ccna 640-802 - www.arabhardware.net - by burn_notice

- Chapter 1: Internetworking- Chapter 2: Introduction to TCP/IP- Chapter 3: Subnetting, VLSM and Troubleshooting- Chapter 4: Cisco’s IOS and SDM- Chapter 5: Managing a Cisco Internetwork- Chapter 6: IP Routing- Chapter 7: EIGRP and OSPF- Chapter 8: Layer-2 Switching- Chapter 9: VLAN’s- Chapter 10: Security ACL- Chapter 11: Network Address Translation- Chapter 12: Wireless Networks- Chapter 13: IPv6- Chapter 14: Wide Area Networks

Chapter 1 Objectives1- Internetworking

• The CCNA Topics Covered in this chapter include:– Devices used in this book– Internetworking Basics– Layered Models– The OSI Model– Ethernet Networking– Data Encapsulation– Cisco’s Three-Layer Model– Chapter 1 Written Labs and Review Questions

Devices used in this book

Internetworking BasicsHow would you say the PC named Bob communicates with the PC named Sally?

Internetworking BasicsSwitches can replace the hub, breaking up collision domains.

Keep in mind that the hub used in the figure just extended the one collision domain from the switch port.

Internetworking BasicsHere’s a list of some of the things that commonly cause LAN traffic congestion:

• Too many hosts in a broadcast domain

• Broadcast storms

• Multicasting

• Low bandwidth

• Adding hubs for connectivity to the network

• A bunch of ARP or IPX traffic (IPX is a Novell protocol that is like IP, but really, really chatty. Typically not used in today’s networks.)

Internetworking Basics

Routers create an internetwork.

There are two advantages of using routers in your network:

• They don’t forward broadcasts by default.

• They can filter the network based on layer 3 (Network layer) information (e.g., IP address).

Four router functions in your network can be listed as follows:

• Packet switching

• Packet filtering

• Internetwork communication

• Path selectionInternetworking BasicsInternetworking devices

Switched networks creating an internetwork

Layered ModelsThe Layered Approach

• A reference model is a conceptual blueprint of how communications should take place.

• It addresses all the processes required for effective communication and divides these processes into logical groupings called layers.

• When a communication system is designed in this manner, it’s known as layered architecture.

The OSI Model

• The OSI isn’t a physical model. Rather, it’s a set of guidelines that application developers can use to create and implement applications that run on a network.

• It also provides a framework for creating and implementing networking standards, devices, and internetworking schemes

The upper layers

The lower layers

The Layer Functions

Connection-Oriented Communication

Windowing

Network LayerRouting Table used in a router

Router in an internetwork

Data Link Layer

Binary AddressingBinary to Decimal Memorization Chart

10000000 12811000000 19211100000 22411110000 24011111000 24811111100 25211111110 25411111111 255

A hub in an network

A Switch in an network

Ethernet Networking• Ethernet is a contention media access method that allows all hosts on a

network to share the same bandwidth of a link. • Ethernet is popular because it’s readily scalable, meaning that it’s

comparatively easy to integrate new technologies, such as Fast Ethernet and Gigabit Ethernet, into an existing network infrastructure.

• It’s also relatively simple to implement in the first place, and with it, troubleshooting is reasonably straightforward.

Ethernet Collision DetectionCSMA/CD

Half and Full DuplexHalf-duplex Ethernet is defined in the original 802.3 Ethernet; Cisco says it uses only one wire pair with a digital signal running in both directions on the wire.

But full-duplex Ethernet uses two pairs of wires instead of one wire pair like half duplex. And full duplex uses a point-to-point connection between the transmitter of the transmitting device and the receiver of the receiving device.

Full-duplex Ethernet can be used in three situations:• With a connection from a switch to a host• With a connection from a switch to a switch• With a connection from a host to a host using a crossover cable

Ethernet AddressingThe MAC, or hardware, address is a 48-bit (6-byte) address written in a hexadecimal format.

Ethernet at the Physical Layer

The IEEE 802.3 and original Ethernet Physical layer specifications.

Ethernet CablingEthernet cabling is an important discussion, especially if you are planning on taking the Cisco exams.

Three types of Ethernet cables are available:

• Straight-through cable• Crossover cable• Rolled cable

We will look at each in the following sections.

Straight Through

The straight-through cable is used to connect• Host to switch or hub• Router to switch or hub

Crossover CableThe crossover cable can be used to connect• Switch to switch• Hub to hub• Host to host• Hub to switch• Router direct to host

Rolled CableAlthough rolled cable isn’t used to connect any Ethernet connections together, you

can use a rolled Ethernet cable to connect a host to a router console serial communication (com) port.

Using Hyper TerminalNotice the settings for Hyper Terminal

What type of cable is used?

What type of cable is used for each connection?

Data EncapsulationWhen a host transmits data across a network to another device, the data goes through encapsulation:• It is wrapped with protocol information at each layer of the OSI model. • Each layer communicates only with its peer layer on the receiving device.

PDU

Port NumbersThe Transport layer uses port numbers to define both the virtual

circuit and the upper-layer process.

Cisco’s Three-Layer ModelThe following are the three layers and their typical functions:

• The core layer: backbone• The distribution layer: routing• The access layer: switching

Chapter 2 Objectives2: Introduction to TCP/IP

• The CCNA Topics Covered in this chapter include:• TCP/IP and the DoD Model

– Process/Application Layer– Host-to-Host Layer– Internet Layer– Network Access

• IP Addressing– Class A– Class B– Class C– Private Addressing

TCP/IP and the DoD ModelThe figure shows a comparison of the DoD model and the OSI reference model. As

you can see, the two are similar in concept, but each has a different number of layers with different names.

The TCP/IP Protocol SuiteThe DoD and OSI models are alike in design and concept

and have similar functions in similar layers.

Process/Application LayerThis section describes different applications and services typically used in IP

networks. The following protocols and applications are discussed:– Telnet– FTP– TFTP– NFS– SMTP– LPD– X Window– SNMP– DNS– DHCP/BootP

Host to Host LayerThe main purpose of the Host-to-Host layer is to shield the upper-layer applications from the complexities of the network. This layer says to the upper layer, “Just give me your data stream, with any instructions, and I’ll begin the process of getting your information ready to send.”The following sections describe the two protocols at this layer:

– Transmission Control Protocol (TCP)– User Datagram Protocol (UDP)

TCPThe figure shows the different fields within the TCP header.

UDPThis figure clearly illustrates UDP’s markedly low overhead as compared to TCP’s

hungry usage.

Key concepts of Host to Host ProtocolsTCP _______________________________ UDP Sequenced UnsequencedReliable UnreliableConnection-oriented ConnectionlessVirtual circuit Low overheadAcknowledgments No acknowledgmentWindowing flow control No windowing or flow

control

Port NumbersPort number examples for TCP and UDP

Key Protocols and Port NumbersTCP UDP

Telnet 23 SNMP 161

SMTP 25 TFTP 69HTTP 80 DNS 53

FTP 21 DNS 53 HTTPS 443

Internet LayerIP Header

Protocol Field in IP Header

Protocol Protocol Number ICMP 1 IP in IP (tunneling) 4 IGRP 9

EIGRP 88 OSPF 89 IPv6 41 GRE 47

Layer 2 tunnel (L2TP) 115

ICMPInternet Control Message Protocol (ICMP) works at the Network layer and is used by IP for many different services.

• ICMP is a management protocol and messaging service provider for IP.

• Its messages are carried as IP datagrams.

ICMP packets have the following characteristics:• They can provide hosts with information about network problems.• They are encapsulated within IP datagrams.

E0 of LAB_B goes down. What happens?

ARPARP resolves IP addresses to Ethernet (MAC) addresses.

RARP

IP AddressingAn IP address is a numeric identifier assigned to each machine on an IP network.

It designates the specific location of a device on the network.

IP addressing was designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in.

IP TerminologyBIT: A bit is one digit, either a 1 or a 0.

BYTE: A byte is 7 or 8 bits, depending on whether parity is used. For the rest of this chapter, always assume a byte is 8 bits.

OCTET: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In this chapter, the terms byte and octet are completely interchangeable.

Network address: This is the designation used in routing to send packets to a remote network—for example, 10.0.0.0, 172.16.0.0, and 192.168.10.0.

Broadcast address: The address used by applications and hosts to send information to all nodes on a network is called the broadcast address.

Network AddressingSubdividing an IP address into a network and node address is determined by the class designation of one’s network. This figure summarizes the three classes of

networks

Reserved Addressing

Address Function Network address of all 0s Interpreted to mean “this network or segment.” Network address of all 1s Interpreted to mean “all networks.” Network 127.0.0.1 Reserved for loopback tests. Node address of all 0s Interpreted to mean “network address” or

any host on specified network. Node address of all 1s Interpreted to mean “all nodes” on the

specified networkEntire IP address set to all 0s Used by Cisco routers to designate the

default route. Could also mean “any network.” Entire IP address set to all 1s (same as Broadcast to all nodes on the

current network; 255.255.255.255) sometimes called an “all 1s broadcast” or limited broadcast

Private AddressingAddress Class Reserved Address Space

Class A 10.0.0.0 through 10.255.255.255 Class B 172.16.0.0 through 172.31.255.255 Class C 192.168.0.0 through 192.168.255.255

Chapter 3 Objectives3: Subnetting, VLSM and Troubleshooting

The CCNA Topics Covered in this chapter include:-Subnetting basics-How to create subnets-Subnet masks and CIDR

• Class C subnetting• Class B subnetting• VLSM• Summarization

• Troubleshooting IP addressing

Subnetting Basics• Benefits of subnetting include:

– Reduced network traffic– Optimized network performance– Simplified management– Facilitated spanning of large geographical distances.

How To Create SubnetsTake bits from the host portion of the IP address and reserve the to divine the subnet address.

Understanding the Powers of 2

Subnet Masks• Used to define which part of the host address will be used as the subnet

address.• A 32-bit value that allows the recipient of IP packets to distinguish the

network ID portion of the IP address from the host ID portion.

Default Subnet Masks

Classless Inter-Domain Routing (CIDR)Used to allocate an amount of IP address space to a given entity (company, home, customer, etc).Example: 192.168.10.32/28The slash notation (/) means how many bits are turned on (1s) and tells you what your subnet mask is.

CIDR Values

Subnetting Class C AddressesIn a Class C address, only 8 bits are available for defining the hosts. Remember that subnet bits start at the left and go to the right, without skipping bits. This means that the only Class C subnet masks can be the following:

Binary Decimal CIDR---------------------------------------------------------

10000000 = 128 /25 11000000 = 192 /2611100000 = 224 /2711110000 = 240 /2811111000 = 248 /29

11111100 = 252 /30

Class C 192 mask examplesSubnet Host Meaning

00 000000 = 0 The network (do this first)00 000001 = 1 The first valid host00 111110 = 62 The last valid host00 111111 = 63 The broadcast address (do

this second)Subnet Host Meaning

01 000000 = 64 The network

01 000001 = 65 The first valid host

01 111110 = 126 The last valid host

01 111111 = 127 The broadcast address

Subnet Host Meaning

10 000000 = 128 The subnet address




Subnet Host Meaning

11 000000 = 192 The subnet address




Subnetting Class C Addresses – Fast MethodAnswer Five Simple Questions:

- How many subnets dose the chosen subnet mask produce?- How many valid hosts per subnet are available?- What are the valid subnets?- What's the broadcast address of each subnet?- What are the valid hosts in each subnet?

How Many Subnets? 22 = number of subnets.

X is the number of masked bits, or the 1s. For example, in 11000000, the number of ones gives us

22 subnets. In this example there are 4 subnets.How Many Hosts Per Subnet?

2y-2 = number of hosts per subnet.• Y is the number of unmasked bits, or the 0s.• For example, in 11000000, the number of zeros gives us 26-2 hosts. In

this example, there are 62 hosts per subnet.What Are The Valid Subnets?

• 256-subnet mask = block size, or base number.• For example 256-192=64. 64 is the first subnet. The next subnet would be

the base number plus itself or 64+64=128, (the second subnet).What’s The Broadcast Address For Each Subnet?

• The broadcast address is all host bits turned on, which is the number immediately preceding the next subnet.

What Are The Valid Hosts?• Valid hosts are the number between the subnets, omitting all 0s and all 1s.

Variable Length Subnet Masks (VLSM)

Which IP address will be placed in each router’s FastEthernet 0/0 interface and serial 0/1 of RouterB?

Answer

Chapter 4 Objectives

4 :Cisco’s IOS and SDM• The CCNA Topics Covered in this chapter include:• The Cisco router IOS• Enhanced editing• Administrative functions

– Hostnames– Banners– Passwords– Interface descriptions

• Verifying your configuration

Cisco Router IOS• Carries network protocols and functions• Connects high-speed traffic between devices• Adds security to control access• Provides scalability for growth• Supplies reliability

Connecting To A Cisco Router

Cisco 2811

Cisco 1841

Bringing up a Router• Boot-up process:

1: POST2: Looks for the Cisco IOS from Flash memory3: IOS loads & looks for a valid configuration;

• startup-config• stored in nonvolatile RAM (NVRAM)

4: If a valid config is not found in NVRAM:• setup mode

Setup Mode• Basic Management Setup• Extended Setup• Command-Line Interface

Command-Line Interface (CLI)• More flexible than setup mode.• To use the CLI, just say No to entering the initial configuration dialog.

Logging into the Router• User mode:

– Router>– Used mostly to view statistics

• Privileged mode:– Router#– Used to view & change router configuration

Overview of Router Modes• Global changes:

– config terminal or config t– Changes made to running-config (DRAM)– To change the startup-config (NVRAM)

• config memory or config memNote: Any configuration changes need to be placed into RAM. Typing config mem or config net (from a TFTP host) will append the current running-config

Configuration

• CLI Prompts• Interfaces• Sub-interfaces• Line Commands• Routing Protocol Configurations

Editing & Help Features• Commands starting with a certain letter

Router#c? clear clock configure connect copy• Enhanced Editing Commands• Router-Command History• Gathering Basic Routing Information

– show versionRouter Command History

Gathering Basic Routing Information Router# show version

Administrative FunctionsThe administrative functions that you can configure on a router and switch are• Hostnames• Banners• Password• Interface descriptions

Hostnames & Descriptions• Hostnames

Router(config)#hostname todd todd(config)#• Descriptions

Atlanta(config)#int e0 Atlanta(config-if)#description Sales Lan

Banners• Purpose• Types

– exec– incoming– login– motd

• Delimiting characterSetting the Passwords

• 5 passwords:

– 1st two used to set your enable password• Used to secure privileged mode; Router>enable

– Other three are used to configure a password in user mode via:• console port• auxiliary port• Telnet

Passwords• Enable passwordsRouter(config)#enable password ciscoRouter(config)#enable secret cisco• Auxiliary Password• Console Password• Telnet Password• Encrypting Your PasswordRouter(config)#service password-encryption

Interface DescriptionsSetting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. The description command is a helpful one because you can, for instance, use it to keep track of circuit numbers.

Here’s an example:Atlanta(config)#int e0Atlanta(config-if)#description Sales LanAtlanta(config-if)#int s0Atlanta(config-if)#desc Wan to Miami circuit:6fdda4321

You can view the description of an interface either with the show running-config command or the show interface command.

Router Interfaces• Bringing up an Interfaceno shutdownshutdownshow interface• Configuring an IP Address on an InterfaceRouter(config)#int e0Router(config-if)#ip address 172.16.10.2 255.255.255.0Router(config-if)#no shut• Serial Interface Commandsclock rate & bandwidth (entered in kilobits)

Viewing, & Saving Configurations• Viewing & Saving Configurations

– running-config saved in DRAM– startup-config saved in NVRAM

copy run startsh runsh starterase startup-config

Verifying Your ConfigurationTools:

– show running-config– show startup-config– ping– show cdp nei detail– trace– telnet

• Verifying with the show interface command– Router#show interface ?

• Verifying with the show ip interface command– Router#show ip interface– Router#show ip interface brief– Router#show controllers

Chapter 5 Objectives5 :Managing a Cisco Internetwork

• The CCNA Topics Covered in this chapter include:• Cisco Router Components• Boot Sequence• Configuration register• Backing up and restoring the IOS• Backing up and restoring the configuration• Cisco Discovery Protocol• Telnet• Resolving hostnames• Troubleshooting tools

Cisco Router Components• Bootstrap

– Brings up the router during initialization• POST

– Checks basic functionality; hardware & interfaces• ROM monitor

– Manufacturing testing & troubleshooting• Mini-IOS

– Loads Cisco IOS into flash memory• RAM

– Holds packet buffers, routing tables, & s/w– Stores running-config

• ROM– Starts & maintains the router

• Flash Memory– Holds Cisco IOS– Not erased when the router is reloaded

• NVRAM– Holds router (& switch) configurations– Not erased when the router is reloaded

• Configuration Register– Controls how the router boots up

Boot Sequence1: Router performs a POST2: Bootstrap looks for & loads the Cisco IOS3: IOS software looks for a valid configuration file4: Startup-config file (from NVRAM) is loaded– If startup-config file is not found, the router will start the setup mode

Configuration Registers• Register

– 16-bit software written into NVRAM

– Loads from flash memory & looks for the startup-config file• Configuration Register Bits

– 16 bits read 15-0, from left to right– default setting: 0x2102

Register 2 _ 1 __ 0 _ 2 __ Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0Binary 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

NOTE: 0x means the digits that follow are in hexadecimal

Configuration Meanings

Checking the Register ValueRouter#sh versionConfiguration register is 0x2102

Recovering Passwords1 :Boot the router & interrupt the boot sequence by performing a break using the

Ctrl+Break key combination.2 :Change the configuration register to turn on bit 6 (0x2142)

rommon>confreg 0x2142You must reset or power cycle for new config to take effect

3 :Reload the router–Type reset

•The router will reload & ask if you want to enter setup mode–Answer NO

4 :Enter the privileged modeRouter>enable

Router#

5 :Copy the startup-config to running-configRouter#copy startup-config running-config

6 :Change the passwordRouter#config tRouter(config)#enable secret cisco

7 :Reset the configuration register to the default valueRouter(config)#config-register 0x2102

8 :Reload the router

Backing up & Restoring the Cisco IOSBefore you upgrade..…

–Copy the existing IOS to a TFTP host!Verify Flash MemoryRouter#sh flash

System flash directory:File Length Name/status

1 8121000 c2500-js-1.112-18.bin[8121064 bytes used, 8656152 available, 16777216 total]

16384K bytes of processor board System flash (Read ONLY)Router#

1 :Ensure you have good connectivity to the TFPT hostRouter#ping 192.168.0.120

2 :Copy the IOS from flash to the TFTP hostRouter#copy flash tftpThe TFTP host must have a default directory specified

Restoring or Upgrading the Cisco IOS

1 :Ensure you have good connectivity to the TFTP hostRouter#ping 192.168.0.120

2 :Copy the IOS from the TFTP host to flashRouter#copy tftp flash

The TFTP host must have a default directory specifiedCopying the IOS from a TFTP host to flash requires a router reboot

Backing up the Configuration 1 :Verify the Current Configuration

Router#sh run

2 :Verify the Stored Configuration Router#sh start

Verify available memory 3 :Copy running-config to NVRAM

Router#copy run start Router#sh start

4 :Copy running-config to a TFTP host Router#copy run tftp

A second backup Using Cisco Discovery Protocol (CDP)

A Cisco proprietary protocolDesigned to collect information about directly attached & remote device

Hardware informationProtocol information

Useful in troubleshooting & documenting the network

Getting CDP Timers & Holdtime Information

ConfigurationCDP Timer: How often CDP packets are transmitted to all active interfacesCDP Holdtime: The amount of time that the device will hold packets received from neighbor devicesRouter#sh cdpGlobal CDP informationSending CDP packets every 60 secondsSending a holdtime value of 180 seconds

Router#config tRouter(config)#cdp timer 90Router(config)#cdp holdtime 240

Getting Neighbor Information• Shows information about directly connected devices– CDP packets are not passed through a Cisco switch– Can only see what is directly attachedRouter#sh cdp neiorRouter#sh cdp neighbor detail– Detailed information; hostname, IP address, etc

Getting Interface Traffic & Port Information• Interface Traffic Information:

– CDP packets sent & received– Errors with CDP

Router#sh cdp traffic• Port & Interface Information:

– Encapsulation on the line– Timer & Holdtime for each interface

Router#sh cdp interface

Using Telnet• A virtual terminal protocol

– Part of the TCP/IP suite– Allows connections to remote devices

• Gather information• Run programs

Note: The VTY passwords must be set on the routers

• Setting VTY passwords:Router#config tRouter(config)#line vty 0 4Router(config)#loginRouter(config)#password ciscoRouter(config)#^ZRouter#172.16.10.2Trying 172.16.10.2 … Open

User Access VerificationPassword:RouterB>

Remember….– VTY password is the user mode (>) password - not the enable mode

(#) password– With no enable/enable secret password set, the following happens:

RouterB>en% No password setRouterB>This equates to good security!

Telnet Commands• Telnetting into Multiple DevicesCtrl+Shift+6 (release) X• Checking Telnet ConnectionsRouter#sh sessions• Checking Telnet UsersRouter#sh users• Closing Telnet SessionsRouterB>exitRouterB>disconnect

Resolving Hostnames

• To use a hostname rather than an IP address to connect to a remote host a device must be able to translate the hostname to an IP address– Build a host table on each router– Build a Domain Name System (DNS) server

Building a Host Table• Provides name resolution only on the router on which it is built]ip host name tcp_port_number ip_address[Router(config)#ip host RouterB 172.16.10.2Router(config)#ip host switch 192.168.0.148Router#sh hosts

• Default TCP port number: 23Router#RouterBRouterB#(Ctrl+Shift+6) (X)Router#switch

Using DNS to Resolve Names• Used when you have many devices on your network• Making DNS work…

– ip domain-lookup• Turned on by default

– ip name-server• Sets the IP address of the DNS server (up to 6 each)

– ip domain-name• Appends the domain name to the hostname

Ex: RouterA.neversail.navy.mil

Checking Network Connectivity• Ping

– Displays the minimum, average, & maximum times it takes for aping packet to find a specified system + return

Router#ping RouterB• Trace

– Shows the path a packet takes to get to a remote deviceRouter#trace RouterB

Chapter 6 Objectives

6: IP Routing• Understanding IP routing• Static routing• Dynamic routing

– RIP– RIPv2– Verifying routing

What is Routing?To route a router need to know:

– Remote Networks– Neighbor Routers– All Possible routes to remote network– The absolute best route to all remote networks– Maintain and verify the routing information

Basic Path Selection

What interface will the router send out a packet if it has destination address of 10.10.10.18?

Routing/PDU Example:Host A Web browses to the HTTP Server….

1. The destination address of a frame will be the2. 2. The destination IP address of a packet will be the IP address of the3. The destination port number in a segment header will have a value of

Static Routes

Static Route Configurationip route remote network ]mask[ {address|interface} ]distance[ ]permanent[

Router(config)#ip route [remote network] [mask] [next hop]

Static Route Example

ip route 172.16.1.0 255.255.255.0 172.16.3.2orip route 172.16.1.0 255.255.255.0 s0

Default Routes

ip route 0.0.0.0 0.0.0.0 172.16.3.1 ip classless

Routing vs. Routed• Routing protocols are used between routers to:

– Determine the path of a packet through a network– Maintain routing tables– Examples?

• Routed protocols are:– Assigned to an interface– Once the path is determined by the Routing protocol, determines

method of delivery– Examples?

Routing Protocols

An autonomous system is a collection of networks under a common administrative domain.

• IGPs operate within an autonomous system.• EGPs connect different autonomous systems.

Classful Routing Overview

Classful routing protocols do not include the subnet mask with the route advertisement.

– Within the same network, consistency of the subnet masks is assumed.

– Summary routes are exchanged between foreign networks.– Examples of classful routing protocols:

• RIP Version 1 (RIPv1)• IGRP

Classless Routing OverviewClassless routing protocols include the subnet mask with the route advertisement.

– Classless routing protocols support variable-length subnet masking (VLSM).

– Summary routes can be manually controlled within the network.– Examples of classless routing protocols:

• RIP Version 2 (RIPv2)• EIGRP• OSPF• IS-IS

Administrative Distance

Default Administrative DistanceDirectly Connected: 0Static Route: 1RIP: 120IGRP: 100EIGRP: 90OSPF: 110

Distance Vector

- Distance vector algorithms do not allow a router to know the exact topology of an internetwork.

- All routers just broadcast their entire routing table out all active interfaces on periodic time intervals

Discovering Routes

Routing Loops

RIP Overview

– Hop count metric selects the path, 16 is unreachable– Full route table broadcast every 30 seconds– Load balance maximum of 6 equal cost paths (default = 4)– RIPv2 supports VLSM and Discontiguous networks

RIP Routing ConfigurationRouter(config)#router rip Router(config-router)#network network-number*

*Network is a classful network address. Every device on network uses the same subnet mask

RIP Version 2• Allows the use of variable length subnet masks (VLSM) by sending subnet

mask information with each route update• Distance Vector – same AD, and timers.• Easy configuration, just add the command “version 2” under the router rip

configuration

Discontiguous AddressingTwo networks of the same classful networks are separated by a different network address

– RIPv1 and IGRP do not advertise subnet masks, and therefore cannot support discontiguous subnets.

– OSPF, EIGRP, and RIPv2 can advertise subnet masks, and therefore can support discontiguous subnets.

Passive InterfaceMaybe you don’t want to send RIP updates out your router interface connected to the Internet. Use the passive-interface command:Router(config)#router ripRouter(config-router)#passive-interface serial0

This allows a router to receive route updates on an interface, but not send updates via that interface

Verifying RIPRouter#show ip protocols Router#show ip routeRouter#debug ip rip Router#undebug all (un all)

Chapter 7 Objectives7: EIGRP and OSPF

• Enhanced IGRP– EIGRP tables– Configuring EIGRP– Verifying EIGRP

• Open Shortest Path First– Configuring OSPF– Verifying OSPF– Configuring OSPF with wildcards

What Is Enhanced IGRP (EIGRP)?

• Enhanced IGRP supports:– Rapid convergence– Reduced bandwidth usage– Multiple network-layer support– Uses Diffused Update Algorithm (DUAL) to select loop-free routes and

enable fast convergence– Up to six unequal paths to a remote network (4 by default)

Comparing EIGRP and IGRP– Similar metric– Same load balancing– Improved convergence time– Reduced network overhead– Maximum hop count of 255 (100 default)– EIGRP can differentiate between internal and external routes

EIGRP for IP• No updates. Route updates sent only when a change occurs – multicast on

224.0.0.10• Hello messages sent to neighbors every 5 seconds (60 seconds in most

WANs)

EIGRP Terminology

Note: A feasible successor is a backup route and stored in the Topology table

EIGRP Tables• The neighbor table and topology table are held in ram and are maintained

through the use of hello and update packets.

To see all feasible successor routes known to a router, use the show ip eigrp topology command

Successor routes• Successor route is used by EIGRP to forward traffic to a destination• A successor routes may be backed up by a feasible successor route• Successor routes are stored in both the topology table and the routing table

Choosing Routes

• EIGRP uses a composite metric to pick the best path: bandwidth and delay of the line

• EIGRP can load balance across six unequal cost paths to a remote network (4 by default)

Configuring EIGRP for IP

If you use the same AS number for EIGRP as IGRP, EIGRP will automatically redistribute IGRP into EIGRP

RedistributionRedistribution is translating one type of routing protocol into another.

IGRP and EIGRP translate automatically, as long as they are both using the same AS number

Route PathAssuming all default parameters, which route will RIP (v1 and v2) take, and

which route will EIGRP take?

Verifying Enhanced IGRP Operation

Show IP RouteP1R1#sh ip routeP1R1#sh ip route]output cut[Gateway of last resort is not setD 192.168.30.0/24 ]90/2172[ via 192.168.20.2,00:04:36, Serial0/0C 192.168.10.0/24 is directly connected, FastEthernet0/0D 192.168.40.0/24 ]90/2681[ via 192.168.20.2,00:04:36, Serial0/0C 192.168.20.0/24 is directly connected, Serial0/0D 192.168.50.0/24 ]90/2707[ via 192.168.20.2,00:04:35, Serial0/0P1R1#

-D is for “Dual”-]90/2172[ is the administrative distance and cost of the route. The cost of

the route is a composite metric comprised from the bandwidth and delay of the line

Introducing OSPF

• Open standard• Shortest path first (SPF) algorithm• Link-state routing protocol (vs. distance vector)• Can be used to route between AS’s

OSPF Hierarchical Routing

• Consists of areas and autonomous systems• Minimizes routing update traffic• Supports VLSM• Unlimited hop count

Link State Vs. Distance Vector Link State:• Provides common view of entire topology• Calculates shortest path• Utilizes event-triggered updates• Can be used to route between AS’sDistance Vector:• Exchanges routing tables with neighbors• Utilizes frequent periodic updates

Types of OSPF Routers

Configuring Single Area OSPF

OSPF Example

Verifying the OSPF Configuration

OSFP Neighbors• OSPF uses hello packets to create adjacencies and maintain connectivity with

neighbor routers• OSPF uses the multicast address 224.0.0.5

• Hello packets provides dynamic neighbor discovery• Hello Packets maintains neighbor relationships• Hello packets and LSA’s from other routers help build and maintain the

topological database

OSPF Terminology

• Neighbor• Adjacency

Router ID (RID)

Each router in OSPF needs to be uniquely identified to properly arrange them in the Neighbor tables.

Electing the DR and BDRMulticast Hellos are sent and comparedRouter with Highest Priority is Elected as DRRouter with 2nd Highest Priority is Elected as BDR

• OSPF sends Hellos which elect DRs and BDRs• Router form adjacencies with DRs and BDRs in a multi-access environment

Configuring Loopback Interfaces

Router ID (RID): – Number by which the router is known to OSPF– Default: The highest IP address on an active interface at the moment

of OSPF process startup– Can be overridden by a loopback interface: Highest IP address of any

active loopback interface – also called a logical interface

Interface PrioritiesWhat is the default OSPF interface priority?Router# show ip ospf interface ethernet0/0Ethernet0 is up, line protocol is upInternet Address 192.168.1.137/29, Area 4Process ID 19, Router ID 192.168.1.137, Network Type BROADCAST,Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1Designated Router (ID) 192.168.1.137, Interface address 192.168.1.137No backup designated router on this networkTimer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Hello due in 00:00:06Index 2/2, flood queue length 0Next 0x0(0)/0x0(0)Last flood scan length is 0, maximum is 0Last flood scan time is 0 msec, maximum is 0 msecNeighbor Count is 0, Adjacent neighbor count is 0Suppress hello for 0 neighbor(s)

Ensuring your DR

What options can you configure that will ensure that R2 will be the DR of the LAN segment?

Configuring WildcardsIf you want to advertise a partial octet (subnet), you need to use wildcards.

– 0.0.0.0 means all octets match exactly– 0.0.0.255 means that the first three match exactly, but the last octet

can be any valueAfter that, you must remember your block sizes….The wildcard address is always one less than the block size….

– 192.168.10.8/30 = 0.0.0.3– 192.168.10.48/28 = 0.0.0.15– 192.168.10.96/27 = 0.0.0.31– 192.168.10.128/26 = 0.0.0.63

Wildcard Configuration of the Lab_B Router

Lab_A Lab_B Lab_CE0: 192.168.30.1/24 E0: 192.168.40.1/24 E0: 192.168.50.1/24S0: 172.16.10.5/30 S0: 192.168.10.10/30 S1: 172.16.10.9/30 S1: 192.168.10.6/30

Chapter 8 Objectives8: Layer-2 Switching

The CCNA Topics Covered in this chapter include:• What is layer-2 switching• Switching services• Bridges vs. LAN switching• Three switch functions• MAC table• Switching loops Spanning-Tree Protocol (STP)

Layer 2 Switching • Purposes for using switching

– Breaks up collision domains– Cost-effective, resilient internetwork

• Purpose for Spanning-Tree Protocol (STP)– Stops loops in layer 2 switched networks

Before Layer 2 Switching

Switched LANs

Typical Switched Designs

One link to the server!

Switching ServicesLayer 2 switching provides:

– Hardware-based bridging (ASIC)– Wire speed– Low latency– Low cost

Limitations of Layer 2 Switching• Must break up the collision domains correctly.• Make sure that users spend 80 percent of their time on the local segment.• Switches do not break up broadcast domains by default.

Bridging vs. LAN switching

Three Switch Functions at Layer-2

Empty MAC table

How Switches Learn Hosts’ Locations

Switching Loops

Switching Loop Problems

Spanning-Tree Protocol (STP)Solves Switching loops at layer 2

Spanning-Tree Operations• Selecting the root bridge• Selecting the designated port

Spanning-Tree Port States• Blocking• Listening• Forwarding• Disabled

Spanning-Tree Example

Chapter 9 Objectives9: VLAN’s

The CCNA Topics Covered in this chapter include:• What is a VLAN?• VLAN Memberships• VLAN links• Frame tagging• VTP• Trunking• Configuring VLANs• Inter-VLAN Communication• Configuration examples

Virtual LANs (VLANs)• Definition: A logical grouping of network users and resources connected to

administratively defined ports on a switch.– Smaller broadcast domains– Organized by:

• Location• Function• Department• Application or protocol

Switches

Features of VLANs• Simplify network management• Provides a level of security over a flat network• Flexibility and Scalability

Broadcast Control• Broadcasts occur in every protocol• Bandwidth & Broadcasts• Flat network• VLANs & Broadcasts

Flat Network Structure

Flexibility & Scalability• Layer-2 switches only read frames

– Can cause a switch to forward all broadcasts• VLANs

– Essentially create broadcast domains• Greatly reduces broadcast traffic• Ability to add wanted users to a VLAN regardless of their

physical location• Additional VLANs can be created when network growth

consumes more bandwidth

Physical LANs Connected To A Router

VLANs Remove The Physical Boundary

VLAN Memberships• Static VLANs

– Typical method of creating VLANs– Most secure

• A switch port assigned to a VLAN always maintains that assignment until changed

• Dynamic VLANs– Node assignment to a VLAN is automatic

• MAC addresses, protocols, network addresses, etc– VLAN Management Policy Server (VMPS)

• MAC address database for dynamic assignments• MAC-address to VLAN mapping

Identifying VLANs• Access links

– A link that is part of only one VLAN• Trunk links

– Carries multiple VLANs

Identifying VLANs (cont.)

Frame Tagging• Definition: A means of keeping track of users & frames as they travel the

switch fabric & VLANs– User-defined ID assigned to each frame– VLAN ID is removed before exiting trunked links & access links

VLAN ID Methods• Inter-Switch Link (ISL)

– Cisco proprietary– FastEthernet & Gibabit Ethernet only

• IEEE 802.1q– Must use if trunking between Cisco & non-Cisco switch

Inter-Switch Link (ISL) Protocol• Definition: A means of explicitly tagging VLAN information onto an Ethernet

frame– Allows VLANs to be multiplexed over a trunk line– Cisco proprietary– External tagging process

VLAN Trunk Protocol (VTP)• Purpose: to manage all configured VLANs across a switch internetwork &

maintain consistency– Allows an administrator to add, delete, & rename VLANs

VTP Benefits• Benefits

– Consistent configuration– Permits trunking over mixed networks– Accurate tracking– Dynamic reporting– Plug-and-Play

• A VTP server must be created to manage VLANs

VTP Modes

VTP Modes of Operation• Server

– Default for all Catalyst switches– Minimum one server for a VTP domain

• Client– Receives information + sends/receives updates– Cannot make any changes

• Transparent– Does not participate in a VTP domain but forwards VTP

advertisements– Can add/delete VLANs– Locally significant

Router with Individual VLAN associations

Routing Between VLANs

Configuring VLANs• Creating VLANs• Assigning Switch Ports to VLANs• Configuring Trunk Ports• Configuring Inter-VLAN routing

Configuring VTP• Switches are configured to be VTP servers by default.

InterVLAN Configuration Example

Example 2

Example 3

Example 4

Configuring Switching In Our Sample Internetwork

2950C

2950B

Setting Up Trunking

Inter-VLAN communication

Chapter 10 Objectives10: Security

The CCNA Topics Covered in this chapter include:• Introduction to Security

– Types of attacks– Mitigating attacks

• Access-lists– Standard– Extended– Named– Monitoring Access-lists

Introduction to Security

Attacks• APPLICATION-LAYER ATTACKS• AUTOROOTERS• BACKDOORS• DENIAL OF SERVICE (DOS) AND DISTRIBUTED DENIAL OF SERVICE (DDOS)

ATTACKS– (MANY OTHERS)

Mitigating Attacks• Appliances

– IDS– IPS

• STATEFUL IOS FIREWALL INSPECTION ENGINE• FIREWALL VOICE TRAVERSAL• ICMP INSPECTION• AUTHENTICATION PROXY

Access Lists• Purpose:

– Used to permit or deny packets moving through the router– Permit or deny Telnet (VTY) access to or from a router– Create dial-on demand (DDR) interesting traffic that triggers dialing to

a remote location

Important Rules• Packets are compared to each line of the assess list in sequential order• Packets are compared with lines of the access list only until a match is made

– Once a match is made & acted upon no further comparisons take place

• An implicit “deny” is at the end of each access list– If no matches have been made, the packet will be discarded

Types of Access Lists• Standard Access List

– Filter by source IP addresses only• Extended Access List

– Filter by Source IP, Destination IP, Protocol Field, Port Number• Named Access List

– Functionally the same as standard and extended access lists.

Application of Access Lists• Inbound Access Lists

– Packets are processed before being routed to the outbound interface• Outbound Access Lists

– Packets are routed to the outbound interface & then processed through the access list

ACL Guidelines• One access list per interface, per protocol, or per direction• More specific tests at the top of the ACL• New lists are placed at the bottom of the ACL• Individual lines cannot be removed• End ACLs with a permit any command• Create ACLs & then apply them to an interface• ACLs do not filter traffic originated from the router• Put Standard ACLs close to the destination• Put Extended ACLs close the the source

Standard IP Access ListsRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list ? <1-99> IP standard access list

<100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list

Standard IP Access Lists• Creating a standard IP access list:

Router(config)#access-list 10 ? deny Specify packets to reject permit Specify packets to forward• Permit or deny?

Router(config)#access-list 10 deny ? Hostname or A.B.C.D Address to match any any source host host A single host address• Using the host command

Router(config)#access-list 10 deny host 172.16.30.2

Standard ACL Example

Standard ACL example 2

Standard ACL Example 3

Wildcards• What are they???

– Used with access lists to specify a….• Host• Network• Part of a network

Block Sizes 64 32 16 8 4• Rules:

– When specifying a range of addresses, choose the closest block size – Each block size must start at 0

– A ‘0’ in a wildcard means that octet must match exactly– A ‘255’ in a wildcard means that octet can be any value– The command any is the same thing as writing out the wildcard:

0.0.0.0 255.255.255.255

Specifying a Range of Subnets(Remember: specify a range of values in a block size)Requirement: Block access in the range from 172.16.8.0 through 172.16.15.0 = block size 8

Network number = 172.16.8.0Wildcard = 0.0.7.255

**The wildcard is always one number less than the block size

Controlling VTY (Telnet) Access• Why??

– Without an ACL any user can Telnet into the router via VTY and gain access

• Controlling access– Create a standard IP access list

• Permitting only the host/hosts authorized to Telnet into the router

– Apply the ACL to the VTY line with the access-class command

ExampleLab_A(config)#access-list 50 permit 172.16.10.3 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in(implied deny)

Extended IP Access Lists• Allows you to choose...

• IP Source Address• IP Destination Address• Protocol• Port number

Extended IP ACLs

Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list

<600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list

Router(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward

Extended IP ACLsRouter(config)#access-list 110 deny ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol tcp Transmission Control Protocol udp User Datagram Protocol

Router(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host

Extended IP ACL Steps#1: Select the access list:

RouterA(config)#access-list 110#2: Decide on deny or permit:

RouterA(config)#access-list 110 deny#3: Choose the protocol type:

RouterA(config)#access-list 110 deny tcp#4: Choose source IP address of the host or network: RouterA(config)#access-list 110 deny tcp any#5: Choose destination IP address

RouterA(config)#access-list 110 deny tcp any host 172.16.30.2#6: Choose the type of service, port, & logging

RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 log

Steps (cont.)RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 logRouterA(config)#access-list 110 permit ip any 0.0.0.0 255.255.255.255RouterA(config)#ip access-group 110 in orRouterA(config)#ip access-group 110 out

Named Access Lists• Another way to create standard and extended access lists.• Allows the use of descriptive names to ease network management.• Syntax changes:

– Lab_A(config)#ip access-list standard BlockSales– Lab_A(config-std-nacl)#deny 172.16.40.0 0.0.0.255– Lab_A(config-std-nacl)#permit any

Monitoring IP Access Lists• Display all access lists & their parameters

show access-list• Show only the parameters for the access list 110

show access-list 110• Shows only the IP access lists configured

show ip access-list• Shows which interfaces have access lists set

show ip interface• Shows the access lists & which interfaces have access lists set

show running-config

Chapter 11 Objectives11: Network Address Translation

The CCNA Topics Covered in this chapter include:– What is NAT

• Static• Dynamic• PAT

– Configuring NAT– Verifying NAT

What is NAT?• Similar to Classless Inter-Domain Routing (CIDR), the original intention for

NAT was to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses.

Benefits of NAT• You need to connect to the Internet and your hosts don’t have globally

unique IP addresses.• You change to a new ISP that requires you to renumber your network.• You need to merge two intranets with duplicate addresses.

Where NAT is typically configured

Basic NAT

Three types of NAT• Static• Dynamic• Overloading

Static NATLet’s take a look at a simple basic static NAT configuration:

ip nat inside source static 10.1.1.1 170.46.2.2!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside!

Dynamic NATHere is a sample output of a dynamic NAT configuration:ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0ip nat inside source list 1 pool todd!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255!

Port Address Translation

PATHere is a sample output of a PAT configuration:ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0ip nat inside source list 1 pool globalnet overload!interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255

What is your configuration?

NAT Lab example

Chapter 12 Objectives12: Wireless Networks

The CCNA Topics Covered in this chapter include:• What is a WLAN?• IEEE Standards• CSMA/CD• ISM 2.4Ghz channels• UNII Band• BSS/ESS• Wireless Security

Wireless LAN’s• Transmitting a signal using the typical 802.11 specifications works a lot like it

does with a basic Ethernet hub: They’re both two-way forms of communication, and they both use the same frequency to both transmit and receive, often referred to as half-duplex.

• Wireless LANs (WLANs) use radio frequencies (RFs) that are radiated into the air from an antenna that creates radio waves.

Unlicensed Frequencies

802.11 StandardsHere are the most popular standards in use today:• 802.11b: 2.4Ghz, maximum bandwidth of 11Mbps• 802.1g: 2.4Ghz, up to 54Mbps• 802.11a: 5Ghz, up to 54Mbps

802.11b CSMA/CD

ISM 2.4 Ghz Channels

UNII 5Ghz Band

Range Comparisons

BSS/ESS

Wireless SecurityAll Wi-Fi Certified wireless LAN products are shipped in "open-access" mode, with their security features turned off. • SSID, WEP and MAC authentication• 802.11i• WPA and WPA 2

Chapter 13 Objectives13: IPv6

The CCNA Topics Covered in this chapter include:• What is IPv6?• Why do we need IPv6?• IPv6 Addressing• Address types• Special Addresses• Autoconfiguration• Configuring IPv6• Tunneling

What is IPv6?People refer to IPv6 as “the next-generation Internet protocol,” and it was originally created as the answer to IPv4’s inevitable, looming address-exhaustion crisis. Though you’ve probably heard a thing or two about IPv6 already, it has been improved even further in the quest to bring us the flexibility, efficiency, capability, and optimized functionality that can truly meet our ever-increasing needs.

Why do we need IPv6?• Because we need to communicate, and our current system isn’t really cutting

it anymore—kind of like how the Pony Express can’t compete with airmail. Just look at how much time and effort we’ve invested in coming up with slick new ways to conserve bandwidth and IP addresses.

• The amount of people and devices that connect to networks increases each and every day.

IPv6 AddressingIPv6 addresses are 128 bits

Shortened ExpressionYou can actually leave out parts of the address to abbreviate it, but to get away with doing that you have to follow a couple of rules. First, you can drop any leading zeros in each of the individual blocks. After you do that, the sample address from earlier would then look like this:2001:db8:3c4d:12:0:0:1234:56abOkay, that’s a definite improvement—at least we don’t have to write all of those extra zeros! But what about whole blocks that don’t have anything in them except zeros? Well, we can kind of lose those too—at least some of them. Again referring to our sample address, we can remove the two blocks of zeros by replacing them with double colons, like this:2001:db8:3c4d:12::1234:56ab

Address Types• Unicast• Global Unicast• Link-local• Unique Local• Multicast• Anycast

Special Addresses0:0:0:0:0:0:0:0 Equals ::. This is the equivalent of IPv4’s 0.0.0.0, and is typically the source address of a host when you’re using stateful configuration.

0:0:0:0:0:0:0:1 Equals ::1. The equivalent of 127.0.0.1 in IPv4.

0:0:0:0:0:0:192.168.100.1This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment.

2000::/3The global unicast address range.

FC00::/7The unique local unicast range.

FE80::/10The link-local unicast range.

Special Addresses Cont.FF00::/8The multicast range.

3FFF:FFFF::/32 Reserved for examples and documentation.

2001:0DB8::/32 Also reserved for examples and documentation.

2002::/16Used with 6to4, which is the transition system—the structure that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.

Autoconfiguration

Configuring IPv6In order to enable IPv6 on a router, you have to use the ipv6 unicast-routing global configuration command:Corp(config)#ipv6 unicast-routing

IPv6 isn’t enabled by default on any interfaces either, so we have to go to each interface individually and enable it. You use the interface configuration command ipv6 address <ipv6prefix>/<prefix-length> ]eui-64[to get this done. Here’s an example:Corp(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64

You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option. Remember, the eui-64 format allows the device to use its MAC address and pad it to make the interface ID. Corp(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64

Tunneling 6to4

Chapter 14 Objectives14: Wide Area Networks

The CCNA Topics Covered in this chapter include:• Introduction to WAN’s• HDLC• PPP• Frame Relay• Introduction to VPN’s

Defining WAN Terms• Customer Premises Equipment (CPE)

• Demarcation (demarc)• Local loop• Central Office (CO)• Toll network

WAN Connection Types

DTE-DCE-DTE

WAN Support• Frame Relay• ISDN• LAPB• LAPD• HDLC• PPP• ATM

HDLC Protocol• Bit-oriented Data Link layer ISO standard protocol• Specifies a data encapsulation method

• No authentication can be used

HDLC Frame Format

Point-to-Point Protocol (PPP)• Purpose:

– Transport layer-3 packets across a Data Link layer point-to-point link• Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN)

media– Uses Link Control Protocol (LCP)

• Builds & maintains data-link connections

Point-to-Point Protocol Stack

PPP Main Components• EIA/TIA-232-C

– Intl. Std. for serial communications• HDLC

– Serial link datagram encapsulation method• LCP

– Used in P-t-P connections:• Establishing• Maintaining• Terminating

• NCP– Method of establishing & configuring Network Layer protocols– Allows simultaneous use of multiple Network layer protocols

LCP Configuration Options• Authentication

– PAP– CHAP

• Compression– Stacker– Predictor

• Error detection– Quality– Magic Number

• Multilink– Splits the load for PPP over 2+ parallel circuits; a bundle

PPP Session Establishment

• Link-establishment phase• Authentication phase• Network-layer protocol phase

PPP Session Establishment

PPP Authentication Methods• Password Authentication Protocol (PAP)

– Passwords sent in clear text– Remote node returns username & password

• Challenge Authentication Protocol (CHAP)– Done at start-up & periodically– Challenge & Reply

• Remote router sends a one-way hash ~ MD5

Configuring PPP• Step #1: Configure PPP on RouterA & RouterB:

Router__#config tRouter__(config)#int s0Router__(config-if)#encapsulation pppRouter__(config-if)#^Z

• Step #2: Define the username & password on each router:– RouterA: RouterA(config)#username RouterB password cisco– RouterB: RouterB(config)#username RouterA password cisco

NOTE: (1) Username maps to the remote router (2) Passwords must match

• Step #3: Choose Authentication type for each router; CHAP/PAPRouter__(Config)#int s0Router__(config-if)#ppp authentication chapRouter__(config-if)#ppp authentication papRouter__(config-if)#^Z

PPP Example 1

PPP Example 2

PPP Example 3

PPP Example 4

Frame Relay• Background

– High-performance WAN encapsulation method– OSI Physical & data Link layer– Originally designed for use across ISDN

• Supported Protocols– IP, DECnet, AppleTalk, Xerox Network Service (XNS), Novell IPX,

Banyan Vines, Transparent Bridging, & ISO

Before Frame Relay

After Frame Relay

Frame Relay

• Purpose– Provide a communications interface between DTE & DCE equipment– Connection-oriented Data Link layer communication

• Via virtual circuits• Provides a complete path from the source to destination

before sending the first frame

Frame Relay Terminology

Frame Relay Encapsulation• Specified on serial interfaces• Encapsulation types:

– Cisco (default encapsulation type)– IETF (used between Cisco & non-Cisco devices)

RouterA(config)#int s0 RouterA(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr>

Data Link Connection Identifiers (DLCIs)• Frame Relay PVCs are identified by DLCIs• IP end devices are mapped to DLCIs

– Mapped dynamically or mapped by IARP• Global Significance:

– Advertised to all remote sites as the same PVC• Local Significance:

– DLCIs do not need to be unique• Configuration

RouterA(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface RouterA(config-if)#frame-relay interface-dlci 16

DLCI’s are Locally Significant

Local Management Interface (LMI)• Background• Purpose• LMI Messages

– Keepalives– Multicasting– Multicast addressing– Status of virtual circuits

LMI Types• Configuration:

RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a

– Beginning with IOS ver 11.2+ the LMI type is auto-sensed– Default type: cisco

• Virtual circuit status:– Active– Inactive– Deleted

Sub-interfaces• Definition

– Multiple virtual circuits on a single serial interface– Enables the assignment of different network-layer characteristics to

each sub-interface• IP routing on one sub-interface• IPX routing on another

– Mitigates difficulties associated with:• Partial meshed Frame Relay networks• Split Horizon protocols

Partial Meshed Networks

Creating Sub-interfacesConfiguration:#1: Set the encapsulation on the serial interface#2: Define the subinterfaceRouterA(config)#int s0RouterA(config)#encapsulation frame-relayRouterA(config)#int s0.? <0-4294967295> Serial interface numberRouterA(config)#int s0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link

Mapping Frame Relay

Necessary to IP end devices to communicate– Addresses must be mapped to the DLCIs– Methods:

• Frame Relay map command• Inverse-arp function

Using the map commandRouterA(config)#int s0RouterA(config-if)#encap frameRouterA(config-if)#int s0.16 point-to-pointRouterA(config-if)#no inverse-arpRouterA(config-if)#ip address 172.16.30.1 255.255.255.0RouterA(config-if)#frame-relay map ip 172.16.30.17 16 ietf broadcastRouterA(config-if)#frame-relay map ip 172.16.30.18 17 broadcastRouterA(config-if)#frame-relay map ip 172.16.30.19 18

Using the inverse arp commandRouterA(config)#int s0.16 point-to-point RouterA(config-if)#encap frame-relay ietfRouterA(config-if)#ip address 172.16.30.1 255.255.255.0

Congestion Control• Discard Eligibility (DE)• Forward-Explicit Congestion Notification (FECN)• Backward-Explicit Congestion Notification (BECN)

Committed Information Rate (CIR)• Definition: Provision allowing customers to purchase amounts of bandwidth

lower than what they might need– Cost savings– Good for bursty traffic– Not good for constant amounts of data transmission

Monitoring Frame RelayRouterA>sho frame ? ip show frame relay IP statistics lmi show frame relay lmi statistics map Frame-Relay map table pvc show frame relay pvc statistics route show frame relay route traffic Frame-Relay protocol statistics

RouterA#sho int s0RouterB#show frame mapRouter#debug frame-relay lmi

Troubleshooting Frame Relay

Why can’t RouterA talk to RouterB?

Troubleshooting Frame Relay

Why is RIP not sent across the PVC?

Introduction to VPN’s• VPNs are used daily to give remote users and disjointed networks

connectivity over a public medium like the Internet instead of using more expensive permanent means.

Types of VPN’s• REMOTE ACCESS VPNS

Remote access VPNs allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to.• SITE-TO-SITE VPNS

Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay.• EXTRANET VPNS

Extranet VPNs allow an organization’s suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business (B2B) communications.

ccna 640-802 - www.arabhardware.net - by burn_notice

Documents