Routing and switching

http://deepakkarn.wordpress.com/

2013

CISCO ROUTING n

SWITCHING

Compiled By:- Deepak Kumar Karn

http://deepakkarn.wordpress.com/

1 | P a g e

Chapter1:- Classful IP Addressing

Class A

Although not as efficient as VLSM and CIDR, classful IP addressing is still a standard on many networks using IPv4 and

32-bit IP addresses. (If you are using IPv6 and 128-bit addresses, which would mean that maybe you live in like, China,

maybe this primitive North American 32-bit stuff will still be helpful.) :-)

Anyway, there are basically three categories to concern yourself with in classful IP: A, B, and C classes. Depending on

the class you choose, Request For Comments (RFC) standards regulate how many bits are available for network

addresses. The other classes, D which is multicast and ranges from 224-239, and class E which is experimental and

ranges from 240-254, are not really our concern for now. Just remember there is an IP conspiracy and you'll learn about

these later as the plot thickens. I can hardly bear the suspense!

Even though many routers allow you to change it, for class A addresses, RFC standards state that the first bit of the first

byte MUST always be off. This means we can not use the 128 bit. What does this leave us with? Only 7 bits. Also, for

class A remember that 127 is the diagnostic loopback address, so we can’t use it.

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

2 | P a g e

START 0 0 0 0 0 0 0 0

END 0 1 1 1 1 1 1 1

This gives us a network address range from 0-127, but as is the case with class A, we can not use 0 or the loopback

address, 127. This leaves us 126 useable network addresses.

Formulas:

# of networks: 2(y-1) , where y = # bits available for network address. So, approximately

2(8-1) = 27 = 128, minus the 127 diagnostic loopback and 0. This leaves

126 useable addresses.

# of hosts per network: (2x – 2) = (224 – 2) = (16,777,216 - 2) = 16,777,214 hosts.

Summary:

Range = 1-126

# networks = 126

# hosts = 16,777,214

3 | P a g e

Subnet mask = 255.0.0.0

Network Bits = 8

Host Bits = 24

Class B

Even though many routers allow you to change it, for class B addresses, RFC standards state that the first bit of the first

byte MUST always be on AND the second bit of the first byte must always be off. This means we can not use the 128 bit

OR the 64 bit. What does this leave us with? In a class B network, 16 bits are for networks and 16 bits are for hosts. But

here, 2 bits are “stuck”.

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

START 1 0 0 0 0 0 0 0

END 1 0 1 1 1 1 1 1

This gives us a network address range from 128-191.

4 | P a g e

Formulas:


2(16-2) = 214 = 16,384 useable network addresses.

# of hosts per network: (2x – 2) = (216 – 2) = (65,536 - 2) = 65,534 hosts.

Summary:

Range = 128-191

# networks = 16,384

# hosts = 65,534

Subnet mask = 255.255.0.0

Network Bits = 16

Host Bits = 16

5 | P a g e

Class C

Even though many routers allow you to change it, for class C addresses, RFC standards state that the first bit of the first

byte MUST always be on AND the second bit of the first byte must always be on AND the third bit of the first byte must

always be off. This means we can not use the 128 bit OR the 64 bit OR the 32 bit. What does this leave us with? In a

class C network, 24 bits are for networks and 8 bits are for hosts. But remember, 3 bits are “stuck”.

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

START 1 1 0 0 0 0 0 0

END 1 1 0 1 1 1 1 1

This gives us a network address range from 191-223.

Formulas:


2(24-3) = 221 = 2,097,152 useable network addresses.

# of hosts per network: (2x – 2) = (28 – 2) = (256 - 2) = 254 hosts.

Summary:

6 | P a g e

Range = 192-223

# networks = 2,097,152

# hosts = 254

Subnet mask = 255.255.255.0

Network Bits = 24

Host Bits = 8

7 | P a g e

Chapter2:- Subnetting

Subnetting a CLASS C network

There are plenty of situations where we do not need the full number of hosts available in Classful IP addressing. Yet for

security, organizational and structural purposes, we want to obtain more networks. Don't despair, there's hope. Sweet

8 | P a g e

overflowing rivers of Vippa, we can do this by subnetting a network address! When we subnet, we steal bits normally

used for host IDs and give use them for network IDs.

Let’s subnet a class C network address of 192.168.20.x:

A class C address allows 24 bits for the network ID and 8 bits for the hosts. If we are going to subnet, we will have to

steal from the remaining 8 bits. There are two basic rules we should follow when subnetting: don’t turn all the bits on,

neither turn all the bits off. This immediately invalidates using 1 bit, at least by RFC standards, since it could only be

either all on or all off. Therefore, we must start with two bits. The formula for the number of subnets is the same as for

the number of hosts. The reason is that, in subnetting, we are taking bits from the host and giving them to the network

ID. We are splitting up an octet table, and as a result, the “minus two rules” will apply to both sides of the table. The

“minus two rules” stem from the fact that we can’t use 0, since it’s the general network address, nor may we use 255,

since it is the broadcast address. For 2 bits:

# subnets = (2x – 2) = (22 – 2) = 2

# hosts = (2x – 2) = (26 – 2) = 62

Subnet Mask = 128 + 64, so 255.255.255.192

# bits for network = 24

9 | P a g e

# bits for subnetting = 2

# bits for hosts = 6

CIDR = 192.168.20.x /26

Let's look at this using a bit table:

Subnet Bits Host Bits

27 26 25 24 23 22 21 20 Base

10 128 64 32 16 8 4 2 1

0 1 0 0 0 0 0 1 65

1 0 0 0 0 0 0 1 129

To compute the range, the lowest number we can begin with, obeying our rules on both sides, is 64 on the subnet side

and 1 on the hosts side. Therefore, we must start with 64 + 1, or 65. All IP addresses from 1-64 are invalid, this is the

sacrifice we must make to subnet with 2 bits. We know by our formula that we can have 62 hosts per subnet, so all we

need to do now is add 62 to the 65. This will give us 127. Therefore, the first subnet has a range of 65 -> 127. The next

10 | P a g e

lowest number we can come up with in the subnet column is 128, but we must also utilize the 1 in the hosts column

(remember our rules). Therefore, 128 itself is invalid, we must start with 128 + 1 or 129. Our two ranges are therefore:

N1 = 65 -> 127

N2 = 129 -> 191

We've looked at this class C subnetting exercise using a but table, because we want to see what is going on amongst all

those teeny tiny switches we call bits and bytes. Now that we have an idea about octets and those 8 bits making up the

bytes, we can look at a shortcut method. Introducing ...

The “BLOCK” Shortcut (Tah-dah!)

Everyone, please stop ohh-ing and ahh-ing, or we'll never get through this. Back to the subject ;-), it's time to bring up the

“BLOCK”. The BLOCK is the lowest number column of the subnet column. It represents the basic number by which the

subnet range is incremented each time. In the example above, the BLOCK is 64. This can give us a shortcut to

subnetting. BLOCK numbers by themselves will ALWAYS be invalid. We must always add 1 to the block number to find

a valid address. Let’s check this:

First BLOCK value = 64

Second BLOCK value = (64 + 64) = 128

11 | P a g e

64 is invalid. 128 is invalid. Truthfully, our block numbers are invalid. To obtain the beginning of each range, just add 1:

Start of N1 = 64 + 1 = 65

Start of N2 = 128 + 1 = 129

To find the end of N1 for BLOCK 1, just subtract 1 from the next BLOCK, 128.

Another way to find the BLOCK is to take the subnet mask and subtract it from 256. If we took 256 and subtracted 192

from it, we would get 64. Therefore, a quick way to find the BLOCK for a subnet mask is to use the formula:

256 - subnet mask = BLOCK Example: 256 – 192 = 64

Subnetting a CLASS A network

Let’s subnet a class A network address of 10.x.x.x:

A class A address allows 8 bits for the network ID and 24 bits for the hosts. If we are going to subnet, we will have to

steal from the remaining 24 bits. Remember the rules: don’t turn all the bits on, neither turn all the bits off. This will apply

to both sides of the table, both the subnet columns and the host columns. Remember that this immediately invalidates

using 1 bit since it could only be either all on or all off. Again, we must start with two bits. The formula for the number of

subnets is the same as for the number of hosts. Remember that the “minus two rules” will apply to both sides of the

12 | P a g e

table. To subnet, for example, 10.1.x.x, 8 bits are already set aside since it is class A and we would be using 8 bits for

subnetting. Recall that normally a class A address only uses the first octet for the network address, the other three are for

hosts. In this case, we are subnetting the entire second octet, so we are using 8 bits for subnetting. Our subnet mask will

be 255.255.0.0, which looks like a default class B subnet mask, but isn’t. This basically means that each subnet of our

class A address will give us the number of hosts of an entire class B address.

# subnets = (2x – 2) = (28 – 2) = 254

# hosts = (2x – 2) = (216 – 2) = 65,534

Subnet Mask = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1,

so 255.255.0.0

# bits for network = 8



CIDR = 10.1.x.x /16

13 | P a g e

BLOCK = 256 – 255 = 1

Valid subnets = 1, 2, 3, 4, 5 up to 254 in increments of 1 (the BLOCK). In other words:

subnet 1 = 10.1.0.0

subnet 2 = 10.2.0.0

subnet 3 = 10.3.0.0

subnet 4 = 10.4.0.0

subnet 5 = 10.5.0.0

up to the last subnet which = 10.254.0.0

broadcast addresses for each subnet would be all of the 16 host bits turned on, so:

subnet 1 = 10.1.255.255

subnet 2 = 10.2.255.255

14 | P a g e

subnet 3 = 10.3.255.255

subnet 4 = 10.4.255.255

subnet 5 = 10.5.255.255

up to the last subnet which = 10.254.255.255

Valid hosts would be:

Here, we are using an entire octet, our BLOCK value is 1, and there are 16 bits used for hosts. Because of this, we can

treat the class A as though it were a class B, that is, we are not splitting the table on any octet like we normally do when

we subnet. This means that we can use the addresses from 1 all the way to 254.

subnet 1 = 10.1.0.1 – 10.1.255.254

subnet 2 = 10.2.0.1 – 10.2.255.254

subnet 3 = 10.3.0.1 – 10.3.255.254

subnet 4 = 10.4.0.1 – 10.4.255.254

15 | P a g e

subnet 5 = 10.5.0.1 – 10.5.255.254

up to the last subnet which = 10.254.0.1 – 10.254.255.254

Class A with a subnet mask of 255.255.240.0

Let’s try another class A with a subnet mask of 255.255.240.0. We will subnet a class A network address of 10.1.x.x. The

8 bits of the first octet of a class A address make up the network bits. Here, with a subnet mask of 255.255.240.0, we are

using 8 bits from the second octet and 4 bits from the third octet for a total of 12 subnet bits. This leaves 12 bits left of the

total 32 bit IP address. Therefore, if we are using a subnet mask of 255.255.240.0 with a class A address, once we

subtract the 8 bits for the network address, we are using 12 bits for subnets and 12 bits for hosts.

# subnets = (2x – 2) = (212 – 2) = 4094

# hosts = (2x – 2) = (212 – 2) = 4094

Subnet Mask = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1,

128 + 64 + 32 + 16,

so 255.255.240.0

16 | P a g e



CIDR = 10.1.x.x /20

BLOCK = 256 – 240 = 16

BLOCK

17 | P a g e

NETWORK Bits (8)

SUBNET Bits (8) SUBNET Bits

(4)

HOST Bits

(4)

HOST Bits (8)

27

26

25

24

23

22

21

20

27

26

25

24

23

22

21

20

27

26

25

24

23

22

21

20

27

26

25

24

23

22

21

20

128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0

Notice that the “BLOCK” is the last, lowest subnet bit from the third octet, in this case “16”.

Here the rules get a little weird once again. We know that we can’t use the network address of “0” nor can we use the

broadcast address which is usually “255” by classful standards. Remember that the rules simply state that not all subnet

bits or host bits can be on, nor can they all be off. In this case, using a class A address, we are subnetting MORE than a

full octet. We are using 12 bits total for subnets, which means that in addition to the full 8 bits of the second octet, we are

using 4 bits from the third octet. Because of these 4 additional bits, we CAN turn off all the bits in the second octet,

making it 0, AS LONG AS at least one of the subnet bits is turned on in the third octet. For this reason, if the second octet

were 0, the third octet would HAVE to be at least 16 in order to be valid. A subnet of 10.0.0.x would not be allowed.

10.0.0.x is invalid since ALL subnet bits have been turned off. Nor would 10.0.1.x – 10.0.15.x be allowed. For the second

18 | P a g e

octet to be 0, at least 1 of the first 4 bits in the third octet (128, 64, 32, or 16) must be turned on. Following this rule, the

following use of 0 in the second octet would be allowed:

10.0.16.x

10.0.32.x

10.0.48.x

10.0.64.x

10.0.80.x

10.0.96.x

10.0.112.x

10.0.128.x

10.0.144.x

10.0.160.x

10.0.176.x

10.0.192.x

10.0.208.x

10.0.224.x

10.0.240.x

10.0.240.x is the highest we can go up to, since that is using all 4 subnet bits in the third octet. Again, remember that the

only reason we can use “0” subnet bits in the second octet is IF we turn on at least 1 subnet bit in the third octet. The only

19 | P a g e

reason we can use “240”, that is turn all the subnet bits on in the third octet, is that we have turned all the subnet bits off in

the second octet. We would at least have to turn one of the bits in the second octet off.

What if all the subnet bits in the second octet were turned on? This would give us 255. If this is the case, we could not

use 240 in the third octet, since that would mean all the subnet bits would be turned on. In other words, 10.255.240.x

would be an INVALID subnet. If all the bits are turned on in the second octet, the results are quite different. Example:

10.255.16.x

10.255.32.x

10.255.48.x

10.255.64.x

10.255.80.x

10.255.96.x

10.255.112.x

10.255.128.x

10.255.144.x

10.255.160.x

10.255.176.x

10.255.192.x

10.255.208.x

10.255.224.x

20 | P a g e

In this case, 10.255.224.x is as far as we can go. We can’t use the next BLOCK subnet value, 10.255.240.0, since that

would mean we were turning all 12 subnet bits on.

Subnetting a CLASS B network

Let’s subnet a class B network address of 129.1.x.x:

A class B address allows 16 bits for the network ID and 16 bits for the hosts. If we are going to subnet, we will have to

steal from the remaining 16 bits. Remember the rules: don’t turn all the bits on, neither turn all the bits off. This will apply

to both sides of the table, both the subnet columns and the host columns. This immediately invalidates using just 1 bit in

the third octet, since it could only be either all on or all off. Again, we must start with two bits. The formula for the number

of subnets is the same as for the number of hosts. The “minus two rules” will apply to both sides of the table. With the

example above, 129.1.x.x, we will be using 2 bits for subnetting. Recall that normally a class B address only uses the first

two octets for the network address, the other two are for hosts. In this case, we are subnetting using 2 bits in the third

octet. Our subnet mask will be 255.255.192.0. We are stealing 2 bits from the hosts bits and giving them to the network

bits.

# subnets = (2x – 2) = (22 – 2) = 2

# hosts = (2x – 2) = (214 – 2) = 16,382

21 | P a g e

Subnet Mask = 128 + 64, so 255.255.192.0



CIDR = 129.1.64.x /10

BLOCK = 256 – 192 = 64

BLOCK

NETWORK Bits (8) NETWORK Bits (8) SUBNET HOST Bits (6) HOST Bits (8)

27 26 25 24 23 22 21 20 27 26 25 24 23 22 21 20 27 26 25 24 23 22 21 20 27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0

Valid subnets = 64, then 128 by incrementing 64 (the BLOCK). In other words:

22 | P a g e

subnet 1 = 129.1.64.0

subnet 2 = 129.1.128.0

At this point, we also must add 1 to the BLOCK to obtain the first valid IP address for the subnet. But it does not work like

it does with class C addresses, instead, with class B, simply add the one to the last (4th) octet. Changing the “0” to a “1”

obtains the first valid address in the range. Example, using a BLOCK of 64:

N1 = 129.1.64.1 -> 129.1.127.254

N1 broadcast address = 129.1.127.255

N2 = 129.1.128.1 -> 129.1.191.254

N2 broadcast address = 129.1.191.255

We know by the block that we have to start with “64.1” and “128.1” respectively. To find the end range of the first subnet,

subtract 1 from 128.1, which rolls us back to 127.255, which is the broadcast address. Therefore, subtract 1 more, which

gives us 127.254 the end of the RANGE of valid IP addresses for the first subnet.

Another way to think of it is that, with a subnet mask of 255.255.192.0, there are 16,382 hosts. It would be tedious and

cumbersome to add this to each subnet. Again there is a shortcut! Notice that if we take the third octet and treat it as if it

23 | P a g e

were the 4th octet, the “192” of 255.255.192.0 would become 255.255.255.192. IF this were the case, we would have 6

bits left for hosts, giving us 62 hosts per subnet. Normally, we’d just add the 62 to the start of first range, which would be

determined by taking the block, 64, and adding 1, to give us 65. However, since this is class B and not class C, we have

two octets, not one. Therefore, we actually use the BLOCK address to start, 64, and add the 1 to the next octet. So if we

take our number of hosts and simply add 1 to it, giving us 63 instead of 62 hosts, we can add it to the starting BLOCK to

come up with the end of the range.

64 + 63 = 127

128 + 63 = 191

Now simply tack on the highest number we can get in the last octet, not 255 since it’s the broadcast address, but 254:

N1 = 129.1.64.1 -> 129.1.127.254

N2 = 129.1.128.1 -> 129.1.191.254

24 | P a g e

25 | P a g e

Chapter3: - Supernetting

Supernetting, also known as route aggregation, is the reverse of subnetting. Recall that subnetting robs Peter to pay

Paul, that is, it steals bits that could have been used for host IDs and adds them to the number of bits making up the

network address. We gain subnets, but must sacrifice hosts. Supernetting is simply the opposite of subnetting. We rob

Paul to pay Peter. Instead of stealing bits from the hosts and adding them to the network bits, we steal bits from the

network address and add them to the host bits. This allows you to have more hosts in a class of IP address than would

normally be allowed.

Using supernetting, we could combine several smaller class C networks together to approximate the number of hosts

allowed on a single class B network (65,535). As an example, say we needed a network with approximately 2000 hosts.

If we used a class B network, this would waste about 63,000 addresses, since 65,000 – 2,000 would leave 63,000. What

if instead we supernetted some class C networks? Since class C networks can hold 254 hosts each, if we combine 8 of

them we would get about 2000 hosts (8 x 254 = 2032 hosts). To use our formula, we are taking 3 bits from the network

side and giving them to the 8 bits on the host side for a total of 11 bits. Therefore: (2x - 2) = (211 - 2) = (2,048 - 2) = 2,046

hosts.

Now here’s the confusing part. A “supernetted” class C network looks like a “subnetted” class B network, when you look

at the subnet mask. It gets a little weird because we are using CIDR, and when we go classless the “rules” we are used

to get bent. We would normally use 24 bits for the network portion of a class C address and 8 bits for the host portion.

That would be CIDR /24. If we supernet, we will steal bits from the network side and give them to the host side. Let’s look

at a class C address:

26 | P a g e

Class C Address Supernetted Subnet

Mask Binary

220.78.168.0 255.255.248.0 11111111.11111111.11111000.00000000

Instead of the normal 8 bits for host IDs, this would give us an additional 3 bits. The class C networks we would combine,

at 254 hosts each, would be:

220.78.168.0

220.78.169.0

220.78.170.0

220.78.171.0

220.78.172.0

220.78.173.0

220.78.174.0

220.78.175.0

27 | P a g e

The expression 220.78.168.0 with a subnet mask of 255.255.248.0 would express the fact that the class C network

consists of a supernetted group of 8 class C networks. It could do this as a single routing table entry of

220.78.168.0/255.255.248.0.

Chapter4:- CIDR and VLSM

A. Contiguous VLSM

Classful IP addressing wastes IP addresses. Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masks

(VLSM) give us a way to subnet subnets, conserving network addresses and gaining additional subnets per network

address.

28 | P a g e

Contiguous VLSM can be thought of as splitting subnets into a binary tree. essentially, we subnet a subnet. This tree

then forks so that we are subnetting a subnet of a subnet. Each time we progress further down in the tree, a greater

number of bits become "stuck" and can not be turned on or off.

CIDR replaces subnet masks as a more flexible way of declaring which bits represent the network IDs and which bits

represent the host IDs. It is represented by a slash “/” and the number of bits used for the network ID. Here’s some

examples:

Address Class Subnet Mask # network bits CIDR Notation

CLASS A 255.0.0.0 8 /8

CLASS B 255.255.0.0 16 /16

CLASS C 255.255.255.0 24 /24

Variable Length Subnetting a Class B Network

Remember we said VLSM is a way to subnet subnets? Let’s look at a class B example.

Default Class B

29 | P a g e

Range = 128-191 (in 1st octet by RFC)

Subnet Mask = 255.255.0.0

CIDR = /16

# hosts = 65,534 Formula = (2x – 2) so ( 216 – 2 )

# networks = 16,384 Formula = 2(y-2) so ( 2(16-2) so 214 )

*Note: Remember that RFC standards state that the first 2 bits are fixed for class B.

One single class B network would give us 65,534 host addresses.

157.54.0.0 /16 = 65,534 host addresses

If we divide this network into two subnets, we could get about half of that, or 32,000 hosts per subnet.

Class B in 2 Subnets

N1 = 157.54.0.0 /17 = approximately 32,000 hosts addresses Mask = 255.255.128.0

N2 = 157.54.128.0 /17 = approximately 32,000 hosts addresses Mask = 255.255.128.0

30 | P a g e

Since the first two octets are the network address in class B networks, we will subnet the third octet and steal bits from the

host side. Notice that our old classful -2 rules are being bent here. Under VLSM, we use subnet bits that are all on and

all off sometimes.

Subnet 1 (128 bit off) =

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

0 x x x x x x x

Subnet 2 (128 bit on) =

27 26 25 24 23 22 21 20

128 64 32 16 8 4 2 1

1 x x x x x x x

31 | P a g e

We can further divide one of the 2 subnets above of our class B address into more subnets. Using CIDR and two

subnets, we are currently using 17 bits for the network address /subnetting. Remember that when we use 4 bits to subnet

a typical octet, we get 14 subnets and 14 hosts. In this case, we can use the subnet we are subnetting as first subnet, so

in place of 14, we could get 15 subnets. We just add 4 more bits to the 17 bits we are already using with CIDR. 17 + 4 will

give us a total of 21 bits. Adding 4 more bits to the 1 we are already using gives us what appears to be 5 bits to subnet

with, however, the first bit, the 128 bit, is special. Because it represents a subnet itself, if we further subnet this address it

will become like the network address. It will be “stuck” on, and we can only manipulate the 4 new bits we have added for

subnets. Look at the third octet, the 128 bit is shaded since it is now stuck. Remember, we are now subnetting what was

already a subnet.

27 26 25 24 23 22 21 20 Base

10 128 64 32 16 8 4 2 1

1 0 0 0 0 x x x 128

1 0 0 0 1 x x x 136

1 0 0 1 0 x x x 144

32 | P a g e

1 0 0 1 1 x x x 152

1 0 1 0 0 x x x 160

And so on and so on …

Because the 128 bit is “stuck”, every subnet from here on out must add the 128 bit, we have no choice. Here, using

CIDR, the “no subnet or host bits all on/all off” rule can be bent, allowing us to use 128 itself as the first subnet. With this

in mind, the next lowest value we can come up with will be 8 + the 128 that is “stuck” on. Therefore, the next subnet will

be 136, and we will keep adding 8 (the “BLOCK”) until we have 15 subnets. So, 128, 136, 144, 152, 160 and so on.

The number of bits left for hosts would be 8 from the 4th octet plus the 3 left from the 3rd octet, for a total of 11 bits. Now

we have the facts we need. We are using 4 bits for subnetting and 11 bits are left for hosts. Let’s use our formulas.

Subnets = (2x – 2) = (24 – 2) = 14. Remember that we are using CIDR now and can bend the rules a little, so we actually

get our 15 networks here since we can use 128 as the starting subnet.

Hosts = (2x – 2) = (211 – 2) = (2048 - 2) = 2046. So, when using CIDR /21, we can get approximately 2000 hosts on each

subnet. Let’s sum things up so far:

Class = B

33 | P a g e

Subnet Mask = 255.255.248.0

CIDR = /21

BLOCK size = 8

Hosts per subnet = (2x – 2) = (211 – 2) = (2048 – 2) = 2046

hosts

15 Subnets of previous Class B N2

N1 of N2 = 157.54.128.0 /21

N2 of N2 = 157.54.136.0 /21

N3 of N2 = 157.54.144.0 /21

N4 of N2 = 157.54.152.0 /21

N5 of N2 = 157.54.160.0 /21

34 | P a g e

N6 of N2 = 157.54.168.0 /21

N7 of N2 = 157.54.176.0 /21

N8 of N2 = 157.54.184.0 /21

N9 of N2 = 157.54.192.0 /21

N10 of N2 = 157.54.200.0 /21

N11 of N2 = 157.54.208.0 /21

N12 of N2 = 157.54.216.0 /21

N13 of N2 = 157.54.224.0 /21

N14 of N2 = 157.54.232.0 /21

N15 of N2 = 157.54.240.0 /21

Now suppose that we want to take one of the 15 subnets subnetted from the 2nd subnet of the class B network and subnet

one of those. Remember that we are now subnetting a subnet of a subnet of a class B network. Let’s say we want to

approximate about 8 Class C networks using our class B address. We are already using CIDR /21, and remember that

with CIDR we can bend our -2 rule a little bit. Let’s pick the last subnet of the previous stage – 157.54.240.0 /21 . To get

8 more subnets, we need to add 3 more bits. 2x = 23 = 8, and no minus 2 this time, we are bending the rules with CIDR.

35 | P a g e

Therefore, our new CIDR notation is /24, which is, coincidentally, leaving us with the same number of host bits we would

be left with a normal class C network. Let’s choose the last subnet in the previous stage, the “240”, to subnet. Since we

are subnetting a subnet of a subnet, the original 128 bit will be “stuck” this time as well as the 4 we added. A total of five

bits have now become “stuck”:

27 26 25 24 23 22 21 20 Base

10 128 64 32 16 8 4 2 1

1 1 1 1 1 0 0 0 248

1 1 1 1 1 0 0 1 249

1 1 1 1 1 0 1 0 250

1 1 1 1 1 0 1 1 251

1 1 1 1 1 1 0 0 252

1 1 1 1 1 1 0 1 253

1 1 1 1 1 1 1 0 254

36 | P a g e

1 1 1 1 1 1 1 1 255

To sum things up:

Class = B

Subnet Mask = 255.255.255.0

(looks like a class C, but it’s a VLSM subnetted class B)

CIDR = /24

BLOCK size = 1 (Interesting, huh?)

Hosts per subnet = (2x – 2) = (28 – 2) = 254

# of subnets = 2x = 23 = 8

8 Subnets of previous N15 of Class B N2

N1 of N15 of N2 = 157.54.248.0 /24

37 | P a g e

N2 of N15 of N2 = 157.54.249.0 /24

N3 of N15 of N2 = 157.54.250.0 /24

N4 of N15 of N2 = 157.54.251.0 /24

N5 of N15 of N2 = 157.54.252.0 /24

N6 of N15 of N2 = 157.54.253.0 /24

N7 of N15 of N2 = 157.54.254.0 /24

N8 of N15 of N2 = 157.54.255.0 /24

B. Non-Contiguous VLSM

But wait! It gets even weirder my friend! The classful subnetting rules that make our lives so safe and predictable are

about to be twisted and contorted even more. Ofcourse, if you didn't have a truly twisted mind you wouldn't be into VLSM

in the first place. Come to think of it, have you ever met anyone in this business that's "normal" ? Thinking ... Hmmm ...

Nope. If you're into this stuff, you're a fruitcake, myself included. Denial. It's not just a river in Egypt.

Anyway, another way to look at VLSM is in terms of BLOCK sizes and hosts/subnets required. Remember that the

38 | P a g e

BLOCK is always the lowest bit that belongs to the subnet bits. It can also be calculated by subtracting the subnet mask

value from 256. Example:

27 26 25 24 23 22 21 20 Subnet

Mask

BLOCK

128 64 32 16 8 4 2 1

1 1 0 0 0 0 0 0 .192 64

1 1 1 0 0 0 0 0 .224 32

1 1 1 1 0 0 0 0 .240 16

1 1 1 1 1 0 0 0 .248 8

1 1 1 1 1 1 0 0 .252 4

Or, if you prefer:

256 – 192 = 64

256 – 224 = 32

256 – 240 = 16

39 | P a g e

256 – 248 = 8

256 – 252 = 4

You can see the BLOCKs as they are associated with each subnet mask above. Using this information, we can construct

a table that will assist us when using VLSM. To apply VLSM to a class C network, we would start with a /24 due to the

subnet mask of 255.255.255.0. We would then simply continue adding subnet bits to /24 like so:

CIDR Subnet Mask Subnets Hosts BLOCK

/26 .192 2 62 64

/27 .224 6 30 32

/28 .240 14 14 16

/29 .248 30 6 8

/30 .252 62 2 4

*Notice the inverse relationship between the subnets and hosts columns.

Suppose we had a network, 192.168.20.x, and we needed 8 subnets for that network. If the number of hosts needed for

each subnet is in the range from 30 hosts – 2 hosts, we would be forced into using only 6 subnets, since we would need 5

40 | P a g e

bits for hosts. The only way we could get 8 subnets out of a single class C network address, and still allow for up to 30

hosts on a subnet, is if we use VLSM.

The goal is to continuously use the smallest BLOCK size possible to accommodate the number of hosts. Example:

Subnet Hosts Needed CIDR

Subnet Mask BLOCK

Hosts Provided

N1 11 /28 .240 16 14

N2 19 /27 .224 32 30

N3 23 /27 .224 32 30

N4 5 /29 .248 8 6

N5 2 /30 .252 4 2

N6 2 /30 .252 4 2

N7 2 /30 .252 4 2

N8 2 /30 .252 4 2

41 | P a g e

*Notice the interesting minus two relationship between the BLOCK and the number of hosts provided. Subtract two from

the block and that is the # hosts.

Once we have our BLOCK table figured out, we need to decide where to place our BLOCKed subnets in the range of

available addresses 1-254. The rule to follow here is that, we must either start from “0”, or else an increment of the

current BLOCK. In other words, if we started with a BLOCK value of 64, we would have to start with 0, 64, 128, or 192. If

we had other BLOCK values of 32, we would have to squeeze them in between the 64 BLOCK ranges, and where we

squeeze them would have to be an increment of 32. The same could be said for any other BLOCK sizes such as 16, 8 or

4.

It’s usually easiest to start with the largest BLOCKs, fit them in, then move to the smaller BLOCKs. Remember that you

must START with the block size or a multiple thereof, so if the block size were 32, you would start at 32 and then 64 and

so on. Here, we will therefore start with the two 32-sized BLOCKs above. We can place one 32-sized BLOCK between

32-64, and another 32-sized BLOCK between 64-96. That takes care of those two. Now the next largest BLOCK is 16.

Where can we place that? We might place it between 16-32, since it has not yet been used. We could place the 8

BLOCK between 8-16, since it has not been used, and the remaining 4 BLOCKs will be easy to place at the end since

they are so small. We could place them respectively between 96-100, 100-104, 104-108, and 108-112.

As an illustrated example:

Class C IP Address Range Table

42 | P a g e

0 -

4 -

8 --------------------------------------------------

-

12 - N4 (BLOCK 8)

16 ------------------------------------------------

--

20 -

24 - N1 (BLOCK 16)

28 -

32 –----------------------------------------------

---

36 -

40 -

132 -

136 -

140 -

144 -

148 -

152 -

156 -

160 -

164 -

168 -

172 -

176 -

180 -

43 | P a g e

44 - N2 (BLOCK 32)

48 -

52 -

56 -

60 -

64 –----------------------------------------------

---

68 -

72 -

76 -

80 - N3 (BLOCK 32)

84 -

88 -

184 -

188 - FREE AND UNUSED

192 -

196 - ADDRESS SPACE

200 -

204 -

208 -

212 -

216 -

220 -

224 -

228 -

232 -

44 | P a g e

92 -

96 ------------------------------------------------

--

100 – N5 (BLOCK 4)

104 – N6 (BLOCK 4)

108 – N7 (BLOCK 4)

112 – N8 (BLOCK 4)

116 -

120 -

124 -

128 -

236 -

240 -

244 -

248 -

252 -

256 -

45 | P a g e

Chapter5:- Routing Protocols

A. RIP

Stands for “Routing Information Protocol”. It is a generic protocol supported by many platforms, vendors, hardware and

operating systems. RIPv1 is classful (can not do dis-contiguous networks, does not transmit subnet information). Only

supports IP routing.

1. Distance Vector Protocol – uses a “hop count”, judges distance. Uses

a simple metric, sends the entire routing table to directly connected

46 | P a g e

neighbors. Called “routing by rumor”. Uses broadcasts that send the

complete routing table out every 30 seconds.

2. AD = 120 (highest)

3. Pinhole Congestion – RIP is prone to pinhole congestion since it uses

only a simple metric. If there are two links with the same hop count

but one link is much slower than the other, RIP will not take

advantage of the faster link.

4. Convergence time = slow.

5. Maximum Hop Count = 15. A hop count of “16” is considered down or

unreachable.

6. RIPv1 vs. RIPv2 – RIPv1 does classful routing, it does not send any

subnet information, so all devices on the network must use the same

subnet mask. RIPv2 does classless routing (prefix routing), it will

transmit subnet information so all devices on the network need not

have the same subnet mask.

7. Timers:

47 | P a g e

Route Update – interval between routing updates (30 seconds default)

Route Invalid – interval for route to be determined as invalid

(180 seconds default)

Route Holddown – time during which routing information is

suppressed (180 seconds default)

Route Flush – interval for route to become invalid and be removed

from the table (240 seconds default)

8. passive-interface – command prevents RIP broadcasts from being

transmitted out the specified interface, thought RIP broadcasts may

still be received. Example:

Example:

MrRouter> enable

MrRouter# config t

MrRouter# router rip

MrRouter# network 192.168.10.0

MrRouter# passive-interface s0/0

B. OSPF

48 | P a g e

Stands for “Open Shortest Path First”. It is a generic protocol supported by many platforms, vendors, hardware and

operating systems. Only supports IP routing. Only supports IP routing.

1. Link State Protocol – uses a link state database instead of a hop

count. Creates 3 separate tables: 1 = neighbors, 2 = topology, 3 =

routing table.

2. AD = 110

3. Dijkstra – algorithm constructs the shortest path tree which populates

the routing table. Next to EIGRP, OSPF has the fasted convergence

time.

4. link – network/router interface assigned to given network. The link

will have a state (up or down) as well as an IP address assigned to it.

5. Router ID – highest IP address of all interfaces on the router, used to

identify the router itself.

6. Neighbors – two or more routers that have interfaces in common on

the same network.

49 | P a g e

7. Adjacency – relationship between two OSPF routers that permits the

exchange of routing updates.

8. Neighborship database – list of all OSPF routers for which “Hello”

packets have been sent.

9. LSA packets – Links State Advertisements are only exchanged

between OSPF routers that have adjacencies.

10. Topology database – information from all LSA (Link State

Advertisement) packets that have been received for a particular

area.

11. Designated Router (DR) – use to minimize the number of adjacencies

required. The DR receives and disseminates information from routers

on the broadcast network/link to synchronize their topology tables.

It is selected by the router with the highest priority. If the priorities

are the same, the router with the highest ID is selected.

12. Backup Designated Router (BDR) – hot standby for DR.

13. OSPF Area – group of contiguous networks and routers. Area IDs can

50 | P a g e

be different for each interface on a router since a router can connect

different networks with different Area numbers. All routers in the

same “Area” will have the same Area ID. For routers to establish

adjacencies they must be in the same area.

14. SPF – (Shortest Path First) algorithm that calculates the shortest

path to every network in the same Area (sharing the same Area ID).

A separate tree is constructed for each area, so if a router is a

member of more than one area, it will have multiple trees. It uses

cost (QSPF) to calculate the best path as its metric. This is different

for different vendors. For CISCO it is (108/bandwidth) represented in

millions. So a 10 Mbps link will have a higher cost of 10

(100,000,000/10 = 10,000,000) and a 100Mbps link will have a lower

cost of (100,000,000/100 = 1,000,000).

Note: the “router ospf 1” refers to a process ID and not the Area. Areas are specified with

the “network” command and the “area” option.

Example:

MrRouter> enable

MrRouter# config t

51 | P a g e

MrRouter# router ospf 1

MrRouter# network 192.168.10.0 255.255.255.0 area 51

Diagnostics:

sh ip route

sh ip ospf = stats, LSA

sh ip ospf database = topology

sh ip ospf interface = RID, PID, priority, DR and BDR

sh ip ospf neighbor = neighbors and adjacency states

Loopback interfaces

When using OSPF, one should configure a loopback. Loopbacks will never go down since they are virtual, not real. If you

don’t use a loopback, the RID (Router ID) will be set to the highest IP address of the router. The problem with this is that if

the interface goes down, a re-election must take place to choose a DR and BDR based on the new highest IP. If this

happens with a flapping link the routers will never converge and this could bring the entire network down. Loopbacks

never go down and so are safer to use for a router ID. Example:

Router_A(config)# int loopback 0

Router_A(config-if)# ip address 192.168.90.1 255.255.255.0

Router_A(config-if)# no shut

52 | P a g e

C. IGRP

Stands for “Internet Gateway Routing Protocol”. It is a proprietary protocol that can only be used on Cisco routers and

equipment. Classful (does not include the subnet in it route, can not do dis-contiguous networks.) Only supports IP

routing.

1. Distance Vector Protocol – uses a composite metric composed of

combinations of bandwidth, delay of the line, MTU, link reliability and

load. This is more complex that RIP’s simple hop count, so it allows

IGRP to take advantage of faster links where the hop count would be

the same.

2. AD = 100

3. Maximum Hop Count = 255. The default is 100. This makes IGRP

better suited to larger networks than those that use RIP.

4. AS number – all routers using IGRP must be within the same autonomous system and use

the same autonomous system number in order to communicate. Example: router igrp 10.

5. Timers:

53 | P a g e

Update – interval between routing updates (90 seconds default)

Invalid – interval for route to be determined as invalid

(default = 3x update timer)

Holddown – time during which routing information is

suppressed (default = 3x update timer + 10)

Flush – interval for route to become invalid and be removed

from the table (default = 7x update timer)

Example:

MrRouter> enable

MrRouter# config t

MrRouter# router igrp 10


D. EIGRP

Stands for “Enhanced IGRP”. It is a proprietary protocol that can only be used on Cisco routers and equipment. It is

classless (transmits subnet information). Supports multiple protocols – IP, IPX and Appletalk. Uses Cisco’s proprietary

RTP (Reliable Transport Protocol). Supports VLSM and dis-contiguous subnets.

54 | P a g e

1. Hybrid Protocol – uses a combination of link state data and hop count

in its metric. Uses “Hello” messages to establish neighbors. Uses

“routing by rumor”. It also uses bandwidth, delay, load and

reliability.

2. AD = 90 (lowest)

3. Maximum Hop Count = 255.

4. AS number – all routers using IGRP must be within the same autonomous system and use

the same autonomous system number in order to communicate. Only routers with the

same AS number share routes. Routes within the same AS are internal EIGRP routes and

have as AD of 90. Routes outside the same AS are external EIGRP routes and have an AD

of 170.

5. Hello – Hello messages composed of Hello packets form adjacencies

(neighbor associations) between neighbors.

6. RTP – Uses multicast traffic over 224.0.0.10 and creates/maintains a

list of replies as “neighbors”.

7. DUAL – Diffusing Update Algorithm. Gives EIGRP the fastest

55 | P a g e

convergence time among all routing protocols. Allows VLSM. Route

recoveries and backup routes.

8. Commands:

show ip eigrp topology – show topology table

show ip eigrp neighbor – show neighbor table

Example:

MrRouter> enable

MrRouter# config t

MrRouter# router eigrp 80


E. Definitions

AD = Administrative Distance. It rates the trustworthiness of routing information. The lower the AD value, the more

trustworthy routing information is considered to be. If a router receives several updates from different routing protocols,

the one with the lowest AD value will be utilized in place of anything with a higher value. If the AD value is the same,

56 | P a g e

routing protocol metrics will be used to decide routing table entries. If the AD and the metric are the same, the routers will

load balance updates in round robin fashion.

convergence – when dynamic routing protocols have updated all routers with all routes.

Split horizon – Keeps routing information from being sent back in the direction from which it was received. Prevents

routing loops.

Route Poisoning – When a network goes down, its hop count is advertised as 16 (unreachable), regardless of what its

true hop count may be.

Holddowns – prevents a route that is going up and down frequently (flapping) from bring down an entire network. If

flapping were allowed indefinitely, routers could never converge and this could affect the entire network. Holddowns

prevent routes from changing too rapidly by pausing and causing routers to wait a specified interval before updating to

allow a router that has gone down to come back up or an alternate route to be selected.

sh protocols = displays routed protocols and the interface on which they are enabled

sh ip protocols = display routing protocols configured on router

sh ip route = display routing table with static and dynamic routes

57 | P a g e

sh run = display dynamic routes and advertised routes

debug ip rip = sends router updates as they are sent/received

debug ip igrp events = displays protocol events as they are sent/received

debug ip igrp transactions = displays protocol transactions as they are sent/received

undebug all = turns off debugging (un all)

58 | P a g e

Chapter6:- Switches

A. Overview

Hubs = layer 1 devices. Do not filter, merely propagates signal. Does not create

separate collision domains between hosts.

Active = serves as a repeater, amplifies signal, extends range lost to

attenuation

Passive = does not amplify signal, limited by specified attenuation length of

media (100 meters for Cat5e)

Bridges – Layer 2 device, splits a network into 2 collision domains.

Switches = Layer 2 devices, contain a MAC table and filter frames based on MAC

address. Place connections between any two hosts in a separate collision

domain. They use ASICS (Application Specific Integrated Circuits) to build

and maintain the MAC tables.

59 | P a g e

Routers = Layer 3 devices, contain a routing table to route traffic between networks,

places networks in different broadcast domains.

Layer 3 Switches – A (layer 2/layer 3) combination device. It can be used as a switch

to place hosts in separate collision domains. When used with a

router and sub-interfaces, it can place hosts into VLANs, thus

separating them into different broadcast domains.

Switches have 3 Layer 2 Functions:

1. Address Learning – learns MAC address of all connected hosts

2. Forward/Filter Decisions – filters by MAC using ASICs

3. Loop Avoidance – prevents redundant links from creating loops. Switches need redundant connection

in case connections fail, but loops from these redundant connections must be avoided. If not, a

broadcast strom will result where broadcasts are endlessly propagated and flood the network.

B. STP

STP - (Spanning Tree Protocol) stops network loops from occurring on layer 2 switches. It uses the STA (Spanning Tree

60 | P a g e

Algorithm) to create a topology database of all connected switches, then it removes redundant links. Frames will then only

be forwarded on STP chosen ports. Convergence using STP takes approximately 50 seconds, at which point ports can

go from blocking to forwarding mode.

Root Bridge – bridge (switch) elected with the best root ID. All decisions concerning whether ports are blocked or placed

into forwarding mode are made by this bridge.

BPDU – (Bridge Protocol Data Unit) exchanged between switches to select the root bridge through comparison with

neighbors.

Bridge ID – The switches ID. STP uses this to keep track of all the switches on a

network. It is determined by combining the priority with the MAC address of the switch. Priorities may be a value between

1 and 32,768, with 32,768 as the default for all switches. The bridge with the lowest ID is elected the root bridge. If

switches all use the same default priority, then the switch with the lowest MAC address will win.

Root port – the port that presents shortest path to the root bridge. If more than one port exists, bandwidth is used to

determine cost.

Designated port – port with the lowest cost, it will be set to forward.

Non-designated Port – port with higher cost than designated port, placed in blocking mode.

Forwarding port – always forwards frames (lowest cost and closest to root bridge)

61 | P a g e

Blocking port – listens to BPDUs, but does not forward frames (blocks them).

STP States:

1. Blocking – frames not forwarded, just listens to BPDUs

2. Listening – listens to BPDUs to avoid loops

3. Learning – listens to BPDUs, populates MAC table, does not forward frames

4. Forwarding – frames forwarded

5. Disabled – unused

C. Switching Types

1. Cut-through – (FastForward) only waits for destination MAC address to forward

frame.

2. FragmentFree – 1st 64 bytes of frame buffered and checked for fragmentation, then

forwarded if everything is o.k. This blocks fragments (runts) caused

62 | P a g e

by collisions.

3. Store-and-Forward – complete data frame is loaded into switch’s buffer, a CRC is

calculated to make sure it is error free, and only then is the

destination looked up in the switch’s MAC table and the frame

forwarded.

D. Cisco Switch Models

1900 Catalyst – Cisco’s basic model, consisting of the 1912 (12 10 BaseT ports) and 1924 (24 1o BaseT ports). Each

switch has two 100Mbps uplinks consisting of UTP or fiber.

2950 Catalyst – Cisco’s deluxe model, many varieties from 10Mbps to 1Gbps, offers advanced features for data, video,

voice and data.

E. 1900 Setup

1. Press “K”.

Passwords

ZSwitch> enable

63 | P a g e

ZSwitch# config t

ZSwitch(config)# enable password level 1 superfunyay (user password)

ZSwitch(config)# enable password level 15 DrewBerrymore (enable password)

ZSwitch (config)# enable secret SandraBullock (secret password)

ZSwitch# sh run

ZSwitch(config)#hostname ZSwitch

IP Addressing

ZSwitch# sh ip (display IP address)

ZSwitch# config t

ZSwitch(config)# ip address 172.16.10.16 255.255.255.0

ZSwitch(config)# ip default-gateway 172.16.10.1

ZSwitch(config)# exit

Configuring Ports (1900 has only one slot “0”)

ZSwitch(config)# int ethernet 0/? (display # ports you can configure)

ZSwitch(config)# int ethernet 0/1 (selects a port to configure)

ZSwitch (config)# int fastethernet 0/26

ZSwitch# sh int e0/1 (selects a port to display)

64 | P a g e

ZSwitch# sh int f0/26

ZSwitch# int e0/1

ZSwitch# description Finance_VLAN (notice no abbreviation)

Configuring Full Duplex (Only available on fast-ethernet ports 26/27)

ZSwitch(config)# int f0/26

ZSwitch(config-if)# duplex full

Diagnostic Commands

ZSwitch# ping 172.16.10.1

ZSwitch# telnet 172.16.10.1

Erasing (since switches save to NVRAM automatically)

ZSwitch# delete nvram

F. 2950 Setup

Passwords

ZSwitch> enable

65 | P a g e

ZSwitch# config t

ZSwitch(config)# enable password scoobydoo

ZSwitch(config)# enable secret cisco

ZSwitch(config)#line console 0

ZSwitch(config-line)# password console

ZSwitch(config-line)#login

ZSwitch(config)#line vty 0 15

ZSwitch(config-line)#password telnet

ZSwitch(config-line)#login

ZSwitch(config-line)#cntrl+z

IP Addressing (must select the administrative “vlan1”)

ZSwitch# config t

ZSwitch(config)# interface vlan1

ZSwitch(config-if)# ip address 172.16.10.17 255.255.255.0

(Note: We have to exit interface config to global to configure gateway)

ZSwitch(config-if)#exit

ZSwitch(config)#ip default-gateway 172.16.10.1

ZSwitch(config)#exit

66 | P a g e

Viewing Slots (only 1, so only 0 is valid)

ZSwitch(config)# interface fastEthernet ?

<0-2> FastEthernet interface number

ZSwitch(config)# interface fastEthernet 0?

ZSwitch(config)# interface fastEthernet 0/?

<0-12> FastEthernet interface number

Configuring a Port

ZSwitch(config)# interface fastEthernet 0/1

ZSwitch(config)# int fa0/1

ZSwitch(config-if)# duplex full

ZSwitch(config-if)# speed 100

ZSwitch(config-if)#description VIPPA_VLAN (can us abbreviation on 2950)

ZSwitch# sh int fa 0/1 (selects a port to display)

Configuring Portfast (causes port not to wait 50 seconds for STP)

ZSwitch(config-if)# spanning-tree portfast (be careful not to have any loops if turngin this on)

67 | P a g e

Erasing and Saving

ZSwitch# erase startup-config

ZSwitch# copy run start

Chapter7:- VLANs

A. Introduction

VLANs allow a Layer 2 device such as a switch to perform some Layer 3 functions by separating hosts connected to

different ports into subnets. These VLANs must be coupled with sub-interfaces on a router, and they can span many

different switches across the network, combining them into groups of VLANs that may run throughout a building.

Why VLANs?

1. Separating Broadcast domains for limiting traffic

68 | P a g e

2. Security (only hosts in the same VLAN may access resources, access lists)

3. Grouping of hosts irrespective of location

There are 2 types of VLANs:

1. static – configured by an administrator

2. dynamic – automatically configured. Uses a VLAN Management Policy Server

(VMPS) to set up a database mapping MAC addresses to VLANs. In this way, if

a host moves around the network, the switch will assign them to the correct

VLAN automatically.

B. VLAN Links

Access Links – part of one VLAN, attached devices are unaware of VLAN membership, the switch removes the VLAN

information from the frame before it’s sent to the device connected to the access link.

Trunk Links – a 100Mbps to 1000Mbps direct point-to-point link between two switches, a switch and router, or a switch

and a server. They may carry the traffic of multiple VLANs from 1 to 1005. Without a trunk link, only VLAN1 information

(the administrative VLAN) will be transmitted from switch to switch.

69 | P a g e

Frame Tagging – VLAN information is added to frames as they enter a switch based on the port’s VLAN membership.

The VLAN information is then removed from the frame when it arrives at its destination.

C. VLAN Router Settings and Sub-Interfaces

80/20 – keep 80 % of the traffic on the local network, and 20% traversing a router.

ISL – (Inter-Switch Link) is a proprietary Cisco routing protocol. Follows 80/20 rule. Requires all Cisco routers.

IEEE 802.1Q – inserts a field into the frame to identify the VLAN. A non-proprietary IEEE standard. Mix and Match.

VTP – (VLAN Trunking Protocol) allow remote management, addition, deletion and administration of VLANs.

VTP Domain – switched in the same VTP domain share VLAN information.

VTP Server – switch that acts as the VTP server and configure VLAN information.

VTP Client – switches that are configured to get their VLAN information from A VTP

server.

VTP Transparent – switches that are not part of a VTP domain, but they will forward

VTP information through their trunk links

VTP Pruning – reduces traffic to switches by sending VTP broadcast information ONLY to the switches that truly need it.

70 | P a g e

D. 1900 VLAN Configuration

Configuring VLANs

ZSwitch# config t

ZSwitch(config)# hostname ZSwitch

ZSwitch(config)# vlan 2 name sales

ZSwitch(config)# vlan 3 name marketing

ZSwitch(config)# vlan 4 name mis

ZSwitch(config)# exit

ZSwitch# sh vlan (display VLAN database)

ZSwitch(config)# int e0/2

ZSwitch(config-if)# vlan-membership static 2

ZSwitch(config-if)# int e0/4


ZSwitch(config-if)# int e0/5


ZSwitch(config-if)# CTRL + Z

ZSwitch# sh vlan-membership

Configuring Trunk Ports (remember only last 2 ports)

71 | P a g e


ZSwitch(config-if# trunk on

ZSwitch(config)# sh trunk a (a or b, shows trunk ports and enacpsulatoin type)

VTP Server Configuration

ZSwitch(config)#vtp server

ZSwitch(config)#vtp domain SuperFun

ZSwitch# sh vtp

ZSwitch# delete vtp

E. 2950 VLAN Configuration

Configuring VLANs

ZSwitch#vlan database

ZSwitch(vlan)# vlan 2 name Sales

ZSwitch(vlan)# vlan 3 name Marketing

Setting Ports as VLAN Members

ZSwitch(config)#int f0/2

72 | P a g e

ZSwitch(config-if)#switchport access vlan 2

ZSwitch(config-if)#switchport mode access

ZSwitch(config-if)#int f0/3

ZSwitch(config-if)#switchport access vlan 3

ZSwitch(config-if)#switchport mode access

ZSwitch(config-if)#exit

ZSwitch# sh vlan

Configuring Trunk Ports

For all VLANs to be allowed to traffic over this link:


ZSwitch(config-if)#switchport mode trunk

To limit VLAN traffic over this link:


ZSwitch(config-if)# switchport trunk allowed vlan except 2

VTP Server Configuration

ZSwitch(config)#vtp server

ZSwitch(config)#vtp domain SuperFun

73 | P a g e

ZSwitch# sh vtp status

ZSwitch# sh vtp counters

F. Router VLAN Configuration

Sub-Interfaces and Encapsulation

ZRouter#config t

ZRouter(config)#int f0/0

ZRouter(config-if)#no ip address

ZRouter(config-if)#int f0/0.1

ZRouter(config-subif)#

ZRouter(config-subif)#encapsulation isl 1

ZRouter(config-subif)#ip address 172.16.10.1 255.255.255.0

G. LAB Application (VLANS + Sub-interface Routing)

74 | P a g e

1. Connect into Switch1900A switch and set the hostname, passwords, interface descriptions, IP address, subnet mask

and default-gateway information. The IP address of the switch will be 172.16.40.2/24, with a default gateway of

172.16.40.1. When the configuration is complete, verify the configuration by pinging the default gateway.

75 | P a g e

>enable

#config t

(config)#hostname Switch1900A

Switch1900A(config)#enable password level 1 kitty

Switch1900A(config)#enable password level 15 kitty1

Switch1900A(config)#enable secret kitty

Switch1900A(config)#ip address 172.16.40.2 255.255.255.0

Switch1900A(config)#ip default-gateway 172.16.40.1

Switch1900A(config)#interface fastethernet 0/26

Switch1900A(config-if)#description Link_to_2600A

Switch1900A(config-if)#interface fastethernet 0/27

Switch1900A(config-if)#description Link_to_HostE

Switch1900A(config-if)#exit

Switch1900A(config)#exit

Switch1900A#ping 172.16.40.1

2. Connect into Switch1900B switch and set the hostname, passwords, interface descriptions, IP address, subnet mask



76 | P a g e

>enable

#config t

(config)#hostname Switch1900B

Switch1900B(config)#enable password level 1 kitty

Switch1900B(config)#enable password level 15 kitty1

Switch1900B(config)#enable secret kitty

Switch1900B(config)#ip address 172.16.50.2 255.255.255.0

Switch1900B(config)#ip default-gateway 172.16.50.1

Switch1900B(config)#interface fastethernet 0/26

Switch1900B(config-if)#description Link_to_2600B

Switch1900B(config-if)#interface fastethernet 0/27

Switch1900B(config-if)#description Link_to_HostF

Switch1900B(config-if)#exit

Switch1900B(config)#exit

Switch1900B#ping 172.16.50.1

3. Connect into Switch2950A switch and set the hostname, passwords, interface descriptions, IP address, subnet mask



Switch>enable

Switch#config t

77 | P a g e

Switch(config)#hostname Switch2950A

Switch2950A(config)#enable password kitty

Switch2950A(config)#enable secret fluffy

2905A(config)#line console 0

Switch2950A(config-line)#password console

Switch2950A(config-line)#login

Switch2950A(config-line)#line vty 0 15

Switch2950A(config-line)#password console

Switch2950A(config-line)#login

Switch2950A(config-line)#exit

Switch2950A(config)#ip default-gateway 172.16.10.1

Switch2950A(config)#interface VLAN 1

Switch2950A(config-if)#ip address 172.16.10.3 255.255.255.0

Switch2950A(config-if)#interface fastethernet 0/3

Switch2950A(config-if)#description Trunk Link to Switch2950B

Switch2950A(config-if)#switchport mode trunk

Switch2950A(config-if)#speed 100

Switch2950A(config-if)#duplex full

Switch2950A(config-if)#exit

Switch2950A(config)#exit

Switch2950A#ping 172.16.10.1

78 | P a g e

This ping will not work until you delete ip address for interface f0/0.1 on the Router2600C.

4. Create a VTP domain of SuperFun and leave the 2950 switch as a VTP server.

Switch2950A#config t

Switch2950A(config)#vtp domain SuperFun

5. Connect to the Switch2950B switch and set the hostname, passwords, interface descriptions, IP address, subnet

mask and default-gateway information. The IP address of the switch will be 172.16.10.4/24, with a default gateway of


>enable

#config t

(config)#hostname Switch2950B

Switch2950B(config)#enable password kitty

Switch2950B(config)#enable secret fluffy

Switch2950B(config)#line console 0

Switch2950B(config-line)#password console

Switch2950B(config-line)#login

Switch2950B(config-line)#line vty 0 15

Switch2950B(config-line)#password console

Switch2950B(config-line)#login

79 | P a g e

Switch2950B(config-line)#exit

Switch2950B(config)#ip default-gateway 172.16.10.1

Switch2950B(config)#interface vlan1

Switch2950B(config-if)#ip address 172.16.10.4 255.255.255.0

Switch2950B(config-if)#interface fastethernet 0/3

Switch2950B(config-if)#description Trunk_Link_to_Switch2950A

Switch2950B(config-if)#switchport mode trunk

Switch2950B(config-if)#speed 100

Switch2950B(config-if)#duplex full

Switch2950B(config-if)#exit


Switch2950B#ping 172.16.10.1

6. Configure the Switch2950B switch to be a member of the VTP domain SuperFun and configure the Switch2950B

switch as a VTP client.

Switch2950B#config t

Switch2950B(config)#vtp domain SuperFun

Switch2950B(config)#vtp mode client

7. Create two VLANs on Switch2950A switch called Sales and Marketing.

80 | P a g e

Switch2950A#vlan database

Switch2950A(vlan)#vlan 2 name Sales

Switch2950A(vlan)#vlan 3 name Marketing

Notice we created the two VLANs using 2 and 3. VLAN 1 is configured by default on all switches and cannot be

changed or deleted.

8. Go to the Switch2950B switch and type in show VLAN to verify the VLAN information was propagated with VTP.


Switch2950B#show vlan

You should see three VLANs, 1-3, that were propagated via VTP from the Switch2950A switch.

9. HostA and HostC will be in VLAN 2, Sales, which has a subnet address of 172.16.2.0/24. HostA will be 172.16.2.2 and

HostC will be 172.16.2.3. The default gateway will be 172.16.2.1, which we will configure on the 2600 in a minute.

Connect to the Switch2950A switch and make port f0/1 a member of VLAN 2.



Switch2950A(config-if)#switchport access vlan 2

Switch2950A(config-if)#switchport mode access

81 | P a g e

10. Connect to the Switch2950B switch and make port f0/1 a member of VLAN 2.



Switch2950B(config-if)#switchport access vlan 2

Switch2950B(config-if)#switchport mode access

11. Configure HostA and HostC. From HostA, configure an IP address of 172.16.2.2/24, with a default gateway of

172.16.2.1. From HostC, configure an IP address of 172.16.2.3/24 with a default gateway of 172.16.2.1.

12. Verify you have set up the VLANs correctly by pinging from HostA to HostC.

>ping 172.16.2.3

Once you can ping, you know you have configured at least one VLAN correctly. At this time, HostA and HostC cannot

ping anything else in the network except each other.

13. Configure HostB and HostD to be in VLAN3. From the Switch2950A switch, configure port F0/2 to be a member of

VLAN3.



Switch2950A(config-if)#switchport access vlan 3

Switch2950A(config-if)#switchport mode access

82 | P a g e

14. Connect to the Switch2950B switch and make port F0/2 a member of VLAN 3



Switch2950B(config-if)#switchport access vlan 3

Switch2950B(config-if)#switchport mode access

15. Configure HostB with an IP Address of 172.16.3.2/24, with a default gateway of 172.16.3.1.

16. Configure HostD with an IP Address of 172.16.3.3/24, with a default gateway of 172.16.3.1.

17. Verify that you can ping HostD from HostB.

>ping 172.16.3.3

18. To have the hosts ping outside their own VLAN, you must setup some type of routing. Use the Router2600C router

Fastethernet 0/0 interface and create 802.1q routing. Create three subinterfaces, one for each VLAN.

Router2600C>enable

Router2600C#config t

Router2600C(config)#interface fastethernet 0/0

Router2600C(config-if)#no ip address

Router2600C(config-if)#interface fastethernet 0/0.1

Router2600C(config-subif)#encapsulation dot1q 1

83 | P a g e

Router2600C(config-subif)#ip address 172.16.10.1 255.255.255.0

Router2600C(config-subif)# interface fastethernet 0/0.2



Router2600C(config-subif)# interface fastethernet 0/0.3



Chapter8:- Access Lists

access-list ? = displays numerical ranges for types of access lists. 0-99 = a standard access list, whereas 100-199 = an

extended access list.

sh access-list = display all access lists and their rules

sh access-list 149 = show specific access list

sh ip access-list = show ip access lists configured on the router

sh ip interface = show which interfaces have access lists

84 | P a g e

sh run = display the running configuration. This will list all configured interfaces and

their access lists.

Inbound Access List – applies to inbound packets

Outbound Access List – applies to outbound packets

Introduction: Access lists are Cisco’s way of doing security. It can be compared to Linux’s IPtables firewall and IP chains.

A Cisco access list is a list of conditions that categorize packets. Different access lists may be used for both inbound and

outbound traffic on the same interface. Access lists are created in global configuration mode. Each access list can contain

multiple rules. They must then be applied using the “access-group” command to specific interfaces. There are three types:

A. Standard Access Lists

Their range is 0-99, they use only the source ip address field in a packet for the condition. Use the command “access-list”

and name the list with a number. Options are “permit” and “deny”. Then specify the host source IP address or “any”.

Example:

Creating a Standard Access List

MrsRouter# config t

85 | P a g e

MrsRouter(config)# access-list 10 deny host 172.16.50.3

MrsRouter(config)# access-list 10 permit any

Applying An Access List

MrsRouter(config)#interface serial 0/0

MrsRouter(config-if)#ip access-group 10 in

To List Access-List Information

MrsRouter# show access-list 10

MrsRouter# show ip interface

MrsRouter# show running-config

To Remove An Access List

MrsRouter# config t

MrsRouter(config)# no access-list 10

Wildcard Masking

Used to specify a range of hosts, subnets or networks. Cisco flips these around to be the opposite of normal masking.

As such, a 0 means it must match the corresponding octet exactly and a 255 means it can be anything. Any other

values will be 1 less than the corresponding block for that subnet, so to obtain the block value just add 1. Examples:

86 | P a g e

access-list 3 permit 0.0.0.0 255.255.255.255 = the same as saying:

access-list 3 permit any

access-list 10 deny 192.168.20.0 0.0.0.255 = deny all hosts on network 192.168.20.0, math the 1st 3 octets exactly

and the 4th can be anything.

access-list 12 deny 129.130.0.0 0.0.255.255 = deny all hosts on network 129.13.0.0, match the 1st 2 octets exactly

and the last 2 can be anything.

access-list 27 permit 137.136.0.0 0.0.3.255 = permit only hosts on subnets 137.136.4.0, 137.136.5.0, 137.136.6.0,

137.136.7.0 , this is obtained by adding 1 to the 3 and getting a block value of 4. 4-8 = 4 subnets.

access-list 13 permit 137.136.0.0 0.0.7.255 = permit only hosts on subnets 137.136.8.0, 137.136.9.0, 137.136.10.0,

137.136.11.0, 137.136.12.0, 137.136.13.0, 137.136.14.0, 137.136.15.0, 137.136.16.0, 137.136.17.0 , this is obtained

by adding 1 to the 7 and getting a block value of 8. 8-15 = 8 subnets.

access-list 19 deny 137.136.0.0 0.0.31.255 = add 1, block = 32.

access-list 5 deny 137.136.0.0 0.0.63.255 = add 1, block = 64.

Catch-alls: Each access list can contain multiple rules. In order to allow other traffic when denying certain hosts or

ports with an access list, you must supply a “catch-all” rule that permits traffic. If you do not, by default traffic will not be

permitted once you apply an access list to an interface using the “access-group” command. Example:

87 | P a g e

MrRouter(config)# access-list 12 deny 192.168.20.0 0.0.0.255

MrRouter(config)# access-list 12 permit any

MrRouter(config)# int f0/0

MrRouter(config)# access-group 12 in

B. Extended Access Lists

Their range is 100-199, they may use source and destination ip address, as well as many other fields of the packet in

layers 3 and 4.

eq = port, specified at the end of the access list

source = specified first in the access list

destination = specified after the source in the access list

Creating A Standard Access List

MissRouter# config t

MissRouter(config)# access-list 110 deny tcp host 172.16.50.3 172.16.40.0 0.0.0.255 eq telnet

MissRouter(config)# access-list 110 permit ip any any

88 | P a g e

Apply the Access List

MissRouter(config)# interface serial 0/0

MissRouter(config-if)# ip access-group 110 in

MissRouter(config-if)# ^z

MissRouter#

To List Access-List Information

MissRouter# show access-list 10

MissRouter# show ip interface

MissRouter# show running-config

access-list 150 deny tcp any host 192.168.20.200 eq 23 = deny telnet

access-list 150 permit ip any any = catch all

access-list 170 deny tcp any host 192.168.20.101 eq 21 = deny FTP

access-list 170 permit ip any any = catch all

Multi-Rule Extended Access List

MrRouter(config)# access-list 194 deny tcp any host 192.168.20.200 eq 80



MrRouter(config)# access-list 194 permit ip any any

89 | P a g e


MrRouter(config-if)# access-group 194 in

C. Named Access Lists

This is a standard or extended access list that has been named. It uses the command “ip access-list” instead of “access-

list” and “access-group”. It can utilize a string identifier that may make it less cryptic than its numerical counterparts.

When entering rules for a names access list, you will go into a configuration mode and you must exit it from it when your

are done. Syntax:

“ip access-list” + “extended” or “standard” + TheStringName

Example: Creating and Applying a Named Standard Access List

MrRouter(config)# ip access-list standard RoboSuits

MrRouter(config-std-nacl)# deny 192.168.20.0 0.0.0.255

MrRouter(config-std-nacl)# permit any

MrRouter(config-std-nacl)# exit


MrRouter(config-if)# ip access-group RoboSuits in

Example: Creating and Applying a Named Extended Access List

MrRouter(config)# ip access-list extended ColdFusion

90 | P a g e

MrRouter(config-ext-nacl)# deny tcp any host 192.168.20.200 eq 23

MrRouter(config-ext-nacl)# permit ip any any

MrRouter(config-std-nacl)# exit


MrRouter(config-if)# ip access-group ColdFusion in

D. Telnet Access Lists

MrRouter# config t

MrRouter(config)# access-list 11 deny host 172.16.50.3

MrRouter(config)# access-list 11 permit any

Applying An Access List To VTY Lines

To apply an access list to the terminal (vty 0 4), you will need to use the access list number and the “access-class ”

command instead of the access-group” command. Example:

MrsRouter(config)# line vty 0 4

MrsRouter(config-line)# access-class 11 out

91 | P a g e

Chapter9:- WAN Protocols

HDLC = Data Link layer protocol, High-Level Data-Link Control Protocol is a generic, non-proprietary ISO standardized

protocol that specifies the encapsulation method for data on synchronous serial data links. It is point to point over leased

92 | P a g e

lines, and as such, can not accommodate authentication. It is the default encapsulation used by Cisco routers over

synchronous serial links.

CISCO HDLC = Cisco’s version of the HDLC is proprietary to Cisco, it does not communicate with any other vendor’s

HDLC implementation.

MSCP = Microsoft Callback Control Protocol, proprietary Microsoft call back protocol.

LCP = Link Control Protocol, used by PPP to build and maintain connections. Options related to LCP include:

1. Authentication = devices can prove who they are and handshake

2. Compression = data is compressed

3. Error Detection = CRC checksum

4. Multilink = allows several connections to be combined into one logical pipe

of bandwidth.

5. PPP Callback = router calls, hangs up, the other router calls it back.

A. PPP

93 | P a g e

(Point To Point Protocol) Data Link layer protocol. Can be used by asynchronous serial (dial up) or synchronous serial

(ISDN). Uses LCP to build and maintain connections. Its primary purpose is to transport layer 3 packets across a layer 2

link. As such it has 4 main components:

1. EIA/TIA-232-C, V.24, V.35 and ISDN = physical layer standard for serial

communication.

2. HDLC = encapsulates datagrams over serial links

3. LCP = establishes, maintains and configures PPP connections

4. NCP = Network Control Protocol

PPP Authentication

PAP = Password Authentication Protocol, clear text passwords, no encryption.

CHAP = Challenge Handshake Authentication Protocol, encrypted using hash.

PPP Encapsulation Commands

MrRouter# config t

MrRouter(config)# int s0/0

MrRouter(config-if)# encapsulation ppp

94 | P a g e

PPP Authentication Commands

Note: You must set the router’s hostname and username password.

MrRouter(config)# hostname MrRouter

MrRouter(config)# username MrRouter password cowpatty


MrRouter(config-if)# ppp authentication chap pap

MrRouter(config-if)# exit

MrRouter(config)# exit

To See the Encapsulation Method On a Particular Interface

MrRouter# sh int s0/0

B. Frame Relay

Uses a frame relay cloud. Like a time share condo, subscribers in a frame relay cloud share bandwidth that they do not all

use at the same time. Allows users to communicate between two DTE (Data Terminal Equipment) devices, usually

routers, by using DCE (Data Communication Equipment) devices.

CSU/DSU = Channel Service Unit/Data Service Unit

95 | P a g e

CIR = Committed Information Rate (the amount of bandwidth a subscriber is guaranteed)

virtual circuits = link devices connected to a frame relay provider’s cloud.

encapsulation = 1. ietf – generic, non-proprietary. 2. cisco – the default, proprietary, can only connect to othe Cisco

equipment.

Router Commands (to connect to a non-cisco frame-relay device)

MissRouter(config)# int s0/0

MissRouter(config-if)# encapsulation frame-relay ietf

Router Commands (to connect to a Cisco frame-relay device – the default)

MissRouter(config)# int s0/0

MissRouter(config-if)# encapsulation frame-relay

PVC = Permanent Virtual Circuit, more common, telephone company creates

mappings in their equipment.

96 | P a g e

SVC = Switched virtual Circuit, established on the fly, as needed, and removed when

data transfer is complete.

There are three states for virtual circuits:

1. Active State = both routers are up.

2. Inactive State = only one router us up, remote router is down.

3. Deleted State = no LMI information is being received on the interface.

Point-to-Point = a single virtual circuit connects one router to another.

Multipoint = router is the center of a star of virtual circuits.

DLCIs = Data Link Connection Identifiers, they identify PVCs to DTE devices.

LMI = Local Management Interface, a signaling standard used between the router and

the first frame relay switch it is connected to. It communicates information

about keepalives, multicasting, global addressing, and the status of virtual

circuits. There are three standards:

97 | P a g e

1. Cisco = defiend by the “Gang of Four”, developed by Cisco in 1990.

2. ANSI

3. ITU-T

Congestion Control

1. DE – Discard Eligibibility, marks packets exceeding CIR. Tehse packets are

removed if the network is congested.

2. FECN – Forward explicit Congestion Notification, notifies DTE of congestion

3. BECN – Backward explicit Congestion Notification, notifies DCE of

congestion.

Single Interface Commands


MrRouter(config-if)# encapsulation frame-relay

MrRouter(config-if)# ip address 192.168.20.1 255.255.255.0

MrRouter(config-if)# frame-relay lmi-type ansi

MrRouter(config-if)# frame-relay interface-dlci 101

subinterfaces – multiple virtual circuits can be carried on a single serial interface, as with subinterfaces and VLANs.

98 | P a g e

Subinterface Commands (may be multipoint or point to point)

MrRouter(config)# int s0

MrRouter(config-if)# encapsulation frame-relay

MrRouter(config-if)# int s0.1 point-to-point

Frame Relay Monitoring Commands

sh frame ? = shows show frames

sh frame LMI = shows LMI traffic statistics

sh frame pvc = shows all configured PVCs and DLCI numbers

sh frame map = shows LMI traffic

debug frame-relay LMI = shows output on router consoles

C. ISDN

Integrated Services Digital Network.

BRI = Basic Rate Interface, 2 B channels of 64 kbps each and 1 16kbps data channel, total bit rate = 128 kbps. Interfaces

are selected as “bri0”, “bri1”, etc.

PRI = Primary Rate Interface, 23 B channels of 64kbps each and 1 64 kbps data channel, total bit rate = 1.544 Mbps.

99 | P a g e

ISDN Commands (SPID + numbers)

MrRouter(config)# isdn switch-type basic-ni

MrRouter(config)# int bri0

MrRouter(config-if)# encap ppp

MrRouter(config-if)# isdn spid1 123456789321 3861238975

MrRouter(config-if)# isdn spid1 123456789322 3861238976

D. DDR

Dial On Demand routing, saves connection expense by only initiating a connection when necessary.

1. The first step in configuring DDR is configuring static routes between remote interfaces:

MrRouter(config)# ip route 65.0.0.0 255.0.0.0 65.0.0.1

MrRouter(config)# ip route 66.0.0.0 255.0.0.0 66.0.0.2

2. Specify “Interesting Traffic”. Interesting traffic is traffic that will bring up the ISDN connection. To do this, use the

“dialer-list command”, and to apply it, select an ISDN interface use the Cisco “dialer-group” command.

MrRouter(config)# dialer-list 1 protocol ip permit


MrRouter(config-if)# dialer-group 1

100 | P a g e

3. Configure dialer information:



MrRouter(config-if)# no shut

MrRouter(config-if)# encapsulation ppp


MrRouter(config-if)# dialer string 4569875

Note: You may use a dialer map in place of a dialer string. Example:

MrRouter(config-if)# dialer map 65.12.13.5 name RoboSuitOffice 4569875

5 Dialer Map Steps

1. Dialer

2. Map

3. Protocol

4. Next Hop

5. Dial String

Example:

MrRouter(config-if)# dialer map tcp 65.12.13.5 name RoboSuitOffice 4569875

101 | P a g e

DDR and Access Lists

Use the dialer-list command to associate an access-list.

MrRouter(config)# dialer-list 1 protocol ip list 110

MrRouter(config)# access-list 110 permit tcp any any eq smtp

MrRouter(config)# access-list 110 permit tcp any any eq telnet



DDR Commands (SPID + numbers)

MrRouter(config)# isdn switch-type basic-ni

MrRouter(config)# isdn dialer map ip 65.13.12.41 name RoboSuitOffice 3864567893


E. Diagnostics

show dialer = dialer diagnostic information

show isdn active = show number called when call is in progress

show isdn status = show if SPIDs are valid

102 | P a g e

show isdn q921 = see layer 2 information

show isdn q931 = see layer 3 information

debug dialer = displays set-up and tear-down activity

isdn disconnect = drops connection and clears interface

Router Configuration

A. Password Recovery

sh version – (sh ver) shows current value of configuration register and CISCO IOS.

There are two bit values you need to be familiar with:

0x2102 = normal booting, reads startup file from nvram

0x2142 = bit 6, tells the router to ignore (bypass) nvram contents.

Commands:

confreg = change register within rom monitor mode.

config-register = change register within global configuration mode.

reset = reboots router in rom monitor mode.

reload = reboots router in priveledged mode.

103 | P a g e

Password Recovery Process

1. Reboot the router with the command “reload ” or by power off/on.

2. Hold down “CTRL + break ” to interrupt the boot sequence.

3. At the ROM monitor prompt, “rommon 1>”, type “confreg 0x2142 ”, turns on bit 6.

4. Reload the router with by typing “reset ”. The router will reboot bypassing the

nvram contents and not ask you for a password.

5. Type “enable ” to enter privileged mode. This means we will be past the point of

needing a password when we copy the nvram configuration to the running

configuration.

6. Type “copy start run ” to copy the contents of nvram to the running configuration.

7. Type “config t ” just as you normally would to go to global. Type “enable secret

ThePassword ” to change the password to one that you know.

8. Change the configuration register back to load the contents of nvram at boot. Do

this by going to global (“config t ”) and then typing “config-register 0x2102 ”.

9. Save the configuration to nvram with “copy run start ”.

104 | P a g e

10. Reboot the router with “reload ”.

B. Backup and Restoration of the IOS

sh flash = shows contents of flash memory

copy = To backup or restore nvram or memory contents use the copy command and tftp. It has the following syntax:

copy + (What You Want To Copy) + (Where to Copy it To)

Examples:

copy flash tftp = copies a file in nvram to a tftp server

copy tftp flash = copies a file on a tftp server to nvram

copy start tftp = copies the startup file from nvram to a tftp server

copy tftp start = copies a start up file from a tftp server to nvram

copy run tftp = copies the running configuration from the router to a tftp server

copy tftp run = copies the running configuration from a tftp server to the router

C. Cisco Discovery Protocol (CDP)

105 | P a g e

CDP – Proprietary protocol that collects information on local and remotely attached Cisco devices. It allows the gathering

of protocol and hardware information on neighboring devices.

sh cdp = show cdp values

sh cdp neighbors = (sh cdp nei) displays neighboring devices detected via CDP.

sh cdp entry * = same as show neighbors

sh cdp traffic = displays cdp traffic statistics

sh cdp interface = (sh cdp int) displays info about each interface using CDP.

cdp timer = configures timer (rate at which CDP packets are sent). Use in global.

cdp holdtime = configures holdtime (hold in seconds). Use in global config mode.

D. Telnet

telnet = command to initiate a telnet session

sh sessions = displays connected telnet session from privileged mode

sh users = list active consoles and vty ports

disconnect = disconnects a telnet connection. Example: disconnect 1.

exit = disconnects a telnet connection.

106 | P a g e

clear line = end session of device connected to your current device.

Argument is a user displayed by: “sh users”. Example: clear line 3.

CTRL + SHIFT + 6, then press “x” = return to a router while still engaged in a telnet session, leaving the telnet session

open.

ENTER + ENTER = resume a telnet session from which you switched using CTRL + SHIFT + 6, then press “x”.

E. Host Tables

sh hosts = displays host table.

ip host = adds an entry to the host table. Example:

ip host MrRouter 192.168.20.2

F. DNS

ip domain-lookup = enables DNS name resolution, turned on by default.

no ip domain-lookup = turns off DNS name resolution.

ip name-server = specifies DNS server. Example: ip name-server 192.168.20.5

107 | P a g e

ip domain-name = specifies a domain name. Example: ip domain-name NWTRADERS

G. Diagnostics

ping

traceroute (“trace” for short)

Documents

Routing and switching