1. © 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-2 Introducing Routing

Introducing Routing

To route, a router needs to do the following:• Discover the connected networks .• Select the best paths (routes) to these networks.• Maintain and verify routing information using a routing table.

- Network traffic filtration

- Quality Of Serves .

What Is Routing?

• Routing table contains the best paths discovered by a “ routing protocol “

Routing table

• Static Route

a route (path) that a network administrator enters into the router manually

• Dynamic Route

a route (path) that a network routing protocol discovers automatically and adjusted when topology changes

Routing Protocols

Static Dynamic

Direct connected

Static route

Default route

IGP EGP

)EGP , BGP(

Distance vector

(RIPv1 , IGRP)

Link state

(OSPF , ISIS)

Hybrid (EIGRP , RIPv2)

Autonomous Systems: Interior or Exterior Routing Protocols

Routing table creation

Routing table contains only the decisions of the best routing protocol and the best paths to reach networks.

- The best routing protocol is elected based on its administrative distance.

- The best paths depend on its metric

Administrative Distanceit is a value between ( 0 – 255 ) that reflects the truthfulness of routing protocol (the best protocol has the least admin. distance)

Selecting the Best Route with Metrics

- The best path has the least metric.

- each routing protocol use a metric type (hop count , BW , delay , load , reliability , MTU)

Static routing protocol1- Direct connected networks : - Direct connected networks are automatically detected

by the router without configuration

- symbol in routing table is “ C ”

- admin. Distance = 0

10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0

10.0.0.0

11.0.0.0

12.0.0.0

13.0.0.0

Static routing protocol2- Static route : - manually you can define a path to reach a certain network

- symbol in routing table is “ S ”

- admin. Distance = 1192.168.1.0/24

192.168.1.0 S0

12.0.0.1/812.0.0.2/8

OR 192.168.1.0 12.0.0.2

Internet

Static routing protocol3- Default route : - This route allows the stub network to reach all known

networks beyond router A (gateway of last resort) - symbol in routing table is “ S* ”

192.168.1.0/24

12.0.0.1/8 12.0.0.2/8

12.0.0.1

Internet S0

Displaying the routing table

router# show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 12.0.0.0 is directly connected, Serial0S* 0.0.0.0/0 is directly connected, Serial0

Dynamic routing protocols

Distance Vector Routing Protocols : - each router detects its direct connected networks and

form its initial routing table

- routers pass periodic copies of routing table to neighbor routers and learn the best paths to all networks ( the paths with the least metric ) and form the final routing table (convergence)

- after convergence periodic updates (full routing table) are sent to indicate any change in the topology .

Distance Vector Routing Protocols

10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0

10.0.0.0 11.0.0.0 12.0.0.0

11.0.0.0

12.0.0.0

13.0.0.0

12.0.0.0

10.0.0.0

13.0.0.0

11.0.0.0

10.0.0.0

Routing loops

10.0.0.0

10.0.0.0 E0 16 down

10.0.0.0 S0 16

10.0.0.0 S1 3

10.0.0.0 S0 2

- when network 10.0.0.0 fails , router A will mark its metric by 16 (a max. hop count value to avoid counting to infinity) and send its routing table to B after the periodic interval.

-before B sends its periodic update to C , router C sent its routing table to B containing a path to 10.0.0.0 with a better metric so B think that 10.0.0.0 can be reached by C while C

depends on B for that so loop occurs.

Routing loops solutions

- Split Horizon : route learned from an interface can not be

sent back on the same interface

10.0.0.0

10.0.0.0 E0 16 down

10.0.0.0 S0 16 10.0.0.0 S0 2

- Hold-down Timers : - router that informed with a failed route don’t accept any

update about it for a time equal to the hold down timer so by the end of the timer all routers would know that route failed ( it is useful in flapping networks ).

- hold finish if :– The hold-down timer expires.– Another update is received with a better metric.

10.0.0.0

- Triggered Updates : instead of sending updates after a time interval , router

sends the update as soon as a route fails or any change occurs so other routers immediately modify their routing tables ( this is the most used solution ).

Properties of Distance Vector Routing Protocols

-simple configuration -low processing / memory usage

-bandwidth waste due to the periodic updates -unreliable (no ack. for the protocol messages)

-updates are sent broadcast on all active interfaces so it may affect the hosts PCs

-classful: do not include the subnet mask with the route

advertisement and often sends a summary routes -These are examples of distance vector protocols:

• RIP version 1 (RIPv1)• IGRP

RIP v1- distance vector routing protocol

- symbol in routing table is “ R ”

- admin. Distance = 120

- metric is hop count , metric 16 means unreachable

- full routing tables are flooded in the network till convergence occurs (use Bellman Ford algorithm)

- after convergence , periodic updates are sent every

30 seconds

- at change , triggered update is sent

- support load balancing if many paths to the same network exist with an equal metric

- Classful

- Starts the RIP routing process

Router(config)#router rip

Router(config-router)#network direct connected network

- Advertise about the connected networks

RIP Configuration

RIP Configuration Example

Verifying the RIP Configuration

Displaying the IP Routing Table

Link-State Routing Protocols

10.0.0.1/8

12.0.0.1/812.0.0.2/8 13.0.0.2/8

13.0.0.1/8

15.0.0.1/814.0.0.1/8

14.0.0.2/811.0.0.2/811.0.0.1/8

-Operation:

-each router will discover its direct connected neighbors using the “hello protocol“ (layer-3 protocol) - each router will form a packet called link state advertisement (LSA)

10.0.0.1/8 11.0.0.1/8

12.0.0.1/8State , Cost C

- each router will flood its LSA to all neighbors on special multicast address then neighbors continue flooding of the LSA’s to each other.

- each router will form the link state database (LSDB) from the received LSA’s so all routers will have the same LSDB form.

10.0.0.1/8 11.0.0.1/8

12.0.0.1/8

11.0.0.2/8 14.0.0.2/8

12.0.0.2/8 13.0.0.2/8

13.0.0.1/8 14.0.0.1/8

15.0.0.1/8A

-every router will form the Link State Tree that describe the actual connection of the network topology then apply

the Dijekstra algorithm on the tree to form the routing table .

-after convergence: no periodic updates

-at change: partial triggered update for the affected route is sent so all routers repeat the link state process.

Benefits of Link-State Routing

– Fast convergence: changes are reported immediately by the source

affected (partial triggered updates)– Robustness against routing loops:

• Routers know the topology. • Link-state packets are sequenced and

acknowledged (reliable protocol)– Lower bandwidth waste: no periodic updates

– classless

disadvantages of Link-State Routing

– Significant demands for resources:• Memory (three tables: adjacency, topology,

forwarding)• CPU (Dijkstra’s algorithm can be intensive,

especially when a lot of instabilities are present.)– Complex configuration– Requires very strict network design (multiple areas)

• Open standard• Shortest path first (SPF) algorithm• Link-state routing protocol • Use Dijkstra’s algorithm • Administrative Distance = 110• Metric called cost = 10^8 / BW• Hop-count is unlimited• Symbol in routing table is O• Loop free protocol• Classless routing protocol

OSPF (Cont.)• discover neighbors and maintain neighbor relationship using hello protocol

• send hello every 10 seconds in point-to-point and broadcast multi-access networks on multicast address 224.0.0.5 to reach neighbors only

• dead interval = 4 hello timer (40 sec)

• send LSA’s (updates) on multicast address 224.0.0.5 (all OSPF routers) and 224.0.0.6 (DR and BDR routers)

•Every OSPF router receives LSA updates it’s Link State Database (LSDB) by copy of this LSA and flood it to all OSPF neighbors except the one that send it, and then runs the Dijkstra OSF algorithm to the new LSDB to draw the new topology tree then form the routing table.

OSPF (Cont.)• After convergence :

no periodic updates are sent except a periodic refreshment message for LSDB every 30 minutes

• At change :

OSPF sends a triggered update for the affected route so OSPF process repeated again

• OSPF tables :

1- neighbor table :

contains neighbor router ID’s and maintained by Hello’s

2- topology table :

all paths to all networks

3- routing table :

best paths to all networks

OSPF Hierarchical Routing

• OSPF supports Hierarchical multiple area design• Multiple areas minimizes routing update traffic and limits

the frequent SPF calculations and tends scalability to infinity

• Area 0 is the backbone area and all other areas must be connected to area 0

Router ID

• every router in OSPF environment is identified by RID• RID is 32 bit value, it is selected to be : 1- the highest IP address of loopback interface if exist

(logical interface that is always up) to configure loopback interface : (config)# interface loopback no. (config-if)# ip address ip mask

2- if no loopback interfaces the RID will take the highest IP of the active physical interfaces when the OSPF process get started

255.255.255.255

OSPF operation

1- in point to point topology : - neighbor discovery : by sending hello messages periodically on multicast

224.0.0.5

• - for OSPF routers to be neighbors they must have: - the same area ID - same hello and dead intervals - same authentication password - route discovery : exchange LSA’s on 224.0.0.5 so as each router has the

same LSDB

- route selection : form the routing table

2 -Broadcast Multiple Access (BMA) Operation: -Neighbor Discovery : as in point to point

-DR & BDR Election:

-DR : Designated Router is a router that has

1 -highest priority (range 0 – 255 , default = 1)

2 -if equal priorities , DR is the highest RID

-BDR : Backup DR is a router that has the second highest priority or RID

- if anew router with highest priority added ,it won’t be the DR directly (non-preemptive)

- router with priority=0 can’t be the DR or BDR

- the routers that are not DR or BDR called drothers

OSPF operation

OSPF operation in BMA (cont.)

224.0.0.5Hello

Hellounicast

Unicast updatehere is my routing table

Update to 224.0.0.6

here is my routing table

to other routers

- Route Selection:

- The router will form a topology table from all routing tables it receives.

- Then apply the Dijekstra algorithm on the tree to extract the routing table

- Route Discovery: form the adjacency with DR & BDR on 224.0.0.6

Update to 224.0.0.5update

OSPF operation in BMA (cont.)

224.0.0.6update

- Other routers repeat the OSPF process (SPF tree)

- At change :

to other routers

Update to 224.0.0.5update

Configuring Single-Area OSPF

Router(config-router)#network network wildcard-mask area area-id

• Assigns networks to a specific OSPF area

Router(config)#router ospf process-id

• Defines OSPF as the IP routing protocol

OSPF Configuration Example

255 area 0255 area 0

OSPF Configuration Example

Router#show ip ospf interface

Verifying the OSPF Configuration

• Displays area ID and adjacency information

Router#show ip protocols

• Verifies that OSPF is configured

Router#show ip route

• Displays all the routes learned by the router

Router#show ip ospf neighbor

• Displays OSPF neighbor information on a per-interface basis

OSPF debug Commands

Router#debug ip ospf events

OSPF:hello with invalid timers on interface Ethernet0hello interval received 10 configured 10net mask received 255.255.255.0 configured 255.255.255.0dead interval received 40 configured 30Router# debug ip ospf packet OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.117 aid:0.0.0.0 chk:6AB2 aut:0 auk: Router#debug ip ospf packet OSPF: rcv. v:2 t:1 l:48 rid:200.0.0.116 aid:0.0.0.0 chk:0 aut:2 keyid:1 seq:0x0

Hybrid Routing Protocols

Determining IP Routes

Enabling EIGRP

EIGRP (Enhanced IGRP)- advanced distance vector protocol.- Cisco proprietary.- maintain neighbor relationship using hello protocol.- send hello every 5 sec. on fast link (>1.54Mbps).- send hello every 60 sec. on slow link (<1.54Mbps).- dead interval = 3 * hello interval.- rapid convergence by using DUAL algorithm ( store a backup

route for each best route).- support multiple network layer protocols (IP, IPX, Apple talk).- support equal and unequal load balancing between many

paths to the same destination network.- differentiate between internal and external routes.- admin. Distance = 90 for internal routes.- admin. Distance = 170 for external routes.- symbol ( D ) in routing table.

- Max. hop count = 224.- Classless- Reliable protocol.- Have the same operation in all topologies.

- Use composite metric

- EIGRP routers to be neighbors:1- Must have the same AS number.2- Must have the same K-values.

EIGRP (cont.)

–Bandwidth–Delay–Reliability–Loading–MTU

- Neighbor table: List of all neighbors.- Topology table: list of all routes to destination networks.- Routing table: list of best routes to all destination networks.- Successor ( S ): best route to destination network , stored in

routing table and topology.- Feasible successor (FS): backup route to destination

network, stored in topology table.- Feasible distance (FD): metric between source and

destination network.- Advertised distance (AD): metric between my neighbor and

the destination network .

EIGRP terminologies

- FD = next hop metric + AD.S

EIGRP operation

224.0.0.10Hello

Hellounicast

Unicast updatehere is my routing table

Update to 224.0.0.10

here is my routing table

- The router will form a topology table from all routing tables it receives.

- Then apply the DAUL algorithm on topology table to extract the routing table (S) and calculate the backup routes (FS).

-At start up:

-At change:

EIGRP operation (cont.)

224.0.0.10update

1- New network appear :

-After convergence:

No periodic updates are sent

2 -Network failure:

EIGRP operation (cont.)

-If there is a backup route (FS):

224.0.0.10updateAck.

The FS will be the new successor for this rote

-If there is no backup route (FS):

224.0.0.10queryAck.

Yes / noAck.

Does any one know another route to the failed network

Configuring EIGRP

Router(config-router)# network network-number [wild card mask]

• Selects participating attached networks

Router(config)# router eigrp autonomous-system

• Defines EIGRP as the IP routing protocol

EIGRP Configuration Example

Verifying the EIGRP Configuration

Router# show ip protocols

Router# show ip route eigrp

Router# show ip eigrp traffic

Router# show ip eigrp neighbors

Router# show ip eigrp topology

• Displays the neighbors discovered by IP EIGRP

• Displays the IP EIGRP topology table

• Displays the number of IP EIGRP packets sent and received

• Displays current EIGRP entries in the routing table

• Displays the parameters and current state of the active routing protocol process

debug ip eigrp Command

Router#debug ip eigrpIP-EIGRP: Processing incoming UPDATE packetIP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 - 256000 104960IP-EIGRP: Ext 192.168.0.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 - 256000 104960IP-EIGRP: Ext 192.168.3.0 255.255.255.0 M 386560 - 256000 130560 SM 360960 - 256000 104960IP-EIGRP: 172.69.43.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 172.69.43.0 255.255.255.0 metric 371200 - 256000 115200IP-EIGRP: 192.135.246.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 192.135.246.0 255.255.255.0 metric 46310656 - 45714176 596480IP-EIGRP: 172.69.40.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 172.69.40.0 255.255.255.0 metric 2272256 - 1657856 614400IP-EIGRP: 192.135.245.0 255.255.255.0, - do advertise out Ethernet0/1IP-EIGRP: Ext 192.135.245.0 255.255.255.0 metric 40622080 - 40000000 622080IP-EIGRP: 192.135.244.0 255.255.255.0, - do advertise out Ethernet0/1

EIGRP Load Balancing

Router(config)# router eigrp

Router(config-router)#traffic share-balance

Router(config-router)# variance multiplier

- Configuration :

Metric 20

Metric 40

Metric 60

RIP v2• Advanced distance vector protocol.• No periodic updates, only partial triggered updates.• Updates are sent on multicast 224.0.0.9• Classless.• Admin. Distance = 120• Symbol ( R ) in routing table.• Metric = hop count.

Router(config)# router rip

Router(config-router)#network direct connected network

Router(config-router)# version 2

- Configuration :

Route Summarization

-It is grouping block of subnets and advertise them as a single network address.

) single IP address represent group of contiguous subnets.(

Route summarization

• Advantages of route summarization:

- reduce the size of routing table for the router who know the summary only.

- summary requires less bandwidth.

- router that know the summary don’t affected by network instability.

Route summarization (cont.)

-It is grouping of major networks into one address

Classless Inter domain Routing (CIDR)

8.0.0.0/8

9.0.0.0/8

10.0.0.0/8

11.0.0.0/8

0000 10 00 . 0 . 0 . 0

0000 10 01 . 0 . 0 . 0

0000 10 10 . 0 . 0 . 0

0000 10 11 . 0 . 0 . 0

CIDR 8 . 0 . 0 . 0 / 6

Summarizing Routes in a Discontiguous Network

– RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets.

– OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets.

Implementing Variable Length Subnet Masks

(VLSM)

- VLSM means that in a single class A, B, or C network, more than one subnet mask is used.

- VLSM allows some subnets to be smaller and some subnets to be larger, which reduce the waste in IP addresses.

- VLSM allows you to apply different subnet masks to the same class address.

- Steps :

- begin with the largest subnet

- continue giving addresses with the suitable subnet mask

Variable Length Subnet Mask (VLSM)

VLSM example

60 host

2 hosts

- For s1, s2 , s3 to support 60 host we need 6 bits

- so subnet mask is 255.255.255.192

- hop count = 256-192 = 64

- s1 address 192.168.1.0 /26

s2 address 192.168.1.64 /26

s3 address 192.168.1.128 /26

- starting from address 192.168.1.192 give addresses to s4 , s5 , s6

- 2 hosts need 2 bits

- new subnet mask is 255.255.255.252 , hop count = 256-252 = 4

- s4 address 192.168.1.192 /30

s5 address 192.168.1.196 /30

s6 address 192.168.1.200 /30

VLSM is supported only by the classless routing protocols

Divide network 192.168.1.0 /24

Managing IP Traffic with Access Lists (ACL)

• Manage IP traffic as network access grows• Filter packets as they pass through the router

Access control list (ACL)

- ACL is a set of commands that are grouped under certain name or number to control traffic flow (permit or deny).

- Access list is configured on the router then activated on interfaces.

• ACL processing:

- statements are checked from up to down. - once a match found, no further checking. - if no match found, the packet will be dropped due to the

“ implicit deny “ statement at the end of the ACL. - ACL must contain at least one permit statement otherwise all

packets will be dropped. - in any ACL , you can not add statement between statements

(any new statements can only be added to the end of ACL). - you can have one ACL per interface per protocol per direction.

ACL Structure

Note : - in numbered ACL, you can not delete a certain statement ,

only delete the whole ACL. - In named ACL, you can delete a certain statement between

statements.

ACL typesACL

Standard ACL

Numbered

1 - 99

1300 - 1999

Extended ACL

NamedNumbered

100 - 199

2000 - 2699

Standard ACLs

- Configuration :

•Activates the list on an interface•Sets inbound or outbound testing•no ip access-group ACL-number removes ACL from the interface

Router(config-if)# ip access-group ACL-number {in | out}

• IP standard ACLs use 1 to 99• default wildcard mask = 0.0.0.0 (exactly match the ip address)• 12.0.0.1 0.0.0.0 = host 12.0.0.1 & 0.0.0.0 255.255.255.255 = any• no access-list ACL-number removes entire ACL

Router(config)# access-list ACL-number {permit|deny} source ip [w.c.mask]

- It filters the packets based on the source ip address

Standard IP ACL example

12.0.0.0

- Deny traffic from host 172.16.4.13 to host A and permit all other traffic.

Note: commands order is important

= host 172.16.4.13

• control telnet access to router :

we want to restrict the telnet access from host 10.1.1.1 to the router.

10 . 1 . 1 . 1

(config)# access-list 1 deny host 10.1.1.1

(config)# access-list 1 permit any

(config)# line vty 0 4

(config-line)# access-class 1 in

Standard ACL (cont.)

Router(config)# ip access-list standard nameRouter(config-std-nacl)# {permit|deny} source ip [ w.c.mask ]Router(config-std-nacl)# no {permit|deny} source ip [w.c.mask ]

Router(config-if)# ip access-group name {in | out}

Standard Named IP ACL

• Permit or deny statements have no prepended number.

• “no” removes the specific test from the named ACL.

• Activates the named IP ACL on an interface.

Host X

192.168.5.1/24Server

192.168.1.1/24

192.168.2.0/24

- we want to restrict the user X from accessing the server.

C(config)# access-list 1 deny host 192.168.5.1

C(config)# access-list 1 permit any

C(config)# interface e0

C(config-if)# ip access-group 1 out

- Rule:• Standard ACL is placed as close as possible to

destination.

Placement of standard ACL

Extended ACL

- It is more flexible than standard ACL.

- extended ACL can match on:

1- source IP , destination IP.

2- TCP/IP protocols ( IP, TCP, UDP, ICMP,…….).

3- protocol information ( port no. ).

Router(config-if)# ip access-group access-list-number {in | out}

Extended IP ACL Configuration

• Activates the extended list on an interface

• Sets parameters for this list entry

Router(config)# access-list access-list-number {permit | deny} protocol source ip source-wildcard [operator port] destination ip destination-wildcard [operator port]

• Note: - 0.0.0.0 is called host mask. - 12.0.0.1 0.0.0.0 = host 12.0.0.1 - 0.0.0.0 255.255.255.255 = any

- The operator and port values : (eq) operator means equal (Lt) operator means less than or equal. (gt) operator means greater than or equal. range 10 – 80 ---- all ports between 10 , 80

- eq 80 = eq http ---- put the port number or name

Extended ACL

Extended ACL example

– Deny FTP from subnet 172.16.4.0 to subnet 172.16.3.0– Permit all other traffic.

internet

Extended ACL example

– Deny only Telnet from subnet 172.16.4.0– Permit all other traffic.

internet

Router(config)# ip access-list extended name

Router(config-ext-nacl)# {permit | deny} {ip access list test conditions} Router(config-ext-nacl)# no {permit | deny} {ip access list test conditions}

Router(config-if)# ip access-group name {in | out}

• Alphanumeric name string must be unique.

• Permit or deny statements have no prepended number.

• “no” removes the specific test from the named ACL.

• Activates the named IP ACL on an interface.

Extended Named ACL

Host X

192.168.5.1/24

Server

192.168.1.1/24

192.168.2.0/24

- We want to restrict the user X from accessing the server

-Rule:•Extended ACL is placed as close as possible to source.

Placement of Extended ACL

Monitoring ACL Statements

wg_ro_a#show access-lists Standard IP access list 1 permit 10.2.2.1 permit 10.3.3.1 permit 10.4.4.1 permit 10.5.5.1Extended IP access list 101 permit tcp host 10.22.22.1 any eq telnet permit tcp host 10.33.33.1 any eq ftp permit tcp host 10.44.44.1 any eq ftp-data

router# show {protocol} access-list {access-list number}

router# show access-lists {access-list number}

router# show ip interfaces e0Ethernet0 is up, line protocol is up Internet address is 10.1.1.11/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 1 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled <text ommitted>

Verifying ACLs

Scaling the Network with NAT and PAT

- Address translation allows you to translate your internal private address to a public address before the packets leave your local network to the public network.

- NAT terminologies:1- Inside local IP: an internal device that has a private IP.2- Inside global IP: an internal device that has a public IP.3- Outside local IP: an outside device that has a private IP.4- Outside global IP: an outside device that has a public IP.

- Types of Address Translation:

• Static Translation.• Dynamic Translation.

Network address translation (NAT)

Static NAT

10.0.0.112.0.0.112.0.0.110.0.0.1

10.0.0.1 12.0.0.1

NAT table is formed

manually translating

private IPs to public IPs.

- Static NAT is used when outside users are trying to access your internal resources

Configuring Static Translation

• Establishes static translation between an inside local address and an inside global address

Router(config)# ip nat inside source static local-ip global-ip

• Marks the interface as connected to the inside

Router(config-if)# ip nat inside

• Marks the interface as connected to the outside

Router(config-if)# ip nat outside

Static NAT Example

- the router is given a pool of IPs that contains global IPs, so every user tries to access a public network will be given an IP from the pool.

- To configure Dynamic NAT:

1- Define the pool of IPs.

2- Define which inside addresses are allowed to be translated. (ACL)

Dynamic NAT

Configuring Dynamic NAT

• Establishes dynamic source translation, specifying the ACL that was defined in the prior step.

Router(config)# ip nat inside source list access-list-number pool pool-name

• Defines a pool of global addresses to be allocated as needed.

Router(config)# ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

• Defines a standard IP ACL permitting those inside local addresses that are to be translated.

Router(config)# access-list access-list-number permit source ip [source-wildcard]

Dynamic NAT Example

-Static or dynamic NAT provide only one to one translation while PAT supports many to one translation using port numbers.

port address translation (PAT)

internet

13.0.0.1

10.0.0.1

10.0.0.2

10.0.0.1 13.0.0.1 2000 80

10.0.0.2 13.0.0.1 3000 80

12.0.0.1 13.0.0.1 2000 80

12.0.0.1 13.0.0.1 3000 80

Inside local ipInside local

portinside global ip

inside global port

10.0.0.210.0.0.210.0.0.1 2000

30002000 12.0.0.1

12.0.0.112.0.0.1 2000

30004000

Configuring PAT

• Establishes dynamic source translation, specifying the ACL that was defined in the prior step

Router(config)# ip nat inside source list access-list-number interface interface overload

• Defines a standard IP ACL that will be permit the inside local addresses that are to be translated

Router(config)# access-list access-list-number permit source-ip source-wildcard

PAT Example

Displaying Information with show Commands

• Displays translation statistics

Router# show ip nat statistics

• Displays active translations

Router# show ip nat translations

Router#show ip nat translation Pro Inside global Inside local Outside local Outside global --- 172.16.131.1 10.10.10.1 --- ---

Router#show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Ethernet0, Serial2.7 Inside interfaces: Ethernet1 Hits: 5 Misses: 0 …

Using the debug ip nat Command

Router#debug ip nat NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]

Switching

Spanning Tree Protocol

IEEE 802.1D

Layer 2 loops

MAC port

1• Solution : using Spanning tree protocol (STP)

- provides a loop-free redundant network topology by placing certain ports in the blocking state (logical blocking)

- STP protocol enables switches to become aware of each other so they can negotiate a loop free path.- when the used path fails the STP opens the blocked port

(activate the other path)

Spanning Tree Protocol

1- BPDU Flooding:

- BPDUs (bridge protocol data unit) are flooded from each switch to the other switches on a well known multicast MAC address.

- every switch will take a copy of the BPDU and resend it to other switches.

- every switch will form a database from all the BPDUs. - BPDU is sent every two seconds.

Spanning Tree Operation

Port IDaccumulated

path costbridge ID

(BID)BPDU

- Root bridge is the bridge with the lowest bridge ID

- Bridge ID =

2- Root Bridge election

2 bytes default = 32768

Spanning Tree Operation (cont.)

priority Bridge MAC address

- Root bridge has the lowest priority , if equal priorities then it has the lowest MAC address- after election, the root bridge only sends the BPDUs every 2 sec.

6 bytes

3- Root port election: (RP)- each non-root switch will elect the best port to reach the root

switch.- Root port is the port having:

1- the lowest accumulative path cost to the root switch.

2- If equal costs, it is the port that closer to the second lowest switch BID.

3- if equal , it is the port that has the lowest serial number

assume BID of A < B < C < D A is Root bridge

to get RP : which port is closer to A ? (compare 4,6)

(compare 3,5)

(compare 7,8)

root bridge

4- Designated port election: (DP)- DP has the lowest accumulative path cost from the root

switch on every LAN segment.5- Blocked Port: (BP)- It is the port that neither RP nor DP.- BP will logically blocked till any change happen.

blocked port BP is not RP or DP

(port 8)

to get DP : which port is closer to A ? (compare 1,3) (compare 2,4) (compare 5,7) (compare 6,8)

root bridge

after convergence :• ports are either forwarding (RP , DP) or blocked (BP)• a blocked port keeps listening to BPDUs, if for 20 sec.

(Max. age time =10 BPDUs) hasn’t receive a BPDU, then the port will automatically change its state (move to listening state).

at change : • the first switch which feels the change sends a BPDU

called TCN (Topology change notification) destined the root switch indicating the change.

• the Root switch sends a configuration BPDU with TCN flag to all switches then the STP will be recalculated.

• if a new switch added with a lower priority , it will be the root switch

• Spanning tree transits each port through several different states:

Spanning Tree Port States

STP convergence time is from

30 sec. to 50 sec.

Rapid STP (IEEE 802.1w)

• RSTP significantly speeds the recalculation of the spanning tree when the network topology change.

• to enhance the convergence time, RSTP : 1- elects a backup port for every RP or DP. 2- merges the Blocking state and Listening state into one

state called Discarding state.

the show spanning-tree command

Virtual LANs (VLAN)

Before VLANs:- All switch ports are in single broadcast domain

After VLANs:- each VLAN is a single broadcast domain and one logical

subnet.- VLANs provides:

1- Segmentation2- Flexibility3- Security

Virtual LANs (VLANs)

VLAN = Broadcast Domain = Logical Network (Subnet)

VLAN Overview

• Segmentation

• Flexibility

• Security

• Traffic can be transferred between only the same VLANs on different switches.

• To transfer traffic between different Vlans , a router should be used

• Trunks carry traffic for multiple VLANs.

VLAN Operation

1- Static VLAN membership:- assign certain port to a certain VLAN ( port based VLAN )- by default, all ports of the switch are assigned to VLAN 1

(native VLAN).

2- Dynamic VLAN membership:- assign certain MAC to a certain VLAN ( MAC based VLAN )- even if the PC changes its port on the switch , the PC still be

connected to its VLAN. - This is done by using VMPS ( VLAN membership policy

server ).

VLAN membership

1- Access port:- It is a port which is member in only one Vlan.

ex: a switch port that connected to a pc.

2- Trunk port:- switch port that is member in all Vlans by default.

ex: a switch port that connected to another switch.

VLAN connection (Port) types

Vlan 1

Vlan 2

Vlan 1

Vlan 2

- if host B sends a broadcast to Vlan 2, the frames will be passed to port 4 on switch F over the trunk link .

- the switch F will broadcast the frames to all ports 5,6 although port 6 is not a member in Vlan 2 because it doesn’t know the source VLAN of the frame.

- Solution: trunk add a field that identify the source Vlan ID to the frame

Trunking problemA

MAC port VLAN MAC port VLAN

- to provide inter VLAN communication , frame tagging is used to identify the frame source VLAN .

- Tagging methods:

1- ISL (Inter switch Link) for Ethernet.

2- IEEE 802.1q (dot1q) for Ethernet.

3- LANE for ATM.

4- IEEE 802.10 for FDDI.

- so for Ethernet we concerns on ISL and dot1q methods.

VLAN trunking Methods

1 -ISL (Inter switch link)

- Cisco proprietary

- It encapsulates the original Ethernet frame with 30 bytes.

- 26 bytes header (contains 10 bits Vlan id) and 4 bytes trailer

- Vlan range: 0 – 1023 Vlan

- Vlan 1 - 1001 for Ethernet.

- Vlan 1002 - 1023 reserved . ( ex : 1002 - 1005 for token ring and FDDI )

- ISL is not supported now by Cisco.

- add 4 bytes tagging to the Ethernet frame and recalculate new CRC.

- Vlan ID is 12 bits inside the Tag field so, the Vlan range is 0 - 4095.

- dot1q makes less overhead on frame than ISL.- dot1q can support both tagged and untagged frames,

where the untagged Vlan traffic belongs to the Native Vlan- by default, Native Vlan is VLAN 1.- Native Vlan is a management Vlan where all management

traffic between switches are sent through it. ( BPDU, STP, VTP,….. ).

2 -IEEE 802.1q (dot1q)

- We have to use a router to route between different VLANs.

Method 1:- Inter VLAN routing using access ports.- Disadvantage:

for each Vlan you need 1 router interface and 1 switch port.

Inter VLAN routing

VLAN configuration:1- Create VLAN.2- Naming VLAN (optional).3- Assign ports to VLAN.

To create and name VLAN:- New method

(config)# vlan <vlan id>

(config-vlan)# name <name>- Old method

# vlan database

(vlan)# vlan <valn id> [name <name>]

To assign port to vlan:

(config)# int <int. name>

(config-if)# switchport mode access

(config-if)# switchport access vlan <vlan id>

VLAN configuration

- Method 2:- Router on stick:

Inter VLAN routing (cont.)

- Router sub-interface e0/0.1 configuration: Router(config)# int e0/0.1 Router(config-if)# encapsulation {isl / dot1q} <vlan id> Router(config-if)# ip address <ip> <mask>

e0/0.1e0/0.2e0/0.3

- Switch port fa1/1 configuration: Router(config)# int fa1/1 Router(config-if)# switchport mode trunk Router(config-if)# switchport mode trunk encapsulation {isl / dot1q}

Verifying a VLAN

switch# show vlan [brief | id vlan-id | name vlan-name]switch# show vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 2 vlan2 active3 vlan3 active4 vlan4 active1002 fddi-default act/unsup1003 token-ring-default act/unsup

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1004 fddinet-default act/unsup1005 trnet-default act/unsup

Verifying STP for a VLANswitch# show spanning-tree vlan 2

VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 2 Address 0008.20fc.a840 Cost 31 Port 12 (FastEthernet0/12) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 0008.a445.9b40 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/2 Desg FWD 100 128.2 ShrFa0/12 Root FWD 19 128.12 P2p

Verifying a Trunkswitch# show interfaces fa0/11 switchport

Name: Fa0/11Switchport: EnabledAdministrative Mode: trunkOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: OnAccess Mode VLAN: 1 (default)Trunking Native Mode VLAN: 1 (default)

switch# show interfaces fa0/11 trunk

Port Mode Encapsulation Status Native vlanFa0/11 desirable 802.1q trunking

Port Vlans allowed on trunkFa0/11 1-4094

Port Vlans allowed and active in management domainFa0/11 1-13

• Cisco introduces an easy administration method to transfer Vlan information between switches connected on the same domain without repeating commands on all switches.

• VTP manages addition, deletion, and modification of Vlan information in a certain VTP domain.

• VTP has a messaging system that advertises VLAN configuration information from one switch to all others

• maintains VLAN configuration consistency throughout a common administrative domain

• sends advertisements on trunk ports only

VTP (VLAN Trunknig Protocol)

- VTP domain:

Area with common VLAN requirements (all switches have the same function and VLAN policy). The switch can only be in one VTP domain.

- VTP Modes:

1- server mode: default mode on switch

- can add, delete, modify Vlans - generate VTP messages to apply this configuration on the other switches.

2- client mode:

- can not add, delete, modify Vlans

- accept VTP messages and apply it on itself then forward it

- can not generate VTP messages

3- transparent mode:

- can add, delete, modify Vlans locally (by console configuration) and can not generate VTP messages

- forward VTP messages without applying it on itself

VTP modes

• VTP advertisements are sent as multicast frames.

• VTP servers and clients are synchronized to the latest revision number (highest number overrides lower ones).

• VTP advertisements are sent every 5 minutes or when there is a change.

VTP Operation

• Increases available bandwidth by reducing unnecessary flooded traffic

• Example: Station A sends broadcast, and broadcast is flooded only toward any switch with ports assigned to the red VLAN

VTP Pruning

VTP configurationNew Method

switch(config)# vtp mode [ server | client | transparent ]switch(config)# vtp domain <domain-name> switch(config)# vtp password <password>switch(config)# vtp pruningswitch(config)# end

switch# vlan databaseswitch(vlan)# vtp [ server | client | transparent ]switch(vlan)# vtp domain <domain-name>

Old Method

VTP Troubleshooting

Switch# show vtp status

VTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 64Number of existing VLANs : 17VTP Operating Mode : TransparentVTP Domain Name : ICNDVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x7D 0x6E 0x5E 0x3D Configuration last modified by 10.1.1.4 at 3-3-93 20:08:05

Switch#

DTP (Dynamic Trunking Protocol)

• It negotiates a common trunking mode between two switches by sending periodic messages every 30 sec.

• The router can never participating in DTP.• (config-if)# switchport mode { access / trunk /

dynamic [ desirable / auto ] / nonegotiate} • (config)# show dtp

Trunk ?

DTP ModeGenerate DTP frames

Trunking

Access

Dynamic desirable

Dynamic auto

Nonegotiate

Yes in case that other side:-Trunk.-Desirable.-Auto.

Yes in case that other side:-Trunk.-Desirable.

Configuring the Switch IP Address

(config)# interface vlan 1(config-if)# ip address <ip address> <mask>(config-if)# no shutdown

• Configures an IP address and subnet mask for the switch VLAN1 interface to allow ping and telnet to switch

switch# show interfaces vlan 1

Vlan1 is up, line protocol is up Hardware is CPU Interface, address is 0008.a445.9b40 (bia 0008.a445.9b40) Internet address is 10.2.2.11/24

switch(config)# ip default-gateway <ip address>

• Configures the switch default gateway for the 2950 series switches

Configuring the Switch Default Gateway

Setting Duplex Options

switch(config)# interface fa0/1switch(config-if)# duplex {auto | full | half}

Switch# show interfaces fa0/1

Managing the MAC Address Table

switch# show mac-address-table Mac Address Table-------------------------------------------Vlan Mac Address Type Ports---- ----------- -------- ----- All 0008.a445.9b40 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU 1 0008.e3e8.0440 DYNAMIC Fa0/2Total Mac Addresses for this criterion: 5

Setting a Static MAC Address

switch(config)# mac-address-table static <mac-address> vlan <vlan-id> interface <interface-id>

Configuring Port Security

switch(config-if)# switchport port-security [mac-address <mac-address>] | [maximum value] | [violation {protect |restrict | shutdown}]

switch(config)# interface fa0/1switch(config-if)# switchport mode accessswitch(config-if)# switchport port-securityswitch(config-if)# switchport port-security maximum 1switch(config-if)# switchport port-security mac-address 0008.eeee.eeeeswitch(config-if)# switchport port-security violation shutdown

switch# show port-security interface <interface-id>

Verifying Port Security on the Catalyst 2950 Series

switch# show port-security interface fastethernet 0/5

Port Security : EnabledPort Status : Secure-upViolation Mode : ShutdownAging Time : 20 minsAging Type : AbsoluteSecureStatic Address Aging : DisabledMaximum MAC Addresses : 1Total MAC Addresses : 1Configured MAC Addresses : 0Sticky MAC Addresses : 0Last Source Address : 0000.0000.0000Security Violation Count : 0

Introducing Wide Area Networks

WAN Overview

- WANs connects remote sites over large geographical area by using the infrastructure of the service provider.

- WANs are a L2 technologies concern by hop-to-hop delivery - Connection requirements vary depending on user

requirements, cost, and availability.

• Provider assigns connection parameters to subscriber

Interfacing BetweenWAN Service Providers

- DTE: data terminal equipment, It is a source of data.- DCE: data communication (circuit) equipment, a device that

terminates a connection and provides clocking & synchronization for the connection.

- Demarcation point: this is where the responsibility of the service provider is passed to you (logical boundary)

- CPE: customer premises equipment, this is your own network equipments which include DTE & DCE.

- Local loop: this is the connection from the carrier’s switch to the demarcation point.

- CO switch : central office switch (WAN switch)- Toll network: this is the carrier infrastructure.

WAN terminologies

WAN connections

WAN connection types

Dedicated (leased line)

Broadband (Satellite, Wireless,

cable modem, DSL)

Packet switching (X.25 , Frame relay , ATM)

Circuit switching (analog modem ,

Serial Point-to-Point Connections

Configuring Serial Point-To-Point Encapsulation

• supports only single-protocol environments

HDLC Frame Format

• uses a proprietary data field to supportmultiprotocol environments (but is a Cisco proprietary)

• default encapsulation method on Cisco routers

Router(config-if)# encapsulation hdlc

• enables HDLC encapsulation

• uses the default encapsulation on synchronous serial interfaces

Configuring HDLC Encapsulation

• Overview:- data link layer protocol used on point to point WAN

connections.- used in dedicated and circuit switching technologies- works with synchronous & asynchronous serial

connections.- support multiple network layer protocols.- open standard by IETF. (RFC 1332, 1661 & 2153)

- PPP frame format :

Point to point protocol (PPP)

FlagaddresscontrolprotocolPayloadFCS

1- Link control protocol (LCP) :- responsible for negotiating & maintaining a PPP connection

including some options (establish, configure, negotiate options, test, terminate the PPP connection).

- LCP options are:

authentication, compression, multilink, call back, error detection

2- Network control protocol:- negotiate the upper layer protocols that will be used during

the PPP connection.

PPP components

PPP operation

Open connection

Negotiate options

What is my IP ?

Your IP is ….

What is my IPX ?

No IPX

1- Authentication: a- PPP authentication protocol (PAP):- 2 way handshaking- 1 way authentication

PPP options

client server

-PAP configuration:

Client configuration : (config-if)# encapsulation ppp (config-if)# ppp authentication pap (config-if)# ppp pap sent username <client username> password <password>

Server configuration: (config)# username <client username> password <password>(config-if)# encapsulation ppp(config-if)# ppp authentication pap

1- Authentication (cont.)

b- Challenge handshake authentication protocol (CHAP):- 3 way handshaking.- 2 way authentication.

(config)# hostname <local name>(config)# username <remote name> password <password>

(config-if)# ppp authentication chap

-CHAP configuration:

Router(config-if)#ppp authentication{chap | chap pap | pap chap | pap}

• Enables PAP or CHAP authentication

-CHAP Configuration Example:

Router#show interface s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

-Verifying the HDLC and PPP encapsulation configuration:

• debug ppp authentication shows successful CHAP output.

-Verifying PPP Authentication:

- B.W aggregation by combining multiple physical interfaces into one link (logically).

- splitting L3 packets & send fragments over parallel links.- Configuration:

(config-if)# ppp multilink.

2- Multilink :

PPP options (cont.)

3- Call back:- enable a router to place a call and request call back.- once the request is made, the call disconnect and the

other router (server) dial the router (client) back.

4- Compression: - to improve the throughput on slower links.- PPP compression support : 1- Stack 2- Predictor 3- MPPC (Microsoft point to point) 4- TCP header

PPP options (cont.)

5- Error detection: - using LQM (link quality monitor)- getting a ratio between corrupted frames and the total

no. of frames sent.- if this ratio is more than certain reference no., the link will

be dropped.

6- Looped link detection:- using Magic no.- every router have a magic no.- if the router receives a frame have its own magic no.,

then the link is looped & would go down.

PPP options (cont.)

#debug ppp negotiation.

# debug ppp authentication.

Troubleshooting

# show interface s0/0.

the status of interface, encapsulation, LCP state, NCP state.

Integrated services digital network(ISDN)

• Overview:- ISDN is a digital dial up circuit switching WAN technology.- digital end to end so higher speeds & fast setup than analog.- used as a backup for primary WAN connection (leased line ,

F.R).- ISDN use 2 types of channels : 1- Bearer channel (B-channel) 2- Delta channel (D-channel) - ISDN services types: 1- BRI (basic rate interface) 2- PRI (primary rate interface)

B-channel D-channel

I-seriesEx: I-430, I-431

ISDN layer model

IP, IPX , AppleTalk Q.931

Q.921 PPP, HDLC

1- Physical layer (L1):- I-series defines the interfaces of ISDN and reference points.- to implement ISDN connection , the router must be configured

with ISDN switch type to enable the physical layer communication.

(config)# isdn switch-type <type> 2- Data link layer (L2):- for B-ch define the data encapsulation protocol (PPP, HDLC).- for D-ch define LAP-D (Q.921) encapsulation that carry the

signaling information between TE & CO switch.

3- Network layer (L3): - for B-ch define any routed protocol (IP, IPX, Apple talk).- for D-ch define control information protocol (Q.931).

ISDN layer model (cont.)

1- ISDN BRI : - BRI = 2 B + 1 D channels.

- B = 64 kbps, D = 16 kbps.

- Basic B.w = 2 * 64 +16 = 144 kbps.

- Effective B.w = 2 * 64 = 128 kbps.

- Overall B.w = 144 + 48 = 192 kbps.

the 48 kbps is for framing & synchronization.

2- ISDN PRI:- PRI T1 : (North America & Japan) = 23 B + 1 D B = 64 kbps, D = 64 kbps. Basic B.w = 23 * 64 + 64 = 1.54 Mbps- PRI E1 : (Europe& Egypt) = 30 B + 1 D Basic B.w = 30 * 64 + 64 = 2.04 Mbps

ISDN types

ISDN Reference Points

-TE1 : terminal equipment with native ISDN interface

- TE2 : terminal equipment with non-native ISDN interface

- TA : terminal adapter that convert non-native ISDN interface to native ISDN interface (used by TE2)

- NT2 : network terminal used for grouping multiple ISDN connections

- NT1 : network terminal used as the ISDN modem

R , S , T , U are reference points

Cisco ISDN BRI Interfaces

Router(config)# isdn switch-type switch-type

• The command specifies the type of ISDN switch that the router communicates with.

• Other configuration requirements vary by provider.

Step 1: Specify the ISDN switch type.

Router(config-if)# isdn switch-type switch-type

Configuring ISDN BRI

• Sets a B-channel SPID, required by many service providers

Step 2: (Optional) Setting SPIDs

• Sets a SPID for the second B channel

Router(config-if)# isdn spid1 spid-number [ldn]

Router(config-if)# isdn spid2 spid-number [ldn]

Configuring ISDN BRI (Cont.)

Verifying the ISDN Configuration

Router# show isdn active

Router# show isdn status

• Displays current call information

• Displays the status of an ISDN connection

Router# show interfaces bri0

• Displays statistics for the BRI interface that is configured on the router

Monitoring ISDN BRI

Troubleshooting the ISDN Configuration

Router# debug ppp authentication

• Displays the PPP authentication protocol messages

• Displays information on PPP link establishment

Router# debug isdn q921

• Shows ISDN Layer 2 messages

• Shows ISDN call setup and teardown activity (Layer 3)

Router# debug isdn q931

Router# debug ppp negotiation

- Legacy DDR :

bounds the call configuration to the physical interface , so all dial out calls will have the parameters for automatic dialing.

Dial on demand routing (DDR)

• Connects automatically when needed• Disconnects when finished

Define static routes—What route do I use?

Specify interesting traffic—What traffic enables the link?

Configure the dialer information—What number do I call?

Configuring DDR

1- Routing protocol (static route) : (config)# ip route network mask next hop address

2- Define the interesting traffic : (config)# dialer-list no. protocol protocol

{ permit / deny / list acl no. }

3- Assign dialer list to interface : (config-if)# dialer-group <list no.>

4- define dialer map : (config-if)# dialer map protocol next hop address

[name remote name ] dial number [speed rate ]

Configuring DDR (cont.)

DDR Example :

12.0.0.0 /8

(config)# ip route 12.0.0.0 255.0.0.0 10.1.0.2

(config)# dialer-list 1 protocol ip permit

(config)# interface bri0

(config-if)# dialer-group 1

(config)# dialer map ip 10.1.0.2 name Central 5552000

Dialer Profile

- enhanced DDR - separates the logical configuration from the

physical interface.- we can configure more than one dialer

configuration for single physical interface.

Frame Relay

Frame Relay topology

•connections made by virtual circuits•connection-oriented service

- FR is a data link layer protocol packet switching technology.- performs only error detection and leaves the correction for

upper layer protocols.- defines only the interaction between the CPE and the FR

switch.- FR is a multiple access technology depending on the virtual

circuit concept.- FR is a connection oriented protocol through the FR feature

called LMI.- Encapsulation protocol is LAPF , LAPF types are :

1- Cisco

2- IETF

- note : the same encapsulation type must be used in the source and destination routers

Frame Relay overview

• Frame Relay default: nonbroadcast multiaccess (NBMA)

Frame Relay Topologies

- DLCI number :- DLCI ( data link connection identifier ) is the VCID of the FR (the

L2 path address)- DLCI no. is a local significant - different DLCI’s on the same path doesn’t affect the connection

Frame Relay addressing

DLCI 100

DLCI 200

DLCI 300

DLCI 400

• LMI (Local Management Interface) :- signaling protocol between the router and the FR switch.- used for management purpose and allows directly connected

devices to share the information about the status of VCs as well as their configuration.

- It is used so as a router can get its local DLCI from the FR switch.

- LMI types: 1- Cisco 2- ANSI (Annex-D) 3- Q.933a (Annex-A) (ITU-T)- Note : different LMI type on the same path doesn’t affect the

connection

Frame Relay management

- LMI status : 1- Active : connection using this DLCI is all right 2- Inactive : there is a problem in the remote site 3- Deleted : there is a problem in your local site

Frame Relay management (cont.)

- To map between destination ip and its DLCI :

1- manual resolution :

mapping between the DCLI no. and the next hop ip address using configuration.

(config-if)# frame-relay map <protocol> <next hop address> <dlci no.> [broadcast] [ietf]

2- Dynamic Resolution. (Inverse ARP) :

allows the router to automatically discover the address of next hop on each VC that in active state.

Frame Relay Address Mapping

LMI Signaling and Inverse ARP

Inverse ARP (cont.)

– Use LMI to get locally significant DLCI from the Frame Relay switch.

– Use Inverse ARP to map the local DLCI to the remote router network layer address.

Inverse ARP (cont.)

Reachability Issues with Routing Updates

• Problem:

– Broadcast traffic must be replicated for each active connection.

– Split-horizon rule prevents routing updates received onan interface from being forwarded out the same interface.

Resolving Reachability Issues

• split horizon can cause problems in NBMA environments.• solution: sub-interfaces can resolve split-horizon issues.• a single physical interface simulates multiple logical interfaces.• each corresponding peers are in a separate subnet• don’t assign ip address to the main interface

Use sub-interfaces

(config)# int s0/0

(config-if)# encapsulation frame-relay [cisco / ietf]

(config-if)# frame-relay lmi-type { cisco / q933a / ansi }

(config-if)# frame-relay map <protocol> <next hop address> <dlci no.> [broadcast] [ietf]

Sub-interface configuration:

(config)# int s0/0.1 [ point-to-point / multipoint ]

(config-subif)# frame-relay interface dlci <dlci no.>

Frame Relay configuration

Configuring a Static Frame Relay Map

Configuring Subinterfaces

– Point-to-point :• Subinterfaces act like leased lines. • Each point-to-point subinterface requires its own subnet. • Point-to-point is applicable to hub-and-spoke topologies.•

– Multipoint :• Subinterfaces act like NBMA networks, so they do not resolve the

split-horizon issues.• Multipoint can save address space because it uses a single subnet.• Multipoint is applicable to partial mesh and full mesh topologies.

Configuring Point-to-Point Subinterfaces

Multipoint Subinterfaces Configuration Example

Verifying Frame Relay Operation

Router#show interfaces name

• Displays information about Frame Relay DLCIs and the LMI

Router#show frame-relay lmi [int.name]

• Displays LMI statistics

Router#show frame-relay map

• Displays the current Frame Relay map entries

Router#show frame-relay pvc [int.name [dlci]]

• Displays PVC statistics

Router#show frame-relay traffic

• Displays Frame Relay traffic statistics

show interfaces Example

– Displays line, protocol, DLCI, and LMI information

Router#show interfaces s0Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 19, LMI stat recvd 20, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 8/0, interface broadcasts 5 Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops <Output omitted>

– Displays LMI information

Router#show frame-relay lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 113100 Num Status msgs Rcvd 113100 Num Update Status Rcvd 0 Num Status Timeouts 0

show frame-relay lmi Example

– Displays PVC traffic statistics

show frame-relay pvc Example

Router#show frame-relay pvc 100

PVC Statistics for interface Serial0 (Frame Relay DTE)

DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

input pkts 28 output pkts 10 in bytes 8398 out bytes 1198 dropped pkts 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 10 out bcast bytes 1198 pvc create time 00:03:46, last time pvc status changed 00:03:47

– Displays the route maps, either static or dynamic

Router# show frame-relay mapSerial0 (up): ip 10.140.1.1 dlci 100(0x64,0x1840), dynamic, broadcast,, status defined, active

show frame-relay map Example

Troubleshooting Basic Frame Relay Operations

• Displays LMI debug information

Router#debug frame-relay lmiFrame Relay LMI debugging is onDisplaying all Frame Relay LMI dataRouter#1w2d: Serial0(out): StEnq, myseq 140, yourseen 139, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8C 8B1w2d:1w2d: Serial0(in): Status, myseq 1401w2d: RT IE 1, length 1, type 11w2d: KA IE 3, length 2, yourseq 140, myseq 1401w2d: Serial0(out): StEnq, myseq 141, yourseen 140, DTE up1w2d: datagramstart = 0xE008EC, datagramsize = 131w2d: FR encap = 0xFCF103091w2d: 00 75 01 01 01 03 02 8D 8C1w2d:1w2d: Serial0(in): Status, myseq 1421w2d: RT IE 1, length 1, type 01w2d: KA IE 3, length 2, yourseq 142, myseq 1421w2d: PVC IE 0x7 , length 0x6 , dlci 100, status 0x2 , bw 0

Frame Relay Traffic Shaping

• CIR : committed information rate• EIR : excessive information rate• Rate < CIR , DE = 0• CIR < Rate < EIR , DE = 1• Rate > EIR , Frame will be dropped

• DE : discard eligibility• FECN : forward explicit congestion notification• BECN : backward explicit congestion notification

DEFECNBECNLAPF

1. © 2004 Cisco Systems, Inc. All rights reserved. ICND v2.2—3-2 Introducing Routing

Documents

KomE/10.12.V2.2 _KomE/10.08/V2.2

Interconnecting Cisco Network Devices (ICND) v2.3 Volume 2

Job Training standard - sharif-it.com Training standard Title Cisco Certified Entry Networking Technician (CCENT) Routing And Switching ICND 2 Occupational group Information Technology

Icnd Part 1, Vol 2

CCNA ICND PPT 2.0 D20S01L03

Ccnna Icnd Cert Prep

CCENT/CCNA ICND 1

Distance vector Routing protocols - · PDF fileBlank Slide for Instructor Notes © 2000, Cisco Systems, Inc. ICND v1.0a—9-13

Icnd 2 Promo

CISCO CCNA ICND PPT D20S09L01

Icnd 220 Sl Guide

CISCO CCNA ICND PPT D20S05L03

CISCO CCNA ICND PPT 2.0 D20S03L03

CISCO CCNA ICND PPT 2.0 D20S04L02

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Distance Vector Routing

CISCO CCNA ICND PPT D20S07L01

CISCO CCNA ICND PPT D20S05L06

CISCO CCNA ICND PPT D20S08L01

Icnd 210 Cag

CCNA v3 Routing and Switching ICND 2 CISCO - …€¦Contenido del Curso Part I: Ethernet LANs Chapter 1: Implementing Ethernet Virtual LANs Chapter 2: Spanning Tree Protocol Concepts