Cisco Documentation CD and Training books.
7. Application Layer
6. Presentation layer Implementations are not typically associated with a particular protocol stack. Some well known standards follow: Data: ASCII, EBCDIC, Encryption Visual Imaging: PICT, TIFF, GIF, JPEG Video: MIDI, MPEG, Quick Time 5. Session Layer establishes, manages, and terminates communication sessions between presentation layer entities. Communication sessions consist of service requests and service responses that occur between applications located in different network devices. These requests and responses are coordinated by protocols implemented at the session layer. Some examples of session layerimplementations follow: Apple ZIP, DEC SCP, NFS, SQL, RPC, X Windows, ASP.
4. Transport This layer segments and reassembles data into a data stream. It implements reliable internetwork data transport services that are transparent to upper layers. Transport layer functions typically include the following:
Flow control Flow control manages data transmission between devices so that the transmitting device does not send more data than the receiving device can process.
Multiplexing Multiplexing allows data from several applications to be transmitted onto a single physical link.
Virtual circuit management Virtual circuits are established, maintained, and terminated by the transport layer.
Error checking and recovery Error checking involves various mechanisms for detecting transmission errors. Error recovery involves taking an action (such as requesting that data be retransmitted) to resolve any errors that occur. Some examples of transport layer implementations follow: Transmission Control Protocol (TCP), Name Binding Protocol (NBP), OSI transport protocols.
3. Network This layer provides routing and related functions that allow multiple data links to be combined into an internetwork, and determines the best way to move to data from one place to another. (It manages device addressing and tracks the location of devices on the network.) This is accomplished by the logical addressing (as opposed to the physical addressing) of devices. The network layer supports both connection-oriented and connectionless service from higher-layer protocols. The router operates at this layer.
2. Data Link provides reliable transit of data across a physical network link. Different data link layer specifications define different network and protocol characteristics, including the following: Physical addressing Physical addressing (as opposed to network addressing) defines how devices are addressed at the data link layer. Network topology Data link layer specifications often define how devices are to be physically connected (such as in a bus or a ring topology). Error notification Error notification involves alerting upper layer protocols that a transmission error has occurred. Sequencing of frames Sequencing of data frames involves the reordering of frames that are transmitted out of sequence. Flow control Flow control involves moderating the transmission of data so that the receiving device is not overwhelmed with more traffic than it can handle at one time. The Institute of Electrical and Electronics Engineers (IEEE) has subdivided the data link layer into two sub layers: Logical Link Control (LLC) and Media Access Control (MAC). The LLC sublayer (defined in the IEEE 802.2 specification) manages communications between devices over a single link of a network. The MAC sublayer manages protocol access to the physical network medium.
1. Physical This layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between communicating network systems. Physical layer specifications define such characteristics as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, and the physical connectors to be used.
Describe connection-oriented network service and connectionless network service, and identify the key differences between them. Connection-oriented data handling involves using a specific path that is established for the duration of a connection. Connectionless data handling involves passing data through a permanently established connection. Connection-oriented service involves three phases: Connection establishment During the connection establishment phase, a single path between the source and destination systems is determined. Network resources are typically reserved at this time to ensure a consistent grade of service (such as a guaranteed throughput rate). Data transfer -- During the data transfer phase, data is transmitted sequentially over the path that has been established. Data always arrives at the destination system in the order in which it was sent. Connection termination During the connection termination phase, an established connection that is no longer needed is terminated. Further communication between the source and destination systems requires that a new connection be established. Connection-oriented service has two significant disadvantages as compared to connectionless network service: Static path selection Because all traffic must travel along the same static path, a failure anywhere along that path causes the connection to fail. Static reservation of network resources A guaranteed rate of throughput requires the commitment of resources that cannot be shared by other network users. Unless full, uninterrupted throughput is required for the communication, bandwidth is not used efficiently. Connection-oriented services are useful for transmitting data from applications that are intolerant of delays and packet re-sequencing. Voice and video applications are typically based on connection-oriented services. Connectionless network service does not predetermine the path from the source to the destination system, nor are packet sequencing, data throughput, and other network resources guaranteed. Each packet must be completely addressed because different paths through the network might be selected for different packets, based on a variety of influences. Each packet is transmitted independently by the source system and is handled independently by intermediate network devices. Connectionless service, however, offers two important advantages over connection-oriented service: dynamic-path selection and dynamic-bandwidth allocation. Dynamic-path selection enables traffic to be routed around network failures because paths are selected on a packet-by-packet basis. Dynamic-bandwidth allocation, bandwidth is used more efficiently because network resources are not allocated a bandwidth that they will not use. Connectionless services are useful for transmitting data from applications that can tolerate some delay and resequencing. Data-based applications typically are based on connectionless service.
Describe data link addresses and networkaddresses, and identify the key differences between them. A data link layer Address uniquely identifies each physical network connection of a network device. Data link addresses are sometimes referred to as physical or hardware addresses. Data link addresses usually exist within a flat address space and have a pre-established and typically fixed relationship to a specific device. End systems typically have only one physical network connection, and thus have only one data link address. Routers and other internetworking devices typically have multiple physical network connections. They therefore have multiple data link addresses. A network-layer address identifies an entity at the network layer of the OSI layers. Network addresses usually exist within a hierarchical address space and sometimes are called virtual or logical addresses. The relationship between a network address and a device is logical and unfixed; it typically is based either on physical network characteristics (the device is on a particular network segment) or on groupings that have no physical basis (the device is part of an Apple Talk zone). End systems require one network-layer address for each network-layer protocol they support. (This assumes that the device has only one physical network connection.) Routers and other internetwork devices require one network-layer address per physical network connection for each network-layer protocol supported. A router, for example, with three interfaces each running Apple Talk, TCP/IP, and OSI must have three network-layer addresses for each interface. The router therefore has nine network-layer addresses.
Identify at least 3 reasons why the industry uses a layered model. Reduces complexity Divide the interrelated aspects of network operation into less complex elements. Standardizes interfaces Define standard interfaces for "plug-and-play" compatibility and multi vendor integration. Facilitates module re engineering Enable engineers to specialize design and development efforts on modular functions. Ensures inter operable technology Promote symmetry in the different internetwork modular functions so they inter operate. Accelerates evolution Prevent changes in one area from impacting other areas, so each are can evolve more quickly. Simplifies teaching and learning Divide the complexity of internetworking into discrete, more easily learned operation subsets.
Define and explain the 5 conversion steps of data encapsulation. User information is converted to Data. Data As an user sends an email message, the messages alphanumeric characters are converted to use the internetwork. This is the data. Data is converted to Segments Segment One change packages the message "data" for the internetwork transport subsystem. By using segments, the transport function ensures that the message hosts at both ends of the email system can reliably communicate. Segments are converted to Packets Packet The next change prepares the data by putting the data into a packet or datagram that contains a network header with source and destination logical addresses. These addresses help network devices send the packets across the network alone a chosen path. Packets are converted to Frames
Frame Each network devices must put the packet into a frame so it can communicate over its interface to the network. The frame allows connection to the net directly connected network device on the link. Each device in the chosen network path requires framing to connect to the next device. Frames are converted to Bits Bits The frame must be converted into a pattern of 1s and 0s for transmission on the medium ( usually a wire ). Some clocking function enables the devices to distinguish these bits as they traverse the medium. Define flow control and describe the three basic methods used in networking. Flow control It's a function that prevents network congestion by ensuring that transmitting devices do not overwhelm receiving devices with data. The three commonly used methods for handling network congestion are buffering, transmitting source-quench messages, and windowing. Buffering Buffering is used by network devices to temporarily store bursts of excess data in memory until they can be processed. Occasional data bursts are easily handled by buffering. However, excess data bursts can exhaust memory, forcing the device to discard any additional datagrams that arrive. Source quench messages Source quench messages are used by receiving devices to help prevent their buffers from overflowing. The receiving device sends source quench messages to request that the source reduce I ts current rate of data transmission, as follows: 1. The receiving device begins discarding received data due to overflowing buffers. 2. The receiving device begins sending source quench messages to the transmitting device, at the rate of one message for each packet dropped. 3. The source device receives the source quench messages and lowers the data rate until it stops receiving the messages. 4. The source device then gradually increases the data rate as long as no further source quench requests are received.
1. 2. 3. 4.
Windowing Windowing is a flow-control scheme in which the source device requires an acknowledgement from the destination after a certain number of packets have been transmitted. With a window size of three, the source requires an acknowledgment after sending three packets, as follows: The source device sends three packets to the destination device. After receiving the three packets, the destination device sends an acknowledgment to the source. The source receives the acknowledgment and sends three more packets. If the destinationdoes not receive one or more of the packets for some reason (such as overflowing buffers), it does not receive enough packets to send an acknowledgment. The source, not receiving an acknowledgment, retransmits the packets at a reduced transmission rate.
List the key internetwork functions of the OSINetwork layer and how they are performed in a router. The network layer provides routing and related functions that enable multiple data links to be combined into an internetwork. It selects the best path through an internetwork, establishes network addresses, and communicates paths. This is accomplished by the logical addressing (as opposed to the physical addressing) of devices. The network layer supports both connection-oriented and connectionless service from higher-layer protocols. Network-layer protocols typically are routing protocols, but other types of protocols are implemented at the network layer as well. Routers use a routing protocol between routers, use a routed protocol to carry user packets, set up and maintain routing tables, discover networks, adapt to internetwork topology changes, use a two part address, and contains broadcasts.
WAN Protocols Differentiate between the following WAN services: Frame Relay,ISDN/LAPD, HDLC, & PPP. Frame Relay
Industry-standard, switched data link layer protocol that handles multiple virtual circuits using HDLC encapsulation between connected devices. Frame Relay is more efficient than X.25, the protocol for which it is generally considered a replacement. ISDN
Integrated Services Digital Network. Communication protocol, offered by telephone companies, that permits telephone networks to carry data, voice, and other source traffic. HDLC
High-Level Data Link Control. Bit-oriented synchronous data link layer protocol developed by ISO. Derived from SDLC, HDLC specifies a data encapsulation method on synchronous serial links using frame characters and checksums. PPP
Point-to-Point Protocol. A successor to SLIP, PPP provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. A point-to-point link provides a single, pre established WAN communications path from the customer premises through a carrier network, such as a telephone company, to a remote network. HDLC, & PPP Circuit switching is a WAN switching method in which a dedicated physical circuit is established, maintained, and terminated through a carrier network for each communication session. ISDN/LAPD Packet switching is a WAN switching method in which network devices share a single point-to-point link to transport packets from a source to a destination across a carrier network. Frame Relay Recognize key Frame Relay terms and features. Frame Relay is a CCITT & ANSI standard for sending data over a public data network. It is a next-generation protocol to X.25 and is a connectionoriented data-link technology. It relies on upper-layer protocols for error correction and today's more dependable fiber and digital networks. Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Variable-length packets are used for more efficient
and flexible transfers. The advantage of this technique is that it accommodates more flexibility and more efficient use of bandwidth. Frame Relay provides connection-oriented data link layer communication. (This means that a defined communication exists between each pair of devices and that these connections are associated with a connection identifier.) This service is implemented by using a Frame Relay virtual circuit, which is a logical connection created between two data terminal equipment (DTE) devices across a Frame Relay packet-switched network (PSN). Virtual circuits provide a bi-directional communications path from one DTE device to another and are uniquely identified by a data-link connection identifier (DLCI). A number of virtual circuits can be multiplexed into a single physical circuit for transmission across the network. This capability often can reduce the equipment and network complexity required to connect multiple DTE devices. Frame Relay virtual circuits fall into two categories: switched virtual circuits (SVCs) and permanent virtual circuits (PVCs). Some terms frequently when discussing Frame Relay follow: Local access rate. The clock speed (port speed) of the connection (local loop) to the Frame Relay cloud. It is the rate at which data travels into or out of the network, regardless of other settings. Data-link connection identifier (DLCI) A number that identifies the logical circuit between the CPE/DTE and the Frame Relay switch. The FR switch maps the DLCIs between each pair of routers to create a PVC. DLCIs have local significance in that the identifier references the point between the local router and the Frame Relay switch to which it is connected. Local Management Interface (LMI) A signaling standard between the CPE device and the Frame Relay switch that is responsible for managing the connection and maintaining status between the devices. LMIs include support for a keepalive mechanism, which verifies that data is flowing; a multicast mechanism, which provides the network server with it's local DLCI; the multicast addressing, which gives DLCIs global rather than local significance in Frame Relay networks; and a status mechanism, which provides an ongoing status on the DLCIs known to the switch. The following types of LMIs are supported by Cisco routers (IOS 11.2 or later):
cisco LMI type define jointly bye Cisco, Northern Telecom, StrataCom and DEC
ansi Annex D defined by ANSI standard T1.617
q933a Annex A ITU-T Q.933 Frame Relay Terminology Committed information rate (CIR) - the average rate (bps) that the Frame Relay switch agrees to transfer data. Committed burst - the maximum number of bits that the switch agrees to transfer during any Committed Rate Measurement Interval. Excess burst - the maximum number of uncommitted bits that the FR switch will attempt to transfer beyond the CIR (typically limited to the port speed of the local access loop.
Backward explicit congestion notification (BECN) - when a FR switch recognizes congestion in the network, It sends a BECN packet to the source router instructing it to reduce its packet sending rate. Forward explicit congestion notification (FECN) - when a FR switch recognizes congestion in the network, It sends a FECN packet to the destination device indicating that congestion has occurred. Discard eligibility (DE) indicator -when the router detects network congestion, the FR switch will drop packets with the DE bit set first. The DE bit is set on the oversubscribed traffic; that is the traffic that was received after the CIR was met. List commands to configure Frame Relay LMIs, maps, and subinterfaces. router(config-if)#encapsulation frame-relay [ cisco | ietf ] (cisco is the default) router(config-if)# frame-relay lmi-type [ ansi | cisco | q933i ] (autosensed 11.2 and up) router(config-if)# bandwidth kilobits (configur bandwidth for the link, default is T1) router(config-if)# frame-relay inverse-arp [ protocol ] [dlci ] (enabled by default) router(config-if)# ip bandwidth-percent eigrp as-number percent (total bandwidth EIGRP can use) router(config-if)# keepalive number ( increase/decrease keepalive interval, default is 10 secs.) router(config-if)# frame-relay local-dlci number (to specify DLCI for local interface) router(config-if)# frame-relay map protocol protocol-address dlci [broadcast ] [ ietf | cisco ] payload-compress packet-by-packet (Cisco compression) (broadcast - forward broadcasts to this address when multicast is not enabled) router(config-if)# interface serial number . Subinterface-number [multipoint | point-to-point ] (multipoint - forwards broadcasts and routing updates, for routing IP when all routers are in same subnet) (point-to-point -no broadcasts or updates, each router is in its own subnet) router(config-if)#ip unnumbered interface (point-to-point IP sub-interface) router(config-if)#frame-relay interface-dlci dlci-number (local DLCI number being linked to sub-interface) The following is a partial config example: interface Serial 0 encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial 0.1 point-to-point ip address 192.168.155.1 255.255.255.252 frame-relay interface-dlci 123 interface Serial 0 encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial 0.1 point-to-point ip address 192.168.155.2 255.255.255.252 frame-relay interface-dlci 124
List commands to monitor Frame Relay operation in the router. To monitor Frame Relay connections, perform any of the following tasks in EXEC mode: Task Command Clear dynamically created Frame Relay maps, which are created by the use of Inverse ARP. #clear frame-relay-inarp Display information about Frame Relay DLCIs and the LMI.show interfaces type number Display LMI statistics. #show frame-relay lmi [type number] Display the current Frame Relay map entries. #show frame-relay map Display PVC statistics. #show frame-relay pvc [type number[dlci]] Display configured static routes. #show frame-relay route Display Frame Relay traffic statistics. #show frame-relay traffic Display information about the status of LAPF. #show frame-relay lapf Display all the SVCs under a specified map list. #show frame-relay svc maplist Identify PPP operations to encapsulate WAN data on Cisco routers. The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for transporting IP traffic over point-to-point links. PPP also established a standard for the assignment and management of IP addresses, asynchronous (start/stop) and bit-oriented synchronous encapsulation, network protocol multiplexing, link configuration, link quality testing, error detection, and option negotiation for such capabilities as network-layer address negotiation and data-compression negotiation. PPP supports these functions by providing an extensible Link Control Protocol (LCP) and a family of Network Control Protocols (NCPs) to negotiate optional configuration parameters and facilities. In addition to IP, PPP supports other protocols, including Novell's Internetwork Packet Exchange (IPX) and DECnet. PPP provides a method for transmitting datagrams over serial point-to-point links. PPP contains three main components: A method for encapsulating datagrams over serial links PPP uses the High-Level Data Link Control (HDLC) protocol as a basis for encapsulating datagrams over point-to-point links. (See "Synchronous Data Link Control and Derivatives," for more information on HDLC.) An extensible LCP to establish, configure, and test the data-link connection. A family of NCPs for establishing and configuring different network-layer protocols---PPP is designed to allow the simultaneous use of multiple network-layer protocols. The following is a commonprocedure to configure PPP in your Cisco routers: Router(config)# username name password secret (name=host name of remote router Secret=identical on both routers) Router(config-if)# encapsulation ppp Router(config-if)# ppp authentication [chap | pap ] (pap is clear text) Router(config-if)# ppp pap sent-username username password password (for router responding to pap request, 11.1 and up) Router(config-if)# ppp chap hostname hostname (for same host name on multiple routers)
Router(config-if)# ppp chap password secret (to send to hosts that want to authenticate the router) State a relevant use and context for ISDN networking. The goal is of support applications requiring high speed voice, video, and data communications. Digital service with fast connection setup and higher bandwidth than traditional modems. Integrated Services Digital Network (ISDN) is comprised of digital telephony and data-transport services offered by regional telephone carriers. ISDN involves the digitalization of the telephone network, which permits voice, data, text, graphics, music, video, and other source material to be transmitted over existing telephone. The emergence of ISDN represents an effort to standardize subscriber services, user/network interfaces, and network and internetwork capabilities. ISDN applications include high-speed image applications (such as Group IV facsimile), additional telephone lines in homes to serve the telecommuting industry, high-speed file transfer, and video conferencing. Voice service is also an application for ISDN. ISDN components include terminals,terminal adapters (TAs), network-termination devices, line-termination equipment, and exchange-termination equipment. Identify ISDN protocols,function groups, reference points, and channels. ITU-T groups and organizes the ISDN protocols according to general topic areas. Protocols that begin with "E" recommend telephone network standards for ISDN. For example, The E.164 protocol describes international adressing for ISDN. Protocols that beginwith "I" Deal with concepts, terminology, and general methods. The I.100 series includes general ISDN concepts and the structure of other I-series recommendations; I.200 deals with service aspects of ISDN; I.300 describes network aspects; I.400 describes how the User-Network Interface (UNI) is provided. Protocols beginning with "Q" cover how switching and signaling should operate. The term signaling in this context means the process of call set used. Q.921 describes the ISDN data-link processes of LAPD, which functions like Layer 2 processes in the ISO/OSI reference model. Q.931 specifies ISO/OSI reference model Layer 3 functions. To access ISDN, you must provide functions and reference points that comply with ISDN service provider standards. By using these functions and reference points, you can improve communication with vendors and service providers while you engineer, install, and support your ISDN facilities: Functions Device types or hardware functions that represent transition points between the reference-point interfaces. Reference points CCITT has defined the ISDN local loop characterized by different interfaces. The standards call the key reference points R, S, T, U,and V. R--The reference point between non-ISDN equipment and a TA. S--The reference point between user terminals and the NT2. T--The reference point between NT1 and NT2 devices. U--The reference point between NT1 devices and line-termination equipment in the carrier network. The U reference point is relevant only in North America, where the NT1 function is not provided by the carrier network. This Figure illustrates a sample ISDN configuration and shows three devices attached to an ISDN switch at the central office. Two of these devices are ISDN-compatible, so they can be attached through an S reference point to NT2 devices. The third device (a standard, non-ISDN telephone)
attaches through the reference point to a TA. Any of these devices also could attach to an NT1/2 device, which would replace both the NT1 and the NT2. In addition, although they are not shown, similar user stations are attached to the far right ISDN switch. Describe Cisco's implementation of ISDN BRI. Two 64 Kbps B channels and one 16 Kbps D channel. Accessing ISDN with a Cisco router means that you will need to purchase either a Network Termination 1 (NT1) or an ISDN modem. If your router has a BRI interface, you're ready to rock. Otherwise, you can use one of your router's serial interfaces if you can get a hold of a TA. A router with a BRI interface is call a TE1, and one that requires a TA is called a TE2. ISDN supports virtually every upper-layer network protocol (IP, IPX, and AppleTalk), and you can choose PPP, HDLC, or LAPD as your encapsulation protocol.
IOS Cisco routers using remote access. Cisco IOS software provides a command interpreter called EXEC. EXEC interprets the commands you type and carries out the corresponding operations. You must log in to the router before you can enter an EXEC command. For security purposes, the EXEC has two levels of access to commands: user mode and privileged mode. User Mode Typical tasks include those that check the router status.( The prompt is:Router> ) Privileged mode Typical tasks include those that change the router configuration.( The prompt is:Router# ) Use the context-sensitive help facility. Typing a quesion mark (?) at the user mode prompt or the privileged mode prompt displays a handy list of commonly used commands. With the context-sensitive help, you can do the following: Last command recall
Command prompting Syntax checking The caret symbol (^) and help response indicate and error. It appears at the point in the command string where you have entered and in correct command, keyword, orargument. The error location indicator and interactive help system allow you to find and correct syntax error easily. Use the command history and editing features. The user interface includes and enhanced editing mode that provides a set of editing key functions. ; Move to the beginning of the command line. <E>; Move to the end of the command line. <Esc>; Move back one word. ; Move forward one character. ; Move back one character. <Esc>; Move forward one word. or UP arrow; Last (previous) command recall or DOWN arrow; More recent command recall Router> show history; Show command buffer Router> terminal history size number-of-lines; Set command buffer size Router> no terminal editing; Disable advanced editing features Router> terminal editing; Re enable advanced editing ; Entry completion
Examine router elements (RAM, ROM, CDP, show). ROM -Read Only, Hard Wired, Boot Strap, IOS, ROM Monitor RAM - IOS & Running Configuration (Main Memory) NVRAM - Startup Config --Saved via battery (10 yr Life Span) Flash - IOS (PCMCIA Cards or SIMMs) Shared RAM - Packet Buffering(Not all platforms) The Cisco Discovery Protocol (CDP) is a media- and protocol-independent protocol that runs on all Cisco-manufactured equipment including routers, bridges, access servers and switches. CDP runs on all media that supports Subnetwork Access Protocol (SNAP) including local area network, Frame Relay and ATM media. CDP runs over the data link layer only. Specify the frequency of transmission of CDP updates. show version --- Displays the configuration of the system hardware, the software version, the names and sources of configuration files, and boot images. show mem --- Shows statistics about the router's memory, including memory free pool statistics. show cdp [interface | neighbors | entry device-name] --- Shows CDP statistics. show protocols --- Displays the protocols configured on the router. Manage configuration files from the privileged exec mode. show startup-config --- To view the configuration in NVRAM (show config = pre10.3) show running-config ---To view the current running configuration (write term = pre 10.3) show version--- Displays the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images. show processes--- Displays information about the active processes. show protocols ---Displays the configured protocols and status of any configured Layer 3 protocol. show mem --- Shows statistics about the router's memory, including memory free pool statistics. show ip route --- Displays the entries in the routing table. show flash ---Shows information about the Flash memory device. show interfaces--- Displays statistics for all interfaces configured on the router. Control router passwords, identification, and banner. Cisco routers have two levels of passwords that can be applied; user and privileged EXEC. The user EXEC Passwords are applied to the console, auxiliary and virtual terminal lines of the Cisco router. Password authentication can be either on the line, through a local username definition or a TACACS, extended TACACS, TACACS+ or RADIUS server. To enter privileged EXEC mode, use the enable command. By default, the password will be compared against the password entered with the enable secret global command. You can secure your system by using passwords to restrict access. Passwords can be established both on individual lines and in the privileged EXEC mode. line console 0 --- Establishes a password on the console terminal. line vty 0 4 --- Establishes password protection on incoming Telnet sessions. enable password --- Restricts access to the privileged EXEC mode.
enable secret --- Restricts access to the privileged EXEC mode, it uses a Cisco-proprietary encryption process to alter the password string. Sets local identity or message for the accessed router or interface. Router Name --- You can name the router in global configuration mode. Router(config)# hostname Gotop Gotop# Login Banner --- You can configure a message-of-the-day banner to be displayed on all connected terminals. Gotop# banner motd # Welcome to Gotop Systems # Interface Description --- You can set a description for each interface for later reminds. Gotop(config)# interface ethernet 0 Gotop(config-if)# description Engineering LAN, Zone 3. Identify the main Cisco IOS commands for router startup. Gotop# show startup-config Gotop# show running-config Gotop# erase startup-config Gotop# reload Gotop#setup Enter an initial configuration using the setup command. One routine for inital configuration is the setup mode. The primary purpose of the setup mode is to rapidly bring up a minimal-feature configuration for any router that cannot find it's configuration form some other source. Setup Global Parameters Setup Interface Parameters To enter the setup command facility, enter 'setup? in privileged EXEC mode: When you enter the setup command facility after first-time startup, an interactive dialog called the System Configuration Dialog appears on the system console screen. The System Configuration Dialog guides you through the configuration process. It prompts you first for global parameters and then for interface parameters. The values shown in brackets next to each prompt are the default values last set using either the setup command facility or the configure command. The prompts and the order in which they appear on the screen vary depending on the platform and theinterfaces installed in the device. You must run through the entire System Configuration Dialog until you come to the item that you intend to change. To accept default settings for items that you do not want to change, press the Return key. To return to the privileged EXEC prompt without making changes and without running through the entire System Configuration Dialog, press Ctrl-C. When you complete your changes, the setup command facility shows you the configuration command script that was created during the setup session. It also asks you if you want to use this configuration. If you answer Yes, the configuration is saved to NVRAM. If you answer No, the configuration is not saved and the process begins again. There is no default for this prompt; you must answer either Yes or No. Router# setup--- System Configuration Dialog At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Continue with configuration dialog? [yes]: First, would you like to see the current interface summary? [yes]: Interface IP-Address OK? Method Status Protocol Ethernet0 172.16.72.2 YES manual up up
Serial0 unassigned YES not set administratively down down Serial1 172.16.72.2 YES not set up up Configuring global parameters: Enter host name [Router]: The enable secret is a one-way cryptographic secret used instead of the enable password when it exists. Enter enable secret []: The enable password is used when thereis no enable secret and when using older software and some boot images. Enter enable password [ww]: Enter virtual terminal password [ww]: Configure SNMP Network Management? [yes]: Community string [public]: Configure IP? [yes]: Configure IGRP routing? [yes]: Your IGRP autonomous system number [15]: Configuring interface Ethernet0: Is this interface in use? [yes]: Configure IP on this interface? [yes]: IP address for this interface [172.16.72.2]: Number of bits in subnet field [8]: Class B network is 172.16.0.0, 8 subnet bits; mask is /24 Copy and manipulate configuration files. copy running-config tftp --- Store the current configuation in RAM on a network TFTP server. erase startup-config --- Erase the contents of NVRAM. copy running-config startup-config --- Store the cunrrent configuration in RAM into NVRAM. List the commands to load Cisco IOS software from: flash memory, a TFTP server, or ROM. To configure a router to automatically boot an image in Flash memory, perform the following tasks: Step 1 Enter configuration mode from the terminal configure terminal Step 2 Enter the filename of an image stored in Flash memory boot system flash [filename] boot system flash slot0:[filename] boot system flash slot1:[filename] boot system flash bootflash:[filename] Step 3 Set the configuration register to enable loading image from Flash memory (generally 0x2102) config-register value Step 4 Save configuration file copy running-config startup-config To configure a router to load a system image from a network server using TFTP, rcp or MOP: Step 1 Enter configuration mode form the terminal configure terminal Step 2 Specify the system image to be booted from a network server using rcp, TFTP or MOP. Boot system [rcp | tftp] filename [ip address] boot system mop filename[mac-address] [int] Step 3 Set the configuration register to enable loading image from a network server (generally 0x010F) config-register value Step 4 Save configuration file copy running-config startup-config To specify the use of the ROM system image as a backup to other boot instructions in the configuration file:
Step 1 Enter configuration mode form the terminal configure terminal Step 2 Enter the filename of an image stored in Flash memory boot system rom Step 3 Set the configuration register to enable loading image from ROM (generally 0x0101) config-register value Step 4 Save configuration file copy running-config startup-config The following is a sample configure procedure: Router# configure terminal Router(config)# boot system flash IOS_filename Router(config)# boot system tftp IOS_filename tftp_address Router(config)# boot system rom [Ctrl-Z] Router#copy running-config startup-config A) B) C) D) E) F) G)
Prepare to backup, upgrade, and load a backup Cisco IOS software image. Check to make sure you have access to the network backup server. Verify that the server has sufficient room to accommodate the Cisco IOS software image. Check the filename requirements and file space of the network server. Verify Aviliable memory in your router, which including RAM/DRAM and Flash. Use copy flash tftp command to backup the current Cisco IOS software image. Use copy tftp flash command to upgrade and load a backup image in to Cisco router. ! = 1 UDP serment has successfully transferred.
Prepare the initial configuration of your router and enable IP. (config)#interface Ethernet 0 (config)#no shutdown (config)#description (config)#connected to Public_LAN (config)#ip address 202.103.35.6 255.255.255.248 (config)#ip (config)#access-group 101 in (config)#keepalive 10
Network Protocols Monitor Novell IPX operation on the router. Once you have IPX configured and running, you can monitor and troubleshooting it using the following commands: show ipx interface --- IPX status and parameters. show ipx route --- Routing table contents. show ipx servers--- IPX server list. show ipx traffic ---Number and type of packets. debug ipx routing activity --- Information about RIP update packets. debug ipx sap --- Information about SAP update packets. Describe the two parts of network addressing, then identify the parts in specific protocol address examples. Novell IPX addressing uses a two-part address, the network number and the node number: 32 bits for the network number and 48 bits for the node number. The node number contains the MAC address of an interface. For example, an IPX address can be written in several formats. Most often, they're written in hex, such as 00007C80.0000.8609.33E0. The first eight hex digits (00007C80) represent the network
portion of the address; the remaining 12 hex digits (0000.8609.33E9) represent the node portion and are the MAC address of the workstation.
Configure IP addresses. Use command ip address ip-address subnet-mask to configure IP address. Router(config-if)# ip address ip-address subnet-mask (assigns address & subnet mask, starts IP processing on an interface) Router# term ip netmask-format {bitcount | decimal | hexadecimal } (sets format of network mask for current session. Defaults back to bit count.) Router(config-if)# ip netmask-format {bitcount | decimal | hexadecimal } (sets format of network mask for a specific line) Verify IP addresses. Telnet - verifies application-layer software between source and destination stations. Ping - uses ICMP to verify hardware connection and logical address of network layer. Trace - uses TTL values to generate messages from each router used along the path. List the required IPX address and encapsulation type. Interface
TypeEncapsulation
IPX Frame Type
Ethernetnovell-ether (default) sap Token Ringsap FDDIsnap (default)Fddi_Snap
Ethernet_802.3 Ethernet_802.2 (default)Token-Ring sap Fddi_802.2
arpaEthernet_II snapEthernet_Snap snapToken-Ring_Sna
Novell NetWare IPX supports multiple encapsulation schemes on a single router interface, provided that multiple network numbers are assigned. Encapsulation is the process of packaging upper-layer protocol information and data into a frame. NetWare supports the following four encapsulation schemes: Novell Proprietary---Also called "802.3 raw" or Novell Ethernet_802.3, Novell proprietary serves as the initial encapsulation scheme Novell uses. It includes an Institute of Electrical and Electronic Engineers (IEEE) 802.3 Length field but not an IEEE 802.2 (LLC) header. The IPX header immediately follows the 802.3 Length field. 802.3---Also called Novell_802.2, 802.3 is the standard IEEE 802.3 frame format. Ethernet Version 2---Also called Ethernet-II or ARPA, Ethernet Version 2 includes the standard Ethernet Version 2 header, which consists of Destination and Source Address fields followed by an EtherType field. SNAP---Also called Ethernet_SNAP, SNAP extends the IEEE 802.2 header by providing a type code similar to that defined in the Ethernet Version 2 specification. Enable the Novell IPX protocol and configure interfaces. Configuration of Novell IPX as a routing protocol involves both global and interface parameters. Start the IPX routing process Enable load sharing, if appropriate for your network. Load sharing is the
division of routing tasks evenly among multiple routers to balance the work and improve network performace. Interface tasks: Assign unique network numbers to each interface. Multiple network numbers can be assigned to an interface, allowing support of different encapsulation types. Set the optionalencapsulation type, if it is different from the default. For example: ipx routing ipx maximum-paths 2 interface ethernet 0 ipx network 9e encapsulation novell-ether ipx network 6c encapsulation sap secondary interface ethernet 1 ipx network 1a encapsulation sap interface serial 0 ipx network 4a Identify the functions of the TCP/IP transport-layer protocols. TCP/IP was developed by the Department of Defense (DOD) as a protocol to ensure data intergrity and preserve it as well as maintain communications in the event of catastrophic war. If designed and implemented correctly, a TCP/IP network can be a very dependable and resilient one. It uses the DOD model, a four layers model, instead of the OSI, the seven layers model. Process/Application Layer--->Application/Presentation/Session Host-to-Host Layer--->Transport Internet Layer--->Network Network Access Layer--->Data Link/Physical The Host-to-Host Layer's main purpose is to shield the upper-layer applications from the complexities of the network. The TCP provides reliable transmission of data in an IP environment. TCP corresponds to the transport layer (Layer 4) of the OSI reference model. Among the services TCP provides are stream data transfer, reliability, efficient flow control, full-duplex operation, and multiplexing. The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4) that belongs to the Internet protocol family. UDP is basically an interface between IP and upper-layer processes. UDP protocol ports distinguish multiple applications running on a single device from one another. Identify the functions of the TCP/IP network-layer protocols. There are two main reasons for the Internet Layer's exitence: routing and providing a single network interface to the upper layers. IP provides connectionless, best-effort delivery routing of datagrams, It is not concerned with the content of the datagrams. Instead, it looks for a way to move the datagrams to their destination. ICMP provides control and messaging capabilities. ARP determines the data link layer address for known IP addressed. RARP determines network addresses when data link layer addressed are known.
Identify the functions performed by ICMP. The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides message packets to report errors and other information regarding IP packet processing back to the source. ICMPs generate several kinds of useful messages, including Destination Unreachable, Echo Request and Reply, Redirect, Time Exceeded, and Router Advertisement and Router Solicitation. Destination Unreachable - The ICMP destination unreachable message is sent by a router if it is unable to deliver a packet to the ultimate destination. The router discards the original packet.
Destinations might be unreachable for these reasons: The source host specified a nonexistent address. The router does not have a route to the destination (less frequent).
Destination unreachable messages include the following: Network unreachable -- This message usually implies routing or addressing failures. Host unreachable -- This message usually implies delivery failures such as a wrong subnet mask. Protocol unreachable – This message usually implies that the destination does not support upperlayer protocol specified in the packet. Port unreachable -- This message usually implies that the Transmission Control Protocol (TCP) port (socket) is not available. Echo Request and Reply - The ICMP echo request message is sent by any host to test node reachability across an internetwork. It is generated by the ping command. The ICMP echo reply message indicates that the node can be successfully reached. Redirect - An ICMP redirect message is sent by the router to the source host to stimulate more efficient routing. The router still forwards the original packet to the destination. ICMP redirects allow host routing tables to remain small because knowing the address of only one router is required (even if that router does not provide the best path). Even after receiving an ICMP redirect message, some devices might continue using the less efficient route. Time Exceeded - An ICMP time-exceeded message is sent by the router if an IP packet's Time-toLive field (expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. The router discards the original packet. Router Advertisement and Router Solicitation - The ICMP Router Discovery Protocol (IRDP) uses router advertisement and router solicitation messages to discover the addresses of routers on directly attached subnets. IRDP works as follows: 1.Each router periodically multicasts router advertisement messages from each of itsinterfaces. 2.Hosts discover addresses of routers on directly attached subnets by listening for these messages. 3.Hosts can use router solicitation messages to request immediate advertisements, rather than waiting for unsolicited messages. IRDP offers several advantages over other methods of discovering addresses of neighboring routers. Primarily, it does not require hosts to recognize routing protocols, nor does it require manual configuration by an administrator. Router advertisement messages allow hosts to discover the existence of neighboring routers, but not which router is best to reach a particular destination. If a host uses a poor first-hop router to reach a particular destination, it receives a redirect message identifying a better choice. Undeliverable ICMP messages (for whatever reason) do not generate a second ICMP message. Doing so could create an endless flood of ICMP messages.
Configure IPX access lists and SAP filters to control basic Novell traffic. The Service Advertisement Protocol (SAP) is an IPX protocol through which network resources, such as file servers and print servers, advertise their addresses and the services they provide. Advertisements are sent via SAP every 60 seconds. Services are identified by a hexadecimal number, which is called a SAP identifier (for example, 4 = file server, and 7 = print server). Using the SAP identifier, SAP advertisements can be filtered on a router's input or output port, or from a specific router. SAP filters conserve network bandwidth and are especially useful in large Novell installations where hundreds of SAP services exist. In general, the use of SAP filters is recommended for services that are not required for a particular network. Remote sites, for example, probably do not need to receive SAP advertising print services located at a central site. A SAP output filter at the central site (preferred) or a SAP input filter that uses the SAP identifier for a print server at the remote site prevents the router from including print services in SAP updates. Access lists can control most protocols on a Cisco router. ProtocolTypeRange IdentifierIPStandard Extended 1-99 100-199 Named (IOS 11.2 orlater)IPXStandardExtended SAP Filter800-899 900-999 1000-1099AppleTalk600-699 For example: access-list 1000 deny 3c01.0000.0000.0001 access-list 1000 permit -1 interface ethernet 0 ipx network 3c ipx input-sap-filter 1000 interface ethernet 1 ipx network 4d interface serial 0 ipx network 2b Routing Add the RIP routing protocol to your configuration. The Routing Information Protocol (RIP) is a distance-vector protocol that uses hop count as its metric. RIP is widely used for routing traffic in the global Internet and is an interior gateway protocol (IGP), which means that it performs routing within a single autonomous system. RIP has the following key characteristics: It is a distance vector routing protocol. Hop count is used as the metirc for path selection. The maximum allowable hop count is 15. Routing updates are broadcast every 30 seconds by default. To configure RIP to your network, use the following commands: Router(config)# router rip; To select RIP as the routing protocol Router(config-router)# network{network_number;To assign a NIC-based address to which the router is directly connected. The routing process will associate interfaces with the proper addresses and will begin packet processing on the specified networks. Add the IGRP routing protocol to your configuration. Interior Gateway Routing Protocol (IGRP) is a distance vector routing protocol developed by
Cisco. IGRP sends routing updates at 90-second intervals to advertise networks for a particular autonomous system. The following are some key characteristics of IGRP: Design emphasizes: Versatility to automatically handle indefinite, complex topologies. Flexibility for segments having different bandwidth and delay characteristics. Scalability to function in very large networks. The IGRP routing protocol uses a combination of variables to determine a composite metric. Variables IGRP uses include: Bandwidth, Delay, Load, Reliability, Maximum transmission unit (MTU) To configure IGRP to your network, use the following commands: Router(config)# router igrp {autonomous_system}; Identifies the IGRP router processes that will share routing information. Router(config-router)# network {network_number} ; Specifies any directly connected networks to be included, it's a NIC network number, not a subnet number or individual address. Explain the services of separate and integrated multi protocol routing. Separate routing --- The ships-in-the-night approach involves the use of a different routing protocol for each network protocol. Integrated routing --- Integrated routing involves the use of a single routing protocol (for example, a link state protocol) that determines the least cost path for different routed protocols. List problems that each routing type encounters when dealing with topology changes and describe techniques to reduce the number of these problems. Distance Vector protocols,like RIP and IGRP, use the Bellman-Ford algorithm. They are slow to converge in a large LAN. This can lead to inconsistent routing entries and cause routing loops. Hop-Count Limit --- RIP permits a maximum hop count of 15. Any destination greater than 15 hops away is tagged as unreachable. RIP's maximum hop count greatly restricts its use in large internetworks, but prevents a problem called count to infinity from causing endless network routing loops. Hold-Downs -- Hold-downs are used to prevent regular update messages from inappropriately reinstating a route that has gone bad. When a route goes down, neighboring routers will detect this. These routers then calculate new routes and send out routing update messages to inform their neighbors of the route change. This activity begins a wave of routing updates that filter through the network. Triggered updates-- do not instantly arrive at every network device. It is therefore possible that a device that has yet to be informed of a network failure may send a regular update message (indicating that a route that has just gone down is still good) to a device that has just been notified of the network failure. In this case, the latter device now contains (and potentially advertises) incorrect routing information. Hold-downs tell routers to hold down any changes that might affect recently removed routes for some period of time. The hold-down period is usually calculated to be just greater than the period of time necessary to update the entire network with a routing change. Hold-down prevents the count-to-infinity problem. Split Horizons --Split horizons derive from the fact that it is never useful to send information about a route back in the direction from which it came. The split-horizon rule helps prevent two-node routing loops.
Poison Reverse Updates - Whereas split horizons should prevent routing loops between adjacent routers, poison reverse updates are intended to defeat larger routing loops. The idea is that increases in routing metrics generally indicate routing loops. Poison reverse updates are then sent to remove the route and place it in hold-down. Poison Reverse update are updates sent to other routers with an unreachable metric.
Link State Link State routing uses the Dijkstra algorithm to compute the shortest path first to another network. Link State routing protocols, like OSPF & NLSP, notify other routers of topology changes with linkstate updates. The router receiving these LSP's recalculate their routing table. The 2 link-state concerns are: Processing and memory required for link-state routing. Bandwidth consumed for initial link-state"flood". Link state updates can arrive at different times based on bandwidth between routers. To solve this problem: Dampen the periodic update (longer intervals) Use time stamps Use targeted mulitcast (not flood), define router hierarchies (i.e. partition network) Describe the benefits of network segmentation with routers. Manageability --- There are explicit protocols operating among routers, giving the network administrator greater control over path selection; and network routing behavior is more visible. Functionality --- Because routers are visible to the end stations, you can implement mechanisms to provide flow control, error and congestion control, fragmentation and reassembly services, and explicit packet lifetime control. Multiple active paths --- With the implementation of a router, you can use a network topology using more than one path between stations. Operating at the network layer, routers can examine protocol, destination service access point (DSAP), source service access point (SSAP), and path metric information before making forwarding or filtering decisions. Network Security Configure standard and extended access lists to filter IP traffic. Access lists are statements that specify conditions that an administrator sets so the router will handle the traffic covered by the access list in an out-of-the ordinary manner. Access lists give added control for processing the specific packets in a unique way. The two main types of access lists are standard and extended. Standard access lists for IP check the source address of packets that could be routed. The result permits or denies output for an entire protocol suite, based on the network/subnet/host address. Extended access lists check for both source and destination packet addresses. The also can check for specific protocols, port numbers, and other parameters, which allows administrators more flexibility to describe what checking the access list will do. Packets can be permitted or denied output based on where the packet originated and on its destination.