Ccna Slides.ppt
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ccna Slides.ppt as PDF for free.
More details
- Words: 33,618
- Pages: 775
© 2002, Cisco Systems, Inc. All rights reserved.
Networking Basics
How a LAN Is Built
www.cisco.com
© 1999, Cisco Systems, Inc.
Local-Area Network—LAN • What is a LAN? – A collection of computers, printers, and other devices that can communicate with each other in a small area (< ~ 3000 m or 1000 feet)
• What are the components? – Computers, operating system (OS), network interface card (NIC), and hubs
• How is a LAN controlled? – Protocols—Formal descriptions of sets of rules and conventions that govern how devices on a network exchange information
Local-Area Networks • LANs are designed to: – Operate within a limited geographic area – Allow multi-access to high-bandwidth media – Control the network privately under local administration – Provide full-time connectivity to local services – Connect physically adjacent devices
Network Operating System (OS) • Software that allows communicating and sharing of data and network resources • Examples: – AppleTalk – NetWare – Win NT
PC or Workstation Loaded with NOS
Network Interface Card • Amplifies electronic signals • Packages data for transmission • Physically connects computer to transmission media (cable) PC or Workstation Loaded with NOS Connector Port
Network Interface Card (NIC)
1990s—Global Internetworking
• 1992—1 major backbone, 3,000 networks, 200K computers • 1995—Multiple backbones, hundreds of regional nets, tens of thousands of LAN’s, millions of hosts, tens of millions of users
Doubling every year!
The OSI Model • OSI Layer is meant for Networking manufacturers and developers to provide them a standard based on which they can make their products. • All OSI Layers are independent from each other, which makes introducing changes easier as no other layers are effected. • Ease of Troubleshooting.
The Layered Model
© 1999, Cisco Systems, Inc.
www.cisco.com
Layered Communication Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Message
Information for the Remote Translator
Information for the Remote Secretary Source: Tanenbaum, 1996
Layered Communication Location B
Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Message
J’aime les lapins
Information for the Remote Translator
L: Dutch Ik hou van konijnen
Information for the Remote Secretary
Fax #:--L: Dutch Ik hou van konijnen
Layered Communication Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Layers Message
Information for the remote translator
Information for the remote secretary
Location B
3
J’aime les lapins
2
L: Dutch Ik hou van konijnen
1
Fax #:--L: Dutch Ik hou van konijnen
Why a Layered Network Model? 7
Application
6
Presentation
5
Session
4
Transport
3
Network
2
Data Link
1
Physical
• Reduces complexity (one big problem to seven smaller ones) • Standardizes interfaces • Facilitates modular engineering • Assures interoperable technology • Accelerates evolution • Simplifies teaching and learning
Devices Function at Layers
NIC Card
7
Application
6
Presentation
5
Session
4
Transport
3
Network
2
Data Link
1
Physical
Hub
Host Layers 7
Application
6
Presentation
5
Session
4
Transport Network
3
Data Link
1
Physical
}
Host layers: Provide accurate data delivery between computers
Media Layers 7
Application
6
Presentation
5
Session
4 Transport 3
Network
2
Data Link
1
Physical
} }
Host layers: Provide accurate data delivery between computers
Media layers: Control physical delivery of messages over the network
Layer Functions 7
Application
Provides network services to application processes (such as electronic mail, file transfer, and terminal emulation)
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation • Ensures data is readable by receiving system • Format of data • Data structures • Negotiates data transfer syntax for application layer
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
Inter-host communication • Establishes, manages, and terminates sessions between applications
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
Inter-host communication End-to-end connection reliability • Concerned with data transport issues between hosts • Data transport reliability • Establishes, maintains, and terminates virtual circuits • Fault detection and recovery • Information flow control
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Inter-host communication End-to-end connection reliability Addresses and best path • Provides connectivity and path selection between two end systems • Domain of routing
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Addresses and best path
2
Data Link
Access to media
Inter-host communication
End-to-end connection reliability
• Provides reliable transfer of data across media • Physical addressing, network topology, error notification, flow control
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Addresses and best path
2
Data Link
Access to media
1
Physical
Binary transmission • Wires, connectors, voltages, data rates
Inter-host communication End-to-end connection reliability
Peer-to-Peer Communications Host A
Host B
7
Application
Application
6
Presentation
Presentation
5
Session
Session
4
Transport
Segments
Transport
3
Network
Packets
Network
2
Data Link
Frames
Data Link
1
Physical
Bits
Physical
Application Layer • This is where users communicate to the computer. • This is where communication between two users are established. • This is a point where user or application interfaces with the protocols to gain access to the network. • Examples are WWW, Telnet, FTP, TFTP, Email, SNMP, DNS
Presentation Layer • Tasks like Translation, Encryption, decryption, compression, decompression are associated with this layer. • It receives the data in native format & converts in standard format or receives data in standard format and converts in native format, ie. EBCDIC to ASCII. • It is mainly responsible for how the data is to be presented to the Application Layer. • Examples are PICT, TIFF, JPEG, MIDI, MPEG, GIFF etc.
Presentation Layer • • login:
•
Text Data ASCII EBCDIC Encrypted
•
Graphics Visual images
• Sound MIDI
• Video MPEG QuickTime
• Provides code formatting and conversion for applications
PICT TIFF JPEG GIF
Session Layer – Session Establishment •Establishes a session between two devices before actual transmission of data.
– Dialog Control •Simplex •Half Duplex •Full Duplex
Session Layer •
Simplex – Data travels only one way. • Radio transmission is the best example of this.
•
Half Duplex – Both way but one at a time. By default all LAN Cards (NICs) work on Half Duplex.
•
Full Duplex – Both way at the same time.
Session Layer • • • • • •
Network File System (NFS) Structured Query Language (SQL) Remote-Procedure Call (RPC) X Window System AppleTalk Session Protocol (ASP) DEC Session Control Protocol (SCP)
Service Request Service Reply
• Coordinates applications as they interact on different hosts
Transport Layer • • • •
Segments upper-layer applications Establishes an end-to-end connection Sends segments from one end host to another Optionally, ensures data reliability
Transport Layer • Transport Layer never actually transports the data but only prepares for transporting. • Uses Socket to define the services running on a particular node, the data is associated with. • Responsible for the following : – Segmentation – End-to-end Communication – Flow Control – Error Control – Multiplexing of Applications • TCP, UDP and SPX work at this layer
Socket • •
Socket is a software component and points to a particular service running on a particular node. Structure of a socket – IP Address + Port Address • Each service has a unique Port address • Max. Port Addresses can be 65,536 • Port address 1-1023 is reserved for specific Services like – WWW – FTP – SMTP
-
80 21 25
• Port Addresses are reserved for standardization purpose.
Transport Layer— Segments Upper-Layer Applications Application
Electronic
File
Terminal
Presentation
Mail
Transfer
Session
Session
Transport
Application Port
Data
Application Port
Segments
Data
Port Numbers
Application Layer
Transport Layer
F T P
T E L N E T
S M T P
D N S
T F T P
S N M P
R I P
21
23
25
53
69
161
520
TCP
UDP
Port Numbers
Segmentation
• This is a mechanism wherein the data is divided into multiple segments and sent over the network. • By doing this different segments can use different links for travelling across the network. • If one segment is lost the only segment is required to be resent and not the entire data. • Once all segments reach to the destination the received segments have to be sequenced back, which is also done at this layer.
Transport Layer— Sends Segments with Flow Control Transmit Sender
Stop
Go
Receiver
Not Ready
Buffer Full Process Segments
Ready
Resume Transmission
Buffer OK
Flow Control • Used while connection oriented communication • It helps to have a control on over flow of Buffer. • Advantages are: – The segments delivered are acknowledged if received – Any segment not acknowledged are retransmitted – segments are sequenced back upon their arrival – Congestion, Overloading and data loss are avoided • To achieve all this it uses the technique of Sliding window or Windowing
Transport Layer— Establishes Connection Sender
Receiver
Synchronize Negotiate Connection Synchronize Acknowledge
Connection Established Data Transfer (Send Segments)
End-to-End Communication • Connection Less Transmission – UDP is used – Not reliable – Faster
• Connection Oriented Transmission – TCP or SPX is used – Reliable – Slower
Connection Oriented Protocol • These protocols relies on Acknowledgement. • Positive acknowledgement means data has been received. • Negative acknowledgement means data is lost no further data is sent till positive acknowledgement is received. • It is slow but Reliable. • Eg. TCP and SPX
Transport Layer— Reliability with Windowing • Window Size = 1 Send 1 Sender
Receive 1 Ack 2 Receive 2 Ack 3
Send 2
Receiver
• Window Size = 3
Sender
Send 1 Send 2 Send 3 Send 4
Receive 1 Receive 2 Receive 3 Ack 4
Receiver
Transport Layer— An Acknowledgement Technique Sender
1 2 3 4 5 6 7
Receiver
1 2 3 4 5 6 7
Send 1 Send 2 Send 3 Ack 4 Send 4 Send 5 Send 6 Ack 5
Send 5 Ack 7
Connection Less Protocol • They do not provide acknowledgement neither sequence numbers. • It is faster but not reliable • Eg. UDP
Network Layer • •
• • •
It is responsible for communicating Networks It recognizes Networks with the help of Netwok Addresses – Network Address is a logical address like IP Address or IPX Address – It is common for a group of computers It works only with Network IDs and has got nothing to do with host Ids. Path determination or Routing is performed at this layer. Router works at this layer.
Network Layer: Path Determination
Which Which Path? Path?
• Layer 3 functions to find the best path through the internetwork
Network Layer: Communicate Path 5
2 4
9 6
8 10
1
11
3
7
• Addresses represent the path of media connections
Addressing—Network and Node Network
Node
1
1 2 3
2
1
3
1
2.1 1.2 1.3
1.1
3.1
• Network address—Path part used by the router • Node address—Specific port or device on the network
Protocol Addressing Variations General Example
Network
Node
1
1
TCP/IP Example
Network
Host
10.
8.2.48
Novell IPX Example
Network 1aceb0b.
(Mask 255.0.0.0)
Node 0000.0c00.6e25
Network Layer Protocol Operations X
C C A A
• Each router provides its services to support upper layer functions
Y
Routed Versus Routing Protocol • Routed protocol used between routers to direct user traffic Examples: IP, IPX, AppleTalk • Routing protocol used only between routers to maintain routing tables Examples: RIP, IGRP, OSPF
Static Versus Dynamic Routes Static Route Uses a protocol route that a network administrator enters into the router
Dynamic Route Uses a route that a network protocol adjusts automatically for topology or traffic changes
Static Route Example
A A
Point-to-point or circuit-switched connection
Only a single network connection with no need for routing updates
• Fixed route to address reflects administrator’s knowledge
B B “Stub” network
Adapting to Topology Change
A A
B B
D D
C C
• Can an alternate route substitute for a failed route?
Adapting to Topology Change
A A
B B
X D D
C C
Adapting to Topology Change
A A
B B
X D D
C C
• Can an alternate route substitute for a failed route? Yes—With dynamic routing enabled
Data Link Layer • It uniquely identifies each device in the Network. • It translates data from Network Layer into bits for the Physical layer to transmit. • It formats the messages into Data Frames • Adds a customized header containing Source and Destination hardware address • This layer works with Frames This layer is logically divided in two sub-layers:
LLC (Logical Link Control) MAC (Media Access Control)
Physical Layer • • • •
Electrical and Mechanical settings are provided at this layer. Transmits data in the form of bits. This layer communicates directly with actual communication media. At this layer DCE & DTE are identified – DCE (Data Circuit-Terminating Equipment) • Located at Service Provider’s side
– DTE (Data Terminal Equipment) • The attached device at customer’ Place eg. Modem
•
– Services available to a DTE is most often accessed via a Modem or Channel Service Unit (CSU) Data Service Unit (DSU). HUBs & REPEATERS are working at this layer.
•
Max. troubleshooting occurs at this layer.
© 2002, Cisco Systems, Inc. All rights reserved.
DOD MODEL
The DoD
Model
• The Process / Application Layer • The Host-to-Host Layer
• The Internet Layer • The Network Layer
The DoD & OSI DoD Model
OSI Model Application
Application
Presentation Session
Host-to-Host Internet
Network Access
Transport Network Data Link Physical
Process/Application Layer • The Process / Application layer defines protocols for node-to-node application communication and also controls user-interface specification. • A vast array of protocols combine at this layer of DoD’s Model to integrate the activities and duties of upper layer of OSI. –Examples for this layer are : Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS DHCP, BootP etc.
Host-to-Host Layer • The Host-to-Host layer parallels the functions of the OSIs Transport layer • It performs the following: – Defining protocols for setting up the level of transmission service for Applications – It tackles issues like creating reliable ene-toend communication. – It ensures the error free delivery of data – It handles packet sequencing and maintains data integrity.
Internet Layer • Internet Layer corresponds to the OSI’s Network Layer. • It performs the following: –Designating the protocols relating to the logical transmission of packets over the entire network. –It takes care of the addressing of hosts by giving them an IP address. –It handles routing of packets among multiple networks.
Network Access Layer •This layer is equivalent of the Data Link and Physical Layer of OSI model. •It performs the following – It monitors the data exchange between the host and the network. – Network Access Layer overseas hardware addressing and defines protocols for the physical transmission of the Data. Lets have a look on how TCP/IP Protocol suit relates to the DoD model layers.
TCP/IP Protocol Suit at DoD TCP/IP Protocol Suit
DoD Model
Process / Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP ICMP
Internet Network Access
UDP
BootP
ARP
RARP
Token Ring
FDDI
IP Ethernet
Fast Ethernet
LOWER LAYERS PROTOCOLS
Common LAN Technologies • Ethernet • Token Ring
Token Ring
• FDDI
FDDI Dual Ring
Ethernet
© 1999, Cisco Systems, Inc.
www.cisco.com
Introduction • Ethernet is a methodology for accessing a media • It allows all hosts on a network to share the same bandwidth of a link. • It is popular because : – It is easy to implement & Troubleshoot – It is easy to add new technologies like Fast Ethernet and Gigabit Ethernet to existing infrastructure. • Ethernet uses Data Link Layer and Physical Layer Specification
• It uses something called
CSMA/CD
Ethernet Operation A
B
C
D
Ethernet Operation A
B
D Application Presentation Session Transport Network Data Link Physical
C
D
Ethernet Operation A
B
D Application Presentation Session Transport Network Data Link Physical
C
D
B and C Application Presentation Session Transport Network Data Link Physical
Ethernet LANs: How do they work? • Multiple workstations are connected to a “segment” • Each station has to take turns sending traffic • All stations listen to all traffic on their segment • Stations can only send data (Ethernet Frames) when no one else is sending
Ethernet LANs: MAC Addresses 0000.0c12.3456
0000.1018.321a
0000.0c12.1111
• Every workstation has a Network Interface Card (NIC) • Every NIC has a unique MAC address • Stations use MAC addresses to send Ethernet Frames to a specific station
Ethernet LANs: Unicast Frames 0000.0c12.3456
Frame To: 0000.0c12.3456
0000.1018.321a
0000.0c12.1111
• Ethernet frames contain the MAC address of the station that the frame was sent to • These are called “unicast” frames • All stations receive the Ethernet frame, but ignore the frames that are not addressed to their MAC address
Ethernet LANs: Broadcast Frames 0000.0c12.3456
Frame To: FFFF.FFFF.FFFF
0000.1018.321a
0000.0c12.1111
• Some Ethernet frames are sent to all stations • These are called “broadcast” frames • All stations process this frame
Flow Control Mechanism on Ethernet
Frame
Packet
• CSMA/CD is the mechanism that regulates the segment • Each station listens for other traffic before they transmit
Ethernet Collisions Collision! Packe Frame Packe Frame t t
Frame
Packet
Frame
Packet
• Sometimes stations transmit simultaneously • Two frames on the same segment collide • Collisions require each station to wait and resend
Ethernet Reliability A
B
C
D
A
B
C
D
Figure 1
Figure 2
Collision
Ethernet Reliability A
B
C
D
Collision
A
JAM
B
JAM
JAM
D
C
JAM
JAM
JAM
Ethernet Reliability A
B
C
D
Collision
A
JAM
B
JAM
JAM
C
JAM
D
JAM
• Carrier sense multiple access with collision detection (CSMA/CD)
JAM
CSMA/CD • CSMA/CD stands for Carrier Sense Multiple Access / Collision Detect.
• It is used by all NICs in Ethernet Networking • In this method all NICs first sense whether the cable is free or not. • If it is free the request is sent otherwise it waits.
Half Duplex Ethernet • It is defined in 802.3 Ethernet specifications • It uses only one wire pair for signals running in both direction. • CSMA/CD is used to prevent collision. • Half Duplex typically 10base T is 50-60 % efficient. (In CISCO views) • In a large 10 base T network you only get 3 to 4 MBPS at most.
Full Duplex • • • •
Full Duplex Ethernet uses two pairs of wires. It uses Point-to-Point connection There is no collision in Full Duplex Full Duplex is suppose to offer 100% efficiency in both direction • Means you can get 20 MBPS in 10 MBPS or 200 MBPS in Fast Ethernet running Full Duplex.
Auto Detect Mechanism • When a Full Duplex port is powered on, it first checks with remote end and decides whether it can run on 10 or 100 MBPS. • Then it checks to see whether it can run Full duplex or half duplex. • This is called Auto Detect Mechanism.
• Ethernet Addressing uses MAC Address – MAC addresses are burned on every NIC – It is a 48-bit address – It is written in the same format even if different LAN Technologies are used.
Ethernet Addressing
24 bits
Organizationally Unique Identifier (OUI) (Assigned by IEEE) Ethernet Addressing using MAC Addresses
24 bits
Vender Assigned
Ethernet and IEEE 802.3 •
Benefits and background – Ethernet is the most popular physical layer LAN technology because it strikes a good balance between speed, cost, and ease of installation – Supports virtually all network protocols – Xerox initiated, then joined by DEC & Intel in 1980
•
Revisions of Ethernet specification – Fast Ethernet (IEEE 802.3u) raises speed from 10 Mbps to 100 Mbps – Gigabit Ethernet is an extension of IEEE 802.3 which increases speeds to 1000 Mbps, or 1 Gbps
Ethernet and IEEE 802.3
• Several framing variations exist for this common LAN technology
Ethernet Frames • Frames are used at the Data Link Layer to encapsulate packets coming down for transmission on a type of Media Access • Types of Media Access – Contention (Ethernet) – Token Passing (Token Ring or FDDI) We will be covering only “Contention”, as rest all are beyond the scope of our course.
MAC SUB-LAYER MAC Layer - 802.3 # Bytes
8
6
6
Preamble Dest add Source add
0000.0C IEEE assigned
xx.xxxx Vendor assigned
MAC Address
2
Length
Variable
Data
4 FCS
Ethernet II uses “Type” here and does not use 802.2.
Preamble • It allows the receiving devices to lock the incoming bit stream. • The Peamble is used to indicate to the receiving station that the data portion of the message will follow.
Destination Address (DA) • DA is used by receiving stations to determine if an incoming packet is addressed to a particular node. • Uses LSB (Least Significant Bit) first • Destination can be individual, multicast or broadcast – Broadcast will be all 1s or Fs and will be sent to all. – Multicast will be sent to the specific subnet
Source Address (SA) • SA is a 48 bit MAC Address supplied by the transmitting device. • Broadcast and Multicast address formats are illegal within the SA fields. • It uses LSB (Least significant bit first)
Length or Type Field • 802.3 uses length field where as Ethernet frame uses type field to identify the network layer protocol. • 802.2 can identify upper-layer protocol and must be used with 802.3 frame.
Data • This is the packet sent down to the Data Link Layer from the Network layer. • The size can vary from 46-1500 bytes.
Frame Check Sequence (FCS) • FCS is a field at the end of the frame that is used to store the cyclic redundancy check.
Data Link Layer Functions (cont.) 802.2 (SNAP) # Bytes
1
1
1 or 2
3
2
Dest SAP Source SAP Ctrl OUI Type ID AA AA 03
OR # Bytes
Variable
Data
802.2 (SAP) 1
1
1 or 2
Dest SAP
Source SAP
Ctrl
Preamble Dest add Source add Length
Variable
Data
Data
MAC Layer - 802.3
FCS
802.2 Frame • 802.2 Frame has two new fields – DSAP (Destination Service Access Pointer) – SSAP (Source Service Access Pointer)
• 802.2 frame type is nothing but 802.3 frame with LLC information • Because of the LLC information we know what upper layer protocol is.
•
SNAP Frame The SNAP Frame has its own protocol field to identify
the upper layer protocol. • To Identify SNAP Frame: – DSAP and SSAP fields are always AA to indicate that this is a SNAP header coming up. – it is an LLC data unit (sometimes called a Logical Protocol Data Unit (LPDU)) of Type 1 (indicated by 03) – The SNAP header then indicates the vender via the Organisational Unique Identifier (OUI) and the protocol type via the Ethertype field CISCO uses SNAP frame with their proprietary protocol CDP (CISCO Discovery Protocol)
EXAMPLE - SNAP
In the example above we have the OUI as 00-00-00 which means that there is an Ethernet frame, and the Ethertype of 08-00 which indicates IP as the protocol.
ETHERNET CABLING
Network Cabling • Media connecting network components – NIC cards take turns transmitting on the cable – LAN cables only carry one signal at a time – WAN cables can carry multiple signals simultaneously
• Three primary types of cabling – Twisted-pair (or copper) – Coaxial cable – Fiber-optic cable
Twisted-Pair (UTP and STP) STP only: Shielded Insulation to Reduce EMI
Twisted-Pair Outer Jacket
Speed and throughput:
10/100 Mbps
Relative cost:
Least costly
Media and connector size: Small Maximum cable length:
100 m
Color-Coded Plastic Insulation
RJ-45 Connector
Coaxial Cable OuterJacket
Braided Copper Shielding Plastic Insulation Copper Conductor
BNC Connector
Speed and throughput:
10/100 Mbps
Relative cost:
More than UTP, but still low
Media and connector size:
Medium
Maximum cable length:
200/500 m
Fiber-Optic Cable Outer Jacket
Kevlar Reinforcing Material
Plastic Shield
Speed and throughput:
100+ Mbps
Average cost per node:
Most expensive
Media and connector size: Small
Maximum cable length:
Up to 2 km
Glass Fiber and Cladding
Optical Fiber •Metal cables transmit signals in the form of electric current •Optical fiber is made of glass or plastic and transmits signals in the form of light. •Light, a form of electromagnetic energy, travels at 300,000 Kilometers/second ( 186,000 miles/second), in a vaccum. •The speed of the light depends on the density of the medium through which it is traveling ( the higher density, the slower the speed).
Ethernet Local Area Network • Ethernet was first created and implemented by a group called DIX (Digital, Intel and Xerox). • The first Ethernet specification was modified by IEEE and IEEE 802.3 was created. • This was a 10Mbps network running on co-axial, twisted pair and fiber physical media. • IEEE 802.3 was further modified by IEEE only and 802.3u (Fast Ethernet) and 802.3g (Gigabit Ethernet) was created. • 802.3u and 802.3g are specified only on twisted pair and fiber physical media.
Ethernet Protocol Names 100BaseFX LAN speed (bps)
Indicates type of cable and maximum length. If a number, max. length = # x 100 m “Base” = baseband “Broad” = broadband
Cable Specification Cables
Distance
Throughput Ethernet Standard
Connectors
Co-axial Thinnet
185 Mtrs. 10 MBPS
10Base2
T-connector
Co-axial Thicknet
500 Mtrs. 100 MBPS
10Base5
AUI
Category 3
100 Mtrs. 10 MBPS
10BaseT
RJ-45
Category 5
100 Mtrs. 100 MBPS
10BaseX / RJ-45 Fast Ethernet
UTP Connections (RJ-45) • UTP Cables have eight colored wire. • These wires are twisted into 4 pairs • Four (two pairs) carry the voltage and are considered tip. • The more twists per inch in the wire, the less interference. • CAT 5 & 6 have many more twists per inch than CAT 3 UTP.
•
Crimping There are two types of Crimping used with UTP cables and RJ-45 connectors. – Straight-Through This is used while connecting • Router to a Hub or Switch • Server to Hub or Switch • Workstation to a Hub or Switch
– Crossover
This is used while connecting • Uplinks between Switches • Hubs to Switches • Hub to another Hub • Router Interface to another Router Interface
UTP Implementation Straight-through Cable 10BaseT/ Straight-through Cable 100BaseTx Straight-through
Hub/Switch
Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Server/Router
Pin 1 2 3 4 5 6 7 8
Label TD+ TDRD+ NC NC RDNC NC
8
1 8
1
1
8
w g w b w o w br g o b br
1
8
w g w b w o w br g o b br
Wires on cable ends are in same order
UTP Implementation Crossover Cable 10BaseT/ 100BaseT Crossover Hub/Switch
Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Hub/Switch Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Crossover Cable
8
1
1
8
8
1
br w g w b w o w br g o b
8
w ww w br b g br o b
1
o g
Some wires on cable ends are crossed
CISCO MODEL
Network Structure Defined by Hierarchy Core Layer
Distribution Layer
Access Layer
118
The Three Layers are : •Core Layer
•Distribution Layer •Access Layer
Core Layer Characteristics Core Layer
• Fast transport to enterprise services • No packet manipulation 120
Core Layer –Core Layer is actually the core of the network. –It is responsible for transporting large amount of traffic reliably and quickly. –Core Layer failure affects each individual user, hence fault tolerance becomes an issue at this layer.
–Core layer is likely to see large volume of traffic, hence speed and latency is the driving concerns. –There are few thing we do not want to do at core layer but few things are recommended to do at this layer.
Distribution Layer Characteristics • Access Layer Aggregation Point
Distribution Layer
• Routes traffic • Broadcast/Multicast Domains
• Media Translation • Security • Possible point for remote access 122
Distribution Layer – It is sometimes also referred as workgroup layer. – It is communication point between Access Layer and Core Layer. – Routing, Filtering & WAN Access is the Primary function of the distribution layer. – Network policies are implemented at Distribution Layer. – Best path is determined and request are forwarded to Core Layer.
At Distribution Layer We do the following: – Implementation of tools like access lists, packet filtering etc. – Implementation of security and network policies like address translation and firewalls – Redistribution between routing protocols, including static routing – Routing between VLANs – Definition of Broadcast and Multicast Domains
Access Layer Characteristics
Access Layer
End station entry point to the network
125
The Access Layer • Access Layer controls users and workgroup access to network resources. • This layer is also referred to as Desktop Layer. • Continues access control and policies from distribution layer • Creation of separate collision domains (segmentation) • Workgroup connectivity into the distribution layer
© 2002, Cisco Systems, Inc. All rights reserved.
UPPER LAYER PROTOCOLS
What Is TCP/IP? • A suite of protocols • Rules that dictate how packets of information are sent across multiple networks • Addressing • Error checking
TCP/IP Protocol • The Transmission Control Protocol/Internet Protocol (TCP/IP) suit was created by the Department of Defense (DoD). • The Internet Protocol can be used to communicate across any set of interconnected networks. • TCP/IP supports both LAN and WAN communications. • IP suite includes not only Layer 3 and 4 specifications but also specifications for common applications like e-mail, remote login, terminal emulation and file transfer. • The TCP/IP protocol stack maps closely to the OSI model in the lower layers.
The DoD & OSI DoD Model
OSI Model Application
Application
Presentation Session
Host-to-Host Internet
Network Access
Transport Network Data Link Physical
TCP/IP Protocol Suit at DoD TCP/IP Protocol Suit
DoD Model
Process / Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP ICMP
Internet Network Access
UDP
BootP
ARP
RARP
Token Ring
FDDI
IP Ethernet
Fast Ethernet
TCP/IP Applications • Application layer – File Transfer Protocol (FTP) – Remote Login (Telnet) – E-mail (SMTP)
• Transport layer – Transport Control Protocol (TCP) – User Datagram Protocol (UDP)
• Network layer – Internet Protocol (IP)
• Data link & physical layer – LAN Ethernet, Token Ring, FDDI, etc. – WAN Serial lines, Frame Relay, X.25, etc.
Internet Layer Overview
Internet Protocol (IP) Application Transport Internet
Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP)
Data-Link Physical
Reverse Address Resolution Protocol (RARP)
• In the OSI reference model, the network layer corresponds to the TCP/IP Internet layer.
Internet Protocol • Provides connectionless,best - effort delivery routing of datagrams. • IP is not concerned with the content of the datagrams. • It looks for a way to move the datagrams to their destination.
IP Datagram Bit 1 0 Version (4)
Bit 15 Bit 16 Header Length (4)
Type of Service (8)
Total Length (16) Flags (3)
Identification (16) Time-to-Live (8)
Bit 31
Protocol (8)
Fragment Offset (13) Header Checksum (16)
Source IP Address (32) Destination IP Address (32) Options (0 or 32 if Any)
Data (Varies if Any)
20 Bytes
IP Datagram • Version – Currently used IP version • Header Length – Datagram header length • TOS – Level of importance assigned by a particular upper-layer protocol • Total Length- Length of packet in bytes including Data and Header
• Identification – Identifies current datagram (Sequence Number) • Flags – Specifies whether the packet can be fragmented or not • Fragment Offset – Used to piece together datagram fragments •TTL – It maintains a counter that gradually decreases, in increments, to zero • Protocol – It indicates which upper-layer protocol receives incoming packets • Header Checksum – Calculated checksum of the header to check its integrity • Source IP Address – Sending node IP Address • Destination IP Address – Receiving node IP Address • Options – It allows IP to support various options like security • Data – Upper layer information (maximum 64Kb)
Protocol Field Transport Layer
UDP
TCP 6
Internet Layer
17
Protocol Numbers
IP
• Determines destination upper-layer protocol
Address Resolution Protocol (ARP) • ARP works at Internet Layer of DoD Model • It is used to resolve MAC address with the help of a known IP address. • All resolved MAC addresses are maintained in ARP cache table is maintained. • To send a datagram this ARP cache table is checked and if not found then a broadcast is sent along with the IP address. • Machine with that IP address responds and the MAC address is cached.
Address Resolution Protocol I need the Ethernet address of 176.16.3.2. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ??? IP: 172.16.3.2 Ethernet: 0800.0020.1111
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ??? IP: 172.16.3.2 Ethernet: 0800.0020.1111
Map IP
Ethernet
RARP (Reverse ARP) • • • • •
This also works at Internet Layer. It works exactly opposite of ARP It resolves an IP address with the help of a known MAC addres. DHCP is the example of an RARP implementation. Workstations get their IP address from a RARP server or DHCP server with the help of RARP.
Reverse ARP What is my IP address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ??? Ethernet: 0800.0020.1111 IP: 172.16.3.25
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ??? Ethernet: 0800.0020.1111 IP: 172.16.3.25
•Map Ethernet
IP
Bootstrap Protocol (BootP) • BootP stands for BootStrap Protocol. • BootP is used by a diskless machine to learn the following: – Its own IP address – The IP address and host name of a server machine. – The boot filename of a file that is to be loaded into memory and executed at boot-up. • BootP is an old program and is now called the DHCP.
DHCP (Dynamic Host Configuration Protocol) • The DHCP server dynamically assigns IP address to hosts. • All types of Hardware can be used as a DHCP server, even a Cisco Router. • BootP can also send an operating system that a host can boot from. DHCP can not perform this function. • Following information is provided by DHCP while host registers for an IP address: • IP Address – Subnet mask – Domain name – Default gateway (router) – DNS
Internet Control Message Protocol •ICMP messages are carried in IP datagrams and used to send error and control messages. Application Transport
1
Destination Unreachable
ICMP
Echo (Ping) Internet
Other Data-Link Physical
ICMP Ping
Transport Layer Overview
Application Transport Internet
Data-Link Physical
Transmission Control Protocol (TCP)
ConnectionOriented
User Datagram Protocol (UDP)
Connectionless
Transmission Control Protocol (TCP) • TCP works at Transport Layer • TCP is a connection oriented protocol. • TCP is responsible for breaking messages into segments and reassembling them.
• Supplies a virtual circuit between end-user application.
TCP Segment Format Bit 0
Bit 15 Bit 16 Source Port (16)
Bit 31 Destination Port (16)
Sequence Number (32) Acknowledgment Number (32) Header Length (4)
Reserved (6) Code Bits (6) Checksum (16)
Window (16) Urgent (16)
Options (0 or 32 if Any) Data (Varies)
20 Bytes
TCP Segment Format • Source port – Number of the calling port • Destination Port – Number of the called port • Sequence Number – Number used to ensure correct sequencing of the arriving data
• Acknowledgement Number – Next expected TCP octet • Header Length – Length of the TCP header • Reserved – Set to zero • Code Bits – Control Functions (setup and termination of a session)
• Window – Number of octets that the sender is willing to accept • Checksum – Calculated checksum of the header and data fields • Urgent Pointer – Indication of the end of the urgent data • Options – One option currently defined (maximum TCP segment size) • Data – Upper layer protocol data
Port Numbers
Application Layer
Transport Layer
F T P
T E L N E T
S M T P
D N S
T F T P
S N M P
R I P
21
23
25
53
69
161
520
TCP
UDP
Port Numbers
TCP Port Numbers Source Port
Destination Port
…
Telnet Z Host Z
Host A
SP
DP
1028
23
…
Destination port = 23. Send packet to my Telnet application.
TCP Three-Way Handshake/Open Connection Host A
1
Host B
Send SYN (seq = 100 ctl = SYN) SYN Received SYN Received
3
Established (seq = 101 ack = 301 ctl = ack)
Send SYN, ACK 2 (seq = 300 ack = 101 ctl = syn,ack)
TCP Simple Acknowledgment Sender
Receiver
Send 1
Receive 1 Send ACK 2
Receive ACK 2 Send 2
Receive 2 Send ACK 3
Receive ACK 3 Send 3
Receive 3 Send ACK 4
Receive ACK 4
• Window Size = 1
TCP Sequence and Acknowledgment Numbers Source Port
Destination Port
I just sent number 10
Sequence
Acknowledgment
…
I just got number 10, now I need number 11.
Source Dest. Seq. Ack. 1028 23 10 1 Source Dest. Seq. Ack. 23 1028 1 11 Source Dest. Seq. Ack. 1028
23
11
2
.
TCP Windowing Sender
Window Size = 3 Send 1
Window Size = 3
Receiver
Window Size = 3 Send 2 Window Size = 3 Send 3
Packet 3 Is ACK 3 Window Size = 2 Dropped
Window Size = 3 Send 3 Window Size = 3 Send 4
ACK 5 Window Size = 2
• • • • •
UDP (User Datagram A connectionless and unacknowledged protocol. Protocol) UDP is also responsible for transmitting messages. But no checking for segment delivery is provided. UDP depends on upper layer protocol for reliability. TCP and UDP uses Port no. to listen to a particular services.
UDP Segment Format Bit 1 0
Bit 15 Bit 16 Source Port (16)
Bit 31 Destination Port (16)
Length (16)
Checksum (16) Data (if Any)
• No sequence or acknowledgment fields
8 Bytes
UDP Segment Format • Source port – Number of the calling port • Destination Port – Number of the called port • Length – Number of bytes, including header and data • Checksum – Calculated checksum of the header and data fields
• Data – Upper layer protocol data
Application Layer Overview
Application Transport Internet
File Transfer - TFTP* - FTP* - NFS E-Mail - SMTP Remote Login - Telnet* - rlogin* Network Management - SNMP* Name Management - DNS*
Data-Link
*Used by the Router Physical
Telnet • Telnet is used for Terminal Emulation. • It allows a user sitting on a remote machine to access the resources of another machine. • It allows you to transfer files from one machine to another. • It also allows access to both directories and files. • It uses TCP for data transfer and hence slow but reliable.
Network File System (NFS)
• It is jewel of protocols specializing in file sharing. • It allows two different types of file systems to interoperate. • • • •
This is striped down version of FTP. It has no directory browsing abilities. It can only send and receive files. It uses UDP for data transfer and hence faster but not reliable.
LPD (Line Printer Daemon) • The Line Printer Protocol is designed for Printer sharing. • The LPD along with the LPR (Line Printer Program) allows print jobs to spooled and sent to the network’s printers using TCP/IP.
X Window
• X-windows defines a protocol for the writing of graphical user interface-based client/Server application.
Simple Network Management Protocol • SNMP enable a central management of Network. • Using SNMP an administrator can watch the entire network. • SNMP works with TCP/IP. • IT uses UDP for transportation of the data.
DNS (Domain Name Service) • DNS resolves FQDNs with IP address. • DNS allows you to use a domain name to specify and IP address. • It maintains a database for IP address and Hostnames. • On every query it checks this database and resolves the IP.
© 2002, Cisco Systems, Inc. All rights reserved.
Introduction to TCP/IP Addresses 172.18.0.1
172.18.0.2 10.13.0.0 10.13.0.1
172.16.0.1
HDR SA DA DATA
172.17.0.1
172.16.0.2
172.17.0.2
192.168.1.0 192.168.1.1
– Unique addressing allows communication between end stations. – Path choice is based on destination address. • Location is represented by an address
IPv4 Addressing • 32-bit addresses
• Commonly expressed in dotted decimal format (e.g., 192.168.10.12) • Each “dotted decimal” is commonly called an octet (8 bits)
IP Addressing 32 bits Dotted Decimal Maximum
Network
255
255
Host
255
255
IP Addressing 32 bits Dotted Decimal
Network
16 17
255 24 25
32
11111111 11111111
11111111 11111111 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
8 9
255
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
1
Binary
255
255
Maximum
Host
IP Addressing 32 bits Dotted Decimal
Network
16 17
255 24 25
32
11111111 11111111
11111111 11111111 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
8 9
255
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
1
Binary
255
255
Maximum
Host
Example 172 16 122 204 Decimal Example 10101100 00010000 01111010 11001100 Binary
IP Address Classes 8 bits
8 bits
8 bits
8 bits
Host
Host
Host
Host
Host
•Class A:
Network
•Class B:
Network Network
•Class C:
Network Network Network
•Class D:
Multicast
•Class E:
Research
Host
IP Addressing—Class A • 10.222.135.17 • Network # 10 • Host # 222.135.17 • Range of class A network IDs: 1–126 • Number of available hosts: 16,777,214
IP Addressing—Class B • 128.128.141.245 • Network # 128.128 • Host # 141.245 • Range of class B network IDs: 128.1–191.254 • Number of available hosts: 65,534
IP Addressing—Class C • 192.150.12.1 • Network # 192.150.12 • Host # 1 • Range of class C network IDs: 192.0.1–223.255.254
• Number of available hosts: 254
IP Network Address Classes Class
# Networks
# Hosts
Example
A
126
16,777,214
01111111
00000000
00000000
00000000
B
16,384
65,534
10111111
11111111
00000000
00000000
C
2,097,152
254
11011111
11111111
11111111
00000000
Class A
35.0.0.0
Class B
128.5.0.0
Class C
132.33.33.0
Host Address Space
Network Address Space
IP Address Classes Bits:
Class A: Bits:
Class B: Bits:
Class C: Bits:
Class D:
1
8 9
0NNNNNNN
16 17
24 25
Host
Host
32 Host
Range (1-126) 1
8 9
10NNNNNN
16 17 Network
Range (128-191) 1 8 9 110NNNNN
Host 16 17
Network
Range (192-223) 1 8 9
1110MMMM
24 25 Host 24 25
Network 16 17
32
32 Host
24 25
32
Multicast Group Multicast Group Multicast Group
Range (224-239)
Private Addresses • Class A – 10.0.0.0 to 10.255.255.255 • Class B – 172.16.0.0 to 172.31.255.255 • Class C – 192.168.0.0 to 192.168.255.255
Determining Available Host Addresses Network
0
0
...
...
10101100 00010000 00000000 00000000 00000000 00000001 00000000 00000011
N 1 2 3 ...
16
16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
172
Host
11111111 11111101 11111111 11111110 11111111 11111111
65534 65535 65536 2
2N-2 = 216-2 = 65534
65534
Subnet Mask Network IP Address
172
Host
16
0
Network
Default Subnet Mask
8-bit Subnet Mask
255
0 Host
255
0
0
11111111 11111111 00000000 00000000 Also written as “/16” where 16 represents the number of 1s in the mask. Network Subnet Host
255
255
255
0
Also written as “/24” where 24 represents the number of 1s in the mask.
Decimal Equivalents of Bit Patterns 128 64
32
16
8
4
2
1
1
0
0
0
0
0
0
0
=
128
1
1
0
0
0
0
0
0
=
192
1
1
1
0
0
0
0
0
=
224
1
1
1
1
0
0
0
0
=
240
1
1
1
1
1
0
0
0
=
248
1
1
1
1
1
1
0
0
=
252
1
1
1
1
1
1
1
0
=
254
1
1
1
1
1
1
1
1
=
255
Subnet Mask without Subnets Network
Host
172.16.2.160
10101100
00010000
00000010
10100000
255.255.0.0
11111111
11111111
00000000
00000000
10101100
00010000
00000000
00000000
172
16
0
0
Network Number
•Subnets not in use—the default
Subnet Mask with Subnets Network 172.16.2.160
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
00000000
10101100
00010000
00000010
00000000
172
16
128 192 224 240 248 252 254 255
255.255.255.0
Subnet
Network Number
2
0
•Network number extended by eight bits
Subnet Mask with Subnets (cont.)
255.255.255.192
Network Number
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
11000000
10101100
00010000
00000010
10000000 128 192 224 240 248 252 254 255
172.16.2.160
Subnet
128 192 224 240 248 252 254 255
Network
172
16
2
128
•Network number extended by ten bits
Addressing Summary Example
172.16.2.160 255.255.255.192
172
16
10101100
00010000
2
160
00000010 10100000 Host
1
Mask Subnet 4 Broadcast First Last
Addressing Summary Example
172.16.2.160 255.255.255.192
172
16
10101100
00010000
11111111
11111111
2
160
00000010 10100000 Host
1
11111111 11000000 Mask 2 Subnet Broadcast First Last
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 Subnet Broadcast First Last
7
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4 Broadcast First Last
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 First Last
6
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 10000001 First Last
6
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 10000001 First
6
10111110 Last
7
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
00000010 10100000 Host
11111111
11111111
11111111 11000000 Mask 2
10101100
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast
10101100
00010000
5 00000010 10000001 First
6
10101100
00010000
00000010 10111110 Last
7
1
8
Addressing Summary Example 172
16
2
160 3
10101100
00010000
255.255.255.192 11111111 8 9 172.16.2.128 10101100
11111111
11111111 11000000 Mask 2
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast 6 7
172.16.2.160
172.16.2.191
00000010 10100000 Host
172.16.2.129
10101100
00010000
5 00000010 10000001 First
172.16.2.190
10101100
00010000
00000010 10111110 Last
1
Variable-Length Subnet Masks © 2001, Cisco Systems, Inc.
3-200
What Is a Variable-Length Subnet Mask?
HQ
172.16.0.0/16
What Is a Variable-Length Subnet Mask? (cont.)
HQ HQ
172.16.0.0/16
What Is a Variable-Length Subnet Mask? (cont.) 172.16.14.32/27
A
172.16.14. 64/27 B
HQ HQ
172.16.0.0/16
172.16.14.96/27 C
– Subnet 172.16.14.0/24 is divided into smaller subnets: • Subnet with one mask at first (/27)
What Is a Variable-Length Subnet Mask? (cont.) 172.16.14.32/27 A
172.16.14. 64/27 B
HQ HQ
172.16.0.0/16
172.16.14.96/27 C
– Subnet 172.16.14.0/24 is divided into smaller subnets: • Subnet with one mask at first (/27) • Then further subnet one of the unused /27 subnets into multiple /30 subnets
Calculating VLSMs Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st subnet:
10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26 Network
Subnet VLSM subnet
Host
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st subnet: 10101100 . 00010000 2nd subnet: 172 . 16 3rd subnet: 172 . 16 172 . 16 4th subnet: 172 . 16 5th subnet: Network
.0010 .0010 .0010 .0010 .0010
0000.00 0000.01 0000.10 0000.11 0001.00
Subnet VLSM Subnet
000000=172.16.32.0/26 000000=172.16.32.64/26 000000=172.16.32.128/26 000000=172.16.32.192/26 000000=172.16.33.0/26 Host
A Working VLSM Example Derived from the 172.16.32.0/20 Subnet
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26
26 bit mask (62 hosts)
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26 Derived from the 172.16.33.0/26 Subnet 30 bit mask (2 hosts)
26 bit mask (62 hosts)
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26 172.16.33.0/30
172.16.33.4/30
172.16.32.64/26
172.16.33.8/30 172.16.32.128/26 172.16.33.12/30
172.16.32.192/26 Derived from the 172.16.33.0/26 Subnet 30-Bit Mask (2 Hosts)
26-Bit Mask (62 Hosts)
Route Summarization
© 2001, Cisco Systems, Inc.
3-213
What Is Route Summarization? 172.16.25.0/24
172.16.26.0/24
A 172.16.27.0/24
Routing table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
What Is Route Summarization? (cont.) 172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24
A 172.16.27.0/24
Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
B Routing Table 172.16.0.0/16
– Routing protocols can summarize addresses of several networks into one address
Summarizing Within an Octet 172.16.168.0/24 = 10101100 . 00010000 . 10101 000 . 00000000 172.16.169.0/24 =
172
.
16
. 10101 001 .
0
172.16.170.0/24 =
172
.
16
. 10101 010 .
0
172.16.171.0/24 =
172
.
16
. 10101 011 .
0
172.16.172.0/24 =
172
.
16
. 10101 100 .
0
172.16.173.0/24 =
172
.
16
. 10101 101 .
0
172.16.174.0/24 =
172
.
16
. 10101 110 .
0
172.16.175.0/24 =
172
.
16
. 10101 111 .
0
Number of Common Bits = 21 Summary: 172.16.168.0/21
Noncommon Bits = 11
Summarizing Addresses in a VLSM-Designed Network 172.16.128.0/20
B
172.16.32.64/26 172.16.32.0/24 A
C
172.16.0.0/16
172.16.32.128/26
172.16.64.0/20
Corporate Network
D
Classless Interdomain Routing © 2001, Cisco Systems, Inc.
3-218
Classless Interdomain Routing • Mechanism developed to alleviate exhaustion of addresses and reduce routing table size • Blocks of Class C addresses assigned to ISPs—ISPs assign subsets of address space to organizations • Blocks are summarized in routing tables
CIDR Example 192.168.8.0/24
192.168.9.0/24
A
B
192.168.9.0/24
192.168.15.0/24
192.168.8.0/21 ISP
H
– Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by the ISP in one advertisement 192.168.8.0/21
© 2002, Cisco Systems, Inc. All rights reserved.
WAN Basics
What Is a WAN? • A network that serves users across a broad geographic area • Often uses transmission devices provided by public carriers (Pacific Bell, AT&T, etc.) – This service is commonly referred to as “plain old telephone service” (POTS)
• WANs function at the lower three layers of the OSI reference model – Physical layer, data link layer, and network layer
WAN Overview
Service Provider
• WANs connect sites • Connection requirements vary depending on user requirements and cost
What is a WAN? A WAN is a data communications network that covers a relatively broad geographic area and often uses transmission facilities provided by common carriers, such as telephone companies. WAN technologies function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.
WAN connection types • Point-to-Point Links or Leased Lines • Circuit Switching • Packet Switching
Point-to-Point Links or Leased Lines
• A point-to-point link is also known as a leased line because its established path is permanent and fixed for each remote network reached through the carrier facilities. It uses synchronous serial lines upto 45 Mbps
Leased Line
• • • • • •
One connection per physical interface Bandwidth: 56 kbps–1.544 Mbps Cost effective at 4–6 hours daily usage Dedicated connections with predictable throughput Permanent Cost varies by distance
Circuit Switching
Modem
Modem
WAN
• Dedicated physical circuit established, maintained, and terminated through a carrier network for each communication session • Datagram and data stream transmissions • Operates like a normal telephone call • Example: ISDN
Circuit Switching
•Sets up line like a phone call. No data can transfer before the end-to-end connection is established. •Uses dial-up modems and ISDN. It is used for low-bandwidth data transfers.
POTS Using Modem Dialup Modem Corporate Network
Telecommuters
Mobile Users
• • • • • •
Basic Telephone Service
Server Modem Access Router
Widely available Easy to set up Dial on demand Asynchronous transmission Low cost, usage-based Lower bandwidth access requirements
Integrated Services Digital Network (ISDN) LAN Server
ISDN Telecommuter/AfterHours, Work-atHome
BRI 2B+D
BRI/PRI 23B+D 30B+D (Europe)
Company Network • High bandwidth • Up to 128 Kbps per basic rate interface • Dial on demand • Multiple channels • Fast connection time • Monthly rate plus cost-effective, usage-based billing • Strictly digital
Packet Switching Multiplexing
Modem
Demultiplexing
WAN
Modem
• Network devices share a point-to-point link to transport packets from a source to a destination across a carrier network • Statistical multiplexing is used to enable devices to share these circuits • Examples: ATM, Frame Relay, X.25
Packet Switching •WAN switching method that allows you to share bandwidth with other companies to save money. •Think of packet switching networks as a party line. As long as you are not constantly transmit-ting data and are instead using bursty data transfers, packet switching can save you a lot of money. However, if you have constant data transfers,then you will need to get a leased line.
• Frame Relay and X.25 are packet-switching technologies. Speeds can range from 56Kbps to 2.048Mbps.
Frame Relay • Permanent, not dialup • Multiple connections per physical interface (permanent virtual circuits) • Efficient handling of bursty (peak performance period) data • Guaranteed bandwidth (typical speeds are 56/64 Kbps, 256 Kbps, and 1.544 Mbps)— committed information rate (CIR) • Cost varies greatly by region
Permanent Virtual Circuit (PVC)
X.25 DTE
DTE DCE
• • • •
X.25
DCE
Very robust protocol for low-quality lines Packet-switched Bandwidth: 9.6 kbps–64 kbps Well-established technology; large installed base • Worldwide availability
Asynchronous Transfer Mode (ATM) • Technology capable of transferring voice, video, and data through private and public networks • Uses VLSI technology to segment data, at high speeds, into Data Header units called cells – 5 bytes of header information – 48 bytes of payload – 53 bytes total
5
48
• Cells contain identifiers that specify the data stream to which they belong • Primarily used in enterprise backbones or WAN links
Cabling the WAN Legend FastEthernet/
Ethernet ISDN Dedicated ISL core_sw_b
ISDN Cloud
core_sw_b core_sw_a
Leased Line/ Frame Relay
Core_ Server
WAN Physical Layer Implementations • Physical layer implementations vary
Frame Relay
PPP
HDLC
• Cable specifications define speed of link
EIA/TIA-232 EIA/TIA-449 X.21 V.24 V.35 HSSI
ISDN BRI (with PPP)
RJ-45 NOTE: Pinouts are different than RJ-45 used in campus
Differentiating Between WAN Serial Connectors Router connections
End user device DTE
CSU/ DSU
DCE Service provider
EIA/TIA-232
EIA/TIA-449
V.35
X.21
EIA-530
Network connections at the CSU/DSU
Serial Implementation of DTE versus DCE Data Terminal Equipment
Data Communications Equipment • End of the WAN provider’s side of the communication facility • DCE is responsible for clocking
End of the user’s device on the WAN link
Modem CSU/DSU DCE
DTE S S S
DTE
DCE
S S S
DCE
DTE
WAN Terminating Equipment Physical Cable Types
Router To Corporate Network
EIA/TIA-232 V.35 X.21 HSSI
WAN Provider (Carrier) Network Modem Usually on the Customer’s Premises
DTE
DCE
Data Terminal Equipment
Data Circuit-Terminating Equipment
The Customer’s Equipment
The Service Providers Equipment
Serial Transmission • WAN Serial connectors use serial transmission – Serial transmission uses one bit at time over a single channel. – Parallel transmission can use 8 bits at a time, but all WANs use serial transmission.
• Cisco Routers use a proprietary 60 pin serial connector.
– Connector at the other end of the cable will depend on your service provider or end device requirements.
LAN/WAN Devices
www.cisco.com
© 1999, Cisco Systems, Inc.
LAN/WAN Devices
• Hubs • Bridges • Switches
• Routers
Hub • Device that serves as the center of a star topology network, sometimes referred to as a multiport repeater, no forwarding intelligence
Hubs 123
126
124
127
Hub 125
128
• • • • •
Amplifies signals Propagates signals through the network Does not filter data packets based on destination No path determination or switching Used as network concentration point
Hubs Operate at Physical layer
Physical
A
B
C
D
• All devices in the same collision domain • All devices in the same broadcast domain • Devices share the same bandwidth
Hubs: One Collision Domain • More end stations means more collisions • CSMA/CD is used
Bridge • Device that connects and passes packets between two network segments. • More intelligent than hub—analyzes incoming packets and forwards (or filters) them based on addressing information.
Bridge Example 123
126
Bridge
124
127
Hub
Hub
125 128 Segment 1
Corporate Intranet
Segment 2
• More intelligent than a hub—can analyze incoming packets and forward (or filter) them based on addressing information • Collects and passes packets between two network segments • Maintains address tables
Switches • Use bridging technology to forward traffic between ports.
• Provide full dedicated data transmission rate between two stations that are directly connected to the switch ports. • Build and maintain address tables called content-addressable memory (CAM).
Switching—“Dedicated” Media Workstation
10-Mbps UTP Cable “Dedicated”
31
Switch
34
32 35 100 Mbps
33
100 Mbps Corporate Intranet
• Uses bridging technology to forward traffic (i.e. maintains address tables, and can filter) • Provides full dedicated transmission rate between stations that are connected to switch ports • Used in both local-area and in wide-area networking • All types available—Ethernet, Token Ring, ATM
36
Switches and Bridges Operate at Data Link Layer Data Link
1
2
3
4
OR
1
2
• Each segment has its own collision domain • All segments are in the same broadcast domain
Switches
Switch Memory
• Each segment has its own collision domain • Broadcasts are forwarded to all segments
Routers
• Interconnect LANs and WANs • Provide path determination using metrics • Forward packets from one network to another • Control broadcasts to the network
Network Layer Functions (cont.) 1.1
1.2
1.0
4.0
1.3 E0
2.1
S0
Routing Table NET INT Metric 1 E0 0 2 S0 0 4 S0 1
2.2 S0
4.3
4.1
4.2
E0
Routing Table NET INT Metric 1 S0 1 2 S0 0 4 E0 0
• Logical addressing allows for hierarchical network • Configuration required • Uses configured information to identify paths to networks
Routers: Operate at the Network Layer • Broadcast control • Multicast control • Optimal path determination • Traffic management • Logical addressing • Connects to WAN services
Using Routers to Provide Remote Access Modem or ISDN TA Telecommuter
Mobile User
Branch Office Main Office Internet
Network Device Domains Hub
Bridge
Switch
Router
Collision Domains: 1 4 Broadcast Domains:
1
1
4
4
1
4
© 2002, Cisco Systems, Inc. All rights reserved.
Product Selection Considerations • • • •
Provides functionality and features you need today Capacity and performance Easy installation and centralized management Provides network reliability
• Investment protection in existing infrastructure • Migration path for change and growth • Seamless access for mobile users and branch offices
Cisco Router Products Cisco 12000 GSR Series
Selection Issues: • Scale of the routing features needed • Port density/variety requirements • Capacity and performance
• Common user interface
Cisco 1600/1700 Cisco Series 700/800 Series
Cisco 2500 Series
Cisco 2600 Series
Cisco 3600 Series
AS 5000 Series
Cisco 7000 Series
Cisco 10000 Series
Central Site Solutions
Branch Office Solutions Small Office Solutions
Home Office Solutions
Visual Objective
Use the product selection tool to select Cisco Equipment
Router – 7200
Router – 7300
Router – 7500
Router – 7600
Router – 10000
Router 12000
Fixed and Moduler Interfaces • Some Cisco Routers have fixed interfaces while other are modular. – 2500 series routers have set interfaces that can’t be changed. • The 2501 Router has two serial connections one 10BaseT AUI interface. • If you need to add a third serial connection you need to buy a new router.
– The 1600, 1700, 2600, 3600 and higher routers have modular interfaces. • These Routers allow you to buy what you need and add almost any type of interface you may need later.
Fixed Interfaces 2500 Router—rear view
Serial WAN ports can be fixed
Modular Interfaces WAN Interface Card
Serial WAN ports can be modular 1603 Router—rear view
Ethernet 10BaseT
3640 Router— rear view
Ethernet AUI
ISDN BRI S/T
Console
Module
Router Internal Components
RAM • It contains the software and data structures that allow the router to function. The principal software running in RAM is the Cisco IOS image and the running configuration. Some routers, such as the 2500 series, run IOS from Flash and not RAM.
ROM Functions
• Contains microcode for basic functions
ROM • POST : The microcode used to test the basic functionality of the router hardware and to determine what components are present.
ROM • Bootstrap code : the bootstrap code is used to bring the router up during initialization. It contains microcode for basic functions to start and maintain the router. It reads the configuration register to determine how to boot and then, if instructed to do so, loads the IOS software.
ROM • ROM monitor : A low-level operating system normally used for manufacturing, testing and troubleshooting. • A “partial” IOS : This partial IOS can be used to load a new software image into Flash memory and to perform some other maintainence operations. It does not support the IP routing and most other routing functions. Sometimes, this subset of the IOS is referred to as RXBOOT code.
Flash memory • Flash memory : is used to contain the IOS software image. Some router run IOS image directly from Flash and do not need to transfer it to RAM.
NVRAM • NVRAM : is used mainly to store the configuration. NVRAM uses a battery to maintain the data when the power is removed from the router.
Configuration Register • Configuration Register : is used to control how the router boots up.
External Configuration Sources
• Configurations can come from many sources. • Configurations will act in device memory.
Basics of Cisco IOS • IOS Software delivers Network Services and enables network services. • Cisco IOS enable the following network services: – Features to carry the chosen network protocols & functions. – Connectivity to provide high-speed traffic between devices. – Security to control access and discourage unauthorized network use. – Scalability to add interfaces and capability as the need for networking grows. – Reliability to ensure dependable access to networked resources.
Cisco IOS Software Features
• Cisco IOS software delivers network services and enables networked applications.
Cisco IOS User Interface Functions – A CLI is used to enter commands. – Operations vary on different internetworking devices. – Users type or paste entries in the console command modes. – Enter key instructs device to parse and execute the command. – Two primary EXEC modes are user mode and privileged mode. – Command modes have distinctive prompts.
Setting Up A Console Connection Device with Console
– PCs require an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter. – COM port settings are 9600 bps, 8 data bits, no parity, 1 stop bit, no flow control. – This provides out-of-band console access. – AUX switch port may be used for a modem-connected console.
•
Console Connection Console connection is required to configure the router for the first time. – All Cisco devices are shipped with one Console cable. – It allows you to connect a device and configure, verify and monitor it. – The cable is a rollover cable with RJ-45 connectors – Pinouts for the rollover cable is: 1-8 4-5 7-2 2-7 5-4 8-1 3-6 6-3 ---
Console Connection • Setup terminal emulation program to run at – 9600 bps – 8 data bits – no parity – 1 stop bit – no flow control • Most of the router has an auxiliary port which can connect to a modem – This will give you console access to a remote router. – The console port and auxiliary port are considered out-of-band management since you are configuring router out of the network – Telnet is considered in-band.
Initial Startup of the Cisco Router – System startup routines initiate router software – Router falls back to startup alternatives if needed
Router Power-On/Bootup Sequence 1. 2. 3. 4. 5. 6. 7.
Perform power-on self test (POST). Load and run bootstrap code. Find the Cisco IOS software. Load the Cisco IOS software. Find the configuration. Load the configuration. Run the configured Cisco IOS software.
Router Configuration from CLI • First method of Router configuration is Setup utility – allows a basic initial configuration • Command Line Interface (CLI) can be used for more complex and specific configurations • CLI provides following modes of operation: – User Mode – EXEC Mode – Terminal Configuration / Global Configuration Mode • Terminal configuration Mode gives you access to different configuration Modes.
Bootup Output from the Router
Unconfigured Versus Configured Router
Setup: The Initial Configuration Dialog Router#setup
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: yes At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: no
Setup Interface Summary First, would you like to see the current interface summary? [yes]: Interface
IP-Address
OK?
Method
Status
Protocol
BRI0
unassigned
YES
unset
administratively down
down
BRI0:1
unassigned
YES
unset
administratively down
down
BRI0:2
unassigned
YES
unset
administratively down
down
Ethernet0
unassigned
YES
unset
administratively down
down
Serial0
unassigned
YES
unset
administratively down
down
Interfaces Found During Startup
Setup Initial Global Parameters Configuring global parameters: Enter host name [Router]:wg_ro_c The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: cisco The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: sanfran
The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: sanjose Configure SNMP Network Management? [no]:
Setup Initial Protocol Configurations Configure LAT? [yes]: no Configure AppleTalk? [no]: Configure DECnet? [no]: Configure IP? [yes]: Configure IGRP routing? [yes]: no Configure RIP routing? [no]: Configure CLNS? [no]: Configure IPX? [no]: Configure Vines? [no]: Configure XNS? [no]: Configure Apollo? [no]:
Setup Interface Parameters BRI interface needs isdn switch-type to be configured Valid switch types are : [0] none..........Only if you don't want to configure BRI. [1] basic-1tr6....1TR6 switch type for Germany [2] basic-5ess....AT&T 5ESS switch type for the US/Canada [3] basic-dms100..Northern DMS-100 switch type for US/Canada [4] basic-net3....NET3 switch type for UK and Europe [5] basic-ni......National ISDN switch type [6] basic-ts013...TS013 switch type for Australia [7] ntt...........NTT switch type for Japan [8] vn3...........VN3 and VN4 switch types for France Choose ISDN BRI Switch Type [2]: Configuring interface parameters: Do you want to configure BRI0 (BRI d-channel) interface? [no]: Do you want to configure Ethernet0 interface? [no]: yes Configure IP on this interface? [no]: yes IP address for this interface: 10.1.1.33 Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24 Do you want to configure Serial0
interface? [no]:
Setup Script Review and Use The following configuration command script was created: hostname Router interface BRI0 enable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0 shutdown enable password sanfran no ip address line vty 0 4 ! password sanjose interface Ethernet0 no snmp-server no shutdown ! ip address 10.1.1.31 255.255.255.0 no appletalk routing no mop enabled no decnet routing ! ip routing interface Serial0 no clns routing shutdown no ipx routing no ip address no vines routing no xns routing end no apollo routing isdn switch-type basic-5ess [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:
Logging In to the Router
Cisco IOS Software EXEC Mode • There are two main EXEC modes for entering commands.
Router User-Mode Command List wg_ro_c>? Exec commands: access-enable atmsig cd clear connect dir disable disconnect enable exit help lat lock login logout -- More --
Create a temporary Access-List entry Execute Atm Signalling Commands Change current device Reset functions Open a terminal connection List files on given device Turn off privileged commands Disconnect an existing network connection Turn on privileged commands Exit from the EXEC Description of the interactive help system Open a lat connection Lock the terminal Log in as a particular user Exit from the EXEC
– You can abbreviate a command to the fewest characters that make a unique character string.
Cisco IOS Software EXEC Mode (Cont.)
Router Privileged-Mode Command List wg_ro_c#? Exec commands: access-enable access-profile access-template bfe cd clear clock configure connect copy debug delete dir disable disconnect enable erase exit help -- More --
Create a temporary Access-List entry Apply user-profile to interface Create a temporary Access-List entry For manual emergency modes setting Change current directory Reset functions Manage the system clock Enter configuration mode Open a terminal connection Copy from one file to another Debugging functions (see also 'undebug') Delete a file List files on a filesystem Turn off privileged commands Disconnect an existing network connection Turn on privileged commands Erase a filesystem Exit from the EXEC Description of the interactive help system
• You can complete a command string by entering the unique character string, then pressing the Tab key.
•
Access to Configuration Interface configuration Mode Modes – Support commands for per-interface basis configuration – Promp looks like • Router(Config-if)#
• Subinterface Configuration Mode – Support command that configures multiple virtual (Logical) interfaces on single physical interfaces. – Prompts looks like • Router(config-subif)#
Router Configuration Mode
– Support commands that configures IP Routing Protocol – Prompt looks like • Router(Config-router)#
• IPX-router Configuration Mode – Support command that configures the Novell Network Layer Protocol – Prompts looks like • Router(config-router)#
Exiting Configuration Mode
• Exit command will take you one level back and eventually allowing you to log out.
• CTRL+Z can also be used instead of Exit command
Router Command Line Help Facilities Context-Sensitive Help
Console Error Messages
Provides a list of commands and the arguments associated with a specific command.
Identify problems with router commands incorrectly entered so that you can alter or correct them.
Command History Buffer Allows recall of long or complex commands or entries for reentry, review, or correction.
Router Context-Sensitive Help Router#
clok
Translating "CLOK" % Unknown command or computer name, or unable to find computer address Router# clear Router#
cl? clock clock
• Symbolic translation
% Incomplete command.
• Command prompting
Router#
• Last command recall
set Router#
clock ? Set the time and date clock set
% Incomplete command. Router# hh:mm:ss
clock set ? Current Time
Router Context-Sensitive Help (cont.) Router#
clok
Translating "CLOK" % Unknown command or computer unable to find computer address Router# clock name, set or 19:56:00
% Incomplete command. Router# clear
Router#
clock Router#
<1-31> MONTH
• Command prompting
clock set 19:56:00 ? Day of the month Month of the year
% Incomplete command.
Router#
clock set 19:56:00 04 8 ^
Router# set
Router#
Set%the time and input date Invalid
Router#
detected at the '^' marker
clock set 19:56:00 04 August command.
% Incomplete % command. Incomplete
Router#
Router# clock set 19:56:00 04 August ? hh:mm:ss <1993-2035> Current Time Year
• Syntax checking • Command prompting
Using Enhanced Editing Commands Router>Shape the future of internetworking by creating unpreced
Shape the future of internetworking by creating unprecedented value for customers, employees, and partners.
Using Enhanced Editing Commands Router>$ future of internetworking by creating unprecedented op
(Automatic scrolling of long lines).
Using Enhanced Editing Commands Router>Shape the value of internetworking by creating unpreced
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
<Esc-F>
Move forward one word.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
<Esc-F>
Move forward one word.
Delete a single character.
Reviewing Router Command History Ctrl-P or Up arrow
Last (previous) command recall
Ctrl-N or Down arrow
More recent command recall
Router> show history
Show command buffer contents
Router> terminal history size lines
Set session command buffer size
show version Command wg_ro_a#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 08-Feb-99 18:18 by phanguye Image text-base: 0x03050C84, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1) wg_ro_a uptime is 20 minutes System restarted by reload System image file is "flash:c2500-js-l_120-3.bin" (output omitted) --More-Configuration register is 0x2102
Viewing the Configuration RAM
NVRAM
Config
Config
IOS show running-config
show startup-config Console
Setup utility
Setup saves the configuration to NVRAM
show running and show startup Commands In RAM
In NVRAM
wg_ro_c#show running-config Building configuration...
wg_ro_c#show startup-config Using 1359 out of 32762 bytes ! version 12.0 ! -- More --
Current configuration: ! version 12.0 ! -- More --
Display current and saved configuration
Overview of Router Modes •User EXEC mode
Router>enable
•Privileged EXEC mode
Router#config term
•Global configuration mode
Router(config)#
Configuration Mode
Ctrl-Z (end) Exit
Prompt
Interface Router(config-if)# Subinterface Router(config-subif)# Controller Router(config-controller)# Line Router(config-line)# Router Router(config-router)# IPX router Router(config-ipx-router)#
Saving Configurations wg_ro_c# wg_ro_c#copy running-config startup-config Destination filename [startup-config]? Building configuration… wg_ro_c#
Copy the current configuration to NVRAM
Configuring Router Identification Router Name Router(config)#hostname wg_ro_c wg_ro_c(config)#
Message of the Day Banner wg_ro_c(config)#banner motd # Accounting Department You have entered a secured system. Authorized access only! #
Sets local identity or message for the accessed router or interface
Configuring Router Identification Router Name Router(config)#hostname wg_ro_c wg_ro_c(config)#
Message of the Day Banner wg_ro_c(config)#banner motd # Accounting Department You have entered a secured system. Authorized access only! #
Interface Description wg_ro_c(config)#interface ethernet 0 wg_ro_c(config-if)#description Engineering LAN, Bldg. 18
– Sets local identity or message for the accessed router or interface
Router Password Configuration Console Password Router(config)#line console 0 Router(config-line)#login Router(config-line)#password cisco
Virtual Terminal Password Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password sanjose
Router Password Configuration Console Password Router(config)#line console 0 Router(config-line)#login Router(config-line)#password cisco
Virtual Terminal Password Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password sanjose
Enable Password Router(config)#enable password cisco
Secret Password Router(config)#enable secret sanfran
Other Console Line Commands Router(config)#line console 0 Router(config-line)#exec-timeout 0 0
• Prevents console session timeout Router(config)#line console 0 Router(config-line)#logging synchronous
• Redisplays interrupted console input
Configuring an Interface Router(config)#interface type number Router(config-if)#
• type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, and tunnel • number is used to identify individual interfaces Router(config)#interface type slot/port Router(config-if)#
• For modular routers Router(config-if)#exit
• Quit from current interface configuration mode
Configuring a Serial Interface •Enter global configuration mode
Specify interface
Router#configure term Router(config)#
Router(config)#interface serial 0 Router(config-if)#
Configuring a Serial Interface •Enter global configuration mode
Router#configure term Router(config)#
Specify interface
Router(config)#interface serial 0 Router(config-if)#
Set clock rate (on DCE interfaces only)
Router(config-if)#clock rate 64000 Router(config-if)#
Set bandwidth
Router(config-if)#bandwidth 64 Router(config-if)#exit Router(config)#exit Router#
Verifying Your Changes Router#show interface serial 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address addressisis10.140.4.2/24 10.140.4.2/24 MTU 1500 bytes, BWBW6464Kbit, Kbit,DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:09, output 00:00:04, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec (output omitted)
Disabling or Enabling an Interface Router#configure term Router(config)#interface serial 0 Router(config-if)#shutdown %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
Administratively turns off an interface Router#configure term Router(config)#interface serial 0 Router(config-if)#no shutdown %LINK-3-UPDOWN: Interface Seria0, changed state to up %LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up
Enables an interface that is administratively shutdown
Router show interfaces Command Router#show interfaces Ethernet0 is up, line protocol is up Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f) Internet address is 10.1.1.11/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:07, output 00:00:08, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 81833 packets input, 27556491 bytes, 0 no buffer Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort 0 input packets with dribble condition detected 55794 packets output, 3929696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 4 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
Interpreting Interface Status Router#show interfaces serial 1 Serial1 is up, line protocol is up Hardware is HD64570 Description: 64Kb Line to San Jose :: :: :: :: :: :: :: :: ::
Carrier Detect Operational.................. Connection problem... Interface problem........ Disabled ......................
Keepalives Serial1 Serial1 Serial1 Serial1
is is is is
up, line protocol is up up, line protocol is down down, line protocol is down administratively down, line protocol is down
Serial Interface show controller Command Router#show controller serial 0 HD unit 0, idb = 0x121C04, driver structure at 0x127078 buffer size 1524 HD unit 0, V.35 DTE cable . . .
Shows cable type of serial cables
© 2002, Cisco Systems, Inc. All rights reserved.
ROUTING
What is Routing? 10.120.2.0
172.16.1.0
•To route a router need to know: – Destination addresses – Sources it can learn from – Possible routes – Best route – Maintain and verify routing information
What is Routing? (cont.) 10.120.2.0 E0
172.16.1.0
S0
Network Protocol
Connected Learned
Destination Network 10.120.2.0 172.16.1.0
Exit Interface E0 S0
Routed Protocol: IP
– Routers must learn destinations that are not directly connected
Identifying Static and Dynamic Routes •Static Route Uses a route that a network administrator enters into the router manually
•Dynamic Route Uses a route that a network routing protocol adjusts automatically for topology or traffic changes
STATIC ROUTING • Static Routing: The administrator must handtype all network locations into the routing table. – In Static Routing, the administrator is responsible for updating all changes by hand into all routers.
IP Route command
ip route [destination_network ][mask ] [next_hop_address or exit interface ]
It is a Global configuration mode command. Above command is used for configuring routing table in Static Routing
Static Routing The following list describes each command in the string: ip route The command used to create the static route. destination network The network you are placing in the routing table. mask Indicates the subnet mask being used on the network. next hop address The address of the next hop router that will receive the packet and forward it to the remote network. This is a router interface that is on a directly connected network. You must be able to ping the router interface before you add the route.
Static Route Example Stub Network
172.16.1.0 SO
Network
A
172.16.2.2
172.16.2.1
B B
ip route 172.16.1.0 255.255.255.0 172.16.2.1
This is a unidirectional route. You must have a route configured in the opposite direction.
Default Routing • Default routing is used to send packets with a remote destination network not in the routing table to the next hop router. • You can only use default routing on stub networks, which means that they have only one exit port out of the network.
Default Routes Stub Network 172.16.1.0 SO
Network
A 172.16.2.2
172.16.2.1
BB
ip route 0.0.0.0 0.0.0.0 172.16.2.2
This route allows the stub network to reach all known networks beyond router A.
Static Routing • Static Routing is the process of an administrator manually adding routes in each router’s routing table. • Benefits of Static Routing – No overhead on the Router CPU – No Bandwidth usage between routers – Security (Administrator can allow routing to selected networks) • Disadvantage of Static Routing – The administrator must really understand the full internetwork to configure routes correctly. – If one network is added to the internetwork the administrator must add a route to it on all routers. – It is not feasible in large networks because it would be a full-time job.
© 2002, Cisco Systems, Inc. All rights reserved.
Dynamic Routing Basics
Routed versus Routing Protocols
• Routed protocols used between routers to direct user traffic; also called network protocols – Examples: IP, IPX, DECnet, AppleTalk, NetWare, OSI, VINES
• Routing protocols used between routers to maintain routing tables – Examples: RIP, IGRP, OSPF, BGP, EIGRP
Network Protocol
Protocol name
Destination Exit Port Network to Use 1.0 2.0 3.0
1.1 2.1 3.1
DYNAMIC ROUTING • Dynamic Routing: Dynamic routing is the process of routing protocols running on the router communicating with neighbor routers. – If a change occurs in the network the dynamic routing protocols automatically inform all routers about the change.
Dynamic Routing • Most internetworks use dynamic routing
A
X
D
A
B
X C
A network change blocks the established path...
D
B C
…and an alternate route is found dynamically.
Routing Protocols
© 1999, Cisco Systems, Inc.
www.cisco.com
What is a Routing Protocol? 10.120.2.0
•
•
Routing protocols are used between routers to determine paths and maintain routing tables. Once the path is determined a router can route a routed protocol.
E0
Network Protocol
Connected RIP IGRP
172.16.1.0
S0
Destination Network 10.120.2.0 172.16.2.0 172.17.3.0
Exit Interface E0 S0 S1
Routed Protocol: IP Routing protocol: RIP, IGRP
172.17.3.0
Autonomous Systems: Interior or Exterior Routing Protocols IGPs: RIP, IGRP
EGPs: BGP
Autonomous System 100
Autonomous System 200
– An autonomous system is a collection of networks under a common administrative domain – IGPs operate within an autonomous system – EGPs connect different autonomous systems
Administrative Distance: Ranking Routes I need to send a packet to Network E. Both router B and C will get it there. Which route is best?
IGRP Administrative Distance=100 Router A
Router B
RIP Administrative Distance=120
E Router C
Router D
Distance Vector versus Link State • Distance vector – Sends routing table info only to neighbors, so change communication may need one min/router – Also called “routing by rumor” – Easy to configure, but slow
• Link state – Floods routing information about itself to all nodes, so changes are known immediately – Efficient, but complex to configure • Cisco’s EIGRP hybrid – Efficient and easy to configure
Routing Protocol Evolutions EIGRP
IGRP
RIP • Distance vector • Most common IGP • Uses hop count
• Distance vector • Developed by Cisco • Addresses problems in large, heterogeneous networks
• Hybrid protocol • Developed by Cisco • Superior convergence and operating efficiency • Merges benefits of link state & distance vector
OSPF
Distance Vector Hybrid Link State
• Link state, hierarchical • Successor to RIP • Uses least-cost routing, multipath routing, and load balancing • Derived from IS-IS
Classes of Routing Protocols B
Distance Vector
A
C D
Hybrid Routing
B A
C D
Link State
Distance Vector Routing Protocols B A
C Distance—How far Vector—In which direction
D
D
C
B
A
Routing Table
Routing Table
Routing Table
Routing Table
•Pass periodic copies of routing table to neighbor routers and accumulate distance vectors
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
•Routers discover the best path to destinations from each neighbor
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.1.0.0
S0
1
•Routers discover the best path to destinations from each neighbor
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S0
1
10.1.0.0
S0
2
•Routers discover the best path to destinations from each neighbor
Distance Vector—Selecting Best Route with Metrics A
IGRP Bandwidth 56
Delay
RIP Hop count
T1
56
T1 B
Information used to select the best path for routing
Distance Vector—Maintaining Routing Information Process to update this routing table
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Distance Vector—Maintaining Routing Information Process to update this routing table Router A sends out this updated routing table after the next period expires
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Distance Vector—Maintaining Routing Information Process to update this routing table
B
Process to update this routing table
Router A sends out this updated routing table after the next period expires
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0 E0
0
10.3.0.0
S0
1
10.4.0.0 S1
1
10.2.0.0 S0
1
10.4.0.0
S0
2
10.1.0.0 S0
1
10.1.0.0 S0
2
•Each node maintains the distance from itself to each possible destination network
Maintaining Routing Information Problem—Routing Loops 10.1.0.0
10.2.0.0 A
E0
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 E0 Down
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S0
1
10.1.0.0
S0
2
• Slow convergence produces inconsistent routing
0
X
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0 S0
2
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S1
1
10.1.0.0
S0
2
Router C concludes that the best path to network 10.4.0.0 is through Router B
X
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 S0
2
10.3.0.0
S0
1
10.4.0.0 S1
3
10.2.0.0
S0
1
10.4.0.0
S0
4
10.1.0.0 S0
1
10.1.0.0
S0
2
Router A updates its table to reflect the new but erroneous hop count
X
Symptom: Counting to Infinity 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 S0
4
10.3.0.0
S0
1
10.4.0.0
S1
5
10.2.0.0
S0
1
10.4.0.0
S0
6
10.1.0.0
S0
1
10.1.0.0
S0
2
• Packets for network 10.4.0.0 bounce between routers A, B, and C • Hop count for network 10.4.0.0 counts to infinity
X
Solution: Defining a Maximum 10.1.0.0
10.2.0.0
E0
A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
S0
16
10.3.0.0
S0
1
10.4.0.0
S1
16
10.2.0.0
S0
1
10.4.0.0
S0
16
10.1.0.0
S0
1
10.1.0.0
S0
2
•Define a limit on the number of hops to prevent infinite loops
X
Solution: Split Horizon 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
X
10.3.0.0
S0
B
S1
Routing Table
X
10.4.0.0 S0
C
E0
X
Routing Table
10.1.0.0
E0
0
10.2.0.0 S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0
S0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
E1
2
10.1.0.0
S0
2
•It is never useful to send information about a route back in the direction from which the original packet came
Solution: Route Poisoning 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
X
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
10.3.0.0
S0
1
10.4.0.0 S1
1
10.2.0.0
S0 Infinity 1 S0
10.4.0.0
S0
2
10.1.0.0 E1
2
10.1.0.0
S0
0
2
•Routers set the distance of routes that have gone down to infinity
Solution: Poison Reverse 10.1.0.0 E0
10.2.0.0 A
S0
10.3.0.0
S0
B
S1
10.4.0.0 S0
C
E0
Poison Reverse Routing Table
Routing Table
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
10.3.0.0
S0
1
10.4.0.0 S1
Possibly Down
10.2.0.0
S0 Infinity 1 S0
10.4.0.0
S0
2
10.1.0.0 E1
2
10.1.0.0
S0
• Poison Reverse overrides split horizon
0
2
X
Solution: Hold-Down Timers Network 10.4.0.0 is unreachable
Update after hold-down Time
10.1.0.0
10.2.0.0
E0
A
S0
Update after hold-down Time
S0
10.3.0.0 B
S1
10.4.0.0 S0
C
E0
X
Network 10.4.0.0 is down then back up then back down
•Router keeps an entry for the network possibly down state, allowing time for other routers to recompute for this topology change
Solution: Triggered Updates Network 10.4.0.0 is unreachable
Network 10.4.0.0 is unreachable
10.1.0.0 E0
Network 10.4.0.0 is unreachable
10.2.0.0 A
S0
S0
10.3.0.0 B
S1
10.4.0.0 S0
C
E0
•Router sends updates when a change in its routing table occurs
X
Implementing Solutions in Multiple Routes D
10.4.0.0 E
B
A
X
C
Implementing Solutions in Multiple Routes (cont.) Holddown
D
10.4.0.0 E
B
Holddown
A Holddown
X
C
Implementing Solutions in Multiple Routes (cont.) Holddown Poison Reverse
D Poison Reverse
10.4.0.0 E
B
X
Holddown
Poison Reverse Poison Reverse
A Holddown
C
Implementing Solutions in Multiple Routes (cont.) Holddown
D
10.4.0.0 E
B
Holddown Packet for Network 10.4.0.0
Packet for Network 10.4.0.0
A Holddown
X
C
Implementing Solutions in Multiple Routes (cont.) D
10.4.0.0 E
B
A
Link up!
C
Implementing Solutions in Multiple Routes (cont.) D
10.4.0.0 E
B
A
Link up!
C
Link-State Routing Protocols B C
A D Link-State Packets
Topological Database
Routing Table
SPF Algorithm
Shortest Path First Tree
•
After initial flood, pass small event-triggered link-state updates to all other routers
Hybrid Routing Choose a routing path based on distance vectors Balanced Hybrid Routing Converge rapidly using change-based updates
•Share attributes of both distance-vector and link-state routing
IP Routing Configuration Tasks Network 172.16.0.0
• Router configuration – Select routing protocols – Specify networks or interfaces
RIP IGRP, RIP
IGRP Network 160.89.0.0
RIP
Network 172.30.0.0
Dynamic Routing Configuration Router(config)#router protocol [keyword]
– Defines an IP routing protocol Router(config-router)#network network-number • Mandatory configuration command for each IP routing process • Identifies the physically connected network that routing updates are forwarded to
RIP Overview
19.2 kbps T1
T1 T1
– Hop count metric selects the path – Routes update every 30 seconds
RIP Configuration Router(config)#router rip – Starts the RIP routing process
Router(config-router)#network network-number • Selects participating attached networks • The network number must be a major classful network number
RIP Configuration Example E0 172.16.1.0
S2
S2
A 172.16.1.1 10.1.1.1
2.3.0.0 router rip network 172.16.0.0 network 10.0.0.0
10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
2.3.0.0 router rip network 192.168.1.0 network 10.0.0.0
router rip network 10.0.0.0
Verifying the Routing Protocol— RIP E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Ethernet0 1 1 2 Serial2 1 1 2 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 120 00:00:10 Distance: (default is 120)
192.168.1.0
Displaying the IP Routing Table E0
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
C R C R
172.16.0.0/24 is subnetted, 1 subnets 172.16.1.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2 10.1.1.0 is directly connected, Serial2 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2
debug ip rip Command E0
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#debug ip rip RIP protocol debugging is on RouterA# 00:06:24: RIP: received v1 update from 10.1.1.2 on Serial2 00:06:24: 10.2.2.0 in 1 hops 00:06:24: 192.168.1.0 in 2 hops 00:06:33: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:06:34: network 10.0.0.0, metric 1 00:06:34: network 192.168.1.0, metric 3 00:06:34: RIP: sending v1 update to 255.255.255.255 via Serial2 (10.1.1.1) 00:06:34: network 172.16.0.0, metric 1
192.168.1.0
Introduction to IGRP IGRP
– More scalable than RIP – Sophisticated metric – Multiple-path support
IGRP Composite Metric 19.2 kbps
19.2 kbps
Source
Destination
–Bandwidth –Delay –Reliability –Loading –MTU
IGRP Unequal Multiple Paths New Route
Source
Initial Route
Destination
– Maximum six paths – Next-hop router closer to destination – Within metric variance
Configuring IGRP
Router(config)#router igrp autonomous-system • Defines IGRP as the IP routing protocol
Router(config-router)#network network-number • Selects participating attached networks
Configuring IGRP (cont.)
Router(config-router)#variance multiplier
• Control IGRP load balancing
Router(config-router)#traffic-share { balanced | min } • Control how load-balanced traffic is distributed
IGRP Configuration Example Autonomous System = 100 E0 172.16.1.0
S2
S2
A 172.16.1.1 10.1.1.1
router igrp 100 network 172.16.0.0 network 10.0.0.0
10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
router igrp 100 network 192.168.1.0 network 10.0.0.0
router igrp 100 network 10.0.0.0
Verifying the Routing Protocol— IGRP E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3
B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols Routing Protocol is "igrp 100" Sending updates every 90 seconds, next due in 21 seconds Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Default networks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 100 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 100 00:01:01 Distance: (default is 100)
192.168.1.0
Displaying the IP Routing Table E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
C I C I
172.16.0.0/24 is subnetted, 1 subnets 172.16.1.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 [100/90956] via 10.1.1.2, 00:00:23, Serial2 10.1.1.0 is directly connected, Serial2 192.168.1.0/24 [100/91056] via 10.1.1.2, 00:00:23, Serial2
debug ip igrp transaction Command E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp transactions IGRP protocol debugging is on RouterA# 00:21:06: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:21:06: network 10.0.0.0, metric=88956 00:21:06: network 192.168.1.0, metric=91056 00:21:07: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:21:07: network 172.16.0.0, metric=1100 00:21:16: IGRP: received update from 10.1.1.2 on Serial2 00:21:16: subnet 10.2.2.0, metric 90956 (neighbor 88956) 00:21:16: network 192.168.1.0, metric 91056 (neighbor 89056)
debug ip igrp events Command E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp events IGRP event debugging is on RouterA# 00:23:44: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:23:44: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes. 00:23:44: IGRP: Total routes in update: 2 00:23:44: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:23:45: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes. 00:23:45: IGRP: Total routes in update: 1 00:23:48: IGRP: received update from 10.1.1.2 on Serial2 00:23:48: IGRP: Update contains 1 interior, 1 system, and 0 exterior routes. 00:23:48: IGRP: Total routes in update: 2
Updating Routing Information Example E0
172.16.1.0
X
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3
B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA# debug ip igrp trans 00:31:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 00:31:15: IGRP: edition is now 3 00:31:15: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:31:15: network 172.16.0.0, metric=4294967295 00:31:16: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes. 00:31:16: IGRP: Total routes in update: 1 00:31:16: IGRP: broadcasting request on Serial2 00:31:16: IGRP: received update from 10.1.1.2 on Serial2 00:31:16: subnet 10.2.2.0, metric 90956 (neighbor 88956) 00:31:16: network 172.16.0.0, metric 4294967295 (inaccessible) 00:31:16: network 192.168.1.0, metric 91056 (neighbor 89056) 00:31:16: IGRP: Update contains 1 interior, 2 system, and 0 exterior routes. 00:31:16: IGRP: Total routes in update: 3
Updating Routing Information Example (cont.) E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#debug ip igrp trans IGRP protocol debugging is on RouterB# 1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2) 1d19h: subnet 10.2.2.0, metric=88956 1d19h: network 192.168.1.0, metric=89056 1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2) 1d19h: subnet 10.1.1.0, metric=88956 1d19h: network 172.16.0.0, metric=89056 1d19h: IGRP: received update from 10.1.1.1 on Serial2 1d19h: network 172.16.0.0, metric 4294967295 (inaccessible) 1d19h: IGRP: edition is now 10 1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2) 1d19h: subnet 10.2.2.0, metric=88956 1d19h: network 172.16.0.0, metric=4294967295 1d19h: network 192.168.1.0, metric=89056 1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2) 1d19h: subnet 10.1.1.0, metric=88956 1d19h: network 172.16.0.0, metric=4294967295
Updating Routing Information Example (cont.) E0
X
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2 10.0.0.0/24 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial2 C 10.2.2.0 is directly connected, Serial3 I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:14, Serial3 RouterB#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) RouterB#
Updating Routing Information Example (cont.) E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterB#debug ip igrp transactions RouterB# 1d20h: IGRP: received update from 10.1.1.1 on Serial2 1d20h: network 172.16.0.0, metric 89056 (neighbor 1100) RouterB# RouterB#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2 10.0.0.0/24 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial2 C 10.2.2.0 is directly connected, Serial3 I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:18, Serial3 RouterB#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
192.168.1.0
EIGRP Overview © 2000, Cisco Systems, Inc.
www.cisco.com
6-412
What Is Enhanced IGRP (EIGRP)? IP Routing Protocols AppleTalk Routing Protocol
IP Routing Protocols Enhanced IGRP
IPX Routing Protocols
AppleTalk Routing Protocol
IPX Routing Protocols
– EIGRP supports: • Rapid convergence • Reduced bandwidth usage • Multiple network-layer protocols
EIGRP Features • • • • •
Advanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF
EIGRP Features (cont.) • Incremental updates • Supports VLSM and discontiguous networks • Classless routing • Compatible with existing IGRP networks • Protocol independent (supports IPX and AppleTalk)
Advantages of EIGRP • Uses multicast instead of broadcast • Utilizes link bandwidth and delay – EIGRP metric = IGRP metric x 256 (32 bit vs. 24 bit)
• Unequal cost path load balancing • More flexible than OSPF – Manual summarization can be done in any interface at any router within the network
EIGRP Support for Route Summarization 172.16.0.0 /24
172.16.0.0 /16
192.168.42.0 /27
10.0.0.0 /18
172.16.0.0 /16 192.168.42.0 /24
• EIGRP performs route summarization – Classful network boundaries (default) – Arbitrary network boundaries (manual)
EIGRP Packets • Hello: Establish neighbor relationships • Update: Send routing updates • Query: Ask neighbors about routing information • Reply: Response to query about routing information • ACK: Acknowledgement of a reliable packet
EIGRP Neighbor Relationship • Two routers become neighbors when they see each other’s hello packet – Hello address = 224.0.0.10 • Hellos sent once every 5 seconds on the following links: – Broadcast media: Ethernet, Token Ring, FDDI – Point-to-point serial links: PPP, HDLC, point-to-point Frame Relay/ATM subinterfaces – Multipoint circuits with bandwidth greater than T1: ISDN PRI, Frame Relay
EIGRP Neighbor Relationship (cont.) • Hellos sent once every 60 seconds on the following links: – Multipoint circuits with bandwidth less than T1: ISDN BRI, Frame Relay, and so on
• Neighbor declared dead when no EIGRP packets are received within hold interval – Not only hello can reset the hold timer
• Hold time by default is three times the hello time
EIGRP Neighbor Relationship (cont.) • EIGRP will form neighbors even though hello time and hold time don’t match • EIGRP sources hello packets from primary address of the interface • EIGRP will not form neighbor if K-values are mismatched • EIGRP will not form neighbor if AS numbers are mismatched
What Is in a Neighbor Table? p2r2
p2r2#show ip eigrp neighbors IP-EIGRP neighbors for process 400 H Address Interface Hold Uptime (sec) 1 172.68.2.2 To0 13 02:15:30 0 172.68.16.2 Se1 10 02:38:29
SRTT (ms) 8 29
RTO Q Seq Cnt Num 200 0 9 200 0 6
EIGRP Reliability • EIGRP reliable packets are packets that require explicit acknowledgement: – Update – Query – Reply
• EIGRP unreliable packets are packets that do not require explicit acknowledgement: – Hello – ACK
EIGRP Reliability (cont.) • The router keeps a neighbor list and a retransmission list for every neighbor • Each reliable packet (update, query, reply) will be retransmitted when packet is not acknowledged • Neighbor relationship is reset when retry limit (limit = 16) for reliable packets is reached
Initial Route Discovery A 1 Hello
B I am router A, who is on the link?
Initial Route Discovery A 1 Hello
B I am router A, who is on the link?
Here is my complete routing information. Update
3
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
3 5
Ack
Thanks for the information!
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
Update Here is my complete route information.
6
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
Update Here is my complete route information.
Thanks for the information!
Converged
Ack
6
2
EIGRP Route Selection IP
IP A
AppleTalk
T1
B
19.2
T1
AppleTalk IPX
IPX T1 C
D
• EIGRP uses a composite metric to pick the best path
EIGRP Metrics Calculation • Metric = [K1 x BW + (K2 x BW) / (256 - load) + K3 x delay] x [K5 / (reliability + K4)] – By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0
• Delay is sum of all the delays of the links along the paths – Delay = [Delay in 10s of microseconds] x 256
• Bandwidth is the lowest bandwidth of the links along the paths – Bandwidth = [10000000 / (bandwidth in Kbps)] x 256
• By default, metric = bandwidth + delay
EIGRP DUAL • Diffusing Update Algorithm (DUAL) • Finite-state machine – Tracks all routes advertised by neighbors – Select loop-free path using a successor and remember any feasible successors – If successor lost: • Use feasible successor
– If no feasible successor: • Query neighbors and recompute new successor
DUAL Example (Start) (a)
C (a)
A (1) (1) B
D (2)
(2)
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (a)
C (a)
A (1) (1) B
X
(2)
(2)
D
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (cont.) (a)
C (a)
via B via D via E
A (1)
B
D (2)
(2)
Q
(1)
Q
(1) C
EIGRP
E
FD AD 3 3 1 4
3
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
5
Topology (fd) (Successor)
3
Topology (fd) (q) (q)
Topology (fd) (Successor)
DUAL Example (cont.) (a)
C (a)
FD AD 3 3 1
Topology (fd) (Successor)
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
Topology (fd) (q)
E EIGRP (a) **ACTIVE** via D via C
FD AD -1
Topology (fd)
4
(q)
via B via D via E
A (1)
B
D (2)
(2)
R
Q
5
3
(1)
(1) C
EIGRP
E
3
DUAL Example (cont.) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
Topology (fd) (q)
E EIGRP (a) via C via D
FD AD 4 4 3
5
3
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
R
E
Topology (fd) (Successor)
DUAL Example (cont.) (a)
C (a)
(1)
B
D R (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
DUAL Example (cont.) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
DUAL Example (Start) (a)
C (a)
A (1) (1) B
D (2)
(2)
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (End) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
EIGRP Load Balancing • Routes with metric equal to the minimum metric will be installed in the routing table (equal-cost load balancing) • Up to six entries in the routing table for the same destination – Number of entries is configurable – Default is four
EIGRP Unequal-Cost Load Balancing • EIGRP offers unequal-cost load balancing – variance command
• Variance allows the router to include routes with a metric smaller than multiplier times the minimum metric route to that destination – Multiplier is the number specified by the variance command
Variance Example 20
B
10 E
10 10 A
C
Network Z
(config)#
variance 2
25
20
D
• Router E will choose Router C to get to Network Z because FD = 20 • With variance of 2, Router E will also choose Router B to get to Network Z (20 + 10) < (2 x [FD]) • Router D will not be used to get to Network Z (45 > 40)
Configuring EIGRP © 2000, Cisco Systems, Inc.
www.cisco.com
6-446
Configuring EIGRP for IP AS = 109
10.4.0.0 Token
172.16.6.0
Ring
172.16.7.0
192.168.1.0
S0
172.16.5.0
S1
T0
10.1.0.0
E
A
172.16.2.0 S2
172.16.1.0
B D
10.2.0.0
172.16.3.0
C
Token Ring
172.16.4.0
router eigrp 109 network 10.0.0.0 network 172.16.0.0
• Network 192.168.0.0 is not configured on Router A because it is not directly connected to Router A
EIGRP Summarization—Automatic • Purpose: Smaller routing tables, smaller updates, query boundary • Autosummarization: – On major network boundaries, subnetworks are summarized to a single classful (major) network – Autosummarization is turned on by default
172.17.X.X
172.16.X.X 172.16.0.0/16
EIGRP Summarization—Manual • Manual summarization – Configurable on a per-interface basis in any router within network – When summarization is configured on an interface, the router immediate creates a route pointing to null zero • Loop prevention mechanism
– When the last specific route of the summary goes away, the summary is deleted – The minimum metric of the specific routes is used as the metric of the summary route
Configuring Summarization (config-router)#
no auto-summary
• Turns off autosummarization for the EIGRP process (config-if)#
ip summary-address eigrp <mask>
• Creates a summary address to be generated by this interface
Summarizing EIGRP Routes 192.168.4.2 172.16.1.0
A
10.0.0.0
S0 C
172.16.2.0
router eigrp 1 network 10.0.0.0 network 172.16.0.0 no auto-summary
B
World
Verifying EIGRP Operation © 2000, Cisco Systems, Inc.
www.cisco.com
6-452
Verifying EIGRP Operation Router#
show ip eigrp neighbors Router#
show ip eigrp topology Router#
show ip route eigrp Router#
show ip protocols Router#
show ip eigrp traffic
– Displays the neighbors discovered by IP EIGRP – Displays the IP EIGRP topology table – Displays current EIGRP entries in the routing table – Displays the parameters and current state of the active routing protocol process – Displays the number of IP EIGRP packets sent and received
Verifying EIGRP Operation (cont.) Router#
debug eigrp packet Router#
debug eigrp neighbor Router#
debug ip eigrp route Router#
debug ip eigrp summary Router#
show ip eigrp events
– Displays all types of EIGRP packets, both sent and received – Displays the EIGRP neighbor interaction – Displays advertisements and changes EIGRP makes to the routing table – Displays a brief report of the EIGRP routing activity – Displays the different categories of EIGRP activity, including route calculations
© 2002, Cisco Systems, Inc. All rights reserved.
ACCESS-LISTS
Why Use Access Lists?
Token Ring FDDI
– Manage IP Traffic as network access grows
Why Use Access Lists? 172.16.0.0
Internet
Token Ring FDDI
172.17.0.0
– Manage IP traffic as network access grows – Filter packets as they pass through the router
Access List Applications Transmission of packets on an interface
Virtual terminal line access (IP)
– Permit or deny packets moving through the router – Permit or deny vty access to or from the router – Without access lists all packets could be transmitted onto all parts of your network
Other Access List Uses Priority and custom queuing Queue List
Special handling for traffic based on packet tests
Other Access List Uses Priority and custom queuing Queue List
Dial-on-demand routing
Special handling for traffic based on packet tests
What Are Access Lists? E0 Incoming Packet
Access List Processes Outgoing Packet
Source Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
What Are Access Lists? E0
Access List Processes
Incoming Packet
Protocol
Source and Destination
Outgoing Packet Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
– Extended – Checks Source and Destination address – Generally permits or denies specific protocols
What Are Access Lists? E0
Access List Processes
Incoming Packet
Protocol
Source and Destination
Outgoing Packet Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
– Extended – Checks Source and Destination address – Generally permits or denies specific protocols
• Inbound or Outbound
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
Outbound Interfaces
Routing Table Entry
? N
S0
Access N List ? Y
Packet Discard Bucket
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
N
Outbound Interfaces
Test Access List Statements
Routing Table Entry
?
S0
Access N List ? Y
Packet Discard Bucket
E0
Packet Permit ?
Y
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
N
Outbound Interfaces
Test Access List Statements
Routing Table Entry
?
S0
Access N List ?
E0
Packet Permit ?
Y
Y N
Discard Packet Notify Sender
Packet Discard Bucket If no access list statement matches then discard the packet
A List of Tests: Deny or Permit Packets to interfaces in the access group
Match First Test Y Y ?
Deny
Permit Destination Interface(s)
Packet Discard Bucket
Deny
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Permit Y
Match Next Test(s) ?
Y
Permit
Destination Interface(s)
Packet Discard Bucket
Deny
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Deny
Packet Discard Bucket
Permit Y
Y
Match Next Test(s) ? N Match Last Test ?
Deny
Y
Permit
Destination Interface(s)
Y
Permit
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Deny
Packet Discard Bucket
Permit Y
Y
Match Next Test(s) ? N
Y
Match Y Last Test ? N Implicit Deny
Deny
Permit
Destination Interface(s)
Permit
If no match deny all
Access List Configuration Guidelines – – – – –
Access list numbers indicate which protocol is filtered One access list per interface, per protocol, per direction The order of access list statements controls testing Most restrictive statements should be at the top of list There is an implicit deny any as the last access list test— every list should have at least one permit statement – Create access lists before applying them to interfaces – Access list, filter traffic going through the router; they do not apply to traffic originated from the router
Access List Command Overview Step 1: Set parameters for this access list test statement (which can be one of several statements) Router(config)# access-list access-list-number { permit | deny } { test conditions }
Access List Command Overview Step 1: Set parameters for this access list test statement (which can be one of several statements) Router(config)# access-list access-list-number { permit | deny } { test conditions }
Step 2: Enable an interface to use the specified access list Router(config-if)# { protocol } access-group access-list-number {in | out}
IP Access lists are numbered 1-99 or 100-199
How to Identify Access Lists Access List Type IP
Standard
Number Range/Identifier 1-99
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses
How to Identify Access Lists Access List Type IP
Standard Extended
Number Range/Identifier 1-99 100-199
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses – Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports
How to Identify Access Lists Access List Type
Number Range/Identifier
IP
Standard Extended Named
1-99 100-199 Name (Cisco IOS 11.2 and later)
IPX
Standard Extended SAP filters Named
800-899 900-999 1000-1099 Name (Cisco IOS 11.2. F and later)
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses – Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports – Other access list number ranges test conditions for other networking protocols
Testing Packets with Standard Access Lists Frame Header (for example, HDLC)
Packet (IP header)
Segment (for example, TCP header)
Source Address
Data
Use access list statements 1-99 Deny
Permit
Testing Packets with Extended Access Lists • An Example from a TCP/IP Packet Frame Header (for example, HDLC)
Packet (IP header)
Segment (for example, TCP header)
Data
Port Number Protocol Source Address Destination Address Deny
Use access list statements 1-99 or 100-199 to test the packet
Permit
Wildcard Bits: How to Check the Corresponding Address Bits 128
64
32
16
8
4
2
Octet bit position and address value for bit
1
0
0
0
0
0
0
0
0
=
Examples check all address bits (match all)
0
0
1
1
1
1
1
1
=
ignore last 6 address bits
0
0
0
0
1
1
1
1
=
ignore last 4 address bits
1
1
1
1
1
1
0
0
=
check last 2 address bits
1
1
1
1
1
1
1
1
=
do not check address (ignore bits in octet)
– 0 means check corresponding address bit value – 1 means ignore value of corresponding address bit
Wildcard Bits to Match a Specific IP Host Address Test conditions: Check all the address bits (match all) An IP host address, for example: 172.30.16.29 Wildcard mask: 0.0.0.0 (checks all bits)
– Example 172.30.16.29 0.0.0.0 checks all the address bits – Abbreviate this wildcard mask using the IP address preceded by the keyword host (host 172.30.16.29)
Wildcard Bits to Match Any IP Address Test conditions: Ignore all the address bits (match any) Any IP address 0.0.0.0
Wildcard mask: 255.255.255.255 (ignore all)
– Accept any address: 0.0.0.0 255.255.255.255 – Abbreviate the expression using the keyword any
Wildcard Bits to Match IP Subnets Check for IP subnets 172.30.16.0/24 to 172.30.31.0/24 Address and wildcard mask: 172.30.16.0 0.0.15.255 Network .host 172.30.16.0
Wildcard mask:
0
0
0
1
0
0
0
0
0
0
0
0
1
1
1
1
|<---- match ---->|<----- don’t care ----->| 0
0
0
1
0
0
0
0
=
16
0
0
0
1
0
0
0
1
=
17
0
0
0
1
0
0
1
0
=
18
: 0
0
0
1
: 1
1
1
1
=
31
Configuring Standard IP Access Lists © 1999, Cisco Systems, Inc.
www.cisco.com
10-484
Standard IP Access List Configuration Router(config)# access-list access-list-number {permit|deny} source [mask] • Sets parameters for this list entry • IP standard access lists use 1 to 99 • Default wildcard mask = 0.0.0.0 • “no access-list access-list-number” removes entire access-list
Standard IP Access List Configuration Router(config)# access-list access-list-number {permit|deny} source [mask] • Sets parameters for this list entry • IP standard access lists use 1 to 99 • Default wildcard mask = 0.0.0.0 • “no access-list access-list-number” removes entire access-list
Router(config-if)# ip access-group access-list-number – – – –
{ in | out }
Activates the list on an interface Sets inbound or outbound testing Default = Outbound “no ip access-group access-list-number” removes access-list from the interface
Standard IP Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)
Standard IP Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out interface ethernet 1 ip access-group 1 out
Permit my network only
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0
Deny a specific host
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255)
Deny a specific host
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
172.16.4.0
S0 E0
E1
172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out
Deny a specific host
Standard IP Access List Example 3 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255 access-list 1 permit any (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255)
Deny a specific subnet
Standard IP Access List Example 3 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255 access-list 1 permit any (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out
Deny a specific subnet
Control vty Access With Access Class © 1999, Cisco Systems, Inc.
www.cisco.com
10-494
Filter Virtual Terminal (vty) Access to a Router e0
console Console port (direct connect)
0 1 2 34
Physical port e0 (Telnet)
Virtual ports (vty 0 through 4)
– Five virtual terminal lines (0 through 4) – Filter addresses that can access into the router’s vty ports – Filter vty access out from the router
How to Control vty Access e0
0 1 2 34 Physical port (e0) (Telnet) Router#
Virtual ports (vty 0 through 4)
– Setup IP address filter with standard access list statement – Use line configuration mode to filter access with the access-class command – Set identical restrictions on all vtys
Virtual Terminal Line Commands Router(config)#
• line vty#{vty# | vty-range}
– Enters configuration mode for a vty or vty range Router(config-line)#
• access-class access-list-number {in|out}
– Restricts incoming or outgoing vty connections for address in the access list
Virtual Terminal Access Example Controlling Inbound Access
• access-list 12 permit 192.89.55.0 0.0.0.255 • ! • line vty 0 4 • access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to the router’s vtys
Configuring Extended IP Access Lists © 1999, Cisco Systems, Inc.
www.cisco.com
10-499
Standard versus External Access List Standard
Extended
Filters Based on Source.
Filters Based on Source and destination.
Permit or deny entire TCP/IP protocol suite.
Specifies a specific IP protocol and port number.
Range is 1 through 99
Range is 100 through 199.
Extended IP Access List Configuration Router(config)# access-list access-list-number { permit | deny } protocol source source-wildcard [operator port] destination destination-wildcard [ operator port ] [ established ] [log]
– Sets parameters for this list entry
Extended IP Access List Configuration Router(config)# { permit | deny [operator port] [ operator port
access-list access-list-number } protocol source source-wildcard destination destination-wildcard ] [ established ] [log]
– Sets parameters for this list entry Router(config-if)# ip access-group access-listnumber { in | out }
• Activates the extended list on an interface
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 101 out
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0
172.16.4.13
0.0.0.255
any eq 23
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all)
172.16.4.13
0.0.0.255
any eq 23
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all)
172.16.4.13
0.0.0.255
any eq 23
interface ethernet 0 ip access-group 101 out
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)#
ip access-list { standard | extended } name
• Alphanumeric name string must be unique
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)#
ip access-list { standard | extended } name
• Alphanumeric name string must be unique Router(config {std- | ext-}nacl)#
{ permit | deny } { ip access list test conditions } { permit | deny } { ip access list test conditions } no { permit | deny } { ip access list test conditions }
• Permit or deny statements have no prepended number • "no" removes the specific test from the named access list
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)# ip access-list { standard | extended } name
• Alphanumeric name string must be unique Router(config {std- | ext-}nacl)# { permit | deny }
{ ip access list test conditions } { permit | deny } { ip access list test conditions } no { permit | deny } { ip access list test conditions }
• Permit or deny statements have no prepended number • "no" removes the specific test from the named access list Router(config-if)# ip access-group name { in | out }
• Activates the IP named access list on an interface
Access List Configuration Principles – Order of access list statements is crucial Recommended: use a text editor on a TFTP server or use PC to cut and paste
– Top-down processing Place more specific test statements first
– No reordering or removal of statements Use no access-list number command to remove entire access list Exception: Named access lists permit removal of individual statements
– Implicit deny all Unless access list ends with explicit permit any
Where to Place IP Access Lists S0
E0
B
E0
S0 S1 S1
A
To0
Token Ring
D
C
E0
E0
E1
Recommended: – Place extended access lists close to the source – Place standard access lists close to the destination
Verifying Access Lists wg_ro_a#show ip int e0 Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled
Monitoring Access List Statements wg_ro_a#show {protocol} access-list {access-list number}
wg_ro_a#show access-lists {access-list number} wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1 Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data
SILICON COMNET PVT `.LTD.
WAN PROTOCOLS
Typical WAN Encapsulation Protocols: Layer 2 Leased Line
HDLC, PPP, SLIP
X.25, Frame Relay, ATM Packet-switched
Service Provider
PPP, SLIP, HDLC
Circuit-switched
Telephone Company
HDLC Frame Format Cisco HDLC Flag
Address
Control
Proprietary
Data
FCS
Flag
• Cisco’s HDLC has a proprietary data field to support multiprotocol environments HDLC Flag
Address
Control
Data
FCS
• Supports only single protocol environments
Flag
HDLC Command Router(config-if)#encapsulation hdlc
• Enable hdlc encapsulation • HDLC is the default encapsulation on synchronous serial interfaces
An Overview of PPP Multiple protocol encapsulations using NCPs in PPP
TCP/IP Novell IPX AppleTalk
PPP Encapsulation
Link setup and control using LCP in PPP
• PPP can carry packets from several protocol suites using Network Control Programs • PPP controls the setup of several link options using LCP
Layering PPP Elements IP
IPX
IPCP
PPP
IPXCP
Layer 3 Protocols
Network Layer
Many Others
Network Control Protocol
Data Link Layer
Authentication, other options Link Control Protocol Synchronous or Asynchronous Physical Media
Physical Layer
• PPP—A data link with network-layer services
PPP LCP Configuration Options Feature Authentication
How It Operates
Protocol
Require a password
PAP Perform Challenge Handshake CHAP
Compression
Compress data at source; reproduce data at destination
Stacker or Predictor
Error Detection
Monitor data dropped on link
Magic Number
Multilink
Load balancing across multiple links
Avoid frame looping
Multilink Protocol (MP)
PPP Authentication Overview Dialup or Circuit-Switched Network
PPP Session Establishment 1 2 3
Link Establishment Phase Optional Authentication Phase Network-Layer Protocol Phase
•Two PPP authentication protocols: PAP and CHAP
Selecting a PPP Authentication Protocol Remote Router (SantaCruz)
PAP 2-Way Handshake
Central-Site Router (HQ)
“santacruz, boardwalk”
Accept/Reject Hostname: santacruz Password: boardwalk
username santacruz password boardwalk
• Passwords sent in clear text • Peer in control of attempts
Selecting a PPP Authentication Protocol (cont.) Remote Router (SantaCruz)
CHAP 3-Way Handshake
Central-Site Router (HQ)
Challenge Response
Hostname: santacruz Password: boardwalk
Accept/Reject
username santacruz password boardwalk
•Use “secret” known only to authenticator and peer
Configuring PPP and Authentication Overview Verify who you are. Service Provider
Authenticating Router
Router to Be Authenticated (The router that initiated the call.)
(The router that received the call.) Enabling PPP
Enabling PPP
Enabling PPP Authentication
Enabling PPP Authentication
ppp encapsulation hostname username / password ppp authentication
ppp encapsulation hostname username / password ppp authentication
Configuring PPP
Router(config-if)#encapsulation ppp Enable PPP encapsulation
Configuring PPP Authentication Router(config)#hostname name
• Assigns a host name to your router Router(config)#username name password password
• Identifies the username and password of authenticating router
Configuring PPP Authentication (cont.) Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap}
Enables PAP and/or CHAP authentication
Configuring CHAP Example Left router
• • • • • • •
PSTN/ISDN
hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
Right router
hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP
Verifying HDLC and PPP Encapsulation Configuration Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying PPP Authentication with the debug ppp authentication Command Left router
•4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: changed
Service Provider
Right router
%LINK-3-UPDOWN: Interface Serial0, changed state to up Se0 PPP: Treating connection as a dedicated line Se0 PPP: Phase is AUTHENTICATING, by both Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" Se0 CHAP: O RESPONSE id 3 len 28 from ”left" Se0 CHAP: I RESPONSE id 2 len 28 from ”right" Se0 CHAP: O SUCCESS id 2 len 4 Se0 CHAP: I SUCCESS id 3 len 4 dialer Protocol up for Se0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, state to up
debug ppp authentication successful CHAP output
Frame Relay Overview DCE or Frame Relay Switch CSU/DSU
Frame Relay works here.
– Virtual circuits make connections – Connection-oriented service
Frame Relay Stack OSI Reference Model
Frame Relay
Application Presentation Session Transport
Network
IP/IPX/AppleTalk, etc.
Data Link
Frame Relay
Physical
EIA/TIA-232, EIA/TIA-449, V.35, X.21, EIA/TIA-530
Frame Relay Terminology PVC DLCI: 100 DLCI: 200
LMI 100=Active 400=Active
DLCI: 400 Local Access Loop=64 kbps
Local Access Loop=T1 PVC
DLCI: 500
Local Access Loop=64 kbps
Frame Relay Address Mapping DLCI: 500
PVC
CSU/DSU
Inverse ARP or Frame Relay map Frame Relay DLCI (500)
IP (10.1.1.1)
– Get locally significant DLCIs from provider – Map your network addresses to DLCIs
10.1.1.1
Frame Relay Signaling DLCI: 500
PVC
10.1.1.1
CSU/DSU LMI 500=Active 400=Inactive
DLCI: 400
x
PVC
Keepalive
• Cisco supports three LMI standards: – Cisco – ANSI T1.617 Annex D – ITU-T Q.933 Annex A
Frame Relay Inverse ARP and LMI Operation 1 DLCI=100 172.168.5.5
Frame Relay Cloud
DLCI=400 172.168.5.7
Frame Relay Inverse ARP and LMI Operation 1 DLCI=100 172.168.5.5
2
Status Inquiry
Frame Relay Cloud
DLCI=400 172.168.5.7 Status Inquiry
2
Frame Relay Inverse ARP and LMI Operation 1
Frame Relay Cloud
DLCI=100
DLCI=400
172.168.5.5
2
172.168.5.7
Status Inquiry
Local DLCI 100=Active
Status Inquiry
3
34
2
Local DLCI 400=Active
Frame Relay Inverse ARP and LMI Operation 1
Frame Relay Cloud
DLCI=100
DLCI=400
172.168.5.5
172.168.5.7
Status Inquiry
2
Local DLCI 100=Active
4
Status Inquiry
3
34
Hello, I am 172.168.5.5 on DLCI 100. who r u ?
2
Local DLCI 400=Active
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7 on DLCI 400.
5
Frame Relay Map 172.168.5.7 DLCI 100 Active
5 4
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7.
5
6
Frame Relay Map 172.168.5.7 DLCI 100 Active Hello, I am 172.168.5.5 on DLCI 100.
5 4
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7.
5
6 7
5 4
Frame Relay Map 172.168.5.7 DLCI 100 Active Hello, I am 172.168.5.5. Keepalives
Keepalives
7
Configuring Basic Frame Relay Rel. 11.2 Router HQ
interface Serial1 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay bandwidth 64
Rel. 10.3 Router Branch
interface Serial1 ip address 10.16.0.2 255.255.255.0 encapsulation frame-relay bandwidth 64 frame-relay lmi-type ansi
Configuring Basic Frame Relay (cont.) Rel. 11.2 Router HQ
Rel. 10.3 Router Branch
interface Serial1 interface Serial1 ip address 10.16.0.2 255.255.255.0 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay encapsulation frame-relay bandwidth 64 bandwidth 64 frame-relay lmi-type ansi
Inverse ARP • Enabled by default • Does not appear in configuration output
Configuring a Static Frame Relay Map DLCI=110 IP address=10.16.0.1/24
p1r1 HQ
Branch DLCI=100 IP address=10.16.0.2/24
interface Serial1 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay bandwidth 64 frame-relay map ip 10.16.0.2 110 broadcast
Verifying Frame Relay Operation Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5 Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Networking Basics
How a LAN Is Built
www.cisco.com
© 1999, Cisco Systems, Inc.
Local-Area Network—LAN • What is a LAN? – A collection of computers, printers, and other devices that can communicate with each other in a small area (< ~ 3000 m or 1000 feet)
• What are the components? – Computers, operating system (OS), network interface card (NIC), and hubs
• How is a LAN controlled? – Protocols—Formal descriptions of sets of rules and conventions that govern how devices on a network exchange information
Local-Area Networks • LANs are designed to: – Operate within a limited geographic area – Allow multi-access to high-bandwidth media – Control the network privately under local administration – Provide full-time connectivity to local services – Connect physically adjacent devices
Network Operating System (OS) • Software that allows communicating and sharing of data and network resources • Examples: – AppleTalk – NetWare – Win NT
PC or Workstation Loaded with NOS
Network Interface Card • Amplifies electronic signals • Packages data for transmission • Physically connects computer to transmission media (cable) PC or Workstation Loaded with NOS Connector Port
Network Interface Card (NIC)
1990s—Global Internetworking
• 1992—1 major backbone, 3,000 networks, 200K computers • 1995—Multiple backbones, hundreds of regional nets, tens of thousands of LAN’s, millions of hosts, tens of millions of users
Doubling every year!
The OSI Model • OSI Layer is meant for Networking manufacturers and developers to provide them a standard based on which they can make their products. • All OSI Layers are independent from each other, which makes introducing changes easier as no other layers are effected. • Ease of Troubleshooting.
The Layered Model
© 1999, Cisco Systems, Inc.
www.cisco.com
Layered Communication Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Message
Information for the Remote Translator
Information for the Remote Secretary Source: Tanenbaum, 1996
Layered Communication Location B
Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Message
J’aime les lapins
Information for the Remote Translator
L: Dutch Ik hou van konijnen
Information for the Remote Secretary
Fax #:--L: Dutch Ik hou van konijnen
Layered Communication Location A I like rabbits
L: Dutch Ik hou van konijnen
Fax #:--L: Dutch Ik hou van konijnen
Layers Message
Information for the remote translator
Information for the remote secretary
Location B
3
J’aime les lapins
2
L: Dutch Ik hou van konijnen
1
Fax #:--L: Dutch Ik hou van konijnen
Why a Layered Network Model? 7
Application
6
Presentation
5
Session
4
Transport
3
Network
2
Data Link
1
Physical
• Reduces complexity (one big problem to seven smaller ones) • Standardizes interfaces • Facilitates modular engineering • Assures interoperable technology • Accelerates evolution • Simplifies teaching and learning
Devices Function at Layers
NIC Card
7
Application
6
Presentation
5
Session
4
Transport
3
Network
2
Data Link
1
Physical
Hub
Host Layers 7
Application
6
Presentation
5
Session
4
Transport Network
3
Data Link
1
Physical
}
Host layers: Provide accurate data delivery between computers
Media Layers 7
Application
6
Presentation
5
Session
4 Transport 3
Network
2
Data Link
1
Physical
} }
Host layers: Provide accurate data delivery between computers
Media layers: Control physical delivery of messages over the network
Layer Functions 7
Application
Provides network services to application processes (such as electronic mail, file transfer, and terminal emulation)
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation • Ensures data is readable by receiving system • Format of data • Data structures • Negotiates data transfer syntax for application layer
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
Inter-host communication • Establishes, manages, and terminates sessions between applications
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
Inter-host communication End-to-end connection reliability • Concerned with data transport issues between hosts • Data transport reliability • Establishes, maintains, and terminates virtual circuits • Fault detection and recovery • Information flow control
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Inter-host communication End-to-end connection reliability Addresses and best path • Provides connectivity and path selection between two end systems • Domain of routing
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Addresses and best path
2
Data Link
Access to media
Inter-host communication
End-to-end connection reliability
• Provides reliable transfer of data across media • Physical addressing, network topology, error notification, flow control
Layer Functions 7
Application
Network services to applications
6
Presentation
Data representation
5
Session
4
Transport
3
Network
Addresses and best path
2
Data Link
Access to media
1
Physical
Binary transmission • Wires, connectors, voltages, data rates
Inter-host communication End-to-end connection reliability
Peer-to-Peer Communications Host A
Host B
7
Application
Application
6
Presentation
Presentation
5
Session
Session
4
Transport
Segments
Transport
3
Network
Packets
Network
2
Data Link
Frames
Data Link
1
Physical
Bits
Physical
Application Layer • This is where users communicate to the computer. • This is where communication between two users are established. • This is a point where user or application interfaces with the protocols to gain access to the network. • Examples are WWW, Telnet, FTP, TFTP, Email, SNMP, DNS
Presentation Layer • Tasks like Translation, Encryption, decryption, compression, decompression are associated with this layer. • It receives the data in native format & converts in standard format or receives data in standard format and converts in native format, ie. EBCDIC to ASCII. • It is mainly responsible for how the data is to be presented to the Application Layer. • Examples are PICT, TIFF, JPEG, MIDI, MPEG, GIFF etc.
Presentation Layer • • login:
•
Text Data ASCII EBCDIC Encrypted
•
Graphics Visual images
• Sound MIDI
• Video MPEG QuickTime
• Provides code formatting and conversion for applications
PICT TIFF JPEG GIF
Session Layer – Session Establishment •Establishes a session between two devices before actual transmission of data.
– Dialog Control •Simplex •Half Duplex •Full Duplex
Session Layer •
Simplex – Data travels only one way. • Radio transmission is the best example of this.
•
Half Duplex – Both way but one at a time. By default all LAN Cards (NICs) work on Half Duplex.
•
Full Duplex – Both way at the same time.
Session Layer • • • • • •
Network File System (NFS) Structured Query Language (SQL) Remote-Procedure Call (RPC) X Window System AppleTalk Session Protocol (ASP) DEC Session Control Protocol (SCP)
Service Request Service Reply
• Coordinates applications as they interact on different hosts
Transport Layer • • • •
Segments upper-layer applications Establishes an end-to-end connection Sends segments from one end host to another Optionally, ensures data reliability
Transport Layer • Transport Layer never actually transports the data but only prepares for transporting. • Uses Socket to define the services running on a particular node, the data is associated with. • Responsible for the following : – Segmentation – End-to-end Communication – Flow Control – Error Control – Multiplexing of Applications • TCP, UDP and SPX work at this layer
Socket • •
Socket is a software component and points to a particular service running on a particular node. Structure of a socket – IP Address + Port Address • Each service has a unique Port address • Max. Port Addresses can be 65,536 • Port address 1-1023 is reserved for specific Services like – WWW – FTP – SMTP
-
80 21 25
• Port Addresses are reserved for standardization purpose.
Transport Layer— Segments Upper-Layer Applications Application
Electronic
File
Terminal
Presentation
Transfer
Session
Session
Transport
Application Port
Data
Application Port
Segments
Data
Port Numbers
Application Layer
Transport Layer
F T P
T E L N E T
S M T P
D N S
T F T P
S N M P
R I P
21
23
25
53
69
161
520
TCP
UDP
Port Numbers
Segmentation
• This is a mechanism wherein the data is divided into multiple segments and sent over the network. • By doing this different segments can use different links for travelling across the network. • If one segment is lost the only segment is required to be resent and not the entire data. • Once all segments reach to the destination the received segments have to be sequenced back, which is also done at this layer.
Transport Layer— Sends Segments with Flow Control Transmit Sender
Stop
Go
Receiver
Not Ready
Buffer Full Process Segments
Ready
Resume Transmission
Buffer OK
Flow Control • Used while connection oriented communication • It helps to have a control on over flow of Buffer. • Advantages are: – The segments delivered are acknowledged if received – Any segment not acknowledged are retransmitted – segments are sequenced back upon their arrival – Congestion, Overloading and data loss are avoided • To achieve all this it uses the technique of Sliding window or Windowing
Transport Layer— Establishes Connection Sender
Receiver
Synchronize Negotiate Connection Synchronize Acknowledge
Connection Established Data Transfer (Send Segments)
End-to-End Communication • Connection Less Transmission – UDP is used – Not reliable – Faster
• Connection Oriented Transmission – TCP or SPX is used – Reliable – Slower
Connection Oriented Protocol • These protocols relies on Acknowledgement. • Positive acknowledgement means data has been received. • Negative acknowledgement means data is lost no further data is sent till positive acknowledgement is received. • It is slow but Reliable. • Eg. TCP and SPX
Transport Layer— Reliability with Windowing • Window Size = 1 Send 1 Sender
Receive 1 Ack 2 Receive 2 Ack 3
Send 2
Receiver
• Window Size = 3
Sender
Send 1 Send 2 Send 3 Send 4
Receive 1 Receive 2 Receive 3 Ack 4
Receiver
Transport Layer— An Acknowledgement Technique Sender
1 2 3 4 5 6 7
Receiver
1 2 3 4 5 6 7
Send 1 Send 2 Send 3 Ack 4 Send 4 Send 5 Send 6 Ack 5
Send 5 Ack 7
Connection Less Protocol • They do not provide acknowledgement neither sequence numbers. • It is faster but not reliable • Eg. UDP
Network Layer • •
• • •
It is responsible for communicating Networks It recognizes Networks with the help of Netwok Addresses – Network Address is a logical address like IP Address or IPX Address – It is common for a group of computers It works only with Network IDs and has got nothing to do with host Ids. Path determination or Routing is performed at this layer. Router works at this layer.
Network Layer: Path Determination
Which Which Path? Path?
• Layer 3 functions to find the best path through the internetwork
Network Layer: Communicate Path 5
2 4
9 6
8 10
1
11
3
7
• Addresses represent the path of media connections
Addressing—Network and Node Network
Node
1
1 2 3
2
1
3
1
2.1 1.2 1.3
1.1
3.1
• Network address—Path part used by the router • Node address—Specific port or device on the network
Protocol Addressing Variations General Example
Network
Node
1
1
TCP/IP Example
Network
Host
10.
8.2.48
Novell IPX Example
Network 1aceb0b.
(Mask 255.0.0.0)
Node 0000.0c00.6e25
Network Layer Protocol Operations X
C C A A
• Each router provides its services to support upper layer functions
Y
Routed Versus Routing Protocol • Routed protocol used between routers to direct user traffic Examples: IP, IPX, AppleTalk • Routing protocol used only between routers to maintain routing tables Examples: RIP, IGRP, OSPF
Static Versus Dynamic Routes Static Route Uses a protocol route that a network administrator enters into the router
Dynamic Route Uses a route that a network protocol adjusts automatically for topology or traffic changes
Static Route Example
A A
Point-to-point or circuit-switched connection
Only a single network connection with no need for routing updates
• Fixed route to address reflects administrator’s knowledge
B B “Stub” network
Adapting to Topology Change
A A
B B
D D
C C
• Can an alternate route substitute for a failed route?
Adapting to Topology Change
A A
B B
X D D
C C
Adapting to Topology Change
A A
B B
X D D
C C
• Can an alternate route substitute for a failed route? Yes—With dynamic routing enabled
Data Link Layer • It uniquely identifies each device in the Network. • It translates data from Network Layer into bits for the Physical layer to transmit. • It formats the messages into Data Frames • Adds a customized header containing Source and Destination hardware address • This layer works with Frames This layer is logically divided in two sub-layers:
LLC (Logical Link Control) MAC (Media Access Control)
Physical Layer • • • •
Electrical and Mechanical settings are provided at this layer. Transmits data in the form of bits. This layer communicates directly with actual communication media. At this layer DCE & DTE are identified – DCE (Data Circuit-Terminating Equipment) • Located at Service Provider’s side
– DTE (Data Terminal Equipment) • The attached device at customer’ Place eg. Modem
•
– Services available to a DTE is most often accessed via a Modem or Channel Service Unit (CSU) Data Service Unit (DSU). HUBs & REPEATERS are working at this layer.
•
Max. troubleshooting occurs at this layer.
© 2002, Cisco Systems, Inc. All rights reserved.
DOD MODEL
The DoD
Model
• The Process / Application Layer • The Host-to-Host Layer
• The Internet Layer • The Network Layer
The DoD & OSI DoD Model
OSI Model Application
Application
Presentation Session
Host-to-Host Internet
Network Access
Transport Network Data Link Physical
Process/Application Layer • The Process / Application layer defines protocols for node-to-node application communication and also controls user-interface specification. • A vast array of protocols combine at this layer of DoD’s Model to integrate the activities and duties of upper layer of OSI. –Examples for this layer are : Telnet, FTP, TFTP, NFS, SMTP, SNMP, DNS DHCP, BootP etc.
Host-to-Host Layer • The Host-to-Host layer parallels the functions of the OSIs Transport layer • It performs the following: – Defining protocols for setting up the level of transmission service for Applications – It tackles issues like creating reliable ene-toend communication. – It ensures the error free delivery of data – It handles packet sequencing and maintains data integrity.
Internet Layer • Internet Layer corresponds to the OSI’s Network Layer. • It performs the following: –Designating the protocols relating to the logical transmission of packets over the entire network. –It takes care of the addressing of hosts by giving them an IP address. –It handles routing of packets among multiple networks.
Network Access Layer •This layer is equivalent of the Data Link and Physical Layer of OSI model. •It performs the following – It monitors the data exchange between the host and the network. – Network Access Layer overseas hardware addressing and defines protocols for the physical transmission of the Data. Lets have a look on how TCP/IP Protocol suit relates to the DoD model layers.
TCP/IP Protocol Suit at DoD TCP/IP Protocol Suit
DoD Model
Process / Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP ICMP
Internet Network Access
UDP
BootP
ARP
RARP
Token Ring
FDDI
IP Ethernet
Fast Ethernet
LOWER LAYERS PROTOCOLS
Common LAN Technologies • Ethernet • Token Ring
Token Ring
• FDDI
FDDI Dual Ring
Ethernet
© 1999, Cisco Systems, Inc.
www.cisco.com
Introduction • Ethernet is a methodology for accessing a media • It allows all hosts on a network to share the same bandwidth of a link. • It is popular because : – It is easy to implement & Troubleshoot – It is easy to add new technologies like Fast Ethernet and Gigabit Ethernet to existing infrastructure. • Ethernet uses Data Link Layer and Physical Layer Specification
• It uses something called
CSMA/CD
Ethernet Operation A
B
C
D
Ethernet Operation A
B
D Application Presentation Session Transport Network Data Link Physical
C
D
Ethernet Operation A
B
D Application Presentation Session Transport Network Data Link Physical
C
D
B and C Application Presentation Session Transport Network Data Link Physical
Ethernet LANs: How do they work? • Multiple workstations are connected to a “segment” • Each station has to take turns sending traffic • All stations listen to all traffic on their segment • Stations can only send data (Ethernet Frames) when no one else is sending
Ethernet LANs: MAC Addresses 0000.0c12.3456
0000.1018.321a
0000.0c12.1111
• Every workstation has a Network Interface Card (NIC) • Every NIC has a unique MAC address • Stations use MAC addresses to send Ethernet Frames to a specific station
Ethernet LANs: Unicast Frames 0000.0c12.3456
Frame To: 0000.0c12.3456
0000.1018.321a
0000.0c12.1111
• Ethernet frames contain the MAC address of the station that the frame was sent to • These are called “unicast” frames • All stations receive the Ethernet frame, but ignore the frames that are not addressed to their MAC address
Ethernet LANs: Broadcast Frames 0000.0c12.3456
Frame To: FFFF.FFFF.FFFF
0000.1018.321a
0000.0c12.1111
• Some Ethernet frames are sent to all stations • These are called “broadcast” frames • All stations process this frame
Flow Control Mechanism on Ethernet
Frame
Packet
• CSMA/CD is the mechanism that regulates the segment • Each station listens for other traffic before they transmit
Ethernet Collisions Collision! Packe Frame Packe Frame t t
Frame
Packet
Frame
Packet
• Sometimes stations transmit simultaneously • Two frames on the same segment collide • Collisions require each station to wait and resend
Ethernet Reliability A
B
C
D
A
B
C
D
Figure 1
Figure 2
Collision
Ethernet Reliability A
B
C
D
Collision
A
JAM
B
JAM
JAM
D
C
JAM
JAM
JAM
Ethernet Reliability A
B
C
D
Collision
A
JAM
B
JAM
JAM
C
JAM
D
JAM
• Carrier sense multiple access with collision detection (CSMA/CD)
JAM
CSMA/CD • CSMA/CD stands for Carrier Sense Multiple Access / Collision Detect.
• It is used by all NICs in Ethernet Networking • In this method all NICs first sense whether the cable is free or not. • If it is free the request is sent otherwise it waits.
Half Duplex Ethernet • It is defined in 802.3 Ethernet specifications • It uses only one wire pair for signals running in both direction. • CSMA/CD is used to prevent collision. • Half Duplex typically 10base T is 50-60 % efficient. (In CISCO views) • In a large 10 base T network you only get 3 to 4 MBPS at most.
Full Duplex • • • •
Full Duplex Ethernet uses two pairs of wires. It uses Point-to-Point connection There is no collision in Full Duplex Full Duplex is suppose to offer 100% efficiency in both direction • Means you can get 20 MBPS in 10 MBPS or 200 MBPS in Fast Ethernet running Full Duplex.
Auto Detect Mechanism • When a Full Duplex port is powered on, it first checks with remote end and decides whether it can run on 10 or 100 MBPS. • Then it checks to see whether it can run Full duplex or half duplex. • This is called Auto Detect Mechanism.
• Ethernet Addressing uses MAC Address – MAC addresses are burned on every NIC – It is a 48-bit address – It is written in the same format even if different LAN Technologies are used.
Ethernet Addressing
24 bits
Organizationally Unique Identifier (OUI) (Assigned by IEEE) Ethernet Addressing using MAC Addresses
24 bits
Vender Assigned
Ethernet and IEEE 802.3 •
Benefits and background – Ethernet is the most popular physical layer LAN technology because it strikes a good balance between speed, cost, and ease of installation – Supports virtually all network protocols – Xerox initiated, then joined by DEC & Intel in 1980
•
Revisions of Ethernet specification – Fast Ethernet (IEEE 802.3u) raises speed from 10 Mbps to 100 Mbps – Gigabit Ethernet is an extension of IEEE 802.3 which increases speeds to 1000 Mbps, or 1 Gbps
Ethernet and IEEE 802.3
• Several framing variations exist for this common LAN technology
Ethernet Frames • Frames are used at the Data Link Layer to encapsulate packets coming down for transmission on a type of Media Access • Types of Media Access – Contention (Ethernet) – Token Passing (Token Ring or FDDI) We will be covering only “Contention”, as rest all are beyond the scope of our course.
MAC SUB-LAYER MAC Layer - 802.3 # Bytes
8
6
6
Preamble Dest add Source add
0000.0C IEEE assigned
xx.xxxx Vendor assigned
MAC Address
2
Length
Variable
Data
4 FCS
Ethernet II uses “Type” here and does not use 802.2.
Preamble • It allows the receiving devices to lock the incoming bit stream. • The Peamble is used to indicate to the receiving station that the data portion of the message will follow.
Destination Address (DA) • DA is used by receiving stations to determine if an incoming packet is addressed to a particular node. • Uses LSB (Least Significant Bit) first • Destination can be individual, multicast or broadcast – Broadcast will be all 1s or Fs and will be sent to all. – Multicast will be sent to the specific subnet
Source Address (SA) • SA is a 48 bit MAC Address supplied by the transmitting device. • Broadcast and Multicast address formats are illegal within the SA fields. • It uses LSB (Least significant bit first)
Length or Type Field • 802.3 uses length field where as Ethernet frame uses type field to identify the network layer protocol. • 802.2 can identify upper-layer protocol and must be used with 802.3 frame.
Data • This is the packet sent down to the Data Link Layer from the Network layer. • The size can vary from 46-1500 bytes.
Frame Check Sequence (FCS) • FCS is a field at the end of the frame that is used to store the cyclic redundancy check.
Data Link Layer Functions (cont.) 802.2 (SNAP) # Bytes
1
1
1 or 2
3
2
Dest SAP Source SAP Ctrl OUI Type ID AA AA 03
OR # Bytes
Variable
Data
802.2 (SAP) 1
1
1 or 2
Dest SAP
Source SAP
Ctrl
Preamble Dest add Source add Length
Variable
Data
Data
MAC Layer - 802.3
FCS
802.2 Frame • 802.2 Frame has two new fields – DSAP (Destination Service Access Pointer) – SSAP (Source Service Access Pointer)
• 802.2 frame type is nothing but 802.3 frame with LLC information • Because of the LLC information we know what upper layer protocol is.
•
SNAP Frame The SNAP Frame has its own protocol field to identify
the upper layer protocol. • To Identify SNAP Frame: – DSAP and SSAP fields are always AA to indicate that this is a SNAP header coming up. – it is an LLC data unit (sometimes called a Logical Protocol Data Unit (LPDU)) of Type 1 (indicated by 03) – The SNAP header then indicates the vender via the Organisational Unique Identifier (OUI) and the protocol type via the Ethertype field CISCO uses SNAP frame with their proprietary protocol CDP (CISCO Discovery Protocol)
EXAMPLE - SNAP
In the example above we have the OUI as 00-00-00 which means that there is an Ethernet frame, and the Ethertype of 08-00 which indicates IP as the protocol.
ETHERNET CABLING
Network Cabling • Media connecting network components – NIC cards take turns transmitting on the cable – LAN cables only carry one signal at a time – WAN cables can carry multiple signals simultaneously
• Three primary types of cabling – Twisted-pair (or copper) – Coaxial cable – Fiber-optic cable
Twisted-Pair (UTP and STP) STP only: Shielded Insulation to Reduce EMI
Twisted-Pair Outer Jacket
Speed and throughput:
10/100 Mbps
Relative cost:
Least costly
Media and connector size: Small Maximum cable length:
100 m
Color-Coded Plastic Insulation
RJ-45 Connector
Coaxial Cable OuterJacket
Braided Copper Shielding Plastic Insulation Copper Conductor
BNC Connector
Speed and throughput:
10/100 Mbps
Relative cost:
More than UTP, but still low
Media and connector size:
Medium
Maximum cable length:
200/500 m
Fiber-Optic Cable Outer Jacket
Kevlar Reinforcing Material
Plastic Shield
Speed and throughput:
100+ Mbps
Average cost per node:
Most expensive
Media and connector size: Small
Maximum cable length:
Up to 2 km
Glass Fiber and Cladding
Optical Fiber •Metal cables transmit signals in the form of electric current •Optical fiber is made of glass or plastic and transmits signals in the form of light. •Light, a form of electromagnetic energy, travels at 300,000 Kilometers/second ( 186,000 miles/second), in a vaccum. •The speed of the light depends on the density of the medium through which it is traveling ( the higher density, the slower the speed).
Ethernet Local Area Network • Ethernet was first created and implemented by a group called DIX (Digital, Intel and Xerox). • The first Ethernet specification was modified by IEEE and IEEE 802.3 was created. • This was a 10Mbps network running on co-axial, twisted pair and fiber physical media. • IEEE 802.3 was further modified by IEEE only and 802.3u (Fast Ethernet) and 802.3g (Gigabit Ethernet) was created. • 802.3u and 802.3g are specified only on twisted pair and fiber physical media.
Ethernet Protocol Names 100BaseFX LAN speed (bps)
Indicates type of cable and maximum length. If a number, max. length = # x 100 m “Base” = baseband “Broad” = broadband
Cable Specification Cables
Distance
Throughput Ethernet Standard
Connectors
Co-axial Thinnet
185 Mtrs. 10 MBPS
10Base2
T-connector
Co-axial Thicknet
500 Mtrs. 100 MBPS
10Base5
AUI
Category 3
100 Mtrs. 10 MBPS
10BaseT
RJ-45
Category 5
100 Mtrs. 100 MBPS
10BaseX / RJ-45 Fast Ethernet
UTP Connections (RJ-45) • UTP Cables have eight colored wire. • These wires are twisted into 4 pairs • Four (two pairs) carry the voltage and are considered tip. • The more twists per inch in the wire, the less interference. • CAT 5 & 6 have many more twists per inch than CAT 3 UTP.
•
Crimping There are two types of Crimping used with UTP cables and RJ-45 connectors. – Straight-Through This is used while connecting • Router to a Hub or Switch • Server to Hub or Switch • Workstation to a Hub or Switch
– Crossover
This is used while connecting • Uplinks between Switches • Hubs to Switches • Hub to another Hub • Router Interface to another Router Interface
UTP Implementation Straight-through Cable 10BaseT/ Straight-through Cable 100BaseTx Straight-through
Hub/Switch
Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Server/Router
Pin 1 2 3 4 5 6 7 8
Label TD+ TDRD+ NC NC RDNC NC
8
1 8
1
1
8
w g w b w o w br g o b br
1
8
w g w b w o w br g o b br
Wires on cable ends are in same order
UTP Implementation Crossover Cable 10BaseT/ 100BaseT Crossover Hub/Switch
Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Hub/Switch Pin 1 2 3 4 5 6 7 8
Label RD+ RDTD+ NC NC TDNC NC
Crossover Cable
8
1
1
8
8
1
br w g w b w o w br g o b
8
w ww w br b g br o b
1
o g
Some wires on cable ends are crossed
CISCO MODEL
Network Structure Defined by Hierarchy Core Layer
Distribution Layer
Access Layer
118
The Three Layers are : •Core Layer
•Distribution Layer •Access Layer
Core Layer Characteristics Core Layer
• Fast transport to enterprise services • No packet manipulation 120
Core Layer –Core Layer is actually the core of the network. –It is responsible for transporting large amount of traffic reliably and quickly. –Core Layer failure affects each individual user, hence fault tolerance becomes an issue at this layer.
–Core layer is likely to see large volume of traffic, hence speed and latency is the driving concerns. –There are few thing we do not want to do at core layer but few things are recommended to do at this layer.
Distribution Layer Characteristics • Access Layer Aggregation Point
Distribution Layer
• Routes traffic • Broadcast/Multicast Domains
• Media Translation • Security • Possible point for remote access 122
Distribution Layer – It is sometimes also referred as workgroup layer. – It is communication point between Access Layer and Core Layer. – Routing, Filtering & WAN Access is the Primary function of the distribution layer. – Network policies are implemented at Distribution Layer. – Best path is determined and request are forwarded to Core Layer.
At Distribution Layer We do the following: – Implementation of tools like access lists, packet filtering etc. – Implementation of security and network policies like address translation and firewalls – Redistribution between routing protocols, including static routing – Routing between VLANs – Definition of Broadcast and Multicast Domains
Access Layer Characteristics
Access Layer
End station entry point to the network
125
The Access Layer • Access Layer controls users and workgroup access to network resources. • This layer is also referred to as Desktop Layer. • Continues access control and policies from distribution layer • Creation of separate collision domains (segmentation) • Workgroup connectivity into the distribution layer
© 2002, Cisco Systems, Inc. All rights reserved.
UPPER LAYER PROTOCOLS
What Is TCP/IP? • A suite of protocols • Rules that dictate how packets of information are sent across multiple networks • Addressing • Error checking
TCP/IP Protocol • The Transmission Control Protocol/Internet Protocol (TCP/IP) suit was created by the Department of Defense (DoD). • The Internet Protocol can be used to communicate across any set of interconnected networks. • TCP/IP supports both LAN and WAN communications. • IP suite includes not only Layer 3 and 4 specifications but also specifications for common applications like e-mail, remote login, terminal emulation and file transfer. • The TCP/IP protocol stack maps closely to the OSI model in the lower layers.
The DoD & OSI DoD Model
OSI Model Application
Application
Presentation Session
Host-to-Host Internet
Network Access
Transport Network Data Link Physical
TCP/IP Protocol Suit at DoD TCP/IP Protocol Suit
DoD Model
Process / Application
Telnet
FTP
LPD
SNMP
TFTP
SMTP
NFS
X Window
Host-to-Host
TCP ICMP
Internet Network Access
UDP
BootP
ARP
RARP
Token Ring
FDDI
IP Ethernet
Fast Ethernet
TCP/IP Applications • Application layer – File Transfer Protocol (FTP) – Remote Login (Telnet) – E-mail (SMTP)
• Transport layer – Transport Control Protocol (TCP) – User Datagram Protocol (UDP)
• Network layer – Internet Protocol (IP)
• Data link & physical layer – LAN Ethernet, Token Ring, FDDI, etc. – WAN Serial lines, Frame Relay, X.25, etc.
Internet Layer Overview
Internet Protocol (IP) Application Transport Internet
Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP)
Data-Link Physical
Reverse Address Resolution Protocol (RARP)
• In the OSI reference model, the network layer corresponds to the TCP/IP Internet layer.
Internet Protocol • Provides connectionless,best - effort delivery routing of datagrams. • IP is not concerned with the content of the datagrams. • It looks for a way to move the datagrams to their destination.
IP Datagram Bit 1 0 Version (4)
Bit 15 Bit 16 Header Length (4)
Type of Service (8)
Total Length (16) Flags (3)
Identification (16) Time-to-Live (8)
Bit 31
Protocol (8)
Fragment Offset (13) Header Checksum (16)
Source IP Address (32) Destination IP Address (32) Options (0 or 32 if Any)
Data (Varies if Any)
20 Bytes
IP Datagram • Version – Currently used IP version • Header Length – Datagram header length • TOS – Level of importance assigned by a particular upper-layer protocol • Total Length- Length of packet in bytes including Data and Header
• Identification – Identifies current datagram (Sequence Number) • Flags – Specifies whether the packet can be fragmented or not • Fragment Offset – Used to piece together datagram fragments •TTL – It maintains a counter that gradually decreases, in increments, to zero • Protocol – It indicates which upper-layer protocol receives incoming packets • Header Checksum – Calculated checksum of the header to check its integrity • Source IP Address – Sending node IP Address • Destination IP Address – Receiving node IP Address • Options – It allows IP to support various options like security • Data – Upper layer information (maximum 64Kb)
Protocol Field Transport Layer
UDP
TCP 6
Internet Layer
17
Protocol Numbers
IP
• Determines destination upper-layer protocol
Address Resolution Protocol (ARP) • ARP works at Internet Layer of DoD Model • It is used to resolve MAC address with the help of a known IP address. • All resolved MAC addresses are maintained in ARP cache table is maintained. • To send a datagram this ARP cache table is checked and if not found then a broadcast is sent along with the IP address. • Machine with that IP address responds and the MAC address is cached.
Address Resolution Protocol I need the Ethernet address of 176.16.3.2. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ???
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ??? IP: 172.16.3.2 Ethernet: 0800.0020.1111
Address Resolution Protocol I need the Ethernet address of 176.16.3.2.
I heard that broadcast. The message is for me. Here is my Ethernet address. 172.16.3.1
172.16.3.2
IP: 172.16.3.2 = ??? IP: 172.16.3.2 Ethernet: 0800.0020.1111
Map IP
Ethernet
RARP (Reverse ARP) • • • • •
This also works at Internet Layer. It works exactly opposite of ARP It resolves an IP address with the help of a known MAC addres. DHCP is the example of an RARP implementation. Workstations get their IP address from a RARP server or DHCP server with the help of RARP.
Reverse ARP What is my IP address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ???
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ??? Ethernet: 0800.0020.1111 IP: 172.16.3.25
Reverse ARP I heard that broadcast. Your IP address is 172.16.3.25.
What is my IP address?
Ethernet: 0800.0020.1111 IP = ??? Ethernet: 0800.0020.1111 IP: 172.16.3.25
•Map Ethernet
IP
Bootstrap Protocol (BootP) • BootP stands for BootStrap Protocol. • BootP is used by a diskless machine to learn the following: – Its own IP address – The IP address and host name of a server machine. – The boot filename of a file that is to be loaded into memory and executed at boot-up. • BootP is an old program and is now called the DHCP.
DHCP (Dynamic Host Configuration Protocol) • The DHCP server dynamically assigns IP address to hosts. • All types of Hardware can be used as a DHCP server, even a Cisco Router. • BootP can also send an operating system that a host can boot from. DHCP can not perform this function. • Following information is provided by DHCP while host registers for an IP address: • IP Address – Subnet mask – Domain name – Default gateway (router) – DNS
Internet Control Message Protocol •ICMP messages are carried in IP datagrams and used to send error and control messages. Application Transport
1
Destination Unreachable
ICMP
Echo (Ping) Internet
Other Data-Link Physical
ICMP Ping
Transport Layer Overview
Application Transport Internet
Data-Link Physical
Transmission Control Protocol (TCP)
ConnectionOriented
User Datagram Protocol (UDP)
Connectionless
Transmission Control Protocol (TCP) • TCP works at Transport Layer • TCP is a connection oriented protocol. • TCP is responsible for breaking messages into segments and reassembling them.
• Supplies a virtual circuit between end-user application.
TCP Segment Format Bit 0
Bit 15 Bit 16 Source Port (16)
Bit 31 Destination Port (16)
Sequence Number (32) Acknowledgment Number (32) Header Length (4)
Reserved (6) Code Bits (6) Checksum (16)
Window (16) Urgent (16)
Options (0 or 32 if Any) Data (Varies)
20 Bytes
TCP Segment Format • Source port – Number of the calling port • Destination Port – Number of the called port • Sequence Number – Number used to ensure correct sequencing of the arriving data
• Acknowledgement Number – Next expected TCP octet • Header Length – Length of the TCP header • Reserved – Set to zero • Code Bits – Control Functions (setup and termination of a session)
• Window – Number of octets that the sender is willing to accept • Checksum – Calculated checksum of the header and data fields • Urgent Pointer – Indication of the end of the urgent data • Options – One option currently defined (maximum TCP segment size) • Data – Upper layer protocol data
Port Numbers
Application Layer
Transport Layer
F T P
T E L N E T
S M T P
D N S
T F T P
S N M P
R I P
21
23
25
53
69
161
520
TCP
UDP
Port Numbers
TCP Port Numbers Source Port
Destination Port
…
Telnet Z Host Z
Host A
SP
DP
1028
23
…
Destination port = 23. Send packet to my Telnet application.
TCP Three-Way Handshake/Open Connection Host A
1
Host B
Send SYN (seq = 100 ctl = SYN) SYN Received SYN Received
3
Established (seq = 101 ack = 301 ctl = ack)
Send SYN, ACK 2 (seq = 300 ack = 101 ctl = syn,ack)
TCP Simple Acknowledgment Sender
Receiver
Send 1
Receive 1 Send ACK 2
Receive ACK 2 Send 2
Receive 2 Send ACK 3
Receive ACK 3 Send 3
Receive 3 Send ACK 4
Receive ACK 4
• Window Size = 1
TCP Sequence and Acknowledgment Numbers Source Port
Destination Port
I just sent number 10
Sequence
Acknowledgment
…
I just got number 10, now I need number 11.
Source Dest. Seq. Ack. 1028 23 10 1 Source Dest. Seq. Ack. 23 1028 1 11 Source Dest. Seq. Ack. 1028
23
11
2
.
TCP Windowing Sender
Window Size = 3 Send 1
Window Size = 3
Receiver
Window Size = 3 Send 2 Window Size = 3 Send 3
Packet 3 Is ACK 3 Window Size = 2 Dropped
Window Size = 3 Send 3 Window Size = 3 Send 4
ACK 5 Window Size = 2
• • • • •
UDP (User Datagram A connectionless and unacknowledged protocol. Protocol) UDP is also responsible for transmitting messages. But no checking for segment delivery is provided. UDP depends on upper layer protocol for reliability. TCP and UDP uses Port no. to listen to a particular services.
UDP Segment Format Bit 1 0
Bit 15 Bit 16 Source Port (16)
Bit 31 Destination Port (16)
Length (16)
Checksum (16) Data (if Any)
• No sequence or acknowledgment fields
8 Bytes
UDP Segment Format • Source port – Number of the calling port • Destination Port – Number of the called port • Length – Number of bytes, including header and data • Checksum – Calculated checksum of the header and data fields
• Data – Upper layer protocol data
Application Layer Overview
Application Transport Internet
File Transfer - TFTP* - FTP* - NFS E-Mail - SMTP Remote Login - Telnet* - rlogin* Network Management - SNMP* Name Management - DNS*
Data-Link
*Used by the Router Physical
Telnet • Telnet is used for Terminal Emulation. • It allows a user sitting on a remote machine to access the resources of another machine. • It allows you to transfer files from one machine to another. • It also allows access to both directories and files. • It uses TCP for data transfer and hence slow but reliable.
Network File System (NFS)
• It is jewel of protocols specializing in file sharing. • It allows two different types of file systems to interoperate. • • • •
This is striped down version of FTP. It has no directory browsing abilities. It can only send and receive files. It uses UDP for data transfer and hence faster but not reliable.
LPD (Line Printer Daemon) • The Line Printer Protocol is designed for Printer sharing. • The LPD along with the LPR (Line Printer Program) allows print jobs to spooled and sent to the network’s printers using TCP/IP.
X Window
• X-windows defines a protocol for the writing of graphical user interface-based client/Server application.
Simple Network Management Protocol • SNMP enable a central management of Network. • Using SNMP an administrator can watch the entire network. • SNMP works with TCP/IP. • IT uses UDP for transportation of the data.
DNS (Domain Name Service) • DNS resolves FQDNs with IP address. • DNS allows you to use a domain name to specify and IP address. • It maintains a database for IP address and Hostnames. • On every query it checks this database and resolves the IP.
© 2002, Cisco Systems, Inc. All rights reserved.
Introduction to TCP/IP Addresses 172.18.0.1
172.18.0.2 10.13.0.0 10.13.0.1
172.16.0.1
HDR SA DA DATA
172.17.0.1
172.16.0.2
172.17.0.2
192.168.1.0 192.168.1.1
– Unique addressing allows communication between end stations. – Path choice is based on destination address. • Location is represented by an address
IPv4 Addressing • 32-bit addresses
• Commonly expressed in dotted decimal format (e.g., 192.168.10.12) • Each “dotted decimal” is commonly called an octet (8 bits)
IP Addressing 32 bits Dotted Decimal Maximum
Network
255
255
Host
255
255
IP Addressing 32 bits Dotted Decimal
Network
16 17
255 24 25
32
11111111 11111111
11111111 11111111 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
8 9
255
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
1
Binary
255
255
Maximum
Host
IP Addressing 32 bits Dotted Decimal
Network
16 17
255 24 25
32
11111111 11111111
11111111 11111111 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
8 9
255
128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1
1
Binary
255
255
Maximum
Host
Example 172 16 122 204 Decimal Example 10101100 00010000 01111010 11001100 Binary
IP Address Classes 8 bits
8 bits
8 bits
8 bits
Host
Host
Host
Host
Host
•Class A:
Network
•Class B:
Network Network
•Class C:
Network Network Network
•Class D:
Multicast
•Class E:
Research
Host
IP Addressing—Class A • 10.222.135.17 • Network # 10 • Host # 222.135.17 • Range of class A network IDs: 1–126 • Number of available hosts: 16,777,214
IP Addressing—Class B • 128.128.141.245 • Network # 128.128 • Host # 141.245 • Range of class B network IDs: 128.1–191.254 • Number of available hosts: 65,534
IP Addressing—Class C • 192.150.12.1 • Network # 192.150.12 • Host # 1 • Range of class C network IDs: 192.0.1–223.255.254
• Number of available hosts: 254
IP Network Address Classes Class
# Networks
# Hosts
Example
A
126
16,777,214
01111111
00000000
00000000
00000000
B
16,384
65,534
10111111
11111111
00000000
00000000
C
2,097,152
254
11011111
11111111
11111111
00000000
Class A
35.0.0.0
Class B
128.5.0.0
Class C
132.33.33.0
Host Address Space
Network Address Space
IP Address Classes Bits:
Class A: Bits:
Class B: Bits:
Class C: Bits:
Class D:
1
8 9
0NNNNNNN
16 17
24 25
Host
Host
32 Host
Range (1-126) 1
8 9
10NNNNNN
16 17 Network
Range (128-191) 1 8 9 110NNNNN
Host 16 17
Network
Range (192-223) 1 8 9
1110MMMM
24 25 Host 24 25
Network 16 17
32
32 Host
24 25
32
Multicast Group Multicast Group Multicast Group
Range (224-239)
Private Addresses • Class A – 10.0.0.0 to 10.255.255.255 • Class B – 172.16.0.0 to 172.31.255.255 • Class C – 192.168.0.0 to 192.168.255.255
Determining Available Host Addresses Network
0
0
...
...
10101100 00010000 00000000 00000000 00000000 00000001 00000000 00000011
N 1 2 3 ...
16
16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
172
Host
11111111 11111101 11111111 11111110 11111111 11111111
65534 65535 65536 2
2N-2 = 216-2 = 65534
65534
Subnet Mask Network IP Address
172
Host
16
0
Network
Default Subnet Mask
8-bit Subnet Mask
255
0 Host
255
0
0
11111111 11111111 00000000 00000000 Also written as “/16” where 16 represents the number of 1s in the mask. Network Subnet Host
255
255
255
0
Also written as “/24” where 24 represents the number of 1s in the mask.
Decimal Equivalents of Bit Patterns 128 64
32
16
8
4
2
1
1
0
0
0
0
0
0
0
=
128
1
1
0
0
0
0
0
0
=
192
1
1
1
0
0
0
0
0
=
224
1
1
1
1
0
0
0
0
=
240
1
1
1
1
1
0
0
0
=
248
1
1
1
1
1
1
0
0
=
252
1
1
1
1
1
1
1
0
=
254
1
1
1
1
1
1
1
1
=
255
Subnet Mask without Subnets Network
Host
172.16.2.160
10101100
00010000
00000010
10100000
255.255.0.0
11111111
11111111
00000000
00000000
10101100
00010000
00000000
00000000
172
16
0
0
Network Number
•Subnets not in use—the default
Subnet Mask with Subnets Network 172.16.2.160
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
00000000
10101100
00010000
00000010
00000000
172
16
128 192 224 240 248 252 254 255
255.255.255.0
Subnet
Network Number
2
0
•Network number extended by eight bits
Subnet Mask with Subnets (cont.)
255.255.255.192
Network Number
Host
10101100
00010000
00000010
10100000
11111111
11111111
11111111
11000000
10101100
00010000
00000010
10000000 128 192 224 240 248 252 254 255
172.16.2.160
Subnet
128 192 224 240 248 252 254 255
Network
172
16
2
128
•Network number extended by ten bits
Addressing Summary Example
172.16.2.160 255.255.255.192
172
16
10101100
00010000
2
160
00000010 10100000 Host
1
Mask Subnet 4 Broadcast First Last
Addressing Summary Example
172.16.2.160 255.255.255.192
172
16
10101100
00010000
11111111
11111111
2
160
00000010 10100000 Host
1
11111111 11000000 Mask 2 Subnet Broadcast First Last
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 Subnet Broadcast First Last
7
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4 Broadcast First Last
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 First Last
6
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 10000001 First Last
6
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
11111111
11111111
00000010 10100000 Host
1
11111111 11000000 Mask 2 10000000 Subnet 4
10111111 Broadcast 5 10000001 First
6
10111110 Last
7
Addressing Summary Example 172
16
2
160 3
172.16.2.160 255.255.255.192
10101100
00010000
00000010 10100000 Host
11111111
11111111
11111111 11000000 Mask 2
10101100
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast
10101100
00010000
5 00000010 10000001 First
6
10101100
00010000
00000010 10111110 Last
7
1
8
Addressing Summary Example 172
16
2
160 3
10101100
00010000
255.255.255.192 11111111 8 9 172.16.2.128 10101100
11111111
11111111 11000000 Mask 2
00010000
00000010 10000000 Subnet 4
10101100
00010000
00000010 10111111 Broadcast 6 7
172.16.2.160
172.16.2.191
00000010 10100000 Host
172.16.2.129
10101100
00010000
5 00000010 10000001 First
172.16.2.190
10101100
00010000
00000010 10111110 Last
1
Variable-Length Subnet Masks © 2001, Cisco Systems, Inc.
3-200
What Is a Variable-Length Subnet Mask?
HQ
172.16.0.0/16
What Is a Variable-Length Subnet Mask? (cont.)
HQ HQ
172.16.0.0/16
What Is a Variable-Length Subnet Mask? (cont.) 172.16.14.32/27
A
172.16.14. 64/27 B
HQ HQ
172.16.0.0/16
172.16.14.96/27 C
– Subnet 172.16.14.0/24 is divided into smaller subnets: • Subnet with one mask at first (/27)
What Is a Variable-Length Subnet Mask? (cont.) 172.16.14.32/27 A
172.16.14. 64/27 B
HQ HQ
172.16.0.0/16
172.16.14.96/27 C
– Subnet 172.16.14.0/24 is divided into smaller subnets: • Subnet with one mask at first (/27) • Then further subnet one of the unused /27 subnets into multiple /30 subnets
Calculating VLSMs Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st subnet:
10101100 . 00010000 .0010 0000.00 000000=172.16.32.0/26 Network
Subnet VLSM subnet
Host
Calculating VLSMs (cont.) Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st subnet: 10101100 . 00010000 2nd subnet: 172 . 16 3rd subnet: 172 . 16 172 . 16 4th subnet: 172 . 16 5th subnet: Network
.0010 .0010 .0010 .0010 .0010
0000.00 0000.01 0000.10 0000.11 0001.00
Subnet VLSM Subnet
000000=172.16.32.0/26 000000=172.16.32.64/26 000000=172.16.32.128/26 000000=172.16.32.192/26 000000=172.16.33.0/26 Host
A Working VLSM Example Derived from the 172.16.32.0/20 Subnet
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26
26 bit mask (62 hosts)
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26
172.16.32.64/26
172.16.32.128/26
172.16.32.192/26 Derived from the 172.16.33.0/26 Subnet 30 bit mask (2 hosts)
26 bit mask (62 hosts)
A Working VLSM Example (cont.) Derived from the 172.16.32.0/20 Subnet
172.16.32.0/26 172.16.33.0/30
172.16.33.4/30
172.16.32.64/26
172.16.33.8/30 172.16.32.128/26 172.16.33.12/30
172.16.32.192/26 Derived from the 172.16.33.0/26 Subnet 30-Bit Mask (2 Hosts)
26-Bit Mask (62 Hosts)
Route Summarization
© 2001, Cisco Systems, Inc.
3-213
What Is Route Summarization? 172.16.25.0/24
172.16.26.0/24
A 172.16.27.0/24
Routing table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
What Is Route Summarization? (cont.) 172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24
A 172.16.27.0/24
Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
B Routing Table 172.16.0.0/16
– Routing protocols can summarize addresses of several networks into one address
Summarizing Within an Octet 172.16.168.0/24 = 10101100 . 00010000 . 10101 000 . 00000000 172.16.169.0/24 =
172
.
16
. 10101 001 .
0
172.16.170.0/24 =
172
.
16
. 10101 010 .
0
172.16.171.0/24 =
172
.
16
. 10101 011 .
0
172.16.172.0/24 =
172
.
16
. 10101 100 .
0
172.16.173.0/24 =
172
.
16
. 10101 101 .
0
172.16.174.0/24 =
172
.
16
. 10101 110 .
0
172.16.175.0/24 =
172
.
16
. 10101 111 .
0
Number of Common Bits = 21 Summary: 172.16.168.0/21
Noncommon Bits = 11
Summarizing Addresses in a VLSM-Designed Network 172.16.128.0/20
B
172.16.32.64/26 172.16.32.0/24 A
C
172.16.0.0/16
172.16.32.128/26
172.16.64.0/20
Corporate Network
D
Classless Interdomain Routing © 2001, Cisco Systems, Inc.
3-218
Classless Interdomain Routing • Mechanism developed to alleviate exhaustion of addresses and reduce routing table size • Blocks of Class C addresses assigned to ISPs—ISPs assign subsets of address space to organizations • Blocks are summarized in routing tables
CIDR Example 192.168.8.0/24
192.168.9.0/24
A
B
192.168.9.0/24
192.168.15.0/24
192.168.8.0/21 ISP
H
– Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by the ISP in one advertisement 192.168.8.0/21
© 2002, Cisco Systems, Inc. All rights reserved.
WAN Basics
What Is a WAN? • A network that serves users across a broad geographic area • Often uses transmission devices provided by public carriers (Pacific Bell, AT&T, etc.) – This service is commonly referred to as “plain old telephone service” (POTS)
• WANs function at the lower three layers of the OSI reference model – Physical layer, data link layer, and network layer
WAN Overview
Service Provider
• WANs connect sites • Connection requirements vary depending on user requirements and cost
What is a WAN? A WAN is a data communications network that covers a relatively broad geographic area and often uses transmission facilities provided by common carriers, such as telephone companies. WAN technologies function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.
WAN connection types • Point-to-Point Links or Leased Lines • Circuit Switching • Packet Switching
Point-to-Point Links or Leased Lines
• A point-to-point link is also known as a leased line because its established path is permanent and fixed for each remote network reached through the carrier facilities. It uses synchronous serial lines upto 45 Mbps
Leased Line
• • • • • •
One connection per physical interface Bandwidth: 56 kbps–1.544 Mbps Cost effective at 4–6 hours daily usage Dedicated connections with predictable throughput Permanent Cost varies by distance
Circuit Switching
Modem
Modem
WAN
• Dedicated physical circuit established, maintained, and terminated through a carrier network for each communication session • Datagram and data stream transmissions • Operates like a normal telephone call • Example: ISDN
Circuit Switching
•Sets up line like a phone call. No data can transfer before the end-to-end connection is established. •Uses dial-up modems and ISDN. It is used for low-bandwidth data transfers.
POTS Using Modem Dialup Modem Corporate Network
Telecommuters
Mobile Users
• • • • • •
Basic Telephone Service
Server Modem Access Router
Widely available Easy to set up Dial on demand Asynchronous transmission Low cost, usage-based Lower bandwidth access requirements
Integrated Services Digital Network (ISDN) LAN Server
ISDN Telecommuter/AfterHours, Work-atHome
BRI 2B+D
BRI/PRI 23B+D 30B+D (Europe)
Company Network • High bandwidth • Up to 128 Kbps per basic rate interface • Dial on demand • Multiple channels • Fast connection time • Monthly rate plus cost-effective, usage-based billing • Strictly digital
Packet Switching Multiplexing
Modem
Demultiplexing
WAN
Modem
• Network devices share a point-to-point link to transport packets from a source to a destination across a carrier network • Statistical multiplexing is used to enable devices to share these circuits • Examples: ATM, Frame Relay, X.25
Packet Switching •WAN switching method that allows you to share bandwidth with other companies to save money. •Think of packet switching networks as a party line. As long as you are not constantly transmit-ting data and are instead using bursty data transfers, packet switching can save you a lot of money. However, if you have constant data transfers,then you will need to get a leased line.
• Frame Relay and X.25 are packet-switching technologies. Speeds can range from 56Kbps to 2.048Mbps.
Frame Relay • Permanent, not dialup • Multiple connections per physical interface (permanent virtual circuits) • Efficient handling of bursty (peak performance period) data • Guaranteed bandwidth (typical speeds are 56/64 Kbps, 256 Kbps, and 1.544 Mbps)— committed information rate (CIR) • Cost varies greatly by region
Permanent Virtual Circuit (PVC)
X.25 DTE
DTE DCE
• • • •
X.25
DCE
Very robust protocol for low-quality lines Packet-switched Bandwidth: 9.6 kbps–64 kbps Well-established technology; large installed base • Worldwide availability
Asynchronous Transfer Mode (ATM) • Technology capable of transferring voice, video, and data through private and public networks • Uses VLSI technology to segment data, at high speeds, into Data Header units called cells – 5 bytes of header information – 48 bytes of payload – 53 bytes total
5
48
• Cells contain identifiers that specify the data stream to which they belong • Primarily used in enterprise backbones or WAN links
Cabling the WAN Legend FastEthernet/
Ethernet ISDN Dedicated ISL core_sw_b
ISDN Cloud
core_sw_b core_sw_a
Leased Line/ Frame Relay
Core_ Server
WAN Physical Layer Implementations • Physical layer implementations vary
Frame Relay
PPP
HDLC
• Cable specifications define speed of link
EIA/TIA-232 EIA/TIA-449 X.21 V.24 V.35 HSSI
ISDN BRI (with PPP)
RJ-45 NOTE: Pinouts are different than RJ-45 used in campus
Differentiating Between WAN Serial Connectors Router connections
End user device DTE
CSU/ DSU
DCE Service provider
EIA/TIA-232
EIA/TIA-449
V.35
X.21
EIA-530
Network connections at the CSU/DSU
Serial Implementation of DTE versus DCE Data Terminal Equipment
Data Communications Equipment • End of the WAN provider’s side of the communication facility • DCE is responsible for clocking
End of the user’s device on the WAN link
Modem CSU/DSU DCE
DTE S S S
DTE
DCE
S S S
DCE
DTE
WAN Terminating Equipment Physical Cable Types
Router To Corporate Network
EIA/TIA-232 V.35 X.21 HSSI
WAN Provider (Carrier) Network Modem Usually on the Customer’s Premises
DTE
DCE
Data Terminal Equipment
Data Circuit-Terminating Equipment
The Customer’s Equipment
The Service Providers Equipment
Serial Transmission • WAN Serial connectors use serial transmission – Serial transmission uses one bit at time over a single channel. – Parallel transmission can use 8 bits at a time, but all WANs use serial transmission.
• Cisco Routers use a proprietary 60 pin serial connector.
– Connector at the other end of the cable will depend on your service provider or end device requirements.
LAN/WAN Devices
www.cisco.com
© 1999, Cisco Systems, Inc.
LAN/WAN Devices
• Hubs • Bridges • Switches
• Routers
Hub • Device that serves as the center of a star topology network, sometimes referred to as a multiport repeater, no forwarding intelligence
Hubs 123
126
124
127
Hub 125
128
• • • • •
Amplifies signals Propagates signals through the network Does not filter data packets based on destination No path determination or switching Used as network concentration point
Hubs Operate at Physical layer
Physical
A
B
C
D
• All devices in the same collision domain • All devices in the same broadcast domain • Devices share the same bandwidth
Hubs: One Collision Domain • More end stations means more collisions • CSMA/CD is used
Bridge • Device that connects and passes packets between two network segments. • More intelligent than hub—analyzes incoming packets and forwards (or filters) them based on addressing information.
Bridge Example 123
126
Bridge
124
127
Hub
Hub
125 128 Segment 1
Corporate Intranet
Segment 2
• More intelligent than a hub—can analyze incoming packets and forward (or filter) them based on addressing information • Collects and passes packets between two network segments • Maintains address tables
Switches • Use bridging technology to forward traffic between ports.
• Provide full dedicated data transmission rate between two stations that are directly connected to the switch ports. • Build and maintain address tables called content-addressable memory (CAM).
Switching—“Dedicated” Media Workstation
10-Mbps UTP Cable “Dedicated”
31
Switch
34
32 35 100 Mbps
33
100 Mbps Corporate Intranet
• Uses bridging technology to forward traffic (i.e. maintains address tables, and can filter) • Provides full dedicated transmission rate between stations that are connected to switch ports • Used in both local-area and in wide-area networking • All types available—Ethernet, Token Ring, ATM
36
Switches and Bridges Operate at Data Link Layer Data Link
1
2
3
4
OR
1
2
• Each segment has its own collision domain • All segments are in the same broadcast domain
Switches
Switch Memory
• Each segment has its own collision domain • Broadcasts are forwarded to all segments
Routers
• Interconnect LANs and WANs • Provide path determination using metrics • Forward packets from one network to another • Control broadcasts to the network
Network Layer Functions (cont.) 1.1
1.2
1.0
4.0
1.3 E0
2.1
S0
Routing Table NET INT Metric 1 E0 0 2 S0 0 4 S0 1
2.2 S0
4.3
4.1
4.2
E0
Routing Table NET INT Metric 1 S0 1 2 S0 0 4 E0 0
• Logical addressing allows for hierarchical network • Configuration required • Uses configured information to identify paths to networks
Routers: Operate at the Network Layer • Broadcast control • Multicast control • Optimal path determination • Traffic management • Logical addressing • Connects to WAN services
Using Routers to Provide Remote Access Modem or ISDN TA Telecommuter
Mobile User
Branch Office Main Office Internet
Network Device Domains Hub
Bridge
Switch
Router
Collision Domains: 1 4 Broadcast Domains:
1
1
4
4
1
4
© 2002, Cisco Systems, Inc. All rights reserved.
Product Selection Considerations • • • •
Provides functionality and features you need today Capacity and performance Easy installation and centralized management Provides network reliability
• Investment protection in existing infrastructure • Migration path for change and growth • Seamless access for mobile users and branch offices
Cisco Router Products Cisco 12000 GSR Series
Selection Issues: • Scale of the routing features needed • Port density/variety requirements • Capacity and performance
• Common user interface
Cisco 1600/1700 Cisco Series 700/800 Series
Cisco 2500 Series
Cisco 2600 Series
Cisco 3600 Series
AS 5000 Series
Cisco 7000 Series
Cisco 10000 Series
Central Site Solutions
Branch Office Solutions Small Office Solutions
Home Office Solutions
Visual Objective
Use the product selection tool to select Cisco Equipment
Router – 7200
Router – 7300
Router – 7500
Router – 7600
Router – 10000
Router 12000
Fixed and Moduler Interfaces • Some Cisco Routers have fixed interfaces while other are modular. – 2500 series routers have set interfaces that can’t be changed. • The 2501 Router has two serial connections one 10BaseT AUI interface. • If you need to add a third serial connection you need to buy a new router.
– The 1600, 1700, 2600, 3600 and higher routers have modular interfaces. • These Routers allow you to buy what you need and add almost any type of interface you may need later.
Fixed Interfaces 2500 Router—rear view
Serial WAN ports can be fixed
Modular Interfaces WAN Interface Card
Serial WAN ports can be modular 1603 Router—rear view
Ethernet 10BaseT
3640 Router— rear view
Ethernet AUI
ISDN BRI S/T
Console
Module
Router Internal Components
RAM • It contains the software and data structures that allow the router to function. The principal software running in RAM is the Cisco IOS image and the running configuration. Some routers, such as the 2500 series, run IOS from Flash and not RAM.
ROM Functions
• Contains microcode for basic functions
ROM • POST : The microcode used to test the basic functionality of the router hardware and to determine what components are present.
ROM • Bootstrap code : the bootstrap code is used to bring the router up during initialization. It contains microcode for basic functions to start and maintain the router. It reads the configuration register to determine how to boot and then, if instructed to do so, loads the IOS software.
ROM • ROM monitor : A low-level operating system normally used for manufacturing, testing and troubleshooting. • A “partial” IOS : This partial IOS can be used to load a new software image into Flash memory and to perform some other maintainence operations. It does not support the IP routing and most other routing functions. Sometimes, this subset of the IOS is referred to as RXBOOT code.
Flash memory • Flash memory : is used to contain the IOS software image. Some router run IOS image directly from Flash and do not need to transfer it to RAM.
NVRAM • NVRAM : is used mainly to store the configuration. NVRAM uses a battery to maintain the data when the power is removed from the router.
Configuration Register • Configuration Register : is used to control how the router boots up.
External Configuration Sources
• Configurations can come from many sources. • Configurations will act in device memory.
Basics of Cisco IOS • IOS Software delivers Network Services and enables network services. • Cisco IOS enable the following network services: – Features to carry the chosen network protocols & functions. – Connectivity to provide high-speed traffic between devices. – Security to control access and discourage unauthorized network use. – Scalability to add interfaces and capability as the need for networking grows. – Reliability to ensure dependable access to networked resources.
Cisco IOS Software Features
• Cisco IOS software delivers network services and enables networked applications.
Cisco IOS User Interface Functions – A CLI is used to enter commands. – Operations vary on different internetworking devices. – Users type or paste entries in the console command modes. – Enter key instructs device to parse and execute the command. – Two primary EXEC modes are user mode and privileged mode. – Command modes have distinctive prompts.
Setting Up A Console Connection Device with Console
– PCs require an RJ-45-to-DB-9 or RJ-45-to-DB-25 adapter. – COM port settings are 9600 bps, 8 data bits, no parity, 1 stop bit, no flow control. – This provides out-of-band console access. – AUX switch port may be used for a modem-connected console.
•
Console Connection Console connection is required to configure the router for the first time. – All Cisco devices are shipped with one Console cable. – It allows you to connect a device and configure, verify and monitor it. – The cable is a rollover cable with RJ-45 connectors – Pinouts for the rollover cable is: 1-8 4-5 7-2 2-7 5-4 8-1 3-6 6-3 ---
Console Connection • Setup terminal emulation program to run at – 9600 bps – 8 data bits – no parity – 1 stop bit – no flow control • Most of the router has an auxiliary port which can connect to a modem – This will give you console access to a remote router. – The console port and auxiliary port are considered out-of-band management since you are configuring router out of the network – Telnet is considered in-band.
Initial Startup of the Cisco Router – System startup routines initiate router software – Router falls back to startup alternatives if needed
Router Power-On/Bootup Sequence 1. 2. 3. 4. 5. 6. 7.
Perform power-on self test (POST). Load and run bootstrap code. Find the Cisco IOS software. Load the Cisco IOS software. Find the configuration. Load the configuration. Run the configured Cisco IOS software.
Router Configuration from CLI • First method of Router configuration is Setup utility – allows a basic initial configuration • Command Line Interface (CLI) can be used for more complex and specific configurations • CLI provides following modes of operation: – User Mode – EXEC Mode – Terminal Configuration / Global Configuration Mode • Terminal configuration Mode gives you access to different configuration Modes.
Bootup Output from the Router
Unconfigured Versus Configured Router
Setup: The Initial Configuration Dialog Router#setup
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: yes At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: no
Setup Interface Summary First, would you like to see the current interface summary? [yes]: Interface
IP-Address
OK?
Method
Status
Protocol
BRI0
unassigned
YES
unset
administratively down
down
BRI0:1
unassigned
YES
unset
administratively down
down
BRI0:2
unassigned
YES
unset
administratively down
down
Ethernet0
unassigned
YES
unset
administratively down
down
Serial0
unassigned
YES
unset
administratively down
down
Interfaces Found During Startup
Setup Initial Global Parameters Configuring global parameters: Enter host name [Router]:wg_ro_c The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: cisco The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: sanfran
The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: sanjose Configure SNMP Network Management? [no]:
Setup Initial Protocol Configurations Configure LAT? [yes]: no Configure AppleTalk? [no]: Configure DECnet? [no]: Configure IP? [yes]: Configure IGRP routing? [yes]: no Configure RIP routing? [no]: Configure CLNS? [no]: Configure IPX? [no]: Configure Vines? [no]: Configure XNS? [no]: Configure Apollo? [no]:
Setup Interface Parameters BRI interface needs isdn switch-type to be configured Valid switch types are : [0] none..........Only if you don't want to configure BRI. [1] basic-1tr6....1TR6 switch type for Germany [2] basic-5ess....AT&T 5ESS switch type for the US/Canada [3] basic-dms100..Northern DMS-100 switch type for US/Canada [4] basic-net3....NET3 switch type for UK and Europe [5] basic-ni......National ISDN switch type [6] basic-ts013...TS013 switch type for Australia [7] ntt...........NTT switch type for Japan [8] vn3...........VN3 and VN4 switch types for France Choose ISDN BRI Switch Type [2]: Configuring interface parameters: Do you want to configure BRI0 (BRI d-channel) interface? [no]: Do you want to configure Ethernet0 interface? [no]: yes Configure IP on this interface? [no]: yes IP address for this interface: 10.1.1.33 Subnet mask for this interface [255.0.0.0] : 255.255.255.0 Class A network is 10.0.0.0, 24 subnet bits; mask is /24 Do you want to configure Serial0
interface? [no]:
Setup Script Review and Use The following configuration command script was created: hostname Router interface BRI0 enable secret 5 $1$/CCk$4r7zDwDNeqkxFO.kJxC3G0 shutdown enable password sanfran no ip address line vty 0 4 ! password sanjose interface Ethernet0 no snmp-server no shutdown ! ip address 10.1.1.31 255.255.255.0 no appletalk routing no mop enabled no decnet routing ! ip routing interface Serial0 no clns routing shutdown no ipx routing no ip address no vines routing
Logging In to the Router
Cisco IOS Software EXEC Mode • There are two main EXEC modes for entering commands.
Router User-Mode Command List wg_ro_c>? Exec commands: access-enable atmsig cd clear connect dir disable disconnect enable exit help lat lock login logout -- More --
Create a temporary Access-List entry Execute Atm Signalling Commands Change current device Reset functions Open a terminal connection List files on given device Turn off privileged commands Disconnect an existing network connection Turn on privileged commands Exit from the EXEC Description of the interactive help system Open a lat connection Lock the terminal Log in as a particular user Exit from the EXEC
– You can abbreviate a command to the fewest characters that make a unique character string.
Cisco IOS Software EXEC Mode (Cont.)
Router Privileged-Mode Command List wg_ro_c#? Exec commands: access-enable access-profile access-template bfe cd clear clock configure connect copy debug delete dir disable disconnect enable erase exit help -- More --
Create a temporary Access-List entry Apply user-profile to interface Create a temporary Access-List entry For manual emergency modes setting Change current directory Reset functions Manage the system clock Enter configuration mode Open a terminal connection Copy from one file to another Debugging functions (see also 'undebug') Delete a file List files on a filesystem Turn off privileged commands Disconnect an existing network connection Turn on privileged commands Erase a filesystem Exit from the EXEC Description of the interactive help system
• You can complete a command string by entering the unique character string, then pressing the Tab key.
•
Access to Configuration Interface configuration Mode Modes – Support commands for per-interface basis configuration – Promp looks like • Router(Config-if)#
• Subinterface Configuration Mode – Support command that configures multiple virtual (Logical) interfaces on single physical interfaces. – Prompts looks like • Router(config-subif)#
Router Configuration Mode
– Support commands that configures IP Routing Protocol – Prompt looks like • Router(Config-router)#
• IPX-router Configuration Mode – Support command that configures the Novell Network Layer Protocol – Prompts looks like • Router(config-router)#
Exiting Configuration Mode
• Exit command will take you one level back and eventually allowing you to log out.
• CTRL+Z can also be used instead of Exit command
Router Command Line Help Facilities Context-Sensitive Help
Console Error Messages
Provides a list of commands and the arguments associated with a specific command.
Identify problems with router commands incorrectly entered so that you can alter or correct them.
Command History Buffer Allows recall of long or complex commands or entries for reentry, review, or correction.
Router Context-Sensitive Help Router#
clok
Translating "CLOK" % Unknown command or computer name, or unable to find computer address Router# clear Router#
cl? clock clock
• Symbolic translation
% Incomplete command.
• Command prompting
Router#
• Last command recall
set Router#
clock ? Set the time and date clock set
% Incomplete command. Router# hh:mm:ss
Router Context-Sensitive Help (cont.) Router#
clok
Translating "CLOK" % Unknown command or computer unable to find computer address Router# clock name, set or 19:56:00
% Incomplete command. Router# clear
Router#
clock Router#
<1-31> MONTH
• Command prompting
clock set 19:56:00 ? Day of the month Month of the year
% Incomplete command.
Router#
clock set 19:56:00 04 8 ^
Router# set
Router#
Set%the time and input date Invalid
Router#
detected at the '^' marker
clock set 19:56:00 04 August command.
% Incomplete % command. Incomplete
Router#
Router# clock set 19:56:00 04 August ? hh:mm:ss <1993-2035> Current Time Year
• Syntax checking • Command prompting
Using Enhanced Editing Commands Router>Shape the future of internetworking by creating unpreced
Shape the future of internetworking by creating unprecedented value for customers, employees, and partners.
Using Enhanced Editing Commands Router>$ future of internetworking by creating unprecedented op
(Automatic scrolling of long lines).
Using Enhanced Editing Commands Router>Shape the value of internetworking by creating unpreced
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
<Esc-F>
Move forward one word.
Using Enhanced Editing Commands Router>$ value for customers, employees, and partners.
(Automatic scrolling of long lines).
Move to the beginning of the command line.
Move to the end of the command line.
<Esc-B>
Move back one word.
Move forward one character.
Move back one character.
<Esc-F>
Move forward one word.
Delete a single character.
Reviewing Router Command History Ctrl-P or Up arrow
Last (previous) command recall
Ctrl-N or Down arrow
More recent command recall
Router> show history
Show command buffer contents
Router> terminal history size lines
Set session command buffer size
show version Command wg_ro_a#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(3), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 08-Feb-99 18:18 by phanguye Image text-base: 0x03050C84, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE(fc1) wg_ro_a uptime is 20 minutes System restarted by reload System image file is "flash:c2500-js-l_120-3.bin" (output omitted) --More-Configuration register is 0x2102
Viewing the Configuration RAM
NVRAM
Config
Config
IOS show running-config
show startup-config Console
Setup utility
Setup saves the configuration to NVRAM
show running and show startup Commands In RAM
In NVRAM
wg_ro_c#show running-config Building configuration...
wg_ro_c#show startup-config Using 1359 out of 32762 bytes ! version 12.0 ! -- More --
Current configuration: ! version 12.0 ! -- More --
Display current and saved configuration
Overview of Router Modes •User EXEC mode
Router>enable
•Privileged EXEC mode
Router#config term
•Global configuration mode
Router(config)#
Configuration Mode
Ctrl-Z (end) Exit
Prompt
Interface Router(config-if)# Subinterface Router(config-subif)# Controller Router(config-controller)# Line Router(config-line)# Router Router(config-router)# IPX router Router(config-ipx-router)#
Saving Configurations wg_ro_c# wg_ro_c#copy running-config startup-config Destination filename [startup-config]? Building configuration… wg_ro_c#
Copy the current configuration to NVRAM
Configuring Router Identification Router Name Router(config)#hostname wg_ro_c wg_ro_c(config)#
Message of the Day Banner wg_ro_c(config)#banner motd # Accounting Department You have entered a secured system. Authorized access only! #
Sets local identity or message for the accessed router or interface
Configuring Router Identification Router Name Router(config)#hostname wg_ro_c wg_ro_c(config)#
Message of the Day Banner wg_ro_c(config)#banner motd # Accounting Department You have entered a secured system. Authorized access only! #
Interface Description wg_ro_c(config)#interface ethernet 0 wg_ro_c(config-if)#description Engineering LAN, Bldg. 18
– Sets local identity or message for the accessed router or interface
Router Password Configuration Console Password Router(config)#line console 0 Router(config-line)#login Router(config-line)#password cisco
Virtual Terminal Password Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password sanjose
Router Password Configuration Console Password Router(config)#line console 0 Router(config-line)#login Router(config-line)#password cisco
Virtual Terminal Password Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password sanjose
Enable Password Router(config)#enable password cisco
Secret Password Router(config)#enable secret sanfran
Other Console Line Commands Router(config)#line console 0 Router(config-line)#exec-timeout 0 0
• Prevents console session timeout Router(config)#line console 0 Router(config-line)#logging synchronous
• Redisplays interrupted console input
Configuring an Interface Router(config)#interface type number Router(config-if)#
• type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, and tunnel • number is used to identify individual interfaces Router(config)#interface type slot/port Router(config-if)#
• For modular routers Router(config-if)#exit
• Quit from current interface configuration mode
Configuring a Serial Interface •Enter global configuration mode
Specify interface
Router#configure term Router(config)#
Router(config)#interface serial 0 Router(config-if)#
Configuring a Serial Interface •Enter global configuration mode
Router#configure term Router(config)#
Specify interface
Router(config)#interface serial 0 Router(config-if)#
Set clock rate (on DCE interfaces only)
Router(config-if)#clock rate 64000 Router(config-if)#
Set bandwidth
Router(config-if)#bandwidth 64 Router(config-if)#exit Router(config)#exit Router#
Verifying Your Changes Router#show interface serial 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address addressisis10.140.4.2/24 10.140.4.2/24 MTU 1500 bytes, BWBW6464Kbit, Kbit,DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:09, output 00:00:04, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec (output omitted)
Disabling or Enabling an Interface Router#configure term Router(config)#interface serial 0 Router(config-if)#shutdown %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
Administratively turns off an interface Router#configure term Router(config)#interface serial 0 Router(config-if)#no shutdown %LINK-3-UPDOWN: Interface Seria0, changed state to up %LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up
Enables an interface that is administratively shutdown
Router show interfaces Command Router#show interfaces Ethernet0 is up, line protocol is up Hardware is Lance, address is 00e0.1e5d.ae2f (bia 00e0.1e5d.ae2f) Internet address is 10.1.1.11/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:07, output 00:00:08, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 81833 packets input, 27556491 bytes, 0 no buffer Received 42308 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored, 0 abort 0 input packets with dribble condition detected 55794 packets output, 3929696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 4 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
Interpreting Interface Status Router#show interfaces serial 1 Serial1 is up, line protocol is up Hardware is HD64570 Description: 64Kb Line to San Jose :: :: :: :: :: :: :: :: ::
Carrier Detect Operational.................. Connection problem... Interface problem........ Disabled ......................
Keepalives Serial1 Serial1 Serial1 Serial1
is is is is
up, line protocol is up up, line protocol is down down, line protocol is down administratively down, line protocol is down
Serial Interface show controller Command Router#show controller serial 0 HD unit 0, idb = 0x121C04, driver structure at 0x127078 buffer size 1524 HD unit 0, V.35 DTE cable . . .
Shows cable type of serial cables
© 2002, Cisco Systems, Inc. All rights reserved.
ROUTING
What is Routing? 10.120.2.0
172.16.1.0
•To route a router need to know: – Destination addresses – Sources it can learn from – Possible routes – Best route – Maintain and verify routing information
What is Routing? (cont.) 10.120.2.0 E0
172.16.1.0
S0
Network Protocol
Connected Learned
Destination Network 10.120.2.0 172.16.1.0
Exit Interface E0 S0
Routed Protocol: IP
– Routers must learn destinations that are not directly connected
Identifying Static and Dynamic Routes •Static Route Uses a route that a network administrator enters into the router manually
•Dynamic Route Uses a route that a network routing protocol adjusts automatically for topology or traffic changes
STATIC ROUTING • Static Routing: The administrator must handtype all network locations into the routing table. – In Static Routing, the administrator is responsible for updating all changes by hand into all routers.
IP Route command
ip route [destination_network ][mask ] [next_hop_address or exit interface ]
It is a Global configuration mode command. Above command is used for configuring routing table in Static Routing
Static Routing The following list describes each command in the string: ip route The command used to create the static route. destination network The network you are placing in the routing table. mask Indicates the subnet mask being used on the network. next hop address The address of the next hop router that will receive the packet and forward it to the remote network. This is a router interface that is on a directly connected network. You must be able to ping the router interface before you add the route.
Static Route Example Stub Network
172.16.1.0 SO
Network
A
172.16.2.2
172.16.2.1
B B
ip route 172.16.1.0 255.255.255.0 172.16.2.1
This is a unidirectional route. You must have a route configured in the opposite direction.
Default Routing • Default routing is used to send packets with a remote destination network not in the routing table to the next hop router. • You can only use default routing on stub networks, which means that they have only one exit port out of the network.
Default Routes Stub Network 172.16.1.0 SO
Network
A 172.16.2.2
172.16.2.1
BB
ip route 0.0.0.0 0.0.0.0 172.16.2.2
This route allows the stub network to reach all known networks beyond router A.
Static Routing • Static Routing is the process of an administrator manually adding routes in each router’s routing table. • Benefits of Static Routing – No overhead on the Router CPU – No Bandwidth usage between routers – Security (Administrator can allow routing to selected networks) • Disadvantage of Static Routing – The administrator must really understand the full internetwork to configure routes correctly. – If one network is added to the internetwork the administrator must add a route to it on all routers. – It is not feasible in large networks because it would be a full-time job.
© 2002, Cisco Systems, Inc. All rights reserved.
Dynamic Routing Basics
Routed versus Routing Protocols
• Routed protocols used between routers to direct user traffic; also called network protocols – Examples: IP, IPX, DECnet, AppleTalk, NetWare, OSI, VINES
• Routing protocols used between routers to maintain routing tables – Examples: RIP, IGRP, OSPF, BGP, EIGRP
Network Protocol
Protocol name
Destination Exit Port Network to Use 1.0 2.0 3.0
1.1 2.1 3.1
DYNAMIC ROUTING • Dynamic Routing: Dynamic routing is the process of routing protocols running on the router communicating with neighbor routers. – If a change occurs in the network the dynamic routing protocols automatically inform all routers about the change.
Dynamic Routing • Most internetworks use dynamic routing
A
X
D
A
B
X C
A network change blocks the established path...
D
B C
…and an alternate route is found dynamically.
Routing Protocols
© 1999, Cisco Systems, Inc.
www.cisco.com
What is a Routing Protocol? 10.120.2.0
•
•
Routing protocols are used between routers to determine paths and maintain routing tables. Once the path is determined a router can route a routed protocol.
E0
Network Protocol
Connected RIP IGRP
172.16.1.0
S0
Destination Network 10.120.2.0 172.16.2.0 172.17.3.0
Exit Interface E0 S0 S1
Routed Protocol: IP Routing protocol: RIP, IGRP
172.17.3.0
Autonomous Systems: Interior or Exterior Routing Protocols IGPs: RIP, IGRP
EGPs: BGP
Autonomous System 100
Autonomous System 200
– An autonomous system is a collection of networks under a common administrative domain – IGPs operate within an autonomous system – EGPs connect different autonomous systems
Administrative Distance: Ranking Routes I need to send a packet to Network E. Both router B and C will get it there. Which route is best?
IGRP Administrative Distance=100 Router A
Router B
RIP Administrative Distance=120
E Router C
Router D
Distance Vector versus Link State • Distance vector – Sends routing table info only to neighbors, so change communication may need one min/router – Also called “routing by rumor” – Easy to configure, but slow
• Link state – Floods routing information about itself to all nodes, so changes are known immediately – Efficient, but complex to configure • Cisco’s EIGRP hybrid – Efficient and easy to configure
Routing Protocol Evolutions EIGRP
IGRP
RIP • Distance vector • Most common IGP • Uses hop count
• Distance vector • Developed by Cisco • Addresses problems in large, heterogeneous networks
• Hybrid protocol • Developed by Cisco • Superior convergence and operating efficiency • Merges benefits of link state & distance vector
OSPF
Distance Vector Hybrid Link State
• Link state, hierarchical • Successor to RIP • Uses least-cost routing, multipath routing, and load balancing • Derived from IS-IS
Classes of Routing Protocols B
Distance Vector
A
C D
Hybrid Routing
B A
C D
Link State
Distance Vector Routing Protocols B A
C Distance—How far Vector—In which direction
D
D
C
B
A
Routing Table
Routing Table
Routing Table
Routing Table
•Pass periodic copies of routing table to neighbor routers and accumulate distance vectors
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
•Routers discover the best path to destinations from each neighbor
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.1.0.0
S0
1
•Routers discover the best path to destinations from each neighbor
Distance Vector—Sources of Information and Discovering Routes 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
S0
10.3.0.0 B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0
S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0
S1
0
10.4.0.0
E0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S0
1
10.1.0.0
S0
2
•Routers discover the best path to destinations from each neighbor
Distance Vector—Selecting Best Route with Metrics A
IGRP Bandwidth 56
Delay
RIP Hop count
T1
56
T1 B
Information used to select the best path for routing
Distance Vector—Maintaining Routing Information Process to update this routing table
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Distance Vector—Maintaining Routing Information Process to update this routing table Router A sends out this updated routing table after the next period expires
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Distance Vector—Maintaining Routing Information Process to update this routing table
B
Process to update this routing table
Router A sends out this updated routing table after the next period expires
A
•Updates proceed step-by-step from router to router
Topology change causes routing table update
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0
E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0 E0
0
10.3.0.0
S0
1
10.4.0.0 S1
1
10.2.0.0 S0
1
10.4.0.0
S0
2
10.1.0.0 S0
1
10.1.0.0 S0
2
•Each node maintains the distance from itself to each possible destination network
Maintaining Routing Information Problem—Routing Loops 10.1.0.0
10.2.0.0 A
E0
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 E0 Down
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S0
1
10.1.0.0
S0
2
• Slow convergence produces inconsistent routing
0
X
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0 S0
2
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
S1
1
10.1.0.0
S0
2
Router C concludes that the best path to network 10.4.0.0 is through Router B
X
Maintaining Routing Information Problem—Routing Loops 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 S0
2
10.3.0.0
S0
1
10.4.0.0 S1
3
10.2.0.0
S0
1
10.4.0.0
S0
4
10.1.0.0 S0
1
10.1.0.0
S0
2
Router A updates its table to reflect the new but erroneous hop count
X
Symptom: Counting to Infinity 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0 S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0 S0
4
10.3.0.0
S0
1
10.4.0.0
S1
5
10.2.0.0
S0
1
10.4.0.0
S0
6
10.1.0.0
S0
1
10.1.0.0
S0
2
• Packets for network 10.4.0.0 bounce between routers A, B, and C • Hop count for network 10.4.0.0 counts to infinity
X
Solution: Defining a Maximum 10.1.0.0
10.2.0.0
E0
A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
S0
16
10.3.0.0
S0
1
10.4.0.0
S1
16
10.2.0.0
S0
1
10.4.0.0
S0
16
10.1.0.0
S0
1
10.1.0.0
S0
2
•Define a limit on the number of hops to prevent infinite loops
X
Solution: Split Horizon 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
X
10.3.0.0
S0
B
S1
Routing Table
X
10.4.0.0 S0
C
E0
X
Routing Table
10.1.0.0
E0
0
10.2.0.0 S0
0
10.3.0.0
S0
0
10.2.0.0
S0
0
10.3.0.0 S1
0
10.4.0.0
S0
0
10.3.0.0
S0
1
10.4.0.0
S1
1
10.2.0.0
S0
1
10.4.0.0
S0
2
10.1.0.0
E1
2
10.1.0.0
S0
2
•It is never useful to send information about a route back in the direction from which the original packet came
Solution: Route Poisoning 10.1.0.0 E0
10.2.0.0 A
S0
Routing Table
10.3.0.0
S0
B
S1
Routing Table
10.4.0.0 S0
C
E0
X
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
10.3.0.0
S0
1
10.4.0.0 S1
1
10.2.0.0
S0 Infinity 1 S0
10.4.0.0
S0
2
10.1.0.0 E1
2
10.1.0.0
S0
0
2
•Routers set the distance of routes that have gone down to infinity
Solution: Poison Reverse 10.1.0.0 E0
10.2.0.0 A
S0
10.3.0.0
S0
B
S1
10.4.0.0 S0
C
E0
Poison Reverse Routing Table
Routing Table
Routing Table
10.1.0.0 E0
0
10.2.0.0 S0
0
10.3.0.0
S0
10.2.0.0 S0
0
10.3.0.0 S1
0
10.4.0.0
10.3.0.0
S0
1
10.4.0.0 S1
Possibly Down
10.2.0.0
S0 Infinity 1 S0
10.4.0.0
S0
2
10.1.0.0 E1
2
10.1.0.0
S0
• Poison Reverse overrides split horizon
0
2
X
Solution: Hold-Down Timers Network 10.4.0.0 is unreachable
Update after hold-down Time
10.1.0.0
10.2.0.0
E0
A
S0
Update after hold-down Time
S0
10.3.0.0 B
S1
10.4.0.0 S0
C
E0
X
Network 10.4.0.0 is down then back up then back down
•Router keeps an entry for the network possibly down state, allowing time for other routers to recompute for this topology change
Solution: Triggered Updates Network 10.4.0.0 is unreachable
Network 10.4.0.0 is unreachable
10.1.0.0 E0
Network 10.4.0.0 is unreachable
10.2.0.0 A
S0
S0
10.3.0.0 B
S1
10.4.0.0 S0
C
E0
•Router sends updates when a change in its routing table occurs
X
Implementing Solutions in Multiple Routes D
10.4.0.0 E
B
A
X
C
Implementing Solutions in Multiple Routes (cont.) Holddown
D
10.4.0.0 E
B
Holddown
A Holddown
X
C
Implementing Solutions in Multiple Routes (cont.) Holddown Poison Reverse
D Poison Reverse
10.4.0.0 E
B
X
Holddown
Poison Reverse Poison Reverse
A Holddown
C
Implementing Solutions in Multiple Routes (cont.) Holddown
D
10.4.0.0 E
B
Holddown Packet for Network 10.4.0.0
Packet for Network 10.4.0.0
A Holddown
X
C
Implementing Solutions in Multiple Routes (cont.) D
10.4.0.0 E
B
A
Link up!
C
Implementing Solutions in Multiple Routes (cont.) D
10.4.0.0 E
B
A
Link up!
C
Link-State Routing Protocols B C
A D Link-State Packets
Topological Database
Routing Table
SPF Algorithm
Shortest Path First Tree
•
After initial flood, pass small event-triggered link-state updates to all other routers
Hybrid Routing Choose a routing path based on distance vectors Balanced Hybrid Routing Converge rapidly using change-based updates
•Share attributes of both distance-vector and link-state routing
IP Routing Configuration Tasks Network 172.16.0.0
• Router configuration – Select routing protocols – Specify networks or interfaces
RIP IGRP, RIP
IGRP Network 160.89.0.0
RIP
Network 172.30.0.0
Dynamic Routing Configuration Router(config)#router protocol [keyword]
– Defines an IP routing protocol Router(config-router)#network network-number • Mandatory configuration command for each IP routing process • Identifies the physically connected network that routing updates are forwarded to
RIP Overview
19.2 kbps T1
T1 T1
– Hop count metric selects the path – Routes update every 30 seconds
RIP Configuration Router(config)#router rip – Starts the RIP routing process
Router(config-router)#network network-number • Selects participating attached networks • The network number must be a major classful network number
RIP Configuration Example E0 172.16.1.0
S2
S2
A 172.16.1.1 10.1.1.1
2.3.0.0 router rip network 172.16.0.0 network 10.0.0.0
10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
2.3.0.0 router rip network 192.168.1.0 network 10.0.0.0
router rip network 10.0.0.0
Verifying the Routing Protocol— RIP E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Ethernet0 1 1 2 Serial2 1 1 2 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 120 00:00:10 Distance: (default is 120)
192.168.1.0
Displaying the IP Routing Table E0
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
C R C R
172.16.0.0/24 is subnetted, 1 subnets 172.16.1.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 [120/1] via 10.1.1.2, 00:00:07, Serial2 10.1.1.0 is directly connected, Serial2 192.168.1.0/24 [120/2] via 10.1.1.2, 00:00:07, Serial2
debug ip rip Command E0
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#debug ip rip RIP protocol debugging is on RouterA# 00:06:24: RIP: received v1 update from 10.1.1.2 on Serial2 00:06:24: 10.2.2.0 in 1 hops 00:06:24: 192.168.1.0 in 2 hops 00:06:33: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:06:34: network 10.0.0.0, metric 1 00:06:34: network 192.168.1.0, metric 3 00:06:34: RIP: sending v1 update to 255.255.255.255 via Serial2 (10.1.1.1) 00:06:34: network 172.16.0.0, metric 1
192.168.1.0
Introduction to IGRP IGRP
– More scalable than RIP – Sophisticated metric – Multiple-path support
IGRP Composite Metric 19.2 kbps
19.2 kbps
Source
Destination
–Bandwidth –Delay –Reliability –Loading –MTU
IGRP Unequal Multiple Paths New Route
Source
Initial Route
Destination
– Maximum six paths – Next-hop router closer to destination – Within metric variance
Configuring IGRP
Router(config)#router igrp autonomous-system • Defines IGRP as the IP routing protocol
Router(config-router)#network network-number • Selects participating attached networks
Configuring IGRP (cont.)
Router(config-router)#variance multiplier
• Control IGRP load balancing
Router(config-router)#traffic-share { balanced | min } • Control how load-balanced traffic is distributed
IGRP Configuration Example Autonomous System = 100 E0 172.16.1.0
S2
S2
A 172.16.1.1 10.1.1.1
router igrp 100 network 172.16.0.0 network 10.0.0.0
10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
router igrp 100 network 192.168.1.0 network 10.0.0.0
router igrp 100 network 10.0.0.0
Verifying the Routing Protocol— IGRP E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3
B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterA#sh ip protocols Routing Protocol is "igrp 100" Sending updates every 90 seconds, next due in 21 seconds Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Default networks flagged in outgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 100 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.1.2 100 00:01:01 Distance: (default is 100)
192.168.1.0
Displaying the IP Routing Table E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
C I C I
172.16.0.0/24 is subnetted, 1 subnets 172.16.1.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 2 subnets 10.2.2.0 [100/90956] via 10.1.1.2, 00:00:23, Serial2 10.1.1.0 is directly connected, Serial2 192.168.1.0/24 [100/91056] via 10.1.1.2, 00:00:23, Serial2
debug ip igrp transaction Command E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp transactions IGRP protocol debugging is on RouterA# 00:21:06: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:21:06: network 10.0.0.0, metric=88956 00:21:06: network 192.168.1.0, metric=91056 00:21:07: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:21:07: network 172.16.0.0, metric=1100 00:21:16: IGRP: received update from 10.1.1.2 on Serial2 00:21:16: subnet 10.2.2.0, metric 90956 (neighbor 88956) 00:21:16: network 192.168.1.0, metric 91056 (neighbor 89056)
debug ip igrp events Command E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA#debug ip igrp events IGRP event debugging is on RouterA# 00:23:44: IGRP: sending update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:23:44: IGRP: Update contains 0 interior, 2 system, and 0 exterior routes. 00:23:44: IGRP: Total routes in update: 2 00:23:44: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:23:45: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes. 00:23:45: IGRP: Total routes in update: 1 00:23:48: IGRP: received update from 10.1.1.2 on Serial2 00:23:48: IGRP: Update contains 1 interior, 1 system, and 0 exterior routes. 00:23:48: IGRP: Total routes in update: 2
Updating Routing Information Example E0
172.16.1.0
X
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3
B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterA# debug ip igrp trans 00:31:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 00:31:15: IGRP: edition is now 3 00:31:15: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.1) 00:31:15: network 172.16.0.0, metric=4294967295 00:31:16: IGRP: Update contains 0 interior, 1 system, and 0 exterior routes. 00:31:16: IGRP: Total routes in update: 1 00:31:16: IGRP: broadcasting request on Serial2 00:31:16: IGRP: received update from 10.1.1.2 on Serial2 00:31:16: subnet 10.2.2.0, metric 90956 (neighbor 88956) 00:31:16: network 172.16.0.0, metric 4294967295 (inaccessible) 00:31:16: network 192.168.1.0, metric 91056 (neighbor 89056) 00:31:16: IGRP: Update contains 1 interior, 2 system, and 0 exterior routes. 00:31:16: IGRP: Total routes in update: 3
Updating Routing Information Example (cont.) E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#debug ip igrp trans IGRP protocol debugging is on RouterB# 1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2) 1d19h: subnet 10.2.2.0, metric=88956 1d19h: network 192.168.1.0, metric=89056 1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2) 1d19h: subnet 10.1.1.0, metric=88956 1d19h: network 172.16.0.0, metric=89056 1d19h: IGRP: received update from 10.1.1.1 on Serial2 1d19h: network 172.16.0.0, metric 4294967295 (inaccessible) 1d19h: IGRP: edition is now 10 1d19h: IGRP: sending update to 255.255.255.255 via Serial2 (10.1.1.2) 1d19h: subnet 10.2.2.0, metric=88956 1d19h: network 172.16.0.0, metric=4294967295 1d19h: network 192.168.1.0, metric=89056 1d19h: IGRP: sending update to 255.255.255.255 via Serial3 (10.2.2.2) 1d19h: subnet 10.1.1.0, metric=88956 1d19h: network 172.16.0.0, metric=4294967295
Updating Routing Information Example (cont.) E0
X
172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
192.168.1.0
RouterB#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2 10.0.0.0/24 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial2 C 10.2.2.0 is directly connected, Serial3 I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:14, Serial3 RouterB#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) RouterB#
Updating Routing Information Example (cont.) E0 172.16.1.0
S2
A 172.16.1.1 10.1.1.1
S2 10.1.1.2
S3 B
S3
E0
C 10.2.2.2 10.2.2.3 192.168.1.1
RouterB#debug ip igrp transactions RouterB# 1d20h: IGRP: received update from 10.1.1.1 on Serial2 1d20h: network 172.16.0.0, metric 89056 (neighbor 1100) RouterB# RouterB#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set
I
172.16.0.0/16 is possibly down, routing via 10.1.1.1, Serial2 10.0.0.0/24 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial2 C 10.2.2.0 is directly connected, Serial3 I 192.168.1.0/24 [100/89056] via 10.2.2.3, 00:00:18, Serial3 RouterB#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
192.168.1.0
EIGRP Overview © 2000, Cisco Systems, Inc.
www.cisco.com
6-412
What Is Enhanced IGRP (EIGRP)? IP Routing Protocols AppleTalk Routing Protocol
IP Routing Protocols Enhanced IGRP
IPX Routing Protocols
AppleTalk Routing Protocol
IPX Routing Protocols
– EIGRP supports: • Rapid convergence • Reduced bandwidth usage • Multiple network-layer protocols
EIGRP Features • • • • •
Advanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF
EIGRP Features (cont.) • Incremental updates • Supports VLSM and discontiguous networks • Classless routing • Compatible with existing IGRP networks • Protocol independent (supports IPX and AppleTalk)
Advantages of EIGRP • Uses multicast instead of broadcast • Utilizes link bandwidth and delay – EIGRP metric = IGRP metric x 256 (32 bit vs. 24 bit)
• Unequal cost path load balancing • More flexible than OSPF – Manual summarization can be done in any interface at any router within the network
EIGRP Support for Route Summarization 172.16.0.0 /24
172.16.0.0 /16
192.168.42.0 /27
10.0.0.0 /18
172.16.0.0 /16 192.168.42.0 /24
• EIGRP performs route summarization – Classful network boundaries (default) – Arbitrary network boundaries (manual)
EIGRP Packets • Hello: Establish neighbor relationships • Update: Send routing updates • Query: Ask neighbors about routing information • Reply: Response to query about routing information • ACK: Acknowledgement of a reliable packet
EIGRP Neighbor Relationship • Two routers become neighbors when they see each other’s hello packet – Hello address = 224.0.0.10 • Hellos sent once every 5 seconds on the following links: – Broadcast media: Ethernet, Token Ring, FDDI – Point-to-point serial links: PPP, HDLC, point-to-point Frame Relay/ATM subinterfaces – Multipoint circuits with bandwidth greater than T1: ISDN PRI, Frame Relay
EIGRP Neighbor Relationship (cont.) • Hellos sent once every 60 seconds on the following links: – Multipoint circuits with bandwidth less than T1: ISDN BRI, Frame Relay, and so on
• Neighbor declared dead when no EIGRP packets are received within hold interval – Not only hello can reset the hold timer
• Hold time by default is three times the hello time
EIGRP Neighbor Relationship (cont.) • EIGRP will form neighbors even though hello time and hold time don’t match • EIGRP sources hello packets from primary address of the interface • EIGRP will not form neighbor if K-values are mismatched • EIGRP will not form neighbor if AS numbers are mismatched
What Is in a Neighbor Table? p2r2
p2r2#show ip eigrp neighbors IP-EIGRP neighbors for process 400 H Address Interface Hold Uptime (sec) 1 172.68.2.2 To0 13 02:15:30 0 172.68.16.2 Se1 10 02:38:29
SRTT (ms) 8 29
RTO Q Seq Cnt Num 200 0 9 200 0 6
EIGRP Reliability • EIGRP reliable packets are packets that require explicit acknowledgement: – Update – Query – Reply
• EIGRP unreliable packets are packets that do not require explicit acknowledgement: – Hello – ACK
EIGRP Reliability (cont.) • The router keeps a neighbor list and a retransmission list for every neighbor • Each reliable packet (update, query, reply) will be retransmitted when packet is not acknowledged • Neighbor relationship is reset when retry limit (limit = 16) for reliable packets is reached
Initial Route Discovery A 1 Hello
B I am router A, who is on the link?
Initial Route Discovery A 1 Hello
B I am router A, who is on the link?
Here is my complete routing information. Update
3
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
3 5
Ack
Thanks for the information!
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
Update Here is my complete route information.
6
2
Initial Route Discovery B
A 1 Hello
I am router A, who is on the link?
Here is my complete routing information. Update
4 Topology Table
3 5
Ack
Thanks for the information!
Update Here is my complete route information.
Thanks for the information!
Converged
Ack
6
2
EIGRP Route Selection IP
IP A
AppleTalk
T1
B
19.2
T1
AppleTalk IPX
IPX T1 C
D
• EIGRP uses a composite metric to pick the best path
EIGRP Metrics Calculation • Metric = [K1 x BW + (K2 x BW) / (256 - load) + K3 x delay] x [K5 / (reliability + K4)] – By default: K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0
• Delay is sum of all the delays of the links along the paths – Delay = [Delay in 10s of microseconds] x 256
• Bandwidth is the lowest bandwidth of the links along the paths – Bandwidth = [10000000 / (bandwidth in Kbps)] x 256
• By default, metric = bandwidth + delay
EIGRP DUAL • Diffusing Update Algorithm (DUAL) • Finite-state machine – Tracks all routes advertised by neighbors – Select loop-free path using a successor and remember any feasible successors – If successor lost: • Use feasible successor
– If no feasible successor: • Query neighbors and recompute new successor
DUAL Example (Start) (a)
C (a)
A (1) (1) B
D (2)
(2)
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (a)
C (a)
A (1) (1) B
X
(2)
(2)
D
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (cont.) (a)
C (a)
via B via D via E
A (1)
B
D (2)
(2)
Q
(1)
Q
(1) C
EIGRP
E
FD AD 3 3 1 4
3
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
5
Topology (fd) (Successor)
3
Topology (fd) (q) (q)
Topology (fd) (Successor)
DUAL Example (cont.) (a)
C (a)
FD AD 3 3 1
Topology (fd) (Successor)
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
Topology (fd) (q)
E EIGRP (a) **ACTIVE** via D via C
FD AD -1
Topology (fd)
4
(q)
via B via D via E
A (1)
B
D (2)
(2)
R
Q
5
3
(1)
(1) C
EIGRP
E
3
DUAL Example (cont.) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) **ACTIVE** via E via C
FD AD -1
Topology (fd) (q)
E EIGRP (a) via C via D
FD AD 4 4 3
5
3
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
R
E
Topology (fd) (Successor)
DUAL Example (cont.) (a)
C (a)
(1)
B
D R (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
DUAL Example (cont.) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
DUAL Example (Start) (a)
C (a)
A (1) (1) B
D (2)
(2)
via B via D via E
FD AD 3 3 1 4 2 4 3
Topology (fd) (Successor) (fs)
D EIGRP (a) via B via C
FD AD 2 2 1 5 3
Topology (fd) (Successor)
E EIGRP (a) via D via C
FD AD 3 3 2 4 3
Topology (fd) (Successor)
(1)
(1) C
EIGRP
E
DUAL Example (End) (a)
C (a)
(1)
B
D (2)
Topology (fd) (Successor)
D EIGRP (a) via C via E
FD AD 5 5 3 5 4
Topology (fd) (Successor) (Successor)
E EIGRP (a) via C via D
FD AD 4 4 3
Topology (fd) (Successor)
(1)
(1) C
FD AD 3 3 1
via B via D via E
A
(2)
EIGRP
E
EIGRP Load Balancing • Routes with metric equal to the minimum metric will be installed in the routing table (equal-cost load balancing) • Up to six entries in the routing table for the same destination – Number of entries is configurable – Default is four
EIGRP Unequal-Cost Load Balancing • EIGRP offers unequal-cost load balancing – variance command
• Variance allows the router to include routes with a metric smaller than multiplier times the minimum metric route to that destination – Multiplier is the number specified by the variance command
Variance Example 20
B
10 E
10 10 A
C
Network Z
(config)#
variance 2
25
20
D
• Router E will choose Router C to get to Network Z because FD = 20 • With variance of 2, Router E will also choose Router B to get to Network Z (20 + 10) < (2 x [FD]) • Router D will not be used to get to Network Z (45 > 40)
Configuring EIGRP © 2000, Cisco Systems, Inc.
www.cisco.com
6-446
Configuring EIGRP for IP AS = 109
10.4.0.0 Token
172.16.6.0
Ring
172.16.7.0
192.168.1.0
S0
172.16.5.0
S1
T0
10.1.0.0
E
A
172.16.2.0 S2
172.16.1.0
B D
10.2.0.0
172.16.3.0
C
Token Ring
172.16.4.0
router eigrp 109 network 10.0.0.0 network 172.16.0.0
• Network 192.168.0.0 is not configured on Router A because it is not directly connected to Router A
EIGRP Summarization—Automatic • Purpose: Smaller routing tables, smaller updates, query boundary • Autosummarization: – On major network boundaries, subnetworks are summarized to a single classful (major) network – Autosummarization is turned on by default
172.17.X.X
172.16.X.X 172.16.0.0/16
EIGRP Summarization—Manual • Manual summarization – Configurable on a per-interface basis in any router within network – When summarization is configured on an interface, the router immediate creates a route pointing to null zero • Loop prevention mechanism
– When the last specific route of the summary goes away, the summary is deleted – The minimum metric of the specific routes is used as the metric of the summary route
Configuring Summarization (config-router)#
no auto-summary
• Turns off autosummarization for the EIGRP process (config-if)#
ip summary-address eigrp
• Creates a summary address to be generated by this interface
Summarizing EIGRP Routes 192.168.4.2 172.16.1.0
A
10.0.0.0
S0 C
172.16.2.0
router eigrp 1 network 10.0.0.0 network 172.16.0.0 no auto-summary
B
World
Verifying EIGRP Operation © 2000, Cisco Systems, Inc.
www.cisco.com
6-452
Verifying EIGRP Operation Router#
show ip eigrp neighbors Router#
show ip eigrp topology Router#
show ip route eigrp Router#
show ip protocols Router#
show ip eigrp traffic
– Displays the neighbors discovered by IP EIGRP – Displays the IP EIGRP topology table – Displays current EIGRP entries in the routing table – Displays the parameters and current state of the active routing protocol process – Displays the number of IP EIGRP packets sent and received
Verifying EIGRP Operation (cont.) Router#
debug eigrp packet Router#
debug eigrp neighbor Router#
debug ip eigrp route Router#
debug ip eigrp summary Router#
show ip eigrp events
– Displays all types of EIGRP packets, both sent and received – Displays the EIGRP neighbor interaction – Displays advertisements and changes EIGRP makes to the routing table – Displays a brief report of the EIGRP routing activity – Displays the different categories of EIGRP activity, including route calculations
© 2002, Cisco Systems, Inc. All rights reserved.
ACCESS-LISTS
Why Use Access Lists?
Token Ring FDDI
– Manage IP Traffic as network access grows
Why Use Access Lists? 172.16.0.0
Internet
Token Ring FDDI
172.17.0.0
– Manage IP traffic as network access grows – Filter packets as they pass through the router
Access List Applications Transmission of packets on an interface
Virtual terminal line access (IP)
– Permit or deny packets moving through the router – Permit or deny vty access to or from the router – Without access lists all packets could be transmitted onto all parts of your network
Other Access List Uses Priority and custom queuing Queue List
Special handling for traffic based on packet tests
Other Access List Uses Priority and custom queuing Queue List
Dial-on-demand routing
Special handling for traffic based on packet tests
What Are Access Lists? E0 Incoming Packet
Access List Processes Outgoing Packet
Source Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
What Are Access Lists? E0
Access List Processes
Incoming Packet
Protocol
Source and Destination
Outgoing Packet Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
– Extended – Checks Source and Destination address – Generally permits or denies specific protocols
What Are Access Lists? E0
Access List Processes
Incoming Packet
Protocol
Source and Destination
Outgoing Packet Permit?
S0
– Standard – Checks Source address – Generally permits or denies entire protocol suite
– Extended – Checks Source and Destination address – Generally permits or denies specific protocols
• Inbound or Outbound
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
Outbound Interfaces
Routing Table Entry
? N
S0
Access N List ? Y
Packet Discard Bucket
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
N
Outbound Interfaces
Test Access List Statements
Routing Table Entry
?
S0
Access N List ? Y
Packet Discard Bucket
E0
Packet Permit ?
Y
Outbound Access Lists Packet Inbound Interface Packets
Y
Choose Interface
N
Outbound Interfaces
Test Access List Statements
Routing Table Entry
?
S0
Access N List ?
E0
Packet Permit ?
Y
Y N
Discard Packet Notify Sender
Packet Discard Bucket If no access list statement matches then discard the packet
A List of Tests: Deny or Permit Packets to interfaces in the access group
Match First Test Y Y ?
Deny
Permit Destination Interface(s)
Packet Discard Bucket
Deny
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Permit Y
Match Next Test(s) ?
Y
Permit
Destination Interface(s)
Packet Discard Bucket
Deny
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Deny
Packet Discard Bucket
Permit Y
Y
Match Next Test(s) ? N Match Last Test ?
Deny
Y
Permit
Destination Interface(s)
Y
Permit
A List of Tests: Deny or Permit Match First Test Y Y ? N
Packets to Interface(s) in the Access Group
Deny Deny
Deny
Packet Discard Bucket
Permit Y
Y
Match Next Test(s) ? N
Y
Match Y Last Test ? N Implicit Deny
Deny
Permit
Destination Interface(s)
Permit
If no match deny all
Access List Configuration Guidelines – – – – –
Access list numbers indicate which protocol is filtered One access list per interface, per protocol, per direction The order of access list statements controls testing Most restrictive statements should be at the top of list There is an implicit deny any as the last access list test— every list should have at least one permit statement – Create access lists before applying them to interfaces – Access list, filter traffic going through the router; they do not apply to traffic originated from the router
Access List Command Overview Step 1: Set parameters for this access list test statement (which can be one of several statements) Router(config)# access-list access-list-number { permit | deny } { test conditions }
Access List Command Overview Step 1: Set parameters for this access list test statement (which can be one of several statements) Router(config)# access-list access-list-number { permit | deny } { test conditions }
Step 2: Enable an interface to use the specified access list Router(config-if)# { protocol } access-group access-list-number {in | out}
IP Access lists are numbered 1-99 or 100-199
How to Identify Access Lists Access List Type IP
Standard
Number Range/Identifier 1-99
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses
How to Identify Access Lists Access List Type IP
Standard Extended
Number Range/Identifier 1-99 100-199
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses – Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports
How to Identify Access Lists Access List Type
Number Range/Identifier
IP
Standard Extended Named
1-99 100-199 Name (Cisco IOS 11.2 and later)
IPX
Standard Extended SAP filters Named
800-899 900-999 1000-1099 Name (Cisco IOS 11.2. F and later)
– Standard IP lists (1 to 99) test conditions of all IP packets from source addresses – Extended IP lists (100 to 199) can test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports – Other access list number ranges test conditions for other networking protocols
Testing Packets with Standard Access Lists Frame Header (for example, HDLC)
Packet (IP header)
Segment (for example, TCP header)
Source Address
Data
Use access list statements 1-99 Deny
Permit
Testing Packets with Extended Access Lists • An Example from a TCP/IP Packet Frame Header (for example, HDLC)
Packet (IP header)
Segment (for example, TCP header)
Data
Port Number Protocol Source Address Destination Address Deny
Use access list statements 1-99 or 100-199 to test the packet
Permit
Wildcard Bits: How to Check the Corresponding Address Bits 128
64
32
16
8
4
2
Octet bit position and address value for bit
1
0
0
0
0
0
0
0
0
=
Examples check all address bits (match all)
0
0
1
1
1
1
1
1
=
ignore last 6 address bits
0
0
0
0
1
1
1
1
=
ignore last 4 address bits
1
1
1
1
1
1
0
0
=
check last 2 address bits
1
1
1
1
1
1
1
1
=
do not check address (ignore bits in octet)
– 0 means check corresponding address bit value – 1 means ignore value of corresponding address bit
Wildcard Bits to Match a Specific IP Host Address Test conditions: Check all the address bits (match all) An IP host address, for example: 172.30.16.29 Wildcard mask: 0.0.0.0 (checks all bits)
– Example 172.30.16.29 0.0.0.0 checks all the address bits – Abbreviate this wildcard mask using the IP address preceded by the keyword host (host 172.30.16.29)
Wildcard Bits to Match Any IP Address Test conditions: Ignore all the address bits (match any) Any IP address 0.0.0.0
Wildcard mask: 255.255.255.255 (ignore all)
– Accept any address: 0.0.0.0 255.255.255.255 – Abbreviate the expression using the keyword any
Wildcard Bits to Match IP Subnets Check for IP subnets 172.30.16.0/24 to 172.30.31.0/24 Address and wildcard mask: 172.30.16.0 0.0.15.255 Network .host 172.30.16.0
Wildcard mask:
0
0
0
1
0
0
0
0
0
0
0
0
1
1
1
1
|<---- match ---->|<----- don’t care ----->| 0
0
0
1
0
0
0
0
=
16
0
0
0
1
0
0
0
1
=
17
0
0
0
1
0
0
1
0
=
18
: 0
0
0
1
: 1
1
1
1
=
31
Configuring Standard IP Access Lists © 1999, Cisco Systems, Inc.
www.cisco.com
10-484
Standard IP Access List Configuration Router(config)# access-list access-list-number {permit|deny} source [mask] • Sets parameters for this list entry • IP standard access lists use 1 to 99 • Default wildcard mask = 0.0.0.0 • “no access-list access-list-number” removes entire access-list
Standard IP Access List Configuration Router(config)# access-list access-list-number {permit|deny} source [mask] • Sets parameters for this list entry • IP standard access lists use 1 to 99 • Default wildcard mask = 0.0.0.0 • “no access-list access-list-number” removes entire access-list
Router(config-if)# ip access-group access-list-number – – – –
{ in | out }
Activates the list on an interface Sets inbound or outbound testing Default = Outbound “no ip access-group access-list-number” removes access-list from the interface
Standard IP Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255)
Standard IP Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 permit 172.16.0.0 0.0.255.255 (implicit deny all - not visible in the list) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out interface ethernet 1 ip access-group 1 out
Permit my network only
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0
Deny a specific host
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255)
Deny a specific host
Standard IP Access List Example 2 Non172.16.0.0
172.16.3.0
172.16.4.0
S0 E0
E1
172.16.4.13
access-list 1 deny 172.16.4.13 0.0.0.0 access-list 1 permit 0.0.0.0 255.255.255.255 (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out
Deny a specific host
Standard IP Access List Example 3 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255 access-list 1 permit any (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255)
Deny a specific subnet
Standard IP Access List Example 3 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 1 deny 172.16.4.0 0.0.0.255 access-list 1 permit any (implicit deny all) (access-list 1 deny 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 1 out
Deny a specific subnet
Control vty Access With Access Class © 1999, Cisco Systems, Inc.
www.cisco.com
10-494
Filter Virtual Terminal (vty) Access to a Router e0
console Console port (direct connect)
0 1 2 34
Physical port e0 (Telnet)
Virtual ports (vty 0 through 4)
– Five virtual terminal lines (0 through 4) – Filter addresses that can access into the router’s vty ports – Filter vty access out from the router
How to Control vty Access e0
0 1 2 34 Physical port (e0) (Telnet) Router#
Virtual ports (vty 0 through 4)
– Setup IP address filter with standard access list statement – Use line configuration mode to filter access with the access-class command – Set identical restrictions on all vtys
Virtual Terminal Line Commands Router(config)#
• line vty#{vty# | vty-range}
– Enters configuration mode for a vty or vty range Router(config-line)#
• access-class access-list-number {in|out}
– Restricts incoming or outgoing vty connections for address in the access list
Virtual Terminal Access Example Controlling Inbound Access
• access-list 12 permit 192.89.55.0 0.0.0.255 • ! • line vty 0 4 • access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to the router’s vtys
Configuring Extended IP Access Lists © 1999, Cisco Systems, Inc.
www.cisco.com
10-499
Standard versus External Access List Standard
Extended
Filters Based on Source.
Filters Based on Source and destination.
Permit or deny entire TCP/IP protocol suite.
Specifies a specific IP protocol and port number.
Range is 1 through 99
Range is 100 through 199.
Extended IP Access List Configuration Router(config)# access-list access-list-number { permit | deny } protocol source source-wildcard [operator port] destination destination-wildcard [ operator port ] [ established ] [log]
– Sets parameters for this list entry
Extended IP Access List Configuration Router(config)# { permit | deny [operator port] [ operator port
access-list access-list-number } protocol source source-wildcard destination destination-wildcard ] [ established ] [log]
– Sets parameters for this list entry Router(config-if)# ip access-group access-listnumber { in | out }
• Activates the extended list on an interface
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255)
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 1 172.16.3.0
Non172.16.0.0
S0 E0
E1
172.16.4.0 172.16.4.13
access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip any any (implicit deny all) (access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) interface ethernet 0 ip access-group 101 out
– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0
172.16.4.13
0.0.0.255
any eq 23
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all)
172.16.4.13
0.0.0.255
any eq 23
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Extended Access List Example 2 172.16.3.0
Non172.16.0.0
172.16.4.0
S0 E0
E1
access-list 101 deny tcp 172.16.4.0 access-list 101 permit ip any any (implicit deny all)
172.16.4.13
0.0.0.255
any eq 23
interface ethernet 0 ip access-group 101 out
– Deny only Telnet from subnet 172.16.4.0 out of E0 – Permit all other traffic
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)#
ip access-list { standard | extended } name
• Alphanumeric name string must be unique
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)#
ip access-list { standard | extended } name
• Alphanumeric name string must be unique Router(config {std- | ext-}nacl)#
{ permit | deny } { ip access list test conditions } { permit | deny } { ip access list test conditions } no { permit | deny } { ip access list test conditions }
• Permit or deny statements have no prepended number • "no" removes the specific test from the named access list
Using Named IP Access Lists • Feature for Cisco IOS Release 11.2 or later Router(config)# ip access-list { standard | extended } name
• Alphanumeric name string must be unique Router(config {std- | ext-}nacl)# { permit | deny }
{ ip access list test conditions } { permit | deny } { ip access list test conditions } no { permit | deny } { ip access list test conditions }
• Permit or deny statements have no prepended number • "no" removes the specific test from the named access list Router(config-if)# ip access-group name { in | out }
• Activates the IP named access list on an interface
Access List Configuration Principles – Order of access list statements is crucial Recommended: use a text editor on a TFTP server or use PC to cut and paste
– Top-down processing Place more specific test statements first
– No reordering or removal of statements Use no access-list number command to remove entire access list Exception: Named access lists permit removal of individual statements
– Implicit deny all Unless access list ends with explicit permit any
Where to Place IP Access Lists S0
E0
B
E0
S0 S1 S1
A
To0
Token Ring
D
C
E0
E0
E1
Recommended: – Place extended access lists close to the source – Place standard access lists close to the destination
Verifying Access Lists wg_ro_a#show ip int e0 Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled
Monitoring Access List Statements wg_ro_a#show {protocol} access-list {access-list number}
wg_ro_a#show access-lists {access-list number} wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1 Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data
SILICON COMNET PVT `.LTD.
WAN PROTOCOLS
Typical WAN Encapsulation Protocols: Layer 2 Leased Line
HDLC, PPP, SLIP
X.25, Frame Relay, ATM Packet-switched
Service Provider
PPP, SLIP, HDLC
Circuit-switched
Telephone Company
HDLC Frame Format Cisco HDLC Flag
Address
Control
Proprietary
Data
FCS
Flag
• Cisco’s HDLC has a proprietary data field to support multiprotocol environments HDLC Flag
Address
Control
Data
FCS
• Supports only single protocol environments
Flag
HDLC Command Router(config-if)#encapsulation hdlc
• Enable hdlc encapsulation • HDLC is the default encapsulation on synchronous serial interfaces
An Overview of PPP Multiple protocol encapsulations using NCPs in PPP
TCP/IP Novell IPX AppleTalk
PPP Encapsulation
Link setup and control using LCP in PPP
• PPP can carry packets from several protocol suites using Network Control Programs • PPP controls the setup of several link options using LCP
Layering PPP Elements IP
IPX
IPCP
PPP
IPXCP
Layer 3 Protocols
Network Layer
Many Others
Network Control Protocol
Data Link Layer
Authentication, other options Link Control Protocol Synchronous or Asynchronous Physical Media
Physical Layer
• PPP—A data link with network-layer services
PPP LCP Configuration Options Feature Authentication
How It Operates
Protocol
Require a password
PAP Perform Challenge Handshake CHAP
Compression
Compress data at source; reproduce data at destination
Stacker or Predictor
Error Detection
Monitor data dropped on link
Magic Number
Multilink
Load balancing across multiple links
Avoid frame looping
Multilink Protocol (MP)
PPP Authentication Overview Dialup or Circuit-Switched Network
PPP Session Establishment 1 2 3
Link Establishment Phase Optional Authentication Phase Network-Layer Protocol Phase
•Two PPP authentication protocols: PAP and CHAP
Selecting a PPP Authentication Protocol Remote Router (SantaCruz)
PAP 2-Way Handshake
Central-Site Router (HQ)
“santacruz, boardwalk”
Accept/Reject Hostname: santacruz Password: boardwalk
username santacruz password boardwalk
• Passwords sent in clear text • Peer in control of attempts
Selecting a PPP Authentication Protocol (cont.) Remote Router (SantaCruz)
CHAP 3-Way Handshake
Central-Site Router (HQ)
Challenge Response
Hostname: santacruz Password: boardwalk
Accept/Reject
username santacruz password boardwalk
•Use “secret” known only to authenticator and peer
Configuring PPP and Authentication Overview Verify who you are. Service Provider
Authenticating Router
Router to Be Authenticated (The router that initiated the call.)
(The router that received the call.) Enabling PPP
Enabling PPP
Enabling PPP Authentication
Enabling PPP Authentication
ppp encapsulation hostname username / password ppp authentication
ppp encapsulation hostname username / password ppp authentication
Configuring PPP
Router(config-if)#encapsulation ppp Enable PPP encapsulation
Configuring PPP Authentication Router(config)#hostname name
• Assigns a host name to your router Router(config)#username name password password
• Identifies the username and password of authenticating router
Configuring PPP Authentication (cont.) Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap}
Enables PAP and/or CHAP authentication
Configuring CHAP Example Left router
• • • • • • •
PSTN/ISDN
hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
Right router
hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP
Verifying HDLC and PPP Encapsulation Configuration Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Verifying PPP Authentication with the debug ppp authentication Command Left router
•4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: •4d20h: changed
Service Provider
Right router
%LINK-3-UPDOWN: Interface Serial0, changed state to up Se0 PPP: Treating connection as a dedicated line Se0 PPP: Phase is AUTHENTICATING, by both Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" Se0 CHAP: O RESPONSE id 3 len 28 from ”left" Se0 CHAP: I RESPONSE id 2 len 28 from ”right" Se0 CHAP: O SUCCESS id 2 len 4 Se0 CHAP: I SUCCESS id 3 len 4 dialer Protocol up for Se0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, state to up
debug ppp authentication successful CHAP output
Frame Relay Overview DCE or Frame Relay Switch CSU/DSU
Frame Relay works here.
– Virtual circuits make connections – Connection-oriented service
Frame Relay Stack OSI Reference Model
Frame Relay
Application Presentation Session Transport
Network
IP/IPX/AppleTalk, etc.
Data Link
Frame Relay
Physical
EIA/TIA-232, EIA/TIA-449, V.35, X.21, EIA/TIA-530
Frame Relay Terminology PVC DLCI: 100 DLCI: 200
LMI 100=Active 400=Active
DLCI: 400 Local Access Loop=64 kbps
Local Access Loop=T1 PVC
DLCI: 500
Local Access Loop=64 kbps
Frame Relay Address Mapping DLCI: 500
PVC
CSU/DSU
Inverse ARP or Frame Relay map Frame Relay DLCI (500)
IP (10.1.1.1)
– Get locally significant DLCIs from provider – Map your network addresses to DLCIs
10.1.1.1
Frame Relay Signaling DLCI: 500
PVC
10.1.1.1
CSU/DSU LMI 500=Active 400=Inactive
DLCI: 400
x
PVC
Keepalive
• Cisco supports three LMI standards: – Cisco – ANSI T1.617 Annex D – ITU-T Q.933 Annex A
Frame Relay Inverse ARP and LMI Operation 1 DLCI=100 172.168.5.5
Frame Relay Cloud
DLCI=400 172.168.5.7
Frame Relay Inverse ARP and LMI Operation 1 DLCI=100 172.168.5.5
2
Status Inquiry
Frame Relay Cloud
DLCI=400 172.168.5.7 Status Inquiry
2
Frame Relay Inverse ARP and LMI Operation 1
Frame Relay Cloud
DLCI=100
DLCI=400
172.168.5.5
2
172.168.5.7
Status Inquiry
Local DLCI 100=Active
Status Inquiry
3
34
2
Local DLCI 400=Active
Frame Relay Inverse ARP and LMI Operation 1
Frame Relay Cloud
DLCI=100
DLCI=400
172.168.5.5
172.168.5.7
Status Inquiry
2
Local DLCI 100=Active
4
Status Inquiry
3
34
Hello, I am 172.168.5.5 on DLCI 100. who r u ?
2
Local DLCI 400=Active
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7 on DLCI 400.
5
Frame Relay Map 172.168.5.7 DLCI 100 Active
5 4
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7.
5
6
Frame Relay Map 172.168.5.7 DLCI 100 Active Hello, I am 172.168.5.5 on DLCI 100.
5 4
Frame Relay Inverse ARP and LMI Operation (cont.) DLCI=100
Frame Relay Cloud
DLCI=400 172.168.5.7
172.168.5.5
Frame Relay Map 172.168.5.5 DLCI 400 Active Hello, I am 172.168.5.7.
5
6 7
5 4
Frame Relay Map 172.168.5.7 DLCI 100 Active Hello, I am 172.168.5.5. Keepalives
Keepalives
7
Configuring Basic Frame Relay Rel. 11.2 Router HQ
interface Serial1 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay bandwidth 64
Rel. 10.3 Router Branch
interface Serial1 ip address 10.16.0.2 255.255.255.0 encapsulation frame-relay bandwidth 64 frame-relay lmi-type ansi
Configuring Basic Frame Relay (cont.) Rel. 11.2 Router HQ
Rel. 10.3 Router Branch
interface Serial1 interface Serial1 ip address 10.16.0.2 255.255.255.0 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay encapsulation frame-relay bandwidth 64 bandwidth 64 frame-relay lmi-type ansi
Inverse ARP • Enabled by default • Does not appear in configuration output
Configuring a Static Frame Relay Map DLCI=110 IP address=10.16.0.1/24
p1r1 HQ
Branch DLCI=100 IP address=10.16.0.2/24
interface Serial1 ip address 10.16.0.1 255.255.255.0 encapsulation frame-relay bandwidth 64 frame-relay map ip 10.16.0.2 110 broadcast
Verifying Frame Relay Operation Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5 Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Related Documents
Ccna
May 2020 9
Ccna
November 2019 19
Ccna
June 2020 11
Ccna
October 2019 21
Ccna
May 2020 7
Ccna
November 2019 18More Documents from ""
Mbist_gd_2007.pdf
June 2020 6
Ijsetr-vol-3-issue-5-1340-1345
August 2019 25
Ccna Slides.ppt
June 2020 5
Adolescent Health.pptx
April 2020 9
Anemia
May 2020 23