2013 FINAL DOCOMENTATION PROFESSOR RANDY GRAVE IZZAT ULLAH ( R01559486) 12/12/2013 COURSE CODE 441 Table of Contents 1. NETWORK DIAGRAM ....................................................................................................................... 3 2. IOS COMMANDS .............................................................................................................................. 4 3. SHOW COMMANDS ....................................................................................................................... 10 4. CABLE ............................................................................................................................................. 13 ETHERNET STRAIGHT THROUGHCABLE ..................................................................................... 13 Rollover cable............................................................................................................................. 14 Crossover cable discussion ........................................................................................................ 15 5. IP Version 4 IP Addressing ............................................................................................................. 16 DISTINGUISH B/T IP NETWOR/HOST ADDRESS ........................................................................ 17 6. ROUTING PROTOCOLS ................................................................................................................... 20 WHY WE USE THE ROUTING PROTOCOL ................................................................................... 20 7. Static Route. ................................................................................................................................... 22 Configuration Static Routing ...................................................................................................... 22 Stub network.............................................................................................................................. 23 8. DYNAMIC PROTOCOL VERSES STATIC ROUTE ................................................................................ 24 9. Private range and DNS SERVER ...................................................................................................... 25 10. IPCONFIG........................................................................................................................................ 26 11. DNS server discussion about url .................................................................................................... 27 12. THE FOUR COMPONENT / BOOT PROCESS .................................................................................... 29 13. Securing A router (Telnet, Privilege, CONSOL, AUX)...................................................................... 31 14. SUBNETTING AND VLSM ................................................................................................................ 33 VLSM .......................................................................................................................................... 34 EMPLIMENTATION OF VLSM...................................................................................................... 36 15. DISTANCE/VECTOR......................................................................................................................... 43 16. ADVANCE DISTANCE/VECTOR ........................................................................................................ 45 17. DISTANCE VECTOR PROTOCOLS VERSES LINK-STATE PROTOCOLS ................................................ 45 18. FULL TABLE FOR ROUTING PROTOCOL .......................................................................................... 46 19. ARP ................................................................................................................................................. 47 ADDRESS LEARNED ................................................................................................................ 50 FILTER/ FORWORD ................................................................................................................. 50 1 20. BEFORE STP .................................................................................................... 53 21. Problems ........................................................................................................................................ 53 22. STP PROTOCOL ............................................................................................................................... 54 ROOT BRIGES ............................................................................................................................. 54 Root bridge election process ..................................................................................................... 54 port states .................................................................................................................................. 57 23. TFTP STEPS ..................................................................................................................................... 58 24. VLANS ............................................................................................................................................. 60 25. Trucking.......................................................................................................................................... 61 26. INTER-VLAN ROUTING ................................................................................................................... 62 27. EIGRP .............................................................................................................................................. 65 28. OSPF ............................................................................................................................................... 65 OSPF Process: ............................................................................................................................. 66 29. Access Control Lists ........................................................................................................................ 67 30. NAT................................................................................................................................................. 68 31. CDP................................................................................................................................................. 69 32. VTP ................................................................................................................................................. 70 33. 7 LAYER OF OSI MODEL .................................................................................................................. 70 Data-Link Layer (OSI Layer 2) ............................................................................................ 72 TRANSPORT LAYER OF OSI MODEL ............................................................................................ 72 2 NETWORK DIAGRAM 12345- Draw network diagram Identify router interfaces Label networks Assign networks a IP network address with a subnet mask Assign every router interface an IP host address. 3 IOS COMMANDS Would you like dialog….? I got to know the mode Mode prompt ios command Setup User Woud you like Router greater then sighn Router> Router pound sign Router# Ctrl plus c Enable enter Privilege Configure terminal Host name usa one word Global config terminal Router left parenthesis configure right parenthsis pound sign Router(configure)# 4 Usa left parenthsis config dash if right parenthsis pound sign Usa (config-if)# Interface fast ethernet 0/0 enter Interface Usa left parenthsis config dash if right parenthsis pound sign Usa (config-if)# Ip address 201.201.201.1 255.255.255.0 enter Interface Usa left parenthsis config dash if right parenthsis pound sign Usa (config-if)# Interface Privilege Current configuration : 813 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname izzat ! ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! ! ! ! ! ! --More-- Usa(config-if)# Usa# interface FastEthernet0/0 ip address 207.207.207.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 201.201.201.1 255.255.255.0 duplex auto speed auto ! interface Serial0/0/0 ip address 202.202.202.1 255.255.255.0 clock rate 64000 ! interface Serial0/0/1 nterface Serial0/0/1 no ip address clock rate 2000000 shutdown ! interface Vlan1 no ip address shutdown Usa# No shutdown one word enter To negate the condition to shut down the router interfaces by default Ctrl+z Show running-config ip classless ! ! ! ! ! ! ! line con 0 line vty 0 4 password 7 082B4D400B18071200 login ! ! ! end Global config terminal Privilege usa# Show controller serial 0/0/0 5 Interface Serial0/0/0 Hardware is PowerQUICC MPC860 DCE V.35, clock rate 64000 idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38) CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0 Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608 buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables privilege Usa# Global config terminal Usa(config)# Interface Usa(config-if)# interface Usa(config-if)# Config t Interface serial 0/0/0 Cock rate 64000 Ctrl+z 6 Privilege Usa#show ip interface brief Interface IP-Address Use# OK? Method Status Show ip interface brief Protocol FastEthernet0/0 207.207.207.1 YES manual up up FastEthernet0/1 201.201.201.1 YES manual up up Serial0/0/0 202.202.202.1 YES manual up Serial0/0/1 unassigned Vlan1 unassigned up YES unset administratively down down YES unset administratively down down privilege Usa# Global configure terminal Usa(config)# router Usa(cofig-router)# router Usa(cofig-router)# router Usa(cofig-router)# privilege Usa# odes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Config t Router rip Network 201.201.201.0 Network 202.202.202.0 Network 207.207.207.0 Show ip rout Gateway of last resort is not set C C R R R R C R 201.201.201.0/24 is directly connected, FastEthernet0/1 202.202.202.0/24 is directly connected, Serial0/0/0 203.203.203.0/24 [120/1] via 202.202.202.2, 00:00:05, Serial0/0/0 204.204.204.0/24 [120/1] via 202.202.202.2, 00:00:05, Serial0/0/0 205.205.205.0/24 [120/2] via 202.202.202.2, 00:00:05, Serial0/0/0 206.206.206.0/24 [120/2] via 202.202.202.2, 00:00:05, Serial0/0/0 207.207.207.0/24 is directly connected, FastEthernet0/0 208.208.208.0/24 [120/1] via 202.202.202.2, 00:00:05, Serial0/0/0 Password set to Vty (Virtual Teletype-TELNET) Router>enable Router#configuration terminal Router(config)#line vty 0 4 (In Router 0-15) Router(config-line)#password ***** Router(config-line)#login 7 2. SECRET PASSWORD Router>enable Router#configuration terminal Router(config)#enable secret …………………… Question you keeping doing asking the question that How we have to use the ip network address why I am using that THE answer Is now I have to make use of ip network address . router interface assign by ip host address ok what a router do rout they have a table that they use what do you whats the name of that table which is used for the router the answer is routing table here you go that’s a good one make sense what do you think is tipically found in the routing table ip network address (router rout ipnetwork adress) some ofthose ip network this router is directly connected and some of those ip network adress is not directly connected question the usa router is directly connected to how many ip networks ? answer how many ip network do you see 6 6 7 again when some body talking to you and you get nerves n1,n2,n3,n4,n5,n6,n7 ok lesson all right comman, yes help me out because when I cauhg you loose don’t call me back there because you couldnot do step by step because I don’t do that this is not high school this is a high school program they teach this in high school you understand at high school ,high school kid getting this you got a step it up iam not saying that its not challenging its still challenging but they doing and you got a step it up how many ip network brazil directly connected three outer usa brazil chania are conecnet but not directly fallow if you not following then you not following the discussion brazil is directly connected to the three ip network n2,n3,n1 I would have to configure the router according to this network diagram when I complete that then brazil router have his routing table like c is directly connected to what ip network then it will show the interface that you would go out of that router to get the ip network what interface c means directly connected if I say show ip rout what show ip rout whats that is the ios command that’s whats you suppose to say router do what rout what they do rout ip rout ip pakets what they use to rout ip pakets a routing table s router rout ip pakets using a routingtable type a command show ip rout then you will see the contents of the routing table 8 Brazil# show running-config enter Brazil# show controller serial 0/0 enter in order to make physical connection then we have to use this command it will determine the end of the serial cable that’s connected to the brazil router interface serial 0/0 DCE AND DTE so I am only concerning about the DCE because I have to set up the clock Suppose I write the ios command and it display me the end is DCE then I will circle that dce end of the serial cable connected to the Brazil router interface 0/0 I am making what physical connection I have to detect which end of the cable is the what DCE And Suppose I type the ios command show controller serial 0/0 and hit enter so I am looking for the dce that’s the focus if I see the DTE so I know the other end of the cable is DCE I should what circle it and set the clock for so the person know they are responsible for setting the clock rate Keep as simple dce c for clock rate Brazil # configure terminal enter after that I am where at brazil # sign for to set the clock rate but I really want a what configure the clock rate so what should I type in so I want what configure terminal and hit enter no no you got a say you configure a terminal in general its router but particular its clock rate you should say configure terminal they sound say what router Brazil (config)# interface serial 0/0 enter Brazil (config-if)# clock rate 64000 no comma enter 9 Brazil (config-if)# Ctrl plus z enter It will take me back to the privilege mode How I have to look at the content of the routing table Brazil# show ip internet Brief enter When I type show ip internet Brief So I am looking for to conform the physical connection that will determine the connection is down down or up up SHOW COMMANDS Four show command show running-cofig Show controller serial 0/0 Show ip internet brief For to conformation of configured router Physical connection that detecting which end of the serial cable (dce or dte ) is connected to that router interface of that router for to conform the physical connection that will be down down or up up it will give me the summery of the status of all my router interfaces that I am using or not Four Cables Ethernet straight through cable Rollover cable Serial cable Cross cable Show ip rout use for the content of the routing table Brazil# show ip route enter up up on all my what router interfaces that I am using and once I have up up on all my what interface I wana look now iam prepare to look at the contents of the routing table Brazil# show ip rout When I type show ip rout it will give me the summery of the status of all my router what interfaces and iam looking for all router interfaces that I configure to be what up up C 202.202.202.0/24 is directly connected serial s0/0 C 203.203.203.0/24 is directly connected to fast Ethernet 0/0 C 204.204.204.0/24 is directly connected to fast Ethernet 0/1 10 Where we use the rollover cable I am gona take my pc and I am gona use a what rollover cable and I am connected to a what console port of the router it does not connect to net card my net card will connect to a what Ethernet switch using the Ethernet straight through cable What we have done up to now When I type show ip rout what we saw that routing table but what we did not see that all the networks which are not directly connected to a router that I configured While I am going to teach you now, how configure a routing what protocols which is gona populate the routing what table with what ip network so the ios command is rip I am configuring a what routing protocol so I wana use it what call rip it will do put entry’s in my what routing table of networks of this router is what which is not directly connected to the router (the routing protocols that I wana use is what rip the ios command is what router the specific routing protocols is what rip) 2.24 THE ONLY OTHER COMMAND that configure the routing protocol like rip is a network statement so I am going say what network when I router rip and then press enter then I see what different prompt pouter(config-router)# because I am in the different mode which we call router configuration mode because I am configuring what a routing protocol rip Three network is directly connected to that xrouter so how many network statement do I need three I gone be advertising the ip network of this router is directly connected to this router So all the router will exchange the routing information If you advertise the your ip network addresses so will be able to reach conversion because you telling rip to advertise the entries in your what roistering table to other router R represent what rip Rip told me (xxxrouter) how to get that ip network n6 VI (who told you) I heard about from the router interface on the other side from this ip host address (at the who I heard it from is what interface on that router from where I go out to get network 1) [120/2] where is the matrix which represent the least number of the hub away from that particular ip network hub is distance between router where 120 is always verifies rip the administrative distance So the vi will be 11 Brazi# configure terminal enter Brazil(config)# router rip enter ( rip told me how to get 201.201.201.0) Brazil(config-router)# network 202.202.202.0 enter Brazil(config-router)# network 203.203.203.0 enter Brazil(config-router)# network 204.204.204.0 enter 12 Brazil(config-router)# ctrl-z Brazil# space show ip route Rip will told me(router)who to get what CABLE 1. 2. 3. 4. Rollover cable Ethernet straight though cable Cross cable Serial cable ETHERNET STRAIGHT THROUGHCABLE Lan technology Ethernet straight through cable its call Ethernet straight through cable because the colored wire runs straight through have 8 wire it used to the net card of the pc and the switch The two port on the right side are use to connect the switches 13 Rollover cable Rollover cable have 8 color wire Rj-45 clip at the ends color goes rollover to the one end what’s that mean in English the colors goes role over where we use rollover cable we use the rollover cable to the com port of pc and the console ports if we do not have the Rollover cable and we have the straight through cable so we can make rollover cable using straight through cut the one end of the straight through cable that connected with the rj-45 clip and then rollover the color reconnect to the rj-45 mean the wire connected to pin 1 of RJ-45 clip goes to the other pin 8 of Rj-45 clip W0 represent serial 0/0 W1 represent 0/1 14 Crossover cable discussion 1 where we use and why use between like devices this is a genral statement which is implacable to what that fit to switches 2 its ack like a what TO INVERT THE SIGNAL Cross over cable b/t Router and pc making conflict to the general statement so what is the answer The answer is when a one net card is transmitting what will be the other net card does it will receiving so I am going to transmit my ping which is the echo request should be receiving what echo request Switching is responsible for to crossover the signal If I do not have a switch so I will use the crossover cable in order cross over the transmitted signal 4:30 redo it very conceptual Cross over cable is used in between like devices why we need a switch to connect a switch because we run out of what port so that’s why we connect more switch by using the crossover cable Cross over cable is like a switch switching is layer 2 If we say layer 2 so got a say that has a Ethernet technology and then we say its LLC or MAC it would one of the two sub-layer of the data-link layer so we think about switching 1. If say about layer 2 we think about switching 2. If say about layer 3 we think about routing If we routing we think about switching which is layer 2 the discussion really router we know ip reside there and we know because tcp reside the layer 4 This a box which has a router and has a switch so this is a box which does rout and switch the ip packet so this is a layer 3 switch which can route . If we make the the crossover cable the how we can check 15 I will connect the crossover cable b/t pc or can say pc to pc so I will assume the green light on the netcard on the pc if the green light is blinking then I will be assume that the cable is right but If I saw any deviation then will put the cable in the side 4,5,7and8 are not use IP Version 4 IP Addressing 16 DISTINGUISH B/T IP NETWOR/HOST ADDRESS 17 18 Blue print of ip version 4 ip address 23.47.242.97 19 Its ip version 4 ip address I know because it’s written in the dotted decimal notation for example x.x.x.x it missing the subnet mask To assign the subnet mask we will apply the first octet rule which stats that you look at the decimal value of the first octet if it is falls within the range of class A, B OR C if the subnet mask is not given then assign default subnet mask of that particular class to the ip address so the decimal value of the first octet of the given ip address is 23 which is fall within the range of 0-120 but outside the private range 10.x.x.x where x is 0-255. Therefore given ip address is class A public range ip address default subnet mask for class A is 255.0.0.0 to determine given ip address is IPNETWORK ADRESS or IPHOST ADDRESS to do that I have to apply subnet mask to the given ip address how I do that Draw aline where the on bits of subnet mask ends in this case we will draw line first octet 8 bit in on bits of subnet mask in between first and 2nd octet After firs octet to the lift of the line is 8 network bits while to the right of the line is 24 host bits Class A public range ip host address Ip address Subnet mask 23. 47.242.97 255. 0 . 0 .0 N Ip network address H ip host address I will ask a question to self is all the host bits are 0 so for in this case no Therefore the given ip address is class A public range ip host address ROUTING PROTOCOLS WHY WE USE THE ROUTING PROTOCOL ROUTING PROTOCOLS ALLOW YOU TO RECAH CONVERTION ABOUT THE IP NETWORK WHICH IS NOT DIRECTLY CONNECTED The alternative of the routing protocols is what static route We can use the routing protocol we can use the static route which is alternative to the routing protocol or we can use the combination of the both Administrative Distances. 20 The Administrative Distance (AD) is used to rate the trustworthiness of routing information Received on a router from a neighbor router. An Administrative Distance is an integer from 0 to 255, where 0 is the most trusted and 255 means no traffic will be passed via this route. Hop count The number of routing devices that the packet must travel to reach a destination network Bandwidth The cumulative bandwidth of the links to the destination in kilobits per second Delay The length of time (measured in microseconds) a packet takes from source to destination The consistency of the links and paths toward the destination based on error rates of the interfaces The cumulative amount of congestion or saturation of the links toward the Destination Reliability Load MTU The maximum frame size that is allowed to traverse the links to the destination Cost Administrative distance is measure of trustworthiness of routing protocol the grater the ad the lower will be the trustworthiness routing protocol An arbitrary number typically based on the bandwidth of the link ROUTING Protocols A-D METRIC 1 RIP VERSSION 1 120 LEAST NO# OF HOPS 2 RIP VERSSION 2 120 LEAST NO# OF HOPS CLASSFULL CLASSL ESS Class full don’t send subnets mask information out of router interfaces Hops is the distance b/t two router ROUTING INFORMATION PROTOCOLS Cisco proprietary routing protocols no longer support 3 IGRP 100 “Metric is how it goes about picking the best rout” BDRL property of cisco bandwidth delay reliability load ENHANCE INTERIOR Cisco proprietary routing protocols enhance version of igrp 1 4 EIGRP GATEWAY ROUTING PRROTOCOLE 90 BDRL 110 COST 115 COST for cisco and non cisco 5 OSPF equipment Measure of metrics to identify which routes are optimal to reach a destination network OPEN SHORTEST PATH FIRST 6 IS – IS 1 EIGRP AND IGRP IS A cisco propriety ROUTING protocol because it’s the cisco property 21 1700A(config)#router rip 1700A(config-router)#version 2 1700A(config-router)#network 192.168.1.4 1700A(config-router)#network 192.168.1.16 1700A(config)#exit 1700A#show ip interface brief 1700A# show ip protocol Static Route. The alternative of the routing protocols is what static route We can use the routing protocol we can use the static route which is alternative to the routing protocol or we can use the combination of the both Configuration Static Routing Router(config)#ip route Destination_network Mask Next-Hop_Address (or) Router(config)#ip route Destination_network Mask Exit or outgoing interface ip route : The command used to create the static route. destination_network : The network you’re placing in the routing table. mask : The subnet mask being used on the network. next-hop_address : The address of the next-hop router Exitinterface : You can use it in place of the next-hop address administrative_distance : By default, static routes have an administrative distance of 1 Configuration Default Routing Router(config)#ip route 0.0.0.0 0.0.0.0 Next-Hop_Address for a stub net work Router(config)#ip route 0.0.0.0 0.0.0.0 Exit interface Router(config)#ip default-network ? 22 D THERE IS MI SSSEE IN THE ROUTIN TABLE IS NO SERIAL OR INTERFACE There is another way to configuring static route the think is this is not the best way to configure if I have 99 what network so what happen the main reason is too many processing cycles cup’s executing instruction in a what ios looking in the what ip packets –looking in the table -------------apply the subnet mask to pull out the ip host address and look for the ip network address match looking for the ip address and find the ip host address which from the statement the next hops 1. Apply the subnet mask 2. Looking for I will find a router interface on that router to send the ip packets out of to get to the network 1 Stub network Stub network the router which qualifies the stub network the stub network is one way in and one way out if the router qualifies as the we do not need the static rout which is 0.0.0.0 0.0.0.0 next hop ip host address The second router we can apply all zero static rout because it does not qualifies the stub network unidirectional means I am telling ip packets how to get in I have no control on how gona its back I am depending on the other what router to be configure not to necessarily get me back but to point out the network is not directly connected which will help me get back 23 DYNAMIC PROTOCOL VERSES STATIC ROUTE if we configure static rout the R gona be replace with S but why because the the administrative of static rout is 1 that is lower than the administrative distance of rip rout which is 120 the metric of the static rout is (directly connected to metric is zero) Routing protocols are different static route Suppose if this link is broken I have static rout from izzat if this link is broken is this will be in the routing table no it will goes away from the routing table Routing protocols are what dynamic in that case it will send the update to the router that I am no longer directly connected and eventually the entry has a network 1 expired In both case if it is static rout or dynamic it will goes away from the routing table but the difference is the routing protocol will tell to the other router that network 1 is no longer directly connected immediately while in case of static rout the other router will send information to the network What happen to the ip packet that the other router send to the network1 it will what flip around the sip and dip for the rest of life echo request echo reply Have ever went to the post office what is in the post office what is over there envelop SIP 203.203.203.2 DIP 207.207.207.2 And we use the envelop for a what for a letter in this case the envelop is what ip packet what goes in that ip packet it’s a ping what is on the outside of the envelop mailing address and returning address But the ip packet have what SIP (as a returning address) and DIP (as mailing address) nad what contain in it ping if you go internet it contain HTTP which gona help you to a webpage different things going in ip packets depending what you doing (the entry c in the content of routing table which represent the link status is directly connected to the USA router iff the link is down it will be no longer up-up link status and the entry c(which is directly connected for networkxxxx) will goes right away from the content of routing table ) 2/27/13 24 Private range and DNS SERVER why I am learnig the private range while I know the the range of class a b,c of ip version 4 ip addressing because it extend DNS the life of the ip version 4 they indroduce WWW.YAHOO.COM 202.202.202.3 the the private range of class a class b WWW.GOOGLE.COM class c WWW.MAIL.COM We know the range of class a b or c Woul you realize the yahoo has You type in the browser www.yahoo.com which is the url show the website on webserver (the internet is driven by what a protocol which is made of TCP/IP so everything the TCP/IP base network is assign what unique IP host address in my mind how I have to get in that particular website on webserver every url has associated a unique ip host address people don’t remember the the ip host address which reside on the DNS server the DNS application is running on the server call DNS server just like a website we call that webserver and email to a server call what email server 17 YEAR old kid bought this url . how the 17 year old buy url ? he buy because he know that the ibm gona need that url 17 year old kid had knowledge of internet he bought a what a large organizational URL Public ip host address what’s public mean that can be viewed by any body in the world but privately owned What’s the public range in the class A there is a private range in CLASS A the range of the CLASS A is 0 to 127 where o and 127 is reserved within that range there is a private range that is 10.0.0.0 t0 10.x.x.x where x is 255 outside the private rang is the public range of class A Now the pubic range is only experience on the internet That mean if I get a public ip network range of class what A OR B OR C because all these classes can’t be on internet but its public range with that classes that will be found on the internet Public mean everybody in the can what see this is URL but this is not url so much is the public ip what host address that assign to webserver that associated to url got it what I am saying is public ip but privately owned but if I am here I am using the private ip private range to address my network but which private range you want use to address the network Internet is made up of the of class A, B or C of public ip host address 25 IBM went to an agency and purchase what public ip network address class A B OR C from which they assign unique public ip host address telnet why I am configuring a router to support telnet to access to the remote router or to telnet in to the router in order to configure my router for remote location I mean to configure a router telnet IPCONFIG IS THE COMMAND THAT WILL THREE PIECES INFORMATION 1. IP ADRESS 2. SUBNET MASK 3. DEFAULT GATEWAY This is the dos command on pc ipconfig and this command will give three pieces of information about that pc related to TCP/IP Whats the three pieces of information every pc should have within the TCP/IP base NETWORK it will be 26 3/06/13 DNS server discussion about url Cloud which taking you to a Webserver what’s the next thing you see on the internet that’s the email server if I say a server think two server the first one is the webserver and the second one is the email server you know the web server yes it’s a power full what pc that has a web application that advertise the companies prompt yahoo has a web what web server IBM has a web what web server cisco has a web what webserver if you work for cisco they have a email server so you can send email to other employee email you understand that you think server you think a powerful pc one is design to host the website while the other one is design for email every email or url has associated with the unique ip host address somewhere on the email sever there is a mail box that have @what e.g farmingdale.edu which must have to be translate to the ip host address that really assign to the what email server which distinguish you from everybody else mail box on that email server www.google.com what is this? This is url where you found we found url on the internet on internet there is specific what website I said internet because internet is driven by tcp/ip that mean what is on the internet that is assigns a what ip host address particularly a what public ip host address here is a what url If I buy the url that’s mean I go purchase a what public class A, B or C IP network address so i can take ip host address from that ip network address and assign to my what web server latter you purchase a what url for your company then tell a an agency that I want this one to be associated with this what public class A, B OR C ip host address this public ip assign to what web server but associated to the url what DNS is where I register my URL 27 what is ip config that’s mean show me the ip host address that associated to my pc subnet mask and the default gateway what is the default gateway it’s the ip host address assign to router interface when we type in the url in the web browser then what happen the pc have the knowledge how to get in the DNS server what is in the DNS server the DNS application which will check the registered URL and looking for DNS file for the match and it should find the match on the URL once it find a match that particular url associated to that url would be a what public class A,B or c ip host address it gona be returned that public class A,B or c ip host address to the pc that type in the url it gona put that public class A,B or c ip host address in ip packet particularly in which field of ip packet DIP field and pc will send the ip packet to the what router the router will look in the ip packet in the what DIP field so the a subnet mask is assign to this public ip host address in a manner that will pull out the ip network address its belongs to so you can send the message in the routing table in the router will what route what is in the SIP source ip host address of that pc is gona be in the sip while the dip gona be the the public ip host address that associated to URL in the DNS file on the DNS server DNS DNS APPLICATION WWW WWW PC HAS THE KNOWLEDGE HOW TO GET IN THE DNS SERVER IP PACKET SIP DIP 67.23.242.97 IP PACKET SIP DIP 67.23.242.97 ROUTER IP PACKET DIP 67.23.242.97 255.0.0.0 Reside 67.0.0.0.0 URL DNS FILE 67.23.242.97 X.X.X.X IP ADRESS ASSOCIATED TO URL ROTER WILL LOOK IN THE DIP FIELD OF THE IP PACKET SIP PULL OUT THE NETWORK ADDRESS 28 THE FOUR COMPONENT / BOOT PROCESS 4 Once the IOS load in the RAM Boot start program store in the rom ROM RAM IOS FLASH NVRAM 5 then boot start up program will locate configuration from the NVRAM POST 1 After the post verifies the hardware test is ok 2 then it will look for the io s in the flash 3 if it found the ios then it will load the ios in the RAM Two possibilities 1 if the startup configuration is not exist then 2 if there is no startup configuration in the NVRAM Device will try to locate the TFTP server Also the TFTP server is not found Configuration will load from the TFTP server on the network Then the device will display 29 30 Securing A router (Telnet, Privilege, CONSOL, AUX) Telnet Password set to Vty (Virtual Teletype-TELNET) Router>enable Router#configuration terminal Router(config)#line vty 0 4 (In Router 0-15) Router(config-line)#password ***** Router(config-line)#login where I am in the usa router what I wana do to telnet in to the brazil router that mean I am gona type in an ip what host address that’s assign to any of the Brazilian router interface and what promp it will be usa # ip host address when I do that I don’t say that telnet why because the router what assume that’s what I wana do telnet the difference is you are in the dos prompt of a pc connecting to USA router so I am in a dos prompt I am not in the cisco router I am in the pc particularly I am in the Microsoft and what’s basically running on this PC is Microsoft if I wana telnet in to the Brazilian router from the USA trough pc I must say what telnet follow by the ip host address that is assign to the any brazial router interface the thing I wana make the difference between cisco and what Microsoft if I in the Microsoft which mean that I am in the dos prompt I must say what telnet the Microsoft doesn’t assume that it gona be telnet but if we are in the privilege mode of the cisco router we do not have to say telnet we will just type in the ip host address so far in the both case we will the same ip host address that assign to the router interface 31 I am to configure the Brazilian route to support what telnet so I came back to the usa router and type in ip host address that belongs to the any of the brazilin router interface and press enter usa# 203.203.203.1 Password router Telnet password After press enter what I gona see know Brazil greater then sign and know what would we type in en Brazil>en Error message Error Password is required but non set If I telnet in it’s a security feature built in to the cisco router even know I configure this router to support what telnet and even know I telnet in type in ip host address that belongs to one of the router interface and it display what telnet password which is router type in the telnet password which is telnet hit enter I will see the brazil> but I want to configure terminal press en for enable the router it’s a feature of telnet that is one thing to telnet in and another thing to go from user mode to what privilege mode because I need an extra layer of protection will see the error message why we getting the error message Feature of telnet 1. One thing is to telnet in. 2. Another thing to go from user mode to privilege mode. Privilege password enable secret is 2. SECRET PASSWORD Ios command Router>enable Router#configuration terminal Router(config)#enable secret cisco Privilege password Enable secret is the ios command to configure the privilege password on the router if I am telneting from the pc then I have to use the command telnet I want to configure this router (x.x.x.x) support the telnet 202.202.202.2 203.203.203.1 204.204.204.1 208.208.208.1 In order to configure telnet we can choose any ip host address that assign to the router interfaces 32 Configure the router to support telnet telnet in type in telnet password Brazil> enable password required but non set SUBNETTING AND VLSM Bit notation or abbreviation 128 64 32 16 128 192 224 240 0 1 0.0.0.0 128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0 248.0.0.0 252.0.0.0 254.0.0.0 255.0.0.0 8 248 4 252 2 254 1 255 255 254 0000-0000. 0000-0000. 0000-0000. 0000-0000=/0 1000-0000. 0000-0000. 0000-0000. 0000-0000=/1 1100-0000. 0000-0000. 0000-0000. 0000-0000=/2 1110-0000. 0000-0000. 0000-0000. 0000-0000=/3 1111-0000. 0000-0000. 0000-0000. 0000-0000=/4 1111-1000. 0000-0000. 0000-0000. 0000-0000=/5 1111-1100. 0000-0000. 0000-0000. 0000-0000=/6 1111-1110. 0000-0000. 0000-0000. 0000-0000=/7 1111-1111. 0000-0000. 0000-0000. 0000-0000=/8 255.128.0.0 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 1111-1111. 1000-0000. 0000-0000. 0000-0000=/9 1111-1111. 1100-0000. 0000-0000. 0000-0000=/10 1111-1111. 1110-0000. 0000-0000. 0000-0000=/11 1111-1111. 1111-0000. 0000-0000. 0000-0000=/12 1111-1111. 1111-1100. 0000-0000. 0000-0000=/13 1111-1111. 1111-1100. 0000-0000. 0000-0000=/14 1111-1111. 1111-1110. 0000-0000. 0000-0000=/15 1111-1111. 1111-1111. 0000-0000. 0000-0000=/16 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.148.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.148 255.255.255.252 255.255.255.254 1111-1111. 1111-1111. 1000-0000. 0000-0000=/17 1111-1111. 1111-1111. 1100-0000. 0000-0000=/18 1111-1111. 1111-1111. 1110-0000. 0000-0000=/19 1111-1111. 1111-1111. 1111-0000. 0000-0000=/20 1111-1111. 1111-1111. 1111-1000. 0000-0000=/21 1111-1111. 1111-1111. 1111-1100. 0000-0000=/22 1111-1111. 1111-1111. 1111-1110. 0000-0000=/23 1111-1111. 1111-1111. 1111.1111 0000-0000=/24 0 and 255 can’t be use 0 is network id While 255 is broad cast 1-8 1 9-16 2 17-24 3 25-32 4 128 192 224 240 248 252 254 255 1 1 2 3 4 5 6 7 8 2 9 10 11 12 13 14 15 16 3 17 18 19 20 21 22 23 24 4 25 26 27 28 29 30 31 32 1111-1111. 1111-1111. 1111-1111. 1000-0000. =/25 1111-1111. 1111-1111. 1111-1111. 1100-0000. =/26 1111-1111. 1111-1111. 1111-1111. 1110-0000. =/27 1111-1111. 1111-1111. 1111-1111. 1111-0000. =/28 1111-1111. 1111-1111. 1111-1111. 1111-1000. =/29 1111-1111. 1111-1111. 1111-1111. 1111-1100. =/30 1111-1111. 1111-1111. 1111-1111. 1111-1110. =/31 33 255.255.255.255 1111-1111. 1111-1111. 1111-1111. 1111.1111 =/32 VLSM 34 35 echnical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 04:52 by pt_team Press RETURN to get started! %LINK-5-CHANGED: Interface Vlan1, changed state to up %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down %SYS-5-CONFIG_I: Configured from console by console EMPLIMENTATION OF VLSM Router>enable Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname P0D3C P0D3C(config)#vty line 0 4 ^ % Invalid input detected at '^' marker. P0D3C(config)#line vty 0 4 P0D3C(config-line)#password password P0D3C(config-line)#login P0D3C(config-line)#line con 0 P0D3C(config-line)#password password P0D3C(config-line)#login P0D3C(config-line)#exit P0D3C(config)#enable secret password P0D3C(config)#login % Incomplete command. P0D3C(config)#interface fastethernet 0/0 P0D3C(config-if)#ip address 201.201.201.145 255.255.255.240 P0D3C(config-if)#no shut 36 %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up P0D3C(config-if)# P0D3C(config-if)#interface serial 0/0/1 P0D3C(config-if)#ip address 201.201.201.218 255.255.255.252 P0D3C(config-if)#no shut %LINK-5-CHANGED: Interface Serial0/0/1, changed state to up P0D3C(config-if)#exit P0D3C(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up P0D3C(config)#router rip P0D3C(config-router)#network 201.201.201.216 P0D3C(config-router)#network 201.201.201.114 P0D3C(config-router)#verssion 2 ^ % Invalid input detected at '^' marker. P0D3C(config-router)#version 2 P0D3C(config-router)#^Z P0D3C# %SYS-5-CONFIG_I: Configured from console by console P0D3C#show ip rout Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set R R R R R 201.201.201.0/24 is variably subnetted, 17 subnets, 2 masks 201.201.201.16/28 [120/8] via 201.201.201.217, 00:00:09, Serial0/0/1 201.201.201.32/28 [120/7] via 201.201.201.217, 00:00:09, Serial0/0/1 201.201.201.48/28 [120/6] via 201.201.201.217, 00:00:09, Serial0/0/1 201.201.201.64/28 [120/5] via 201.201.201.217, 00:00:09, Serial0/0/1 201.201.201.80/28 [120/4] via 201.201.201.217, 00:00:09, Serial0/0/1 37 R 201.201.201.96/28 [120/3] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.112/28 [120/2] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.128/28 [120/1] via 201.201.201.217, 00:00:09, Serial0/0/1 C 201.201.201.144/28 is directly connected, FastEthernet0/0 R 201.201.201.164/30 [120/7] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.168/30 [120/6] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.180/30 [120/5] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.184/30 [120/4] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.196/30 [120/3] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.200/30 [120/2] via 201.201.201.217, 00:00:09, Serial0/0/1 R 201.201.201.212/30 [120/1] via 201.201.201.217, 00:00:09, Serial0/0/1 C 201.201.201.216/30 is directly connected, Serial0/0/1 P0D3C# P0D3C# P0D3C#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 201.201.201.145 YES manual up FastEthernet0/1 unassigned up YES unset administratively down down Serial0/0/0 unassigned YES unset administratively down down Serial0/0/1 201.201.201.218 YES manual up up Vlan1 unassigned YES unset administratively down down P0D3C# P0D3C#show running-config Building configuration... Current configuration : 803 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname P0D3C ! ! ! enable secret 5 $1$mERr$GvDaTJK9lhdXRUPWKA74O0 ! ! 38 ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! interface FastEthernet0/0 ip address 201.201.201.145 255.255.255.240 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Serial0/0/0 no ip address clock rate 2000000 shutdown ! interface Serial0/0/1 ip address 201.201.201.218 255.255.255.252 clock rate 2000000 ! interface Vlan1 no ip address shutdown ! router rip version 2 network 201.201.201.0 ! ip classless 39 ! ! ! no cdp run ! ! ! ! ! line con 0 password password login line vty 0 4 password password login ! ! ! end P0D3C# P0D3C#show controller serial 0/0/1 Interface Serial0/0/1 Hardware is PowerQUICC MPC860 DCE V.35, clock rate 2000000 idb at 0x81081AC4, driver data structure at 0x81084AC0 SCC Registers: General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers: Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000 Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580 Port A [PADIR]=0x1030, [PAPAR]=0xFFFF [PAODR]=0x0010, [PADAT]=0xCBFF Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E [PBODR]=0x00000, [PBDAT]=0x3FFFD Port C [PCDIR]=0x00C, [PCPAR]=0x200 [PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F Receive Ring rmd(68012830): status 9000 length 60C address 3B6DAC4 rmd(68012838): status B000 length 60C address 3B6D444 40 Transmit Ring tmd(680128B0): status 0 length 0 address 0 tmd(680128B8): status 0 length 0 address 0 tmd(680128C0): status 0 length 0 address 0 tmd(680128C8): status 0 length 0 address 0 tmd(680128D0): status 0 length 0 address 0 tmd(680128D8): status 0 length 0 address 0 tmd(680128E0): status 0 length 0 address 0 tmd(680128E8): status 0 length 0 address 0 tmd(680128F0): status 0 length 0 address 0 tmd(680128F8): status 0 length 0 address 0 tmd(68012900): status 0 length 0 address 0 tmd(68012908): status 0 length 0 address 0 tmd(68012910): status 0 length 0 address 0 tmd(68012918): status 0 length 0 address 0 tmd(68012920): status 0 length 0 address 0 tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2) SCC GENERAL PARAMETER RAM (at 0x68013C00) Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18 Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18 Max Rx Buff Len [MRBLR]=1548 Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830 Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0 SCC HDLC PARAMETER RAM (at 0x68013C38) CRC Preset [C_PRES]=0xFFFF, Mask [C_MASK]=0xF0B8 Errors: CRC [CRCEC]=0, Aborts [ABTSC]=0, Discards [DISFC]=0 Nonmatch Addr Cntr [NMARC]=0 Retry Count [RETRC]=0 Max Frame Length [MFLR]=1608 Rx Int Threshold [RFTHR]=0, Frame Cnt [RFCNT]=0 User-defined Address 0000/0000/0000/0000 User-defined Address Mask 0x0000 buffer size 1524 PowerQUICC SCC specific errors: 0 input aborts on receiving flag sequence 0 throttles, 0 enables 0 overruns 41 0 transmitter underruns 0 transmitter CTS losts 0 aborted short frames P0D3C# 0D3C# P0D3C#config t Enter configuration commands, one per line. End with CNTL/Z. P0D3C(config)#interface serial 0/0/1 P0D3C(config-if)#clock rate 64000 42 DISTANCE/VECTOR Juniper Juniper Networks, Inc. is an American manufacturer of networking equipment founded in 1996 In distance vector routing protocols, routes are advertised as vectors of distance and direction The distance metric is usually the router hop The direction is the next-hop router to which the ip packet is forwarded If I have to to California I count have to fallow the road sign that’s way this methord is called as rumor There are different method of routing protocols used to reach conversion one way to reach conversion that is call distance / vector this is call routing by route Distance vector algorithms call for each router to send all or some portion of its routing table only to its neighbors. The table is sent periodically (every 30 or 60 seconds) Which supposed to see this router usa is depend on china router and brazil router well usa router is only depend on china router while china router is depending on brazil router for to get the right routing information so what I am trying to see act analogy for to do if there is a routing protocol that uses distance vector to reaches conversion which is routing by route which mean I usa is depending upon the other router to do what give me proper routing information ( if for any reason the china miss up then I will be miss up behalf of china router but there is two other what method to reach conversion Distance / vector routing protocol RIPV1 RIPV2 IGRP You got a speak in a manner to convince other RIP-2 Basic Concepts Routers using RIP-2 advertise a small amount of simple information about each subnet to their neighbors. Their neighbors in turn advertise the information to their neighbors, and so on, until all routers have learned the information. In fact, it works a lot like how rumors spread in a neighborhood, school, or company. You might be out in the yard, stop to talk to your next-door neighbor, and tell your neighbor the latest gossip. Then, that neighbor sees his other next-door neighbor, and tells them the same bit of gossip—and so on, until everyone in the neighborhood knows the latest gossip. Distance vector protocols work the same way, but hopefully, unlike rumors in a real neighborhood, the rumor has not changed by the time everyone has heard about it. For example, consider what occurs in Figure 20-3. The figure shows RIP-2 advertising a subnet number, mask (shown in prefix notation), and metric to its neighbors. 43 Figure 20-3 Example of How RIP-2 Advertises Routes For the sake of keeping the figure less cluttered, Figure 20-3 only shows how the routers advertise and learn routes for subnet 172.16.3.0/24, even though the routers do advertise about other routes as well. Following the steps in the figure: 1. Router R2 learns a connected route for subnet 172.16.3.0/24. 2. R2 sends a routing update to its neighbors, listing a subnet (172.16.3.0), mask (/24), and a distance, or metric (1 in this case). 3. R3 hears the routing update, and adds a route to its routing table for subnet 172.16.3.0/24,referring to R2 as the next-hop router. 4. Around the same time, R1 also hears the routing update sent directly to R1 by R2. R1 then adds a route to its routing table for subnet 172.16.3.0/24, referring to R2 as the next-hop router. 5. R1 and R3 then send a routing update to each other, for subnet 172.16.3.0/24, metric 2.By the end of this process, both R1 and R3 have heard of two possible routes to reach subnet 172.16.3.0/24—one with metric 1, and one with metric 2. Each router uses its respective lower-metric (metric 1) routes to reach 172.16.3.0. Interestingly, distance vector protocols such as RIP-2 repeat this process continually on a periodic basis. For example, RIP routers send periodic routing updates about every 30 seconds by default. As long as the routers continue to hear the same routes, with the same metrics, the routers’ routing tables do not need to change. However, when something changes, the next routing update will change or simply not occur due to some failure, so the routers will react and converge to use the then-best working routes. Now that you have seen the basics of one routing protocol, the next section explains a wide variety of features of different routing protocols for the sake of comparison. Definition of distance vector the logic behind the behavior of some interior routing protocols, such as RIP. Distance vector routing algorithms call for each router to send its entire routing table in each update, but only to its neighbors. Distance vector routing algorithms can be prone to routing loops but are computationally simpler than link state routing algorithms. 44 ADVANCE DISTANCE/VECTOR There is another method to reach conversion what we call that is advance distance/vector CISCO came with their own protocol and developed their own method of to reach conversion of advance distance / vector so what’s that mean in English a little distance vector and a little link-state but more what distance /vector In the some book they use the word HYBRID if somebody really look the algorithm that it will use these are algorithm and algorithm is code written to make these routing protocols to learn how to reach conversion I am saying the hybrid word will be incorrect the word advance distance /vector method means that more distance/ vector but It still got some features because cisco what proprietary and its running on cisco what routers and……………. and cisco running other companies use what EIGRP There is only one routing protocol (EIGRP) using advance/vector method to reach conversion EIGRP is the only one routing protocol that using advance/vector method to reach conversion (Hybrid routing protocol (distance vector that has link-state protocol characteristics). (Sends partial route updates only when changes occur) EIGRP does not send periodic updates Link state is another method to reach conversion used by Ospf and is-is Link-state routing protocols were developed to address some limitations annof distance vector protocols. When running a link-state routing protocol, routers originate information about themselves (IP addresses), their connected links (number and type of links), and the state of those links (up/down). The information is forwarded to all routers in the network. Each router makes a copy of the information and does not change it. Each router independently calculates the best paths to destinations and maintains a map of the network DISTANCE VECTOR PROTOCOLS VERSES LINK-STATE PROTOCOLS Distance vector protocols send sparse information, typically describing a subnet and a metric for each route. Link-state protocols send much more detailed topology information, describing each router and each link so that every router has a full conceptual picture of the network 45 FULL TABLE FOR ROUTING PROTOCOL ROUTING Protocols A-D METRIC RIP VERSSION 1 120 LEAST NO# OF HOPS RIP VERSSION 2 120 LEAST NO# OF HOPS 100 BDRL CLASSFULL CLASSLESS Distance /vector Advance distance /vector Link state ROUTING INFORMATION PROTOCOLS IGRP property of cisco bandwidth delay reliability load ENHANCE INTERIOR EIGRP2 GATEWAY ROUTING PRROTOCOLE 90 BDRL 110 COST 115 COST Bellman-Ford algorithms for cisco and non cisco OSPF equipment OPEN SHORTEST PATH FIRST IS – IS Intermediate system to Intermediate system Classful routing protocols do not advertise subnet masks in their routing updates Classless routing protocols advertise the subnet mask with each route 2 EIGRP AND IGRP IS A cisco propriety ROUTING protocol because it’s the cisco property 46 ARP (REQUES OR REPLY CAN BE THE EXAMPLE OF BROAD UNI OR MULTI CAST) I KNOW HOST IP ADDRESS BUT I NEDD TO KNOW THE MAC ADRESS MAC address has 6 OCTET and 48 bits are represented in Hexadecimal numbers system for example 0c:A1: 97:51:01:91 MAC addresses are permanent but not unique. Burned-in to the net card address because 48 bit address assigned by the vendor making the nic card. Unicast address a term for a MAC that represents a single LAN interface. Broadcast address an address that means “all devices that reside on this LAN right now.” Multicast address on Ethernet, a multicast address implies some subset of all devices currently on the Ethernet LAN. MAC addresses are MIA (Missing in action) on the WAN it is not present on serial interfaces MAC addresses is only use on the LAN cannot be used on serial On serial interfaces will not have a MAC address because the serial interface do not have the net card because it is a wan technology There is one WAN technology and numerous LAN technology ARP TABLE MAC TABLE SMAC PORT B Fe0/2 ARP TABLE Where the .1, .2 and .3 are ip host address A, B and C are MAC address that are associated to the net card 47 Step no 1 I know your what ip host addresses but I need to know the MAC address if I am here at 201.201.201.2 255.255.255.0 and I want to ping 201.201.201.3 so I am in the dos prompt C:\ >ping 201.201.201.3 hit enter (Question who is pinging who ip host address 201.201.201.2 is pinging ip host address 201.201.201.3) Step no 2 201.201.201.2 Perform a “LOGICAL AND “on the SIP and DIP SIP 201.201.201.2 255.255.255.0 201.201.201.0 DIP 201.201.201.3 255.255.255.0 201.201.201.0 LOGICALAND 201.201.201.1 Is the default gateway After performing logical see the network is same or not 201.201.201.0 = 201.201.201.0 so the equal ip network mean both these are in the same network What I did up to know I pulled out the ip network addresses that the ip host reside it Question what is the dip or sip in this particular case .2 has to perform a what logical and on sip and dip which means that we got a put something in the sip field of ip packet and some has to be go to the dip field of ip packet Question the port .1 is the ip host address that assigned to the router interface but that router connected to the fe0/1 you suppose to know the port on the switch start from fe0/1 while the on the router it start from fe0/0 you must make that distinguish crystal clear so .1 is connecting to which port fe0/1 and .2 is connecting to port of the switch label by fe0/2 and .3 is connected to the port of the switch label by fe0/3 Step no 3 use default gateway yes or no? The answer is no because both the pc are reside in the same ip network pcs do not need default gateway that’s mean pcs do not need router because they are reside in the same network Step no 4 .2 builds 802.3 Ethernet frame instead of ip packet we are talking about the 802.3 Ethernet frame building by .2 what you might picture that inside the pc is osi model but the osi is not really inside the pc the osi model is the blue print educational environment functionality of a network devices and troubleshooting tcp/ip is the life implementation ADDRESSING FIELD D MAC SMAC THE field length is the length of the Ethernet 802.3 frame 48 DMAC 6BYTE C ?? SMAC 6BYTE B LENTH 2BYTE SIP DIP PAYLOAD 201.201.201.2 201.201.201.3 PING FCS What would be in the payload field ping, PING IS echo request echo reply for example if there is email so what would I say not SMTP I will say what 25 which is the well-known port number for SMTP 201.201.201.2 is building a what 201.201.201.3 it doesn’t know the DMAC is it know the SMAC yes it know the SMAC B is in the SMAC field it know the sip and dip how it know the sip and the dip because sip is what pinging dip so 201.201.201.2 goes into the sip field and 201.201.201.3 goes into the dip field Question can I send this frame out yes/no can I send this up to switch? Answer is no because it missing DMAC how gona we get the DMAC Explanation in pc there is a table are called an ARP TABLE so .2 will look at in its the ARP table command use for to show the ARP table arp –a will show the contents of .2 arp table Question how many table you know three table 1. ROUTING TABLE 2. ARP TABLE 3. MAC TABLE(MAC TABLE is only found on switches ) because mac is mia on wan IP HOST TABLE (is use for special situation) So what is in the ARP table I know your ip host address (because I am ping but I cannot send you that ping in my frame until I filled the DMAC) but I need to know the MAC address So .2 got a look at its ARP TABEL it will looking for what entry ip host address if it is find the ip what host address then its gona find the MAC address as well Question if apply the command Arp –a one of the pc above in the diagram then you will see what two entries ip host address and I associated with the MAC address so what might I see if I apply this command in the arp table it gona be an entry with having two field ip host address and it associated to the MAC address .2 will look at the entry .3 in the arp table arp table is what empty I did not have any of entry in my what arp table Step no 5 look in its ARP TABLE .2 will look at the entry .3 in the Arp table Arp table is what empty I did not have any of entry in my what arp table Step no 6 ARP TABLE is empty Empty arp table 49 FIREWAL IT DROPS THE EHCO REQUES AND EHCO REPLAY Step no 7 suspends my 802.3 Ethernet frame .2 (suspend which mean can I send out that 802.3 Ethernet frame can I send it out no b/c of it missing DMAC field I cannot fill in the DMAC field b/c that pc has to look at to arp table and that table doesn’t the ip host address which trying to ping as an entry in the arp table that pc got a send 802.3 Ethernet frame and go get that .3 is associated with MAC address bring it back and put in the DMAC field ) Step no 8 go get the .3 associated to that MAC address DMAC SMAC LENTH SIP DIP PAYLOAD 2BYTE 6BYTE 6BYTE 201.201.201.2 201.201.201.3 PING C B .2 .3 ffff Broad cast 2Hex character per octet 6times2 is 12 f If DMAC field filled with 12 f it make the 802.3 ETHERNET frame as a broadcast Step no 9 FCS 3 FUCTION OF SWITCH 1. ADDRESS LEARNED 2. FILTER/ FORWORD 3. LOOP AVOIDNESS ADDRESS LEARNED first function execute a) Learned the SMAC b) And the port on which it is learned c) PUT IN THE MAC TABLE MAC TABLE SMAC PORT B Fe0/2 Address learned that Switch gona learned the SMAC and the port on which it gona learned and put in table called Mac table FILTER/ FORWORD Now what the switch will do to execute the 2nd function The definition of the 2nd function is “LOOK IN THE D MAC IF IS 12 F (F MEAN FLUD) SEND A COPY OF THE FRAME OUT OF ALL THE PORT EXCEPT PORT FROM WHERE IT IS LEARNED” If not 12 f so we will take what we saw in the MAC table look for the match in the MAC table so we looking for the match on B we found the match then we will forward it out that port forward the frame out of that port fe0/2 50 It will send a copy of frame out of the port Fe0/1, port Fe0/3 but not from the port from where it is learned from and that port is Fe0/2 so It try to get .3 so .3 gets in so the router gets in it comes up to net card comes up to wire physical layer comes up to the DATA LINK layer and comes up the NETWORK layer the pc will look at the which field the dip field to see if the frame is for it .1 gona see the dip field what it gona see .3 so now the frame is not for him so what .1 gona do so we know the router have a table called ARP TABLE Discussion about table Mac table is only found on switches and more importantly everybody in the ETHERNET LAN has to have an ARP TABEL b/c they have a need to resolve the ip host address that it associated to the MAC address Router have routing table Switches have MAC table And devices on Ethernet LAN have ARP table router has interface on LAN Go to /forward the frame coming up to the router will look at the DIP field of that frame and see if the dip is what sip (ip host address) he gona puts entries on ARP table so what entries will he put in as we know that some entries in the table is associated to some other entries in the frame table for example SMAC and SIP so router should will that entry in the ARP table even knowing that the frame is not for him ARP TABLE .2B .3C 51 Now what router gona see now router see .3 in the DIP field so now the frame got fluid so .3 building an 802.3 Ethernet frame that will be containing the ARP reply (at this point it will be flip around DMAC SMAC) .3 sending reply back to the .2 Stop at.3 which is building 802.3 Ethernet frame that containing the ARP reply DMAC 6BYTE B SMAC 6BYTE C LENTH 2BYTE SIP DIP PAYLOAD 201.201.201.2 201.201.201.3 PING .3 .2 FCS WHAT DISTINGUAISH THAT 802.3 Ethernet frame would be stocking in the payload identify as an ARP replay there is a many kind of broad band dhcp broadcast it can be arp request but once it is in the payload it will tell you what kind of what broad kind of FRAME IT IS When you take a pc and plugin the network It want an ip host address so since that is dhcp broadcast the dhcp application is gona give that pc the ip host address So see that DHCP is enable yes that means you that pc and plugin to a switch to send out the DHCP broadcast which is asking to the DHCP server to send a what ip host address 52 BEFORE STP . We are trying to find out the problem before STP and what is STP, STP is the protocol which helps avoid the loops in switch network Question why I have two links in switch A? It’s a redundant connection What is redundancy let say switch A connected to the router, router connected to the internet and I am a pc down and switch B so I got two way getting to the router which will get me to the internet are called what redundancy. So there will be redundant connection in between SWITCH-A and SWITCH-B which form a loop which cause the problems Problems 1 2 3 Broadcast frames could loop forever in switch networks with redundant links – broadcast storm. Looping like crazy light will be solid green multiple copies of the same frame (received by .3 ARP Request over and over may be that will make us to not send the arp reply we don’t know which is not good ) MAC table instability switch do not know where that MAC address physically is it bouncing back (.b is on the feo/2 but the switch think what .b will be the all over the place ) Explanation of these problem Unplug the redundant link STP enable by default why it enable by default because in case we make a redundant link so it will block one of the port in order to prevent the three problem Broadcast frames could loop forever in networks with redundant links – broadcast storm. 53 Switching or bridging loops might cause by broadcast of ARP requests for locating an unknown or shutdown device, as switches were designed to forward unknown unicast frames. Another problem is multiple frame copies, which could occur when a frame arrives from different segments at the same time, which could also lead to MAC address table thrashing. Spanning Tree Protocol (STP) was introduced to solve these problems by placing switch ports in either forwarding or blocking state in forming a single active path called the spanning tree. The purpose of STP is to maintain a loop-free network topology in networks with redundant links. STP is enabled by default in Cisco Catalyst switches. Switch ports in forwarding state can receive and forward frames. Switch ports in blocking state cannot receive and forward frames (but can still receive BPDUs). I got two switches I have two switches I have to make a connection between two switches . 1 before the STP I would not have the problem 2 after STP I would not have the problem 3The problems coms in when I make the redundant connection between two switches STP PROTOCOL “STP protocol that helps to avoid loops in the switch network “it enable by default. Question what is the loop avidness? Loop avowedness is the third function of the switch I know there is the protocol called STP protocol enable by default. Why it is enable by default in order to prevent the position three problem There are two STP protocol Why switch network Because we got a make distinguish between router and 1. DEC (digital equipment corporation ) STP developed by DR radia Perlman a pioneer switch 2. IEEE standardize 802.1d Ethernet frame But I am hoping that STP will enable by default for Prevent me having three problems we have previously 1 mac table instability 2 multiple copies of frame 3 Broad cast storm ROOT BRIGES Before there was switch there was bridges There is no chapter on root bridges but there is what loop avoidances Every switch has STP enable by default and the root bridge is a bridge that execute STP Root bridge election process For example we have What is loop avoidances? Loop avoidances is third function of the switch I know there is protocol54 STP which help allow to avoid the loop in the switch network switch connection Why every switch think as an it is the root bridge because STP is enable by default on every switch 1. The root bridge is responsible for executing of the STP protocol 2. The root bridge can be only one EVERY SWITCH IS A ROOT BRIDGE SW-A SW-B SW-C SW-D SW-A SW-B SW-C SW-D Initially every switch think that he is a the what root bridge but there will be only one root bridge because STP is enable by default CASE 2ND THERE WILL BE ONLY ONE ROOTBRDGE THAT ONE WILL BE SELECTED BY ROOTBRIDGE ELECTION PROCESS 55 If I have two switches connected even I know that I have not any redundant connection or loop form THERE CAN BE ONLY ONE ROOT BRIDGE SW-A A I have that STP after running in case if I do make redundant connection So what happen initially both of these switch think that he is a what root bridge LOOP BRIDGE Root Bridge of switch is elected by the root bridge election process So how do switch become a root bridge The switch with the lowest bid wins So what is the bid? NONLOOP BRIDGE SW-B B Bid is stand for bridge identifier Bid is made up of two things bridge priority plus the base MAC address on the switch BID FIXED NUMBER 216 zz BRIDGE PRIORITY BASE MAC ADDRESS 32,768 A 10 32,768 2byte Is the default bridge priority value Radia Perlman interconnection B 11 The BRIDGE PRIORITY is fixed value 6byte For to switch as a root bridge the election processes it will elect the switch having the lowest BASE MAC address BECOM ROOT BRIDGE it send out BPDUS So this port is what root port and root port is always forwarding, forwarding out BPDU’S The port on the root bridge it goes forwarding they call designating port Non Root Bridge b/c B is greater then A Designating port Root port 56 BPDU’S are not same as the 802.3 Ethernet frame these are two different things what are BPDU’S ?? (Spanning tree advertising) They are like solders set down by the root bridge so what they supposed to go out to detect “is there a loop in a switch network “ So witch port i will block So I will stop looking the port on the root bridge because they need to be what forwarding the BPDUS 10 Mb/s link So I come here and see which port on the non-root bridge that I have to block What BPDU’S DO? IF I HAVE ONE LINK THEN IT WILL NO NEED TO BLOCK THE LINK BPDU’S GONA DO TWO TINGS 1. SEND OUT THE BID 2. DETECT THE REDUNDENT LINKS ( if incase the redundant link , the port on the root BRIDGE SWITCH The BPDUS not gona send it out hits any more it will report it back to the root bridge I was be able to send it out and came back here which mean there is a loop or redundant connection so I need to block one of these port s on the non-root switch ELECTION OF PORT TO BE BLOCK 100mb/s link have the capability to transfer data at higher rate as compare to the 10mb/s so I will chose to block the 10mb/s If both the link is what 100mb/s so which port it will block? So the port fa0/3 is a port have a MAC address B3 it still 6 octet but 3 more in the base And the port fa0/18 is a port have a MAC address B18 18 more in the base The lowest port MAC address So B3 is less than B18 So block B18 port states 1 Disabled 2 Blocking 3 Listening 4 Learning 5 Forwarding Participate. Learned the mac address The Bridge begins to add MAC addresses associated with this port into the table 57 Bridge Port States Each port of a transparent bridge exists in the following states: • Disabled—The port is inactive and does not participate in STP. • Blocking—When a port is enabled, it first moves to the blocked state before listening to the network. In this state, it does not participate in frame forwarding. It receives bridge PDUs and sends them to the STP algorithm for processing. • Listening—When the bridge determines that the port should participate in frame forwarding, it changes to the listening state. In this state, the bridge does not forward frames and does not learn of network MAC addresses. The bridge does receive and process BPDUs and network management frames, but it does not send BPDUs. • Learning—The bridge port discards incoming frames. The bridge begins to add MAC addresses associated with this port into the table. BPDU and network management messages are processed. The bridge processes, generates, and sends BPDUs in this state. • Forwarding—The full functional state for a bridged port. In this state, the bridge does not discard incoming frames. The bridge forwards frames to other ports; the bridge also forwards frames out this port. BPDUs and network management frames are processed. TFTP STEPS 58 59 VLANS - Segment Your Broadcast Domain Physically in the same switch conceptually in a different IP network Definitely needs an IP host address, possibly a subnet mask, and definitely a default gateway to reflect that. By default all ports in a switch are in VLAN 1 To move a port into a VLAN, there are 2 steps: 1. Create the VLAN Mode Prompt IOS command Global Terminal Config Switch(config)# VLAN database ← VLAN Switch(config-if)# VLAN 2 ← 2. Move the Port into the VLAN Mode Prompt Global Terminal Config Switch(config)# Interface Switch(config-if)# IOS command Interface fastethernet 0/3 ← Switchport mode access ← 60 Interface Interface Switch(config-if)# Switch(config-if)# Switchport access VLAN 2 ← No shutdown ← Trucking - Allows Multiple VLAN traffic to traverse a single link Also known as Frame Tagging (tags the frame as coming from a particular VLAN) Can only be performed on fastethernet or greater interfaces. Trunking in non-intrusive to the client: o Trunk between ports from switch to switch and ports from switch to router. There are two types of trunking protocols: 1. ISL (Cisco Proprietary): appends 30 octets (26 in the front and 4 in the back of the 802.3 ethernet frame) 2. 802.1Q (IEEE standard trunking protocol): Appends 4 octets after the length. Mode Global Terminal Config Interface Interface Prompt Switch(config)# Switch(config-if)# Switch(config-if)# IOS command Interface fastethernet 0/24 ← Switchport mode trunk ← Switchport trunk allowed VLAN all ← 1. .2 can ping .3 [same router same VLAN (VLAN 1)] .4 can ping .5 [same router same VLAN (VLAN 1)] .2 cannot ping .4 or .5 [switches are not connected via ethernet crossover cable] 2. .2 can ping .3 [same router same VLAN (VLAN 1)] .2 can ping .4 [different switch same VLAN (VLAN 1)] .2 can ping .5 [different switch same VLAN (VLAN 1)] The link connecting the two switches is in VLAN 1 3. .2 cannot ping .3 [same switch different VLAN] .2 can ping .5 [different switch same VLAN (VLAN 1)] .2 cannot ping. 4 [different router different VLAN] 61 .3 cannot ping .4 [although .3 and .4 are in VLAN 2, the link connecting the two switches are in a different VLAN 1) so it can only accommodate VLAN 1traffic] 4. FE 0/24 on both switches are trunked: .2 cannot ping .3 [same switch different VLAN] .2 can ping .5 [different switch same VLAN (VLAN 1)] .3 can ping. 4 [different router same VLAN (VLAN 2)] INTER-VLAN ROUTING It allows router to route between VLAN Co nfiguration Step no 1 Switch>enable Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config-vlan)#vlan 2 Switch(config-vlan)#name faculty Switch(config-vlan)#^Z Switch#show vlan 62 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 2 faculty active Fa0/3 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ -----1 enet 100001 1500 - - - 0 0 2 enet 100002 1500 - - - 0 0 1002 fddi 101002 1500 - - - 0 0 1003 tr 101003 1500 - - - 0 0 1004 fdnet 101004 1500 - - ieee 0 0 1005 trnet 101005 1500 - - ibm 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- -----------------------------------------Switch# Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#ip default-gateway 192.168.1.1 63 Switch(config)#interface fastethernet 0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 1,2 Swi tch(config-if)#interface fastethernet 0/3 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 2 Switch(config-if)#crt +z Router configuration Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastethernet 0/0 Router(config-if)#no shut %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up Router(config-if)#interface fastethernet 0/0.1 %LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up Router(config-subif)#encapsulation dot1Q 1 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#interface fastethernet 0/0.2 %LINK-5-CHANGED: Interface FastEthernet0/0.2, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.2, changed state to up 64 Router(config-subif)# Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 192.168.2.1 255.255.255.0 Router(config-subif)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console Router#show ip rout Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet0/0.1 C 192.168.2.0/24 is directly connected, FastEthernet0/0.2 Router# EIGRP Cisco Proprietary routing protocol. It is Classless, has an Administrative Distance of 90, and uses B.D.R.L as the metric 100 𝑀𝑖𝑙𝑙𝑖𝑜𝑛 𝑠𝑢𝑚 𝑜𝑓 𝐷𝑒𝑙𝑎𝑦 Metric: [𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ (𝐵𝑃𝑆) + ] ∗ 256 10 Mode Global Terminal Config Router Prompt USA (config)# USA(configrouter)# * The “110” is the autonomous system number IOS command Router EIGRP 500 ←* Network 172.16.1.0 ← OSPF LinkState “OPEN” routing protocol 65 S.P.F – Shortest Path First (Dijstksa) algorithm used to determine the fastest way to get to each network. OPEN means that it can be configured on Cisco and non-Cisco routers It is Classless, has an Administrative Distance of 110, and uses COST as the metric 100 𝑀𝑖𝑙𝑙𝑖𝑜𝑛 Metric: D.O.B. 𝐶𝑢𝑚𝑢𝑙𝑎𝑡𝑖𝑣𝑒 𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ 𝑜𝑓 𝑜𝑢𝑡𝑔𝑜𝑖𝑛𝑔 𝑖𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒𝑠(𝐵𝑃𝑆) Two types of OSPF: Single area and Multiple area. They both have a concept known as the Backbone area. For single area OSPF, the Backbone area must have the same number. Mode Global Terminal Config Router Prompt USA (config)# USA(configrouter)# * The “110” is the process ID number ** must use the inverse mask IOS command Router OSPF 110 ←* Network 172.16.1.0 0.0.0.255 51 ←** OSPF Process: 1. Router exchange “Hellos” to build neighbor table. (Hellos Consists of Router ID number***) 2. Exchange LSA’s (Link State Advertisement) 3. Once the exchange of LSA’s is complete, a Topological database is then built and the routers will reach adjacency. 4. The SPF algorithm is then run to determine the shortest path to each network 5. Routing table is built after the SPF algorithm is completed ***3 ways to obtain a router ID number: 1. The highest active IP host address on a router interface 2. Loopback 0 interface – virtual interface that can never go down. Always (UP UP) Mode Prompt IOS command Global Terminal USA (config)# Interface Loopback 0 ← Config Interface USA(config-if)# IP address 1.1.1.1 255.255.255.255 ← Interface USA(config-if)# No shutdown 3. User configured 66 Access Control Lists Access Control Lists - “Permit” or “Deny” IP traffic 2 types of access control lists Type of ACL ACL number range Standard 1-99 Extended 100-199 Interrogates SIP only SIP, DIP, Protocol, Well Known Port Number Place extended ACL closest to the source to prevent the unnecessary utilization or resources Two steps for configuring an ACL: 1. Create the list Standard Command ACL # Permit / Deny SIP Inverse Mask IP access- list 10 DENY 201.201.201.2 0.0.0.0* Extended Command ACL # Permit Protocol SIP Inverse DIP Inverse payload / Deny Mask Mask IP access- 100 DENY ICMP 201.201.201.2 0.0.0.0* 205.205.205.254 0.0.0.0* Echolist request * Each 0 indicates the octet that is to be interrogated. 2. Put the guard at the door Mode Prompt Global Terminal Config USA(config)# Interface USA(config-if)# IOS command Interface fastethernet 0/0 ← IP access-group 100 in ← Deny Must Have at least 1 Permit because of the implicit deny There is Always a match: On the ACL statement On the implicit deny If a standard ACL was created to deny 201.201.201.2: ACL # Permit / Deny SIP IP access- list 10 DENY 201.201.201.2 IMPLICIT DENY Then and Standard ACL was created to permit 201.201.201.3: ACL # Permit / Deny SIP Inverse Mask 0.0.0.0 Inverse Mask 67 IP access- list 10 DENY 201.201.201.2 0.0.0.0 IMPLICIT DENY IP access- list 10 PERMIT 201.201.201.3 0.0.0.0 .3 would not be permitted because there would match the implicit deny. To add a second access control list, one would have to remove the list and then configure it with the correct order. 1. A standard ACL would be created to deny 201.201.201.2 and be created to permit 201.201.201.3: ACL # Permit / Deny SIP IP access- list 10 DENY 201.201.201.2 IP access- list 10 PERMIT 201.201.201.3 IMPLICIT DENY then and Standard ACL would Inverse Mask 0.0.0.0 0.0.0.0 If only certain IP host addresses will be denied, and everyone else will be permitted: ACL # Permit / Deny SIP Inverse Mask IP access- list 10 DENY 201.201.201.2 0.0.0.0 IP access- list 10 Permit ANY ANY IMPLICIT DENY NAT - Converts a private IP host address to a public IP host address 5 NAT commands Commands 1 IP NAT inside 2 IP NAT outside 3 IP access-list 10 permit 10.0.0.0 0.0.0.255 4 IP NAT pool Global 201.201.201.3 201.201.201.254 netmask 255.255.255.0 5* IP NAT inside source list 10 pool global * 5 is the glue that connects the pool (which contains public IP host addresses) and the ACL Secondary Host addresses Assigned to a Fast Ethernet interfaces to simulate having multiple IP host addresses. Used to test that NAT is properly configured 68 Mode Global Terminal Config Interface Interface Prompt USA(config)# IOS command Interface fastethernet 0/0 ← USA(config-if)# USA(config-if)# Interface USA(config-if)# IP address 10.0.0.1 255.255.255.0 ← IP address 10.0.0.2 255.255.255.0 Secondary ← IP address 10.0.0.3 255.255.255.0 Secondary ← No Keep Alive Used to keep a router interface “UP UP” when there is not a device connected to it Used to test that NAT is properly configured with only one switch Mode Prompt IOS command Global Terminal USA(config)# Interface fastethernet 0/0 ← Config Interface USA(config-if)# IP address 10.0.0.1 255.255.255.0 ← Interface USA(config-if)# No shutdown ← Interface USA(config-if)# No keep alive ← CDP - Cisco Proprietary Discovery Protocol Helps Cisco devices to discover directly connected Cisco devices To see the information about a device’s neighbor (Shows 5 pieces of information) Mode Prompt IOS command Privileged USA# Show CDP neighbors detail← 1. Host name 2. IP host address 3. Interface that that device is connected to on me 4. Interface that I’m connected to on that device 5. Platform There are 2 ways to disable CDP: 1. Disable it Globally Mode Prompt Global Terminal Config USA(config)# IOS command No CDP run ← 2. Disable it on an interface Mode Prompt Global Terminal Config USA(config)# Interface USA(config-if)# IOS command Interface fastethernet 0/0 ← No CDP enable ← 69 VTP – Cisco Proprietary Protocol Synchronizes VLAN databases in a switched network. 3 VTP modes: 1. Server: create, modify, or delete a VLAN. Enabled by default 2. Transparent: “An island in itself”. Create, modify, or delete a VLAN. Does not propagate configurations made in that switch 3. Client: Cannot create, modify, or delete VLAN. Propagates Config.revision #: increases when a creation, modification, or deletion takes place in a switch A switch is by default in Server mode. Not entirely true, two things have to take place: 1. Specify the VTP domain Mode Prompt IOS command Global Terminal Config Switch(config)# VTP domain cisco ← 2. Trunk the ports connecting the switches Mode Prompt Global Terminal Config Switch(config)# Interface Switch(config-if)# Interface Switch(config-if)# IOS command Interface fastethernet 0/24 ← Switchport mode trunk ← Switchport trunk allow VLAN all ← 7 LAYER OF OSI MODEL ALL PEOPLE SEEM TO NEED A DATA PROSECCESING please do not take sausage pizza away 7 layer of osi model is the blue print of OF NETWORK how network are designed it help me educational environment functionality of devices in network it help me in troubleshoot of network device that how we have to describe 7 LAYER OF OSI MODEL troubleshooting of 7 Application SMTP Telnet FMT HTTP network device how Email Access download to operate Well-known port 25 23 20,21 6 5 4 3 2 Presentation Session Transport Network Data link Ebsdic TCP IP packet LLC logical link control 1 Physical number Asscii UDP EDUCATIONAL MAC media access control FUCNTIONALITY TRUBLESHOOTING Cable , bandwidth (bit per second ) What Is the smtp is the network application layer of osi model WHAT are three application layer we learning about why we say network because power point is what excel is what application s o I have to make a what distinguish about network application and any other application 70 1. Telnet 2. Smtp 3. Fmt THESE THREE ARE WHAT NETWORK APPLICATION LAYER Every network application has assign what the well-known port number What is the well-known port number assign to telnet, smtp , fmt 23,25, 20and 21 How we measure speed in the network bandwidth is measured by bits per what second B is represent bights b represent bits I got a ip packet Ok suppose I am a hacker what I will hack I am looking to every ip packet but I am gona particularly what ip packet I gona hack how I have to distinguish one ip packet to another ip packet by to look at well-known port number (you got a think like criminal to catch a criminal) so which port number you looking to do that first I want see what I am hacking and why I am hacking so I am hacking the network if I am hacking 23 so what I am hacking telnet because the hacker gona hack what the telnet password because it will make able to a hacker to get in the network TCP/IP is a part of the OSI Model 7 layer of OSI model verses 4 layer of TCP/IP is used in what educational is the Live implementation if I type a press the number on a key board it gona be represent in the computer memory as binary b/c it’s an electronic device have a on and off statement that’s why they have number system binary if I press a letter a it gona be also represent in the pc memory as binary number but according to a chart made by someone the name of that chart is ascii same is as the ebcdic Ascii Ebcdic is a character representation chart where I use Ascii on a pc when I press a on a keyboard connecting to a pc its gona be represent in binary according to a an entery in the ascii character representation chart if I have network and I have the mainframe computer what would you have to server for the pc to communicate to the mainframe I am pressing letter on keyboard what would I have to do to I have the network connection but still I am not able to transfer the if I press a letter a on my pc keyboard it gona go and look at the character representation chart abcidec if I go in the application in the mainframe so the will mainframe be understand that’s it a letter a now because it gona look at a according to a what abcidec character representation chart so whats the better way or saying it will you could be assure or you are not incorrect so you will need some method of ensuring that the asscii representation the letter a would be converted to a what the absidec representation of a so mainframe could recognize and then you got back the information from the mainframe it would be in what character representation format absidec and then report the pc with understanding so that is the application used to interchange the asscii and absedec if the sever goes down then what What’s wrong with this design this will a single point of failure . Because no pc will communicate So every pc should have the their own application 71 Data-Link Layer (OSI Layer 2) The layer 2 data-link layer of 7 layer of osi model layer 2 layer is the only layer have sub layer llc mac llc is driven by software the mak one down is driver by hardware This layer is concerned with the reliable transport of data across a physical link. Data at this layer is formatted into frames. Data-link specifications include the following: sequencing of frames, flow control, synchronization, error notification, physical network topology, and physical addressing. This layer converts frames into bits when sending information and converts bits into frames when receiving information from the physical media. Bridges and switches operate in the data-link layer. Because of the complexity of this OSI layer, the IEEE subdivides the data-link layer into two sublayers for local-area networks. Figure 2-2 shows how Layer 2 is subdivided. The upper layer is the Logical Link Control (LLC) sub layer, which manages the communications between devices. The lower layer is the Media Access Control (MAC) sub layer, which manages protocol access to the physical media. Devices that operate in this layer can contain a unique physical MAC address. These sub layers are discussed in more detail in Chapter 4, “Local-Area Networks and LAN Switching. Concept of bit and bytes with respect to the Ethernet router interface What is the 2giga ram means two billion bytes measure byte/sec What’s is the 1giga bit fast Ethernet that is the speed of measure bit /sec billion bit per second the upload and download speed are not same a gigabit router interface one download speed is greater than the upload TRANSPORT LAYER OF OSI MODEL Layer 4 is transport layer TCP and UDP they reside in the layer 4 which is the transport layer TCP and UDP are transport protocol I know that because they reside at the layer 4 of the 7 layer osi model which is the transport layer I also know TCP is one of the two protocols that make TCP/IP I know a lot about ip TCP is connection-oriented protocol LAB 72 73 74