Cisco CCIE Routing And Switching Written Qualification Exam _ www.bit.ly/taiho123

Configuration Register Early Cisco routers had a set of hardware switches that controlled certain aspects of the router’s performance, such as the boot sequence.. Common reasons for modi

Table of Contents

Cisco Device Operation 7

Commands 7

Infrastructure 7

Configuration Register 7

Configuration Register 8

Software Configuration Bit Meanings 8

Bunch of Bits (some of the more interesting Configuration Register Bits, and what they do) 9

More Bits 10

Seeing and Changing Configuration Register Settings 11

Boot Command 11

My simplistic description of the boot sequence 11

Operations 11

Password recovery 11

Copying and Backing up Configuration Files 11

Configuring a new router 12

Security & Passwords 12

General Networking Theory 13

OSI Models 13

MAC Addressing 13

General Routing Concepts 14

Standards 15

Ethernet Cable Specifications 15

Protocol Mechanics 16

Transmission Control Protocol (TCP) 16

Fragmentation & MTU 17

Bridging and LAN Switching 17

Transparent Bridging (TB) 17

Translational Bridging 18

Integrated Routing and Bridging (IRB) 18

Bridge ACL & Filtering 18

Multiple-Instance Spanning Tree Protocol (MISTP) 19

Source-Route Bridging (SRB) 19

Data Link Switching (DLSw) and DLSw+ 20

Source-Route Transparent Bridging (SRT) and Source-Route Translational Bridging (SR/TLB) 20

LAN Switching 21

Switching Technique Types 21

Command-Line Interface (CLI) 21

Trunking 22

Virtual LAN (VLAN) 23

VLAN Trunk Protocol (VTP) 23

Spanning-Tree Protocol (STP) 23

Root Bridges and Switches 24

Bridge Protocol Data Units (BPDUs) 24

How STP Works 24

STP Timers 24

Ports in an STP domain will progress through the following states: 24

Notes about STP Port States: 25

STP Enhancements: 25

DISL 26

Fast Ether Channel (FEC) 26

Cisco Discovery Protocol (CDP) 26

CGMP 26

Security 26

802.1X 27

Multi-Layer Switching (MLS) 27

Multi-Layer Switching (MLS) 28

Internet Protocol (IP) 28

IP Addressing 28

Subnetting 28

Subnetting Tricks 29

Route Summarization 29

Services & Applications 30

DNS 30

ARP & RARP 30

BOOTP & DHCP 30

ICMP 31

NAT 31

HSRP & VRRP 31

Telnet 32

FTP & TFTP 32

SNMP 32

Access Control Lists (ACL) 32

Access list types are designated by the list Numbers: 33

Internet Protocol Version 6 (IPv6) 33

IP Routing 34

Routing Protocol Concepts 34

Distance-Vector Routing Protocols 34

Link State Routing Protocols 34

Hybrid Routing Protocols 34

Distribution Lists 35

Routing Loops 35

Administrative Distance 36

Open Shortest Path First (OSPF) 36

Area 0 37

OSPF Area Types: 37

Stub and Totally Stubby Area Similarities: 37

Stub and Totally Stubby Area Differences: 38

Router Types: 38

Traffic Types: 38

NMBA Networks 38

LSA Types: 39

Routing Authentication 39

Border Gateway Protocol (BGP) 39

Synchronization/Full Mesh 40

Next-Hop-Self Command 40

BGP Path Selection 40

Scalability Problems (and Solutions) with IBGP 41

Configuring Neighbors & Networks 41

Route Dampening 41

Enhanced Interior Gateway Routing Protocol (EIGRP) 42

Tables: 42

Choosing routes: 43

Intermediate System-to-Intermediate System (IS-IS) 43

Access-Control & Filtering 44

Distribution Lists 44

Route-Maps 44

Policy Routing 45

Redistribution 45

Route-Tagging 45

Dial-on-Demand Routing (DDR) 45

DDR has two important applications: 45

Encapsulation Methods for DDR: 45

Dial Backup 45

Interior Gateway Routing Protocol (IGRP) 46

Router Information Protocol (RIP) Version 1 and 2 46

QoS 46

Fancy Queuing 46

Weighted Fair Queuing (WFQ) 46

Priority Queuing 47

Custom Queuing 47

Packet over SONET/SDH (PoS) and IP Precedence 47

Class of Service (CoS) 47

Random Early Detection (RED) and Weighted RED (WRED) 48

Weighted Round-Robin (WRR)/Queue Scheduling 48

Weighted Round-Robin (WRR)/Queue Scheduling 49

Shaping vs Policing / Committed Access Rate (CAR) 49

Committed Access Rate (CAR) 49

Network-Based Application Recognition (NBAR) 50

Configuring NBAR 50

802.1x 51

Differentiated Services Code Point (DSCP) 51

WAN 51

Integrated Services Digital Network (ISDN) 51

ISDN Specifics 52

Channels 53

Flavors of ISDN 53

Point-to-Point Protocol (PPP) 53

OSPF and ISDN 53

Frame Relay 53

Types of Circuits 54

Data Link Connection Identifier (DLCI) 54

Local Management Interface (LMI) 54

Encapsulation 54

Frame-Relay Traffic Shaping (FRTS) 54

Frame-Relay Compression 55

Frame-Relay Mapping 55

Split Horizon and Frame Relay Interfaces 55

Speed Elements 55

Asynchronous Transfer Mode (ATM) 55

ATM is comprised of four major layers: 56

ATM Adaptation Layer (AAL) 56

IISP and PNNI 56

NSAP Format ATM Addresses 57

Service-Specific Connection-Oriented Protocol (SSCOP) 57

RFC 1483 & RFC 2684 – Multiprotocol Encapsulation over AAL5 57

ATM Mapping 57

Physical Layer 58

Serial Interface Abbreviations 58

Is Your Interface a DTE or a DCE? 58

RS-232 58

V.35 Interface 59

Troubleshooting Serial Links 59

Show Controllers Command 61

Serial Line Conditions 62

Debug Commands 62

Increasing Output Drops 63

Increasing Input Drops 63

Excessive Aborts 64

Clocking Problems 64

Increasing Interface Resets on a Serial Link 65

Increasing Carrier Transitions Count on Serial Link 65

CRC and Framing Errors 66

SONET / SDH 66

T1 Encoding 66

Leased Line Protocols 67

HDLC 67

PPP 67

Packet over SONET (PoS) 67

DPT / SRP 67

LAN 68

Ethernet/FE/GE 68

Ethernet/Fast Ethernet/Gigabit Ethernet 68

Fast EtherChannel (FEC) 68

Carrier Sense Multiple Access Collision Detect (CSMA/CD) 68

Wireless/802.11 69

Deployment issues for wireless include: 69

Wireless Security 69

Important wireless networking terms: 70

Radio Frequency (RF) Terms: 70

Cisco Deployments 70

Multiservice 71

Voice/Video 71

Coder-decoders (Codecs) 71

Signaling System 7 (SS7) 71

Signaling System 7 (SS7) 72

Real-Time Transport Protocol (RTP) 72

Real-Time Transport Control Protocol (RTCP) 72

Session Initiation Protocol (SIP) 72

Multiprotocol Label Switching (MPLS) 72

Definitions follow for the MPLS terms: 73

MPLS Operations 73

How the LFIB is Propagated 74

Quality of Service and Traffic Engineering 74

IP Multicast 74

Addressing 75

Translate Multicast Addresses into Ethernet MAC addresses 76

Internet Group Management Protocol (IGMP) and Cisco Group Management Protocol (CGMP) 77

IGMP 77

CGMP 78

IGMP Snooping 78

Multicast Distribution Trees 79

Protocol Independent Multicast (PIM) 79

PIM-Spare Mode Mechanics 80

PIM-SM Joining & Pruning 80

IP Multicast Routing Table (mroute) 80

Distribution Trees 80

Rendezvous Points 80

Bootstrap Router (BSR) 81

Cisco Device Operation

Commands

Cisco routers are configured and maintained primarily through the issuing of IOS commands If you have reached the point of preparing for the CCIE Written exam, I must assume that you have spent considerable time configuring Cisco routers and switches You should, however, make sure you have a complete understanding of how the different technologies are configured, and thorough knowledge of the show and debug commands that are used to troubleshoot them

A note on debug commands: you should know that debug commands can seriously stress the resources of a router, and they should be used carefully and as conservatively as possible when working in a production environment

Infrastructure

The infrastructure of a Cisco router includes the main board, memory, CPU, Flash and interfaces You should

understand what each of these devices does, and how they interact The most commonly misunderstood are:

RAM (Random Access Memory) – In all but a few low-end routers like 2500’s, the RAM holds the running version of

the IOS and the current running configuration This is also where the routing tables, caches, and queues are stored Remember that when the router is powered-off, everything in RAM is lost

ROM (Read-Only Memory) – Holds some basic router commands and usually a limited version of Cisco IOS

(Internetwork Operating System) It also houses the power-on diagnostics and the bootstrap program The ROM is read-only and cannot be changed

NVRAM (Non-Volatile Random Access Memory) – This is where the router’s saved configuration file is stored This

information will not be lost if the router is powered down

Flash memory – Home for the router’s IOS image and microcode Prior to installing any IOS, ensure that you have

enough flash to support the proposed image Depending on the version and feature set of the IOS, the image can be

of various sizes Newer versions with more powerful features will often require additional flash Remember that files deleted from flash can remain in place, marked for deletion, until the “squeeze” command is issued

Configuration Register

Early Cisco routers had a set of hardware switches that controlled certain aspects of the router’s performance, such as the boot sequence This was phased out some time ago, but there is now a software equivalent, the sixteen-bit Software Configuration Register, which is written into nonvolatile memory

Common reasons for modifying the register include:

Recovering a lost password

Changing the router boot configuration to allow Flash or ROM boot

Loading an image into Flash memory

Enabling or disabling the console break key

Here are some of the common Configuration Register values:

0x2102 – The most common value, which establishes booting to flash and NVRAM

0x2142 – The value used most commonly to recover passwords

0x2100 – Boots using the bootstrap found in ROM

Software Configuration Bit Meanings

* Please note that a boot system global command in the router’s NVRAM configuration will override the

default net-boot filename

Bunch of Bits (some of the more interesting Configuration Register Bits,

and what they do)

Bits 0,1,2 and 3 are known collectively as the boot field, and determine where the router will load its IOS image from

If the boot field value is 0x0, you will need to boot the operating system manually by entering the “b” command

at the bootstrap prompt

If the boot field value is 0x1 (the factory default), the router will boot using the default ROM software

If the boot field has any other value, the router uses the resulting number to form a default boot filename for network booting, which is created as part of the automatic configuration process To form the boot filename, the server starts with the word “cisco”, attaches the octal equivalent of the boot field number, then a dash, and finally the processor-type name The following table lists the default boot filenames for boot field values between 0x2 and 0xf on an IGS router

Default Boot Filenames

Bit 3 Bit 2 Bit 1 Bit 0 Hex Value Net-boot

It’s important to remember that the boot sequence, baring the involvement of “boot system” commands in the

configuration, is Flash, Network, ROM

More Bits

Bit 4 enables "Fast Boot", which is only supported on a dual RSP chassis This allows the "slave" RSP to reload

without going through an IOS load sequence; just reload the config file and go The documentation says it will

accomplish a fast boot in approximately 30 sec

Bit 6 determines whether the router should load its startup config from NVRAM (1) or not (0) This is the key bit

used for recovering a lost password If it is turned on, the startup configuration (usually in NVRAM) is ignored This will allow you to log in without using a password and display the startup configuration passwords

Bit 7 allows Cisco boot messages to be suppressed when IOS is licensed to another manufacturer

Bit 8 controls the console Break key Setting bit 8 on (the factory default) causes the processor to ignore the

console Break key Clearing bit 8 causes the processor to interpret the break as a command, which forces the system into the bootstrap monitor, halting normal operation Remember that a break can be issued anytime during the first 60 seconds of booting to go to ROM mode, regardless of the configuration settings

Bit 10 controls the host portion of the IP broadcast address Setting bit 10 causes the processor to use all zeros;

clearing bit 10 (the factory default) causes the processor to use all ones Bits 10 and 14 interact to control the network and subnet portions of the broadcast address This table shows how these settings are configured

Bit 14 Bit 10 Address

Bits 11 and 12 determine the baud rate of the console port The default setting is 9600 (00) The most common

reason for changing the speed is to increase the speed at which you can transfer a new IOS version through the console port connection Here are the possible combinations of these two bits, and the speeds they represent:

Bit 12 Bit 11 Baud Rate

Bit 13 determines the router’s response to a boot load failure If the bit is turned on (1), it causes the server to

load IOS from ROM after five unsuccessful attempts to load a boot file from the network If the bit is set to “0” (factory default), the router will continue trying to load a boot file from the network indefinitely The important thing to remember is that if the bit is (0) and no IOS is found the router will hang If the bit is (1), and no IOS is

found, the router will boot from ROM

Bit 14 controls the network and subnet portions of the broadcast address and allows subnet or directed

broadcasts It should be seen as being related to the function of bit 10

Bit 15 in a hardware configuration register causes NVRAM configuration files to be ignored This is not true of virtual configuration registers

Seeing and Changing Configuration Register Settings

To display the current configuration register value and the value that will be used next time the router is loaded (if the

two values are different) use the “show version” enable command

The “config-register” global command is used to modify configuration register settings while the operating system is

running Remember that configuration register changes only take effect when the router is rebooted

Boot Command

You can alter the boot sequence by using the “boot” global configuration command Here are several possible

configurations:

Boot from a specific Flash image (using the boot system flash filename command)

Boot from an undefined network server by sending broadcast TFTP requests (using the boot system filename

command)

Boot from a specific network server by sending a direct TFTP request to a specific IP address (using the boot

system filename address command)

My simplistic description of the boot sequence

The main thing to remember is that with standard configuration register settings (last four bits are between 0x2 and 0xF), and if there are “boot system” commands present in the startup, the boot sequence will not attempt to boot from the network using the default image name If there aren’t any “boot system” commands, it will attempt a network boot: With “boot system” commands in the configuration - Flash, ROM

Without “boot system” commands in the configuration - Flash, Network, ROM

Operations

Password recovery

For every family of Cisco routers and switches, there is a procedure for hacking out the password when it is lost To develop a basic understanding of how this is done you should review the procedures for several devices, including the

2600 and 3700 routers, and the Cat3550 switches These are explained in detail on the Cisco website at

http://www.cisco.com/warp/public/474/index.shtml If you have physical access to this equipment, I would recommend following the procedures several times to get familiar with the process

Copying and Backing up Configuration Files

You can and should understand (and practice) backing up the running configurations on your routers This can be done to Flash as the startup configuration, or even better, to an off-router TFTP server

Configuring a new router

There are several ways to prepare a new router for production, including:

Connecting to the console port of the router with a rolled cable, and

running the Setup dialog that appears when the router first boots up

Connecting to the console port with a rolled cable, bypassing the

Setup dialog, and manually typing the configuration commands

Connecting to the console port with a rolled cable, defining a minimum

configuration, and using TFTP to download an existing predefined

configuration file

Use BOOTP with SLARP/RARP to download an existing configuration

file

Security & Passwords

Below are the different types of router passwords:

Privileged Mode / Enable Password – There are two types of

passwords that allow you to move from user mode to privileged mode

They are the enable password and the enable secret password

Enable – this is an unencrypted password used to allow the

movement into privileged mode From privileged mode, you could move into global configuration mode To configure an enable password you would type:

Router(config)# enable password cisco

• Secret - this is an encrypted password used to allow the

movement into privileged mode From privileged mode, you could move into global configuration mode If you configure

a secret password and do a “show running-configuration”, you will not be able to see your password as it will be in an encrypted form To configure a secret password you would type:

Router(config)# enable secret cisco

Although you can have both passwords configured, the enable

secret overrides the enable password

Console Password – to protect the console from unauthorized

access, you would configure a console password To configure a

console password you would type:

Router(config)# line console 0

Router(config-line)# login

Router(config-line)# password cisco

The login commands enable password checking on the line Without

the login command, the password can be configured but you are not

prompted to enter the password

Vty Password – inbound telnet lines to the router/switch are called vty

lines (virtual TTY lines) To protect these lines from unauthorized

network access, you would configure a vty password By default, there

are 5 of these lines (zero through four) To configure a vty password, on all 5 lines, you would type:

Router(config)# line vty 0 4

Router(config-line)# login

Router(config-line)# password cisco

General Networking Theory

OSI Models

Most people who attempt the CCIE Written have either gone through the CCNA and CCNP exams, or already have a solid background in networking In either case, I’m sure you have a solid grasp on the OSI model; but it’s on the blueprint and therefore deserves at least a quick review

The OSI model is a common tool for conceptualizing how network traffic is handled For the CCIE track, the bulk of

your focus will be on the three lower levels Just a reminder, you can use the old mnemonic “All People Seem To

Need Data Processing” as a way to help remember the sequence The seven layers of the OSI model are:

Application –Provides services directly to applications

Presentation –Provides a variety of coding and conversion functions that ensure information sent from the

application layer of one system will be readable by the application layer of another

Session –Establishes, manages, maintains, and terminates communication sessions between applications Transport – Segments and reassembles data into data streams, and provides for both reliable and unreliable

end-to-end data transmission

Network – Applies logical addressing to provide routing and related functions to allow multiple data links to be

combined into an internetwork Network layer protocols include routing and routed protocols (make sure you know the difference between these)

Data Link – The data link layer provides for reliable transmission of data across physical media The Data link

layer is commonly subdivided into two sub-layers, known as the Media Access Control (MAC) Layer and the Logical Link Control (LLC) layer

LLC – The LLC sub-layer manages communications between devices over a single link of a network

It provides error control, flow control, framing, and MAC sub-layer addressing

MAC –The MAC layer manages addressing and access to the physical layer

Physical – The electrical, mechanical, procedural, and functional specifications for activating, maintaining, and

deactivating the physical link between communicating network systems

Note: Remember that routing is handled at Layer-3 of the OSI model, while bridging is handled at Layer-2 of the OSI

model

MAC Addressing

Media Access Control (MAC) is the lower of the two sub-layers of the Data Link Layer defined in the OSI model, which provides access to the shared media MAC addresses are the standard, unique address that every networked device must have; it is the true burned-in physical address of the Network Interface Card (NIC) in a host, server, router

interface or other device on a network They are 6 bytes (48 bits) long and are controlled by the IEEE They can be broken down into two sub-fields:

The first three bytes (24 bits) are called the Organization Unique Identifier (OUI) field and are issued in series to manufacturers

The second part of the MAC address, the last three bytes (24 bits), is a unique identifier burned into the device

by the manufacturer from the series issued to it

General Routing Concepts

Link-State – Link state routing protocols use a complex algorithm to calculate the best route Each router

calculates its own routing table Examples of Link-State routing protocols are OSPF and NLSP

Distance Vector – Routing protocols that use hop counts to select the best path Examples are RIP and IGRP

Distance vector routing protocols are best for small networks

Switching vs Routing – switching works at OSI Layer 2 (data-link) by keeping track of L2 addresses and

sending out frames to only the ports where the destination MAC address has been seen Routing, on the other hand, uses OSI Layer 3 (Network) addresses to determine the interface that the packet will exit the router

Autonomous Systems (ASs) - A group of routers sharing a single routing policy; run under a single technical

administration; and commonly, with a single Interior Gateway Protocol (IGP) Each AS has a unique identifying number between 1 and 65,535 (64,512 through 65,535 are set aside for private use) usually assigned by an outside authority

Convergence – The process of bringing the routing tables on all the routers in the network to a consistent state Load Balancing – Load balancing allows the transmission of packets to a specific destination over two or more

paths

Metrics – All routing protocols use metrics to calculate the best path Some protocols use simple metrics, such

as RIP, which uses hop count Others, such as EIGRP, use more meaningful information

Passive-Interface – Prevents interfaces from sending routing updates They will, however, continue to listen for updates This command is applied in the router configuration, and specifies a physical interface

Redistribution - The process of sharing routes learned from different sources (usually routing protocols) For

instance, you might redistribute the routes learned through OSPF to a RIP domain, in which case you might have problems with VLSM; or you might redistribute routes learned through static entries into EIGRP

Redistribution is just the sharing of information learned from different sources, and it must be manually

configured

Route Flapping – The frequent changing of preferred routes as an interface or router goes into and out of

operation (error condition) This process can create problems in a network, especially in complex OSPF

networks, as this information will cause the routers to constantly recalculate their OSPF database and flood the network with LSAs (Link State Advertisements)

Static Routing –Static routes can point to a specific host, a network, a subnet, or a super-net You can also

have floating static routes: routes that have an Administrative Distance (AD) set higher than the dynamic routing

protocol in use

Split-Horizon - Split-horizon is used by Distance Vector routing protocols to block information about routes from

being advertised to the same interface from which the information originated This can be a problem with

nonbroadcast networks (such as Frame Relay and SMDS), where spokes on a hub-and-spoke environment will have trouble learning about each other For these situations, you may choose to disable split-horizon

Routing Loops - Routing loops occur when the routing tables of some or all of the routers in a given domain

route a packet back and forth without ever reaching its final destination Routing loops often occur during route redistribution, especially in networks with multiple redistribution points

Tunneling – Tunneling is the transmission of one network’s data inside packets of another network Usually, this

is done when you send a private network’s data over a public network The private network’s data is

encapsulated inside the public network’s packets, transmitted over the public network, and unencapsulated

Standards

There are several organizations that have taken responsibility for developing and documenting network standards, including:

The Institute of Electrical and Electronics Engineers (IEEE) – A professional organization that develops

communications and network standards For example, details of all the 802.x protocols can be found on their excellent website at www.ieee.org

The Internet Engineering Task Force (IETF) – An international community of network designers, operators,

vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet You will find a list of the current and developing Requests for Comment (RFCs) on their website at http://www.ietf.org/home.html

Ethernet Cable Specifications

Some facts to note about Ethernet cabling are:

10Base-T

• Runs at 10Mb/sec

• Maximum cable length is 100 meters, or about 300 feet

• Uses Unshielded Twisted Pair (UTP) cable

Uses CSMA/CD standard

Can run on cabling as low as Category 3

100Base-T (Fast Ethernet)

Runs at 100Mb/sec

Requires UTP Category 5

Uses a RJ-45 connector, just like 10Base-T

Uses only two pairs of the 4-pair UTP cabling

100Base-FX

Same as 100Base-T but runs over Fiber optic cabling

Operates on two strands of multimode or single mode fiber cabling

Does not have the same 100 meter distance limitation as UTP cabling

Very similar to 10Base-T and 100Base-T as it uses CSMA/CD, offer half and full duplex, RJ45

connectors, and maximum cable length is still 100 meters

Protocol Mechanics

Transmission Control Protocol (TCP)

TCP is a connection-oriented Layer-4 (transport layer) protocol designed to provide reliable end-to-end transmission of data in an IP environment It groups bytes into sequenced segments, and then passes them to IP for delivery

These sequenced bytes have forward acknowledgment numbers that indicate to the destination host what next byte it should see Bytes not acknowledged to the source host within a specified time period are retransmitted, which allows devices to deal with lost, delayed, duplicate, or misread packets

TCP hosts establish a connection-oriented session with one another through a "three-way handshake" mechanism, which synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers Each host first randomly chooses a sequence number to use in tracking bytes within the stream it is sending and receiving Then, the three-way handshake proceeds in the following manner:

1 The initiating host (Host-A) initiates a connection by sending a packet with the initial sequence number ("X") and SYN bit (or flag) set to make a connection request of the destination host (Host-B)

2 Host-B receives the SYN bit, records the sequence number of "X", and replies by acknowledging the SYN (with an ACK = X + 1)

3 Host-B includes its own initial sequence number ("Y") As an example: An ACK of "20" means that Host-b has received bytes 0 through 19, and expects byte 20 next This technique is called forward acknowledgment

4 Host-A then acknowledges all bytes Host-B sent, with a forward acknowledgment indicating the next byte Host

A expects to receive (ACK = Y + 1)

5 Data transfer can now begin

You will find an excellent clarification of this process at:

http://www.inetdaemon.com/tutorials/internet/tcp/connections.html

There is an acknowledgment process associated with TCP Here is a sample sequence to show how this works:

1 The sender (Host-A) has a sequence of ten bytes ready to send (numbered 1 to 10) to a recipient (Host-B) who has a defined window size of five

2 Host-A will place a window around the first five bytes and transmit them together, then wait for an

acknowledgment

3 Host-B will respond with an "ACK = 6", indicating that it has received bytes 1 to 5, and is expecting byte 6 next

4 Host-A then moves the sliding window five bytes to the right and transmits bytes 6 to 10

5 Host-B will respond with an "ACK = 11", indicating that it is expecting sequenced byte 11 next In this packet, the receiver might indicate that its window size is 0 (because, for example, its internal buffers are full) Host-A won't send any more bytes until Host-B sends a subsequent packet with a window size greater than 0

TCP also has a mechanism called "slow start" that is designed to expand and contract the window size based on flow control needs, starting with small window sizes and increasing over time as the link proves to be reliable When TCP sees that packets have been dropped (ACKS are not received for packets sent), it tries to determine the rate at which

it can send traffic through the network without dropping packets Once data starts to flow again, it slowly begins the process again This may create oscillating window sizes if the main problem has not been resolved, so the window size is slowly expanded after each successful ACK is received

Fragmentation & MTU

Although the maximum size of an IP packet is usually 64k, most technologies enforce a smaller maximum

transmission unit For instance, the MTU of Ethernet is 1514 Bytes Because of the different MTU’s along the path that

a packet travels, the packet may be fragmented into smaller packets When the multiple smaller packets arrive at their destination, they must be reassembled into the original data

In the IP packet header, there are flags that specify “don’t fragment” or “more fragments” RFC 791 specifies the mechanics of IP Fragmentation

For an excellent explanation of how Fragmentation, Reassembly and MTU works, see this Cisco whitepaper:

The three functions of a bridge/switch are:

Learn the MAC addresses of all Ethernet devices and their ports

Send incoming frames to their destination port, based on previously learned frames

Drop incoming frames whose destination is the same as the sort port

The name of the table that Cisco switches store the learned MAC addresses & there ports in is the CAM table CAM stands for Content Addressable Memory

Routers can be configured to bridge, just as a switch or bridge can To transparently bridge packets on an IOS router, you would do:

Router(config)# bridge 1 protocol ieee

Router(config-if)# bridge group 1

One of the problems, inherent with this type of layer-2 technology, is loops The Spanning Tree Protocol (STP), based

on the Spanning Tree Algorithm (STA), provides the bridge-to-bridge communication necessary to have the desired redundancy, while not causing bridges to fail

Bridge Protocol Data Units (BPDUs) are passed between the bridges at fixed intervals, usually every one to four seconds If a bridge fails, or a topology change occurs, the lack of BPDUs will be detected and the STA calculation will

be re-run Since topology decisions are made locally as the BPDUs are exchanged between neighboring bridges, there is no central control on the network topology The tools for fine-tuning an STP domain include adjusting the bridge priority, port priority and path cost parameters

There are two major disadvantages to TB:

The forwarding tables must be cleared each time STP reconfigures, which can trigger a broadcast storm as the tables are being reconstructed

The volume of broadcasts can overwhelm low-speed serial interfaces when the network is flooded with unknown frames

Cisco supports Transparent Bridging over DDR (Dial-on-Demand Routing) and Frame Relay networks

Translational Bridging

A translational bridge is a bridge that can forward frames between different types of network technologies For

instance, a translational bridge would send frames between an Ethernet network and a Token-Ring network or

between a FDDI Network and an Ethernet Network

Integrated Routing and Bridging (IRB)

With IRB, a packet can be routed between routed interfaces and bridged between bridged interfaces A Bridge Virtual Interface (BVI) is created to represent the bridge group it corresponds to The number of the bridge group is also the number of the BVI The BVI interface has networking features, like an IP address and subnet mask

When you turn on routing for a protocol on the BVI, packets from routed networks but destined for hosts on the bridged network are sent to the BVI From the BVI, this traffic is sent to the bridged network On the other hand, any traffic destined for routed networks from a bridged network is sent to the BVI and then sent to the routed networks

When configuring IRB, you must configure which protocols will be routed and which protocols will be bridged

Bridge ACL & Filtering

To filter bridged packets, it is done in one of the following ways:

By MAC address with this command:

Router(config)# bridge {bridge-group} address {mac-address} {forward | discard} [interface]

By Vendor code with this command:

Router(config)# access-list {number} {permit | deny} {address} {mask}

Then, you would apply it to an interface with this command:

Router(config-if)# bridge-group {bridge-group} input-address-list {access-list number}

OR

Router(config-if)# bridge-group {bridge-group} output-address-list {access-list number}

Or by Protocol type with this command:

Router(config)# access-list {number} {permit | deny} {type-code} {wild-mask}

Then, you would apply it to an interface with this command:

Router(config-if)# bridge-group {bridge-group} input-type-list {access-list number}

OR

Router(config-if)# bridge-group {bridge-group} output-type-list {access-list number}

Multiple-Instance Spanning Tree Protocol (MISTP)

MISTP is a Cisco-proprietary spanning-tree mode on Cisco switches MISTP allows a switch to running a separate Spanning-Tree instance (process) for different groups of ports on the switch Thus, with MISTP, not every port on the bridge is under the same spanning-tree process With MISTP, you can scale your bridged network much larger

Source-Route Bridging (SRB)

Developed by IBM for its Token Ring environment, and further enhanced by the IEEE, SRB provides a means by which multiple rings can be connected together through bridges SRB’s use the routing information field (RIF) in the MAC header to determine which Token Ring network segments the frame must transit The source station inserts the RIF into the MAC header immediately following the source address field in every frame destined for a remote host, giving this style of bridging its name The destination station reverses the routing field to reach the originating station There are two flavors of SRB - IBM and IEEE The primary difference between them being that IBM allows only seven bridges, while IEEE allows 13 Newer IBM bridge software programs, combined with new LAN adapters, support 13 hops

A RIF is included only in those frames destined for other rings The first single bit of the first byte of the source MAC address will tell the processing device if there is a RIF present The presence of the routing information indicator (RII) bit indicates it is a RIF frame: If the RII value is 0, the RIF is absent; if the value is 1, there is a RIF present

The RIF is made up of two fields:

Routing Control field – Provides information about the RIF, including the length and direction There is always

one, and only one RC per RIF

Route Descriptors - Made up of alternating sequences of ring and bridge numbers A single RIF will contain

one or more routing descriptor fields

Cisco’s source-route bridging implementation provides three types of explorer packets to collect RIF information:

Directed frame - A data frame that already contains the defined path across the network

All-routes explorer packets (also known as all-rings explorer packets) - All route explorers go through the

whole network looking for Source-Route Bridges; all SRB’s they encounter forward the frame to every port, except the one on which it was learned This is how RIF’s are developed

Spanning explorer packets (also known as single-route, or limited-route explorer packets) - Explorer

packets pass through a predetermined path constructed by a spanning tree algorithm in the bridges A station should receive only one single route explorer from the network SR/TLB uses this to define an Ethernet domain

to the SRB domain

I have created a document specifically about reading RIFs, which you can obtain free at www.laganiere.net

Data Link Switching (DLSw) and DLSw+

DLSw was developed as an advanced tool for transporting Systems Network Architecture (SNA) and other

non-routable protocols over campus or wide-area networks DLSw+ is Cisco’s version of DLSw, which offers more options and greater functionality than RSRB and has many enhancements over non-Cisco DLSw implementations, including: Dynamic peers, peers on demand, backup peers and the ability to load balance connections

DLSw+ also provides a mechanism for dynamically searching a network for SNA or NetBIOS resources, and includes caching algorithms that help to minimize broadcast traffic It can work with Token Ring, Ethernet, FDDI and Serial interfaces, but not ATM

The methods of encapsulation methods for DLSw+ are similar to RSRB, with one addition:

Direct Encapsulation – This method uses HDLC (High-Level Data Link Control) and is the simplest type of

remote peering It adds little overhead, but lacks reliability The two routers must be directly attached to each other, with no intermediate hops, through HDLC- encapsulated serial, FDDI, Ethernet or Token Ring interfaces Direct Encapsulation is fast-switched

Fast-Sequenced Transport (FST) – This method encapsulates SRB packets within IP packets The primary

advantage is that FST allows the link to traverse multiple hops The IP encapsulation adds more overhead, but does not provide the reliability of TCP FST is fast-switched

Transport Control Protocol (TCP) – This is the most commonly used encapsulation type, and the only

encapsulation method supported by RFC 1795 The primary advantage being that TCP encapsulation provides for the reliable delivery of packets TCP has greater overhead, both in actual bandwidth and router processor cycles, than either direct or FST encapsulation methods TCP is process-switched

DLSw Lite (also known as LLC2 or Frame Relay encapsulation) - This method supports many DLSw+

features, but requires less overhead (16 bytes in a normal DLSw header, against 4 bytes in LLC2) It is currently supported over Frame Relay DLSw Lite is process-switched

SRB is an end-to-end protocol, which puts significant load on slow WAN links, especially while waiting for the return of acknowledgements and keepalives DLSw+ terminates the LLC2 connection at the local switch so that traffic does not need to traverse the link Moving this traffic off the WAN link conserves bandwidth, and allows the local switch to provide acknowledgement so that timeout issues are avoided

When providing connectivity between Token Ring and Ethernet, DLSw+ handles the problems of bit ordering, MTU sizes, and MAC address translation differences Other limitations of SRB and RSRB include the hop count, and the lack of flow control and prioritization DLSw+ has greater scalability, as the RIF terminates locally in the virtual ring, allowing a maximum of seven SRB hops on each side of the WAN cloud This comes at the cost of end-to-end RIF visibility, since each side of the WAN cloud builds its own RIF Virtual ring numbers need not be the same on the two end routers

DLSw+ uses Switch-to-Switch Protocol (SSP) to communicate between routers (called data-link switches) at the data link layer This provides the mechanism to establish DLSw+ peer connections, locate resources, forward data, handle flow control, and perform error recovery SSP uses TCP as the preferred reliable transport among data link switches

McGraw-Hill’s “Configuring Cisco Routers for Bridging, DLSw+, & Desktop Protocols” by Tan Nam-Kee is an

excellent resource for learning more about DLSw+, and bridging in general

Source-Route Transparent Bridging (SRT) and Source-Route

Translational Bridging (SR/TLB)

SRT bridges can create a one spanning-tree between source-route nodes and transparent bridging nodes It does this

by using a Routing Information Indicator (RII) to determine which nodes are SRB and which are TB Here is how the SRT bridge determines this:

If the node is a SRB node, the RII = 0 This means that a RIF is being used

If the node is a TB node, the RII = 1 This means that a RIF is not being used

What SR/TLB provides is the ability to create a single spanning-tree and perform source-route bridging between translational bridged networks That means that you have a Token Ring and an Ethernet network and are performing bridging between them As you know, there are many differences between how an Ethernet network and Token Ring network functions Some of these differences are: Bits of MAC addresses are reversed, MTU sizes are different, Token Ring uses a RIF, different spanning-tree algorithms, etc

LAN Switching

Layer-2 switches are sometimes called micro-segmentation devices because you can think of them as bridges with dozens of ports, sometimes having as few as one host per collision domain Because switches facilitated the move away from shared media for end-devices, they had the affect of increasing available bandwidth without increasing complexity They have the following features:

Each port on a switch is a separate collision domain

Each port can be assigned a VLAN (Virtual Local Area Network) membership, which creates controllable

broadcast domains

While switch ports are more expensive than shared media, they are generally much cheaper than Router ports

Switching Technique Types

Store-and-forward – Receives the complete frame before forwarding Copies the entire frame into the buffer

and then checks for CRC errors Higher latency than other techniques This technique is used on Cat5000s

Cut-through – Checks the destination address as soon as the header is received and immediately forwards it

out, lowering the latency level

Fast switching - The default switching type It can be configured manually through use of the “ip route-cache”

command The first packet is copied into packet memory, while the destination network or host information is stored in the fast-switching cache

Process Switching - This technique doesn’t use route caching, so it runs slow; however, slow usually means

SAFE To enable, use the command “no protocol route-cache”

Optimum Switching – From its name you can understand what it is – high performance! This is the default on

7500’s

Command-Line Interface (CLI)

One of the nicest things about working on Cisco routers is the transparency of IOS Because a similar command set has been developed for each family of routers, the knowledge gained from working on one router is applicable to others

This nicety does not carryover into the world of Cisco switches Because there are several families of switches that were acquired from disparate places, the Command Line Interface (CLI) differs significantly between the families of switches

Menu Configurable - Found primarily on older low-end switches, there are several different menu based

systems, such as those found on the 1900 or 3900 series switches These are meant to be intuitive, but have their own configuration problems awaiting the uninitiated, not the least of which is figuring out what keys the menu expects you to use to select between options

IOS-Like - Another common CLI is the IOS-like version found on many Access-layer switches, like the 2950 and

3550 series Those who have worked on Cisco routers in the past will find that the command nomenclature is familiar and, other than a few new commands, the same rules generally apply

Set-based - The most common CLI is that which was brought into the Cisco family with the acquisition of

Crescendo Communications in 1993 It is found on the Catalyst 4000/5000/6000 series of switches, and is often called XDI, CatOS, or the Set-based CLI This is what you will find on most of the Core and Distribution layer switches, and most new products use this CLI XDI is based on the Unix csh or c-shell prompt, and the reason it

is commonly called the Set-based CLI is that “Set” is one of the three primary commands used Most commands start with one of the following keywords:

Set – Implements configuration changes

Show – Verifies and provides information on the configuration

Clear – Removes configuration elements

In a separate document intended for people studying for the Cisco Switching exam, I put together a list of which models use what interface, and a sample configuration for each type I think this document is also useful for CCIE Written exam candidates who want to review the basics of switch configuration This document can be found at

www.laganiere.net

Trunking

Trunks transport the packets of multiple VLANs over a single network link using either IEEE 802.1Q or Cisco’s

proprietary Inter-Switch Link (ISL) IEEE has become common in Cisco networks because it gives you the flexibility to include other vendor’s equipment, and because of the reduced overhead when compared to ISL, which is

encapsulated with a 26-byte header that transports VLAN IDs between switches and routers

Note that not all Cisco switches support all encapsulation methods; for instance the Cat2948G and Cat4000 series switches support only 802.1Q encapsulation In order to determine whether a switch supports trunking, and what trunking encapsulations are supported, look to the hardware documentation or use the "show port capabilities"

command

Trunks are configured for a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and another network device, such as a router or second switch Notice that I specifically excluded 10Mb Ethernet ports, which cannot be used for trunking For trunking to be enabled on EtherChannel bundles, the speed and duplex

settings must be configured the same on all links For trunking to be auto-negotiated on Fast Ethernet and Gigabit Ethernet ports, the ports must be in the same VTP domain

To help understand how trunks negotiate, this chart tells where they will form, based on the settings of the ports:

Trunk Negotiation

Ports On Off Auto Desirable Non-Negotiate

Auto Yes No No Yes No

Desirable Yes No Yes Yes Yes

Non-Negotiate Yes No No Yes Yes

Virtual LAN (VLAN)

A VLAN is an extended logical network that is configured independent of the

physical network layout Each port on a switch can be defined to join

whatever VLAN suits the Network Architect’s plans

VLAN Trunk Protocol (VTP)

VTP is a layer-2 messaging protocol that centralizes the management of

VLANs on a network-wide basis, simplifying the management of large

switched networks with many VLANs

Switches defined as part of a VTP domain can be configured to operate in

any of three VTP modes:

Server – Advertise VLAN configuration to other switches in the same

VTP domain and synchronize with other server switches in the domain

You can create, modify, and delete VLANs, as well as modify VLAN

configuration parameters such as VTP version and VTP pruning for the

entire domain This is the default mode for a switch

Client – Advertise VLAN configuration to other switches in the same

VTP domain and synchronize their VLAN configuration with other

switches based on advertisements received over trunk links; however,

they are unable to create, change, or delete VLAN configurations

Transparent – Does not advertise its VLAN configuration and does

not synchronize its VLAN configuration with other switches If the

switch is running VTP version 2, it does forward VTP advertisements,

while still not acting on them

Switches can only belong to one VTP domain, but if you have more than one

group of switches, and each group has a different set of VLANs that it has to

recognize, you could use a separate domain for each group of switches

There is a second version of VTP that has features not supported in version

one, including Token Ring LAN Switching and VLANs, unrecognized Type

Length Value, Version Dependent Transparent Mode and Consistency

Checks Please note that all switches in the VTP domain must run the same

VTP version In general, don’t enable VTP version 2 in the VTP domain

unless you are ready to migrate all the switches to that version However, if

the network is Token Ring, you will need VTP version 2

Spanning-Tree Protocol (STP)

Spanning-Tree Protocol (STP) is a Layer 2 link management protocol

designed to run on bridges and switches to provide path redundancy and

prevent undesirable loops from forming in the network It uses the Spanning

Tree Algorithm (STA) to calculate the best loop-free path through a switched

network

Root Bridges and Switches

The key to STP is the election of a root bridge, which becomes the focal point in the network All other decisions in the network, such as which ports are blocked and which ports are put in forwarding mode, are made from the perspective

of this root bridge

When implemented in a switched network, the root bridge is usually referred to as the "root switch." Depending on the type of spanning-tree enabled, each VLAN may have its own root bridge/switch In this case, the root for the different VLANs may all reside in a single switch, or it can reside in varying switches, depending on the estimates of the

Network Architect

You should remember that selection of the root switch for a particular VLAN is extremely important You can allow the network to decide the root based on arbitrary criteria, or you can define it yourself

Bridge Protocol Data Units (BPDUs)

All switches exchange information to use in the selection of the root switch, as well as for subsequent configuration of the network This information is carried in Bridge Protocol Data Units (BPDU)

The primary functions of BPDUs are to:

Propagate bridge IDs in order for the selection of the root switch

Find loops in the network

Provide notification of network topology changes

Remove loops by placing redundant switch ports in a backup state

STP Timers

Hello timer - How often the switch broadcasts Hello messages to other switches

Forward delay timer - Amount of time a port will remain in the listening and learning states before going into the

forwarding state

Maximum age timer – How long protocol information received on a port is stored by the switch

Ports in an STP domain will progress through the following states:

Blocking – Listens for BPDUs from other bridges, but does not forward them or any traffic

Listening – An interim state while moving from blocking to learning Listens for frames and detects available

paths to the root bridge, but will not collect host MAC addresses for its address table

Learning – Examines the data frames for source MAC addresses to populate its address table, but no user data

is passed

Forwarding – Once the learning state is complete, the port will begin its normal function of gathering MAC

addresses and passing user data

Disabled – Either there has been an equipment failure, a security issue or the port has been disabled by the

Network Administrator

Notes about STP Port States:

A port in blocking state does not participate in frame forwarding The switch always goes into blocking state immediately following switch initialization

When a port changes from the listening state to the learning state, it is preparing to participate in frame

forwarding

Port in the forwarding state actually forwards frames (User data, BPDUs, etc.)

STP Enhancements:

There are three major enhancements available for Spanning Tree, as it is applied on Cisco devices:

PortFast - By default, all ports on a switch are assumed to have the potential to have bridges or switches

attached to them Since each of these ports must be included in the STP calculations, they must go through the four different states whenever the STP algorithm runs (when a change occurs to the network) Enabling

PortFast on the user access ports is basically a commitment between the Network Architect and the switch, agreeing that the specific port does not have a switch or bridge connected, and therefore this port can be placed directly into the Forwarding state; this allows the port to avoid being unavailable for 50 seconds while it cycles through the different bridge states, simplifies the STP recalculation and reduces the time to convergence

UplinkFast - Convergence time on STP is 50 seconds Part of this is the need to determine alternative paths

when a link between switches is broken This is unacceptable on networks where real-time or

bandwidth-intensive applications are deployed (basically any network) If the UplinkFast feature is enabled (it is not by default) AND there is at least one alternative path whose port is in a blocking state AND the failure occurs on the root port of the actual switch, not an indirect link; then UplinkFast will allow switchover to the alternative link without recalculating STP, usually within 2 to 4 seconds This allows STP to skip the listening and learning states before unblocking the alternative port

BackboneFast - BackboneFast is used at the Distribution and Core layers, where multiple switches connect

together, and is only useful where multiple paths to the root bridge are available This is a Cisco proprietary feature that speeds recovery when there is a failure with an active link in the STP Usually when an indirect link fails, the switch must wait until the maximum aging time (max-age) has expired, before looking for an alternative link This delays convergence in the event of a failure by 20 seconds (the max-age value) When BackboneFast

is enabled on all switches, and an inferior BPDU arrives at the root port - indicating an indirect link failure - the switch rolls over to a blocked port that has been previously calculated

The primary difference between UplinkFast and BackboneFast is that BackboneFast can detect indirect link failures, and is used at the Distribution and Core layers, while UplinkFast is aware of only directly connected links, and is used primarily on Access layer switches If UplinkFast is turned on for the root switch, it will automatically disable it Since BackboneFast is an enhancement strictly for Core and Distribution layer devices, and these are all Set-based

switches, there is no command to enable it for IOS based switches

The Cisco Press book “Cisco LAN Switching” by Clark and Hamilton is an excellent resource for leaning about

switching

DISL

Dynamic Inter-Switch Link Protocol is only used when you have two Cisco devices, connected together by a Fast Ethernet link DISL will ease the configuration burden because only one end of the ISL link needs to be configured

Fast Ether Channel (FEC)

For information on Fast Ether Channel (FEC), see that section later in this Cramsession under the “LAN” Heading

Cisco Discovery Protocol (CDP)

CDP is Cisco’s proprietary management protocol With this protocol, you can obtain hardware and platform information about the Cisco switches and routers on your network As CDP works at Layer 2 (data-link) it is not dependant on proper IP address configuration, routing protocols, or Layer 3 security settings

CDP is enabled by default CDP uses SNAP frames

To disable CDP on the entire router, you would do:

VLAN Access-Lists (VACL)

A VACL is an access-list, on a switch, that can control traffic between switch ports With a VACL you could filter traffic between two hosts without that traffic ever going through a router

VACL’s work like a route-map You can filter either on MAC address or IP traffic Assuming you are going to filter IP traffic you would:

create an access-list that defines your traffic

create a vlan access-map that tells the switch what to do with that traffic (forward it or drop it)

apply it to the vlan (or list of vlans) that you want to filter your traffic in

IP Receive Access-list (RACL)

Receive access-lists are, currently, only available on Cisco 7500 and 12000 platforms

These access-lists are used, primarily, as a security measure to make sure that traffic that is destined for the router is given the highest priority and arrives at its destination The important traffic that is destined for the router is usually routing traffic (routing protocols) This filtering happens after the input access-list on the ingress interface

Private VLANs

Private VLAN is a feature that is not available on all models of Cisco switches or routers This feature allows for

devices on a switch to be isolated into their own Layer 2 networks while still having Layer 3 IP addresses on the same subnets This can be configured such that certain ports could be allowed to reach a default gateway, if desired There are three types of Private VLANs:

Community ports – can communicate within their community and with a promiscuous port

Isolated ports – are completely isolated at Layer 2 from all other isolated ports (and all other ports on the switch) Broadcasts from isolated ports are forwarded to all promiscuous ports

Promiscuous ports – communicates with all other private vlan ports on the same switch

You cannot configure a Private VLAN using the numbers 1 or 1002-1005

802.1X

The IEEE standard, 802.1X performs port-based authentication What this means is that the switch can

actually request authentication of the user connected to the switch before providing connectivity to the network Just like a network access server (NAS) would do to a dial-up user, the switch requests the user’s credentials, relays those

to an authentication server, and verifies their validity before granting permission to access the network

The device/user connected to the switch must use 802.1X client software for this authentication to work This type of client is included in the Windows XP operating system Prior to successful authentication, the only traffic that can communicate across the port on the switch is the Extensible Authentication Protocol (EAP) over LAN (or EAPOL) The switch acts as an authentication proxy for the client as it is just passing the authentication credentials along to the authentication server by encapsulating and unencapsulating the EAP packets The switch uses the RADIUS protocol

to communicate with the authentication server by passing the EAP packets in RADIUS packets

To configure the switch for this process to work, you must configure the following on the switch:

AAA

RADIUS

dot1x port-control auto (on each interface)

Multi-Layer Switching (MLS)

Multi-Layer Switching is also known as Layer-3 Switching With MLS, instead of using the traditional routing software and CPU to route packets, these packets are routed using a dedicated hardware chip This chip is called an ASIC, or Application Specific Integrated Circuit Usually, the routing done by the ASIC is done at “wire-speed”, resulting is significantly less latency than a traditional router

Internet Protocol (IP)

IP Addressing

IP is the routed protocol of the Internet, and is the default protocol in most networks today Addresses are 32 bits long, with the most significant bits specifying the network, as determined by a subnet mask This subnet is either derived from the first few bits of the address, or specified directly; depending on if you are using classful (confirming to major address boundaries) or classless (further subnetting classful addresses) addressing IP addresses are written in dotted-decimal format, with each set of eight bits separated by a period The minimum and maximum packet headers for IP are 20 and 24 bytes, respectively

Though a long discussion on the nature of Subnet Masks is possible, for the purposes at hand, let us just discuss the major classes - A, B, C, D, and E Only the first three are available for commercial use; the others are special purpose address ranges The left-most (high-order) bits indicate the network class Here are the basic facts about the different classes of IP addresses:

Default Subnet Mask

prefix by taking bits from the host portion of the address, and adding them to the network prefix For example, a

classful Class C network prefix consists of the first 24 bits of the IP address (three octets); but the network prefix can

be extended into the fourth octet to provide more granularity to the configuration

It is also common to designate the subnet mask in the /bits ("slash bits") format This is simply the number of bits

dedicated to the network part of the IP address In the two examples above, the /bits designations would be /27 and /21

Subnetting Tricks

I have found the following chart to be helpful for quick subnet mask calculations If you take a few seconds at the beginning of the test session and write this out from memory on a piece of scratch paper, it can be a useful timesaver during any exam that requires subnetting and binary conversion

How to create the chart:

Line #1 - Write the numbers one through eight from left-to-right Besides being a handy column header, this provides the number of bits in a subnet

Line #2 - Starting with 1 and working from right-to-left, double each number This gives you the column values for hex-to-binary conversion

Line #3 - Write out your subnets You can derive these values by adding the number above to the number on the left (example: 64+128=192)

Line #4 - The number of hosts per subnet can be derived by subtracting two from the values in row #2 (if the value is <0, round up to 0)

Line #5 - Start with two in the left most column, and double each number going across This will give you the number of networks for each subnet

Route Summarization

Route summarization condenses routing information by consolidating like routes, and collapsing multiple subnet routes into a single network route Where summarization is not applied, each router in a network must retain a route to every subnet in the network This means as the network grows, the routing table becomes larger and larger Routers that have had their routes summarized can reduce some sets of routes to a single advertisement, which reduces the load

on the router and simplifies the network design

Some important reasons to take advantage of summarization:

The larger the routing table, the more memory is required because every entry takes up some of the available memory

The routing decision process may take longer to complete as the number of entries in the table are increased

An added benefit of reducing the IP routing table size is that it requires less bandwidth and time to advertise the network to remote locations, thereby increasing network performance

Depending on the size of the network, the reduction in route propagation and routing information overhead can be significant Route summarization is of minor concern in production networks until their size gets considerable

However, if summarization has not been taken into account during the initial design phase, it is very difficult to

implement later

Some routing protocols, EIGRP for example, summarize automatically Other routing protocols, such as OSPF, require manual configuration to support route summarization

Remember that when redistributing routes from a routing protocol that supports VLSM (such as EIGRP or OSPF) into

a routing protocol that does not (such as RIPv1 or IGRP) you might lose some routing information

Some important requirements exist for summarization:

Multiple IP addresses must share the same high-order bits Since the summarization takes place on the order bits, the high-order bits must have commonality

Routing tables and protocols must use classless addressing to make their routing decisions; in other words, they are not restricted by the Class A, B and C designations to indicate the boundaries for networks

Routing protocols must carry the prefix length (subnet mask) with the IP address

Services & Applications

Below, are the most common IP services and applications with a summary of each

DNS

Domain Name Service (DNS) resolves names to IP addresses DNS uses TCP and UDP port 53 An example of DNS would be someone entering a fully-qualified domain name (FQDN) like www.cisco.com into their web browser That device would then do a DNS lookup to a DNS server to resolve the name to an IP address

ARP & RARP

Once a device has the IP address that it wants to communicate with, it must get the MAC address (Layer 2 address)

To get the MAC address, it uses Address Resolution Protocol (ARP) An ARP is a broadcast packet that does not pass through routers The ARP response is a unicast packet The device that does the ARP keeps an ARP cache of the most recently requested IP addresses with their corresponding MAC addresses

RARP is Reverse Address Resolution Protocol RARP allows a device to ask for its IP address RARP is not used and has been replaced with BOOTP or DHCP

BOOTP & DHCP

BOOTP is a protocol where a device sends a request to learn its IP address BOOTP uses UDP ports 67 and 68 BOOTP has been replaced with DHCP BOOTP requests are broadcasts and, thus, won’t pass through a router

without configuring the ip helper-address x.x.x.x command

Dynamic Host Configuration Protocol (DHCP) is the current standard in use for a device to learn its IP address When you boot up a computer, usually, it does a DHCP request to request its IP address The DHCP server responds and the client obtains a lease on the IP address it is provided Like BOOTP, DHCP uses UDP ports 67 & 68, uses

broadcast for the DHCP request, and the ip-helper command must also be configured to forward DHCP requests

across a router link

ICMP

Internet Control Message Protocol (ICMP) works at Layer 3 (Network) ICMP

is used to communicate errors between hosts and routers The most

commonly used form of the ICMP protocol is the ping application Some

examples of common ICMP messages are echo, echo reply, destination

unreachable, redirect, and time exceeded

NAT

Network Address Translation (NAT) converts network addresses Usually,

NAT is used to convert from private (internal) IP addresses to public

(external) IP addresses NAT can be used to reduce the need for Internet

addresses There is some NAT terminology you should know:

Inside Local—This is the local IP address of the private host on your

network (i.e., your PC’s IP address)

Inside Global—This is the public, legal, registered IP address that the

outside network sees as the IP address of your local host

Outside Local—This is the local IP address from the private network,

which your local host sees as the IP address of the remote host

Outside Global—This is the public, legal, registered IP address of the

remote host (i.e., the IP address of the remote Web server that your

PC is connecting to)

There are also different types of NAT that you should be familiar with They

are:

Static NAT – maps a single inside address to a single outside address

Dynamic NAT – maps inside addresses to outside addresses, as

needed

NAT Overload – maps a larger number of inside addresses to a

smaller number of outside addresses (the outside addresses are

overloaded as there is a smaller number of them than there are inside

addresses)

NAT Overlap – maps inside and outside addresses when they are

using conflicting IP addresses (overlapping networks)

HSRP & VRRP

Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol that

provides high available for routing services For example, you could have a

virtual IP address configured as your default gateway You would have two

routers that would respond to this virtual IP address One of the routers

would be the primary and one would be the secondary

The industry-standard version of HSRP is the Virtual Router Redundancy

Protocol (VRRP)

Telnet

Telnet is used to remotely configure router, switches, or servers Any system that runs a telnet server can be

connected to with telnet Once connected, you can perform commands on that system or network device Telnet uses TCP port 23

FTP & TFTP

File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) both send and receive files over a network FTP uses TCP ports 20 and 21 TFTP users UDP port 69 FTP is more reliable and featured than TFTP TFTP is commonly used to send & receive router & switch configuration and IOS files

SNMP

Simple Network Management Protocol (SNMP) is used for network management Network devices (like routers, switches, servers, PCs, or even laser printers) can have SNMP agents You would have a network management application that uses SNMP to communicate with these network devices With SNMP, you could gather statistics and

be alerted of utilization, for example SNMP uses UDP port 161

Access Control Lists (ACL)

An Access List is an ordered set of statements that permit or deny the flow of packets through an interface They are used for security purposes, to provide QoS, or to define types of traffic for purposes of filtering, queuing or prioritizing They define the criteria on which decisions are made based on information contained inside the packets Decisions are based on the source and/or destination network/subnet/host address(es) of the packets

The basic concept of the access list wildcard mask is that any “0” in the wildcard mask means the corresponding bit in the address has to match, and any “1” in the wildcard mask means the value isn’t checked

You can only append to an access list, you cannot add lines to the middle of it To make changes, copy your access list to notepad, and make your changes there; then from the Cisco router console type “no access-list” and the

number, then paste the updated access list into the configuration

Things to know about ACLs:

The wildcard mask, which looks like a reversed subnet mask, defines which bits of the address are used for the access list decision-making process

Lists are processed top-down In other words, the first matching rule preempts further processing

Only one access list is allowed per port/per direction/per protocol

Remember that there is an implicit deny at the end of all access lists (so the last configured line should always

be a permit statement)

If you apply an access number that does not exist, all traffic will be passed

An Access Class limits VTY (telnet) access

A Distribution List filters incoming or outgoing routing updates

Access list types are designated by the list Numbers:

1200-1299 IPX Summary Address

O’Reilly & Associates’ “Cisco IOS Access Lists” by Jeff Sedayao, and McGraw-Hill’s “Cisco Access Lists: Field

Guide” by Held and Hundley are excellent resources for this topic

Internet Protocol Version 6 (IPv6)

IPv6 address types are distinguished by the value of the high-order octet of the addresses: a value of 0xFF (binary 11111111) identifies an address as a multicast address; 0x00 indicates loopback or unassigned addresses; any other value identifies an address as a Unicast address Anycast addresses are taken from the Unicast address space, and are not syntactically distinguishable from Unicast addresses

Ipv6 addresses can be written in a compressed format by using a double colon to summarize at least one octet of continuous zeros

Anycast can be understood best by comparing it with Unicast and Multicast IP Unicast allows a source node to

transmit IP datagrams to a single destination node The destination node is identified by a Unicast address IP

multicast allows a source node to transmit IP datagrams to a group of destination nodes A multicast group identifies the destination nodes, and we use a multicast address to identify the multicast group

IP Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination nodes IP datagram will reach the closest destination node in the set of destination nodes, based on routing measure

of distance The source node does not need to care about how to pick the closest destination node, as the routing system will figure it out (in other words, the source node has no control over the selection) The set of destination nodes is identified by an Anycast address

Valid Ipv6 Unicast or Anycast addresses:

1080:0:0:0:8:800:200C:417A

1080::8:800:200C:417A

Valid Ipv6 Multicast addresses:

Routing Protocol Concepts

Routing protocols provide dynamic network information to the routers that are part of the domain, and represent one of the most important areas for a Network Engineer to master

Distance-Vector Routing Protocols

Protocols that are designed to periodically pass the full contents of their routing tables to all of their immediate

neighbors (usually every 30 to 90 seconds) Each recipient then increments the values and updates its routing table to send out in the next update Once this information has made the rounds, each router will have built a routing table with information about the "distances" to networked resources without learning anything specific about the other routers, or about the network's actual topology

The primary benefits of these protocols are how easy they are to configure and maintain The problems associated with them include slow convergence, routing loops, counting to infinity problems, and excessive bandwidth utilization from the size and repetition of the updates

The two common Distance Vector protocols are the Routing Information Protocol (RIP), and Cisco's proprietary

Interior Gateway Routing Protocol (IGRP), which uses bandwidth and delay

Link State Routing Protocols

Link State Routing Protocols develop and maintain a full knowledge of the network's routers, as well as how they connect to one another This information is gathered through the exchange of link-state advertisements (LSAs)

between routers, which develop a topological database that is used by the Shortest Path Algorithm to compute

reachability to networked destinations This process allows quick discovery of changes in the network topology

The chief advantages of Link State protocols is that the transmission of LSAs takes less bandwidth than the full

updates provided by Distance Vector routing protocols; faster convergence, and greater scalability

The concerns with Link-State protocols include flooding that is done during the initial discovery process, and that they can be both memory and processor intensive

Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are the primary

examples of Link State protocols

Hybrid Routing Protocols

Hybrid Routing Protocols combine characteristics of both Distance Vector and Link State protocols They converge more rapidly than distance-vector protocols, while avoiding the processing overhead associated with link-state

updates Also, they are event driven rather than using a timer to decide when to send updates; this conserves

bandwidth for the transmission of user data

Cisco's proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) is the most common Hybridized routing

protocol (and the only one I’ve ever heard of) It was designed to combine the best aspects of distance-vector and link-state routing protocols without incurring any of the performance limitations specific to either Remember that one

of the major limitations to EIGRP is that it only runs on Cisco equipment

Distribution Lists

Distribution lists are used to filter the contents of inbound or outbound distance vector routing protocol updates (RIP and IGRP) Standard IP access lists are used to define a list against which the contents of the routing updates are matched Remember that the access list is applied to the contents of the update, not to the source or destination of the routing update packets themselves

The “distribute-list” command is entered at the global or router configuration levels, and there is an option to apply the list to specific interfaces For any given routing protocol, it is possible to define one interface-specific distribute-list per interface, and one protocol-specific distribute-list for each process/autonomous-system pair

There are several commonly used methods for preventing routing loops, including:

Holddowns – Routes are held for a specified period of time to prevent updates advertising networks that are

possibly down The period of time varies between routing protocols, and is configurable Holddown timers should be set very carefully - if they are too short, they are ineffective; too long and convergence will be delayed

Triggered updates – Also known as flash updates, these are sent immediately when a router detects that a metric

has changed or a network is no longer available This helps speed convergence Instead of waiting for a certain time interval to elapse to update the routing tables, the new information is sent as soon as it is learned

Split horizon – If a router has received a route advertisement from another router, it will not re-advertise it back

out the interface from which it was learned

Poison reverse – Once you learn of a route through an interface, advertise it as unreachable, back through that

same interface

Administrative Distance

When a route is advertised by more than one routing protocol, the router must decide which protocol’s routes to use The predefined Administrative Distances of routing protocols allow the router to make that decision, more or less telling the router the relative trustworthiness of the different protocols Here is a list of the common ADs:

Open Shortest Path First (OSPF)

OSPF is an open standard Link State routing protocol that uses Dijkstra’s Shortest Path First (SPF) algorithm Several

of OSPF’s advantages include fast convergence, classless routing, VLSM support, authentication support, support for

much larger inter-networks, the use of areas to minimize routing protocol traffic, and a hierarchical design

All OSPF routers must have a unique router ID The router ID is the highest IP address on any of its loopback

interfaces If the router doesn’t have any loopback interfaces, then it chooses the highest IP address on any of its enable interfaces The interface doesn’t have to have OSPF enabled on it Loopback interfaces are often used

because they are always active and there is usually more leeway in its address assignment

OSPF contains five network types:

Point-to-point

Broadcast

Non-broadcast multi-access (NBMA)

Point-to-multipoint, and virtual-links

OSPF routers keep track of three databases They are:

Neighbor database

Topology table

Master routing table

Area 0

This is the core area for OSPF One of the basic rules of OSPF is that all areas must connect to area 0 (just as all roads lead to Rome) If there is an area that is not contiguous with area “0”, your only option is to use a virtual-link This will provide a tunnel through another area in order to make it appear that the area is directly connected to area 0 Area Border Routers (ABRs) are responsible for maintaining the routing information between areas Internal routers receive all routes from the ABR except for those routes that are contained within the internal area

Traffic destined for networks outside of the AS must traverse Area 0 to an Autonomous System Border Router (ASBR) The ASBR is responsible for handling the routing between OSPF and another AS using another routing protocol such

as EIGRP

OSPF Area Types:

Standard - Accepts internal, external and summary LSA’s

Backbone (transit area) - In multi-area OSPF networks all other areas must connect directly to this area in order

to exchange route information It must be labeled area “0”, and it accepts all LSA types This behaves like a

normal Standard area, except it happen to reside in the middle of the network

Stub - Refers to an area that does not accept Type-5 LSAs to learn of external ASs If routers need to route to

networks outside the autonomous system, they must use a default route

Not-so-stubby – Also know as NSSA It is the same as a stub area, except it accepts LSA Type 7 This is useful

if you want to accept redistributed routes from another routing protocol Once these redistributed routes leave the NSSA they are converted to Type 5 Type 7 LSAs can only exist in an NSSA

Totally Stubby – All LSAs except Type 1 and 2 are blocked Intra-area routes and the default route are the only

routes passed within a totally stubby area This is Cisco proprietary

Stub and Totally Stubby Area Similarities:

There can only be a single ABR and single exit point from the area

All routers within the stub area must be configured as stub routers If not, they cannot form adjacencies with the other stub routers

A stub area cannot be used as a transit area for virtual links

An ASBR cannot be internal to a stub area

Inter-area routing is based on a default route

Neither will accept Type-5 LSAs (autonomous system entries)

Typically used in a hub and spoke topology with the spokes being remote sites configured as stub or totally stubby areas

Stub and Totally Stubby Area Differences:

Totally stubby areas have smaller routing tables, since the only routes they accept are from area 0, which is the default route

Totally stubby will not accept Summary LSA’s (Type-3 and Type-4)

Totally stubby is Cisco proprietary, while Stub is an OSPF standard

Router Types:

Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in the same area They have identical

link-state databases and run single copies of the routing algorithm

Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached to multiple areas They

maintain separate link-state databases for each area This may require the router to have more memory and CPU power These routers act as gateways for inter-area traffic They must have at least one interface in the backbone area, unless a virtual link is configured These routers will often summarize routes from other areas into the backbone area

Autonomous System Boundary Router (LSA Type 5 or 7) – Routers that have at least one interface into an

external network, such as a non-OSPF network These routers can redistribute non-OSPF network information

to and from an OSPF network Redistribution into an NSSA area creates a special type of link-state

advertisement (LSA) known as type 7 This router will be running another routing protocol besides OSPF, such

as EIGRP, IGRP, RIP, IS-IS, etc

Traffic Types:

Intra-area - Traffic passed between routers within a single area

Inter-area - Traffic passed between routers in different areas

External - Traffic passed between an OSPF router and a router in another autonomous system

NMBA Networks

Designated Routers (DRs) and Backup Designated Routers (BDRs) are elected on Broadcast and Nonbroadcast access networks such as Ethernet broadcast domains You can control the selection of DRs through the use of the “IP OSPF Priority” command; the highest priority wins, and a setting of “0” makes the router ineligible to become DR

Multi-If a router joins the network with a priority somewhere between the existing DR and BDR, the network does not

recalculate until the DR fails, then the BDR becomes the DR, and the new router will become BDR

LSA Types:

Router link entry - Type 1 LSA Broadcasts only in a specific area Contains all the default Link State

information Generated by each router for each area to which it belongs It describes the state of the router’s link

to the area The link status and cost are two of the descriptors provided

Network entry - Type 2 LSA Multicast to all area routers in a multi-access network by the DR They describe

the set of routers attached to a particular network and are flooded only within the area that contains the network

Summary entry - Type 3 and 4 LSA’s Type 3 LSA’s have route information for the internal networks and are

sent to the backbone routers Type 4 LSA’s have information about the ASBRs This information is broadcast by the ABR, and it will reach all the backbone routers

Autonomous system entry - This is a Type 5 or 7 LSA It comes from the ASBR and has information relating to

the external networks Type 7 LSA’s are only found in NSSA areas

The same authentication type must be used across an entire OSPF area

Border Gateway Protocol (BGP)

BGP version 4 is a path vector routing protocol used to exchange routing information between Autonomous Systems, and can be considered the routing protocol of the Internet It carries information as a sequence of AS numbers, which indicate the autonomous systems that must be used to get to a destination network

Specific neighbor commands must be entered to create BGP neighbors because neighbors are defined in the

configuration, not by their physical location in the network Even if two routers are physically connected, they are not necessarily neighbors unless they form a TCP connection, which is configured by the Network Engineer

When BGP talkers (routers) communicate for the first time, they exchange their entire routing tables The protocol maintains a table version number to track the current instance of the BGP routing table, and uses keepalives to make sure their neighbors are up BGP uses TCP (port 179) as its transport protocol to ensure reliable delivery

There are both internal and external flavors of BGP (IBGP and EBGP) configurations

Internal BGP (IBGP) - Used inside a specific BGP Autonomous System Neighbors don’t need to be directly

connected, but they do need IP connectivity via an IP Internal Gateway Protocol (IGP), such as OSPF The administrative distance for iBGP is 200

External BGP (EBGP) - Used between different BGP Autonomous Systems Neighbors normally need direct

connectivity, however, Cisco provides the “ebgp-multihop” router configuration command to override this

behavior The administrative distance for EBGP is 20

Any time you make changes to the BGP configuration on a router, your BGP neighbor connection must be reset Use the Cisco IOS command "clear ip bgp *" to perform this task Use the command "show ip bgp" command to view your BGP table

BGP’s effective use of Classless Inter-domain Routing (CIDR) has been a major factor in slowing the explosive growth

of the Internet routing table CIDR doesn’t rely on classes of IP networks such as Class A, B, and C In CIDR, a prefix and a mask, such as 197.32.0.0/14, represent a network This would normally be considered an illegal Class C

network, but CIDR handles it just fine A network is called a super-net when the prefix boundary contains fewer bits than the network’s natural mask