Ccna Study Notes

Network+ Study Guide (N10-002 Types of Networks Peer to Peer - A peer to peer network is one in which lacks a dedicated server and every computer acts as both a client and a server. This is a good networking solution when there are 10 or less users that are in close proximity to each other. A peer to peer network can be a security nightmare, because the people setting permissions for shared resources will be users rather than administrators and the right people may not have access to the right resources. More importantly the wrong people may have access to the wrong resources, thus, this is only recommended in situations where security is not an issue. Client/Server - This type of network is designed to support a large number of users and uses dedicated server/s to accomplish this. Clients log in to the server/s in order to run applications or obtain files. Security and permissions can be managed by 1 or more administrators which cuts down on network users medling with things that they shouldn't be. This type of network also allows for convenient backup services, reduces network traffic and provides a host of other services that comes with the network operating system(NOS). Centralized - This is also a client/server based model that is most often seen in UNIX environments, but the clients are "dumb terminals". This means that the client may not have a floppy drive, hard disk or CDROM and all applications and processing occur on the server/s. As you can imagine, this requires fast and expensive server/s. Security is very high on this type of network. Network Topologies Bus - This topology is an old one and essentially has each of the computers on the network daisy-chained to each other. This type of network is usually peer-to-peer and uses Thinnet (10base2) cabling. It is configured by connecting a "T-connector" to the network adapter and then connecting cables to the T-connectors on the computers on the right and left. At both ends of the chain, the network must be terminated with a 50 ohm impedance terminator. If a failure occurs with a host, it will prevent the other computers from communicating with each other. Missing terminators or terminators with an incorrect impedance will also cause problems.

As you can see if computer #1 sends a packet to computer #4, it must pass through computers #2 and #3, creating excess traffic. ADVANTAGES: Cheap, simple to set up. DISADVANTAGES: Excess network traffic, a failure may affect many users, problems are difficult to troubleshoot. Star - The star topology uses twisted pair (10baseT or 100baseT) cabling and requires that all devices are connected to a hub.

ADVANTAGES: centralized monitoring, failures do not affect others unless it is the hub, easy to modify. DISADVANTAGES: If the hub fails then everything connected to it is down. This is like if you were to burn down the phone company's central office, then anyone connected to it wouldn't be able to make any phone calls. Ring - The ring topology looks the same as the star, except that it uses special hubs and ethernet adapters. The ring topology is used with Token Ring networks. ADVANTAGES: Equal access. DISADVANTAGES: Difficult to troubleshoot, network changes affect many users, failures affect many users. Hybrid - Hybrid topologies are combinations of the above and are common on very large networks. For example, a star bus network has hubs connected in a row (like a bus network) and has computers connected to each hub as in the star topology.

Mesh - In a true mesh topology every node has a connection to every other node in the network. A full mesh network can be very expensive, but provides redundancy in case of a failure between links. Wireless - As the name implies, wireless networks allow computers to comunicate without the use of cables. IEEE 802.11b defines two pieces of equipment, a wireless station, which is usually a PC or a Laptop with a wireless network interface card (NIC), and an Access Point (AP),which acts as a bridge between the wireless stations and Distribution System (DS) or wired networks. An 802.11b wireless network adapter can operate in two modes, Ad-Hoc and Infrastructure. In infrastructure mode, all your traffic passes through a wireless ?access point?. In Ad-hoc mode your computers talk directly to each other and do not need an access point at all. 802.11b delivers data throughput of 11 Mbps. ADVANTAGES: World-wide acceptance. Ranges over 150 feet. Freedom to move about and no cables (obvious). DISADVANTAGES: Susceptible to interference from objects such as microwave ovens and cordless phones.

CABLING The table below lists some of the various cable types. Cable Type Also Known As Connector RG-8 or RG-11, 10Base5 AUI/DIX Thicknet coax 10Base2 RG-58, thinnet coax BNC connector 10BaseT Cat 3, 4, 5 twisted pair RJ-45 100Base-TX Cat 5 twisted pair RJ-45

Maximum Length

Speed

500 meters(1640 ft)

10 mbps

185 meters(607 ft) 100 meters(328 ft) 100 meters(328 ft)

10 mbps 10 mbps 100 mbps

100Base-FX

ST, SC

2 Kilometers(6562 feet)

200 mbps

1000Base-T - Gigabit CAT5/CAT5e Ethernet

RJ-45

100 meters(328 ft)

1 gbps

802.11b

No cabling. Uses Access Point (AP) for connection

150+ feet

11 mbps

Fiber Optic

Wireless / WiFi

This next table lists the transmission speeds of Transmission Medium Thicknet Thinnet cat 2 twisted pair cat 3 twisted pair cat 4 twisted pair cat 5 twisted pair Fiber Optic 802.11b

the various cable types. Transmission Speed 10mbps 10 mbps 4 mbps 10 mbps 16 mbps 1000 mbps 100 mbps - 1 gbps 11 mbps

Miscellaneous Cable Info Shielded twisted pair (STP) differs from UTP in that it has a foil jacket that helps prevent crosstalk. Crosstalk is signal overflow from an adjacent wire. The 5-4-3 rule: this rule states that a 10base2 network can have 5 cable segments connected with 4 repeaters, but only 3 of these segments can be occupied by computers. There is also a maximum of 30 computers per segment. Thicknet cables are 0.5 inches thick and have a 50 ohm impedance. Thinnet cables are 0.25 inches thick and have a 50 ohm impedance. Plenum grade cabling is required if the cabling will be run between the ceiling and the next floor (this is called the plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses when burned. Thicknet is often used as a backbone. A transceiver with a vampire tap penetrates the core of the cable. From the transceiver a DB-15 connector plugs into the AUI port on a given device. Fiber Optic cabling has an built in security as you can't intercept data as you can with other cable mediums.

Network Hardware Below are some of the common hardware devices found on a network. NOTE: The higher the network device is in the OSI layer the more intelligent the device is. •

Network Interface Card: - A Network Interface Card, often abbreviated as NIC, is an expansion board you insert into a computer so the computer can be connected to a network. Most NICs are designed for a particular type of network, protocol and media, although some can serve multiple networks.

•

Hub: - A hub is used to connect computers on an ethernet network.

•

Repeater: - Boosts signals in order to allow a signal to travel farther and prevent attenuation. Attentuation is the degradation of a signal as it travels farther from its origination. Repeaters do not filter packets and will forward broadcasts. Both segments must use the same access method, which means that you can't connect a token ring segment to an Ethernet segment. Repeaters can connect different cable types.

•

Bridge - Functions the same as a repeater, but can also divide a network in order to reduce traffic problems. A bridge can also connect unlike network segments (ie. token ring and ethernet). Bridges create routing tables based on the source address. If the bridge can't find the source address it will forward the packets to all segments. Bridging methods: o

Transparent - Only one bridge is used.

o

Source-Route - Bridging address tables are stored on each PC on the network

o

Spanning Tree - Prevents looping where there exists more than one path between segments

•

Switch - A switch prevents traffic jams by ensuring that data goes straight from its origin to its proper destination, with no wandering in between. Switches remember the address of every node on the network, and anticipate where data needs to go. It only operates with the computers on the same LAN. It isn't smart enough to send data out to the internet, or across a WAN. These functions require a router.

•

Router - A router is similar to a switch, but it can also connect different logical networks or subnets and enable traffic that is destined for the networks on the other side of the router to pass through. Routers can connect networks that use disimilar protocols. Routers also typically provide improved security functions over a switch. Unroutable protocols can't be fowarded.

•

Gateway - Often used as a connection to a mainframe or the internet. Gateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol stack off of the packet and adds the appropriate stack for the other side.

•

Modem - The modem is a device that converts digital information to analog by MODulating it on the sending end and DEModulating the analog information into digital information at the receiving end. Most modern modems are internal, however, they can be internal or external. External modems are connected to the back of the system board via a RS-232 serial connection. Internal modems are installed in one of

the motherboard's PCI or ISA expansion slots depending on the modem. The modem contains an RJ-11 connection that is used to plug in the telephone line. Modems have different transmission modes as follows: o

Simplex - Signals can be passed in one direction only.

o

Half Duplex - Half duplex means that signals can be passed in either direction, but not in both simultaneously. Half-duplex modems can work in full-duplex mode.

o

Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.

Modems can also be classified by their speed which is measured by the BAUD rate. One baud is one electronic state change per second. Since a single state change can involve more than a single bit of data, the Bits Per Second(BPS) unit of measurement has replaced it as a better expression of data transmission speed. Common modem speeds are V.34 at 28.8 kbps, V.34+ at 33.6 kbps and V.90 at 56 Kbps. •

ISDN Adapter - ISDN service is an older, but still viable technology offered by phone companies in some parts of the U.S. ISDN requires an ISDN adapter instead of a modem, and a phone line with a special connection that allows it to send and receive digital signals.

•

CSU/DSU - A CSU/DSU (Channel Service Unit / Data Service Unit) is a piece of equipment that connects a leased line from the telephone company to the customer's equipment (such as a router). Although CSU/DSU's look similar to modems, they are not modems, and they don't modulate or demodulate between analog and digital. All they really do is interface between a 56K, T1, or T3 line and serial interface (typically a V.35 connector) that connects to the router. Many newer routers have 56K or T1 CSU/DSUs build into them.

•

Wireless Access Point - A Wireless Access Point is a radio frequency transceiver which allows your wireless devices to connect with your home network and to the internet. A wireless access point will support up to 32 wireless devices. The data rate through this wireless network is 11 MegaBits per second.

•

Proxy - A proxy server acts as a middle-man between clients and the Internet providing security, administrative control, and caching services. When a user makes a request for an internet service and it passes filtering requirements, the proxy server looks in its local cache of previously downloaded web pages. If the item is found in cache, the proxy server forwards it to the client. This reduces bandwidth through the gateway. If the page is not in the cache, the proxy server uses Network Address Translation (NAT) to use one of its own IP addresses to request the page from the appropriate server.

•

Firewall - Either a hardware or software entity that protects a network by stopping network traffic from passing through it. In most cases, a firewall is placed on the network to allow all internal traffic to leave the network (emails to the outside world, web access, etc.), but stop unwanted traffic from the outside world from entering the internal network.

OSI 7 Layer Model The OSI networking model is divided into 7 layers. Each layer has a different responsibility, and all the layers work together to provide network data communication.

•

Physical - The Physical layer is the specification for the hardware connection, the electronics, logic circuitry, and wiring that transmit the actual signal. It is only concerned with moving bits of data on and off the network medium. Most network problems occur at the Physical layer.

•

Data Link - The Data Link layer is the interface between the upper "software" layers and the lower "hardware" Physical layer. One of its main tasks is to create and interpret different frame types based on the network type in use. The Data Link layer is divided into two sub-layers: the Media Access Control (MAC) sub-layer and the Logical Link Control (LLC) sub-layer. o

LLC sub-layer starts maintains connections between devices (e.g. server workstation).

o

MAC sub-layer enables multiple devices to share the same medium. MAC sublayer maintains physical device (MAC) addresses for communicating locally (the MAC address of the nearest router is used to send information onto a WAN).

•

Network - The Network layer addresses messages and translates logical addresses and names into physical addresses. It also manages data traffic and congestion involved in packet switching and routing. It enables the option of specifying a service address (sockets, ports) to point the data to the correct program on the destination computer.

•

Transport - The Transport layer provides flow control, error handling, and is involved in correction of transmission/reception problems. It also breaks up large data files into smaller packets, combines small packets into larger ones for transmission, and reassembles incoming packets into the original sequence.

•

Session - The Session layer handles security and name recognition to enable two applications on different computers to communicate over the network. Manages dialogs between computers by using simplex(rare), half-duplex or full-duplex. The phases involved in a session dialog are as follows: establishment, data-transfer and termination.

•

Presentation- The Presentation layer determines data exchange formats and translates specific files from the Application layer format into a commonly recognized data format. It provides protocol conversion, data translation, encryption, characterset conversion, and graphics-command expansion.

•

Application - The Application layer represents user applications, such as software for file transfers, database access, and e-mail. It handles general network access, flow control, and error recovery. Provides a consistent neutral interface for software to access the network and advertises the computers resources to the network.

Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence:

All People Seem To Need Data Processing. The first letter of each word corresponds to the first letter of the layers starting with Application and ending with the physical layer.

Here are some examples of items that operate at each layer:

Layer Application Presentation Session Transport Network Data Link Physical

Device Gateway Gateway Gateway Gateway Routers, Layer 3 Switches Network Interface Card, Bridges, Layer 2 Switches Hub, Repeater, cabling

Frame Types A frame type is the format of the packet that your Operating System will use to communicate over your network. Below is a table of the different types: 802.1 Internetworking Logical link control - LLC adds header information that identifies the upper layer 802.2 protocols sending the frame. Ethernet - Media Access Control (MAC) sub-layer uses Carrier Sense Multiple Access 802.3 with Collision Detection(CSMA/CD) 802.4 Token bus LAN 802.5 Token Ring BUS 802.6 Metropolitan Area network (MAN) 802.7 Broadband 802.8 Fiber optic 802.9 Integrated voice/Data 802.10 Network Security 802.11 Wireless Networks 802.12 Demand Priority. Like 100VG-Any LAN Protocols Protocols are the special set of rules that end points use in a telecommunication connection when they communicate. These rules allow computers with dissimilar operating sytems, network topologies, hardware, etc. to communicate. Next is a description of some of the more common protocols: •

TCP/IP - TCP/IP is the protocol suite of the internet and will be covered in the next section.

•

IPX/SPX - These protocols were developed by Novell and are/were used with Novell Netware. IPX is the fastest routable protocol and is not connection oriented. IPX addresses are up to 8 characters in hexadecimal format. SPX is connection oriented.

•

NetBeui - Stands for "NetBIOS Extended User Interface". It is the standard protocol used by Microsoft's operating systems. It is NetBEUI that allows the "shares' between machines. In reference to the NetBIOS distinction, NetBIOS is the applications programming interface and NetBEUI is the transport protocol. NetBEUI is a non-routable protocol meaning it will not allow communication through a router.

•

Appletalk - AppleTalk is the name given to the set of protocol and networking standards created by Apple Computer for use with the Macintosh family of computers. AppleTalk is routable and automatically handles such things as assigning of workstation and network addresses, message routing between networks, etc.

TCP/IP TCP/IP Protocol Suite The TCP/IP protocol suite is made of many other protocols that perform different functions. Below is a list of some of them: •

TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data.

•

IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP.

•

UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery.

•

ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities.

•

SMTP - Used to reliably send and receive mail over the Internet.

•

FTP - File transfer protocol is used for transferring files between remote systems. Must resolve host name to IP address to establish communication. It is connection oriented (i.e. verifies that packets reach destination).

•

TFTP - Same as FTP but not connection oriented.

•

ARP - provides IP-address to MAC address resolution for IP packets. A MAC address is your computer's unique hardware number and appears in the form 00-A0-F1-2764-E1 (for example). Each computer stores an ARP cache of other computers ARP-IP combinations.

•

POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation is ready to receive it.

•

IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP4) is a client/server protocol in which e-mail is received and held for you by your Internet server.

•

TELNET - Provides a virtual terminal or remote login across the network that is connection-based. The remote server must be running a Telnet service for clients to connect.

•

HTTP - The Hypertext Transfer Protocol is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. It is the protocol controlling the transfer and addressing of HTTP requests and responses.

•

HTTPS - Signifies that a web page is using the Secure Sockets Layer (SSL) protocol and is providing a secure connection. This is used for secure internet business transactions.

•

NTP - Network Time Protocol is a protocol that is used to synchronize computer clock times in a network of computers.

•

SNMP - Stands for Simple Network Management Protocol and is used for monitoring and status information on a network. SNMP can be used to monitor any device that is SNMP capable and this can include computers, printers, routers, mainframes, gateways and many more.

TCP/IP Ports Ports are what an application uses when communicating between a client and server computer. Some common ports are: •

21 FTP

•

23 TELNET

•

25 SMTP

•

69 TFTP

•

80 HTTP

•

110 POP3

TCP/IP Addressing Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data. IP addresses are divided into 3 classes as shown below: Class Range A 1-126 B 128-191 C 192-223 NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The following address ranges are reserved for private networks: 10.0.0.0 - 10.254.254.254 172.16.0.0 - 172.31.254.254 192.168.0.0 - 192.168.254.254 IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. Class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid. The Network ID and the Host ID are determined by a subnet mask. The default subnet masks are as follows: CLASS DEFAULT SUBNET # OF SUBNETS # OF HOSTS PER SUBNET Class A 255.0.0.0 126 16,777,214 Class B 255.255.0.0 16,384 65,534

Class C 255.255.255.0

2,097,152

254

What if you wanted more than 1 subnet? Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you don't subnet, you will only be able to use one network from your Class A, B, or C network. When subnetting is employed, the multiple networks are connected with a router which enables data to find its way between networks. On the client side, a default gateway is assigned in the TCP/IP properties. The default gateway tells the client the IP address of the router that will allow their computer to communicate with clients on other networks. IPv6 The previous information on TCP/IP has referred to IPv4, however, this addressing scheme has run out of available IP addresses due to the large influx of internet users and expanding networks. As a result, the powers that be had to create a new addressing scheme to deal with this situation and developed IPv6. This new addressing scheme utilizes a 128 bit address (instead of 32) and utilizes a hex numbering method in order to avoid long addresses such as 132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address format will appear in the form of 3FFE:B00:800:2::C for example. DHCP DHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified on the server. Some of the benefits of DHCP include the following: •

Prevents users from making up their own IP addresses.

•

Prevents incorrect gateway or subnet masks from being entered by your helpdesk.

•

Decreases amount of time spent configuring computers especially in environments where computers get moved around all the time.

•

Handy in situations where you have a large sales staff that only have to work 1 day a week. On that one day they bring their laptops and they can just plug them into the network and they are all set.

DHCP clients will attempt to renew their leases when %50 of the lease has expired. The client will send a message to the server that assigned the lease. Assuming the DHCP server isn't on fire or anything it will return a message with the new lease. If the server is unavailable, then the client can continue functioning as it has %50 remaining still. The client will continue as normal until the lease reaches %87.5 used at which time it broadcast to all DHCP servers and attempt to get a new lease. If the client receives a rejection message or the lease expires then the client must start all over again and will get a different IP address. If the lease expires and the client is unable to get a new one then the user will not be able to communicate over the network. NETBIOS There are several different methods of resovling names to IP addresses. Before getting into the different methods, it is important to understand the role of NetBIOS. When talking about Netbios, we typically refer to the concept of Netbios name which is the name assigned to your computer. Netbios allows applications to talk to each other using protocols such as

TCP/IP that support Netbios. Netbios is typically seen in other forms such as Netbeui and NetBT. These are the main functions that Netbios serves: •

Starting and stopping sessions.

•

Name registration

•

Session layer data transfer(reliable)

•

Datagram data transfer(unreliable)

•

Protocol driver and network adapter management functions.

NETBIOS Naming: A Netbios name is either a unique name or a group name, the difference being that a unique name is used for communication with a specific process on a computer, whereas a group name is for communication with multiple clients. Netbios name resolution resolves a computer's Netbios name to an IP address. Microsoft offers several different ways to resolve Netbios names and each will be disscussed below. •

Local Broadcast - If the destination host is local, then first the Netbios name cache is checked and a broadcast is not sent. If it is not found here, then a name query broadcast is sent out that includes the destination Netbios name. Each computer that receives the broadcast checks to see if it belongs to the name requested. The computer that owns the name then uses ARP to determine the MAC address of the source host. Once obtained a name query response is sent. NOTE: Some routers do not support the fowarding of these broadcasts as they use UDP ports 137 and 138.

•

NETBIOS Name Server - When using a Netbios name server, the cache is checked first and if the name is not found the destination host's name is sent to the name server. After the name server resolves the name to an IP address, it is returned to the source host. When the source host receives the information it uses ARP to resolve the IP address of the destination host to it's MAC address. Microsoft uses WINS as a NETBIOS name server.

•

LMHOSTS File - An lmhosts file is a text file that is used to manually configure Netbios names. In order to work, each entry in the lmhosts file must be unique, have a valid IP address for the Netbios name and be spelled correctly. On large networks configuring LMHOSTS files on all clients is not feasible, so these are not used much anymore.

•

Hosts File - The hosts file is a little different than the lmhosts file in that it will resolve both local and remote names. If the host name can't be resolved and no other alternative name resolution processes are in place, the user will receive an error. Once the host name is parsed from the host file, ARP takes over and attempts to resolve the IP address to a MAC address. Like the lmhosts method, this is static name resolution.

•

DNS - More on this later...

WINS Microsoft's definition of WINS is "An enhanced NetBIOS Name Server(NBNS) designed by Microsoft to eliminate broadcast traffic associated with the B-node implementation of NetBIOS over TCP/IP. It is used to register NetBIOS names and resolve them to IP addesses for both local and remote hosts." If a WINS server is configured, then name resolution requests are sent directly to it and in turn the WINS server will send the IP address to the

requesting client. If the WINS server can't resolve the name for some reason, then it will use a broadcast to try to resolve the name. A secondary WINS server can be configured to prevent such situations. WINS is dynamically updated which gets rid of the need for lmhosts files. If a client is configured to use WINS then it will register it's name and IP address with the WINS server. When the computer is turned off, it releases its lease on that name which may be used by a different computer. With Windows 2000, Microsoft has introduced Dynamic DNS (DDNS) which may be the beginning of the end for WINS and NETBIOS. DNS TCP/IP networks used to use hosts files to resolve IP addresses to host names or domain names. Networks began growing to the point where the administration and the traffic needed to maintain this file became unbearable and DNS was born. A DNS client(aka resolver) sends requests to the DNS nameserver which responds with the requested info, another server to query or a failure message. This process is very similar to calling information. You call them with a name, they check their database and give you the phone number. There are a variety of roles a nameserver can satisfy within the zone that they are responsible for: •

Primary Nameserver - Gathers DNS information from local files and is a focal point for adding hosts and domains.

•

Secondary Nameserver - Gathers the data for its' zone(s) from another DNS server. Secondary nameservers provide redundancy, traffic on primary server and quicker access for locations that are remote in regards to the primary server.

•

Caching Only Nameserver - These do not have a zone that they are responsible for. Their databases only contain info that is received from resolutions that it has made since the server was last started.

Nameservers are distributed into tiers called domains. Domains: Microsoft discusses domains in terms of a hierarchical "domain name space" which they refer to as being like a tree structure. There are several different domain levels as listed below: •

Root level domains - The top of the tree.

•

Top level domains - These are divided into different categories. Com, net, mil, edu, org and gov are the most common.

•

Second level domains - These domains make up the rest of networks as all subdomains are categorized under this heading. So if you visit Intel's site, you are visiting the sub-domain intel.com. Within intel.com many other sub-domains may also exist.

•

Hosts - Hosts are the final level in the hierarchy as they are the individual computers that occupy or comprise a domain.

DNS Records: Below are some of the common DNS records and their purpose: •

A - The A-record is used for hosts on a network. It is used to translate human friendly domain names such as "www.mcmcse.com" into an IP-addresses such as 206.67.72.48.

•

CNAME - CNAME (canonical name) records are used to create aliases. Often computers on the Internet have multiple functions such as web server, FTP server, mail server etc. To mask this, CNAME-records can be used to give a single computer multiple names (aliases). For example computer "xyz.com" may be both a webserver and an ftp-server, so two CNAME-records are defined: "www.xyz.com" = "xyz.com" and "ftp.xyz.com" = "xyz.com".

•

MX - MX (mail exchanger) records identify mail server(s) responsible for a domain name. When sending an e-mail to "[email protected]", your mail server must first look up the MX record for "xyz.com" to see which mail server actually handles mail for "xyz.com".

•

NS - NS (name server) records identify DNS servers responsible (authoritative) for a zone.

•

PTR - PTR (pointer) records map IP addresses to domain names which is the reverse of A-records.

NAT/ICS NAT stands for Network Address Translation and is a commonly used IP translation and mapping technology. Using a device (such as a router) or piece of software that implements NAT allows an entire home or office network to share a single internet connection over a single IP address. A single cable modem, DSL modem, or even 56k modem could connect all the computers to the internet simultaneously. Additionally, NAT keeps your home network fairly secure from hackers. NAT is built in to the most common Internet Connection Sharing technologies around. Microsoft's implementation of NAT is called Internet Connection Sharing (ICS) and is supported by Windows 98SE and Windows 2000. ICS is a NAT based routing application, designed to share an Internet connection among multiple computers connected via a LAN. ICS can handle both dial-up and broadband based Internet connections. ICS can handle networks with clients running any operating system, as long as the OS supports the TCP/IP protocol. The clients can have their TCP/IP information assigned manually or they can run as DHCP clients, obtaining their TCP/IP settings from ICS' built-in DHCP server. Troubleshooting TCP/IP TCP/IP offers several tools that are helpful in the troubleshooting process and provide information to help locate and correct problems. Some of these are listed below: •

ARP - Provides a mapping from the logical 32-bit TCP/IP address to the physical 48bit MAC address (i.e. translates a IP address into MAC address).

•

TELNET - Provides a virtual terminal or remote login across the network that is connection-based and handles its own session negotiation. The remote server must be running a Telnet service for clients to connect. Defaults settings are Port 23 VT100 terminal emulation.

•

NBTSTAT - Is used to troubleshoot connectivity problems between 2 computers communicating via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS name cache and gives MAC address.

•

TRACERT - By sending out ICMP packets, it determines the path taken by a data packet to reach it?s destination and can help determine at what point a network connection is now longer active. Can help troubleshoot network response time issues.

•

NETSTAT - Displays in-depth detail about TCP/IP protocol status and statistics.

•

WINIPCFG - Displays current TCP/IP configurations on Windows workstations(see also IPCONFIG on Windows NT).

•

IPCONFIG - Below are the ipconfig switches that can be used at a command prompt. - ipconfig /all will display all of your IP settings. - ipconfig /renew forces the DHCP server, if available to renew a lease. - ipconfig /release forces the release of a lease.

•

PING - Uses ICMP to verify a connection to a remote host by sending echo requests and "listening" for reply packets.

•

NSLOOKUP - This tool queries a DNS database for information about DNS objects and can be used to troubleshoot name resolution problems.

General troubleshooting strategy includes the following steps: 1. Establish the symptoms 2. Identify the affected areas 3. Establish what has changed 4. Select the most probable cause 5. Implement a solution 6. Test the result 7. Recognize the potential effects of the solution 8. Document the solution Basic TCP/IP troubleshooting steps include: 1. Ping 127.0.0.1 - This is the loopback address and verifies that the computer that you are pinging from can communicate via TCP/IP with its own ethernet adapter. 2. Ping own IP address - Verifies that a valid IP address was entered for this computer. 3. Ping default gateway - Typically this would be the near side of a router. If you can ping this address, then you should be able to ping other hosts on your same subnet. 4. Ping far side of router - This will verify that the routing table is correct. 5. Ping remote host - If this works then it would appear that there are valid communications. 6. If you are unable to connect to a host via host or domain name, see if you can connect to it using its IP address. If so, then you are likely having name resolution problems and should check your DNS configuration. For the exam troubleshooting section, you will need to know how to solve various problems based on information such as PING/TRACERT/IPCONFIG output, topology type, operating system, network configuration, visual indicators (link lights, collision lights), etc. There will most likely be diagrams that you will have to glean information from.

WAN Technologies This section outlines some common WAN technologies you will need to know: •

Packet and Circuit Switching - Packet switching refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message. Most modern Wide Area Network (WAN) protocols, including TCP/IP and Frame Relay are based on packet-switching technologies. In contrast, normal telephone service is based on a circuit-switching technology, in which a dedicated line is allocated for transmission between two parties. Circuit-switching is ideal when data must be transmitted quickly and must arrive in the same order in which it is sent. This is the case with most real-time data, such as live audio and video. Packet switching is more efficient and robust for data that can withstand some delays in transmission, such as e-mail messages and Web pages.

•

ISDN - Integrated Services Digital Network (ISDN) is comprised of digital telephony and data-transport services offered by regional telephone carriers. ISDN involves the digitalization of the telephone network, which permits voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone wires. There are 2 types of ISDN channels: o

B (bearer) - Transfers data at 64Kbps. An ISDN usually contains 2 B channels for a total of 128kbps.

o

D (data) - Handles signalling at either 16Kbps or 64Kbps(sometimes limited to 56Kbps) which enables the B channel to strictly pass data

•

FDDI - Fiber Distributed Data Interface (FDDI) is an appealing choice for high-speed data networking. Essentially, it is a very high-speed token ring network connected by optical fibers. With a data transfer rate of 100Mbps, the ring can support up to 500 nodes with as much as 2 km of spacing between adjacent nodes.

•

ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packetswitching technique that uses short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting a wide range of traffic types such as voice, video, image and data.

•

Frame Relay - Frame relay is a secure, private network that utilizes a logical path or ?virtual circuit? to allocate bandwidth for high performance transmissions. Frame relay is the premier high-speed packet-switching protocol communicating data, imaging, and voice between multiple locations. Frame relay is available in a range of bandwidths from 56 Kbps to full T1 (1.54 Mbps).

•

T-1/T-3 - A T-1 is a dedicated phone connection supporting data rates of 1.544Mbps. A T-1 line actually consists of 24 individual channels, each of which supports 64Kbits per second. Each 64Kbit/second channel can be configured to carry voice or data traffic. Most telephone companies allow you to buy just some of these individual channels, known as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to the Internet and for Internet Service Providers (ISPs) connecting to the Internet backbone. The Internet backbone itself consists of faster T-3 connections. T-1 comes in either copper or fiber optics.

•

SONET - SONET and SDH are a set of related standards for synchronous data transmission over fiber optic networks. SONET is short for Synchronous Optical NETwork and SDH is an acronym for Synchronous Digital Hierarchy. SONET is the United States version of the standard and SDH is the international version. SONET defines a base rate of 51.84 Mbps and a set of multiples of the base rate known as "Optical Carrier levels." (OCx). Speeds approaching 40 gigabits per second are possible.

The following table displays information about the various WAN connection types. Connection Speed Medium Description Dial-up connection Rapidly being replaced by faster Up to 56 Kbps Twisted pair (POTS) technologies. Twisted-pair, coaxial Large company to ISP T-1 1.544 Mbps cable, or optical fiber ISP to Internet infrastructure Twisted-pair, coaxial Large company to ISP T-2 6.312 Mbps cable, or optical fiber ISP to Internet infrastructure Digital Subscriber Line 256 Kbps to 8 Home, small business, and enterprise access Twisted-pair (DSL) Mbps using existing phone lines 512 Kbps to Cable modem Coaxial cable Home, business, school access 52 Mbps ISP to Internet infrastructure T-3 44.736 Mbps Coaxial cable Smaller links within Internet infrastructure ISP to Internet infrastructure OC-1 51.84 Mbps Optical fiber Smaller links within Internet infrastructure Large company backbone OC-3 155.52 Mbps Optical fiber Internet backbone Asynchronous Transfer 622.08 Mbps Optical fiber Internet backbone Mode (ATM) Remote Access Protocols and Services This section describes some of the various protocols and services used for remote and secure connections. •

RAS - RAS stands for "Remote Access Service", Microsoft's term for modem pools. This service provides dial-in access to networks and to the Internet.

•

PPP - Point-to-point Protocol (PPP) is a method for connecting a personal computer to the Internet using a standard phone line and a modem. The difference between PPP and other, older dial-up procedures is that a PPP setup will establish a direct Internet connection that allows the PC to use TCP/IP (Internet-based) applications.

•

PPTP - The Point to Point Tunneling Protocol (PPTP) provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS). PPTP does not support the Appletalk protocol.

•

IPsec - IPSec is a suite of Internet-standard protocols that allow secure, encrypted communications between two computers over an insecure network. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer.

•

L2TP - L2TP creates a tunnel through a public network that is authenticated on both ends, uses header compression, and relies on IPSec for encryption of data passed through the tunnel. L2TP works like PPTP in that it creates a "tunnel", but uses IPSec encryption in order to support non-IP protocols and authentication.

•

SSL - SSL (Secure Sockets Layer) uses a technique called public-key cryptography to provide encrypted connections. This enables you to move information across the Internet with confidence that it will not be intercepted or modified in transit. This is heavily used in e-commerce and can be identified by a URL that begins with HTTPS.

•

Kerberos - This form of security has been evolving in the Unix world for a long time and is now becoming a standard. Kerberos provides mutual authentication between a client and a server or between servers before a network connection is opened between them. Rather than sharing a password, computers share a cryptographic key, and they use knowledge of this key to verify each other's identities. Kerberos security only works with computers running Kerberos security software.

Network Management This section discusses network management, storage and recovery concepts: •

VLAN - A virtual LAN is a local area network with a definition that maps workstations on some other basis than geographic location (for example, by department, type of user, or primary application). The virtual LAN controller can change or add workstations and manage loadbalancing and bandwidth allocation more easily than with a physical picture of the LAN. Network management software keeps track of relating the virtual picture of the local area network with the actual physical picture.

•

Fault Tolerance - Fault-tolerance describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. Fault tolerance can be provided with software, or embedded in hardware, or provided by some combination. This is an important component of disaster recovery which is being included more and more in operating system software. For example, Windows 2000 includes RAID and tape backup functions although additional hardware is required.

•

Network Attached Storage - Network Attached Storage, or NAS, is a data storage mechanism that uses special devices connected directly to the network media. These devices are assigned an IP address and can then be accessed by clients via a server that acts as a gateway to the data, or in some cases allows the device to be accessed directly by the clients without an intermediary. Some of the big advantages of NAS include the expandability; need more storage space, add another NAS device and expand the available storage. NAS also brings an extra level of fault tolerance to the network. In a direct attached storage environment, a server going down means that the data that that server holds is no longer available. With NAS, the data is still available on the network and accessible by clients. Fault tolerant measures such as RAID can be used to make sure that the NAS device does not become a point of failure.

Diagnostic Tools •

Network Monitor - Tracks usage of network resources(good for establishing a network baseline).

•

Performance Monitor - Tracks usage of various resources over time(good for establishing a general baseline).

•

Tone Generator - Used to test cabling. Identifies which cable or wire is being tested by generating different tones.

•

TDR (Time Domain Reflectometer): Sends a signal down a cable and measures the distance that the signal travelled before bouncing back(like sonar). Used to find opens and shorts in cables.

•

Oscilloscope - Tests cable by determining where there are shorts, crimps or attenuation.

•

Protocol Analyzers - This tool is used to monitor network traffic and display packet and protocol statistics and information.

•

Optical Testers - A tool used to monitor and troubleshoot the performance of a fiber optic network.

•

Crimping Tools - Crimping tools are used to connect cabling to their appropriate connectors. There are different crimping tools for different types of connections.

•

Punch Down Tool - A punch down tool is used to connect cabling such as telephone and ethernet to wall jacks.

CCNA Study Notes for Exam 640-607 OSI Model LAN Design Network Devices Bridging/Switching VLANs Lan Protocols TCP/IP IPX/SPX WAN Protocols Frame Relay ISDN ATM PPP Cisco IOS Security Routing RIP OSPF IGRP and EIGRP Other Routing Info Additional Links

OSI Model:

The OSI model is a layered model and a conceptual standard used for defining standards to promote multi-vendor integration as well as maintain constant interfaces and isolate changes of implementation to a single layer. It is NOT application or protocol specific. In order to pass any Cisco exam, you need to know the OSI model inside and out. The OSI Model consists of 7 layers. Description Device Provides network access for applications, flow control and error recovery. Provides communications services to applications by Application identifying and establishing the availability of other computers as well Gateway as to determine if sufficient resources exist for communication purposes. Layer

Protocol NCP, SMB, SMTP, FTP, SNMP, Telnet, Appletalk

Presentation Performs protocol conversion, encryption and data compression

Gateway and NCP, AFP, TDI redirectors

Session

Allows 2 applications to communicate over a network by opening a session and synchronizing the involved computers. Handles connection establishment, data transfer and connection release

Gateway

NetBios

Transport

Repackages messages into smaller formats, provides error free delivery and error handling functions

Gateway

NetBEUI, TCP, SPX, and NWLink

Network

Handles addressing, translates logical addresses and names to physical Router and addresses, routing and traffic management. brouter

Packages raw bits into frames making it transmitable across a network link and includes a cyclical redundancy check(CRC). It consists of the LLC sublayer and the MAC sublayer. The MAC sublayer is important **Data Link to remember, as it is responsible for appending the MAC address of the next hop to the frame header. On the contrary, LLC sublayer uses Destination Service Access Points and Source Service Access Points to create links for the MAC sublayers. Physical layer works with the physical media for transmitting and receiving data bits via certain encoding schemes. It also includes Physical specifications for certain mechanical connection features, such as the adaptor connector.

IP, IPX, NWLink, NetBEUI

Switch, bridge None and brouter

Multiplexer and repeater

None

Here is an easy way to memorize the order of the layers: All People Seem To Need Data Processing. The first letter of each word corresponds to the first letter of one of the layers. It is a little corny, but it works. The table above mentions the term "MAC Address". A MAC address is a 48 bit address for uniquely identifying devices on the network. Something likes 00-00-12-33-FA-BC, we call this way of presenting the address a 12 hexadecimal digits format. The first 6 digits specify the manufacture, while the remainders are for the host itself. ARP Protocol is used to determine the IP to MAC mapping. And of course, MAC addresses cannot be duplicated in the network or problems will occur. Data encapsulation takes place in the OSI model. It is the process in which the information in a protocol is wrapped in the data section of another protocol. The process can be broken down into the following steps: User information -> data -> segments -> packets/datagrams -> frames -> bits. When discussing the OSI model it is important to keep in mind the differences between "Connection-oriented" and "Connectionless" communications. A connection oriented communication has the following characteristics: A session is guaranteed. Acknowledgements are issued and received at the transport layer, meaning if the sender does not receive an acknowledgement before the timer expires, the packet is retransmitted. Phrases in a connection-oriented service involves Call Setup, Data transfer and Call termination.

All traffic must travel along the same static path. A failure along the static communication path can fail the connection. A guaranteed rate of throughput occupies resources without the flexibility of dynamic allocation. Reliable = SLOW (this is always the case in networking). In contrast, a connectionless communication has the following characteristics: Often used for voice and video applications. NO guarantee nor acknowledgement. Dynamic path selection. Dynamic bandwidth allocation. Unreliable = FAST. (Note: Connectionless communication does have some reliability PROVIDED by upper layer Protocols.)

LAN Design: Ethernet When we talk about a LAN, Ethernet is the most popular physical layer LAN technology today. Its standard is defined by the Institute for Electrical and Electronic Engineers as IEEE Standard 802.3, but was originally created by Digital Intel Xerox (DIX). According to IEEE, information for configuring an Ethernet as well as specifying how elements in an Ethernet network interact with one another is clearly defined in 802.3. For half-duplex Ethernet 10BaseT topologies, data transmissions occur in one direction at a time, leading to frequent collisions and data retransmission. In contrast, full-duplex devices use separate circuits for transmitting and receiving data and as a result, collisions are largely avoided. A collision is when two nodes are trying to send data at the same time. On an Ethernet network, the node will stop sending when it detects a collision, and will wait for a random amount of time before attempting to resend, known as a jam signal. Also, with full-duplex transmissions the available bandwidth is effectively doubled, as we are using both directions simultaneously. You MUST remember: to enjoy full-duplex transmission, we need a switch port, not a hub, and NICs that are capable of handling full duplex. Ethernet?s media access control method is called Carrier sense multiple access/ collision dectect (CSMA/CD). Because of Ethernets collision habits it is also known as the ?best effort delivery system.? Ethernet cannot carry data over 1518 bytes, anything over that is broken down into ?travel size packets.? Click here for a website with tons of information related to ethernet. Fast Ethernet For networks that need higher transmission speeds, there is the Fast Ethernet standard called IEEE 802.3u that raises the Ethernet speed limit to 100 Mbps! Of course, we need new cabling to support this high speed. In 10BaseT network we use Cat3 cable, but in 100BaseT network we need Cat 5 cables. The three types of Fast Ethernet standards are 100BASE-TX for use with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and 100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable. Gigabit Ethernet Gigabit Ethernet is an emerging technology that will provide transmission speeds of 1000mbps. It is defined by the IEEE standard The 1000BASE-X (IEEE 802.3z). Just like all

other 802.3 transmission types, it uses Ethernet frame format, full-duplex and media access control technology. Token Ring Token Ring is an older standard that isn't very widely used anymore as most have migrated to some form of Ethernet or other advanced technology. Ring topologies can have transmission rates of either 4 or 16mbps. Token passing is the access method used by token ring networks, whereby, a 3bit packet called a token is passed around the network. A computer that wishes to transmit must wait until it can take control of the token, allowing only one computer to transmit at a time. This method of communication aims to prevent collisions. Token Ring networks use multistation access units (MSAUs) instead of hubs on an Ethernet network. For extensive information on Token Ring, visit Cisco's website.

Network Devices:

In a typical LAN, there are various types of network devices available as outlined below. •

Hub Repeat signals received on each port by broadcasting to all the other connected ports.

•

Repeaters Used to connect two or more Ethernet segments of any media type, and to provide signal amplification for a segment to be extended. In a network that uses repeater, all members are contending for transmission of data onto a single network. We like to call this single network a collision domain. Effectively, every user can only enjoy a percentage of the available bandwidth. Ethernet is subject to the "5-4-3" rule regarding repeater placement, meaning we can only have five segments connected using four repeaters with only three segments capable of accommodating hosts.

•

Bridge A layer 2 device used to connect different networks types or networks of the same type. It maps the Ethernet addresses of the nodes residing on each segment and allows only the necessary traffic to pass through the bridge. Packet destined to the same segment is dropped. This "store-and-forward" mechanism inspects the whole Ethernet packet before making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it introduces a 20 to 30 percent latency when processing the frame. Only 2 networks can be linked with a bridge.

•

Switch Can link up four, six, eight or even more networks. Cut-through switches run faster because when a packet comes in, it forwards it right after looking at the destination address only. A store-and-forward switch inspects the entire packet before forwarding. Most switches cannot stop broadcast traffic. Switches are layer 2 devices.

•

Routers Can filter out network traffic also. However, they filter based on the protocol addresses defined in OSI layer 3(the network layer), not based on the Ethernet packet addresses. Note that protocols must be routable in order to pass through the routers. A router can determine the most efficient path for a packet to take and send packets around failed segments.

•

Brouter Has the best features of both routers and bridges in that it can be configured to pass the unroutable protocols by imitating a bridge, while not passing broadcast storms by acting as a router for other protocols.

•

Gateway Often used as a connection to a mainframe or the internet. Gateways enable communications between different protocols, data types and environments. This is achieved via protocol conversion, whereby the gateway strips the protocol

stack off of the packet and adds the appropriate stack for the other side. Gateways operate at all layers of the OSI model without making any forwarding decisions. The goal of LAN segmentation is to effectively reduce traffic and collisions by segmenting the network. In a LAN segmentation plan, we do not consider the use of gateways and hubs at all and the focus turns to device such as switches and routers.

Bridging/Switching: Bridge - A layer 2 device used to connect different networks types or networks of the same type. It maps the Ethernet addresses of the nodes residing on each segment and allows only the necessary traffic to pass through the bridge. Packet destined to the same segment is dropped. This "store-and-forward" mechanism inspects the whole Ethernet packet before making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it introduces a 20 to 30 percent latency when processing the frame. Only 2 networks can be linked with a bridge. Switch - Switches are layer 2 devices that can link up four, six, eight or even more networks. Switches are the only devices that allow for microsegmentation. Cut-through switches run faster because when a packet comes in, it forwards it right after looking at the destination address only. A store-and-forward switch inspects the entire packet before forwarding. Most switches cannot stop broadcast traffic. Switches are considered dedicated data link device because they are close to a 100 % of the bandwidth. While bridging does most of its work by hardware, switches use fabric/software to handle most of its work. Store-and-forward - The entire frame is received before any forwarding takes place. The destination and/or the source addresses are read and filters are applied before the frame is forwarded. Latency occurs while the frame is being received; the latency is greater with larger frames because the entire frame takes longer to read. Error detection is high because of the time available to the switch to check for errors while waiting for the entire frame to be received. This method discards frames smaller than 64 bytes (runts) and frames larger than 1518 bytes (giants). Cut-Through - The switch reads the destination address before receiving the entire frame. The frame is then forwarded before the entire frame arrives. This mode decreases the latency of the transmission and has poor error detection. This method has two forms, Fastforward and fragment-free. •

Fast-forward switching - Fast-forward switching offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. Because fast-forward switching does not check for errors, there may be times when frames are relayed with errors. Although this occurs infrequently and the destination network adapter discards the fault frame upon receipt. In networks with high collision rates, this can negatively affect available bandwidth.

•

Fragment Free Switching - Use the fragment-free option to reduce the number of collisions frames forwarded with errors. In fast-forward mode, latency is measured from the first bit received to the first bit transmitted, or first in, first out (FIFO). Fragment-free switching filters out collision fragments, which are the majority of packets errors, before forwarding begins. In a properly functioning network, collision fragments must be smaller then 64 bytes. Anything greater than 64 byes is a valid packet and is usually received without error. Fragment-free switching waits until the received packet has been determined not to be a collision fragment before forwarding the packet. In fragment-free, latency is measured as FIFO.

Spanning-Tree Protocol - Allows duplicate switched/bridged paths without incurring the latency effects of loops in the network. The Spanning-Tree Algorithm, implemented by the Spanning-Tree Protocol, prevents loops by calculating stable spanning-tree network topology. When creating a fault-tolerant network, a loop-free path must exist between all nodes in the network The Spanning-Tree Algorithm is used to calculate a loop-free paths. Spanning-tree frames, called bridge protocol data units (BPDUs), are sent and received by all switches in the network at regular intervals and are used to determine the spanning-tree topology. A switch uses SpanningTree Protocol on all Ethernet-and Fast Ethernet-based VLANs. Spanning-tree protocol detects and breaks loops by placing some connections in standby mode, which are activated in the event of an active connection failure. A separate instance Spanning-Tree Protocol runs within each configured VLAN, ensuring topologies, mainly Ethernet topologies that conform to industry standards throughout the network. These modes are as follows: •

Blocking- NO frames forwarded, BPDUs heard.

•

Listening ? No frames forwarded, listening for frames

•

Learning- No frames forwarded, learning addresses.

•

Forwarding- Frames forwarded, learning addresses.

•

Disabled- No frames forwarded, no BPDUs heard.

The state for each VLAN is initially set by the configuration and later modified by the Spanning-Tree Protocol process. You can determine the status, cost and priority of ports and VLANs, by using the show spantree command. After the port-to-VLAN state is set, Spanning-Tree Protocol determines whether the port forwards or blocks frames.

VLANs: A VLAN is a logical grouping of devices or users. These devices or users can be grouped by function, department application and so on, regardless of their physical segment location. VLAN configuration is done at the switch via switching fabric. A VLAN can be used to reduce collisions by separating broadcast domains within the switch. In other words, VLANs create separate broadcast domains in a switched network. Frame tagging at layer 2 does this. Frame tagging is a gaining recognition as the standard for implementing VLANs, and is recognized by IEEE 802.1q. Frame tagging uniquely assigns a VLAN ID to each frame. This identifier is understood and examined by each switch prior to any broadcasts or transmissions to other switches, routers, and end-stations devices. When the frame exits the network backbone, the switch removes the identifier before the frame is transmitted to the target end station. This effectively creates an environment with fewer collisions. The key to this is that ports in a VLAN share broadcasts, while ports not in that VLAN cannot share the broadcasts. Thus users in the same physical location can be members of different VLANs. We can plug existing hubs into a switch port and assign them a VLAN of their own to segregates users on the hubs. Frame filtering examines particular information about each frame. A filtering table is developed for each switch; this provides a high level of administrative control because it can examine many attributes of each frame. Frame filtering is slowly being erased and replaced by the frame tagging method. VLANs can be complicated to set up. VLANs use layer 2 addressing, meaning that routers are required between separate VLANs. The advantage of deploying layer 2 addresses is that layer 2 addressing is faster to process. It is also quite common for administrators to set up multiple VLANs with multiple access lists to control access. Layer 3 routing provides the

ability for multiple VLANs to communicate with each other, which means that users in different locations can reside on the same VLAN. This is a flexible approach to network design. VLANs are configured on the switch three ways, port centric, static and dynamically. In portcentric VLANs, all the nodes connected to ports in the same VLAN are assigned the same VLAN ID. Packets do not ?leak? into other domains, and are easily administered and provide great security between VLANs. Some say that static configured VLANs are the same as port centric, because static VLANs use the port centric method for assigning them to switch ports. Dynamic VLANs are ports on a switch that can automatically determine their VLAN assignments. Dynamic VLAN functions are based on MAC addresses, logical addressing, or protocol type of the data packets. When a station is initially connected to an unassigned switch port, the appropriate switch checks the MAC entry in the management database and dynamically configures the port with the corresponding VLAN configuration. The major high points of this method are less administration overhead, of course only after the first administration of the database within the VLAN management software. VLAN Switching VLAN Considerations

Lan Protocols:

The following sections will introduce the core LAN protocols that you will need to know for the exam. TCP/IP: Every IP address can be broken down into 2 parts, the Network ID(netid) and the Host ID(hostid). All hosts on the same network must have the same netid. Each of these hosts must have a hostid that is unique in relation to the netid. IP addresses are divided into 4 octets with each having a maximum value of 255. We view IP addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data so one must be able to convert addresses back and forth. The following table explains how to convert binary into decimal and visa versa: When converting binary data to decimal, a Decimal Binary "0" is equal to 0. "1" is equal to the number 128 10000000 that corresponds to the field it is in. For 64 01000000 example, the number 213 would be 32 00100000 11010101 in binary notation. This is calculated as follows: 16 00010000 128+64+0+16+0+4+0+1=213. Remember 8 00001000 that this only represents 1 octet of 8 bits, 4 00000100 while a full IP address is 32 bits made up of 2 00000010 4 octets. This being true, the IP address 213.128.68.130 would look like 11010101 1 00000001 10000000 01000100 10000010.

IP addresses are divided into 3 classes as shown below: Class Range

A B C D E

1-126 128-191 192-223 224-239 Multicasting 240-255 Experimental

IP addresses can be class A, B or C. Class A addresses are for networks with a large number of hosts. The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to large networks with the first 2 octets making up the netid and the remaining 2 are the hostid. A class C is for smaller networks with the first 3 octets making up the netid and the last octet comprising the hostid. The later two classes aren?t used for networks.

A subnet mask blocks out a portion of an IP address and is used to differentiate between the hostid and netid. The default subnet masks are as follows: Class Default Subnet # of Subnets # of Hosts Per Subnet Class A 255.0.0.0 126 16,777,214 Class B 255.255.0.0 16,384 65,534 Class C 255.255.255.0 2,097,152 254 In these cases, the part of the IP address blocked out by 255 is the netid. In the table above, the it shows the default subnet masks. What subnet mask do you use when you want more that 1 subnet? Lets say, for example, that you want 8 subnets and will be using a class C address. The first thing you want to do is convert the number of subnets into binary, so our example would be 00001000. Moving from left to right, drop all zeros until you get to the first "1". For us that would leave 1000. It takes 4 bits to make 8 in binary so we add a "1" to the first 4 high order bits of the 4th octet of the subnet mask(since it is class C) as follows: 11111111.11111111.11111111.11110000 = 255.255.255.240. There is our subnet mask. Lets try another one...Lets say that you own a chain of stores that sell spatulas in New York and you have stores in 20 different neighborhoods and you want to have a separate subnet on your network for each neighborhood. It will be a class B network. First, we convert 20 to binary - 00010100. We drop all zeros before the first "1" and that leaves 10100. It takes 5 bits to make 20 in binary so we add a "1" to the first 5 high order bits which gives: 11111111.11111111.11111000.00000000 = 255.255.248.0. The following table shows a comparison between the different subnet masks. Mask # of Subnets Class A Hosts Class B Hosts Class C Hosts 192 2 4,194,302 16,382 62 224 6 2,097,150 8,190 30 240 14 1,048,574 4,094 14 248 30 524,286 2,046 6 252 62 262,142 1,022 2 254 126 131,070 510 Invalid 255 254 65,534 254 Invalid Note: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. TCP/IP Ports - Ports are what an application uses when communicating between a client and server computer. Some common TCP/IP ports are: 20 FTP-DATA 21 FTP 23 TELNET

25 SMTP 69 TFTP 70 GOPHER 80 HTTP 110 POP3 137 NetBIOS name service 138 NetBIOS datagram service 139 NetBIOS 161 SNMP You need to understand Buffering, Source quench messages and Windowing. Buffering allows devices to temporarily store bursts of excess data in memory. However, if data keep arriving at high speed, buffers can go overflow. In this case, we use source quench messages to request the sender to slow down. Windowing is for flow-control purpose. It requires the sending device to send a few packets to the destination device and wait for the acknowledgment. Once received, it sends the same amount of packets again. If there is a problem on the receiving end, obviously no acknowledgement will ever come back. The sending source will then retransmits at a slower speed. This is like trial and error, and it works. Note that the window size should never be set to 0 - a zero window size means to stop transmittion completely. 3COM?s IP addressing tutorial is just superior. It covers basic IP addressing options as well as subnetting and VLSM/CIDR. IPX/SPX: IPX will also be an important issue to consider in network management given the fact there many companies still use Netware servers. There are two parts to every IPX Network address - the Network ID and the Host ID. The first 8 hex digits represent the network ID, while the remaining hex digits represent the host ID, which is most likely the same as the MAC address, meaning we do not need to manually assign node addresses. Note that valid hexadecimal digits range from 0 through 9, and hexadecimal letters range from A through F. FFFFFFFF in hexadecimal notation = 4292967295 in decimal. Sequenced Packet Exchange(SPX) belongs to the Transport layer, and is connectionoriented. It creates virtual circuits between hosts, and that each host is given a connection ID in the SPX header for identifying the connection. Service Advertisement Protocol(SAP) is used by NetWare servers to advertise network services via broadcast at an interval of every 60 minutes by default.

WAN Protocols: In general, there are three broad types of WAN access technology. With Leased Lines, we have point-to-point dedicated connection that uses pre-established WAN path provided by the ISP. With Circuit Switching such as ISDN, a dedicated circuit path exist only for the duration of the call. Compare to traditional phone service, ISDN is more reliable and is faster. With Packet Switching, all network devices share a single point-to-point link to transport packets across the carrier network - this is known as virtual circuits. When we talk about Customer premises equipment(CPE), we are referring to devices physically located at the subscriber?s location. Demarcation is the place where the CPE ends and the local loop begins. A Central Office(CO) has switching facility that provides point of presence for its service. Data Terminal Equipment(DTE) are devices where the switching

application resides, and Date Circuit-terminating Equipment(DCE) are devices that convert user data from the DTE into the appropriate WAN protocol. A router is a DTE, while a DSU/CSU device or modem are often being referred to as DCEs. Frame Relay: Frame Relay has the following characteristics: successor to X.25 has less overhead than X.25 because it relies on upper layer protocols to perform error checking. Speed in between the range of 56 Kbps to 2.078 Mbps. uses Data Link Connection Identifiers(DLCI) to identify virtual circuits, with DLCI number between 16 and 1007. uses Local Management Interfaces(LMI) to provide info on the DLCI values as well as the status of virtual circuits. Cisco routers support Cisco(Default), ANSI and Q933a. to set up frame relay, we need to set the encapsulation to frame-relay in either the Cisco(Default) mode or the IETF mode, although Cisco encapsulation is required to connect two Cisco devices. LMI type is configurable, but by default it is being auto-sensed. generally transfer data with permanent virtual circuits (PVCs), although we can use switched virtual circuits (SVCs) as well. SVC is for transferring data intermittently. PVC does not have overhead of establishing and terminating a circuit each time communication is needed. Committed Information Rate(CIR) is the guaranteed minimum transfer rate of a connection Cisco has a web page that describes the configuration and troubleshooting of Frame relay at http://www.cisco.com/warp/public/125/13.html ISDN: ISDN has the following characteristics: Works at the Physical, Data Link, and Network Layers. Often used in backup DDR Dial on Demand Routing. Makes use of existing telephone. Supports simultaneous data and voice. Max speed at 125 Kbps with PPP Multilink. Call setup and data transfer is faster than typical modems. BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for control PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel and one D Channel in Europe. E protocol specifies ISDN on existing telephone network I protocol specifies Concepts, terminology, and Services Q protocol specifies switching and signaling ISDN Reference Points include R(between non ISDN equipment and TA), S(between user terminals and NT2), T(between NTI and NT2 devices) and U(between NTI devices and Line Termination Equipment in North America) router always connected by the U interface into NT1 BRI interface is considered Terminal Equipment type 1 TE1 TE1 is built into the ISDN standards Needs to have Terminal Adapter TA to use TE2

Cisco has a web page with links about the configuration and troubleshooting of ISDN here ATM: ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses short fixed length packets called cells which are about 53 bits in length. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps. I recently read that the new standard may be 2Gbps. ATM's speed is derived from the use of short fixed length cells, which reduce delays, and the variance of delay for delay-sensitive services such as voice and video. ATM is capable of supporting a wide range of traffic types such as voice, video, image and data. PPP: As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) was mainly for the transfer of data over slower serial interfaces. It is better than SLIP because it provides multiprotocol support, error correction as well as password protection. It is a Data Link Layer protocol used to encapsulate higher protocols to pass over synchronous or asynchronous communication lines. PPP is capable of operating across any DTE/DCE device, most commonly modems, as long as they support duplex circuits. There are 3 components to PPP: HDLC(High-level Data Link Control) - Encapsulates the data during transmission and is a link layer protocol which is also the default Cisco encapsulation protocol for synchronous serial links. HDLC is supposed to be an open standard, but Cisco's version is proprietary, meaning it can only function with Cisco routers. LCP(Link Control Protocol) - Establishes, tests and configures the data link connection. NCPs(Network Control Protocols) - Used to configure the different communication protocols, allowing them on the same line simultaneously. Microsoft uses 3 NCPs for the 3 protocols at the Network Layer (IP, IPX and NetBEUI) PPP communication occurs in the following manner: PPP sends LCP frames to test and configure the data link. Next, authentication protocols are negotiated to determine what sort of validation is used for security. Below are 2 common authentication protocols: PAP is similar to a network login but passwords are sent as clear text. It is normally only used on FTP sites. CHAP uses encryption and is a more secure way of sending passwords. Then NCP frames are used to setup the network layer protocols to be used. Finally, HDLC is used to encapsulate the data stream as it passes through the PPP connection. Point-to-Point Tunneling Protocol(PPTP) provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. There are 3 steps to setup a secure communication channel: 1. PPP connection and communication to the remote network are established. 2. PPTP creates a control connection between the client and remote PPTP server 3. PPTP creates the IP datagrams for PPP to send. The packets are encrypted by PPP and sent through the tunnel to the PPTP server which decrypts the packets, disassembles the IP datagrams and routes them to the host. Setting

Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS). There is a very helpful web site with detailed tutorials on ISDN, Frame Relay, X.25, ATM and other serial WAN technologies located here.

Cisco IOS:

Cisco routers use the Internetworking Operating System(IOS) which stores the configuration information in Non-Volatile RAM(NVRAM) and the IOS itself is stored in flash. The IOS can be accessed via Telnet, console connection(such as hyperterminal) or dialin connection. You can also configure the router as a web server and then access a web-based configuration panel via http. There are a variety of sources for booting include Flash memory, TFTP and ROM. It is always recommended that new image of IOS be loaded on a TFTP server first, and then copy the image from the TFTP server to the flash memory as a backup mechanism. The copy command such as "copy tftp flash" allows us to copy the IOS image from TFTP server to the Flash memory. And of course, we can always do the reverse. Now, we need to inform the router to boot from the correct source. The following commands are examples of what we should type in depending on the situation. Typically, it is a good idea to specify multiple boot options as a fall back mechanism. boot system flash {filename} boot system tftp {filename} {tftp server IP address} boot system rom After the boot up process we can prepare to login. The User EXEC is the first mode we encounter. It gives us a prompt of "Router>". To exit this mode means to log out completely, this can be done with the logout command. If we want to proceed to the Privileged EXEC, we need to use the enable EXEC command. Once entered, the prompt will be changed to ?Router#". To go back to user EXEC mode, we need to use the disable command. Note that all the configuration works requires the administrator to be in the Privileged mode first. Put it this way, Privileged EXEC mode includes support for all commands in user mode plus those that provide access to global and system settings. The setup command facility is for making major changes to the existing configurations, such as adding a protocol suite, modifying a major addressing scheme changes, or configuring a newly installed interface. If you aren't big on reading manuals, finding out the way to access help information is a MUST. To display a list of commands available for each command mode, we can type in a ? mark. IOS also provides context-sensitive help feature to make life easier. In order to pass this exam, you will need to be able to find your away around the IOS. We will list some the information here, but there is too much to list all of it. You will definitely need access to a router or get the software listed at the beginning of this study guide so that you can practice. Useful editing commands include: Command Purpose Recall commands in the history buffer starting with the Crtl-P most recent command. Crtl-N Return to more recent commands in the history buffer after recalling commands with Crtl-P or the up arrow

Crtl-B Crtl-F Crtl-A Crtl-E Esc B Esc F Crtl-R or Crtl-L

key. Move the cursor back one character Move the cursor forward one character Move the cursor to the beginning of the command line Move the cursor to the end of the command line Move the cursor back one word Move the cursor forward one word Redisplay the current command line

You will find most of the IOS commands at the following 2 links: Router and Switch Commands http://www.cisco.com/warp/cpropub/45/tutorial.htm

Security:

Access Lists allow us to implement some level of security on the network by inspecting and filtering traffic as it enters or exits an interface. Each router can have many access lists of the same or different types. However, only one can be applied in each direction of an interface at a time (keep in mind that inbound and outbound traffic is determined from the router's perspective). The two major types of access lists that deserve special attention are the IP Access Lists and the IPX Access Lists. Standard IP access lists can be configured to permit or deny passage through a router based on the source host's IP address. Extended IP access list uses destination address, IP protocol and port number to extend the filtering capabilities. Access can be configured to be judged based on a specific destination address or range of addresses, on an IP protocol such as TCP or UDP, or on port information such as http, ftp, telnet or snmp. We use access list number to differentiate the type of access list. In standard IP access lists we have numbers from 1 through 99, and in extended IP access lists we have numbers from 100 through 199: 1-99

Standard IP

100-199

Extended IP

200-299

Protocol type-code

300-399

DECnet

600-699

Appletalk

700-799

Standard 48-bit MAC Address

800-899

Standard IPX

900-999

Extended IPX

1000-1099 IPX SAP 1100-1199 Extended 48-bit MAC Address

1200-1299 IPX Summary Address

When dealing with Access Control Lists or preparing for your CCNA exam, you have to deal with a 32-bit wild card address in dotted-decimal form, known as your inverse mask. By Cisco?s definition it is called inverse, but you can think of it as the ?reverse? of your subnet mask in most cases. When dealing with your wild card mask, you have two values that you are working with. Like subnetting you have a 0 as "off" and a 1 as the "on" value. Wild cards deal with the 0 value as ?match? and the 1 value as "ignore". What do I mean by ignore or match? If you have studied ACLs you should know that your goal is to set criteria to deny or permit and that is where your Inverse mask comes into play. It tells the router which values to seek out when trying to deny or permit in your definition. If you have dealt with subnetting you know that most of your address ended with an even number. With your inverse mask you will end up with an odd number. There are several different ways to come up with your inverse mask; the easiest is to subtract your subnet mask from the all routers broadcast address of 255.255.255.255. Example: You have a subnet mask of 255.255.255.0. To get your wild card mask all you have to do is: 255.255.255.255. -255.255.255.0 0.0.0.255 Then you can apply it to the definition, whether using a standard or extended ACL. Standard example: Router(config)# access-list 3 deny 170.10.1.0 0.0.0.255 How you would read this list. With this wild card you told the router to ?match? the first three octets and you don?t care what?s going on in the last octet. Extended example: Router(config)# access-list 103 permit 178.10.2.0 0.0.0.255 170.10.1.0 0.0.0.255 eq 80 How you would read this list? With this wild card you have told the router to match The first three octets and you don?t care what?s going on in the last octet. Thank of it this way. If you had broken the decimal form down to binary. The wild card mask would look like this. 00000000.00000000.00000000.11111111 As you know the ?1? means ignore and ?0? means match. So in that last octet it could have been any value on that subnet line ranging from 0-255. For more information on IP Access Lists, read Configuring IP Access Lists For IPX access list configuration, read Control Access to IPX Networks

Routing:

There are 2 main types of routing, which are static and dynamic, the third type of routing is called Hybrid. Static routing involves the cumbersome process of manually configuring and maintaining route tables by an administrator. Dynamic routing enables routers to "talk" to each other and automatically update their routing tables. This process occurs through the

use of broadcasts. Next is an explanation of the various routing protocols. RIP: Routing Information Protocol(RIP) is a distance vector dynamic routing protocol. RIP measures the distance from source to destination by counting the number of hops(routers or gateways) that the packets must travel over. RIP sets a maximum of 15 hops and considers any larger number of hops unreachable. RIP's real advantage is that if there are multiple possible paths to a particular destination and the appropriate entries exist in the routing table, it will choose the shortest route. Routers can talk to each other, however, in the real routing world, there are so many different routing technologies available, that it is not as simple as just enabling Routing Information Protocol (RIP). For information on RIP configuration, read Configuring RIP OSPF: Open Shortest Path First (OSPF) is a link-state routing protocol that converges faster than a distance vector protocol such as RIP. What is convergence? This is the time required for all routers to complete building the routing tables. RIP uses ticks and hop counts as measurement, while OSPF also uses metrics that takes bandwidth and network congestion into making routing decisions. RIP transmits updates every 30 seconds, while OSPF transmits updates only when there is a topology change. OSPF builds a complete topology of the whole network, while RIP uses second handed information from the neighboring routers. To summarize, RIP is easier to configure, and is suitable for smaller networks. In contrast, OSPF requires high processing power, and is suitable if scalability is the main concern. We can tune the network by adjusting various timers. Areas that are tunable include: the rate at which routing updates are sent, the interval of time after which a route is declared invalid, the interval during which routing information regarding better paths is suppressed, the amount of time that must pass before a route is removed from the routing table, and the amount of time for which routing updates will be postponed. Of course, different setting is needed in different situation. In any case, we can use the "show ip route" command to display the contents of routing table as well as how the route was discovered. For commands and methods to configure OSPF read Configuring OSPF on Cisco Routers IGRP and EIGRP: RIP and OSPF are considered "open", while IGRP and EIGRP are Cisco proprietary. Interior Gateway Routing Protocol(IGRP) is a distance vector routing protocol for the interior networks, while Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid that combines distance vector and link-state technologies. Do not confuse these with NLSP. Link Services Protocol (NLSP) is a proprietary link-state routing protocol used on Novell NetWare 4.X to replace SAP and RIP. For IGRP, the metric is a function of bandwidth, reliability, delay and load. One of the characteristics of IGRP is the deployment of hold down timers. A holddown timer has a value of 280 seconds. It is used to prevent routing loops while router tables converge by preventing routers from broadcasting another route to a router which is off-line before all routing tables converge. For EIGRP, separate routing tables are maintained for IP, IPX and AppleTalk protocols. However, routing update information is still forwarded with a single protocol. (Note: RIPv2, OSPF and EIGRP include the subnet mask in routing updates which allows for VLSM (Variable Length Subnet Mask), hence VLSM is not supported by RIP-1 or IGRP.)

For more information about IGRP, read Configuring IGRP For a detailed guideline on configuring EIGRP, read Configuring IP Enhanced IGRP

Other Routing Info:

In the routing world, we have the concept of autonomous system AS, which represents a group of networks and routers under a common management and share a common routing protocol. ASs are connected by the backbone to other ASs. For a device to be part of an AS, it must be assigned an AS number that belongs to the corresponding AS. Route poisoning intentionally configure a router not to receive update messages from a neighboring router, and sets the metric of an unreachable network to 16. This way, other routers can no longer update the originating router's routing tables with faulty information. Hold-downs prevent routing loops by disallowing other routers to update their routing tables too quickly after a route goes down. Instead, route can be updated only when the holddown timer expires, if another router advertises a better metric, or if the router that originally advertised the unreachable network advertises that the network has become reachable again. Note that hold down timers need to work together with route poisoning in order to be effective. Split horizon simply prevents a packet from going out the same router interface that it entered. Poison Reverse overrides split horizon by informing the sending router that the destination is inaccessible, while Triggered Updates send out updates whenever a change in the routing table occurs without waiting for the preset time to expire.

Router and Switch Commands By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam.

ROUTER COMMANDS Router Commands Show Commands Catalyst Commands TERMINAL CONTROLS: Config# terminal editing - allows for enhanced editing commands Config# terminal monitor - shows output on telnet session Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks HOST NAME: Config# hostname ROUTER_NAME BANNER: Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message

DESCRIPTIONS: Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level CLOCK: Config# clock timezone Central -6 # clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003 CHANGING THE REGISTER: Config# config-register 0x2100 - ROM Monitor Mode Config# config-register 0x2101 - ROM boot Config# config-register 0x2102 - Boot from NVRAM BOOT SYSTEM: Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2 Config# boot system ROM Config# boot system flash - Then - Config# reload CDP: Config# cdp run - Turns CDP on Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180 Config# cdp timer 30 - Sets the update timer.The default is 60 Config# int Ethernet 0 Config-if# cdp enable - Enables cdp on the interface Config-if# no cdp enable - Disables CDP on the interface Config# no cdp run - Turns CDP off HOST TABLE: Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1 -orConfig# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1) DOMAIN NAME SERVICES: Config# ip domain-lookup - Tell router to lookup domain names Config# ip name-server 122.22.2.2 - Location of DNS server Config# ip domain-name cisco.com - Domain to append to end of names CLEARING COUNTERS: # clear interface Ethernet 0 - Clears counters on the specified interface # clear counters - Clears all interface counters # clear cdp counters - Clears CDP counters STATIC ROUTES: Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2 Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route -orConfig# ip default-network Net_Add - Gateway LAN network IP ROUTING: Config# ip routing - Enabled by default

Config# router rip -orConfig# router igrp 100 Config# interface Ethernet 0 Config-if# ip address 122.2.3.2 255.255.255.0 Config-if# no shutdown

IPX ROUTING: Config# ipx routing Config# interface Ethernet 0 Config# ipx maximum-paths 2 - Maximum equal metric paths used Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial Config-if# no shutdown ACCESS LISTS: IP Standard 1-99 IP Extended 100-199 IPX Standard 800-899 IPX Extended 900-999 IPX SAP Filters 1000-1099 IP STANDARD: Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip?s on network 133.2.2.0 -orConfig# access-list 10 permit host 133.2.2.2 - specifies a specific host -orConfig# access-list 10 permit any - allows any address Config# int Ethernet 0 Config-if# ip access-group 10 in - also available: out IP EXTENDED: Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet -protocols: tcp, udp, icmp, ip (no sockets then), among others -source then destination address -eq, gt, lt for comparison -sockets can be numeric or name (23 or telnet, 21 or ftp, etc) -orConfig# access-list 101 deny tcp any host 133.2.23.3 eq www -orConfig# access-list 101 permit ip any any Config# interface Ethernet 0 Config-if# ip access-group 101 out IPX STANDARD: Config# access-list 801 permit 233 AA3 - source network/host then destination network/host -or-

Config# access-list 801 permit -1 -1 - ?-1? is the same as ?any? with network/host addresses Config# interface Ethernet 0 Config-if# ipx access-group 801 out

IPX EXTENDED: Config# access-list 901 permit sap 4AA all 4BB all - Permit protocol src_add socket dest_add socket -?all? includes all sockets, or can use socket numbers -orConfig# access-list 901 permit any any all any all -Permits any protocol with any address on any socket to go anywhere Config# interface Ethernet 0 Config-if# ipx access-group 901 in IPX SAP FILTER: Config# access-list 1000 permit 4aa 3 - ?3? is the service type -orConfig# access-list 1000 permit 4aa 0 - service type of ?0? matches all services Config# interface Ethernet 0 Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets -orConfig-if# ipx output-sap-filter 1000 - filter applied to outgoing packets NAMED ACCESS LISTS: Config# ip access-list standard LISTNAME -can be ip or ipx, standard or extended -followed by the permit or deny list Config# permit any Config-if# ip access-group LISTNAME in -use the list name instead of a list number -allows for a larger amount of access-lists PPP SETUP: Config-if# encapsulation ppp Config-if# ppp authentication chap pap -order in which they will be used -only attempted with the authentification listed -if one fails, then connection is terminated Config-if# exit Config# username Lab-b password 123456 -username is the router that will be connecting to this one -only specified routers can connect -orConfig-if# ppp chap hostname ROUTER Config-if# ppp chap password 123456 -if this is set on all routers, then any of them can connect to any other

-set same on all for easy configuration ISDN SETUP: Config# isdn switch-type basic-5ess - determined by telecom Config# interface serial 0 Config-if# isdn spid1 2705554564 - isdn ?phonenumber? of line 1 Config-if# isdn spid2 2705554565 - isdn ?phonenumber? of line 2 Config-if# encapsulation PPP - or HDLC, LAPD DDR - 4 Steps to setting up ISDN with DDR 1.

Configure switch type Config# isdn switch-type basic-5ess - can be done at interface config

2.

Configure static routes Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5 Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)

3.

Configure Interface Config-if# ip address 192.3.5.5 255.255.255.0 Config-if# no shutdown Config-if# encapsulation ppp Config-if# dialer-group 1 - applies dialer-list to this interface Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212 connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic can also use ?dialer string 5551212? instead if there is only one router to connect to

4.

Specify interesting traffic Config# dialer-list 1 ip permit any -orConfig# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list

5.

Other Options Config-if# hold-queue 75 - queue 75 packets before dialing Config-if# dialer load-threshold 125 either -load needed before second line is brought up -?125? is any number 1-255, where % load is x/255 (ie 125/255 is about 50%) -can check by in, out, or either Config-if# dialer idle-timeout 180 -determines how long to stay idle before terminating the session -default is 120

FRAME RELAY SETUP: Config# interface serial 0 Config-if# encapsulation frame-relay - cisco by default, can change to ietf Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a Config-if# bandwidth 56 Config-if# interface serial 0.100 point-to-point - subinterface

Config-if# ip address 122.1.1.1 255.255.255.0 Config-if# frame-relay interface-dlci 100 -maps the dlci to the interface -can add BROADCAST and/or IETF at the end Config-if# interface serial 1.100 multipoint Config-if# no inverse-arp - turns IARP off; good to do Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast -maps an IP to a dlci (48 in this case) -required if IARP is turned off -ietf and broadcast are optional Config-if# frame-relay map ip 122.1.1.3 54 broadcast SHOW COMMANDS Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show Show

access-lists - all access lists on the router cdp - cdp timer and holdtime frequency cdp entry * - same as next cdp neighbors detail - details of neighbor with ip add and ios version cdp neighbors - id, local interface, holdtime, capability, platform portid cdp interface - int?s running cdp and their encapsulation cdp traffic - cdp packets sent and received controllers serial 0 - DTE or DCE status dialer - number of times dialer string has been reached, other stats flash - files in flash frame-relay lmi - lmi stats frame-relay map - static and dynamic maps for PVC?s frame-relay pvc - pvc?s and dlci?s history - commands entered hosts - contents of host table int f0/26 - stats of f0/26 interface Ethernet 0 - show stats of Ethernet 0 ip - ip config of switch ip access-lists - ip access-lists on switch ip interface - ip config of interface ip protocols - routing protocols and timers ip route - Displays IP routing table ipx access-lists - same, only ipx ipx interfaces - RIP and SAP info being sent and received, IPX addresses ipx route - ipx routes in the table ipx servers - SAP table ipx traffic - RIP and SAP info isdn active - number with active status isdn status - shows if SPIDs are valid, if connected mac-address-table - contents of the dynamic table protocols - routed protocols and net_addresses of interfaces running-config - dram config file sessions - connections via telnet to remote device startup-config - nvram config file terminal - shows history size trunk a/b - trunk stat of port 26/27 version - ios info, uptime, address of switch vlan - all configured vlan?s

Show vlan-membership - vlan assignments Show vtp - vtp configs CATALYST COMMANDS For Native IOS - Not CatOS SWITCH ADDRESS: Config# ip address 192.168.10.2 255.255.255.0 Config# ip default-gateway 192.168.10.1 DUPLEX MODE: Config# interface Ethernet 0/5 - ?fastethernet? for 100 Mbps ports Config-if# duplex full - also, half | auto | full-flow-control SWITCHING MODE: Config# switching-mode store-and-forward - also, fragment-free MAC ADDRESS CONFIGS: Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3 -port 3 can only send data out port 2 with that mac -very restrictive security Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port VLANS: Config# vlan 10 name FINANCE Config# interface Ethernet 0/3 Config-if# vlan-membership static 10 TRUNK LINKS: Config-if# trunk on - also, off | auto | desirable | nonegotiate Config-if# no trunk-vlan 2 -removes vlan 2 from the trunk port -by default, all vlans are set on a trunk port CONFIGURING VTP: Config# delete vtp - should be done prior to adding to a network Config# vtp server - the default is server, also client and transparent Config# vtp domain Camp - name doesn?t matter, just so all switches use the same Config# vtp password 1234 - limited security Config# vtp pruning enable - limits vtp broadcasts to only switches affected Config# vtp pruning disable FLASH UPGRADE: Config# copy tftp://192.5.5.5/configname.ios opcode - ?opcode? for ios upgrade, ? nvram? for startup config DELETE STARTUP CONFIG: Config# delete nvram

Cisco IOS Command Line Interface Tutorial Abstract The focus of this document is to introduce a new Cisco Internetworking Operating System (IOS) user to the IOS command line interface (CLI). After reading this document, a new user will understand how to use the IOS CLI to configure and manage an IOS router. For easier reference, Table 1 displays a collection of important terms and acronyms that are used throughout the document. Table 1 - Glossary Of Important Terms And Acronyms Used In This Tutorial Cisco IOS CLI EXEC Flash NVRAM RAM

- Cisco Internetworking Operating System - Command Line Interface - Command line session to the router (could be console, modem, or telnet) - Non-Volatile Memory used to store IOS software image - Non-Volatile RAM used to store router configuration - Random Access Memory

CLI Architecture A Cisco IOS router command line interface can be accessed through either a console connection, modem connection, or a telnet session. Regardless of which connection method is used, access to the IOS command line interface is generally referred to as an EXEC session. As a security feature, Cisco IOS separates EXEC sessions into two different access levels - user EXEC level and privileged EXEC level. User EXEC level allows a person to access only a limited amount of basic monitoring commands. Privileged EXEC level allows a person to access all router commands (e.g. configuration and management) and can be password protected to allow only authorized users the ability to configure or maintain the router. For example, when an EXEC session is started, the router will display a "Router>" prompt. The right arrow (>) in the prompt indicates that the router is at the user EXEC level. The user EXEC level does not contain any commands that might control (e.g. reload or configure) the operation of the router. To list the commands available at the user EXEC level, type a question mark (?) at the Router> prompt. (This feature is referred to as context sensitive help.) Critical commands (e.g. configuration and management) require that the user be at the privileged EXEC level. To change to the privileged EXEC level, type "enable" at the Router> prompt. If an enable password is configured, the router will then prompt for that password. When the correct enable password is entered, the router prompt will change to "Router#" indicating that the user is now at the

privileged EXEC level. To switch back to user EXEC level, type "disable" at the Router# prompt. Typing a question mark (?) at the privileged EXEC level will now reveal many more command options than those available at the user EXEC level. The text below illustrates the process of changing EXEC levels. Router> enable Password: [enable password] Router# disable Router> Note: For security reasons, the router will not echo the password that is entered. Also, be advised that if configuring a router via telnet, the password is sent in clear text. Telnet does not offer a method to secure packets. Once an EXEC session is established, commands within Cisco IOS are hierarchically structured. In order to successfully configure the router, it is important to understand this hierarchy. To illustrate this hierarchy, Figure 1 provides a simple high-level schematic diagram of some IOS commands.

Figure 1 - IOS CLI hierarchy Command options and applications vary depending on position within this hierarchy. Referring to the diagram in figure 1, configuration command options will not be available until the user has navigated to the configuration branch of the IOS CLI structure. Once in the configuration branch, a user may enter system level configuration commands that apply to the entire router at the global configuration level. Interface specific configuration commands are available once the user has switched to the particular interface configuration level. More detailed information and examples on how to navigate through the IOS CLI hierarchy are offered in the Router Configuration section. To assist users in navigation through IOS CLI, the command prompt will change to reflect the position of a user within the command hierarchy. This allows users to easily identify where within the command structure they are at any given

moment. Table 2 is a summary of command prompts and the corresponding location within the command structure. Table 2 - IOS Command Prompt Summary Router> Router# Router(config)#

- User EXEC mode - Privileged EXEC mode - Configuration mode (notice the # sign indicates this is only accessible at privileged EXEC mode.) - Interface level within configuration mode.

Router(config-if)# Router(config- Routing engine level within configuration mode. router)# Router(config-line)# - Line level (vty, tty, async) within configuration mode.

CLI Editor Features Context Sensitive Help Cisco IOS CLI offers context sensitive help. This is a useful tool for a new user because at any time during an EXEC session, a user can type a question mark (?) to get help. Two types of context sensitive help are available - word help and command syntax help. Word help can be used to obtain a list of commands that begin with a particular character sequence. To use word help, type in the characters in question followed immediately by the question mark (?). Do not include a space before the question mark. The router will then display a list of commands that start with the characters that were entered. The following is an example of word help: Router# co? configure connect copy

Command syntax help can be used to obtain a list of command, keyword, or argument options that are available based on the syntax the user has already entered. To use command syntax help, enter a question mark (?) in the place of a keyword or argument. Include a space before the question mark. The router will then display a list of available command options with standing for carriage return. The following is an example of command syntax help: Router# configure ? memory network overwrite-network terminal

Configure Configure Overwrite Configure

from NV memory from a TFTP network host NV memory from TFTP network host=20 from the terminal

Command Syntax Check If a command is entered improperly (e.g. typo or invalid command option), the router will inform the user and indicate where the error has occurred. A caret symbol (^) will appear underneath the incorrect command, keyword, or argument. The following example displays what happens if the keyword "ethernet" is spelled incorrectly.

Router(config)#interface ethernat ^ % Invalid input detected at '^' marker. Command Abbreviation Commands and keywords can be abbreviated to the minimum number of characters that identifies a unique selection. For example, you can abbreviate the "configure" command to "conf" because "configure" is the only command that begins with "conf". You could not abbreviate the command to "con" because more than one command could fit this criteria. The router will issue the following error message if you do not supply enough characters. cisco(config)#i % Ambiguous command: "i" Hot Keys For many editing functions, the IOS CLI editor provides hot keys. The following table lists some editing shortcuts that are available. Table 3 - Summary Of Hot Keys Delete Backspace TAB Ctrl-A Ctrl-R Ctrl-U Ctrl-W Ctrl-Z Up Arrow Down Arrow

- Removes one character to the right of the cursor. - Removes one character to the left of the cursor. - Finishes a partial command. - Moves the cursor to the beginning of the current line. - Redisplays a line. - Erases a line. - Erases a word. - Ends configuration mode and returns to the EXEC. - Allows user to scroll forward through former commands. - Allows user to scroll backward through former commands.

Router Configuration Entering Configurations Perhaps the best way to illustrate IOS CLI navigation is by walking through a simple router configuration. The comments in the example do not attempt to explain the meaning of each individual command, but rather intend to display where configuration commands are entered within the IOS command structure. Pay particular attention to how the command prompt changes as the user navigates through the IOS CLI hierarchy. Also notice that global parameters are configured at the global configuration level (indicated by the "Router(config)#" prompt) whereas interface specific commands are entered after switching to the particular interface (indicated by the "Router(config-if)#" prompt). Global parameters and interface parameters are discussed further in the Displaying Configurations section under Router Management. Router> enable

- switches to privileged EXEC level

Router# configure terminal

- switches to global configuration level - configures router with an enable secret (global)

Router(config)# enable secret cisco Router(config)# ip route 0.0.0.0 0.0.0.0 20.2.2.3 Router(config)# interface ethernet0 Router(config-if)# ip address 10.1.1.1 255.0.0.0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# interface serial0 Router(config-if)# ip address 20.2.2.2 255.0.0.0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# router rip Router(config-router)# network 10.0.0.0 Router(config-router)# network 20.0.0.0 Router(config-router)# exit Router(config)# exit Router# copy running-config startupconfig Router# disable Router>

- configures a static IP route (global) - switches to configure the ethernet0 interface - configures an IP address on ethernet0 (interface) - activates ethernet0 (interface) - exits back to global configuration level - switches to configure the serial0 interface - configures an IP address on serial0 (interface) - activates serial0 (interface) - exits back to global configuration level - switches to configure RIP routing engine - adds network 10.0.0.0 to RIP engine (routing engine) - adds network 20.0.0.0 to RIP engine (routing engine) - exits back to global configuration level - exits out of configuration level - saves configuration into NVRAM - disables privileged EXEC level - indicates user is back to user EXEC level

In the above example, notice how the exit command is used to back up a level within the IOS hierarchy. For example, if in the interface configuration level (i.e. Router (config-if)# prompt), typing exit will put the user back in the global configuration level (i.e. Router (config)# prompt). Taking Interfaces Out Of Shutdown Routers ship from the factory with all interfaces deactivated. Deactivated interfaces are referred to as being in a shutdown state. Before an interface can be used, it must be taken out of the shutdown state. To take an interface out of shutdown, type "no shutdown" at the appropriate interface configuration level. The example above includes these commands for both the ethernet and serial interfaces. Removing Commands / Resetting Default Values IOS provides an easy way to remove commands from a configuration. To remove a command from the configuration, simply navigate to the proper location and type "no" followed by the command to be removed. The following example displays how to remove an IP address from the ethernet0 interface. Router> enable Router# configure terminal Router(config)# interface ethernet0 Router(config-if)# no ip address Router(config-if)# exit Router(config)# exit

- switches to privileged EXEC level - switches to global configuration level - switches to configure the ethernet0 interface - removes IP address - exits back to global configuration level - exits out of configuration level

Router# disable Router>

- disables privileged EXEC level - prompt indicates user is back to user EXEC level

Some configuration commands in IOS are enabled by default and assigned a certain default value. When left at the default value, these commands will not be displayed when the configuration is listed. If the value is altered from the default setting, issuing a "no" form of the command will restore the value to the default setting. Saving Configurations A Cisco IOS router stores configurations in two locations - RAM and NVRAM. The running configuration is stored in RAM and is used by the router during operation. Any configuration changes to the router are made to the runningconfiguration and take effect immediately after the command is entered. The startup-configuration is saved in NVRAM and is loaded into the router's runningconfiguration when the router boots up. If a router loses power or is reloaded, changes to the running configuration will be lost unless they are saved to the startup-configuration. To save the running-configuration to the startup configuration, type the following from privileged EXEC mode (i.e. at the "Router#" prompt.) Router# copy running-config startup-config

Note: Prior to 11.x software, the command to save the running-configuration to the startup-configuration was different. Use the following command if your IOS version is prior to 11.x: Router#write memory

IMPORTANT: When editing a configuration, SAVE the configuration often!

Router Management IOS supports many different types of show commands. This section covers a few of the common show commands used to both manage and troubleshoot a router. The scope of this document is not to instruct how to use these commands to troubleshoot a router, but to make the user aware that these management options exist. For specific information about troubleshooting a network using these commands, refer to the appropriate troubleshooting document. Displaying Configurations To display the running-configuration, type the following command in privileged EXEC mode: Router#show running-config

To display the startup-configuration that is stored in NVRAM, type the following command in privileged EXEC mode: Router#show startup-config

The following is the show running-config output from the example used in the Router Configuration section. Current configuration: ! version 11.2 ! hostname cisco ! enable password cisco ! interface Ethernet0 ip address 10.1.1.1 255.0.0.0 ! interface Serial0 ip address 20.2.2.2 255.0.0.0 ! router rip network 10.0.0.0 network 20.0.0.0 ! ip route 0.0.0.0 0.0.0.0 20.2.2.3 ! line vty 0 4 password telnet login ! end When displaying a configuration, the exclamation marks (!) function as line separators to make reading easier. Referring to the above example, notice how commands entered at the interface configuration level appear indented underneath the respective interface (e.g. interface Ethernet0). Likewise, commands entered underneath the routing engine configuration level appear indented underneath the routing engine (e.g. router rip). Global level commands are not indented. This type of display allows a user to easily identify which configuration parameters are set at the global configuration level and which are set at the various configuration sub-levels. Note: If an interface was in a shutdown state, the word 'shutdown' would appear indented under the particular interface in shutdown state. Also, commands that are enabled by default are not displayed in the configuration listing. Displaying Software Version And More

The show version command provides a lot of information in addition to the version of software that is running on the router. The following information can be collected with the show version command: Software Version Bootstrap Version System up-time System restart info Software image name Router Type and Processor type

- IOS software version (stored in flash) - Bootstrap version (stored in Boot ROM) - Time since last reboot - Method of restart (e.g. power cycle, crash) - IOS filename stored in flash - Model number and processor type - Main Processor RAM Memory type and allocation (Shared/Main) - Shared Packet I/O buffering Software Features - Supported protocols / feature sets Hardware Interfaces - Interfaces available on router Configuration Register - Bootup specifications, console speed setting, etc.

The following is a sample output of a show version command. Router# show version Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-J-M), Version 11.2(6)P, SHARED PLATFORM, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1997 by cisco Systems, Inc. Compiled Mon 12-May-97 15:07 by tej Image text-base: 0x600088A0, data-base: 0x6075C000 ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE SOFTWARE (fc2) Router uptime is 1 week, 1 day, 38 minutes System restarted by power-on System image file is "flash:c3640-j-mz_112-6_P.bin", booted via flash Host configuration file is "3600_4-confg", booted via tftp from 171.69.83.194 cisco 3640 (R4700) processor (revision 0x00) with 107520K/23552K bytes of memory. Processor board ID 03084730 R4700 processor, Implementation 33, Revision 1.0 Bridging software. SuperLAT software copyright 1990 by Meridian Technology Corp).

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. TN3270 Emulation software. Primary Rate ISDN software, Version 1.0. 2 Ethernet/IEEE 802.3 interface(s) 97 Serial network interface(s) 4 Channelized T1/PRI port(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Displaying Interface States To view information about a particular interface, use the show interface command. The show interface command provides the following list of important information: Interface State (e.g. UP, DOWN, LOOPED) Protocol addresses Bandwidth Reliability and Load Encapsulation type Packet Rates Error Rates Signaling Status (i.e. DCD,DSR,DTR,RTS,CTS)

The following is an example of a "show interface serial0" output: Router#show interface serial 0 Serial0 is up, line protocol is down Hardware is QUICC Serial Internet address is 10.1.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 207603, LMI stat recvd 113715, LMI upd recvd 0, DTE LMI down LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 62856 Last input 1w, output 00:00:08, output hang never Last clearing of "show interface" counters never

Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/64/0 (size/threshold/drops) Conversations 0/1 (active/max active) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1012272 packets input, 91255488 bytes, 0 no buffer Received 916 broadcasts, 0 runts, 0 giants 18519 input errors, 0 CRC, 17796 frame, 0 overrun, 0 ignored, 723 abort 283132 packets output, 13712011 bytes, 0 underruns 0 output errors, 0 collisions, 31317 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

Gems – Hcl Router details as on 01-12-2003

gems_hcl>en gems_hcl#sh int ser0 Serial0 is up, line protocol is up Hardware is PowerQUICC Serial Description: LL link to HCL infinet,Chennai Internet address is 10.194.2.78/30 Backup interface BRI0, failure delay 5 sec, secondary disable delay 5 sec, kickin load not set, kickout load not set MTU 1500 bytes, BW 832 Kbit, DLY 20000 usec, reliability 255/255, txload 75/255, rxload 28/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:03, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/11/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 624 kilobits/sec 5 minute input rate 92000 bits/sec, 44 packets/sec 5 minute output rate 246000 bits/sec, 54 packets/sec 75769 packets input, 27930029 bytes, 0 no buffer Received 290 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 1 frame, 0 overrun, 0 ignored, 0 abort 88311 packets output, 42938899 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets

0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up gems_hcl#sh int bri0 BRI0 is standby mode, line protocol is down Hardware is PQUICC BRI Description: ISDN backup for LL link to HCl Infinet,Chennai Internet address will be negotiated using IPCP MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input never, output never, output hang never Last clearing of "show interface" counters 00:31:27 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 48 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions gems_hcl#sh run Building configuration... Current configuration : 5578 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname gems_hcl ! enable secret 5 $1$GQ0j$VCuBojf50TF1LYaZOBUcc. ! username all memory-size iomem 25 ip subnet-zero no ip domain-lookup ip host delhi 10.65.2.126 ip host mumbai 10.129.2.232 ip host kol 10.76.2.102 ip host pune 10.132.2.32 ip host ahm 10.130.2.34 ip host hyd 10.195.2.74 ip host ban 10.193.2.50 ip host rayala 10.194.2.82

! isdn switch-type basic-net3 ! ! ! interface Loopback0 ip address 10.194.7.121 255.255.255.252 ! interface Tunnel0 description ISDNBACK TUNNEL TO CAMS@HCLROUTER ip address 4.4.4.2 255.255.255.0 tunnel source BRI0 tunnel destination 10.194.2.58 ! interface Tunnel1 description Tunnel from Gems to Mumbai HDFC ip address 100.100.100.1 255.255.255.252 tunnel source Loopback0 tunnel destination 10.129.6.217 ! interface Tunnel2 description tunnel to Chennai HDFC ip address 100.100.100.5 255.255.255.252 tunnel source Loopback0 tunnel destination 10.194.7.97 ! interface Tunnel3 description Tunnel to delhi HDFC ip address 100.100.100.9 255.255.255.252 tunnel source Loopback0 tunnel destination 10.65.7.57 ! interface Tunnel4 description Tunnel to Kolkatta HDFC ip address 100.100.100.13 255.255.255.252 tunnel source Loopback0 tunnel destination 10.76.6.113 ! interface Tunnel5 description Tunnel to Bangalore HDFC ip address 100.100.100.17 255.255.255.252 tunnel source Loopback0 tunnel destination 10.193.7.41 ! interface Tunnel6 description Tunnel from GEMS to Jaipur HDFC ip address 100.100.100.22 255.255.255.252 tunnel source Loopback0 tunnel destination 10.70.3.161 ! interface Tunnel7 description Tunnel to Ahemadabad HDFC ip address 100.100.100.25 255.255.255.252 tunnel source Loopback0 tunnel destination 10.130.4.25

! interface Tunnel8 description ***Tunnel To Surat HDFC*** ip address 100.100.100.29 255.255.255.252 tunnel source Loopback0 tunnel destination 10.131.3.113 ! interface BRI0 description ISDN backup for LL link to HCl Infinet,Chennai ip address negotiated encapsulation ppp dialer idle-timeout 10000 dialer string 28517252 dialer string 28299339 dialer hold-queue 60 dialer load-threshold 10 either dialer-group 1 isdn switch-type basic-net3 ppp chap hostname che1cam1@vpn ppp chap password 7 1047070F00040606090A3E ppp pap sent-username che1cam1@vpn password 7 0945401F1C16031F0E0210 ppp multilink ! interface FastEthernet0 ip address 10.194.4.193 255.255.255.248 secondary ip address 192.168.25.250 255.255.255.0 speed auto ! interface Serial0 description LL link to HCL infinet,Chennai bandwidth 832 backup delay 5 5 backup interface BRI0 ip address 10.194.2.78 255.255.255.252 down-when-looped ! router rip network 10.0.0.0 network 192.168.25.0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.194.2.77 ip route 0.0.0.0 0.0.0.0 BRI0 100 ip route 10.2.5.0 255.255.255.0 Tunnel1 ip route 10.10.0.0 255.255.255.0 Tunnel1 ip route 10.16.0.0 255.255.255.0 Tunnel1 ip route 10.17.2.0 255.255.255.0 Tunnel1 ip route 10.41.1.0 255.255.255.0 Tunnel1 ip route 10.95.1.0 255.255.255.0 Tunnel1 ip route 10.97.6.0 255.255.255.0 Tunnel1 ip route 10.111.0.0 255.255.255.0 Tunnel1 ip route 10.114.14.0 255.255.255.0 Tunnel6 ip route 10.123.8.0 255.255.255.0 Tunnel3 ip route 10.129.6.32 255.255.255.224 10.194.2.77 ip route 10.153.1.0 255.255.255.0 Tunnel1

ip route 10.153.6.0 255.255.255.0 Tunnel1 ip route 10.153.11.0 255.255.255.0 Tunnel4 ip route 10.161.1.0 255.255.255.0 Tunnel1 ip route 10.161.7.0 255.255.255.0 Tunnel1 ip route 10.171.14.0 255.255.255.0 Tunnel7 ip route 10.195.14.0 255.255.255.0 Tunnel8 ip route 10.217.2.0 255.255.255.0 Tunnel1 ip route 10.217.7.0 255.255.255.0 Tunnel5 ip route 132.66.0.0 255.255.0.0 10.194.5.96 permanent ip route 132.81.0.0 255.255.0.0 10.194.5.96 permanent ip route 132.102.0.0 255.255.0.0 10.194.5.96 permanent ip route 132.147.0.0 255.255.0.0 10.194.5.96 permanent ip route 132.205.0.0 255.255.0.0 10.193.5.5 permanent ip route 150.1.0.0 255.255.0.0 Tunnel1 ip route 172.16.0.0 255.255.0.0 Tunnel1 ip route 192.168.0.0 255.255.255.0 10.194.2.77 ip route 192.168.0.0 255.255.255.0 BRI0 50 ip route 192.168.1.0 255.255.255.0 10.194.2.77 ip route 192.168.1.0 255.255.255.0 BRI0 50 ip route 192.168.2.0 255.255.255.0 192.168.25.175 ip route 192.168.4.0 255.255.255.0 3.3.3.1 ip route 192.168.5.0 255.255.255.0 2.2.2.1 ip route 192.168.8.0 255.255.255.0 1.1.1.1 ip route 192.168.35.0 255.255.255.0 10.194.2.77 ip route 192.168.35.0 255.255.255.0 BRI0 50 ip route 200.1.2.0 255.255.255.0 Tunnel1 ip route 200.1.2.7 255.255.255.255 Tunnel1 ip route 200.1.6.0 255.255.255.0 Tunnel1 ip route 200.1.7.0 255.255.255.0 Tunnel1 ip route 200.1.8.0 255.255.255.0 Tunnel1 ip route 200.1.9.0 255.255.255.0 Tunnel1 ip route 200.1.11.0 255.255.255.0 Tunnel1 ip route 200.2.3.0 255.255.255.0 Tunnel1 ip route 200.2.4.0 255.255.255.0 Tunnel1 ip route 200.2.5.0 255.255.255.0 Tunnel1 ip route 200.2.6.0 255.255.255.0 Tunnel1 ip route 200.3.2.0 255.255.255.0 Tunnel2 ip route 200.3.4.0 255.255.255.0 Tunnel1 ip route 200.3.5.0 255.255.255.0 Tunnel1 ip route 200.3.6.0 255.255.255.0 Tunnel1 ip route 202.71.148.162 255.255.255.255 192.168.25.175 ip route 202.71.148.164 255.255.255.255 202.71.148.162 ip route 203.90.70.137 255.255.255.255 BRI0 ip route 203.90.87.134 255.255.255.255 BRI0 no ip http server ! logging trap alerts logging 192.168.2.174 access-list 1 permit any dialer-list 1 protocol ip permit ! line con 0 login line aux 0 line vty 0 4

exec-timeout 3 0 password Gemhcl!@#25250 login ! no scheduler allocate end

Gems - Net4indiaRouter details as on 01-12-2003

User Access Verification Password: camsindia>en Password: camsindia#sh int bri0 BRI0 is standby mode, line protocol is down Hardware is PQUICC BRI Internet address will be negotiated using IPCP MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Last input 00:02:05, output never, output hang never Last clearing of "show interface" counters 00:07:25 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 692 packets input, 5695 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 692 packets output, 5695 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 2 carrier transitions camsindia#sh int ser0 Serial0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 202.71.149.50/30 Backup interface BRI0, failure delay 10 sec, secondary disable delay 5 sec, kickin load not set, kickout load not set MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 3/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/4/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 19000 bits/sec, 5 packets/sec 5 minute output rate 11000 bits/sec, 6 packets/sec 2074 packets input, 954775 bytes, 0 no buffer Received 16 broadcasts, 0 runts, 0 giants, 0 throttles 24762 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 24762 abort 2107 packets output, 461542 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 3 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up camsindia#sh run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname camsindia ! enable secret 5 $1$IpjB$rmQoorXaA8uJN35k2ULZF1 ! username camsindia password 7 1322121F0509107E6D757E6275 username gokulnath password 7 135743405B5B547D username mvk password 7 0023160B0A5E1F5249701A1F ! ! ! ! memory-size iomem 25 ip subnet-zero ip name-server 202.71.144.67 ip name-server 202.71.128.225 ip name-server 202.71.128.33 ip name-server 202.71.136.167 ! isdn switch-type basic-net3 ! ! ! interface Serial0 backup delay 10 5 backup interface BRI0 ip address 202.71.149.50 255.255.255.252 ! interface BRI0 ip address negotiated ip nat outside

encapsulation ppp no ip route-cache dialer idle-timeout 3000 dialer string 52197877 dialer-group 1 isdn switch-type basic-net3 ppp pap sent-username camsisdn password 7 121A041A010509107E28252520 ppp multilink ! interface FastEthernet0 ip address 202.71.148.161 255.255.255.240 ip nat inside speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 202.71.149.49 ip route 0.0.0.0 0.0.0.0 BRI0 ip route 192.168.0.0 255.255.255.0 202.71.148.162 ip route 202.71.148.163 255.255.255.255 202.71.148.162 ip route 202.71.148.164 255.255.255.255 202.71.148.162 ip route 202.71.148.165 255.255.255.255 202.71.148.162 no ip http server ! access-list 1 permit any access-list 101 permit icmp any any access-list 101 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq telnet access-list 101 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq telnet access-list 101 deny ip any host 202.71.149.50 access-list 101 permit ip any any access-list 101 permit tcp host 202.71.148.162 any eq www access-list 101 permit tcp any any access-list 102 permit tcp 202.71.149.0 0.0.0.255 host 202.71.149.50 eq telnet access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 202.71.149.50 eq telnet access-list 105 permit icmp any any access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq smtp access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq pop3 access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq www access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq domain access-list 105 permit tcp 192.168.0.0 0.0.224.255 any eq 443 access-list 105 permit udp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 1604 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 1494 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 192.168.25.100 eq 8080 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 256 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 900 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 259 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 18208 access-list 105 permit tcp 192.168.0.0 0.0.224.255 host 202.71.148.162 eq 18181 access-list 110 deny icmp any host 202.71.148.163 echo-reply access-list 110 deny icmp any host 202.71.148.162 echo-reply access-list 110 permit ip any any access-list 130 deny ip 10.0.0.0 0.255.255.255 any access-list 130 deny ip 172.16.0.0 0.15.255.255 any access-list 130 deny ip 192.168.0.0 0.0.255.255 any access-list 130 deny udp any host 202.71.148.162 eq 18264 access-list 130 deny tcp any host 202.71.148.162 eq 18264

access-list 130 permit tcp any host 202.71.148.162 eq domain access-list 130 permit udp any host 202.71.148.162 eq domain access-list 130 permit tcp any host 202.71.148.162 eq 18208 access-list 130 permit tcp any host 202.71.148.162 eq 18181 access-list 130 permit udp any host 202.71.148.162 eq 18208 access-list 130 permit udp any host 202.71.148.162 eq 18181 access-list 130 permit udp any host 202.71.148.162 eq 18234 access-list 130 permit udp any host 202.71.148.162 eq 18233 access-list 130 permit tcp any host 202.71.148.162 eq 18234 access-list 130 permit tcp any host 202.71.148.162 eq 18233 access-list 130 permit tcp any host 202.71.148.162 eq 18211 access-list 130 permit tcp any host 202.71.148.162 eq 18191 access-list 130 permit udp any host 202.71.148.162 eq 18211 access-list 130 permit udp any host 202.71.148.162 eq 18191 access-list 130 permit tcp any host 202.71.148.162 eq 500 access-list 130 permit tcp any host 202.71.148.162 eq 256 access-list 130 permit tcp any host 202.71.148.162 eq 900 access-list 130 permit tcp any host 202.71.148.162 eq 259 access-list 130 permit tcp any host 202.71.148.162 eq 257 access-list 130 permit tcp any host 202.71.148.162 eq 258 access-list 130 permit tcp any host 202.71.148.162 eq 1494 access-list 130 permit tcp any host 202.71.148.162 eq 9999 access-list 130 permit udp any host 202.71.148.162 eq 1604 access-list 130 permit tcp any host 202.71.148.162 eq 264 access-list 130 permit tcp any host 202.71.148.162 eq 265 access-list 130 permit tcp any host 202.71.148.162 eq 18231 access-list 130 permit udp any host 202.71.148.162 eq isakmp access-list 130 permit udp any host 202.71.148.162 eq 259 access-list 130 permit tcp any host 202.71.148.162 eq 18263 access-list 130 permit tcp any host 202.71.148.162 eq 18262 access-list 130 permit udp any host 202.71.148.162 eq 18263 access-list 130 permit udp any host 202.71.148.162 eq 18262 access-list 130 permit tcp any host 202.71.148.162 eq smtp access-list 130 permit tcp any host 202.71.148.163 eq smtp access-list 130 permit tcp any host 202.71.148.162 eq pop3 access-list 130 permit tcp any host 202.71.148.162 eq www access-list 130 permit tcp any host 202.71.148.162 eq 443 access-list 130 permit tcp any host 202.71.148.163 eq 443 access-list 130 permit tcp any host 202.71.148.162 eq 8443 access-list 130 permit tcp any host 202.71.148.163 eq 8443 access-list 130 permit icmp any any access-list 130 permit ip any any access-list 150 deny tcp any host 202.71.148.162 eq 165 access-list 150 permit tcp any any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 3 0 transport input none line aux 0 line vty 0 4 exec-timeout 3 0 password 7 1322121F0509107E6A046B626373 login !

end