CCNA 640-802 - Www.arabhardware.net - By Burn_notice
-
Upload
yassine-dkhissene -
Category
Documents
-
view
150 -
download
1
Transcript of CCNA 640-802 - Www.arabhardware.net - By Burn_notice
- Chapter 1: Internetworking- Chapter 2: Introduction to TCP/IP- Chapter 3: Subnetting, VLSM and Troubleshooting- Chapter 4: Cisco’s IOS and SDM- Chapter 5: Managing a Cisco Internetwork- Chapter 6: IP Routing- Chapter 7: EIGRP and OSPF- Chapter 8: Layer-2 Switching- Chapter 9: VLAN’s- Chapter 10: Security ACL- Chapter 11: Network Address Translation- Chapter 12: Wireless Networks- Chapter 13: IPv6- Chapter 14: Wide Area Networks
Chapter 1 Objectives1- Internetworking
• The CCNA Topics Covered in this chapter include:– Devices used in this book– Internetworking Basics– Layered Models– The OSI Model– Ethernet Networking– Data Encapsulation– Cisco’s Three-Layer Model– Chapter 1 Written Labs and Review Questions
Devices used in this book
Internetworking BasicsHow would you say the PC named Bob communicates with the PC named Sally?
Internetworking BasicsSwitches can replace the hub, breaking up collision domains.
Keep in mind that the hub used in the figure just extended the one collision domain from the switch port.
Internetworking BasicsHere’s a list of some of the things that commonly cause LAN traffic congestion:
• Too many hosts in a broadcast domain
• Broadcast storms
• Multicasting
• Low bandwidth
• Adding hubs for connectivity to the network
• A bunch of ARP or IPX traffic (IPX is a Novell protocol that is like IP, but really, really chatty. Typically not used in today’s networks.)
Internetworking Basics
Routers create an internetwork.
There are two advantages of using routers in your network:
• They don’t forward broadcasts by default.
• They can filter the network based on layer 3 (Network layer) information (e.g., IP address).
Four router functions in your network can be listed as follows:
• Packet switching
• Packet filtering
• Internetwork communication
• Path selectionInternetworking BasicsInternetworking devices
Switched networks creating an internetwork
Layered ModelsThe Layered Approach
• A reference model is a conceptual blueprint of how communications should take place.
• It addresses all the processes required for effective communication and divides these processes into logical groupings called layers.
• When a communication system is designed in this manner, it’s known as layered architecture.
The OSI Model
• The OSI isn’t a physical model. Rather, it’s a set of guidelines that application developers can use to create and implement applications that run on a network.
• It also provides a framework for creating and implementing networking standards, devices, and internetworking schemes
The upper layers
The lower layers
The Layer Functions
Connection-Oriented Communication
Windowing
Network LayerRouting Table used in a router
Router in an internetwork
Data Link Layer
Binary AddressingBinary to Decimal Memorization Chart
10000000 12811000000 19211100000 22411110000 24011111000 24811111100 25211111110 25411111111 255
A hub in an network
A Switch in an network
Ethernet Networking• Ethernet is a contention media access method that allows all hosts on a
network to share the same bandwidth of a link. • Ethernet is popular because it’s readily scalable, meaning that it’s
comparatively easy to integrate new technologies, such as Fast Ethernet and Gigabit Ethernet, into an existing network infrastructure.
• It’s also relatively simple to implement in the first place, and with it, troubleshooting is reasonably straightforward.
Ethernet Collision DetectionCSMA/CD
Half and Full DuplexHalf-duplex Ethernet is defined in the original 802.3 Ethernet; Cisco says it uses only one wire pair with a digital signal running in both directions on the wire.
But full-duplex Ethernet uses two pairs of wires instead of one wire pair like half duplex. And full duplex uses a point-to-point connection between the transmitter of the transmitting device and the receiver of the receiving device.
Full-duplex Ethernet can be used in three situations:• With a connection from a switch to a host• With a connection from a switch to a switch• With a connection from a host to a host using a crossover cable
Ethernet AddressingThe MAC, or hardware, address is a 48-bit (6-byte) address written in a hexadecimal format.
Ethernet at the Physical Layer
The IEEE 802.3 and original Ethernet Physical layer specifications.
Ethernet CablingEthernet cabling is an important discussion, especially if you are planning on taking the Cisco exams.
Three types of Ethernet cables are available:
• Straight-through cable• Crossover cable• Rolled cable
We will look at each in the following sections.
Straight Through
The straight-through cable is used to connect• Host to switch or hub• Router to switch or hub
Crossover CableThe crossover cable can be used to connect• Switch to switch• Hub to hub• Host to host• Hub to switch• Router direct to host
Rolled CableAlthough rolled cable isn’t used to connect any Ethernet connections together, you
can use a rolled Ethernet cable to connect a host to a router console serial communication (com) port.
Using Hyper TerminalNotice the settings for Hyper Terminal
What type of cable is used?
What type of cable is used for each connection?
Data EncapsulationWhen a host transmits data across a network to another device, the data goes through encapsulation:• It is wrapped with protocol information at each layer of the OSI model. • Each layer communicates only with its peer layer on the receiving device.
PDU
Port NumbersThe Transport layer uses port numbers to define both the virtual
circuit and the upper-layer process.
Cisco’s Three-Layer ModelThe following are the three layers and their typical functions:
• The core layer: backbone• The distribution layer: routing• The access layer: switching
Chapter 2 Objectives2: Introduction to TCP/IP
• The CCNA Topics Covered in this chapter include:• TCP/IP and the DoD Model
– Process/Application Layer– Host-to-Host Layer– Internet Layer– Network Access
• IP Addressing– Class A– Class B– Class C– Private Addressing
TCP/IP and the DoD ModelThe figure shows a comparison of the DoD model and the OSI reference model. As
you can see, the two are similar in concept, but each has a different number of layers with different names.
The TCP/IP Protocol SuiteThe DoD and OSI models are alike in design and concept
and have similar functions in similar layers.
Process/Application LayerThis section describes different applications and services typically used in IP
networks. The following protocols and applications are discussed:– Telnet– FTP– TFTP– NFS– SMTP– LPD– X Window– SNMP– DNS– DHCP/BootP
Host to Host LayerThe main purpose of the Host-to-Host layer is to shield the upper-layer applications from the complexities of the network. This layer says to the upper layer, “Just give me your data stream, with any instructions, and I’ll begin the process of getting your information ready to send.”The following sections describe the two protocols at this layer:
– Transmission Control Protocol (TCP)– User Datagram Protocol (UDP)
TCPThe figure shows the different fields within the TCP header.
UDPThis figure clearly illustrates UDP’s markedly low overhead as compared to TCP’s
hungry usage.
Key concepts of Host to Host ProtocolsTCP _______________________________ UDP Sequenced UnsequencedReliable UnreliableConnection-oriented ConnectionlessVirtual circuit Low overheadAcknowledgments No acknowledgmentWindowing flow control No windowing or flow
control
Port NumbersPort number examples for TCP and UDP
Key Protocols and Port NumbersTCP UDP
Telnet 23 SNMP 161
SMTP 25 TFTP 69HTTP 80 DNS 53
FTP 21 DNS 53 HTTPS 443
Internet LayerIP Header
Protocol Field in IP Header
Protocol Protocol Number ICMP 1 IP in IP (tunneling) 4 IGRP 9
EIGRP 88 OSPF 89 IPv6 41 GRE 47
Layer 2 tunnel (L2TP) 115
ICMPInternet Control Message Protocol (ICMP) works at the Network layer and is used by IP for many different services.
• ICMP is a management protocol and messaging service provider for IP.
• Its messages are carried as IP datagrams.
ICMP packets have the following characteristics:• They can provide hosts with information about network problems.• They are encapsulated within IP datagrams.
E0 of LAB_B goes down. What happens?
ARPARP resolves IP addresses to Ethernet (MAC) addresses.
RARP
IP AddressingAn IP address is a numeric identifier assigned to each machine on an IP network.
It designates the specific location of a device on the network.
IP addressing was designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in.
IP TerminologyBIT: A bit is one digit, either a 1 or a 0.
BYTE: A byte is 7 or 8 bits, depending on whether parity is used. For the rest of this chapter, always assume a byte is 8 bits.
OCTET: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In this chapter, the terms byte and octet are completely interchangeable.
Network address: This is the designation used in routing to send packets to a remote network—for example, 10.0.0.0, 172.16.0.0, and 192.168.10.0.
Broadcast address: The address used by applications and hosts to send information to all nodes on a network is called the broadcast address.
Network AddressingSubdividing an IP address into a network and node address is determined by the class designation of one’s network. This figure summarizes the three classes of
networks
Reserved Addressing
Address Function Network address of all 0s Interpreted to mean “this network or segment.” Network address of all 1s Interpreted to mean “all networks.” Network 127.0.0.1 Reserved for loopback tests. Node address of all 0s Interpreted to mean “network address” or
any host on specified network. Node address of all 1s Interpreted to mean “all nodes” on the
specified networkEntire IP address set to all 0s Used by Cisco routers to designate the
default route. Could also mean “any network.” Entire IP address set to all 1s (same as Broadcast to all nodes on the
current network; 255.255.255.255) sometimes called an “all 1s broadcast” or limited broadcast
Private AddressingAddress Class Reserved Address Space
Class A 10.0.0.0 through 10.255.255.255 Class B 172.16.0.0 through 172.31.255.255 Class C 192.168.0.0 through 192.168.255.255
Chapter 3 Objectives3: Subnetting, VLSM and Troubleshooting
The CCNA Topics Covered in this chapter include:-Subnetting basics-How to create subnets-Subnet masks and CIDR
• Class C subnetting• Class B subnetting• VLSM• Summarization
• Troubleshooting IP addressing
Subnetting Basics• Benefits of subnetting include:
– Reduced network traffic– Optimized network performance– Simplified management– Facilitated spanning of large geographical distances.
How To Create SubnetsTake bits from the host portion of the IP address and reserve the to divine the subnet address.
Understanding the Powers of 2
Subnet Masks• Used to define which part of the host address will be used as the subnet
address.• A 32-bit value that allows the recipient of IP packets to distinguish the
network ID portion of the IP address from the host ID portion.
Default Subnet Masks
Classless Inter-Domain Routing (CIDR)Used to allocate an amount of IP address space to a given entity (company, home, customer, etc).Example: 192.168.10.32/28The slash notation (/) means how many bits are turned on (1s) and tells you what your subnet mask is.
CIDR Values
Subnetting Class C AddressesIn a Class C address, only 8 bits are available for defining the hosts. Remember that subnet bits start at the left and go to the right, without skipping bits. This means that the only Class C subnet masks can be the following:
Binary Decimal CIDR---------------------------------------------------------
10000000 = 128 /25 11000000 = 192 /2611100000 = 224 /2711110000 = 240 /2811111000 = 248 /29
11111100 = 252 /30
Class C 192 mask examplesSubnet Host Meaning
00 000000 = 0 The network (do this first)00 000001 = 1 The first valid host00 111110 = 62 The last valid host00 111111 = 63 The broadcast address (do
this second)Subnet Host Meaning
01 000000 = 64 The network
01 000001 = 65 The first valid host
01 111110 = 126 The last valid host
01 111111 = 127 The broadcast address
Subnet Host Meaning
10 000000 = 128 The subnet address
10 000001 = 129 The first valid host
10 111110 = 190 The last valid host
10 111111 = 191 The broadcast address
Subnet Host Meaning
11 000000 = 192 The subnet address
11 000001 = 193 The first valid host
11 111110 = 254 The last valid host
11 111111 = 255 The broadcast address
Subnetting Class C Addresses – Fast MethodAnswer Five Simple Questions:
- How many subnets dose the chosen subnet mask produce?- How many valid hosts per subnet are available?- What are the valid subnets?- What's the broadcast address of each subnet?- What are the valid hosts in each subnet?
How Many Subnets? 22 = number of subnets.
X is the number of masked bits, or the 1s. For example, in 11000000, the number of ones gives us
22 subnets. In this example there are 4 subnets.How Many Hosts Per Subnet?
2y-2 = number of hosts per subnet.• Y is the number of unmasked bits, or the 0s.• For example, in 11000000, the number of zeros gives us 26-2 hosts. In
this example, there are 62 hosts per subnet.What Are The Valid Subnets?
• 256-subnet mask = block size, or base number.• For example 256-192=64. 64 is the first subnet. The next subnet would be
the base number plus itself or 64+64=128, (the second subnet).What’s The Broadcast Address For Each Subnet?
• The broadcast address is all host bits turned on, which is the number immediately preceding the next subnet.
What Are The Valid Hosts?• Valid hosts are the number between the subnets, omitting all 0s and all 1s.
Variable Length Subnet Masks (VLSM)
Which IP address will be placed in each router’s FastEthernet 0/0 interface and serial 0/1 of RouterB?
Answer
Chapter 4 Objectives
4 :Cisco’s IOS and SDM• The CCNA Topics Covered in this chapter include:• The Cisco router IOS• Enhanced editing• Administrative functions
– Hostnames– Banners– Passwords– Interface descriptions
• Verifying your configuration
Cisco Router IOS• Carries network protocols and functions• Connects high-speed traffic between devices• Adds security to control access• Provides scalability for growth• Supplies reliability
Connecting To A Cisco Router
Cisco 2811
Cisco 1841
Bringing up a Router• Boot-up process:
1: POST2: Looks for the Cisco IOS from Flash memory3: IOS loads & looks for a valid configuration;
• startup-config• stored in nonvolatile RAM (NVRAM)
4: If a valid config is not found in NVRAM:• setup mode
Setup Mode• Basic Management Setup• Extended Setup• Command-Line Interface
Command-Line Interface (CLI)• More flexible than setup mode.• To use the CLI, just say No to entering the initial configuration dialog.
Logging into the Router• User mode:
– Router>– Used mostly to view statistics
• Privileged mode:– Router#– Used to view & change router configuration
Overview of Router Modes• Global changes:
– config terminal or config t– Changes made to running-config (DRAM)– To change the startup-config (NVRAM)
• config memory or config memNote: Any configuration changes need to be placed into RAM. Typing config mem or config net (from a TFTP host) will append the current running-config
Configuration
• CLI Prompts• Interfaces• Sub-interfaces• Line Commands• Routing Protocol Configurations
Editing & Help Features• Commands starting with a certain letter
Router#c? clear clock configure connect copy• Enhanced Editing Commands• Router-Command History• Gathering Basic Routing Information
– show versionRouter Command History
Gathering Basic Routing Information Router# show version
Administrative FunctionsThe administrative functions that you can configure on a router and switch are• Hostnames• Banners• Password• Interface descriptions
Hostnames & Descriptions• Hostnames
Router(config)#hostname todd todd(config)#• Descriptions
Atlanta(config)#int e0 Atlanta(config-if)#description Sales Lan
Banners• Purpose• Types
– exec– incoming– login– motd
• Delimiting characterSetting the Passwords
• 5 passwords:
– 1st two used to set your enable password• Used to secure privileged mode; Router>enable
– Other three are used to configure a password in user mode via:• console port• auxiliary port• Telnet
Passwords• Enable passwordsRouter(config)#enable password ciscoRouter(config)#enable secret cisco• Auxiliary Password• Console Password• Telnet Password• Encrypting Your PasswordRouter(config)#service password-encryption
Interface DescriptionsSetting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. The description command is a helpful one because you can, for instance, use it to keep track of circuit numbers.
Here’s an example:Atlanta(config)#int e0Atlanta(config-if)#description Sales LanAtlanta(config-if)#int s0Atlanta(config-if)#desc Wan to Miami circuit:6fdda4321
You can view the description of an interface either with the show running-config command or the show interface command.
Router Interfaces• Bringing up an Interfaceno shutdownshutdownshow interface• Configuring an IP Address on an InterfaceRouter(config)#int e0Router(config-if)#ip address 172.16.10.2 255.255.255.0Router(config-if)#no shut• Serial Interface Commandsclock rate & bandwidth (entered in kilobits)
Viewing, & Saving Configurations• Viewing & Saving Configurations
– running-config saved in DRAM– startup-config saved in NVRAM
copy run startsh runsh starterase startup-config
Verifying Your ConfigurationTools:
– show running-config– show startup-config– ping– show cdp nei detail– trace– telnet
• Verifying with the show interface command– Router#show interface ?
• Verifying with the show ip interface command– Router#show ip interface– Router#show ip interface brief– Router#show controllers
Chapter 5 Objectives5 :Managing a Cisco Internetwork
• The CCNA Topics Covered in this chapter include:• Cisco Router Components• Boot Sequence• Configuration register• Backing up and restoring the IOS• Backing up and restoring the configuration• Cisco Discovery Protocol• Telnet• Resolving hostnames• Troubleshooting tools
Cisco Router Components• Bootstrap
– Brings up the router during initialization• POST
– Checks basic functionality; hardware & interfaces• ROM monitor
– Manufacturing testing & troubleshooting• Mini-IOS
– Loads Cisco IOS into flash memory• RAM
– Holds packet buffers, routing tables, & s/w– Stores running-config
• ROM– Starts & maintains the router
• Flash Memory– Holds Cisco IOS– Not erased when the router is reloaded
• NVRAM– Holds router (& switch) configurations– Not erased when the router is reloaded
• Configuration Register– Controls how the router boots up
Boot Sequence1: Router performs a POST2: Bootstrap looks for & loads the Cisco IOS3: IOS software looks for a valid configuration file4: Startup-config file (from NVRAM) is loaded– If startup-config file is not found, the router will start the setup mode
Configuration Registers• Register
– 16-bit software written into NVRAM
– Loads from flash memory & looks for the startup-config file• Configuration Register Bits
– 16 bits read 15-0, from left to right– default setting: 0x2102
Register 2 _ 1 __ 0 _ 2 __ Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0Binary 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
NOTE: 0x means the digits that follow are in hexadecimal
Configuration Meanings
Checking the Register ValueRouter#sh versionConfiguration register is 0x2102
Recovering Passwords1 :Boot the router & interrupt the boot sequence by performing a break using the
Ctrl+Break key combination.2 :Change the configuration register to turn on bit 6 (0x2142)
rommon>confreg 0x2142You must reset or power cycle for new config to take effect
3 :Reload the router–Type reset
•The router will reload & ask if you want to enter setup mode–Answer NO
4 :Enter the privileged modeRouter>enable
Router#
5 :Copy the startup-config to running-configRouter#copy startup-config running-config
6 :Change the passwordRouter#config tRouter(config)#enable secret cisco
7 :Reset the configuration register to the default valueRouter(config)#config-register 0x2102
8 :Reload the router
Backing up & Restoring the Cisco IOSBefore you upgrade..…
–Copy the existing IOS to a TFTP host!Verify Flash MemoryRouter#sh flash
System flash directory:File Length Name/status
1 8121000 c2500-js-1.112-18.bin[8121064 bytes used, 8656152 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)Router#
1 :Ensure you have good connectivity to the TFPT hostRouter#ping 192.168.0.120
2 :Copy the IOS from flash to the TFTP hostRouter#copy flash tftpThe TFTP host must have a default directory specified
Restoring or Upgrading the Cisco IOS
1 :Ensure you have good connectivity to the TFTP hostRouter#ping 192.168.0.120
2 :Copy the IOS from the TFTP host to flashRouter#copy tftp flash
The TFTP host must have a default directory specifiedCopying the IOS from a TFTP host to flash requires a router reboot
Backing up the Configuration 1 :Verify the Current Configuration
Router#sh run
2 :Verify the Stored Configuration Router#sh start
Verify available memory 3 :Copy running-config to NVRAM
Router#copy run start Router#sh start
4 :Copy running-config to a TFTP host Router#copy run tftp
A second backup Using Cisco Discovery Protocol (CDP)
A Cisco proprietary protocolDesigned to collect information about directly attached & remote device
Hardware informationProtocol information
Useful in troubleshooting & documenting the network
Getting CDP Timers & Holdtime Information
ConfigurationCDP Timer: How often CDP packets are transmitted to all active interfacesCDP Holdtime: The amount of time that the device will hold packets received from neighbor devicesRouter#sh cdpGlobal CDP informationSending CDP packets every 60 secondsSending a holdtime value of 180 seconds
Router#config tRouter(config)#cdp timer 90Router(config)#cdp holdtime 240
Getting Neighbor Information• Shows information about directly connected devices– CDP packets are not passed through a Cisco switch– Can only see what is directly attachedRouter#sh cdp neiorRouter#sh cdp neighbor detail– Detailed information; hostname, IP address, etc
Getting Interface Traffic & Port Information• Interface Traffic Information:
– CDP packets sent & received– Errors with CDP
Router#sh cdp traffic• Port & Interface Information:
– Encapsulation on the line– Timer & Holdtime for each interface
Router#sh cdp interface
Using Telnet• A virtual terminal protocol
– Part of the TCP/IP suite– Allows connections to remote devices
• Gather information• Run programs
Note: The VTY passwords must be set on the routers
• Setting VTY passwords:Router#config tRouter(config)#line vty 0 4Router(config)#loginRouter(config)#password ciscoRouter(config)#^ZRouter#172.16.10.2Trying 172.16.10.2 … Open
User Access VerificationPassword:RouterB>
Remember….– VTY password is the user mode (>) password - not the enable mode
(#) password– With no enable/enable secret password set, the following happens:
RouterB>en% No password setRouterB>This equates to good security!
Telnet Commands• Telnetting into Multiple DevicesCtrl+Shift+6 (release) X• Checking Telnet ConnectionsRouter#sh sessions• Checking Telnet UsersRouter#sh users• Closing Telnet SessionsRouterB>exitRouterB>disconnect
Resolving Hostnames
• To use a hostname rather than an IP address to connect to a remote host a device must be able to translate the hostname to an IP address– Build a host table on each router– Build a Domain Name System (DNS) server
Building a Host Table• Provides name resolution only on the router on which it is built]ip host name tcp_port_number ip_address[Router(config)#ip host RouterB 172.16.10.2Router(config)#ip host switch 192.168.0.148Router#sh hosts
• Default TCP port number: 23Router#RouterBRouterB#(Ctrl+Shift+6) (X)Router#switch
Using DNS to Resolve Names• Used when you have many devices on your network• Making DNS work…
– ip domain-lookup• Turned on by default
– ip name-server• Sets the IP address of the DNS server (up to 6 each)
– ip domain-name• Appends the domain name to the hostname
Ex: RouterA.neversail.navy.mil
Checking Network Connectivity• Ping
– Displays the minimum, average, & maximum times it takes for aping packet to find a specified system + return
Router#ping RouterB• Trace
– Shows the path a packet takes to get to a remote deviceRouter#trace RouterB
Chapter 6 Objectives
6: IP Routing• Understanding IP routing• Static routing• Dynamic routing
– RIP– RIPv2– Verifying routing
What is Routing?To route a router need to know:
– Remote Networks– Neighbor Routers– All Possible routes to remote network– The absolute best route to all remote networks– Maintain and verify the routing information
Basic Path Selection
What interface will the router send out a packet if it has destination address of 10.10.10.18?
Routing/PDU Example:Host A Web browses to the HTTP Server….
1. The destination address of a frame will be the2. 2. The destination IP address of a packet will be the IP address of the3. The destination port number in a segment header will have a value of
Static Routes
Static Route Configurationip route remote network ]mask[ {address|interface} ]distance[ ]permanent[
Router(config)#ip route [remote network] [mask] [next hop]
Static Route Example
ip route 172.16.1.0 255.255.255.0 172.16.3.2orip route 172.16.1.0 255.255.255.0 s0
Default Routes
ip route 0.0.0.0 0.0.0.0 172.16.3.1 ip classless
Routing vs. Routed• Routing protocols are used between routers to:
– Determine the path of a packet through a network– Maintain routing tables– Examples?
• Routed protocols are:– Assigned to an interface– Once the path is determined by the Routing protocol, determines
method of delivery– Examples?
Routing Protocols
An autonomous system is a collection of networks under a common administrative domain.
• IGPs operate within an autonomous system.• EGPs connect different autonomous systems.
Classful Routing Overview
Classful routing protocols do not include the subnet mask with the route advertisement.
– Within the same network, consistency of the subnet masks is assumed.
– Summary routes are exchanged between foreign networks.– Examples of classful routing protocols:
• RIP Version 1 (RIPv1)• IGRP
Classless Routing OverviewClassless routing protocols include the subnet mask with the route advertisement.
– Classless routing protocols support variable-length subnet masking (VLSM).
– Summary routes can be manually controlled within the network.– Examples of classless routing protocols:
• RIP Version 2 (RIPv2)• EIGRP• OSPF• IS-IS
Administrative Distance
Default Administrative DistanceDirectly Connected: 0Static Route: 1RIP: 120IGRP: 100EIGRP: 90OSPF: 110
Distance Vector
- Distance vector algorithms do not allow a router to know the exact topology of an internetwork.
- All routers just broadcast their entire routing table out all active interfaces on periodic time intervals
Discovering Routes
Routing Loops
RIP Overview
– Hop count metric selects the path, 16 is unreachable– Full route table broadcast every 30 seconds– Load balance maximum of 6 equal cost paths (default = 4)– RIPv2 supports VLSM and Discontiguous networks
RIP Routing ConfigurationRouter(config)#router rip Router(config-router)#network network-number*
*Network is a classful network address. Every device on network uses the same subnet mask
RIP Version 2• Allows the use of variable length subnet masks (VLSM) by sending subnet
mask information with each route update• Distance Vector – same AD, and timers.• Easy configuration, just add the command “version 2” under the router rip
configuration
Discontiguous AddressingTwo networks of the same classful networks are separated by a different network address
– RIPv1 and IGRP do not advertise subnet masks, and therefore cannot support discontiguous subnets.
– OSPF, EIGRP, and RIPv2 can advertise subnet masks, and therefore can support discontiguous subnets.
Passive InterfaceMaybe you don’t want to send RIP updates out your router interface connected to the Internet. Use the passive-interface command:Router(config)#router ripRouter(config-router)#passive-interface serial0
This allows a router to receive route updates on an interface, but not send updates via that interface
Verifying RIPRouter#show ip protocols Router#show ip routeRouter#debug ip rip Router#undebug all (un all)
Chapter 7 Objectives7: EIGRP and OSPF
• Enhanced IGRP– EIGRP tables– Configuring EIGRP– Verifying EIGRP
• Open Shortest Path First– Configuring OSPF– Verifying OSPF– Configuring OSPF with wildcards
What Is Enhanced IGRP (EIGRP)?
• Enhanced IGRP supports:– Rapid convergence– Reduced bandwidth usage– Multiple network-layer support– Uses Diffused Update Algorithm (DUAL) to select loop-free routes and
enable fast convergence– Up to six unequal paths to a remote network (4 by default)
Comparing EIGRP and IGRP– Similar metric– Same load balancing– Improved convergence time– Reduced network overhead– Maximum hop count of 255 (100 default)– EIGRP can differentiate between internal and external routes
EIGRP for IP• No updates. Route updates sent only when a change occurs – multicast on
224.0.0.10• Hello messages sent to neighbors every 5 seconds (60 seconds in most
WANs)
EIGRP Terminology
Note: A feasible successor is a backup route and stored in the Topology table
EIGRP Tables• The neighbor table and topology table are held in ram and are maintained
through the use of hello and update packets.
To see all feasible successor routes known to a router, use the show ip eigrp topology command
Successor routes• Successor route is used by EIGRP to forward traffic to a destination• A successor routes may be backed up by a feasible successor route• Successor routes are stored in both the topology table and the routing table
Choosing Routes
• EIGRP uses a composite metric to pick the best path: bandwidth and delay of the line
• EIGRP can load balance across six unequal cost paths to a remote network (4 by default)
Configuring EIGRP for IP
If you use the same AS number for EIGRP as IGRP, EIGRP will automatically redistribute IGRP into EIGRP
RedistributionRedistribution is translating one type of routing protocol into another.
IGRP and EIGRP translate automatically, as long as they are both using the same AS number
Route PathAssuming all default parameters, which route will RIP (v1 and v2) take, and
which route will EIGRP take?
Verifying Enhanced IGRP Operation
Show IP RouteP1R1#sh ip routeP1R1#sh ip route]output cut[Gateway of last resort is not setD 192.168.30.0/24 ]90/2172[ via 192.168.20.2,00:04:36, Serial0/0C 192.168.10.0/24 is directly connected, FastEthernet0/0D 192.168.40.0/24 ]90/2681[ via 192.168.20.2,00:04:36, Serial0/0C 192.168.20.0/24 is directly connected, Serial0/0D 192.168.50.0/24 ]90/2707[ via 192.168.20.2,00:04:35, Serial0/0P1R1#
-D is for “Dual”-]90/2172[ is the administrative distance and cost of the route. The cost of
the route is a composite metric comprised from the bandwidth and delay of the line
Introducing OSPF
• Open standard• Shortest path first (SPF) algorithm• Link-state routing protocol (vs. distance vector)• Can be used to route between AS’s
OSPF Hierarchical Routing
• Consists of areas and autonomous systems• Minimizes routing update traffic• Supports VLSM• Unlimited hop count
Link State Vs. Distance Vector Link State:• Provides common view of entire topology• Calculates shortest path• Utilizes event-triggered updates• Can be used to route between AS’sDistance Vector:• Exchanges routing tables with neighbors• Utilizes frequent periodic updates
Types of OSPF Routers
Configuring Single Area OSPF
OSPF Example
Verifying the OSPF Configuration
OSFP Neighbors• OSPF uses hello packets to create adjacencies and maintain connectivity with
neighbor routers• OSPF uses the multicast address 224.0.0.5
• Hello packets provides dynamic neighbor discovery• Hello Packets maintains neighbor relationships• Hello packets and LSA’s from other routers help build and maintain the
topological database
OSPF Terminology
• Neighbor• Adjacency
Router ID (RID)
Each router in OSPF needs to be uniquely identified to properly arrange them in the Neighbor tables.
Electing the DR and BDRMulticast Hellos are sent and comparedRouter with Highest Priority is Elected as DRRouter with 2nd Highest Priority is Elected as BDR
• OSPF sends Hellos which elect DRs and BDRs• Router form adjacencies with DRs and BDRs in a multi-access environment
Configuring Loopback Interfaces
Router ID (RID): – Number by which the router is known to OSPF– Default: The highest IP address on an active interface at the moment
of OSPF process startup– Can be overridden by a loopback interface: Highest IP address of any
active loopback interface – also called a logical interface
Interface PrioritiesWhat is the default OSPF interface priority?Router# show ip ospf interface ethernet0/0Ethernet0 is up, line protocol is upInternet Address 192.168.1.137/29, Area 4Process ID 19, Router ID 192.168.1.137, Network Type BROADCAST,Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1Designated Router (ID) 192.168.1.137, Interface address 192.168.1.137No backup designated router on this networkTimer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5Hello due in 00:00:06Index 2/2, flood queue length 0Next 0x0(0)/0x0(0)Last flood scan length is 0, maximum is 0Last flood scan time is 0 msec, maximum is 0 msecNeighbor Count is 0, Adjacent neighbor count is 0Suppress hello for 0 neighbor(s)
Ensuring your DR
What options can you configure that will ensure that R2 will be the DR of the LAN segment?
Configuring WildcardsIf you want to advertise a partial octet (subnet), you need to use wildcards.
– 0.0.0.0 means all octets match exactly– 0.0.0.255 means that the first three match exactly, but the last octet
can be any valueAfter that, you must remember your block sizes….The wildcard address is always one less than the block size….
– 192.168.10.8/30 = 0.0.0.3– 192.168.10.48/28 = 0.0.0.15– 192.168.10.96/27 = 0.0.0.31– 192.168.10.128/26 = 0.0.0.63
Wildcard Configuration of the Lab_B Router
Lab_A Lab_B Lab_CE0: 192.168.30.1/24 E0: 192.168.40.1/24 E0: 192.168.50.1/24S0: 172.16.10.5/30 S0: 192.168.10.10/30 S1: 172.16.10.9/30 S1: 192.168.10.6/30
Chapter 8 Objectives8: Layer-2 Switching
The CCNA Topics Covered in this chapter include:• What is layer-2 switching• Switching services• Bridges vs. LAN switching• Three switch functions• MAC table• Switching loops Spanning-Tree Protocol (STP)
Layer 2 Switching • Purposes for using switching
– Breaks up collision domains– Cost-effective, resilient internetwork
• Purpose for Spanning-Tree Protocol (STP)– Stops loops in layer 2 switched networks
Before Layer 2 Switching
Switched LANs
Typical Switched Designs
One link to the server!
Switching ServicesLayer 2 switching provides:
– Hardware-based bridging (ASIC)– Wire speed– Low latency– Low cost
Limitations of Layer 2 Switching• Must break up the collision domains correctly.• Make sure that users spend 80 percent of their time on the local segment.• Switches do not break up broadcast domains by default.
Bridging vs. LAN switching
Three Switch Functions at Layer-2
Empty MAC table
How Switches Learn Hosts’ Locations
Switching Loops
Switching Loop Problems
Spanning-Tree Protocol (STP)Solves Switching loops at layer 2
Spanning-Tree Operations• Selecting the root bridge• Selecting the designated port
Spanning-Tree Port States• Blocking• Listening• Forwarding• Disabled
Spanning-Tree Example
Chapter 9 Objectives9: VLAN’s
The CCNA Topics Covered in this chapter include:• What is a VLAN?• VLAN Memberships• VLAN links• Frame tagging• VTP• Trunking• Configuring VLANs• Inter-VLAN Communication• Configuration examples
Virtual LANs (VLANs)• Definition: A logical grouping of network users and resources connected to
administratively defined ports on a switch.– Smaller broadcast domains– Organized by:
• Location• Function• Department• Application or protocol
Switches
Features of VLANs• Simplify network management• Provides a level of security over a flat network• Flexibility and Scalability
Broadcast Control• Broadcasts occur in every protocol• Bandwidth & Broadcasts• Flat network• VLANs & Broadcasts
Flat Network Structure
Flexibility & Scalability• Layer-2 switches only read frames
– Can cause a switch to forward all broadcasts• VLANs
– Essentially create broadcast domains• Greatly reduces broadcast traffic• Ability to add wanted users to a VLAN regardless of their
physical location• Additional VLANs can be created when network growth
consumes more bandwidth
Physical LANs Connected To A Router
VLANs Remove The Physical Boundary
VLAN Memberships• Static VLANs
– Typical method of creating VLANs– Most secure
• A switch port assigned to a VLAN always maintains that assignment until changed
• Dynamic VLANs– Node assignment to a VLAN is automatic
• MAC addresses, protocols, network addresses, etc– VLAN Management Policy Server (VMPS)
• MAC address database for dynamic assignments• MAC-address to VLAN mapping
Identifying VLANs• Access links
– A link that is part of only one VLAN• Trunk links
– Carries multiple VLANs
Identifying VLANs (cont.)
Frame Tagging• Definition: A means of keeping track of users & frames as they travel the
switch fabric & VLANs– User-defined ID assigned to each frame– VLAN ID is removed before exiting trunked links & access links
VLAN ID Methods• Inter-Switch Link (ISL)
– Cisco proprietary– FastEthernet & Gibabit Ethernet only
• IEEE 802.1q– Must use if trunking between Cisco & non-Cisco switch
Inter-Switch Link (ISL) Protocol• Definition: A means of explicitly tagging VLAN information onto an Ethernet
frame– Allows VLANs to be multiplexed over a trunk line– Cisco proprietary– External tagging process
VLAN Trunk Protocol (VTP)• Purpose: to manage all configured VLANs across a switch internetwork &
maintain consistency– Allows an administrator to add, delete, & rename VLANs
VTP Benefits• Benefits
– Consistent configuration– Permits trunking over mixed networks– Accurate tracking– Dynamic reporting– Plug-and-Play
• A VTP server must be created to manage VLANs
VTP Modes
VTP Modes of Operation• Server
– Default for all Catalyst switches– Minimum one server for a VTP domain
• Client– Receives information + sends/receives updates– Cannot make any changes
• Transparent– Does not participate in a VTP domain but forwards VTP
advertisements– Can add/delete VLANs– Locally significant
Router with Individual VLAN associations
Routing Between VLANs
Configuring VLANs• Creating VLANs• Assigning Switch Ports to VLANs• Configuring Trunk Ports• Configuring Inter-VLAN routing
Configuring VTP• Switches are configured to be VTP servers by default.
InterVLAN Configuration Example
Example 2
Example 3
Example 4
Configuring Switching In Our Sample Internetwork
2950C
2950B
Setting Up Trunking
Inter-VLAN communication
Chapter 10 Objectives10: Security
The CCNA Topics Covered in this chapter include:• Introduction to Security
– Types of attacks– Mitigating attacks
• Access-lists– Standard– Extended– Named– Monitoring Access-lists
Introduction to Security
Attacks• APPLICATION-LAYER ATTACKS• AUTOROOTERS• BACKDOORS• DENIAL OF SERVICE (DOS) AND DISTRIBUTED DENIAL OF SERVICE (DDOS)
ATTACKS– (MANY OTHERS)
Mitigating Attacks• Appliances
– IDS– IPS
• STATEFUL IOS FIREWALL INSPECTION ENGINE• FIREWALL VOICE TRAVERSAL• ICMP INSPECTION• AUTHENTICATION PROXY
Access Lists• Purpose:
– Used to permit or deny packets moving through the router– Permit or deny Telnet (VTY) access to or from a router– Create dial-on demand (DDR) interesting traffic that triggers dialing to
a remote location
Important Rules• Packets are compared to each line of the assess list in sequential order• Packets are compared with lines of the access list only until a match is made
– Once a match is made & acted upon no further comparisons take place
• An implicit “deny” is at the end of each access list– If no matches have been made, the packet will be discarded
Types of Access Lists• Standard Access List
– Filter by source IP addresses only• Extended Access List
– Filter by Source IP, Destination IP, Protocol Field, Port Number• Named Access List
– Functionally the same as standard and extended access lists.
Application of Access Lists• Inbound Access Lists
– Packets are processed before being routed to the outbound interface• Outbound Access Lists
– Packets are routed to the outbound interface & then processed through the access list
ACL Guidelines• One access list per interface, per protocol, or per direction• More specific tests at the top of the ACL• New lists are placed at the bottom of the ACL• Individual lines cannot be removed• End ACLs with a permit any command• Create ACLs & then apply them to an interface• ACLs do not filter traffic originated from the router• Put Standard ACLs close to the destination• Put Extended ACLs close the the source
Standard IP Access ListsRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list ? <1-99> IP standard access list
<100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list
Standard IP Access Lists• Creating a standard IP access list:
Router(config)#access-list 10 ? deny Specify packets to reject permit Specify packets to forward• Permit or deny?
Router(config)#access-list 10 deny ? Hostname or A.B.C.D Address to match any any source host host A single host address• Using the host command
Router(config)#access-list 10 deny host 172.16.30.2
Standard ACL Example
Standard ACL example 2
Standard ACL Example 3
Wildcards• What are they???
– Used with access lists to specify a….• Host• Network• Part of a network
Block Sizes 64 32 16 8 4• Rules:
– When specifying a range of addresses, choose the closest block size – Each block size must start at 0
– A ‘0’ in a wildcard means that octet must match exactly– A ‘255’ in a wildcard means that octet can be any value– The command any is the same thing as writing out the wildcard:
0.0.0.0 255.255.255.255
Specifying a Range of Subnets(Remember: specify a range of values in a block size)Requirement: Block access in the range from 172.16.8.0 through 172.16.15.0 = block size 8
Network number = 172.16.8.0Wildcard = 0.0.7.255
**The wildcard is always one number less than the block size
Controlling VTY (Telnet) Access• Why??
– Without an ACL any user can Telnet into the router via VTY and gain access
• Controlling access– Create a standard IP access list
• Permitting only the host/hosts authorized to Telnet into the router
– Apply the ACL to the VTY line with the access-class command
ExampleLab_A(config)#access-list 50 permit 172.16.10.3 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in(implied deny)
Extended IP Access Lists• Allows you to choose...
• IP Source Address• IP Destination Address• Protocol• Port number
Extended IP ACLs
Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list
<600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list
Router(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward
Extended IP ACLsRouter(config)#access-list 110 deny ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol tcp Transmission Control Protocol udp User Datagram Protocol
Router(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host
Extended IP ACL Steps#1: Select the access list:
RouterA(config)#access-list 110#2: Decide on deny or permit:
RouterA(config)#access-list 110 deny#3: Choose the protocol type:
RouterA(config)#access-list 110 deny tcp#4: Choose source IP address of the host or network: RouterA(config)#access-list 110 deny tcp any#5: Choose destination IP address
RouterA(config)#access-list 110 deny tcp any host 172.16.30.2#6: Choose the type of service, port, & logging
RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 log
Steps (cont.)RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 logRouterA(config)#access-list 110 permit ip any 0.0.0.0 255.255.255.255RouterA(config)#ip access-group 110 in orRouterA(config)#ip access-group 110 out
Named Access Lists• Another way to create standard and extended access lists.• Allows the use of descriptive names to ease network management.• Syntax changes:
– Lab_A(config)#ip access-list standard BlockSales– Lab_A(config-std-nacl)#deny 172.16.40.0 0.0.0.255– Lab_A(config-std-nacl)#permit any
Monitoring IP Access Lists• Display all access lists & their parameters
show access-list• Show only the parameters for the access list 110
show access-list 110• Shows only the IP access lists configured
show ip access-list• Shows which interfaces have access lists set
show ip interface• Shows the access lists & which interfaces have access lists set
show running-config
Chapter 11 Objectives11: Network Address Translation
The CCNA Topics Covered in this chapter include:– What is NAT
• Static• Dynamic• PAT
– Configuring NAT– Verifying NAT
What is NAT?• Similar to Classless Inter-Domain Routing (CIDR), the original intention for
NAT was to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses.
Benefits of NAT• You need to connect to the Internet and your hosts don’t have globally
unique IP addresses.• You change to a new ISP that requires you to renumber your network.• You need to merge two intranets with duplicate addresses.
Where NAT is typically configured
Basic NAT
Three types of NAT• Static• Dynamic• Overloading
Static NATLet’s take a look at a simple basic static NAT configuration:
ip nat inside source static 10.1.1.1 170.46.2.2!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.46.2.1 255.255.255.0 ip nat outside!
Dynamic NATHere is a sample output of a dynamic NAT configuration:ip nat pool todd 170.168.2.2 170.168.2.254 netmask 255.255.255.0ip nat inside source list 1 pool todd!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255!
Port Address Translation
PATHere is a sample output of a PAT configuration:ip nat pool globalnet 170.168.2.1 170.168.2.1 netmask 255.255.255.0ip nat inside source list 1 pool globalnet overload!interface Ethernet0/0 ip address 10.1.1.10 255.255.255.0 ip nat inside!interface Serial0/0 ip address 170.168.2.1 255.255.255.0 ip nat outside!access-list 1 permit 10.1.1.0 0.0.0.255
What is your configuration?
NAT Lab example
Chapter 12 Objectives12: Wireless Networks
The CCNA Topics Covered in this chapter include:• What is a WLAN?• IEEE Standards• CSMA/CD• ISM 2.4Ghz channels• UNII Band• BSS/ESS• Wireless Security
Wireless LAN’s• Transmitting a signal using the typical 802.11 specifications works a lot like it
does with a basic Ethernet hub: They’re both two-way forms of communication, and they both use the same frequency to both transmit and receive, often referred to as half-duplex.
• Wireless LANs (WLANs) use radio frequencies (RFs) that are radiated into the air from an antenna that creates radio waves.
Unlicensed Frequencies
802.11 StandardsHere are the most popular standards in use today:• 802.11b: 2.4Ghz, maximum bandwidth of 11Mbps• 802.1g: 2.4Ghz, up to 54Mbps• 802.11a: 5Ghz, up to 54Mbps
802.11b CSMA/CD
ISM 2.4 Ghz Channels
UNII 5Ghz Band
Range Comparisons
BSS/ESS
Wireless SecurityAll Wi-Fi Certified wireless LAN products are shipped in "open-access" mode, with their security features turned off. • SSID, WEP and MAC authentication• 802.11i• WPA and WPA 2
Chapter 13 Objectives13: IPv6
The CCNA Topics Covered in this chapter include:• What is IPv6?• Why do we need IPv6?• IPv6 Addressing• Address types• Special Addresses• Autoconfiguration• Configuring IPv6• Tunneling
What is IPv6?People refer to IPv6 as “the next-generation Internet protocol,” and it was originally created as the answer to IPv4’s inevitable, looming address-exhaustion crisis. Though you’ve probably heard a thing or two about IPv6 already, it has been improved even further in the quest to bring us the flexibility, efficiency, capability, and optimized functionality that can truly meet our ever-increasing needs.
Why do we need IPv6?• Because we need to communicate, and our current system isn’t really cutting
it anymore—kind of like how the Pony Express can’t compete with airmail. Just look at how much time and effort we’ve invested in coming up with slick new ways to conserve bandwidth and IP addresses.
• The amount of people and devices that connect to networks increases each and every day.
IPv6 AddressingIPv6 addresses are 128 bits
Shortened ExpressionYou can actually leave out parts of the address to abbreviate it, but to get away with doing that you have to follow a couple of rules. First, you can drop any leading zeros in each of the individual blocks. After you do that, the sample address from earlier would then look like this:2001:db8:3c4d:12:0:0:1234:56abOkay, that’s a definite improvement—at least we don’t have to write all of those extra zeros! But what about whole blocks that don’t have anything in them except zeros? Well, we can kind of lose those too—at least some of them. Again referring to our sample address, we can remove the two blocks of zeros by replacing them with double colons, like this:2001:db8:3c4d:12::1234:56ab
Address Types• Unicast• Global Unicast• Link-local• Unique Local• Multicast• Anycast
Special Addresses0:0:0:0:0:0:0:0 Equals ::. This is the equivalent of IPv4’s 0.0.0.0, and is typically the source address of a host when you’re using stateful configuration.
0:0:0:0:0:0:0:1 Equals ::1. The equivalent of 127.0.0.1 in IPv4.
0:0:0:0:0:0:192.168.100.1This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment.
2000::/3The global unicast address range.
FC00::/7The unique local unicast range.
FE80::/10The link-local unicast range.
Special Addresses Cont.FF00::/8The multicast range.
3FFF:FFFF::/32 Reserved for examples and documentation.
2001:0DB8::/32 Also reserved for examples and documentation.
2002::/16Used with 6to4, which is the transition system—the structure that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.
Autoconfiguration
Configuring IPv6In order to enable IPv6 on a router, you have to use the ipv6 unicast-routing global configuration command:Corp(config)#ipv6 unicast-routing
IPv6 isn’t enabled by default on any interfaces either, so we have to go to each interface individually and enable it. You use the interface configuration command ipv6 address <ipv6prefix>/<prefix-length> ]eui-64[to get this done. Here’s an example:Corp(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64
You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option. Remember, the eui-64 format allows the device to use its MAC address and pad it to make the interface ID. Corp(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
Tunneling 6to4
Chapter 14 Objectives14: Wide Area Networks
The CCNA Topics Covered in this chapter include:• Introduction to WAN’s• HDLC• PPP• Frame Relay• Introduction to VPN’s
Defining WAN Terms• Customer Premises Equipment (CPE)
• Demarcation (demarc)• Local loop• Central Office (CO)• Toll network
WAN Connection Types
DTE-DCE-DTE
WAN Support• Frame Relay• ISDN• LAPB• LAPD• HDLC• PPP• ATM
HDLC Protocol• Bit-oriented Data Link layer ISO standard protocol• Specifies a data encapsulation method
• No authentication can be used
HDLC Frame Format
Point-to-Point Protocol (PPP)• Purpose:
– Transport layer-3 packets across a Data Link layer point-to-point link• Can be used over asynchronous serial (dial-up) or synchronous serial (ISDN)
media– Uses Link Control Protocol (LCP)
• Builds & maintains data-link connections
Point-to-Point Protocol Stack
PPP Main Components• EIA/TIA-232-C
– Intl. Std. for serial communications• HDLC
– Serial link datagram encapsulation method• LCP
– Used in P-t-P connections:• Establishing• Maintaining• Terminating
• NCP– Method of establishing & configuring Network Layer protocols– Allows simultaneous use of multiple Network layer protocols
LCP Configuration Options• Authentication
– PAP– CHAP
• Compression– Stacker– Predictor
• Error detection– Quality– Magic Number
• Multilink– Splits the load for PPP over 2+ parallel circuits; a bundle
PPP Session Establishment
• Link-establishment phase• Authentication phase• Network-layer protocol phase
PPP Session Establishment
PPP Authentication Methods• Password Authentication Protocol (PAP)
– Passwords sent in clear text– Remote node returns username & password
• Challenge Authentication Protocol (CHAP)– Done at start-up & periodically– Challenge & Reply
• Remote router sends a one-way hash ~ MD5
Configuring PPP• Step #1: Configure PPP on RouterA & RouterB:
Router__#config tRouter__(config)#int s0Router__(config-if)#encapsulation pppRouter__(config-if)#^Z
• Step #2: Define the username & password on each router:– RouterA: RouterA(config)#username RouterB password cisco– RouterB: RouterB(config)#username RouterA password cisco
NOTE: (1) Username maps to the remote router (2) Passwords must match
• Step #3: Choose Authentication type for each router; CHAP/PAPRouter__(Config)#int s0Router__(config-if)#ppp authentication chapRouter__(config-if)#ppp authentication papRouter__(config-if)#^Z
PPP Example 1
PPP Example 2
PPP Example 3
PPP Example 4
Frame Relay• Background
– High-performance WAN encapsulation method– OSI Physical & data Link layer– Originally designed for use across ISDN
• Supported Protocols– IP, DECnet, AppleTalk, Xerox Network Service (XNS), Novell IPX,
Banyan Vines, Transparent Bridging, & ISO
Before Frame Relay
After Frame Relay
Frame Relay
• Purpose– Provide a communications interface between DTE & DCE equipment– Connection-oriented Data Link layer communication
• Via virtual circuits• Provides a complete path from the source to destination
before sending the first frame
Frame Relay Terminology
Frame Relay Encapsulation• Specified on serial interfaces• Encapsulation types:
– Cisco (default encapsulation type)– IETF (used between Cisco & non-Cisco devices)
RouterA(config)#int s0 RouterA(config-if)#encapsulation frame-relay ? ietf Use RFC1490 encapsulation <cr>
Data Link Connection Identifiers (DLCIs)• Frame Relay PVCs are identified by DLCIs• IP end devices are mapped to DLCIs
– Mapped dynamically or mapped by IARP• Global Significance:
– Advertised to all remote sites as the same PVC• Local Significance:
– DLCIs do not need to be unique• Configuration
RouterA(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface RouterA(config-if)#frame-relay interface-dlci 16
DLCI’s are Locally Significant
Local Management Interface (LMI)• Background• Purpose• LMI Messages
– Keepalives– Multicasting– Multicast addressing– Status of virtual circuits
LMI Types• Configuration:
RouterA(config-if)#frame-relay lmi-type ? cisco ansi q933a
– Beginning with IOS ver 11.2+ the LMI type is auto-sensed– Default type: cisco
• Virtual circuit status:– Active– Inactive– Deleted
Sub-interfaces• Definition
– Multiple virtual circuits on a single serial interface– Enables the assignment of different network-layer characteristics to
each sub-interface• IP routing on one sub-interface• IPX routing on another
– Mitigates difficulties associated with:• Partial meshed Frame Relay networks• Split Horizon protocols
Partial Meshed Networks
Creating Sub-interfacesConfiguration:#1: Set the encapsulation on the serial interface#2: Define the subinterfaceRouterA(config)#int s0RouterA(config)#encapsulation frame-relayRouterA(config)#int s0.? <0-4294967295> Serial interface numberRouterA(config)#int s0.16 ? multipoint Treat as a multipoint link point-to-point Treat as a point-to-point link
Mapping Frame Relay
Necessary to IP end devices to communicate– Addresses must be mapped to the DLCIs– Methods:
• Frame Relay map command• Inverse-arp function
Using the map commandRouterA(config)#int s0RouterA(config-if)#encap frameRouterA(config-if)#int s0.16 point-to-pointRouterA(config-if)#no inverse-arpRouterA(config-if)#ip address 172.16.30.1 255.255.255.0RouterA(config-if)#frame-relay map ip 172.16.30.17 16 ietf broadcastRouterA(config-if)#frame-relay map ip 172.16.30.18 17 broadcastRouterA(config-if)#frame-relay map ip 172.16.30.19 18
Using the inverse arp commandRouterA(config)#int s0.16 point-to-point RouterA(config-if)#encap frame-relay ietfRouterA(config-if)#ip address 172.16.30.1 255.255.255.0
Congestion Control• Discard Eligibility (DE)• Forward-Explicit Congestion Notification (FECN)• Backward-Explicit Congestion Notification (BECN)
Committed Information Rate (CIR)• Definition: Provision allowing customers to purchase amounts of bandwidth
lower than what they might need– Cost savings– Good for bursty traffic– Not good for constant amounts of data transmission
Monitoring Frame RelayRouterA>sho frame ? ip show frame relay IP statistics lmi show frame relay lmi statistics map Frame-Relay map table pvc show frame relay pvc statistics route show frame relay route traffic Frame-Relay protocol statistics
RouterA#sho int s0RouterB#show frame mapRouter#debug frame-relay lmi
Troubleshooting Frame Relay
Why can’t RouterA talk to RouterB?
Troubleshooting Frame Relay
Why is RIP not sent across the PVC?
Introduction to VPN’s• VPNs are used daily to give remote users and disjointed networks
connectivity over a public medium like the Internet instead of using more expensive permanent means.
Types of VPN’s• REMOTE ACCESS VPNS
Remote access VPNs allow remote users like telecommuters to securely access the corporate network wherever and whenever they need to.• SITE-TO-SITE VPNS
Site-to-site VPNs, or, intranet VPNs, allow a company to connect its remote sites to the corporate backbone securely over a public medium like the Internet instead of requiring more expensive WAN connections like Frame Relay.• EXTRANET VPNS
Extranet VPNs allow an organization’s suppliers, partners, and customers to be connected to the corporate network in a limited way for business-to-business (B2B) communications.