Cisco Static Routes FAQ

7/30/2019 Cisco Static Routes FAQ

1/35


2/35

: How to configure static routes on Cisco routers? You can configure two types of routing on the router- static and dynamic to send the traffic to destination. Static route tellthe network devices about exact location (hard-coded destination). Static routers can work well with small network but in

large scale network dynamic routing is the best choice. Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.

From the global configuration mod e, configure the hostnamethen configure the console and enable passwords on each router.

To configure static routes, first enter global configuration mode to run the following commands.

Configure the Static Routes on Router A.


3/35

First run the command show ip route to view the IP routing table for router A before defining static routes

RouterA#configure terminal (enter in global configuration mode)

RouterA(config)#ip route 15.0.0.0 255.0.0.0 10.1.1.2 (define static routing on Router A)



RouterA(config)#exit

RouterA#

Now run the command show ip route on router A to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router B.

First run the command show ip route to view the IP routing table for router B before defining static routes

RouterB#configure terminal (enter in global configuration mode)

RouterB(config)#ip route 20.0.0.0 255.0.0.0 10.1.1.1 (define static routing on Router B)



RouterB(config)#exit

RouterB#


4/35

Now run the command show ip route on router B to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router C.

First run the command show ip route to view the IP routing table for router C before defining static routes

RouterC#configure terminal (enter in global configuration mode)

RouterC(config)#ip route 10.0.0.0 255.0.0.0 15.1.1.1 (define static routing on Router C)



RouterC(config)#exit

RouterC#

Now run the command show ip route on router C to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router B.

First run the command show ip route to view the IP routing table for router B before defining static routes

RouterB#configure terminal (enter in global configuration mode)





5/35

RouterB(config)#exit

RouterB#

Now run the command show ip route on router B to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router C.

First run the command show ip route to view the IP routing table for router C before defining static routes

RouterC#configure terminal (enter in global configuration mode)




RouterC(config)#exit

RouterC#

Now run the command show ip route on router C to view the IP routing table (directly connected + static routes) detail.

Spanning-Tree Protocol (STP) prevents loops from being formed when switches or bridgesare interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE

algorithm by exchanging BPDU messages with other switches to detect loops, and thenremoves the loop by shutting down selected bridge interfaces. This algorithm guarantees

that there is one and only one active path between two network devices.

(Spanning Tree Algorithm is used to calculate a loop-free path.

All switch ports are in blocking mode to begin with. It takes approx 30seconds until packets can be forwarded.


6/35

Step 1 : Elect Root Bridge - Lowest bridge priority, if there is a tie thenswitch with lowest bridge ID

Step 2 : Elect Root Ports - Locate redundant paths to root bridge; block allbut on root. Root Path Cost is cumulative cost of path to root bridge. Portsdirectly connected to Root Bridge will be root ports, otherwise lowest root

path cost used.Step 3 : Elect Designated Ports - Single port that sends and receives traffic

from a switch to and from Root Bridge - Lowest cost path to Root Bridge.

Spanning Tree Overview

There can only be one Root Bridge.

Root-Bridge ports are called 'Designated' and are set to send and receivetraffic (forwarding state). All other redundant links to the root bridge are

shutdown.

Blocked ports still receive BPDUs.

Convergence occurs when switches have transitioned to either forwardingor blocking states. No other data is forwarded during this time.

Forward delay - Time taken for a switch to go from Listening to Learning (50seconds default).

IEEE default priority = 32,768, this is true for all devices running STP IEEE

version.

Port Fast Mode - Immediately brings a port from blocking to forwardingstate by eliminating forward delays.

Bridges can only have one spanning tree instance compared to switcheswhich can have many.

Bridge Protocol Data Units send confirmation messages using multicastframes.)

IntroductionSpanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE

802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used


7/35

Although this document uses Cisco Catalyst 5500/5000 Switches, the spanning tree principles that the documentpresents are applicable to almost all devices that support STP.

For the examples, this document used:

A console cable that is suitable for the Supervisor Engine in the switch

Six Catalyst 5509 Switches

The information in this document was created from the devices in a specific lab environment. All of the devices used inthis document started with a cleared (default) configuration. If your network is live, make sure that you understand the

potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Theory

The configurations in this document apply to Catalyst 2926G, 2948G, 2980G, 4500/4000, 5500/5000, and 6500/6000Switches that run Catalyst OS (CatOS). Refer to these documents for information on the configuration of STP on other

switch platforms:

Configuring STP and IEEE 802.1s MST (Catalyst 6500/6000 Switches that run Cisco IOS Software)

Understanding and Configuring STP (Catalyst 4500/4000 Switches that run Cisco IOS Software)

Configuring STP section of Configuring the System (Catalyst 2900XL/3500XL Switches)

Configuring STP (Catalyst 3550 Switches)

Configuring STP (Catalyst 2950 Switches)

Network Diagram

This document uses this network setup:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010ff7a.shtmlhttp://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010ff7a.shtmlhttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/spantree.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/spantree.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/8aew/configuration/guide/spantree.html#wp1020334http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/8aew/configuration/guide/spantree.html#wp1020334http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.html#wp1047851http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_8_ea1/configuration/guide/swstp.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_8_ea1/configuration/guide/swstp.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgstp.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgstp.htmlhttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/spantree.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/8aew/configuration/guide/spantree.html#wp1020334http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.html#wp1047851http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc3/swg/Swgsyst.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_8_ea1/configuration/guide/swstp.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgstp.htmlhttp://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008010ff7a.shtml


8/35

ConceptsSTP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most

popular and widely implemented. You implement STP on bridges and switches in order to prevent loops in the network.Use STP in situations where you want redundant links, but not loops. Redundant links are as important as backups in thecase of a failover in a network. A failure of your primary activates the backup links so that users can continue to use the

network. Without STP on the bridges and switches, such a failure can result in a loop. If two connected switches run

different flavors of STP, they require different timings to converge. When different flavors are used in the switches, itcreates timing issues between Blocking and Forwarding states. Therefore, it is recommended to use the same flavors of

STP. Consider this network:

In this network, a redundant link is planned between Switch A and Switch B. However, this setup creates the possibility of a bridging loop. For example, a broadcast or multicast packet that transmits from Station M and is destined for Station N

simply continues to circulate between both switches.

However, when STP runs on both switches, the network logically looks like this:

This information applies to the scenario in the Network Diagram :

Switch 15 is the backbone switch.

Switches 12, 13, 14, 16, and 17 are switches that attach to workstations and PCs.

The network defines these VLANs:

1

200

201

202

203

204

The VLAN Trunk Protocol (VTP) domain name is STD-Doc.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml#diaghttp://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml#diag


9/35

In order to provide this desired path redundancy, as well as to avoid a loop condition, STP defines a tree that spans all theswitches in an extended network. STP forces certain redundant data paths into a standby (blocked) state and leaves other

paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP reconfigures the network andreroutes data paths through the activation of the appropriate standby path.

Description of the Technology

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network.All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from

the perspective of this root bridge. A switched environment, which is different from a bridge environment, most likelydeals with multiple VLANs. When you implement a root bridge in a switching network, you usually refer to the root bridge

as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. Theroots for the different VLANs can all reside in a single switch or in various switches.

Note: The selection of the root switch for a particular VLAN is very important. You can choose the root switch, or you canlet the switches decide, which is risky. If you do not control the root selection process, there can be suboptimal paths in

your network.

All the switches exchange information for use in the root switch selection and for subsequent configuration of the

network. Bridge protocol data units (BPDUs) carry this information. Each switch compares the parameters in the BPDUthat the switch sends to a neighbor with the parameters in the BPDU that the switch receives from the neighbor.

In the STP root selection process, less is better. If Switch A advertises a root ID that is a lower number than the root IDthat Switch B advertises, the information from Switch A is better. Switch B stops the advertisement of its root ID, and

accepts the root ID of Switch A.

Refer to Configuring Optional STP Features for more information about some of the optional STP features, such as:

PortFast

Root guard

Loop guard

BPDU guard

STP Operation

Task

Prerequisites

Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most

powerful switch, but choose the most centralized switch on the network. All data flow across the network is from theperspective of this switch. Also, choose the least disturbed switch in the network. The backbone switches often serve asthe spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within

the network are less likely to affect these switches.

After you decide on the root switch, set the appropriate variables to designate the switch as the root switch. The onlyvariable that you must set is thebridge priority. If the switch has a bridge priority that is lower than all the other switches,

the other switches automatically select the switch as the root switch.

Clients (end stations) on Switch Ports

You can also issue the set spantree portfast command, on a per-port basis. When you enable the portfast variable on a

port, the port immediately switches from blocking mode to forwarding mode. Enablement of portfast helps to preventtimeouts on clients who use Novell Netware or use DHCP in order to obtain an IP address. However, do not use thiscommand when you have switch-to-switch connection. In this case, the command can result in a loop. The 30- to 60-

second delay that occurs during the transition from blocking to forwarding mode prevents a temporal loop condition inthe network when you connect two switches.
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html#wp1022412http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html#wp1022412http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html#wp1022412


10/35

Leave most other STP variables at their default values.

Rules of Operation

This section lists rules for how STP works. When the switches first come up, they start the root switch selection process.Each switch transmits a BPDU to the directly connected switch on a per-VLAN basis.

As the BPDU goes out through the network, each switch compares the BPDU that the switch sends to the BPDU that the

switch receives from the neighbors. The switches then agree on which switch is the root switch. The switch with thelowest bridge ID in the network wins this election process.

Note: Remember that one root switch is identified per-VLAN. After the root switch identification, the switches adhere tothese rules:

STP Rule 1All ports of the root switch must be in forwarding mode.

Note: In some corner cases, which involve self-looped ports, there is an exception to this rule.

Next, each switch determines the best path to get to the root. The switches determine this path by a comparison of theinformation in all the BPDUs that the switches receive on all ports. The switch uses the port with the least amount of

information in the BPDU in order to get to the root switch; the port with the least amount of information in the BPDU is theroot port. After a switch determines the root port, the switch proceeds to rule 2.

STP Rule 2The root port must be set to forwarding mode.

In addition, the switches on each LAN segment communicate with each other to determine which switch is best to use inorder to move data from that segment to the root bridge. This switch is called the designated switch.

STP Rule 3In a single LAN segment, the port of the designated switch that connects to that LAN segment must beplaced in forwarding mode.

STP Rule 4All the other ports in all the switches (VLAN-specific) must be placed in blocking mode. The rule only appliesto ports that connect to other bridges or switches. STP does not affect ports that connect to workstations or PCs. These

ports remain forwarded.

Note: The addition or removal of VLANs when STP runs in per-VLAN spanning tree (PVST / PVST+) mode triggersspanning tree recalculation for that VLAN instance and the traffic is disrupted only for that VLAN. The other VLAN parts of

a trunk link can forward traffic normally. The addition or removal of VLANs for a Multiple Spanning Tree (MST) instancethat exists triggers spanning tree recalculation for that instance and traffic is disrupted for all the VLAN parts of that MST

instance.

Note: By default, spanning tree runs on every port. The spanning tree feature cannot be turned off in switches on a per-port basis. Although it is not recommended, you can turn off STP on a per-VLAN basis, or globally on the switch. Extreme

care should be taken whenever you disable spanning tree because this creates Layer 2 loops within the network.

Step-by-Step Instructions

Complete these steps:

Issue the show version command in order to display the software version that the switch runs.

Note: All switches run the same software version.

Switch-15> (enable)show version

WS-C5505 Software, Version McpSW: 4.2(1) NmpSW: 4.2(1)

Copyright (c) 1995-1998 by Cisco Systems

NMP S/W compiled on Sep 8 1998, 10:30:21


11/35

MCP S/W compiled on Sep 08 1998, 10:26:29

System Bootstrap Version: 5.1(2)

Hardware Version: 1.0 Model: WS-C5505 Serial #: 066509927

Mod Port Model Serial # Versions

--- ---- ---------- --------- ----------------------------------------

1 0 WS-X5530 008676033 Hw : 2.3

Fw : 5.1(2)

Fw1: 4.4(1)

Sw : 4.2(1)

In this scenario, Switch 15 is the best choice for the root switch of the network for all the VLANs because Switch 15 is thebackbone switch.

Issue the set spantree root vlan_id command in order to set the priority of the switch to 8192 for the VLAN or VLANs thatthe vlan_id specifies.

Note: The default priority for switches is 32768. When you set the priority with this command, you force the selection of Switch 15 as the root switch because Switch 15 has the lowest priority.

Switch-15> (enable)set spantree root 1

VLAN 1 bridge priority set to 8192.

VLAN 1 bridge max aging time set to 20.

VLAN 1 bridge hello time set to 2.

VLAN 1 bridge forward delay set to 15.

Switch is now the root switch for active VLAN 1.

Switch-15> (enable)






12/35



Switch-15> (enable)







Switch-15> (enable)







Switch-15>







Switch-15>


13/35







Switch-15> (enable)

The shorter version of the command has the same effect, as this example shows:

Switch-15> (enable)set spantree root 1,200-204

VLANs 1,200-204 bridge priority set to 8189.

VLANs 1,200-204 bridge max aging time set to 20.

VLANs 1,200-204 bridge hello time set to 2.

VLANs 1,200-204 bridge forward delay set to 15.

Switch is now the root switch for active VLANs 1,200-204.

Switch-15> (enable)

The set spantree priority command provides a third method to specify the root switch:

Switch-15> (enable)set spantree priority 8192 1

Spantree 1 bridge priority set to 8192.

Switch-15> (enable)

Note: In this scenario, all the switches started with cleared configurations. Therefore, all the switches started with abridge priority of 32768. If you are not certain that all the switches in your network have a priority that is greater than 8192,

set the priority of your desired root bridge to 1.

Issue the set spantree portfast mod_num/port_num enable command in order to configure the PortFast setting onSwitches 12, 13, 14, 16, and 17.

Note: Only configure this setting on ports that connect to workstations or PCs. Do not enable PortFast on any port thatconnects to another switch.

This example only configures Switch 12. You can configure other switches in the same way. Switch 12 has these portconnections:

Port 2/1 connects to Switch 13.



Ports 3/1 through 3/24 connect to PCs.


14/35

Ports 4/1 through 4/24 connect to UNIX workstations.

With this information as a basis, issue the set spantree portfast command on ports 3/1 through 3/24 and on ports 4/1through 4/24:

Switch-12> (enable)set spantree portfast 3/1-24 enable

Warning: Spantree port fast start should only be enabled on ports connected

to a single host. Connecting hubs, concentrators, switches, bridges, etc. to

a fast start port can cause temporary spanning-tree loops. Use with caution.

Spantree ports 3/1-24 fast start enabled.

Switch-12> (enable)

Switch-12> (enable)set spantree portfast 4/1-24 enable

Warning: Spantree port fast start should only be enabled on ports connected

to a single host. Connecting hubs, concentrators, switches, bridges, etc. to

a fast start port can cause temporary spanning-tree loops. Use with caution.

Spantree ports 4/1-24 fast start enabled.

Switch-12> (enable)

Issue the show spantree vlan_id command in order to verify that Switch 15 is the root of all the appropriate VLANs.

From the output from this command, compare the MAC address of the switch that is the root switch to the MAC addressof the switch from which you issued the command. If the addresses match, the switch that you are in is the root switch of

the VLAN. A root port that is 1/0 also indicates that you are at the root switch. This is the sample command output:

Switch-15> (enable)show spantree 1

VLAN 1

spanning-tree enabled

spanning-tree type ieee

Designated Root 00-10-0d-b1-78-00


15/35

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority 8192

Designated Root Cost 0

Designated Root Port 1/0

Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge ID MAC ADDR 00-10-0d-b1-78-00

Bridge ID Priority 8192

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

This output shows that Switch 15 is the designated root on the spanning tree for VLAN 1. The MAC address of thedesignated root switch, 00-10-0d-b1-78-00 , is the same as the bridge ID MAC address of Switch 15, 00-10-0d-b1-

78-00 . Another indicator that this switch is the designated root is that the designated root port is 1/0.

In this output from Switch 12, the switch recognizes Switch 15 as the Designated Root for VLAN 1:

Switch-12> (enable)show spantree 1

VLAN 1

spanning-tree enabled

spanning-tree type IEEEDesignated Root 00-10-0d-b1-78-00

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority 8192

Designated Root Cost 19

Designated Root Port 2/3

Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge ID MAC ADDR 00-10-0d-b2-8c-00

Bridge ID Priority 32768

Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec


16/35

Note: The output of the show spantree vlan_id command for the other switches and VLANs can also indicate that Switch15 is the designated root for all VLANs.

VerifyThis section provides information you can use to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view ananalysis of show command output.

show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switchon which you issue the command.

show spantree summaryProvides a summary of connected spanning tree ports by VLAN.

TroubleshootThis section provides information you can use to troubleshoot your configuration.

STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed

STP calculates the path cost based on the media speed (bandwidth) of the links between switches and the port cost of each port forwarding frame. Spanning tree selects the root port based on the path cost. The port with the lowest path cost

to the root bridge becomes the root port. The root port is always in the forwarding state.

If the speed/duplex of the port is changed, spanning tree recalculates the path cost automatically. A change in the pathcost can change the spanning tree topology.

Refer to the Calculating and Assigning Port Costs section of Configuring Spanning Tree for more information on how tocalculate the port cost.

Troubleshoot Commands

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view ananalysis of show command output.

Note: Refer to Important Information on Debug Commands before you use debug commands.

show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switchon which you issue the command.

show spantree summaryProvides a summary of connected spanning tree ports by VLAN.

show spantree statisticsShows spanning tree statistical information.

show spantree backbonefastDisplays whether the spanning tree BackboneFast Convergence feature is enabled.

show spantree blockedportsDisplays only the blocked ports.

show spantree portstateDetermines the current spanning tree state of a Token Ring port within a spanning tree.

show spantree portvlancostShows the path cost for the VLANs on a port.

show spantree uplinkfastShows the UplinkFast settings.

Command Summary

Syntax: show version
https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.plhttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.1/configuration/guide/spantree.html#wp1158533http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.1/configuration/guide/spantree.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.1/configuration/guide/spantree.htmlhttps://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.plhttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/en/US/tech/tk801/tk379/technologies_tech_note09186a008017874c.shtmlhttps://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.plhttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.1/configuration/guide/spantree.html#wp1158533http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.1/configuration/guide/spantree.htmlhttps://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.plhttp://tools.cisco.com/RPF/register/register.dohttp://www.cisco.com/en/US/tech/tk801/tk379/technologies_tech_note09186a008017874c.shtml


17/35

As used inthis

document:show version

Syntax: set spantree root [ vlan_id ]

As used inthis

document:

set spantree root 1

set spantree root 1,200-204

Syntax: set spantree priority [ vlan_id ]

As used inthis

document:set spantree priority 8192 1

Syntax:set spantree

portfast mod_num/port_num {enable | disable}

As used inthisdocument:

set spantree portfast 3/1-24 enable

Syntax: show spantree [ vlan_id ]

As used inthis

document:show spantree 1

Introduction to Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is a routing protocol which was first defined as version 2 in RFC 2328.It is used to allow routers to dynamically learn routes from other routers and to advertise routes to
http://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtml


18/35

other routers . Advertisements containing routes are referred to as Link State Advertisements (LSAs) inOSPF. OSPF router keeps track of the state of all the various network connections ( links ) between

itself and a network it is trying to send data to. This makes it a link-state routing protocol . OSPFsupports the use of classless IP address ranges and is very efficient. OSPF uses areas to organize

a network into a hierarchal structure; it summarizes route information to reduce the number of advertised routes and thereby reduce network load and uses a designated router (elected via a

process that is part of OSPF) to reduce the quantity and frequency of Link State Advertisements. OSPFdoes require the router have a more powerful processor and more memory than other routing

protocols .

OSPF selects the best routes by finding the lowest cost paths to a destination. All router interfaces(links) are given a cost. The cost of a route is equal to the sum of all the costs configured on all the

outbound links between the router and the destination network, plus the cost configured on theinteface that OSPF received the Link State Advertisement on.

This tutorial will focus on explaining the basic components of OSPF, the operation of OSPF, basicconfiguration of OSPF and finally close with troubleshooting techniques used to verify correct OSPF

configuration and operation.

OSPF Router TypesIn this tutorial, when speaking of an OSPF router , we are speaking of the OSPF routing process

running on a given routing device. OSPF routers serve in various roles depending upon where they arelocated and which areas they participate in.

Internal Routers

An internal router connects only to one OSPF area. All of its interfaces connect to the area in which itis located and does not connect to any other area.

If a router connects to more than one area, it will be one of the following types of routers.

Backbone Routers

Backbone routers have one or more interfaces in Area 0 (the backbone area).

Area Border Router (ABR)

A router that connects more than one area is called an area border router or ABR. Usually an ABR isused to connect non-backbone areas to the backbone. If OSPF virtual links are used an ABR will also

be used to connect the area using the virtual link to another non-backbone area.

Autonomous System Boundary Router (ASBR)

If the router connects the OSPF Autonomous System to another Autonomous System, it is called anAutonomous System Boundary Router (ASBR).

OSPF elects two or more routers to manage the Link State Advertisments:

Designated Router (DR)

Every OSPF area will have a designated router and a backup designated router. The Designated Router(DR) is the router to which all other routers within an area send their Link State Advertisements. TheDesignated Router will keep track of all link state updates and make sure the LSAs are flooded to the

rest of the network using Reliable Multicast transport.

Backup Designated Router (BDR)
http://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/classless.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/computers/hardware/cpu/index.shtmlhttp://www.inetdaemon.com/tutorials/computers/hardware/memory/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/classless.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/route.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/router.shtmlhttp://www.inetdaemon.com/tutorials/computers/hardware/cpu/index.shtmlhttp://www.inetdaemon.com/tutorials/computers/hardware/memory/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/routing/routing_vs_routed.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtml


19/35

The election process which determines the Designated Router will also elect a Backup DesignatedRouter (BDR). The BDR takes over from the DR when the DR fails.

OSPF Areas

OSPF areas are used to impose a hierarchial structure to the flow of data over the network. A networkusing OSPF will always have at least one area and if there is more than one area, one of the two areas

must be the backbone area. Areas are used to group routers into manageable groups that exchangerouting information locally, but summarize that routing information when advertising the routes

externally. A standard OSPF network looks something like a big bubble (the backbone area) with a lotof smaller bubbles (stub areas) attached directly to it. Area Border Routers (ABR) are used to connect

the areas. Each area will elect a designated router (DR) and a backup designated router (BDR) toassist in flooding Link State Advertisements (LSAs)throughout the area.

Backbone (Area 0)

The backbone is the first area you should always build in any network using OSPF and the backbone isalways Area 0 (zero). All areas are connected directly to the OSPF backbone area. When designing anOSPF backbone area, you should make sure there is little or no possibility of the backbone area being

split into two or more parts by a router or link failure. If the OSPF backbone is split due to hardwarefailures or access lists, sizeable areas of the network will become unreachable.

Totally Stub Area

A totally stubby area is only connected to the backbone area. A totally stubby / totally stub area doesnot advertise the routes it knows. It does not send any Link State Advertisements. The only route a

totally stub area receives is the default route from an external area, which must be the backbone area.This default route allows the totally stub area to communicate with the rest of the network.

Stub Area

Stub areas are connected only to the backbone area. Stub areas do not receive routes from outside theautonomous system, but do receive the routes from within the autonomous system, even if the route

comes from another area.

Not-So-Stubby (NSSA)

Frequently, it is advisable to use a separate network to connect the internal enterprise network to theInternet. OSPF makes provisions for placing an Autonomous System Boundary Router (ASBR) within anon-backbone area. In this case, the stub area must learn routes from outside the OSPF autonomous

system. Thus, a new type of LSA was required--the Type 7 LSA. Type 7 LSA's are created by theAutonomous System Boundary Router and forwarded via the stub area's border router (ABR) to thebackbone. This allows the other areas to learn routes that are external to the OSPF routing domain.

Virtual Links

Virtual links are used when you have a network that must be connected to an existing OSPF system,but cannot be physically connected directly to the routers in the OSPF backbone area. You can

configure an OSPF virtual link from the area to a backbone router, creating a virtual direct connectionto the backbone area. This virtual link acts as a tunnel which forwards LSAs to the backbone via a

second intermediate area.

Operation

STILL UNDER DEVELOPMENT

OSPF Startup and Operation


20/35


Neighbor Discovery


Forming Adjacencies

Link State Advertisements (LSAs)

LSA Types (by type code)

1 - Router LSA

2 - Network LSA

3 - Network summary LSA

4 - ASBR Summary LSA

5 - AS External LSA

6 - Group Membership LSA

7 - NSSA External LSA

8 - External Attributes LSA

9 - Opaque LSA (link-local scope)

10 - Opaque LSA (area-local scope)

11 - Opaque LSA (AS scope)

Flooding

Reliable Transport

Shortest Path First Calculations

Configuration

Troubleshooting

OSPF Components

Areas

Routers

Link State Advertisements

Processes

OSPF Areas


21/35

OSPF organizes a network into areas. An area is a set of routers that will share routing informationabout one or more networks. Routers are used by OSPF to maintain routing informatioin within an

area and to send Link State Advertisements to other areas.

Backbone Area (Area 0)

The first area that will always exist in any network using OSPF for routing is Area 0 (zero). Area 0 is

always the backbone area. All other areas are connected to the backbone either directly, or usingvirtual links that 'tunnel' through other areas. Because areas must be directly connected to thebackbone, you cannot chain areas together. All routing information beetween areas is sent through the

backbone area (Area 0).

Each area is designated by an area number. All other areas are described as having 'stubbiness':

Not So Stubby Area

Stubby Area

Totally Stubby Area (Cisco proprietary)

Access Control Lists (ACLs)

Access Control List (ACL) are filters that enable you to control which routing updates or packets arepermitted or denied in or out of a network. They are specifically used by network administrators to filter

traffic and to provide extra security for their networks. This can be applied on routers (Cisco).

ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple aspermitting or denying network hosts or addresses. You can configure ACLs for all routed network protocols.

The most important reason to configure ACLs is to provide security for your network. However, ACLs canalso be configured to control network traffic based on the TCP port being used.

How ACLs work

A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source

and destination IP addresses, source port and destination port, and the protocol of the packet. These rulesare defined using access control lists or ACLs.

To simplify how ACL or a router uses packet filtering work, imagine a guard stationed at a locked door. Theguard's instruction is to allow only people whose names appear on a quest list to pass through the door. The

guard is filtering people based on the condition of having their names on the authorized list.
http://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtml


22/35

When a packet arrives at the router, the router extracts certain information from the packet header andmakes decisions according to the filter rules as to whether the packet can pass through or be dropped.

Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the

Internet layer of TCP/IP.

Why use ACLs

* Limits network traffic to increase network performance.

* ACLs provides traffic flow control by restricting the delivery of routing updates.

* It can be used as additional security.

* Controls which type of traffic are forwarded or blocked by the router.

* Ability to control which areas a client access.


23/35

Types of Access Control Lists

Standard access-list

Standard access lists create filters based on source addresses and are used for server based filtering.Address based access lists distinguish routes on a network you want to control by using network address

number (IP). Address-based access lists consist of a list of addresses or address ranges and a statement asto whether access to or from that address is permitted or denied.

Example of the command syntax for configuring a standard numbered IP ACL:

R1(config)# access-list {1-99} {permit | deny} source-addr [source-wildcard]

i. The first value { 1-99 } specifies the standard ACL number range.

ii. The second value specifies whether to permit or deny the configured source IP address traffic.

iii. The third value is the source IP address that must be matched.

iv. The fourth value is the wildcard mask to be applied to the previously configured IP address to indicatethe range.

Extended access lists

Extended access lists create filters based on source addresses, destination addresses, protocol, portnumber and other features and are used for packet based filtering for packets that traverse the network.

Example of the command syntax for configuring an extended numbered IP ACL:

Router(config)# access-list {100-199} {permit | deny} protocol source-addr [source-wildcard] [operator operand] destination-addr [destination-wildcard] [operator operand] [established]

i. Like the standard ACLs, the first value { 100-199 or 2000 - 2699 } specifies the ACL number range.

ii. The next value specifies whether to permit or deny according to the criteria that follows.

iii. The third value specifies protocol type ( IP, TCP, UDP, or other specific IP sub-protocols). The source IPaddress and wildcard mask determine traffic source. The destination IP address and its wildcard mask areused to indicate the final destination of the network traffic. When the destination IP address and mask areconfigured, the port number must be specified to match, either by number or by a well-known port name,

otherwise all traffic to that destination will be dropped.

Standard and Extended access lists can be applied base on the use of ip access-list command.

Access lists use the deny or permit statement to define which packet is allowed or denied entry into a server or network.
http://www.orbit-computer-solutions.com/Extended-ACLs.phphttp://www.orbit-computer-solutions.com/Extended-ACLs.phphttp://www.orbit-computer-solutions.com/Extended-ACLs.php


24/35

Masks

Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255 and have the large values on the left side, for example,

IP address 172.16.2.14 with a 255.255.255.0 mask. Masks for IP ACLs are the reverse, for example, mask0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is

broken down into binary (0s and 1s), the results determine which address bits are to be considered inprocessing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask

is a "no".

Note these ACL equivalents.

The source/source-wildcard of 0.0.0.0/255.255.255.255 means "any".

The source/wildcard of 10.1.1.2/0.0.0.0 is the same as "host 10.1.1.2".

If you subtract 255.255.255.0 (normal mask) from 255.255.255.255, it yields 0.0.0.255.

Read about Wildcards

The command below defines an ACL that permits this network 192.168.1.0 0.0.0.255.

access-list acl_permit permit ip 192.168.1.0 0.0.0.255

Inbound traffic to the router is compared to access lists entries based on the order that the entries occur inthe router. The router looks through the entries until it has a match. If the router found no match when it

reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries atthe top of the list. There is an implied deny for traffic that is not permitted. Single-entry access lists with onlyone deny entry has the effect of denying all traffic. You must have at least one permit statement in an ACL or

all traffic is blocked.

Access lists implicitly deny all access that is not expressly permitted. The following line is auto-appended toall access-lists:

deny ip any any

If it is desirable to over-ride this implicit denial statement, enter a permit ip any any statement as the last entryin the access-list.

Ip Addresing and Subnetting

AddressThe unique number ID assigned to one host or interface in a network.
http://www.orbit-computer-solutions.com/IP-Addressing.phphttp://www.orbit-computer-solutions.com/IP-Addressing.phphttp://www.orbit-computer-solutions.com/Using-Wildcards.phphttp://www.orbit-computer-solutions.com/Using-Wildcards.phphttp://www.orbit-computer-solutions.com/IP-Addressing.phphttp://www.orbit-computer-solutions.com/Using-Wildcards.php


25/35

SubnetA portion of a network sharing a particular subnet address.

Subnet maskA 32-bit combination used to describe which portion of an address refers to the subnet and which part refers to the host.

InterfaceA network connection.

If you have already received your legitimate address(es) from the Internet Network Information Center (InterNIC), you are ready to begin.

If you do not plan to connect to the Internet, Cisco strongly suggests that you use reserved addresses from RFC 1918 .

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Understanding IP AddressesAn IP address is an address used in order to uniquely identify a device on an IP network. The address is made up of 32 binary bits, whichcan be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is said to be expressed

in dotted decimal format (for example, 172.16.81.100). The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111

binary.

Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet holds a value of 2 0. The bit just to theleft of that holds a value of 2 1. This continues until the left-most bit, or most significant bit, which holds a value of 2 7. So if all binary bits

are a one, the decimal equivalent would be 255 as shown here:

1 1 1 1 1 1 1 1

128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.

0 1 0 0 0 0 0 1

0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)

And this is sample shows an IP address represented in both binary and decimal.

10. 1. 23. 19 (decimal)

00001010.00000001.00010111.00010011 (binary)

These octets are broken down to provide an addressing scheme that can accommodate large and small networks. There are five differentclasses of networks, A to E. This document focuses on addressing classes A to C, since classes D and E are reserved and discussion of

them is beyond the scope of this document.

Note: Also note that the terms "Class A, Class B" and so on are used in this document to help facilitate the understanding of IP

addressing and subnetting. These terms are rarely used in the industry anymore because of the introduction of classlessinterdomain routing (CIDR) .

Given an IP address, its class can be determined from the three high-order bits. Figure 1 shows the significance in the three highorder bits and the range of addresses that fall into each c lass. For informational purposes, Class D and Class E addresses are also

shown.

Figure 1
http://www.ietf.org/rfc/rfc1918.txthttp://www.ietf.org/rfc/rfc1918.txthttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.ietf.org/rfc/rfc1918.txthttp://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080121ac5.shtmlhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figone


26/35

In a Class A address, the first octet is the network portion, so the Class A example in Figure 1 has a major network address of 1.0.0.0- 127.255.255.255. Octets 2, 3, and 4 (the next 24 bits) are for the network manager to divide into subnets and hosts as he/she sees fit.

Class A addresses are used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!).

In a Class B address, the first two octets are the network portion, so the Class B example in Figure 1 has a major network address of 128.0.0.0 - 191.255.255.255. Octets 3 and 4 (16 bits) are for local subnets and hosts. Class B addresses are used for networks that havebetween 256 and 65534 hosts.

In a Class C address, the first three octets are the network portion. The Class C example in Figure 1 has a major network address of 192.0.0.0 - 233.255.255.255. Octet 4 (8 bits) is for local subnets and hosts - perfect for networks with less than 254 hosts.

Network MasksA network mask helps you know which portion of the address identifies the network and which portion of the address identifies the node.

Class A, B, and C networks have default masks, also known as natural masks, as shown here:

Class A: 255.0.0.0

Class B: 255.255.0.0

Class C: 255.255.255.0

An IP address on a Class A network that has not been subnetted would have an address/mask pair similar to: 8.20.15.1 255.0.0.0. To seehow the mask helps you identify the network and node parts of the address, convert the address and mask to binary numbers.

8.20.15.1 = 00001000.00010100.00001111.00000001

255.0.0.0 = 11111111.00000000.00000000.00000000

Once you have the address and the mask represented in binary, then identifying the network and host ID is easier. Any address bitswhich have corresponding mask bits set to 1 represent the network ID. Any address bits that have corresponding mask bits set to 0

represent the node ID.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figonehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figone


27/35

8.20.15.1 = 00001000.00010100.00001111.00000001

255.0.0.0 = 11111111.00000000.00000000.00000000

-----------------------------------

net id | host id

netid = 00001000 = 8

hostid = 00010100.00001111.00000001 = 20.15.1

Understanding SubnettingSubnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you do not subnet, you are

only able to use one network from your Class A, B, or C network, which is unrealistic.

Each data link on a network must have a unique network ID, with every node on that link being a member of the same network. If youbreak a major network (Class A, B, or C) into smaller subnetworks, it allows you to create a network of interconnecting subnetworks.

Each data link on this network would then have a unique network/subnetwork ID. Any device, or gateway,connecting n networks/subnetworks has n distinct IP addresses, one for each network / subnetwork that it interconnects.

In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of the address to create asubnetwork ID. For example, given a Class C network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in

this manner:

204.17.5.0 - 11001100.00010001.00000101.00000000

255.255.255.224 - 11111111.11111111.11111111.11100000

--------------------------|sub|----

By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub") from the original host portion of the addressand used them to make subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each

subnet can have up to 32 host addresses, 30 of which can actually be assigned to a device since host ids of all zeros or all ones are not allowed (it is very important to remember this). So, with this in mind, these subnets have been created.

204.17.5.0 255.255.255.224 host address range 1 to 30








Note: There are two ways to denote these masks. First, since you are using three bits more than the "natural" Class C mask, you can

denote these addresses as having a 3-bit subnet mask. Or, secondly, the mask of 255.255.255.224 can also be denoted as /27 as there are27 bits that are set in the mask. This second method is used with CIDR . With this method, one of these networks can be described with

the notation prefix/length. For example, 204.17.5.32/27 denotes the network 204.17.5.32 255.255.255.224. When appropriate theprefix/length notation is used to denote the mask throughout the rest of this document.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidrhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#cidr


28/35

The network subnetting scheme in this section allows for eight subnets, and the network might appear as:

Figure 2

Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is common to both routers. Also, eachrouter has an IP address for each subnetwork to which it is attached. Each subnetwork could potentially support up to 30 host

addresses.

This brings up an interesting point. The more host bits you use for a subnet mask, the more subnets you have available. However, themore subnets available, the less host addresses available per subnet. For example, a Class C network of 204.17.5.0 and a mask of

255.255.255.224 (/27) allows you to have eight subnets, each with 32 host addresses (30 of which could be assigned to devices). If youuse a mask of 255.255.255.240 (/28), the break down is:

204.17.5.0 - 11001100.00010001.00000101.00000000

255.255.255.240 - 11111111.11111111.11111111.11110000

--------------------------|sub |---

Since you now have four bits to make subnets with, you only have four bits left for host addresses. So in this case you can have up to 16

subnets, each of which can have up to 16 host addresses (14 of which can be assigned to devices).

Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then you know that its natural mask is255.255.0.0 or 172.16.0.0/16. Extending the mask to anything beyond 255.255.0.0 means you are subnetting. You can quickly see that youhave the ability to create a lot more subnets than with the Class C network. If you use a mask of 255.255.248.0 (/21), how many subnets

and hosts per subnet does this allow for?

172.16.0.0 - 10101100.00010000.00000000.00000000

255.255.248.0 - 11111111.11111111.11111000.00000000

-----------------| sub |-----------

You are using five bits from the original host bits for subnets. This allows you to have 32 subnets (2 5). After using the five bits for subnetting, you are left with 11 bits for host addresses. This allows each subnet so have 2048 host addresses (2 11), 2046 of which could

be assigned to devices.

Note: In the past, there were limitations to the use of a subnet 0 (all subnet bits are set to zero) and all ones subnet (all subnet bits set toone). Some devices would not allow the use of these subnets. Cisco Systems devices allow the use of these subnets when theip subnet

zero command is configured.

Examples

Sample Exercise 1

Now that you have an understanding of subnetting, put this knowledge to use. In this example, you are given two address / maskcombinations, written with the prefix/length notation, which have been assigned to two devices. Your task is to determine if these devicesare on the same subnet or different subnets. You can do this by using the address and mask of each device to determine to which subnet

each address belongs.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figtwohttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figtwohttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figtwohttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figtwo


29/35

DeviceA: 172.16.17.30/20

DeviceB: 172.16.28.15/20

Determining the Subnet for DeviceA:

172.16.17.30 - 10101100.00010000.00010001.00011110

255.255.240.0 - 11111111.11111111.11110000.00000000

-----------------| sub|------------

subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0

Looking at the address bits that have a corresponding mask bit set to one, and setting all the other address bits to zero (this is equivalentto performing a logical "AND" between the mask and address), shows you to which subnet this address belongs. In this case, DeviceA

belongs to subnet 172.16.16.0.

Determining the Subnet for DeviceB:

172.16.28.15 - 10101100.00010000.00011100.00001111

255.255.240.0 - 11111111.11111111.11110000.00000000

-----------------| sub|------------

subnet = 10101100.00010000.00010000.00000000 = 172.16.16.0

From these determinations, DeviceA and DeviceB have addresses that are part of the same subnet.

Sample Exercise 2

Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in Figure 3 with the host requirementsshown.

Figure 3

Looking at the network shown in Figure 3 , you can see that you are required to create five subnets. The largest subnet must support28 host addresses. Is this possible with a Class C network? and if so, then how?

You can start by looking at the subnet requirement. In order to create the five needed subnets you would need to use three bits from theClass C host bits. Two bits would only allow you four subnets (2 2).

Since you need three subnet bits, that leaves you with five bits for the host portion of the address. How many hosts does this support?25 = 32 (30 usable). This meets the requirement.

Therefore you have determined that it is possible to create this network with a Class C network. An example of how you might assign thesubnetworks is:

netA: 204.15.5.0/27 host address range 1 to 30
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthreehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthreehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthreehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthreehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthreehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figthree


30/35

netB: 204.15.5.32/27 host address range 33 to 62

netC: 204.15.5.64/27 host address range 65 to 94

netD: 204.15.5.96/27 host address range 97 to 126

netE: 204.15.5.128/27 host address range 129 to 158

VLSM ExampleIn all of the previous examples of subnetting, notice that the same subnet mask was applied for all the subnets. This means that each

subnet has the same number of available host addresses. You can need this in some cases, but, in most cases, having the same subnet

mask for all subnets ends up wasting address space. For example, in the Sample Exercise 2 section, a class C network wassplit into eight equal-size subnets; however, each subnet did not utilize all available host addresses, which results in wasted address

space. Figure 4 illustrates this wasted address space.

Figure 4

Figure 4 illustrates that of the subnets that are being used, NetA, NetC, and NetD have a lot of unused host address space. It ispossible that this was a deliberate design accounting for future growth, but in many cases this is just wasted address space due to the

fact that the same subnet mask is being used for all the subnets.

Variable Length Subnet Masks (VLSM) allows you to use different masks for each subnet, thereby using address space efficiently.

VLSM Example

Given the same network and requirements as in Sample Exercise 2 develop a subnetting scheme with the use of VLSM, given:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfourhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfourhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfourhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfourhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfourhttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ex2


31/35

netA: must support 14 hosts

netB: must support 28 hosts

netC: must support 2 hosts

netD: must support 7 hosts

netE: must support 28 host

Determine what mask allows the required number of hosts.

netA: requires a /28 (255.255.255.240) mask to support 14 hosts

netB: requires a /27 (255.255.255.224) mask to support 28 hosts

netC: requires a /30 (255.255.255.252) mask to support 2 hosts

netD*: requires a /28 (255.255.255.240) mask to support 7 hosts

netE: requires a /27 (255.255.255.224) mask to support 28 hosts

* a /29 (255.255.255.248) would only allow 6 usable host addresses

therefore netD requires a /28 mask.

The easiest way to assign the subnets is to assign the largest first. For example, you can assign in this manner:

netB: 204.15.5.0/27 host address range 1 to 30

netE: 204.15.5.32/27 host address range 33 to 62

netA: 204.15.5.64/28 host address range 65 to 78

netD: 204.15.5.80/28 host address range 81 to 94

netC: 204.15.5.96/30 host address range 97 to 98

This can be graphically represented as shown in Figure 5:

Figure 5


32/35

Figure 5 illustrates how using VLSM helped save more than half of the address space.

CIDRClassless Interdomain Routing (CIDR) was introduced to improve both address space utilization and routing scalability in the Internet. It

was needed because of the rapid growth of the Internet and growth of the IP routing tables held in the Internet routers.

CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and so on). In CIDR , an IP network is represented by a prefix,which is an IP address and some indication of the length of the mask. Length means the number of left-most contiguous mask bits that

are set to one. So network 172.16.0.0 255.255.0.0 can be represented as 172.16.0.0/16. CIDR also depicts a more hierarchical Internetarchitecture, where each domain takes its IP addresses from a higher level. This allows for the summarization of the domains to be done

at the higher level. For example, if an ISP owns network 172.16.0.0/16, then the ISP can offer 172.16.1.0/24, 172.16.2.0/24, and so on tocustomers. Yet, when advertising to other providers, the ISP only needs to advertise 172.16.0.0/16.

For more information on CIDR, see RFC 1518 and RFC 1519 .

AppendixSample Config

Routers A and B are connected via serial interface.

Router A

hostname routera

!

ip routing

!
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfivehttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfivehttp://www.ietf.org/rfc/rfc1518.txthttp://www.ietf.org/rfc/rfc1518.txthttp://www.ietf.org/rfc/rfc1518.txthttp://www.ietf.org/rfc/rfc1519.txthttp://www.ietf.org/rfc/rfc1519.txthttp://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#figfivehttp://www.ietf.org/rfc/rfc1518.txthttp://www.ietf.org/rfc/rfc1519.txt


33/35

int e 0

ip address 172.16.50.1 255.255.255.0

!(subnet 50)

int e 1 ip address 172.16.55.1 255.255.255.0

!(subnet 55)

int t 0 ip address 172.16.60.1 255.255.255.0

!(subnet 60) int s 0

ip address 172.16.65.1 255.255.255.0 (subnet 65)

!S 0 connects to router B

router rip

network 172.16.0.0

Router B

hostname routerb

!

ip routing

!

int e 0

ip address 192.1.10.200 255.255.255.240

!(subnet 192)

int e 1

ip address 192.1.10.66 255.255.255.240

!(subnet 64)

int s 0

ip address 172.16.65.2 (same subnet as router A's s 0)

!Int s 0 connects to router A

router rip

network 192.1.10.0

network 172.16.0.0

Host/Subnet Quantities Table


34/35

Class B Effective Effective

# bits Mask Subnets Hosts

------- --------------- --------- ---------

1 255.255.128.0 2 32766

2 255.255.192.0 4 16382

3 255.255.224.0 8 8190

4 255.255.240.0 16 4094

5 255.255.248.0 32 2046

6 255.255.252.0 64 1022

7 255.255.254.0 128 510

8 255.255.255.0 256 254

9 255.255.255.128 512 126

10 255.255.255.192 1024 62

11 255.255.255.224 2048 30

12 255.255.255.240 4096 14

13 255.255.255.248 8192 6

14 255.255.255.252 16384 2

Class C Effective Effective

# bits Mask Subnets Hosts

------- --------------- --------- ---------

1 255.255.255.128 2 126

2 255.255.255.192 4 62

3 255.255.255.224 8 30

4 255.255.255.240 16 14

5 255.255.255.248 32 6

6 255.255.255.252 64 2


35/35

*Subnet all zeroes and all ones included. These

might not be supported on some legacy systems.

*Host all zeroes and all ones excluded.

Classes of IPClass A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The address 10.52.36.11 is a class A

address. Its first octet is 10, which is between 1 and 126, inclusive.

Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The address 172.16.52.63 is aclass B address. Its first octet is 172, which is between 128 and 191, inclusive.

Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet. The address 192.168.123.132 isa class C address. Its first octet is 192, which is between 192 and 223, inclusive.

Documents

Cisco Static Routes FAQ