Professional Documents
Culture Documents
Internetworking
When you connect two or more networks via a router and configure a logical network
addressing scheme with a protocol such as IP.
Collision domain
Collision Domain is a group of Ethernet or Fast Ethernet devices in a LAN that are
connected and complete for access on the network. Only one device in the collision domain may
transmit at any one time, and the other devices in the domain listen to the network in order to
avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment.
Broadcast domain
Broadcast Domain, broadcasting sends a message to everyone on the local network
(subnet). An example for Broadcasting would be DHCP Request from a Client PC.
Data Encapsulation
When a host transmits data across a network to another device is called encapsulation.
CSMA/CD
IPv4Addressing
An IP address is a numeric identifier assigned to each machine on an IP network. It
designates the specific location of a device on the network. An IP address is a software address,
not a hardware address.
Sub netting
Converting a big network into many small networks is called sub netting.
ROUTERS
Routers are devices that forward data to their appropriate destinations. The router decides the
best possible route that a packet needs to take to reach its destination. The router maintains a
routing table to decide the route for the data.
ROUTER IOS
The Cisco Internetwork Operating System (IOS) is the kernel of Ciscos router and most of
their switches
Cisco IOS software is used to: Carry network protocol and functions.
Connect high-speed traffic between devices.
Add security, control access and stop unauthorized network access.
Promote scalability for network growth and redundancy
Supply network reliability for connecting to network resources
Router ports
AUI
Attachment Unit Interface, it has been supported only 10 MBPS. There is used 15 pin male
connector this is used for 10mbps LAN connectivity.
AUXAUX (Auxiliary port) its same as console port and can be used in same way. Typically used
by having a modem you use to dial in to the router with, useful for configuring a remote router
you dont have physical access to, if a remote router stops Responding. It can still be accessed if
it has a modem on its auxiliary port.
Console portConnect using a RJ -45 port on the back of the router, cable is wired straight through but
reversed on one side (Rolled cable). Cable connect to RJ -45 to DB-9 Adapter and console port
has no password by default.
ISDN- BRI
This port is used for ISDN connectivity with using BRI interface (Basic Rate Interface). BRI
interface provide remote access through ISDN network and are frequently used as a backup link
for point to point dedicated links in case of primary link failures.
Bringing up a Router
When we bring up a Cisco router, it will run a power on self test (POST). If it passes it will
then look for and load the Cisco IOS from flash memory if IOS file is present and expands it into
RAM. After then IOS loads and looks for a valid configuration, thats stored in NVRAM.
If no configuration file present, the router will bring up setup mode (a step- by step
process to help you configure a router , it can be run any time by entering setup at the global
configuration, command line prompt).
Router modes
User mode
Router>
The greater than sign at the prompt tells you that you are in user mode. In user mode, you can
only view limited statistics of the router.
Interface mode
Router(config)# interface Ethernet 0 / fast Ethernet 0
Router(config-if)#.
While in global configuration mode we can make changes to individual interface with the
command this enter the interface configuration mode for Ethernet port 0 and changes the
prompt.
Show start
To show history
Router # show history (It show 10 commands by default)
To set a banner
It is used for banner at starting.
Router (config)# banner MOTD *hello friends* banner has created.
Router # write
Password setting
Five passwords are used to secure your Cisco router: console, auxiliary, telnet (VTY), enable
password and enable secret. The enable password is used to set password thats used to secure
privileged mode. The other three are used to configure a password when user mode is accessed
through the console port, through the auxiliary port, or via telnet.
Router2#configure terminal
Router2(config)#enable password mypassword
This command creates an enable password that is stored in your configuration file. To view this
password, show the running configuration using the following command:
Router2>enable
Password:
Router2#show running-config | include enable password
enable password mypassword
The password is stored in plain text in your configuration file, thus anyone who has access to
your configuration file can easily read the password.
Router>enable
Router#configure terminal
Router(config)#enable password mypassword
Router(config)#enable secret mysecretpassword
To see your enable passwords in your configuration, use the following command:
Router>enable
Password:
Router2#show running-config | include enable
enable secret 5 $1$BSX4$FZp.ZFvYSAGUEDn8dvr140
enable password mypassword
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Now give this IP address as gateway in your PC. And do ping but ping process is not start
because router ports in down process condition.
Router(config-if)#no shutdown (for up the port)
Router(config-if)#exit
Router(config)#exit
Router# show IP interface brief
Now ping process start.
(server side)
R1>en
R1#confi ter
R1(config)#interface serial 1/0
R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown
DTE
Data Terminal Equipment
Configuration
Router>en
Router2#config t
Router2(config)#interface serial 1/0
(client side)
IP Routing
Definition
IP routing is the process of transporting data from source to destination on a determined path across two or more
networks.
Static Routing
Static routing occurs when you manually add routes in each router's routing table. There are advantages and
disadvantages to static routing, but that's true for all routing processes.
Static routing has the following advantages:
It adds security because the administrator can choose to allow routing access to certain networks only.
The administrator must really understand the internetwork and how each router is connected in order to
configure routes correctly.
If a network is added to the internetwork, the administrator has to add a route to it on all routers
manually.
It's not possible in large networks because maintaining it would be a full-time job in itself.
DEFAULT ROUTING
If the routers do not found an entry for the destination network in a routing table, the router will forward
the packet to its default route.
Router (conf)# ip route <destination network ID> <destination subnet mask> <next-hop IP address>
Or
Router (conf)# ip route < destination network ID> <destination subnet mask> <exit interface>
On router 1
R1(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.2
On router 2
R2(config)# ip route 192.168.1.0 255.255.255.0 10.0.0.1
R2(config)# ip route 192.168.3.0 255.255.255.0 11.0.0.2
On router 3
R3(config)# ip route 0.0.0.0 0.0.0.0 11.0.0.1
Dynamic routing
Routing protocols were created for routers. These protocols have been designed to allow
the exchange of routing tables, or known networks, between routers. There are a lot of different
routing protocols, each one designed for specific network sizes.
Neighbor routers exchange routing information and build the routing table automatically.
This is easier than using static or default routing.
Distance vector
Periodic updates
Class full routing protocol
Full routing tables are
exchanged
Updates are through
broadcast
Example: RIP v1, IGRP
Hybrid protocol
Incremental updates
Classless routing protocol
Missing routes are exchanged
Example: OSPF
Class full protocols:Class full routing protocols do not carry the subnet mask information along with updates.
That means that all devices in the network must use the same subnet mask. Ex: RIP v1, IGRP.
Classless protocols:Classless routing protocol carry the subnet mask information along with updates thats
why they support sub networks and default networks also. Ex: RIP v2 EIGRP, OSPF.
Administrative Distance
RIP v2
Supports VLSM
Supports authentication
Uses multicast address 224.0.0.9
Advantages of RIP
Easy to configure
No design constraints like OSPF protocol
No complexity
Less overhead
Disadvantage of RIP
Bandwidth utilization is very high as broadcast for every 30 second.
Works only on hop count (not consider the band width)
Not scalable as hop count is only 15
Slow convergence.
Configuring RIP v1
Router(config)# router RIP
Router(config-router)# network <networked>
Configuring RIP v2
Router(config)# router rip
Router(config-router)# version 2
Router(config-router)# network <networked>
Configuration of RIP v2
On router 1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.0.0.0
R1(config-router)#end
On router 2
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 192.168.2.0
R2(config-router)#network 10.0.0.0
R2(config-router)#network 11.0.0.0
R2(config-router)#end
On router 3
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 192.168.3.0
R3(config-router)#network 11.0.0.0
R3(config-router)#end
Autonomous system number
An autonomous system is a collection of networks under a common administrative
domain.
A unique number identifying the routing domain of the router.
Ranges from 1-65535
Public 1 64512
private 64513 65535
Routing protocol classification
IGP
Interior gateway protocol
Routing protocols used within the same
autonomous system number
All routers will be routing within the same
autonomous boundary
Operate within an autonomous system
Ex : RIP, IGRP, EIGRP, OSPF, IS-IS
EGP
Exterior gateway protocol
Routing protocol used between different
autonomous systems
Routers in different AS need as EGP
Connect different autonomous systems
Ex : Border Gateway Protocol
EIGRP
Enhanced interior gateway routing protocol
EIGRP is a hybrid routing protocol.
Administrative distance is 90
Configuring EIGRP
Router (config)# router eigrp <AS NO>
Router (config-router)# network <network ID>
NOTE:
o EIGRP uses autonomous system numbers to identify the collection of router that share route
information. Only routers that have the same autonomous system numbers share routes.
o AS no should be same on all routers to become neighbors and exchange the routes.
o EIGRP routers that belong to different autonomous systems (ASes) dont automatically share
routing information and they dont become neighbors.
On router 1
R1 (config)# router eigrp 100
R1 (config-router)# network 192.168.1.0
R1 (config-router)# network 10.0.0.0
On router 2
R2 (config)# router eigrp 100
R2 (config-router)# network 192.168.2.0
R2 (config-router)# network 11.0.0.0
R2 (config-router)# network 10.0.0.0
On router 3
R3 (config)# router eigrp 100
R3 (config-router)# network 192.168.3.0
R3 (config-router)# network 11.0.0.0
OSPF
Open Shortest Path First
On router 1
R1(config)# router ospf 1
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# network 10.0.0.0 0.255.255.255 area 0
On router 2
R2(config)# router ospf 1
R2(config-router)# network 192.168.8.0 0.0.0.255 area 0
R2(config-router)# network 11.0.0.0 0.255.255.255 area 0
R2(config-router)# network 10.0.0.0 0.255.255.255 area 0
On router 3
R3(config)# router ospf 1
R3(config-router)# network 192.168.3.0 0.0.0.255 area 0
R3(config-router)# network 11.0.0.0 0.255.255.255 area 0
On router 1
R1 (config)# router ospf 1
R1 (config-router)# network 192.168.1.0 0.0.0.255 area 10
R1 (config-router)# network 10.0.0.0 0.255.255.255 area 10
On router 2
R2 (config)# router ospf 1
R2 (config-router)# network 192.168.2.0 0.0.0.255 area 0
R2 (config-router)# network 11.0.0.0 0.255.255.255 area 20
R1 (config-router)# network 10.0.0.0 0.255.255.255 area 10
On router 3
R3 (config)# router ospf 1
R3 (config-router)# network 192.168.3.0 0.0.0.255 area 20
R3 (config-router)# network 11.0.0.0 0.255.255.255 area 20
ACL is a set of rules which will allow or deny the specific traffic moving through the router
It is a layer 3 security which controls the flow of traffic from one router to another.
It is also called as Packet Filtering Firewall.
IP
TCP
HTTP
TELNE
T
UDP
SMTP
FTP
DNS
TFTP
ICMP
DHCP
NNTP
PING
TRACE
ROUT
If you want for filter by application layer protocol, you have to choose the appropriate layer 4 transport protocol
after the permit or deny statement.
For example to filter Telnet or FTP you choose TCP since both Telnet and FTP use TCP at the transport layer.
On router 1
R1 (config)# access-list 145 deny TCP 192.168.2.0 0.0.0.255 host 192.168.1.3 eq www
R1 (config)# access-list 145 deny icmp 192.168.3.2 host 192.168.1.2 echo
R1 (config)# access-list 145 deny icmp 192.168.2.0 0.0.0.255 host 192.168.1.2 echo-reply
R1 (config)# access-list 145 permit ip any any
Implementation:
R1 (config)# interface fast 0/0
R1 (config)# ip access-group 145 out
OR
R1 (config)# interface serial 0/0
R1 (config)# ip access-group 145 in
NAT
Network Address Translation
NAT is the method of Translation of private IP address into public IP address. In order to communicate with
internet we must have registered public IP address.
Address translation was originally developed to solve two problems:
1. To handle a shortage of IP v4 addresses.
2. Hide network addressing schemes.
Advantage
Conserves legally regally registered addresses.
Increases flexibility when connecting to internet.
Nat terminology
Inside local address
Inside global address
Outside local address
Outside global address
Types of NAT:1. Static NAT
2. Dynamic NAT
3. PAT
1. Static NAT
o This type of NAT is designed to allow one-to-one mapping between local and global address.
o Keep in mind that the static version requires you to have one real internet IP address for every
host on your networks.
Implementing of static NAT
Configure the following translations
Private IP
Public IP
192.168.1.1
50.1.1.1
192.168.1.2
50.1.1.2
192.168.1.3
50.1.1.3
Dynamic NAT
This version gives you the ability to map an unregistered IP address to a registered IP address from out
of a pool of registered IP addresses.
We dont have to statically configure your router to map an inside to an outside address as you would
use static NAT, but you have to enough real IP addresses for everyone.
SWITCHING
Virtual LAN
It is layer 2 security.
Divides a single broadcast domain into multiple broadcast domains.
All ports of the switch are in VLAN 1. That is known as administrative or management VLAN
VLAN can be created from 2 1001
Two types of VLAN configuration:
1. Static VLAN
2. Dynamic VLAN
Static VLAN
Static VLANs are based on port numbers
Need to manually assign a port on a switch to a VLAN.
Also called Port-based VLANs.
one port can be a member of only one VLAN.
Creation of VLAN
Switch (config)# VLAN 2
Dynamic LAN
Dynamic VLANs are based on the MAC address of a PC.
Switch automatically assigns the port to a VLAN.
Each port can be a member of multiple VLANs.
Types of links/ports
1. Access links
a. This type of links is only part of one Vlan and its referred to as the native VLAN of the port.
b. Any attached to an access link is just assumes its part of a broadcast domain but it has no
understanding of the physical network.
c. Switches remove any VLAN information from the frame before its sent to an access link device.
2. Trunk links
a. Trunk can carry multiple VLANs traffic.
b. A trunk link is a point-to-point link between two switches, between a switch and router or a
switch and server.
IEEE 802.1q
It is a Cisco proprietary
TRUNKING
On switch 1
Switch 1(config)# VLAN 10
Switch 1(config-vlan)# name sales
Switch 1(config-vlan)# exit
Switch 1(config)# interface range fast0/1-2
Switch 1(config-if-range)# switchport mode access
Switch 1(config-if-range)# switchport access VLAN 10
Switch 1(config-if-range)#exit
On switch 2
Switch 2(config)# VLAN 10
Switch 2(config-vlan)# name sales
Switch 2(config-vlan)# exit
Configure trunking
On switch 1
Switch 1(config)# interface fast0/20
Switch 1(config-if)#switchport mode trunk
Switch 1(config-if)#switchport trunk encapsulation dot1q
And on switch 2
Switch 2(config)# interface fast0/20
Switch 2(config-if)#switchport mode trunk
Switch 2(config-if)#switchport trunk encapsulation dot1q
Switch 2#sh interfaces trunk
Now configure the trunk link such that it only allow the Vlan 10, 20, 30 traffic should only be allowed, no other
valn traffic should be send.
On both switches
Switch 2(config)# interface fast0/20
Switch 2(config-if)#switchport trunk allowed vlan 10, 20, 30
Switch 2#sh interfaces trunk
Configure the trunk link f0/20 to remove vlan 20, 30 to the existing trunk allowed list
Switch 2(config)# interface fast0/20
Switch 2(config-if)#switchport trunk remove vlan 20, 30
Switch 2#sh interfaces trunk
A switch configured in client mode cannot add, modify and delete its VLAN configurations.
Doesnt store its VLAN configuration information in the NVRAM.
3. Transparent mode
o
o
A switch configured in a transparent mode can add, modify and Delete VLAN configurations.
Changes in one transparent switch will not affect any other switch.
VTP configuration
Trunking has to be enabled (VTP advertisements are send only on trunk ports)
On switch 1 (server)
On SW2 (transparent)
Sw2 (config)# inter range fa0/20 - 21
Sw2 (config-if)# switchport mode trunk
Sw2 (config-if)# switchport trunk encapsulation dot1q
On SW3 (client)
Sw3 (config)# inter fa0/21
Sw3 (config-if)# switchport mode trunk
Sw3 (config-if)# switchport trunk encapsulation dot1q
Now configure VTP on all switches
Sw1 (config)# vtp domain CCNA
Sw1 (config)# vtp password cisco
Sw1 (config)# vtp mode server
# vtp version 2
# exit
SW2
Sw2 (config)# vtp domain CCNA
Sw2 (config)# vtp password cisco
Sw2 (config)# vtp mode transparent
# vtp version 2
# exit
SW3
Sw3 (config)# vtp domain CCNA
Sw3 (config)# vtp password cisco
Sw3 (config)# vtp mode client
# vtp version 2
# exit
Switch# sh vtp status
Switch# sh vtp password
Switch# sh interface trunk
Now create VLANs on server switch and verify on client and transparent switch
Switch 1# VLAN database
Switch 1# VLAN 10 name sales
Switch 1# VLAN 20
Switch 1# VLAN 30
Switch 1# VLAN 40
Switch 1# exit
Switch 1# sh vlan
Switch 3# sh VLAN
Switch 2#sh VLAN
Steps:
1. Create vlan and shift the ports.
2. Configure on switch f0/20 as trunk port.
And now creating sub interfaces on router
R(config)# int f0/0
R(config-if)#no shut
R(config-if)#exit
R(config)#int f0/0.10
R(config-sub-if)#encapsulation dot1q 10
R(config-sub-if)#ip add 192.168.1.100 255.255.255.0
R(config-sub-if)#exit
R(config-if)#int f0/0.20
R(config-sub-if)#encapsulation dot1q 20
R(config-sub-if)#ip add 192.168.2.100 255.255.255.0
R# sh ip inter brief