loading c2500-js-l_120-3.bin from 10.1.1.1 (via Ethernet0):
!!!!!!!!!!!!!!!!!!!!
(output omitted)
[OK - 10084696/20168704 bytes]
Verifying checksum... OK (0x9AA0)
10084696 bytes copied in 309.108 secs (32636 bytes/sec)
wg_ro_a#
118
Managing configuration file with
TFTP applicationwg_ro_a# copy run tftp
Address or name of remote host []? 10.1.1.1
Destination filename [running-config]? wgroa.cfg
.!!
1684 bytes copied in 13.300 secs (129 bytes/sec)
wg_ro_a# copy tftp run
Address or name of remote host []? 10.1.1.1
Source filename []? wgroa.cfg
Destination filename [running-config]?
Accessing tftp://10.1.1.1/wgroa.cfg...
Loading wgroa.cfg from 10.1.1.1 (via Ethernet0): !
[OK - 1684/3072 bytes]
1684 bytes copied in 17.692 secs (99 bytes/sec)
119
120
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-120
Introducing
Routing
121121
To route, a router needs to do the following:
• Discover the connected networks .
• Select the best paths (routes) to these networks.
• Maintain and verify routing information using a routing table.
What Is Routing ?
122122
• Routing table contains the best paths discovered by a “ routing protocol “
Routing table
123123
• Static Route
a route (path)
that a network
administrator
enters into the
router manually
• Dynamic Route
a route (path) that
a network routing
protocol discovers
automatically and
adjusted when
topology changes
Routing Protocols
124124
Routing Protocols
Static Dynamic
Direct
connected
Static
route
Default
route
IGP EGP
(EGP ,
BGP)
Distance
vector
(RIPv1 ,
IGRP)
Link
state
(OSPF ,
ISIS)
Hybrid
(EIGRP ,
RIPv2)
125125
Autonomous Systems: Interior or
Exterior Routing Protocols
126126
Routing table creation
Routing table contains only the decisions of
the best routing protocol and the best
paths to reach networks.
- The best routing protocol is elected based
on its administrative distance.
- The best paths depend on its metric
127127
Administrative Distance
it is a value between ( 0 – 255 ) that reflects the
truthfulness of routing protocol (the best protocol
has the least admin. distance)
OSPF
110
128128
Selecting the
Best Route with Metrics
- The best path
has the least
metric.
- each routing
protocol use a
metric type
(hop count , BW ,
delay , load ,
reliability , MTU)
129129
Static routing protocol
1- Direct connected networks :- Direct connected networks are automatically detected
by the router without configuration
- symbol in routing table is “ C ”
- admin. Distance = 0
10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0
10.0.0.0
11.0.0.0
11.0.0.0
12.0.0.0
12.0.0.0
13.0.0.0
C
C C
C
C
C
130130
Static routing protocol
2- Static route :
- manually you can define a path to reach a certain network
- symbol in routing table is “ S ”
- admin. Distance = 1192.168.1.0/24
192.168.1.0 S0
12.0.0.1/812.0.0.2/8
OR 192.168.1.0 12.0.0.2
Internet
131131
Static routing protocol
3- Default route :- This route allows the stub network to reach all known networks beyond router A (gateway of last resort)
- symbol in routing table is “ S* ”
192.168.1.0/24
12.0.0.1/812.0.0.2/8
12.0.0.1
Internet S0
132132
Displaying the routing table
router# show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 12.0.0.0 is directly connected, Serial0
S* 0.0.0.0/0 is directly connected, Serial0
133133
Dynamic routing protocols
Distance Vector Routing Protocols :- each router detects its direct connected networks and
form its initial routing table
- routers pass periodic copies of routing table to neighbor
routers and learn the best paths to all networks
( the paths with the least metric ) and form the final
routing table (convergence)
- after convergence periodic updates (full routing table) are
sent to indicate any change in the topology .
134134
Distance Vector Routing
Protocols
10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0
10.0.0.0 11.0.0.0 12.0.0.0
11.0.0.0
12.0.0.0
13.0.0.0
12.0.0.0
10.0.0.0
13.0.0.0
13.0.0.0
11.0.0.0
10.0.0.0
135135
Routing loops
10.0.0.0
10.0.0.0 E0 16
down
10.0.0.0 S0 16
10.0.0.0 S1 3
10.0.0.0 S0 2
- when network 10.0.0.0 fails , router A will mark its metric
by 16 (a max. hop count value to avoid counting to infinity)
and send its routing table to B after the periodic interval.
- before B sends its periodic update to C , router C sent its
routing table to B containing a path to 10.0.0.0 with a better
metric so B think that 10.0.0.0 can be reached by C while C
depends on B for that so loop occurs .
136136
Routing loops solutions
- Split Horizon :
route learned from an interface can not be
sent back on the same interface
10.0.0.0
10.0.0.0 E0 16
down
10.0.0.0 S0 16 10.0.0.0 S0 2
137137
Routing loops solutions
- Hold-down Timers :- router that informed with a failed route don’t accept any
update about it for a time equal to the hold down timer so
by the end of the timer all routers would know that route
failed ( it is useful in flapping networks ).
- hold finish if :
– The hold-down timer expires.
– Another update is received with a better metric.
10.0.0.0
10.0.0.0
10.0.0.0
138138
Routing loops solutions
- Triggered Updates :instead of sending updates after a time interval , router
sends the update as soon as a route fails or any change
occurs so other routers immediately modify their routing
tables ( this is the most used solution ).
139139
Properties of Distance Vector
Routing Protocols
- simple configuration
- low processing / memory usage
- bandwidth waste due to the periodic updates
- unreliable (no ack. for the protocol messages)
- updates are sent broadcast on all active interfaces so it may affect the hosts PCs
- classful :
do not include the subnet mask with the route advertisement and often sends a summary routes
- These are examples of distance vector protocols:
• RIP version 1 (RIPv1)
• IGRP
140140
1RIP v- distance vector routing protocol
- symbol in routing table is “ R ”
- admin. Distance = 120
- metric is hop count , metric 16 means unreachable
- full routing tables are flooded in the network till
convergence occurs (use Bellman Ford algorithm)
- after convergence , periodic updates are sent every
30 seconds
- at change , triggered update is sent
- support load balancing if many paths to the same network
exist with an equal metric
- Classful
141141
- Starts the RIP routing process
Router(config)#router rip
Router(config-router)#network direct connected network
- Advertise about the connected networks
RIP Configuration
Router# debug ip rip
142142
RIP Configuration Example
143143
Verifying the RIP Configuration
144144
Displaying the
IP Routing Table
145145
146146
State Routing Protocols-Link
10.0.0.1/8
12.0.0.1/812.0.0.2/8 13.0.0.2/8
13.0.0.1/8
15.0.0.1/814.0.0.1/8
14.0.0.2/811.0.0.2/811.0.0.1/8
Operation :-
- each router will discover its direct connected neighbors
using the “hello protocol“ (layer-3 protocol)
- each router will form a packet called link state advertisement
(LSA)
10.0.0.1/8
11.0.0.1/8
12.0.0.1/8
State , Cost C
AL S
147147
State Routing Protocols-Link
- each router will flood its LSA to all neighbors on special
multicast address then neighbors continue flooding of
the LSA’s to each other.
- each router will form the link state database (LSDB) from
the received LSA’s so all routers will have the same
LSDB form.
10.0.0.1/8
11.0.0.1/8
12.0.0.1/8
11.0.0.2/8
14.0.0.2/8
12.0.0.2/8
13.0.0.2/8
13.0.0.1/8
14.0.0.1/8
15.0.0.1/8
A
B
C
D
148148
State Routing Protocols-Link
- every router will form the Link State Tree that describe
the actual connection of the network topology then apply
the Dijekstra algorithm on the tree to form the routing table.
after convergence: -
no periodic updates
at change: -
partial triggered update for the affected route is sent so all
routers repeat the link state process.
149149
State Routing Protocols-Link
150150
tate RoutingS-Benefits of Link
– Fast convergence:
changes are reported immediately by the source affected (partial triggered updates)
– Robustness against routing loops:• Routers know the topology.
• Link-state packets are sequenced and acknowledged (reliable protocol)
– Lower bandwidth waste:
no periodic updates
– classless
151151
tate S-of Linkdisadvantages
Routing
– Significant demands for resources:
• Memory (three tables: adjacency, topology, forwarding)
• CPU (Dijkstra’s algorithm can be intensive, especially when a lot of instabilities are present.)
– Complex configuration
– Requires very strict network design (multiple areas)
152152
OSPF
• Open standard
• Shortest path first (SPF) algorithm
• Link-state routing protocol
• Use Dijkstra’s algorithm
• Administrative Distance = 110
• Metric called cost = 10^8 / BW
• Hop-count is unlimited
• Symbol in routing table is O
• Loop free protocol
• Classless routing protocol
153153
OSPF (Cont.)
• discover neighbors and maintain neighbor relationship using
hello protocol
• send hello every 10 seconds in point-to-point and broadcast
multi-access networks on multicast address 224.0.0.5 to reach
neighbors only
• dead interval = 4 hello timer (40 sec)
• send LSA’s (updates) on multicast address 224.0.0.5 (all
OSPF routers) and 224.0.0.6 (DR and BDR routers)
•Every OSPF router receives LSA updates it’s Link State
Database (LSDB) by copy of this LSA and flood it to all OSPF
neighbors except the one that send it, and then runs the
Dijkstra OSF algorithm to the new LSDB to draw the new
topology tree then form the routing table.
154154
OSPF (Cont.)
• After convergence :
no periodic updates are sent except a periodic refreshment
message for LSDB every 30 minutes
• At change :
OSPF sends a triggered update for the affected route so
OSPF process repeated again
• OSPF tables :
1- neighbor table :
contains neighbor router ID’s and maintained by Hello’s
2- topology table :
all paths to all networks
3- routing table :
best paths to all networks
155155
OSPF Hierarchical Routing
• OSPF supports Hierarchical multiple area design
• Multiple areas minimizes routing update traffic and limits the frequent SPF calculations and tends scalability to infinity
• Area 0 is the backbone area and all other areas must be connected to area 0
156156
Router ID
• every router in OSPF environment is identified by RID
• RID is 32 bit value, it is selected to be :
1- the highest IP address of loopback interface if exist(logical interface that is always up)
to configure loopback interface :
(config)# interface loopback no.(config-if)# ip address ip mask
2- if no loopback interfaces the RID will take the highest IP of the active physical interfaces when the OSPF process get started
255.255.255.255
157157
OSPF operation
1- in point to point topology : - neighbor discovery :
by sending hello messages periodically on multicast 224.0.0.5
• - for OSPF routers to be neighbors they must have:
- the same area ID
- same hello and dead intervals
- same authentication password
- route discovery :
exchange LSA’s on 224.0.0.5 so as each router has the same LSDB
- route selection :
form the routing table
158158
Broadcast Multiple Access (BMA) Operation :-2
- Neighbor Discovery : as in point to point
- DR & BDR Election:
: Designated Router is a router that has DR -
1- highest priority (range 0 – 255 , default = 1)
2- if equal priorities , DR is the highest RID
that has the second highest priority : Backup DR is a routerBDR-
or RID
Note:
- if anew router with highest priority added ,it won’t be the DR
directly (non-preemptive)
- router with priority=0 can’t be the DR or BDR
- the routers that are not DR or BDR called drothers
OSPF operation
159159
OSPF operation in BMA (cont.)
224.0.0.5Hello
new
Hellounicast
Unicast updatehere is my routing table
Ack.
Update to 224.0.0.6
here is my routing table
to other routers
- Route Selection:
- The router will form
a topology table
from all routing
tables it receives.
- Then apply the
Dijekstra algorithm
on the tree to
extract the routing
table
- Route Discovery:
form the adjacency with DR & BDR on 224.0.0.6
DR
Update to 224.0.0.5
update
160160
OSPF operation in BMA (cont.)
224.0.0.6update
new
Ack.
Ack.
- Other routers repeat
the OSPF process
(SPF tree)
DR
- At change :
to other routers
Update to 224.0.0.5
update
161
Configuring Single-Area OSPF
Router(config-router)#network network wildcard-mask area area-id
• Assigns networks to a specific OSPF area
Router(config)#router ospf process-id
• Defines OSPF as the IP routing protocol
162
OSPF Configuration Example
0
0
255 area 0
255 area 0
RouterA(config)# interface serial 0/2
RouterA(config-if)# bandwidth 64 (a value in kbps)
163
OSPF Configuration Example
164
Router#show ip ospf interface
Verifying the OSPF
Configuration
• Displays area ID and adjacency information
Router#show ip protocols
• Verifies that OSPF is configured
Router#show ip route
• Displays all the routes learned by the router
Router#show ip ospf neighbor
• Displays OSPF neighbor information on a per-interface basis
165165
OSPF debug Commands
Router#debug ip ospf events
OSPF:hello with invalid timers on interface Ethernet0
hello interval received 10 configured 10
net mask received 255.255.255.0 configured 255.255.255.0
dead interval received 40 configured 30
Router# debug ip ospf packet
OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117
aid:0.0.0.0 chk:6AB2 aut:0 auk:
Router#debug ip ospf packet
OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116
aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0
166166
167167
Hybrid Routing Protocols
168168
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-168
Determining IP Routes
Enabling EIGRP
169169
EIGRP (Enhanced IGRP)
- advanced distance vector protocol.
- Cisco proprietary.
- maintain neighbor relationship using hello protocol.
- send hello every 5 sec. on fast link (>1.54Mbps).
- send hello every 60 sec. on slow link (<1.54Mbps).
- dead interval = 3 * hello interval.
- rapid convergence by using DUAL algorithm ( store a backup
route for each best route).
- support multiple network layer protocols (IP, IPX, Apple talk).
- support equal and unequal load balancing between many
paths to the same destination network.
- admin. Distance = 90 for internal routes.
- symbol ( D ) in routing table.
170170
- Max. hop count = 224.
- Classless
- Reliable protocol.
- Have the same operation in all topologies.
- Use composite metric
- EIGRP routers to be neighbors:
1- Must have the same AS (autonomous system) number.
2- Must have the same K-values. (the same metric equation constants)
EIGRP (cont.)
– Bandwidth
– Delay
– Reliability
– Loading
– MTU
171171
- Neighbor table: List of all neighbors.
- Topology table: list of all routes to destination networks.
- Routing table: list of best routes to all destination networks.
- Successor ( S ): best route to destination network , stored in routing table and topology.
- Feasible successor (FS): backup route to destination network, stored in topology table.
- Feasible distance (FD): metric between source and destination network.
- Advertised distance (AD): metric between my neighbor and the destination network .
EIGRP terminologies
- FD = next hop metric + AD.S
FS
AD
FD
172172
EIGRP operation
224.0.0.10Hello
new
Hellounicast
Unicast updatehere is my routing table
Ack.
Update to 224.0.0.10
here is my routing table
Ack.
- The router will form
a topology table
from all routing
tables it receives.
- Then apply the
DAUL algorithm on
topology table to
extract the routing
table (S) and
calculate the
backup routes (FS).
At start up :-
173173
At change:-
EIGRP operation (cont.)
224.0.0.10update
Ack.
1- New network appear :
After convergence:-
No periodic updates are sent
174174
2- Network failure:
EIGRP operation (cont.)
- If there is a backup route (FS) :
224.0.0.10update
Ack.
The FS will be the new
successor for this rote
- If there is no backup route (FS) :
224.0.0.10query
Ack.
Yes / no
Ack.reply
Does any one know
another route to the
failed network
175175
Configuring EIGRP
Router(config-router)# network network-number [wild card mask]
• Selects participating attached networks
Router(config)# router eigrp autonomous-system
• Defines EIGRP as the IP routing protocol
176176
EIGRP Configuration Example
To advertise details (work as classles) we need to add command
(config-router)# no auto-summary
or advertise network by network using the wild card mask[wild card mask]number-networkrouter)# network -Router(config
177177
Verifying the EIGRP Configuration
Router# show ip protocols
Router# show ip route eigrp
Router# show ip eigrp traffic
Router# show ip eigrp neighbors
Router# show ip eigrp topology
• Displays the neighbors discovered by IP EIGRP
• Displays the IP EIGRP topology table (S & FS)
• Displays the number of IP EIGRP packets sent and received
• Displays current EIGRP entries in the routing table (S only)
• Displays the parameters and current state of the active routing protocol process
178178
debug ip eigrp Command
Router#debug ip eigrp
IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -
256000 104960
IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -
256000 104960
IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 -
256000 104960
IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200
IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480
IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400
IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1
IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080
IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1
179179
EIGRP Load Balancing
Router(config)# router eigrp 100
Router(config-router)#traffic share-balance
Router(config-router)# variance multiplier
- Configuration :
Metric 20
Metric 40
Metric 60
180180
2RIP v
• Advanced distance vector protocol.
• No periodic updates, only partial triggered updates.
• Updates are sent on multicast 224.0.0.9
• Classless.
• Admin. Distance = 120
• Symbol ( R ) in routing table.
• Metric = hop count.
Router(config)# router rip
Router(config-router)#network direct connected network
Router(config-router)# version 2
- Configuration :
181181
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-181
Route Summarization
182182
-It is grouping block of subnets and advertise them as a
single network address.
(single IP address represent group of contiguous subnets).
Route summarization
183183
• Advantages of route summarization:
- reduce the size of routing table for the router who know
the summary only.
- summary requires less bandwidth.
- router that know the summary don’t affected by network
instability.
Route summarization (cont.)
184184
-It is grouping of major networks into one address
Classless Inter domain Routing
(CIDR)
8.0.0.0/8
9.0.0.0/8
10.0.0.0/8
11.0.0.0/8
0000 10 00 . 0 . 0 . 0
0000 10 01 . 0 . 0 . 0
0000 10 10 . 0 . 0 . 0
0000 10 11 . 0 . 0 . 0
CIDR 8 . 0 . 0 . 0 / 6
EX :
185185
Summarizing Routes in a
Discontiguous Network
– RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets.
– OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets.
186186
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-186
Implementing Variable
Length Subnet Masks
(VLSM)
187187
- VLSM means that in a single class A, B, or C network,
more than one subnet mask is used.
- VLSM allows some subnets to be smaller and some
subnets to be larger, which reduce the waste in IP
addresses.
- VLSM allows you to apply different subnet masks to the
same class address.
- Steps :
- begin with the largest subnet
- continue giving addresses with the suitable subnet mask
Variable Length
Subnet Mask (VLSM)
188188
VLSM example
60 host
60 host
60 host
2 hosts
2 hosts
2 hosts
s1
s3
s2s5
s4
s6
- For s1, s2 , s3 to support 60
host we need 6 bits
- so subnet mask is
255.255.255.192
- hop count = 256-192 = 64
- s1 address 192.168.1.0 /26
s2 address 192.168.1.64 /26
s3 address 192.168.1.128 /26
- starting from address 192.168.1.192 give addresses to s4 , s5 , s6
- 2 hosts need 2 bits
- new subnet mask is 255.255.255.252 , hop count = 256-252 = 4
- s4 address 192.168.1.192 /30
s5 address 192.168.1.196 /30
s6 address 192.168.1.200 /30
VLSM is supported only by the
classless routing protocols
Divide network
192.168.1.0 /24
189189
190190
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—4-190
Managing IP Traffic with
Access Lists (ACL)
191191
• Manage IP traffic as network access grows
• Filter packets as they pass through the router
Access control list (ACL)
192192
- ACL is a set of commands that are grouped under certain
name or number to control traffic flow (permit or deny).
- Access list is configured on the router then activated on
interfaces.
• ACL processing:
- statements are checked from up to down.
- once a match found, no further checking.
- if no match found, the packet will be dropped due to the “ implicit deny “ statement at the end of the ACL.
- ACL must contain at least one permit statement otherwise all packets will be dropped.
- in any ACL , you can not add statement between statements (any new statements can only be added to the end of ACL).
- you can have one ACL per interface per protocol per direction.
ACL Structure
193193
Note :
- in numbered ACL, you can not delete a certain statement , only delete the whole ACL.
- In named ACL, you can delete a certain statement between statements.
ACL types
ACL
Standard ACL
Numbered
1 - 99
1300 - 1999
Named
Extended ACL
NamedNumbered
100 - 199
2000 - 2699
194194
Standard ACLs
- Configuration :
•Activates the list on an interface
•Sets inbound or outbound testing
•removes ACL from the interfacenumber-ACLgroup -no ip access
Router(config-if)# ip access-group ACL-number{in | out}
• IP standard ACLs use 1 to 99
• default wildcard mask = 0.0.0.0 (exactly match the ip address)
• 12.0.0.1 0.0.0.0 = host 12.0.0.1 & 0.0.0.0 255.255.255.255 = any
• no access-list ACL-number removes entire ACL
Router(config)# access-list ACL-number{permit|deny} source ip [w.c.mask]
- It filters the packets based on the source ip address
195195
Standard IP ACL example
12.0.0.0
A
- Deny traffic from host 172.16.4.13 to host A and permit
all other traffic.
Note:
commands
order is
important
= host 172.16.4.13
= any
196196
• control telnet access to router :
we want to restrict the telnet access from host 10.1.1.1 to
the router.
10 . 1 . 1 . 1
(config)# access-list 1 deny host 10.1.1.1
(config)# access-list 1 permit any
(config)# line vty 0 4
(config-line)# access-class 1 in
Standard ACL (cont.)
197197
Router(config)# ip access-list standard name
Router(config-std-nacl)# {permit|deny} source ip [ w.c.mask ]
Router(config-std-nacl)# no {permit|deny} source ip [w.c.mask ]
Router(config-if)# ip access-group name {in | out}
Standard Named IP ACL
• Permit or deny statements have no prepended number.
• “no” removes the specific test from the named ACL.
• Activates the named IP ACL on an interface.
198198
Host X
192.168.5.1/24Server
192.168.1.1/24
192.168.2.0/24
AC
B
- we want to restrict the user X from accessing the server.
C(config)# access-list 1 deny host 192.168.5.1
C(config)# access-list 1 permit any
C(config)# interface e0
C(config-if)# ip access-group 1 out
- Rule:
• Standard ACL is placed as close as possible to destination.
Placement of standard ACL
e0
199199
Extended ACL
- It is more flexible than standard ACL.
- extended ACL can match on:
1- source IP , destination IP.
2- TCP/IP protocols ( IP, TCP, UDP, ICMP,…….).
3- protocol information ( port no. ).
200200
Router(config-if)# ip access-group access-list-number
{in | out}
Extended IP ACL Configuration
• Activates the extended list on an interface
• Sets parameters for this list entry
Router(config)# access-list access-list-number
{permit | deny} protocol
source ip source-wildcard [operator port]
destination ip destination-wildcard [operator port]
201201
• Note:
- 0.0.0.0 is called host mask.
- 12.0.0.1 0.0.0.0 = host 12.0.0.1
- 0.0.0.0 255.255.255.255 = any
- The operator and port values :
(eq) operator means equal
(Lt) operator means less than or equal.
(gt) operator means greater than or equal.
range 10 – 80 ---- all ports between 10 , 80
- eq 80 = eq http ---- put the port number or name
Extended ACL
202202
Extended ACL example
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0– Permit all other traffic.
1
in
internet
203203
Extended ACL example
– Deny only Telnet from subnet 172.16.4.0– Permit all other traffic.
internet
1
in
204204
Router(config)# ip access-list extended name
Router(config-ext-nacl)# {permit | deny}
{ip access list test conditions}
Router(config-ext-nacl)# no {permit | deny}
{ip access list test conditions}
Router(config-if)# ip access-group name {in | out}
• Alphanumeric name string must be unique.
• Permit or deny statements have no prepended number.
• “no” removes the specific test from the named ACL.
• Activates the named IP ACL on an interface.
Extended Named ACL
205205
Host X
192.168.5.1/24
Server
192.168.1.1/24
192.168.2.0/24
AC
B
- We want to restrict the user X from accessing the server
- Rule:
• Extended ACL is placed as close as possible to source.
Placement of Extended ACL
206206
Monitoring ACL Statements
wg_ro_a#show access-lists
Standard IP access list 1
permit 10.2.2.1
permit 10.3.3.1
permit 10.4.4.1
permit 10.5.5.1
Extended IP access list 101
permit tcp host 10.22.22.1 any eq telnet
permit tcp host 10.33.33.1 any eq ftp
permit tcp host 10.44.44.1 any eq ftp-data
router# show {protocol} access-list {access-list number}
router# show access-lists {access-list number}
207207
router# show ip interfaces e0
Ethernet0 is up, line protocol is up
Internet address is 10.1.1.11/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 1
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is
disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is
disabled
<text ommitted>
Verifying ACLs
208208
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—4-208
Scaling the Network
with NAT and PAT
209209
- Address translation allows you to translate your internal private address to a public address before the packets leave your local network to the public network.
- NAT terminologies:
1- Inside local IP: an internal device that has a private IP.
2- Inside global IP: an internal device that has a public IP.
3- Outside local IP: an outside device that has a private IP.
4- Outside global IP: an outside device that has a public IP.
- Types of Address Translation:
• Static Translation.
• Dynamic Translation.
Network address translation
(NAT)
210210
Static NAT
10.0.0.112.0.0.112.0.0.110.0.0.1
10.0.0.1 12.0.0.1
NAT table is
formed
manually
translating
private IPs to
public IPs.
- Static NAT is used when outside users are trying to
access your internal resources
211211
Configuring Static Translation
• Establishes static translation between an inside local address and an inside global address
Router(config)# ip nat inside source static local-ip global-ip
• Marks the interface as connected to the inside
Router(config-if)# ip nat inside
• Marks the interface as connected to the outside
Router(config-if)# ip nat outside
212212
Static NAT Example
213213
- the router is given a pool of IPs that contains global IPs,
so every user tries to access a public network will be
given an IP from the pool.
- To configure Dynamic NAT:
1- Define the pool of IPs.
2- Define which inside addresses are allowed to be
translated. (ACL)
Dynamic NAT
214214
Configuring Dynamic NAT
• Establishes dynamic source translation, specifying the ACL that was defined in the prior step.
Router(config)# ip nat inside source
list access-list-number pool pool-name
• Defines a pool of global addresses to be allocated as needed.
Router(config)# ip nat pool name start-ip end-ip{netmask netmask | prefix-length prefix-length}
• Defines a standard IP ACL permitting those inside local addresses that are to be translated.
Router(config)# access-list access-list-number permit
source ip [source-wildcard]
215215
Dynamic NAT Example
216216
- Static or dynamic NAT provide only one to one translation while PAT supports many to one translation using port numbers.
port address translation (PAT)
internet
13.0.0.1
10.0.0.1
10.0.0.2
10.0.0.1 13.0.0.1 2000 80
10.0.0.2 13.0.0.1 3000 80
12.0.0.1 13.0.0.1 2000 80
12.0.0.1 13.0.0.1 3000 80
Inside local ipInside local
portinside global ip
inside global
port
10.0.0.210.0.0.210.0.0.1 2000
30002000 12.0.0.1
12.0.0.112.0.0.1 2000
30004000
217217
Configuring PAT
• Establishes dynamic source translation, specifying the ACL that was defined in the prior step
Router(config)# ip nat inside source list
access-list-number interface interface overload
• Defines a standard IP ACL that will be permit the inside local addresses that are to be translated
Router(config)# access-list access-list-number permit
source-ip source-wildcard
218218
Dynamic NAT Example
overload
219219
PAT Example
220220
Displaying Information with show
Commands
• Displays translation statistics
Router# show ip nat statistics
• Displays active translations
Router# show ip nat translations
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global
--- 172.16.131.1 10.10.10.1 --- ---
Router#show ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0, Serial2.7
Inside interfaces:
Ethernet1
Hits: 5 Misses: 0
…
221221
Using the debug ip nat
Command
Router#debug ip nat
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852]
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827]
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313]
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
222222
223223
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—1-223
Switching
224224
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—1-224
Spanning Tree
Protocol
IEEE 802.1D
225225
loops2 Layer
MAC port
A
A
3
1• Solution : using Spanning tree protocol (STP)
226226
- provides a loop-free redundant network topology by
placing certain ports in the blocking state (logical blocking)
- STP protocol enables switches to become aware
of each other so they can negotiate a loop free path.
- when the used path fails the STP opens the blocked port
(activate the other path)
Spanning Tree Protocol
227227
1- BPDU Flooding:
- BPDUs (bridge protocol data unit) are flooded from each
switch to the other switches on a well known multicast
MAC address.
- every switch will take a copy of the BPDU and resend it to
other switches.
- every switch will form a database from all the BPDUs.
- BPDU is sent every two seconds.
Spanning Tree Operation
Port IDaccumulated
path cost
bridge ID
(BID)BPDU
228228
- Root bridge is the bridge with the lowest bridge ID
- Bridge ID =
2- Root Bridge election
2 bytes
default = 32768
Spanning Tree Operation (cont.)
priority Bridge MAC address
- Root bridge has the lowest priority ,
if equal priorities then it has the lowest MAC address
- after election, the root bridge only sends the BPDUs every 2 sec.
6 bytes
229229
3- Root port election: (RP)
- each non-root switch will elect the best port to reach the root
switch.
- Root port is the port having:
1- the lowest accumulative path cost to the root switch.
2- If equal costs, it is the port that closer to the second
lowest switch BID.
3- if equal , it is the port that has the lowest serial number
Spanning Tree Operation (cont.)
230230
Spanning Tree Operation (cont.)
RP
5
RP
RP4
6
8
7
3
21 A
B C
D
assume BID of
A < B < C < D A
is Root bridge
to get RP :
which port is
closer to A ?
(compare 4,6)
(compare 3,5)
(compare 7,8)
root bridge
231231
4- Designated port election: (DP)
- DP has the lowest accumulative path cost from the root switch on every LAN segment.
5- Blocked Port: (BP)
- It is the port that neither RP nor DP.
- BP will logically blocked till any change happen.
Spanning Tree Operation (cont.)
232232
Spanning Tree Operation (cont.)
RP
5
RP
RP4
6
8
3
21 A
B C
D
blocked port BP
is not RP or DP
(port 8)
to get DP :
which port is
closer to A ?
(compare 1,3)
(compare 2,4)
(compare 5,7)
(compare 6,8)
root bridge
7
DPDP
DP DP
BP
233233
after convergence :
• ports are either forwarding (RP , DP) or blocked (BP)
• a blocked port keeps listening to BPDUs, if for 20 sec.
(Max. age time =10 BPDUs) hasn’t receive a BPDU,
then the port will automatically change its state
(move to listening state).
at change :
• the first switch which feels the change sends a BPDU
called TCN (Topology change notification) destined the
root switch indicating the change.
• the Root switch sends a configuration BPDU with TCN
flag to all switches then the STP will be recalculated.
• if a new switch added with a lower priority , it will be the
root switch
Spanning Tree Operation (cont.)
234234
• Spanning tree transits each port through several
different states:
Spanning Tree Port States
STP convergence
time is from
30 sec. to 50 sec.
235235
w)1.802Rapid STP (IEEE
• RSTP significantly speeds the recalculation of the spanning tree when the network topology change.
• to enhance the convergence time, RSTP :
1- elects a backup port for every RP or DP.
2- merges the Blocking state and Listening state into one state called Discarding state.
236236
tree command-the show spanning
237
Configuring the Root Bridge
238238
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—2-238
Virtual LANs (VLAN)
239239
Before VLANs:
- All switch ports are in single broadcast domain
After VLANs:
- each VLAN is a single broadcast domain and one logical subnet.
- VLANs provides:
1- Segmentation
2- Flexibility
3- Security
Virtual LANs (VLANs)
240240
VLAN = Broadcast Domain = Logical Network (Subnet)
VLAN Overview
• Segmentation
• Flexibility
• Security
241241
• Traffic can be transferred between only the same VLANs
on different switches.
• To transfer traffic between different Vlans , a router should
be used
• Trunks carry traffic for multiple VLANs.
VLAN Operation
242242
1- Static VLAN membership:
- assign certain port to a certain VLAN ( port based VLAN )
- by default, all ports of the switch are assigned to VLAN 1
(native VLAN).
2- Dynamic VLAN membership:
- assign certain MAC to a certain VLAN ( MAC based VLAN )
- even if the PC changes its port on the switch , the PC still be
connected to its VLAN.
- This is done by using VMPS ( VLAN membership policy
server ).
VLAN membership
243243
1- Access port:
- It is a port which is member in only one Vlan.
ex: a switch port that connected to a pc.
2- Trunk port:
- switch port that is member in all Vlans by default.
ex: a switch port that connected to another switch.
VLAN connection (Port) types
244244
Vlan 1
Vlan 2
Vlan 1
Vlan 2
- if host B sends a broadcast to Vlan 2, the frames will be passed to
port 4 on switch F over the trunk link .
- the switch F will broadcast the frames to all ports 5,6 although port
6 is not a member in Vlan 2 because it doesn’t know the source
VLAN of the frame.
- Solution:
trunk add a field that identify the source Vlan ID to the frame
4
Trunking problem
A
B2
3
1 5
6
C
DE F
AB
C,D
123
12
all
CD
A,B
564
12
all
MAC port VLAN MAC port VLAN
Trunk
245245
- to provide inter VLAN communication , frame tagging is
used to identify the frame source VLAN .
- Tagging methods:
1- ISL (Inter switch Link) for Ethernet.
2- IEEE 802.1q (dot1q) for Ethernet.
3- LANE for ATM.
4- IEEE 802.10 for FDDI.
- so for Ethernet we concerns on ISL and dot1q methods.
VLAN trunking Methods
246246
ISL (Inter switch link)-1
- Cisco proprietary
- It encapsulates the original Ethernet frame with 30 bytes.
- 26 bytes header (contains 10 bits Vlan id) and 4 bytes trailer
- Vlan range: 0 – 1023 Vlan
- Vlan 1 - 1001 for Ethernet.
- Vlan 1002 - 1023 reserved .
( ex : 1002 - 1005 for token ring and FDDI )
- ISL is not supported now by Cisco.
247247
- add 4 bytes tagging to the Ethernet frame and recalculate
new CRC.
- Vlan ID is 12 bits inside the Tag field so, the Vlan range is
0 - 4095.
- dot1q makes less overhead on frame than ISL.
- dot1q can support both tagged and untagged frames,
where the untagged Vlan traffic belongs to the Native Vlan
- by default, Native Vlan is VLAN 1.
- Native Vlan is a management Vlan where all management
traffic between switches are sent through it.
( BPDU, STP, VTP,….. ).
q)1q (dot1.802IEEE -2
248248
- We have to use a router to route between different VLANs.
Method 1:
- Inter VLAN routing using access ports.
- Disadvantage:
for each Vlan you need 1 router interface and 1 switch port.
Inter VLAN routing
Vlan1
Vlan2
Vlan3
Vlan1
Vlan2
Vlan3
VLAN configuration:
1- Create VLAN.
2- Naming VLAN (optional).
3- Assign ports to VLAN.
249249
To create and name VLAN:
- New method
(config)# vlan <vlan id>
(config-vlan)# name <name>
- Old method
# vlan database
(vlan)# vlan <valn id> [name <name>]
To assign port to vlan:
(config)# int <int. name>
(config-if)# switchport mode access
(config-if)# switchport access vlan <vlan id>
VLAN configuration
250
To create and name VLAN:
Global Mode
Database Mode
VLAN configuration
To assign port to vlan:
(config)#interface fastethernet 0/2
(config-if)#switchport mode access
(config-if)#switchport access vlan 3
251251
- Method 2:
- Router on stick:
Inter VLAN routing (cont.)
- Router sub-interface e0/0.1 configuration:
Router(config)# int e0/0.1
Router(config-if)# encapsulation {isl | dot1q} <vlan id>
Router(config-if)# ip address <ip> <mask>
Vlan1
Vlan2
Vlan3
trunk
e0/0.1e0/0.2e0/0.3
fa1/1
- Switch port fa1/1 configuration:
Switch(config)# int fa1/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation {isl | dot1q}
252
Routing Between VLANs
Q Trunks1.802with
VLAN 3VLAN 2
3
3
253253
Verifying a VLAN
switch# show vlan [brief | id vlan-id | name vlan-name]
254254
Configuring the Switch IP Address
(config)# interface vlan 1
(config-if)# ip address <ip address> <mask>
(config-if)# no shutdown
• Configures an IP address and subnet mask for the switch VLAN1 interface to allow ping and telnet to switch
switch# show interfaces vlan 1
Vlan1 is up, line protocol is up
Hardware is CPU Interface, address is 0008.a445.9b40
(bia 0008.a445.9b40)
Internet address is 10.2.2.11/24
255255
switch(config)# ip default-gateway <ip address>
• Configures the switch default gateway for the 2950 series switches
Configuring the Switch Default Gateway
Setting Duplex Options
switch(config)# interface fa0/1
switch(config-if)# duplex {auto | full | half}
Switch# show interfaces fa0/1
256
Per VLAN Spanning Tree PVST+
257257
Verifying STP for a VLAN
258258
Verifying a Trunkswitch# show interfaces fa0/11 switchport
Name: Fa0/11
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
switch# show interfaces fa0/11 trunk
Port Mode Encapsulation Status
Native vlan
Fa0/11 desirable 802.1q trunking
Port Vlans allowed on trunk
Fa0/11 1-4094
Port Vlans allowed and active in management
domain
Fa0/11 1-13
259259
• Cisco introduces an easy administration method to transfer Vlan
information between switches connected on the same domain
without repeating commands on all switches.
• VTP manages addition, deletion, and modification of Vlan
information in a certain VTP domain.
• VTP has a messaging system that advertises VLAN
configuration information from one switch to all others
• maintains VLAN configuration consistency throughout a common
administrative domain
• sends advertisements on trunk ports only
VTP (VLAN Trunknig Protocol)
- VTP domain:
Area with common VLAN requirements
(all switches have the same function and VLAN policy).
The switch can only be in one VTP domain.
260260
- VTP Modes:
1- server mode: default mode on switch
- can add, delete, modify Vlans
- generate VTP messages to apply this configuration on the
other switches.
2- client mode:
- can not add, delete, modify Vlans
- accept VTP messages and apply it on itself then forward it
- can not generate VTP messages
3- transparent mode:
- can add, delete, modify Vlans locally (by console
configuration) and can not generate VTP messages
- forward VTP messages without applying it on itself
VTP modes
261261
• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the latest
revision number (highest number overrides lower ones).
• VTP advertisements are sent every 5 minutes or when
there is a change.
VTP Operation
262262
• Increases available bandwidth by reducing unnecessary flooded traffic
• Example: Station A sends broadcast, and broadcast is flooded only
toward any switch with ports assigned to the red VLAN
VTP Pruning
263263
VTP configuration
New Method
switch(config)# vtp mode [ server | client | transparent ]
switch(config)# vtp domain <domain-name>
switch(config)# vtp password <password>
switch(config)# vtp pruning
switch(config)# end
switch# vlan database
switch(vlan)# vtp [ server | client | transparent ]
switch(vlan)# vtp domain <domain-name>
Old Method
264
Switch(config)#vtp domain ICND
Switch(config)#vtp mode transparent
Switch#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 64
Number of existing VLANs : 17
VTP Operating Mode : Transparent
VTP Domain Name : ICND
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x6E 0x5E 0x3D 0xAF 0xA0 0x2F
0xAA
Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05
Switch#
VTP Troubleshooting
265
DTP (Dynamic Trunking Protocol)
• It negotiates a common trunking mode between two
switches by sending periodic messages every 30 sec.
• The router can never participating in DTP.
• #show dtp
Trunk ?
(config-if)# switchport {mode dynamic {auto | desirable} | nonegotiate}
266266
DTP Mode Generate DTP
frames
Trunking
Access
Trunk
Dynamic
desirable
Dynamic auto
Nonegotiate
Yes in case that other side:
-Trunk.
-Desirable.
-Auto.
Yes in case that other side:
-Trunk.
-Desirable.
267267
Managing the MAC Address Table
switch# show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0008.a445.9b40 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0008.e3e8.0440 DYNAMIC Fa0/2
Total Mac Addresses for this criterion: 5
Setting a Static MAC Address
switch(config)# mac-address-table static
<mac-address> vlan <vlan-id>
interface <interface-id>
268268
Configuring Port Security
switch(config-if)# switchport port-security
[mac-address <mac-address>] | [maximum value] |
[violation {protect |restrict | shutdown}]
switch(config)# interface fa0/1
switch(config-if)# switchport mode access
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security maximum 1
switch(config-if)# switchport port-security mac-address
0008.eeee.eeee
switch(config-if)# switchport port-security violation
shutdown
269269
switch# show port-security interface <interface-id>
Verifying Port Security on the Catalyst 2950 Series
switch# show port-security interface fastethernet 0/5
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 20 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address : 0000.0000.0000
Security Violation Count : 0
270270
271271
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—5-271
Introducing Wide Area
Networks
272272
WAN Overview
- WANs connects remote sites over large geographical area by using the infrastructure of the service provider.
- WANs are a L2 technologies concern by hop-to-hop delivery
- Connection requirements vary depending on user requirements, cost, and availability.
273273
• Provider assigns connection parameters to subscriber
Interfacing Between
WAN Service Providers
274274
- DTE: data terminal equipment, It is a source of data.
- DCE: data communication (circuit) equipment, a device that
terminates a connection and provides clocking &
synchronization for the connection.
- Demarcation point: this is where the responsibility of the
service provider is passed to you (logical boundary)
- CPE: customer premises equipment, this is your own
network equipments which include DTE & DCE.
- Local loop: this is the connection from the carrier’s switch to
the demarcation point.
- CO switch : central office switch (WAN switch)
- Toll network: this is the carrier infrastructure.
terminologiesWAN
275275
WAN connections
WAN connection types
Dedicated
(leased line)Broadband
(Satellite,
Wireless,
cable modem,
DSL)
Packet switching
(X.25 , Frame relay
, ATM)
Circuit switching
(analog modem ,
ISDN)
276276
Serial Point-to-Point Connections
277277
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—5-277
Configuring Serial Point-
To-Point Encapsulation
278278
• supports only single-protocol environments
HDLC Frame Format
• uses a proprietary data field to supportmultiprotocol environments (but is a Cisco proprietary)
• default encapsulation method on Cisco routers
279279
Router(config-if)# encapsulation hdlc
• enables HDLC encapsulation
• uses the default encapsulation on synchronous
serial interfaces
Configuring HDLC Encapsulation
280280
• Overview:
- data link layer protocol used on point to point WAN
connections.
- used in dedicated and circuit switching technologies
- works with synchronous & asynchronous serial
connections.
- support multiple network layer protocols.
- open standard by IETF. (RFC 1332, 1661 & 2153)
- PPP frame format :
Point to point protocol (PPP)
Flag address control protocol Payload FCS
281281
1- Link control protocol (LCP) :
- responsible for negotiating & maintaining a PPP connection
including some options (establish, configure, negotiate
options, test, terminate the PPP connection).
- LCP options are:
authentication, compression, multilink, call back,
error detection
2- Network control protocol:
- negotiate the upper layer protocols that will be used during
the PPP connection.
PPP components
282282
PPP operation
Open connection
OK
Negotiate options
What is my IP ?
Your IP is ….
What is my IPX ?
No IPX
LCP
NCP
283283
1- Authentication:
a- PPP authentication protocol (PAP):
- 2 way handshaking
- 1 way authentication
PPP options
client server
284284
PAP configuration:-
Client configuration :
(config-if)# encapsulation ppp
(config-if)# ppp authentication pap
(config-if)# ppp pap sent username <client username>
password <password>
Server configuration:
(config)# username <client username> password <password>
(config-if)# encapsulation ppp
(config-if)# ppp authentication pap
1- Authentication (cont.)
285285
b- Challenge handshake authentication protocol (CHAP):
- 3 way handshaking.
- 2 way authentication.
1- Authentication (cont.)
286286
(config)# hostname <local name>
(config)# username <remote name> password <password>
(config-if)# ppp authentication chap
CHAP configuration:-
1- Authentication (cont.)
Router(config-if)#ppp authentication
{chap | chap pap | pap chap | pap}
• Enables PAP or CHAP authentication
287287
CHAP Configuration Example :-
1- Authentication (cont.)
288288
Router#show interface s0
Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open
Open: IPCP, CDPCP
Last input 00:00:05, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
38021 packets input, 5656110 bytes, 0 no buffer
Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
38097 packets output, 2135697 bytes, 0 underruns
0 output errors, 0 collisions, 6045 interface resets
0 output buffer failures, 0 output buffers swapped out
482 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying the HDLC and PPP encapsulation configuration :-
1- Authentication (cont.)
289289
• debug ppp authentication shows successful CHAP output.
Verifying PPP Authentication :-
1- Authentication (cont.)
290290
- B.W aggregation by combining multiple physical
interfaces into one link (logically).
- splitting L3 packets & send fragments over parallel links.
- Configuration:
(config-if)# ppp multilink.
2- Multilink :
PPP options (cont.)
291291
3- Call back:
- enable a router to place a call and request call back.
- once the request is made, the call disconnect and the other router (server) dial the router (client) back.
4- Compression:
- to improve the throughput on slower links.
- PPP compression support :
1- Stack
2- Predictor
3- MPPC (Microsoft point to point)
4- TCP header
PPP options (cont.)
292292
5- Error detection:
- using LQM (link quality monitor)
- getting a ratio between corrupted frames and the total no. of frames sent.
- if this ratio is more than certain reference no., the link will be dropped.
6- Looped link detection:
- using Magic no.
- every router have a magic no.
- if the router receives a frame have its own magic no., then the link is looped & would go down.
PPP options (cont.)
293293
#debug ppp negotiation.
#debug ppp authentication.
Troubleshooting
# show interface s0/0.
the status of interface, encapsulation, LCP state, NCP state.
294294
295295
© 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—6-295
Frame Relay
296
Frame Relay topology
•connections made by virtual circuits
•connection-oriented service
297297
- FR is a data link layer protocol packet switching technology.
- defines only the interaction between the CPE and the FR
switch.
- FR is a multiple access technology depending on the virtual
circuit concept.
- FR is a connection oriented protocol through the FR feature
called LMI.
- Encapsulation protocol is LAPF , LAPF types are :
1- Cisco
2- IETF
- note : the same encapsulation type must be used in the
source and destination routers
Frame Relay overview
298
• Frame Relay default: nonbroadcast multiaccess (NBMA)
Frame Relay Topologies
299299
- DLCI number :
- DLCI ( data link connection identifier ) is the VCID of the FR (the L2 path address)
- DLCI no. is a local significant
- different DLCI’s on the same path doesn’t affect the connection
Frame Relay addressing
DLCI 100
DLCI 200
DLCI 300
DLCI 400
300300
• LMI (Local Management Interface) :
- signaling protocol between the router and the FR switch.
- used for management purpose and allows directly connected devices to share the information about the status of VCs as well as their configuration.
- It is used so as a router can get its local DLCI from the FR switch.
- LMI types:
1- Cisco
2- ANSI (Annex-D)
3- Q.933a (Annex-A) (ITU-T)
- Note :
different LMI type on the same path doesn’t affect the connection
Frame Relay management
301
- LMI status :
1- Active : connection using this DLCI is all right
2- Inactive : there is a problem in the remote site
3- Deleted : there is a problem in your local site
Frame Relay management (cont.)
302302
- To map between destination ip and its DLCI :
1- manual resolution :
mapping between the DCLI no. and the next hop ip address
using configuration.
(config-if)# frame-relay map <protocol> <next hop address>
<dlci no.> [broadcast] [ietf]
2- Dynamic Resolution. (Inverse ARP) :
allows the router to automatically discover the address of
next hop on each VC that in active state.
Frame Relay Address Mapping
303
LMI Signaling and Inverse ARP
304
Inverse ARP (cont.)
305
– Use LMI to get locally significant DLCI from the Frame Relay switch.
– Use Inverse ARP to map the local DLCI to the remote router network layer address.
Inverse ARP (cont.)
306
Reachability Issues with Routing
Updates
• Problem:
– Broadcast traffic must be replicated for each active connection.
– Split-horizon rule prevents routing updates received on
an interface from being forwarded out the same interface.
307
Resolving Reachability Issues
• split horizon can cause problems in NBMA environments.
• solution: sub-interfaces can resolve split-horizon issues.
• a single physical interface simulates multiple logical interfaces.
• each corresponding peers are in a separate subnet
• don’t assign ip address to the main interface
Use sub-interfaces
308
Configuring Subinterfaces
– Point-to-point :
• Subinterfaces act like leased lines.
• Each point-to-point subinterface requires its own subnet.
• Point-to-point is applicable to hub-and-spoke topologies.
•
– Multipoint :
• Subinterfaces act like NBMA networks, so they do not resolve the
split-horizon issues.
• Multipoint can save address space because it uses a single subnet.
• Multipoint is applicable to partial mesh and full mesh topologies.
309309
(config)# int s0/0
(config-if)# encapsulation frame-relay [cisco / ietf]
(config-if)# frame-relay lmi-type { cisco / q933a / ansi }
(config-if)# frame-relay map <protocol> <next hop address>
<dlci no.> [broadcast] [ietf]
Sub-interface configuration:
(config)# int s0/0.1 [ point-to-point / multipoint ]
(config-subif)# frame-relay interface dlci <dlci no.>
Frame Relay configuration
310
Configuring a Static Frame Relay
Map
311
Point -to-Configuring Point
Subinterfaces
312
Multipoint Subinterfaces
Configuration Example
313
Verifying Frame Relay Operation
Router#show interfaces name
• Displays information about Frame Relay DLCIs and the LMI
Router#show frame-relay lmi [int.name]
• Displays LMI statistics
Router#show frame-relay map
• Displays the current Frame Relay map entries
Router#show frame-relay pvc [int.name [dlci]]
• Displays PVC statistics
Router#show frame-relay traffic
• Displays Frame Relay traffic statistics
314
show interfaces Example
– Displays line, protocol, DLCI, and LMI information
Router#show interfaces s0Serial0 is up, line protocol is up
Hardware is HD64570
Internet address is 10.140.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
<Output omitted>
315
– Displays LMI information
Router#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100
Num Update Status Rcvd 0 Num Status Timeouts 0
relay lmi Example-show frame
316
– Displays PVC traffic statistics
relay pvc Example-show frame
Router#show frame-relay pvc 100
PVC Statistics for interface Serial0 (Frame Relay DTE)
DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 28 output pkts 10 in bytes 8398
out bytes 1198 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 10 out bcast bytes 1198
pvc create time 00:03:46, last time pvc status changed 00:03:47
317
– Displays the route maps, either static or dynamic
Router# show frame-relay mapSerial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic,
broadcast,, status defined, active
relay map Example-show frame
318318
Troubleshooting Basic Frame Relay
Operations
• Displays LMI debug information
Router#debug frame-relay lmiFrame Relay LMI debugging is onDisplaying all Frame Relay LMI dataRouter#1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8C 8B1w2d:1w2d: Serial0(in): Status, myseq 1401w2d: RT IE 1, length 1, type 11w2d: KA IE 3, length 2, yourseq 140, myseq 1401w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8D 8C1w2d:1w2d: Serial0(in): Status, myseq 1421w2d: RT IE 1, length 1, type 01w2d: KA IE 3, length 2, yourseq 142, myseq 1421w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0
319319
Frame Relay Traffic Shaping
• CIR : committed information rate
• EIR : excessive information rate
• Rate < CIR , DE = 0
• CIR < Rate < EIR , DE = 1
• Rate > EIR , Frame will be dropped
• DE : discard eligibility
• FECN : forward explicit congestion notification
• BECN : backward explicit congestion notification
DE FECN BECNLAPF
320320
321
802.11b 802.11g 802.11a
Ratified 1999 2003 1999
Frequency band 2.4 GHz 2.4 GHz 5 GHz
No of channels 3 3 Up to 12
Transmission DSSS DSSS OFDM OFDM
Data rates
[Mbps]
1, 2, 5.5,
11
1, 2, 5.5,
11
6, 9, 12, 18,
24, 36, 48,
54
6, 9, 12, 18,
24, 36, 48, 54
Throughput
[Mbps]Up to 6 Up to 22 Up 28
Differences between WLAN standards
322
In IEEE 802.11 terminology, any group of wireless devices is known as a service set.
The devices must share a common service set identifier (SSID), which is a text string
included in every frame sent.
If the SSIDs match across the sender and receiver, the two devices can communicate.
This is a summary of the different WLAN topologies:
Ad hoc mode:
This mode is called Independent Basic Service Set
(IBSS). Mobile clients connect directly without an
intermediate access point.
Infrastructure mode: In infrastructure mode, where
clients connect through an access point, there are two
modes:
— Basic Service Set (BSS): Mobile clients use a single
access point for connectivity to each other or to wired
network resources.
— Extended Services Set (ESS): In this mode, two or
more Basic Service Sets are connected by a common
distribution system. An Extended Services Set generally
includes a common SSID to allow roaming from access
point to access point without requiring client
configuration.
Recommended