-

Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter Chapter

1: Internetworking 2: Introduction to TCP/IP 3: Subnetting, VLSM and Troubleshooting 4: Ciscos IOS and SDM 5: Managing a Cisco Internetwork 6: IP Routing 7: EIGRP and OSPF 8: Layer-2 Switching 9: VLANs 10: Security ACL 11: Network Address Translation 12: Wireless Networks 13: IPv6 14: Wide Area Networks

Chapter 1 Objectives

1- Internetworking
The CCNA Topics Covered in this chapter include: Devices used in this book Internetworking Basics Layered Models The OSI Model Ethernet Networking Data Encapsulation Ciscos Three-Layer Model Chapter 1 Written Labs and Review Questions Devices used in this book

Internetworking Basics How would you say the PC named Bob communicates with the PC named Sally?

Internetworking Basics

Switches can replace the hub, breaking up collision domains.

Keep in mind that the hub used in the figure just extended the one collision domain from the switch port. Internetworking Basics Heres a list of some of the things that commonly cause LAN traffic congestion: Too many hosts in a broadcast domain Broadcast storms Multicasting Low bandwidth Adding hubs for connectivity to the network

A bunch of ARP or IPX traffic (IPX is a Novell protocol that is like IP, but really, really chatty. Typically not used in todays networks.) Internetworking Basics

Routers create an internetwork.

There are two advantages of using routers in your network: They dont forward broadcasts by default.

They can filter the network based on layer 3 (Network layer) information (e.g., IP address). Four router functions in your network can be listed as follows: Packet switching Packet filtering Internetwork communication Path selection Internetworking Basics Internetworking devices

Switched networks creating an internetwork

Layered Models The Layered Approach A reference model is a conceptual blueprint of how communications should take place. It addresses all the processes required for effective communication and divides these processes into logical groupings called layers. When a communication system is designed in this manner, its known as layered architecture. The OSI Model The OSI isnt a physical model. Rather, its a set of guidelines that application developers can use to create and implement applications that run on a network. It also provides a framework for creating and implementing networking standards, devices, and internetworking schemes The upper layers

The lower layers

The Layer Functions

Connection-Oriented Communication

Windowing

Network Layer Routing Table used in a router

Router in an internetwork

Data Link Layer

Binary Addressing Binary to Decimal Memorization Chart 10000000 128 11000000 192 11100000 224 11110000 240 11111000 248 11111100 252 11111110 254 11111111 255 A hub in an network

A Switch in an network

Ethernet Networking

 Ethernet is a contention media access method that allows all hosts on a network to share the same bandwidth of a link. Ethernet is popular because its readily scalable, meaning that its comparatively easy to integrate new technologies, such as Fast Ethernet and Gigabit Ethernet, into an existing network infrastructure. Its also relatively simple to implement in the first place, and with it, troubleshooting is reasonably straightforward. Ethernet Collision Detection CSMA/CD

Half and Full Duplex Half-duplex Ethernet is defined in the original 802.3 Ethernet; Cisco says it uses only one wire pair with a digital signal running in both directions on the wire. But full-duplex Ethernet uses two pairs of wires instead of one wire pair like half duplex. And full duplex uses a point-to-point connection between the transmitter of the transmitting device and the receiver of the receiving device. Full-duplex Ethernet can be used in three situations: With a connection from a switch to a host With a connection from a switch to a switch With a connection from a host to a host using a crossover cable

Ethernet Addressing The MAC, or hardware, address is a 48-bit (6-byte) address written in a hexadecimal format.

Ethernet at the Physical Layer The IEEE 802.3 and original Ethernet Physical layer specifications.

Ethernet Cabling Ethernet cabling is an important discussion, especially if you are planning on taking the Cisco exams. Three types of Ethernet cables are available: Straight-through cable Crossover cable Rolled cable

We will look at each in the following sections. Straight Through The straight-through cable is used to connect Host to switch or hub Router to switch or hub

Crossover Cable The crossover cable can be used to connect Switch to switch Hub to hub Host to host Hub to switch Router direct to host

Rolled Cable Although rolled cable isnt used to connect any Ethernet connections together, you can use a rolled Ethernet cable to connect a host to a router console serial communication (com) port.

Using Hyper Terminal Notice the settings for Hyper Terminal

What type of cable is used?

What type of cable is used for each connection?

Data Encapsulation

When a host transmits data across a network to another device, the data goes through encapsulation: It is wrapped with protocol information at each layer of the OSI model. Each layer communicates only with its peer layer on the receiving device. PDU

Port Numbers The Transport layer uses port numbers to define both the virtual circuit and the upper-layer process.

Ciscos Three-Layer Model The following are the three layers and their typical functions: The core layer: backbone The distribution layer: routing The access layer: switching

Chapter 2 Objectives
Introduction to TCP/IP :2
The CCNA Topics Covered in this chapter include: TCP/IP and the DoD Model Process/Application Layer Host-to-Host Layer Internet Layer Network Access IP Addressing Class A Class B Class C Private Addressing

TCP/IP and the DoD Model The figure shows a comparison of the DoD model and the OSI reference model. As you can see, the two are similar in concept, but each has a different number of layers with different names.

The TCP/IP Protocol Suite The DoD and OSI models are alike in design and concept .and have similar functions in similar layers

Process/Application Layer This section describes different applications and services typically used in IP networks. The following protocols and applications are :discussed Telnet FTP TFTP NFS SMTP LPD X Window SNMP DNS DHCP/BootP Host to Host Layer The main purpose of the Host-to-Host layer is to shield the upperlayer applications from the complexities of the network. This layer says to the upper layer, Just give me your data stream, with any instructions, and Ill begin the process of getting your information ready to send. The following sections describe the two protocols at this layer: Transmission Control Protocol (TCP) User Datagram Protocol (UDP) TCP The figure shows the different fields within the TCP header.

UDP This figure clearly illustrates UDPs markedly low overhead as compared to TCPs hungry usage.

Key concepts of Host to Host Protocols TCP _______________________________ UDP Sequenced Unsequenced Reliable Unreliable Connection-oriented Connectionless Virtual circuit Low overhead Acknowledgments No acknowledgment Windowing flow control No windowing or flow control Port Numbers Port number examples for TCP and UDP

Key Protocols and Port Numbers TCP UDP Telnet 23 SNMP 161 SMTP 25 TFTP 69 HTTP 80 DNS 53 FTP 21 DNS 53 HTTPS 443 Internet Layer IP Header

Protocol Field in IP Header

Protocol Protocol Number ICMP 1 IP in IP (tunneling) 4 IGRP 9 EIGRP 88 OSPF 89 IPv6 41 GRE 47 Layer 2 tunnel (L2TP)

115

ICMP Internet Control Message Protocol (ICMP) works at the Network layer and is used by IP for many different services.

 ICMP is a management protocol and messaging service provider for IP. Its messages are carried as IP datagrams. ICMP packets have the following characteristics: They can provide hosts with information about network problems. They are encapsulated within IP datagrams. E0 of LAB_B goes down. What happens?

ARP ARP resolves IP addresses to Ethernet (MAC) addresses.

RARP

IP Addressing An IP address is a numeric identifier assigned to each machine on an IP network. It designates the specific location of a device on the network. IP addressing was designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in. IP Terminology BIT: A bit is one digit, either a 1 or a 0. BYTE: A byte is 7 or 8 bits, depending on whether parity is used. For the rest of this chapter, always assume a byte is 8 bits. OCTET: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In this chapter, the terms byte and octet are completely interchangeable. Network address: This is the designation used in routing to send packets to a remote networkfor example, 10.0.0.0, 172.16.0.0, and 192.168.10.0. Broadcast address: The address used by applications and hosts to send information to all nodes on a network is called the broadcast address. Network Addressing Subdividing an IP address into a network and node address is determined by the class designation of ones network. This figure summarizes the three classes of networks

Reserved Addressing Address Function Network address of all 0s Interpreted to mean this network or segment. Network address of all 1s Interpreted to mean all networks. Network 127.0.0.1 Reserved for loopback tests. Node address of all 0s Interpreted to mean network address or any host on specified network. Node address of all 1s Interpreted to mean all nodes on the specified network Entire IP address set to all 0s Used by Cisco routers to designate the default route. Could also mean any network. Entire IP address set to all 1s (same as Broadcast to all nodes on the current network; 255.255.255.255) sometimes called an all 1s broadcast or limited broadcast Private Addressing Address Class Space Class A 10.255.255.255 Class B 172.31.255.255 Class C 192.168.255.255 10.0.0.0 through 172.16.0.0 through 192.168.0.0 through Reserved Address

3: Subnetting, VLSM and Troubleshooting

The CCNA Topics Covered in this chapter include:

Chapter 3 Objectives

-Subnetting basics -How to create subnets -Subnet masks and CIDR Class C subnetting Class B subnetting VLSM Summarization Troubleshooting IP addressing Subnetting Basics Benefits of subnetting include: Reduced network traffic Optimized network performance Simplified management Facilitated spanning of large geographical distances. How To Create Subnets Take bits from the host portion of the IP address and reserve the to divine the subnet address.

Understanding the Powers of 2

Subnet Masks Used to define which part of the host address will be used as the subnet address.

 A 32-bit value that allows the recipient of IP packets to distinguish the network ID portion of the IP address from the host ID portion. Default Subnet Masks

Classless Inter-Domain Routing (CIDR) Used to allocate an amount of IP address space to a given entity (company, home, customer, etc). Example: 192.168.10.32/28 The slash notation (/) means how many bits are turned on (1s) and tells you what your subnet mask is. CIDR Values

Subnetting Class C Addresses In a Class C address, only 8 bits are available for defining the hosts. Remember that subnet bits start at the left and go to the right, without skipping bits. This means that the only Class C subnet masks can be the following: Binary Decimal CIDR ---------------------------------------------------------

10000000 = 128 11000000 = 192 11100000 = 224 11110000 = 240 11111000 = 248 11111100 = 252

/25 /26 /27 /28 /29 /30

Class C 192 mask examples Subnet Host Meaning 00 00 00 00 Subnet 01 01 01 01 Subnet 10 10 10 10 Subnet 11 000000 = 0 000001 = 1 111110 = 62 111111 = 63 Host 000000 64 000001 65 111110 126 111111 127 Host = = = = The network (do this first) The first valid host The last valid host The broadcast address (do this second) Meaning The network The first valid host The last valid host The broadcast address Meaning The subnet address The first valid host The last valid host The broadcast address Meaning

000000 = 128 000001 = 129 111110 = 190 111111 = 191 Host

000000 = The subnet address 192 11 000001 = The first valid host 193 11 111110 = The last valid host 254 11 111111 = The broadcast 255 address Subnetting Class C Addresses Fast Method Answer Five Simple Questions:

How many subnets dose the chosen subnet mask produce? How many valid hosts per subnet are available? What are the valid subnets? What's the broadcast address of each subnet? What are the valid hosts in each subnet? How Many Subnets? 22 = number of subnets. X is the number of masked bits, or the 1s. For example, in 11000000, the number of ones gives us 22 subnets. In this example there are 4 subnets. How Many Hosts Per Subnet? 2y-2 = number of hosts per subnet. Y is the number of unmasked bits, or the 0s. For example, in 11000000, the number of zeros gives us 26-2 hosts. In this example, there are 62 hosts per subnet. What Are The Valid Subnets? 256-subnet mask = block size, or base number. For example 256-192=64. 64 is the first subnet. The next subnet would be the base number plus itself or 64+64=128, (the second subnet). Whats The Broadcast Address For Each Subnet? The broadcast address is all host bits turned on, which is the number immediately preceding the next subnet. What Are The Valid Hosts? Valid hosts are the number between the subnets, omitting all 0s and all 1s. Variable Length Subnet Masks (VLSM)

Which IP address will be placed in each routers FastEthernet 0/0 interface and serial 0/1 of RouterB?

Answer

Chapter 4 Objectives
Ciscos IOS and SDM :4
The CCNA Topics Covered in this chapter include: The Cisco router IOS Enhanced editing Administrative functions Hostnames Banners Passwords Interface descriptions Verifying your configuration Cisco Router IOS Carries network protocols and functions Connects high-speed traffic between devices Adds security to control access Provides scalability for growth Supplies reliability Connecting To A Cisco Router

Cisco 2811

Cisco 1841

Bringing up a Router Boot-up process:

1: POST 2: Looks for the Cisco IOS from Flash memory 3: IOS loads & looks for a valid configuration; startup-config stored in nonvolatile RAM (NVRAM) 4: If a valid config is not found in NVRAM: setup mode Setup Mode Basic Management Setup Extended Setup Command-Line Interface

Command-Line Interface (CLI) More flexible than setup mode. To use the CLI, just say No to entering the initial configuration dialog. Logging into the Router User mode: Router> Used mostly to view statistics Privileged mode: Router# Used to view & change router configuration

Overview of Router Modes Global changes: config terminal or config t Changes made to running-config (DRAM) To change the startup-config (NVRAM) config memory or config mem Note: Any configuration changes need to be placed into RAM. Typing config mem or config net (from a TFTP host) will append the current running-config Configuration CLI Prompts Interfaces Sub-interfaces Line Commands Routing Protocol Configurations

Editing & Help Features Commands starting with a certain letter

Router#c? clear clock configure connect copy Enhanced Editing Commands Router-Command History Gathering Basic Routing Information show version Router Command History

Gathering Basic Routing Information Router# show version Administrative Functions The administrative functions that you can configure on a router and switch are Hostnames Banners Password Interface descriptions Hostnames & Descriptions Hostnames Router(config)#hostname todd todd(config)# Descriptions Atlanta(config)#int e0 Atlanta(config-if)#description Sales Lan Banners Purpose Types exec incoming login motd Delimiting character Setting the Passwords 5 passwords:

1st two used to set your enable password Used to secure privileged mode; Router>enable Other three are used to configure a password in user mode via: console port auxiliary port Telnet Passwords Enable passwords Router(config)#enable password cisco Router(config)#enable secret cisco Auxiliary Password Console Password Telnet Password Encrypting Your Password Router(config)#service password-encryption Interface Descriptions Setting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. The description command is a helpful one because you can, for instance, use it to keep track of circuit numbers. Heres an example: Atlanta(config)#int e0 Atlanta(config-if)#description Sales Lan Atlanta(config-if)#int s0 Atlanta(config-if)#desc Wan to Miami circuit:6fdda4321 You can view the description of an interface either with the show running-config command or the show interface command. Router Interfaces Bringing up an Interface no shutdown shutdown show interface Configuring an IP Address on an Interface Router(config)#int e0 Router(config-if)#ip address 172.16.10.2 255.255.255.0 Router(config-if)#no shut Serial Interface Commands clock rate & bandwidth (entered in kilobits)

Viewing, & Saving Configurations

Viewing & Saving Configurations running-config saved in startup-config saved in copy run start sh run sh start erase startup-config Tools: show running-config show startup-config ping show cdp nei detail trace telnet

DRAM NVRAM

Verifying Your Configuration

Verifying with the show interface command Router#show interface ? Verifying with the show ip interface command Router#show ip interface Router#show ip interface brief Router#show controllers

Chapter 5 Objectives
Managing a Cisco Internetwork :5
The CCNA Topics Covered in this chapter include:

Cisco Router Components Boot Sequence Configuration register Backing up and restoring the IOS Backing up and restoring the configuration Cisco Discovery Protocol Telnet Resolving hostnames Troubleshooting tools Cisco Router Components Bootstrap Brings up the router during initialization POST Checks basic functionality; hardware & interfaces ROM monitor Manufacturing testing & troubleshooting Mini-IOS Loads Cisco IOS into flash memory RAM Holds packet buffers, routing tables, & s/w Stores running-config ROM Starts & maintains the router Flash Memory Holds Cisco IOS Not erased when the router is reloaded NVRAM Holds router (& switch) configurations Not erased when the router is reloaded Configuration Register Controls how the router boots up 1: 2: 3: 4: Boot Sequence Router performs a POST Bootstrap looks for & loads the Cisco IOS IOS software looks for a valid configuration file Startup-config file (from NVRAM) is loaded If startup-config file is not found, the router will start the setup mode Configuration Registers Register 16-bit software written into NVRAM Loads from flash memory & looks for the startupconfig file

Configuration Register Bits 16 bits read 15-0, from left to right default setting: 0x2102 Register _ 2__ Bit number 3 2 1 0 Binary 0 0 1 0 2 15 14 13 12 0 0 1 0 _ 1 11 10 9 8 0 0 0 1 __ 0

7 6 5 4 0 0 0 0

NOTE: 0x means the digits that follow are in hexadecimal Configuration Meanings

Checking the Register Value Router#sh version Configuration register is 0x2102 Recovering Passwords Boot the router & interrupt the boot sequence by performing a :1 .break using the Ctrl+Break key combination (Change the configuration register to turn on bit 6 (0x2142 :2 rommon>confreg 0x2142 You must reset or power cycle for new config to take effect Reload the router :3 Type reset The router will reload & ask if you want to enter setup mode Answer NO Enter the privileged mode :4 Router>enable

#Router Copy the startup-config to running-config :5 Router#copy startup-config running-config Change the password :6 Router#config t Router(config)#enable secret cisco Reset the configuration register to the default value :7 Router(config)#config-register 0x2102 Reload the router :8 Backing up & Restoring the Cisco IOS ..Before you upgrade !Copy the existing IOS to a TFTP host Verify Flash Memory Router#sh flash :System flash directory File Length Name/status c2500-js-1.112-18.bin 8121000 1 [bytes used, 8656152 available, 16777216 total 8121064] (16384K bytes of processor board System flash (Read ONLY #Router Ensure you have good connectivity to the TFPT host :1 Router#ping 192.168.0.120 Copy the IOS from flash to the TFTP host :2 Router#copy flash tftp The TFTP host must have a default directory specified Restoring or Upgrading the Cisco IOS Ensure you have good connectivity to the TFTP :1 host Router#ping 192.168.0.120 Copy the IOS from the TFTP host to flash :2 Router#copy tftp flash The TFTP host must have a default directory specified Copying the IOS from a TFTP host to flash requires a router reboot Backing up the Configuration

Verify the Current Configuration :1 Router#sh run Verify the Stored Configuration :2 Router#sh start Verify available memory Copy running-config to NVRAM :3 Router#copy run start Router#sh start Copy running-config to a TFTP host :4 Router#copy run tftp A second backup Using Cisco Discovery Protocol (CDP) A Cisco proprietary protocol Designed to collect information about directly attached & remote device Hardware information Protocol information Useful in troubleshooting & documenting the network Getting CDP Timers & Holdtime Information Configuration CDP Timer: How often CDP packets are transmitted to all active interfaces CDP Holdtime: The amount of time that the device will hold packets received from neighbor devices Router#sh cdp Global CDP information Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Router#config t Router(config)#cdp timer 90 Router(config)#cdp holdtime 240 Getting Neighbor Information Shows information about directly connected devices CDP packets are not passed through a Cisco switch Can only see what is directly attached Router#sh cdp nei or Router#sh cdp neighbor detail Detailed information; hostname, IP address, etc Getting Interface Traffic & Port Information Interface Traffic Information:

 CDP packets sent & received Errors with CDP Router#sh cdp traffic Port & Interface Information: Encapsulation on the line Timer & Holdtime for each interface Router#sh cdp interface Using Telnet A virtual terminal protocol Part of the TCP/IP suite Allows connections to remote devices Gather information Run programs Note: The VTY passwords must be set on the routers Setting VTY passwords: Router#config t Router(config)#line vty 0 4 Router(config)#login Router(config)#password cisco Router(config)#^Z Router#172.16.10.2 Trying 172.16.10.2 Open User Access Verification Password: RouterB> Remember. VTY password is the user mode (>) password - not the enable mode (#) password With no enable/enable secret password set, the following happens: RouterB>en % No password set RouterB> This equates to good security! Telnet Commands Telnetting into Multiple Devices Ctrl+Shift+6 (release) X Checking Telnet Connections Router#sh sessions Checking Telnet Users Router#sh users Closing Telnet Sessions RouterB>exit RouterB>disconnect Resolving Hostnames

 To use a hostname rather than an IP address to connect to a remote host a device must be able to translate the hostname to an IP address Build a host table on each router Build a Domain Name System (DNS) server Building a Host Table Provides name resolution only on the router on which it is built [ip host name tcp_port_number ip_address] Router(config)#ip host RouterB 172.16.10.2 Router(config)#ip host switch 192.168.0.148 Router#sh hosts Default TCP port number: 23 Router#RouterB RouterB#(Ctrl+Shift+6) (X) Router#switch Using DNS to Resolve Names Used when you have many devices on your network Making DNS work ip domain-lookup Turned on by default ip name-server Sets the IP address of the DNS server (up to 6 each) ip domain-name Appends the domain name to the hostname Ex: RouterA.neversail.navy.mil Checking Network Connectivity Ping Displays the minimum, average, & maximum times it takes for aping packet to find a specified system + return Router#ping RouterB Trace Shows the path a packet takes to get to a remote device Router#trace RouterB

Chapter 6 Objectives
6: IP Routing
Understanding IP routing Static routing Dynamic routing RIP RIPv2 Verifying routing

What is Routing? To route a router need to know: Remote Networks Neighbor Routers All Possible routes to remote network The absolute best route to all remote networks Maintain and verify the routing information

Basic Path Selection

What interface will the router send out a packet if it has destination address of 10.10.10.18?

Routing/PDU Example: Host A Web browses to the HTTP Server.

1. The destination address of a frame will be the 2. 2. The destination IP address of a packet will be the IP address of the 3. The destination port number in a segment header will have a value of Static Routes

Static Route Configuration ip route remote network [mask] {address|interface} [distance] [permanent] Router(config)#ip route [remote network] [mask] [next hop] Static Route Example

ip route 172.16.1.0 255.255.255.0 172.16.3.2 or

ip route 172.16.1.0 255.255.255.0 s0 Default Routes

ip route 0.0.0.0 0.0.0.0 172.16.3.1 ip classless Routing vs. Routed Routing protocols are used between routers to: Determine the path of a packet through a network Maintain routing tables Examples? Routed protocols are: Assigned to an interface Once the path is determined by the Routing protocol, determines method of delivery Examples? Routing Protocols

An autonomous system is a collection of networks under a common administrative domain. IGPs operate within an autonomous system. EGPs connect different autonomous systems. Classful Routing Overview

Classful routing protocols do not include the subnet mask with the route advertisement. Within the same network, consistency of the subnet masks is assumed. Summary routes are exchanged between foreign networks. Examples of classful routing protocols: RIP Version 1 (RIPv1) IGRP Classless Routing Overview Classless routing protocols include the subnet mask with the route advertisement. Classless routing protocols support variable-length subnet masking (VLSM). Summary routes can be manually controlled within the network. Examples of classless routing protocols: RIP Version 2 (RIPv2) EIGRP OSPF IS-IS Administrative Distance

Default Administrative Distance Directly Connected: 0 Static Route: 1 RIP: 120 IGRP: 100 EIGRP: 90 OSPF: 110

Distance Vector

- Distance vector algorithms do not allow a router to know the exact topology of an internetwork. - All routers just broadcast their entire routing table out all active interfaces on periodic time intervals Discovering Routes

Routing Loops

RIP Overview

Hop count metric selects the path, 16 is unreachable Full route table broadcast every 30 seconds Load balance maximum of 6 equal cost paths (default = 4) RIPv2 supports VLSM and Discontiguous networks

RIP Routing Configuration Router(config)#router rip Router(config-router)#network network-number*

*Network is a classful network address. Every device on network uses the same subnet mask RIP Version 2 Allows the use of variable length subnet masks (VLSM) by sending subnet mask information with each route update Distance Vector same AD, and timers. Easy configuration, just add the command version 2 under the router rip configuration

Discontiguous Addressing Two networks of the same classful networks are separated by a different network address

RIPv1 and IGRP do not advertise subnet masks, and therefore cannot support discontiguous subnets. OSPF, EIGRP, and RIPv2 can advertise subnet masks, and therefore can support discontiguous subnets. Passive Interface Maybe you dont want to send RIP updates out your router interface connected to the Internet. Use the passive-interface command: Router(config)#router rip Router(config-router)#passive-interface serial0

This allows a router to receive route updates on an interface, but not send updates via that interface Router#show ip protocols Router#debug ip rip all) Verifying RIP Router#show ip route Router#undebug all (un

Chapter 7 Objectives
7: EIGRP and OSPF
Enhanced IGRP EIGRP tables Configuring EIGRP Verifying EIGRP Open Shortest Path First Configuring OSPF Verifying OSPF Configuring OSPF with wildcards What Is Enhanced IGRP (EIGRP)?

Enhanced IGRP supports: Rapid convergence Reduced bandwidth usage Multiple network-layer support Uses Diffused Update Algorithm (DUAL) to select loop-free routes and enable fast convergence Up to six unequal paths to a remote network (4 by default)

Comparing EIGRP and IGRP Similar metric Same load balancing Improved convergence time

 Reduced network overhead Maximum hop count of 255 (100 default) EIGRP can differentiate between internal and external routes EIGRP for IP No updates. Route updates sent only when a change occurs multicast on 224.0.0.10 Hello messages sent to neighbors every 5 seconds (60 seconds in most WANs)

EIGRP Terminology

Note: A feasible successor is a backup route and stored in the Topology table EIGRP Tables The neighbor table and topology table are held in ram and are maintained through the use of hello and update packets.

To see all feasible successor routes known to a router, use the show ip eigrp topology command Successor routes Successor route is used by EIGRP to forward traffic to a destination A successor routes may be backed up by a feasible successor route Successor routes are stored in both the topology table and the routing table

Choosing Routes

EIGRP uses a composite metric to pick the best path: bandwidth and delay of the line EIGRP can load balance across six unequal cost paths to a remote network (4 by default) Configuring EIGRP for IP

If you use the same AS number for EIGRP as IGRP, EIGRP will automatically redistribute IGRP into EIGRP

Redistribution Redistribution is translating one type of routing protocol into another.

IGRP and EIGRP translate automatically, as long as they are both using the same AS number Route Path Assuming all default parameters, which route will RIP (v1 and v2) take, and which route will EIGRP take?

Verifying Enhanced IGRP Operation

Show IP Route P1R1#sh ip route P1R1#sh ip route

[output cut] Gateway of last resort is not set D 192.168.30.0/24 [90/2172] via 192.168.20.2,00:04:36, Serial0/0 C 192.168.10.0/24 is directly connected, FastEthernet0/0 D 192.168.40.0/24 [90/2681] via 192.168.20.2,00:04:36, Serial0/0 C 192.168.20.0/24 is directly connected, Serial0/0 D 192.168.50.0/24 [90/2707] via 192.168.20.2,00:04:35, Serial0/0 P1R1# -D is for Dual -[90/2172] is the administrative distance and cost of the route. The cost of the route is a composite metric comprised from the bandwidth and delay of the line

Introducing OSPF

Open standard Shortest path first (SPF) algorithm Link-state routing protocol (vs. distance vector) Can be used to route between ASs OSPF Hierarchical Routing

Consists of areas and autonomous systems Minimizes routing update traffic Supports VLSM Unlimited hop count

Link State Vs. Distance Vector Link State: Provides common view of entire topology Calculates shortest path Utilizes event-triggered updates Can be used to route between ASs Distance Vector: Exchanges routing tables with neighbors Utilizes frequent periodic updates

Types of OSPF Routers

Configuring Single Area OSPF

OSPF Example

Verifying the OSPF Configuration

OSFP Neighbors OSPF uses hello packets to create adjacencies and maintain connectivity with neighbor routers OSPF uses the multicast address 224.0.0.5

Hello packets provides dynamic neighbor discovery Hello Packets maintains neighbor relationships Hello packets and LSAs from other routers help build and maintain the topological database

OSPF Terminology Neighbor Adjacency

Router ID (RID)

Each router in OSPF needs to be uniquely identified to properly arrange them in the Neighbor tables. Electing the DR and BDR Multicast Hellos are sent and compared Router with Highest Priority is Elected as DR Router with 2nd Highest Priority is Elected as BDR

OSPF sends Hellos which elect DRs and BDRs Router form adjacencies with DRs and BDRs in a multiaccess environment

Configuring Loopback Interfaces

Router ID (RID): Number by which the router is known to OSPF Default: The highest IP address on an active interface at the moment of OSPF process startup Can be overridden by a loopback interface: Highest IP address of any active loopback interface also called a logical interface Interface Priorities What is the default OSPF interface priority? Router# show ip ospf interface ethernet0/0 Ethernet0 is up, line protocol is up Internet Address 192.168.1.137/29, Area 4 Process ID 19, Router ID 192.168.1.137, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.1.137, Interface address 192.168.1.137 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s)

Ensuring your DR

What options can you configure that will ensure that R2 will be the DR of the LAN segment? Configuring Wildcards If you want to advertise a partial octet (subnet), you need to use wildcards. 0.0.0.0 means all octets match exactly 0.0.0.255 means that the first three match exactly, but the last octet can be any value After that, you must remember your block sizes. The wildcard address is always one less than the block size. 192.168.10.8/30 = 0.0.0.3 192.168.10.48/28 = 0.0.0.15 192.168.10.96/27 = 0.0.0.31 192.168.10.128/26 = 0.0.0.63 Wildcard Configuration of the Lab_B Router

Lab_A Lab_C E0: 192.168.30.1/24 192.168.50.1/24 S0: 172.16.10.5/30 172.16.10.9/30

Lab_B E0: 192.168.40.1/24 S0: 192.168.10.10/30 S1: 192.168.10.6/30 E0: S1:

Chapter 8 Objectives
8: Layer-2 Switching
The CCNA Topics Covered in this chapter include: What is layer-2 switching Switching services Bridges vs. LAN switching Three switch functions MAC table Switching loops Spanning-Tree Protocol (STP) Layer 2 Switching Purposes for using switching Breaks up collision domains Cost-effective, resilient internetwork Purpose for Spanning-Tree Protocol (STP) Stops loops in layer 2 switched networks Before Layer 2 Switching

Switched LANs

Typical Switched Designs

One link to the server!

Switching Services Layer 2 switching provides: Hardware-based bridging (ASIC) Wire speed Low latency Low cost Limitations of Layer 2 Switching Must break up the collision domains correctly. Make sure that users spend 80 percent of their time on the local segment. Switches do not break up broadcast domains by default. Bridging vs. LAN switching

Three Switch Functions at Layer-2

Empty MAC table

How Switches Learn Hosts Locations

Switching Loops

Switching Loop Problems

Spanning-Tree Protocol (STP) Solves Switching loops at layer 2

Spanning-Tree Operations

Selecting the root bridge Selecting the designated port

Spanning-Tree Port States Blocking Listening Forwarding Disabled Spanning-Tree Example

Chapter 9 Objectives

9: VLANs
The CCNA Topics Covered in this chapter include: What is a VLAN? VLAN Memberships VLAN links Frame tagging VTP Trunking Configuring VLANs Inter-VLAN Communication Configuration examples

Virtual LANs (VLANs) Definition: A logical grouping of network users and resources connected to administratively defined ports on a switch. Smaller broadcast domains Organized by: Location Function Department Application or protocol Switches

Features of VLANs Simplify network management Provides a level of security over a flat network Flexibility and Scalability Broadcast Control Broadcasts occur in every protocol Bandwidth & Broadcasts Flat network VLANs & Broadcasts Flat Network Structure

Flexibility & Scalability Layer-2 switches only read frames Can cause a switch to forward all broadcasts VLANs Essentially create broadcast domains Greatly reduces broadcast traffic Ability to add wanted users to a VLAN regardless of their physical location Additional VLANs can be created when network growth consumes more bandwidth Physical LANs Connected To A Router

VLANs Remove The Physical Boundary

VLAN Memberships Static VLANs Typical method of creating VLANs Most secure A switch port assigned to a VLAN always maintains that assignment until changed Dynamic VLANs Node assignment to a VLAN is automatic MAC addresses, protocols, network addresses, etc VLAN Management Policy Server (VMPS) MAC address database for dynamic assignments MAC-address to VLAN mapping Identifying VLANs Access links A link that is part of only one VLAN Trunk links Carries multiple VLANs

Identifying VLANs (cont.)

Frame Tagging Definition: A means of keeping track of users & frames as they travel the switch fabric & VLANs User-defined ID assigned to each frame VLAN ID is removed before exiting trunked links & access links VLAN ID Methods Inter-Switch Link (ISL) Cisco proprietary FastEthernet & Gibabit Ethernet only IEEE 802.1q Must use if trunking between Cisco & non-Cisco switch

Inter-Switch Link (ISL) Protocol Definition: A means of explicitly tagging VLAN information onto an Ethernet frame Allows VLANs to be multiplexed over a trunk line Cisco proprietary External tagging process VLAN Trunk Protocol (VTP) Purpose: to manage all configured VLANs across a switch internetwork & maintain consistency Allows an administrator to add, delete, & rename VLANs

VTP Benefits Benefits Consistent configuration Permits trunking over mixed networks Accurate tracking Dynamic reporting Plug-and-Play A VTP server must be created to manage VLANs VTP Modes

VTP Modes of Operation Server Default for all Catalyst switches Minimum one server for a VTP domain Client Receives information + sends/receives updates Cannot make any changes Transparent Does not participate in a VTP domain but forwards VTP advertisements Can add/delete VLANs Locally significant

Router with Individual VLAN associations

Routing Between VLANs

Configuring VLANs Creating VLANs Assigning Switch Ports to VLANs Configuring Trunk Ports Configuring Inter-VLAN routing Configuring VTP Switches are configured to be VTP servers by default.

InterVLAN Configuration Example

Example 2

Example 3

Example 4

Configuring Switching In Our Sample Internetwork

2950C

2950B

Setting Up Trunking

Inter-VLAN communication

Chapter 10 Objectives
10: Security
The CCNA Topics Covered in this chapter include: Introduction to Security Types of attacks Mitigating attacks Access-lists Standard Extended Named Monitoring Access-lists Introduction to Security

Attacks APPLICATION-LAYER ATTACKS AUTOROOTERS BACKDOORS DENIAL OF SERVICE (DOS) AND DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS (MANY OTHERS) Mitigating Attacks Appliances IDS IPS STATEFUL IOS FIREWALL INSPECTION ENGINE FIREWALL VOICE TRAVERSAL ICMP INSPECTION AUTHENTICATION PROXY

Access Lists Purpose:

 Used to permit or deny packets moving through the router Permit or deny Telnet (VTY) access to or from a router Create dial-on demand (DDR) interesting traffic that triggers dialing to a remote location Important Rules Packets are compared to each line of the assess list in sequential order Packets are compared with lines of the access list only until a match is made Once a match is made & acted upon no further comparisons take place An implicit deny is at the end of each access list If no matches have been made, the packet will be discarded Types of Access Lists Standard Access List Filter by source IP addresses only Extended Access List Filter by Source IP, Destination IP, Protocol Field, Port Number Named Access List Functionally the same as standard and extended access lists. Application of Access Lists Inbound Access Lists Packets are processed before being routed to the outbound interface Outbound Access Lists Packets are routed to the outbound interface & then processed through the access list

ACL Guidelines One access list per interface, per protocol, or per direction More specific tests at the top of the ACL New lists are placed at the bottom of the ACL Individual lines cannot be removed End ACLs with a permit any command Create ACLs & then apply them to an interface ACLs do not filter traffic originated from the router Put Standard ACLs close to the destination Put Extended ACLs close the the source Standard IP Access Lists

Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list Standard IP Access Lists Creating a standard IP access list: Router(config)#access-list 10 ? deny Specify packets to reject permit Specify packets to forward Permit or deny? Router(config)#access-list 10 deny ? Hostname or A.B.C.D Address to match any any source host host A single host address Using the host command Router(config)#access-list 10 deny host 172.16.30.2 Standard ACL Example

Standard ACL example 2

Standard ACL Example 3

Wildcards What are they??? Used with access lists to specify a. Host Network Part of a network 64 Rules: Block Sizes 32 16 8 4

 When specifying a range of addresses, choose the closest block size Each block size must start at 0 A 0 in a wildcard means that octet must match exactly A 255 in a wildcard means that octet can be any value The command any is the same thing as writing out the wildcard: 0.0.0.0 255.255.255.255 Specifying a Range of Subnets (Remember: specify a range of values in a block size) Requirement: Block access in the range from 172.16.8.0 through 172.16.15.0 = block size 8 Network number = 172.16.8.0 Wildcard = 0.0.7.255 **The wildcard is always one number less than the block size Controlling VTY (Telnet) Access Why?? Without an ACL any user can Telnet into the router via VTY and gain access Controlling access Create a standard IP access list Permitting only the host/hosts authorized to Telnet into the router Apply the ACL to the VTY line with the access-class command Example Lab_A(config)#access-list 50 permit 172.16.10.3 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in (implied deny) Extended IP Access Lists Allows you to choose... IP Source Address IP Destination Address Protocol Port number Extended IP ACLs Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list

<1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list Router(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward Extended IP ACLs Router(config)#access-list 110 deny ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol tcp Transmission Control Protocol udp User Datagram Protocol Router(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host Extended IP ACL Steps #1: Select the access list: RouterA(config)#access-list 110 #2: Decide on deny or permit: RouterA(config)#access-list 110 deny #3: Choose the protocol type: RouterA(config)#access-list 110 deny tcp #4: Choose source IP address of the host or network: RouterA(config)#access-list 110 deny tcp any #5: Choose destination IP address RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 #6: Choose the type of service, port, & logging

RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 log Steps (cont.) RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 log RouterA(config)#access-list 110 permit ip any 0.0.0.0 255.255.255.255 RouterA(config)#ip access-group 110 in or RouterA(config)#ip access-group 110 out Named Access Lists Another way to create standard and extended access lists. Allows the use of descriptive names to ease network management. Syntax changes: Lab_A(config)#ip access-list standard BlockSales Lab_A(config-std-nacl)#deny 172.16.40.0 0.0.0.255 Lab_A(config-std-nacl)#permit any Monitoring IP Access Lists Display all access lists & their parameters show access-list Show only the parameters for the access list 110 show access-list 110 Shows only the IP access lists configured show ip access-list Shows which interfaces have access lists set show ip interface Shows the access lists & which interfaces have access lists set show running-config

11: Network Address Translation

The CCNA Topics Covered in this chapter include: What is NAT Static Dynamic PAT Configuring NAT Verifying NAT What is NAT? Similar to Classless Inter-Domain Routing (CIDR), the original intention for NAT was to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses. Benefits of NAT You need to connect to the Internet and your hosts dont have globally unique IP addresses. You change to a new ISP that requires you to renumber your network. You need to merge two intranets with duplicate addresses. Where NAT is typically configured

Chapter 11 Objectives

Basic NAT

Three types of NAT Static Dynamic Overloading Static NAT Lets take a look at a simple basic static NAT configuration: ip nat inside source static 10.1.1.1 170.46.2.2 ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside ! Dynamic NAT Here is a sample output of a dynamic NAT configuration: ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0 ip nat inside source list 1 pool todd ! interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 ! Port Address Translation

PAT Here is a sample output of a PAT configuration: ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0 ip nat inside source list 1 pool globalnet overload ! interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside ! interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside ! access-list 1 permit 10.1.1.0 0.0.0.255 What is your configuration?

NAT Lab example

Chapter 12 Objectives
12: Wireless Networks
The CCNA Topics Covered in this chapter include: What is a WLAN? IEEE Standards CSMA/CD ISM 2.4Ghz channels UNII Band BSS/ESS Wireless Security Wireless LANs Transmitting a signal using the typical 802.11 specifications works a lot like it does with a basic Ethernet hub: Theyre both two-way forms of communication, and they both use the same frequency to both transmit and receive, often referred to as half-duplex. Wireless LANs (WLANs) use radio frequencies (RFs) that are radiated into the air from an antenna that creates radio waves. Unlicensed Frequencies

802.11 Standards Here are the most popular standards in use today: 802.11b: 2.4Ghz, maximum bandwidth of 11Mbps 802.1g: 2.4Ghz, up to 54Mbps 802.11a: 5Ghz, up to 54Mbps

802.11b CSMA/CD

ISM 2.4 Ghz Channels

UNII 5Ghz Band

Range Comparisons

BSS/ESS

Wireless Security All Wi-Fi Certified wireless LAN products are shipped in "openaccess" mode, with their security features turned off. SSID, WEP and MAC authentication 802.11i WPA and WPA 2

Chapter 13 Objectives
13: IPv6
The CCNA Topics Covered in this chapter include: What is IPv6? Why do we need IPv6? IPv6 Addressing Address types Special Addresses Autoconfiguration Configuring IPv6 Tunneling What is IPv6?

People refer to IPv6 as the next-generation Internet protocol, and it was originally created as the answer to IPv4s inevitable, looming address-exhaustion crisis. Though youve probably heard a thing or two about IPv6 already, it has been improved even further in the quest to bring us the flexibility, efficiency, capability, and optimized functionality that can truly meet our ever-increasing needs. Why do we need IPv6? Because we need to communicate, and our current system isnt really cutting it anymorekind of like how the Pony Express cant compete with airmail. Just look at how much time and effort weve invested in coming up with slick new ways to conserve bandwidth and IP addresses. The amount of people and devices that connect to networks increases each and every day. IPv6 Addressing IPv6 addresses are 128 bits

Shortened Expression You can actually leave out parts of the address to abbreviate it, but to get away with doing that you have to follow a couple of rules. First, you can drop any leading zeros in each of the individual blocks. After you do that, the sample address from earlier would then look like this: 2001:db8:3c4d:12:0:0:1234:56ab Okay, thats a definite improvementat least we dont have to write all of those extra zeros! But what about whole blocks that dont have anything in them except zeros? Well, we can kind of lose those tooat least some of them. Again referring to our sample address, we can remove the two blocks of zeros by replacing them with double colons, like this: 2001:db8:3c4d:12::1234:56ab Address Types Unicast Global Unicast Link-local Unique Local Multicast Anycast Special Addresses 0:0:0:0:0:0:0:0 Equals ::. This is the equivalent of IPv4s 0.0.0.0, and is typically the source address of a host when youre using stateful configuration.

0:0:0:0:0:0:0:1 Equals ::1. The equivalent of 127.0.0.1 in IPv4. 0:0:0:0:0:0:192.168.100.1 This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment. 2000::/3 The global unicast address range. FC00::/7 The unique local unicast range. FE80::/10 The link-local unicast range. Special Addresses Cont. FF00::/8 The multicast range. 3FFF:FFFF::/32 Reserved for examples and documentation. 2001:0DB8::/32 Also reserved for examples and documentation. 2002::/16 Used with 6to4, which is the transition systemthe structure that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.

Autoconfiguration

Configuring IPv6

In order to enable IPv6 on a router, you have to use the ipv6 unicast-routing global configuration command: Corp(config)#ipv6 unicast-routing IPv6 isnt enabled by default on any interfaces either, so we have to go to each interface individually and enable it. You use the interface configuration command ipv6 address <ipv6prefix>/<prefix-length> [eui-64]to get this done. Heres an example: Corp(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64 You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option. Remember, the eui-64 format allows the device to use its MAC address and pad it to make the interface ID. Corp(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64 Tunneling 6to4

Chapter 14 Objectives
14: Wide Area Networks
The CCNA Topics Covered in this chapter include: Introduction to WANs HDLC PPP Frame Relay Introduction to VPNs Defining WAN Terms Customer Premises Equipment (CPE) Demarcation (demarc)

Local loop Central Office (CO) Toll network WAN Connection Types

DTE-DCE-DTE

WAN Support Frame Relay ISDN LAPB LAPD HDLC PPP ATM HDLC Protocol Bit-oriented Data Link layer ISO standard protocol Specifies a data encapsulation method No authentication can be used

HDLC Frame Format

Point-to-Point Protocol (PPP) Purpose: Transport layer-3 packets across a Data Link layer point-to-point link Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN) media Uses Link Control Protocol (LCP) Builds & maintains data-link connections

Point-to-Point Protocol Stack

PPP Main Components EIA/TIA-232-C Intl. Std. for serial communications HDLC Serial link datagram encapsulation method LCP Used in P-t-P connections: Establishing Maintaining Terminating NCP Method of establishing & configuring Network Layer protocols Allows simultaneous use of multiple Network layer protocols LCP Configuration Options Authentication PAP CHAP Compression Stacker Predictor Error detection Quality Magic Number Multilink Splits the load for PPP over 2+ parallel circuits; a bundle

PPP Session Establishment Link-establishment phase Authentication phase Network-layer protocol phase PPP Session Establishment

PPP Authentication Methods Password Authentication Protocol (PAP) Passwords sent in clear text Remote node returns username & password Challenge Authentication Protocol (CHAP) Done at start-up & periodically Challenge & Reply Remote router sends a one-way hash ~ MD5

Configuring PPP Step #1: Configure PPP on RouterA & RouterB: Router__#config t Router__(config)#int s0 Router__(config-if)#encapsulation ppp Router__(config-if)#^Z Step #2: Define the username & password on each router: RouterA: RouterA(config)#username RouterB password cisco RouterB: RouterB(config)#username RouterA password cisco NOTE: (1) Username maps to the remote router (2) Passwords must match Step #3: Choose Authentication type for each router; CHAP/PAP Router__(Config)#int s0 Router__(config-if)#ppp authentication chap Router__(config-if)#ppp authentication pap Router__(config-if)#^Z

PPP Example 1

PPP Example 2

PPP Example 3

PPP Example 4

Frame Relay Background High-performance WAN encapsulation method OSI Physical & data Link layer Originally designed for use across ISDN Supported Protocols IP, DECnet, AppleTalk, Xerox Network Service (XNS), Novell IPX, Banyan Vines, Transparent Bridging, & ISO Before Frame Relay

After Frame Relay

Frame Relay Purpose Provide a communications interface between DTE & DCE equipment Connection-oriented Data Link layer communication Via virtual circuits Provides a complete path from the source to destination before sending the first frame Frame Relay Terminology

Frame Relay Encapsulation Specified on serial interfaces Encapsulation types: Cisco (default encapsulation type) IETF (used between Cisco & non-Cisco devices)

RouterA(config)#int s0 RouterA(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr> Data Link Connection Identifiers (DLCIs) Frame Relay PVCs are identified by DLCIs IP end devices are mapped to DLCIs Mapped dynamically or mapped by IARP Global Significance: Advertised to all remote sites as the same PVC Local Significance: DLCIs do not need to be unique Configuration RouterA(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface RouterA(config-if)#frame-relay interface-dlci 16 DLCIs are Locally Significant

Local Management Interface (LMI) Background Purpose LMI Messages Keepalives Multicasting Multicast addressing Status of virtual circuits

LMI Types Configuration: RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a Beginning with IOS ver 11.2+ the LMI type is autosensed Default type: cisco Virtual circuit status: Active Inactive Deleted Sub-interfaces

Definition Multiple virtual circuits on a single serial interface Enables the assignment of different network-layer characteristics to each sub-interface IP routing on one sub-interface IPX routing on another Mitigates difficulties associated with: Partial meshed Frame Relay networks Split Horizon protocols

Partial Meshed Networks

Creating Sub-interfaces Configuration: #1: Set the encapsulation on the serial interface #2: Define the subinterface RouterA(config)#int s0 RouterA(config)#encapsulation frame-relay RouterA(config)#int s0.? <0-4294967295> Serial interface number RouterA(config)#int s0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link Mapping Frame Relay Necessary to IP end devices to communicate Addresses must be mapped to the DLCIs Methods: Frame Relay map command Inverse-arp function Using the map command RouterA(config)#int s0 RouterA(config-if)#encap frame RouterA(config-if)#int s0.16 point-to-point RouterA(config-if)#no inverse-arp RouterA(config-if)#ip address 172.16.30.1 255.255.255.0 RouterA(config-if)#frame-relay map ip 172.16.30.17 16 ietf broadcast RouterA(config-if)#frame-relay map ip 172.16.30.18 17 broadcast RouterA(config-if)#frame-relay map ip 172.16.30.19 18

Using the inverse arp command RouterA(config)#int s0.16 point-to-point RouterA(config-if)#encap frame-relay ietf RouterA(config-if)#ip address 172.16.30.1 255.255.255.0 Congestion Control Discard Eligibility (DE) Forward-Explicit Congestion Notification (FECN) Backward-Explicit Congestion Notification (BECN)

Committed Information Rate (CIR) Definition: Provision allowing customers to purchase amounts of bandwidth lower than what they might need Cost savings Good for bursty traffic Not good for constant amounts of data transmission Monitoring Frame Relay RouterA>sho frame ? ip show frame relay IP statistics lmi show frame relay lmi statistics map Frame-Relay map table pvc show frame relay pvc statistics route show frame relay route traffic Frame-Relay protocol statistics RouterA#sho int s0 RouterB#show frame map Router#debug frame-relay lmi Troubleshooting Frame Relay

Why cant RouterA talk to RouterB? Troubleshooting Frame Relay

Why is RIP not sent across the PVC? Introduction to VPNs VPNs are used daily to give remote users and disjointed networks connectivity over a public medium like the Internet instead of using more expensive permanent means. Types of VPNs REMOTE ACCESS VPNS Remote access VPNs allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to. SITE-TO-SITE VPNS Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay. EXTRANET VPNS Extranet VPNs allow an organizations suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business (B2B) communications.