Study Guide for the Cisco Certification

INTERNETWORK OPERATING SYSTEM
IOS is the name of the operating system found in most of Cisco's routers. The majority of Cisco routers run the IOS, with its command line interface (CLI).

ROUTER COMPONENTS
Apart from handling the logic of routing packets, the IOS controls the use of different physical components, including memory, processor and interfaces. Most Cisco routes have an auxiliary port but all have a console port. The purpose of the console port is for local administrative access from an ASCII terminal whereas the auxiliary port is used for asynchronous dial access from an ASCII terminal and also for dial backup.

Different types of memory:
RAM is used by the router just as it is used by any computer. ROM stores a bootable IOS image. Also contains the code that is used to boot the router until the router knows where to get the full IOS image. Flash Memory stores fully functional IOS images and is the default where the router gets its IOS at boot time. On Cisco 7500 series platform, it can be used to store configuration files. NVRAM Nonvolatile. Stores the startup configuration file. Sample of router interface terminology

Router Model	What IOS calls the interface	What the product catalog calls the cards with the interfaces on them
2500	Interface	Modules and WAN interface cards
3600	Interface	Network modules and WAN interface cards
4500	Interface	Network processor modules
7200	Interface	Port adapters and service adapters
7500	Interface	Interface processor and versatile interface processor with port adapters

COMMAND LINE INTERFACE
The CLI acronym is used by Cisco to refer to the terminal user command line interface to the IOS. The word CLI implies that the user is typing commands at a terminal or a Telnet connection. Note: Using the CLI will help you passing the exam. Whichever access method is used, a CLI user initially is placed in user mode (or user EXEC mode) after logging in. EXEC refers to the fact that commands typed here are executed. When accessing the CLI, passwords may be required.

Different types of passwords and the configuration for each type.

Access from...	Password Type	Configuration
Console	Console password	line console 0 login password faith
Auxiliary	Auxiliary password	line aux 0 login password hope
Telnet	vty password	line vty 0 4 login  password love

The login command tells the router to display a prompt. The password commands specify the text password to be typed by the user to gain access.
User EXEC and ENABLE (privileged or privileged EXEC mode) modes are the 2 command EXEC modes in the IOS interface.

NAVIGATING THE ISO CLI
It is unlikely that you'll remember all IOS commands, no matter which documentation you use.

Command recall help options available

IOS command help
What you type	What help you get
?	Help for all commands available in this mode
help	Text describing to get help. No actual command help is given
command ?	Text describing the first parameter options for command command
com?	List of commands that start with "com"
command parm?	This style of help lists all parameters beginning with "parm". (Notice no space between "parm" and the "?")
command parm	If the user presses the TAB key midword, the CLI will either spell the rest of the parameter at the command line for the user or do nothing. If the CLI does nothing, this means that this string of characters represents more than one possible next parameter.
command parm1 ?	If a space is inserted before the question mark, the CLI lists all next parameters and gives a brief explanation of each.

Command history and editing features
With the current IOS release, the user interface provides a history or record of commands that you have entered. This feature is particularly useful for recalling long or complex command entries including access lists. By default, the system records 10 command lines in its history buffer. To set the number of command lines recorded during the current terminal session use the following command:
terminal history [size number-of-lines]
To configure the number of command lines the system records, complete the following command from line configuration mode:

history [size number-of-lines]

Useful editing commands:
Crtl-P or the up arrow key Recall commands in the history buffer starting with the most recent command.

Crtl-N or the down arrow Return to more recent commands in the history buffer after recalling commands with Crtl-P or the up arrow key.

Crtl-B or left arrow key Move the cursor back one character

Crtl-F or right arrow key Move the cursor forward one character

Crtl-A Move the cursor to the beginning of the command line

Crtl-E Move the cursor to the end of the command line

Esc B Move the cursor back one word

Esc F Move the cursor forward one word

Crtl-R or Crtl-L Redisplay the current command line

Syslog and Debug
When different events occur, the IOS creates messages and, by default, sends them to the console. These messages are known as syslog messages.
For troubleshooting different problems on a router, one of the key diagnostic tool used is the debug command. Debug enables monitoring points in the IOS and generates messages that describe what the IOS is doing and seeing. Do beware that some debug options create so many messages that the IOS cannot process them all, and often crashing the IOS.

CONFIGURATION PROCESSES AND THE CONFIGURATION FILE
The process of changing and manipulating the configuration files in the IOS should be familiar to those wishing to the exam. It includes setting up an IOS device, handling ongoing configuration and moving configuration files.

Relationships among configuration mode
Command typed in the configuration mode update the active configuration file. Changes are moved into the active configuration file each time the user presses the Enter key and are acted upon immediately by the router. In the configuration mode, context-setting commands are used before most configuration commands. Theses context-setting commands tell the router the topic about which you'll type commands. They tell the router what commands to list when you ask for help.
For the CCNA exam, recalling whether popular commands are global commands or subcommands will be useful. Moreover, no set rules exist for what commands are global or subcommands, but generally, when multiple instances of a parameter can be set in a single router, the command used to set the parameter is likely to be a configuration subcommand. Items that are set once for the entire router are likely to be global commands. For example, the hostname command is a global command as there is only one host name per router.

MANAGING CONFIGURATION FILES
For the exam, you should be able to distinguish between the configuration file used at startup and the active configuration file. NVRAM is the startup configuration file, the other file, which is in RAM, is the one the router uses during operation. The router copies the stored configuration file from NVRAM into RAM as part of the boot process. Configuration files, exterior to the router, can be stored as ASCII text files anywhere using TFTP.

Several methods of manipulating configuration files are provided by Cisco. CiscoWorks and other management products let you create configurations for one or many routers without logging on to those routers. The most basic method for manipulating configuration files and moving them into and out of a router, however, is by using a TFTP server. The copy command is used to move configuration files among RAM, NVRAM and a TFTP server.

Initial Configuration
To do well in the exam, you should know the differences between the configuration mode and setup mode. Setup mode is a router configuration mode that prompts the user for basic configuration parameters. A Cisco router can be configured using the CLI in configuration mode without using setup mode. Some users like to use setup mode, however, particularly until they become more familiar with the CLI.
Setup mode is most frequently used when the router comes up with no configuration in NVRAM. Setup mode can be entered by using the setup command from privileged mode.

CISCO DELIVERY PROTOCOL (CDP)
CDP is used by Cisco switches and routes to ascertain basic information about neighboring switches and routers. This information can be used to learn addresses quickly for easier Simple Network Management Protocol (SNMP) management, as well as learn the addresses of other devices when you do not have passwords to log in to the other device.
CDP is a Cisco protocol. To support forwarding CDP messages over an interface, that interface must support SNAP headers. CDP is supported by Frame Relay, HDLC, any LAN interface and ATM.

CDP discovers several useful details from the neighboring device:  

• Device identifier - typically the host name

• Address list - network and data link addresses

• Port identifier - test that identifies the port, which is another name for the interface

• Capabilities list - Information on what the device does, for instance a router or switch.

• Platform - the model and OS level running in this device 

CDP is enabled in the configuration by default. The 'no cdp run' global command disables CDP for the entire device whereas the 'cdp run' global command re-enables CDP. In a similar way, the 'no cdp enable' interface subcommand disables CDP just on that interface while the 'cdp enable' command switches back to the default state of CDP being enabled.

MANAGING IOS IMAGES
Migrating to a new level of IOS is a task that CCNAs have to perform. An 'IOS image' is simply a term referring to the file containing the IOS. Managing image files implies getting new IOS images from Cisco; backing up the existing one; updating your routers with the new image; and also testing.
IOS files are stored in Flash memory.

UPGRADING AN IOS IMAGE INTO FLASH MEMORY
To upgrade an IOS image into Flash memory, the IOS image from Cisco must be obtained first. Then, the IOS image must be placed into the default directory of a TFTP server. Finally. You must issue the copy command from the router, copying the file into Flash memory.
When copying the IOS image into Flash memory, the router will require some information:

1. The IP address or host name of the TFTP server

2. Name of the file

3. Availability of space for the file in flash memory

4. If the answer to 3 is negative, can the router erase old files?

After prompting you for answers, the router copies the file and then verifies that the checksum for the file shows no transmission errors occurred. The contents of Flash memory can be verified using the 'show flash' command.

Choosing which IOS image to load.
For the exam, proficiency in configuring a router to load an IOS image from many sources is required. Two methods are used by a router in determining where it tries to obtain an IOS image to execute. The first method is based on the value of the configuration register, which is a 16-bit software register in Cisco's more recently developed routers. The second method is through the use of the boot system configuration command.
The router chooses the IOS image to load based on the boot field and the boot system commands in the configuration.

PASSWORD RECOVERY
Password recovery revolves around the process of getting the router to boot while ignoring the NVRAM configuration file. The router will be up with the default configuration; this enables a console user to log in, enter privileged mode, and change any encrypted passwords. To cause the router to ignore NVRAM at boot time, the configuration register must be changed. To achieve that, you must be in privileged mode and if you were already there, you could rest any encrypted passwords or view any unencrypted ones. Seems to be a vicious circle!
The two keys to password recovery are knowing that rommon enables you to reset the configuration register and that a console user can get into rommon mode by pressing the Break key during the first 60 seconds after power-on of the router. Knowing how to reset the config register enables you to boot the router, allowing the console user to see or change the unencrypted or encrypted passwords, respectively.

Process for each type of user

Step	Function	How to do this for 1600, 2600, 3600, 4500, 7200, 7500	How to do this for  2000, 2500, 3000, 4000, 7000
1	Turn router off and then back on again	Use router power switch	Same as other router
2	Press the break key within the first 60 seconds	Use break key on your console device keyboard	Same as other router
3	Change the configuration register so that bit 6 is 1	Use the common command confreg and answer the prompt	Use the common command  o/r 0x2142
4	Cause the router to load the IOS	Use to common reload command or it unavailable, power off and on	Use the common command initialize
5	Avoid using setup mode, which will be prompted for at console	Just say NO	Same as other router
6	Enter privileged mode at console	Press Enter and use enable command (no password required)	Same as other routers
7	View startup config to see unencrypted passwords	Use exec command show startup-config	Same as other routers
8	Use appropriate config commands to reset encrypted commands	For example use enable secret xyz123 to set enable secret password	Same as other routers
9	Change config register back to original value	Use config command config-reg 0x2102	Same as other routers
10	Reload the router after saving the configuration	Use copy running-config startup-config and reload commands	Same as other routers

OPEN SYSTEMS INTERCONNECTION LAYERS
The OSI model consists of seven layers, each of which has several sublayers. It'll be good to memorize the seven layers and their main functions. The upper layers of the OSI model (application, presentation, and session - Layers 7,6 & 5) are oriented more towards services to the applications. The lower four layers (transport, network, data link & physical - Layers 4, 3, 2, & 1) are oriented mainly toward the flows of data from end to end through the network. Layers 2 and 3 are more important for CCNAs because switching and routing are respectively based upon them.

Description of the OSI Reference model 

Layer	Description	Examples	Data & Hardware
Layer 7 - Application Layer	Responsible for identifying and establishing the availability of the communication partner and determining if sufficient resources for the communication exist	FTP, WWW, Browsers, Telnet, SMTP, X.400 mail, chat, BBS, & Search Engines	DATA
Layer 6 - Presentation Layer	Responsible for tasks like data compression, encryption, decryption, and negotiating data transfer syntax, which for this layer the standard data syntax used is Abstract Syntax Notation (ASN.1)	TIFF, GIF, PICT, ASCII, EBCDIC, MPEG, MIDI, HTML, and Quicktime	DATA
Layer 5 - Session Layer	Responsible for coordinating communication between systems, which is accomplished by connection establishment, data transfer and connection release	PC, SQL, NFS, NetBIOS names, AppleTalk, ASP, X Window, DECnet SCP	DATA
Layer 4 - Transport Layer	Responsible for session establishment, tear-down of virtual circuits, ensuring data integrity, and maintaining flow control	TCP, UDP, SPX	SEGMENT
Layer 3 - Network Layer	Responsible for path determination, sending packets from the source network to the destination network, and packet switching	IP, IPX, AppleTalk DDP	DATAGRAM, Routers
Layer 2 - Data Link Layer	Responsible for ensuring that messages are delivered to the proper device, translating the messages into bits, formatting the message into data frames, and adding a customized header	Frame Relay, HDLC, PPP, IEEE 802.2, 802.3, & 802.5, FDDI, ATM	FRAME, Bridges
Layer 1 - Physical Layer	Responsible for sending bits and receiving bits, which come in values of 1 or 0	EIA/TIA 232, EIA/TIA 449, V.35, V.24, RJ45, Ethernet, 802.3, 802.5, FDDI, NRZI, NRZ, B8ZS	BITS, Hubs & Repeaters

LAYERING BENEFITS
Benefits of layered protocol specifications:

• People can discuss and learn about the many details of a protocol specification easier

• Modular engineering is aided by the standardized interfaces among the layers. Some products could supply part of the functions of the protocol such as Microsoft TCP/IP built into Windows, or Eudora e-mail application providing TCP/IP application support.

• An enhance environment for interoperability is created.

• Easier program changes and faster product evolution due to reduced complexity

• Each layer can define headers and trailers around the user data. Anybody examining the headers and trailers for troubleshooting can find the header or trailer for Layer X and know what type of information should be found.

• One layer uses the services of the layer immediately below it. Thus, remembering what each layer does is easier.

INTERACTION BETWEEN OSI LAYERS

• Each layer provides a service to the layer above it in the protocol specification

• Each layer communicates some information with the same layer's software or hardware on other computers. In some cases, the other computer is connected to the same media; in other cases, the other computer is on the other end of the network.

DATA ENCAPSULATION
The concept of placing data behind headers for each layer is referred to as encapsulation by Cisco documentation.
Encapsulation process:

1. User information is converted to data

2. Data is converted to segments

3. Segments are converted to packets or datagrams

4. Packets or datagrams are converted to frames

5. Frames are converted to bits

CONNECTION-ORIENTED AND CONNECTIONLESS

Connection-Oriented Network Service
Connection-oriented service involves three phases:

Connection establishment -- During the connection establishment phase, a single path between the source and destination systems is determined. Network resources are typically reserved at this time to ensure a consistent grade of service (such as a guaranteed throughput rate).

Data transfer -- During the data transfer phase, data is transmitted sequentially over the path that has been established. Data always arrives at the destination system in the order in which it was sent.

Connection termination -- During the connection termination phase, an established connection that is no longer needed is terminated. Further communication between the source and destination systems requires that a new connection be established.

Connection-oriented service has two significant disadvantages as compared to connectionless network service:

Static path selection -- Because all traffic must travel along the same static path, a failure anywhere along that path causes the connection to fail.

Static reservation of network resources -- A guaranteed rate of throughput requires the commitment of resources that cannot be shared by other network users. Unless full, uninterrupted throughput is required for the communication, bandwidth is not used efficiently.

Connection-oriented services are useful for transmitting data from applications that are intolerant of delays and packet re-sequencing. Voice and video applications are typically based on connection-oriented services.

Connectionless Network Service
Connectionless network service does not predetermine the path from the source to the destination system, nor are packet sequencing, data throughput, and other network resources guaranteed. Each packet must be completely addressed because different paths through the network might be selected for different packets, based on a variety of influences. Each packet is transmitted independently by the source system and is handled independently by intermediate network devices. Connectionless service offers two important advantages over connection-oriented service:

Dynamic path selection -- Because paths are selected on a packet-by-packet basis, traffic can be routed around network failures.

Dynamic bandwidth allocation -- Bandwidth is used more efficiently because network resources are not allocated bandwidth that they are not going to use.

Connectionless services are useful for transmitting data from applications that can tolerate some delay and re-sequencing. Data-based applications are typically based on connectionless service.

Characteristics: Recovery and Connections

Connected ?	Reliable ?	Examples
Connection-oriented	Yes	LLC type 2 (802.2) TCP (TCP/IP) SPX (NetWare) X.25
Connection-oriented	NO	Frame relay virtual circuits, ATM virtual connections, PPP
Connectionless	YES	TFTP, Netware NCP (without Packet burst)
Connectionless	NO	UDP, IP, IPX, AppleTalk DDP, most layer 3 protocols, 802.3, 802.5

FLOW CONTROL

Flow control is a function that prevents network congestion by ensuring that transmitting devices do not overwhelm receiving devices with data. There are a number of possible causes of network congestion. For example, a high-speed computer might generate traffic faster than the network can transfer it, or faster than the destination device can receive and process it. There are three commonly used methods for handling network congestion:

Buffering - Buffering is used by network devices to temporarily store bursts of excess data in memory until they can be processed. Occasional data bursts are easily handled by buffering. However, excess data bursts can exhaust memory, forcing the device to discard any additional datagrams that arrive.

Source quench messages - Source quench messages are used by receiving devices to help prevent their buffers from overflowing. The receiving device sends source quench messages to request that the source reduce its current rate of data transmission, as follows:

1. The receiving device begins discarding received data due to overflowing buffers.

2. The receiving device begins sending source quench messages to the transmitting device, at the rate of one message for each packet dropped.

3. The source device receives the source quench messages and lowers the data rate until it stops receiving the messages.

4. The source device then gradually increases the data rate as long as no further source quench requests are received.

Windowing - Windowing is a flow-control scheme in which the source device requires an acknowledgement from the destination after a certain number of packets have been transmitted. With a window size of three, the source requires an acknowledgment after sending three packets, as follows:

1. The source device sends three packets to the destination device.

2. After receiving the three packets, the destination device sends an acknowledgment to the source.

3. The source receives the acknowledgment and sends three more packets.

4. If the destination does not receive one or more of the packets for some reason (such as overflowing buffers), it does not receive enough packets to send an acknowledgment. The source, not receiving an acknowledgment, retransmits the packets at a reduced transmission rate

DATA LINK AND NETWORK ADDRESSES

Data Link Layer Addresses
A data link layer address uniquely identifies each physical network connection of a network device. Data link addresses are sometimes referred to as physical or hardware addresses. Data link addresses usually exist within a flat address space and have a pre-established and typically fixed relationship to a specific device. End systems typically have only one physical network connection, and thus have only one data link address. Routers and other internetworking devices typically have multiple physical network connections. They therefore have multiple data link addresses.

Network Layer Addresses
A network layer address identifies an entity at the network layer of the OSI reference model. Network addresses usually exist within a hierarchical address space. They are sometimes called virtual or logical addresses. The relationship of a network address with a device is logical and unfixed. It is typically based either on physical network characteristics (the device is on a particular network segment) or on groupings that have no physical basis (the device is part of an AppleTalk zone). End systems require one network layer address for each network layer protocol they support. (This assumes that the device has only one physical network connection.) Routers and other internetworking devices require one network layer address per physical network connection for each network layer protocol supported. For example, a router with three interfaces, each running AppleTalk, TCP/IP, and OSI, must have three network layer addresses for each interface. The router therefore has nine network layer addresses.

MAC ADDRESS

Media Access Control (MAC) addresses are a subset of data link layer addresses. MAC addresses identify network entities in LANs implementing the IEEE MAC sublayer of the data link layer. Like most data link addresses, MAC addresses are unique for each LAN interface. MAC addresses are 48 bits in length and are expressed as 12 hexadecimal digits: The first 6 hexadecimal digits are the manufacturer identification (or vendor code), called the Organizational Unique Identifier (OUI). These 6 digits are administered by the IEEE. The last 6 hexadecimal digits are the interface serial number or another value administered by the specific vendor. MAC addresses are sometimes called burned-in addresses (BIAs) because they are burned into read-only memory (ROM) and copied into random-access memory (RAM) when the interface card initializes.

LAN STANDARDS

MAC and LLC details for three types of LAN

Name	Mac sublayer spec	LLC sublayer spec	Other comments
Ethernet version 2 (Dix Ethernet)	Ethernet	Not applicable	Developed by Digital, Intel and Xerox
IEEE Ethernet	IEEE 802.3	IEEE 802.2	Also known as 802.3 Ethernet
Token Ring	IEEE 802.5	IEEE 802.2	Developed by IBM, then IEEE took over
FDDI	ANSI X3T9.5	IEEE 802.2

Ethernet Standards
Fast Ethernet, or 100BaseT, is conventional Ethernet but faster, operating at 100 Mbps instead of 10 Mbps. Fast Ethernet is based on the proven CSMA/CD Media Access Control (MAC) protocol and can use existing 10BaseT cabling. Data can move from 10 Mbps to 100 Mbps without protocol translation or changes to application and networking software.

Fast Ethernet maintains CSMA/CD, the Ethernet transmission protocol. However, Fast Ethernet reduces the duration of time each bit is transmitted by a factor of 10, enabling the packet speed to increase tenfold from 10 Mbps to 100 Mbps. Data can move between Ethernet and Fast Ethernet without requiring protocol translation, because Fast Ethernet also maintains the 10BaseT error control functions as well as the frame format and length.

Fast Ethernet can run over the same variety of media as 10BaseT, including UTP, shielded twisted pair (STP), and fiber. The Fast Ethernet specification defines separate physical sublayers for each media type:

100BaseT4 for four pairs of voice- or data-grade Category 3, 4, and 5 UTP wiring

100BaseTX for two pairs of data-grade Category 5 UTP and STP wiring

100BaseFX for two strands of 62.5/125-micron multimode fiber

In many cases, organizations can upgrade to 100BaseT technology without replacing existing wiring. However, for installations with Category 3 UTP wiring in all or part of their locations, four pairs must be available to implement Fast Ethernet. The MII layer of 100BaseT couples these physical sublayers to the CSMA/CD MAC layer (see Figure 1). The MII provides a single interface that can support external transceivers for any of the 100BaseT physical sublayers. For the physical connection, the MII is implemented on Fast Ethernet devices such as routers, switches, hubs, and adapters, and on transceiver devices using a 40-pin connector

Each physical sublayer uses a signaling scheme that is appropriate to its media type. 100BaseT4 uses three pairs of wire for 100-Mbps transmission and the fourth pair for collision detection. This method lowers the 100BaseT4 signaling to 33 Mbps per pair, making it suitable for Category 3, 4, and 5 wiring. 100BaseTX uses one pair of wires for transmission (125-MHz frequency operating at 80 percent efficiency to allow for 4B5B encoding) and the other pair for collision detection and receive. 100BaseFX uses one fiber for transmission and the other fiber for collision detection and receive. The 100BaseTX and 100BaseFX physical signaling channels are based on FDDI physical layers developed and approved by the American National Standards Institute (ANSI) X3T9.5 committee.

While the 100BaseTX and 100Base T4 specifications maintain the same 100-meter limit from the wiring closet to the desktop as 10BaseT, 100BaseFX can exceed the 100-meter limit because it uses fiber instead of UTP. However, 100BaseFX is used primarily between wiring closets and campus buildings to better leverage its support for longer cables.

Just as with 10-Mbps Ethernet, different wiring types can be connected through a repeater. The 100BaseT standard defines two classes of repeaters: Class I and Class II. At most, a collision domain can include one Class I or two Class II repeaters. Fast Ethernet is implemented in a star topology, but even with repeaters, the network diameter is proportionately smaller than 10-Mbps Ethernet given Fast Ethernet's tenfold increase in packet speed. For example, using two Class II repeaters, the maximum distance using copper wire is 100 meters (m) to the Class II repeater, 5 m between Class II repeaters, and 100 m to the desktop.

Full-duplex technology delivers up to 200 Mbps bandwidth because it provides bidirectional communication -- meaning that 100 Mbps is available for transmission in each direction. Full duplex also increases the maximum distance supported for fiber cables between two Data Terminal Equipment (DTE) devices up to 2 km. Full-duplex communication is implemented by disabling the collision detection and loopback functions, which are necessary to ensure smooth communication in a shared network. Only switches can offer full duplex to directly attached workstations or servers. Shared 100BaseT hubs must operate at half duplex to detect collisions among end stations.

The 100BaseT specification describes a negotiation process that allows devices at each end of a network link to automatically exchange information about their capabilities and perform the configuration necessary to operate together at their maximum common level. This auto-negotiation activity is performed out-of-bank using Fast Link Pulse (FLP) Burst to identify the highest physical-layer technology that can be used by both devices, such as 10BaseT, 100BaseT, 100BaseTX, or 100BaseT4. The auto-negotiation definition also provides a parallel detection function that allows half-and full-duplex 1-BaseT, half-and full-duplex

100BaseTX, and 100BaseT4 physical layers to be recognized, even if one of the connected devices does not offer auto-negotiation capabilities.

LAN DEVICES

These are the LAN  devices you should be familiar with: 

Repeaters
Does	Doesn't	Advantages	Disadvantages
Regenerate and propagate signals from one segment to another	Change the address or data, nor filter packets	Extends maximum length of network cable	Suffer latency

 

Bridges
Does	Doesn't	Advantages	Disadvantages
Reads the MAC or hardware address from the data frame, determines if the destination computer is on the local segment or on another network segment	Forward the frame if destination computer is on the local segment	Can give more bandwidth than a repeater	Can suffer from broadcast storms and latency

 

Hubs
Does	Doesn't	Advantages	Disadvantages
Signal is transmitted to all other segments that are plugged into it	Run in full duplex mode	Connects all computer connections into one concentrator or device, price	Can suffer latency

 

Switches
Does	Doesn't	Advantages	Disadvantages
Run in full duplex mode, reads MAC address	N/A	Sends signal to the specific port where the destination MAC address is located	N/A

 

Routers
Does	Doesn't	Advantages	Disadvantages
Filter by both hardware and network address (IP address), only forwards packets to the network segment the packet is designed for	N/A	Prevents unnecessary network traffic	N/A

 

Gateways
Does	Doesn't	Advantages	Disadvantages
Created with software and can be run on PC's and routers, links different programs or protocols and examines the entire packet in order to translate incompatible protocols	N/A	Links different programs or protocols and examines the entire packet in order to translate incompatible protocols	N/A

 

ATM Switches
Does	Doesn't	Advantages	Disadvantages
Provides high-speed cell switching	N/A	Combines advantages of both conventional circuit and packet-based systems	N/A

Virtual LANs

VLANs provide the following benefits:

1. Reduced Administration Costs - Moves, adds, and changes are one of the greatest expenses in managing a network. VLANs provide an effective mechanism to control these changes and reduce much of the cost of hub and router reconfiguration.

2. Controlling Broadcast Activity - Similar to routers, VLANs offer an effective mechanism for setting up firewalls in a switch fabric, protecting the network against broadcast problems that are potentially dangerous, and maintaining all the performance benefits of switching.

3. Better Network Security - You can increase security easily and inexpensively by segmenting the network into distinct broadcast groups. VLANs therefore can be used to provide security firewalls, restrict individual user access, flag any unwanted intrusion to the network, and control the size and composition of the broadcast domain.

4. Leveraging Existing LAN Hub Investments - Organizations have installed many shared hub chassis, modules, and stackable devices in the past three to five years. You can leverage this investment by using back plane hub connections. It is the connections between shared hubs and switches that provide opportunities for VLAN segmentation.

Spanning Tree Protocol
Spanning-Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations. Multiple active paths between stations cause loops in the network. If a loop exists in the network topology, the potential exists for duplication of messages. When loops occur, some switches see stations appear on both sides of the switch. This condition confuses the forwarding algorithm and allows duplicate frames to be forwarded.

To provide path redundancy, Spanning-Tree Protocol defines a tree that spans all switches in an extended network. Spanning-Tree Protocol forces certain redundant data paths into a standby (blocked) state. If one network segment in the Spanning-Tree Protocol becomes unreachable, or if Spanning-Tree Protocol costs change, the spanning-tree algorithm reconfigures the spanning-tree topology and reestablishes the link by activating the standby path.

Spanning-Tree Protocol operation is transparent to end stations, which are unaware whether they are connected to a single LAN segment or a switched LAN of multiple segments.

Election of the Root Switch
All switches in an extended LAN participating in Spanning-Tree Protocol gather information on other switches in the network through an exchange of data messages. These messages are bridge protocol data units (BPDUs). This exchange of messages results in the following:

The election of a unique root switch for the stable spanning-tree network topology.

The election of a designated switch for every switched LAN segment.

The removal of loops in the switched network by placing redundant switch ports in a backup state.

The Spanning-Tree Protocol root switch is the logical center of the spanning-tree topology in a switched network. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in Spanning-Tree Protocol backup mode.

BPDUs contain information about the transmitting switch and its ports, including switch and port Media Access Control (MAC) addresses, switch priority, port priority, and port cost. The Spanning-Tree Protocol uses this information to elect the root switch and root port for the switched network, as well as the root port and designated port for each switched segment.

A BPDU exchange results in the following:

One switch is elected as the root switch.

The shortest distance to the root switch is calculated for each switch.

A designated switch is selected. This is the switch closest to the root switch through which frames will be forwarded to the root.

A port for each switch is selected. This is the port providing the best path from the switch to the root switch.

Ports included in the Spanning-Tree Protocol are selected.

If all switches are enabled with default settings, the switch with the lowest MAC address in the network becomes the root switch. By increasing the priority (lowering the numerical priority number) of the ideal switch so that it then becomes the root switch, you force a Spanning-Tree Protocol recalculation to form a new, stable topology.

Spanning-Tree Protocol Port States
Propagation delays can occur when protocol information is passed through a switched LAN. As a result, topology changes can take place at different times and at different places in a switched network. When a switch port transitions directly from non-participation in the stable topology to the forwarding state, it can create temporary data loops. Ports must wait for new topology information to propagate through the switched LAN before starting to forward frames. They must also allow the frame lifetime to expire for frames that have been forwarded using the old topology.

Each port on a switch using Spanning-Tree Protocol exists in one of the following five states:

Blocking, Listening, Learning, Forwarding, Disabled

A port moves through these five states as follows:
From initialization to blocking
From blocking to listening or to disabled
From listening to learning or to disabled
From learning to forwarding or to disabled
From forwarding to disabled

Blocking State port in the blocking state does not participate in frame forwarding, as shown in Figure C-5. After initialization, a BPDU is sent to each port in the switch. A switch initially assumes it is the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is really the root. If only one switch resides in the network, no exchange occurs, the forward delay timer expires, and the ports move to the listening state. A switch always enters the blocking state following switch initialization.

Listening State - The listening state is the first transitional state a port enters after the blocking state, when Spanning-Tree Protocol determines that the port should participate in frame forwarding. Learning is disabled in the listening state.

Learning State - A port in the learning state is preparing to participate in frame forwarding. This is the second transitional state through which a port moves in anticipation of frame forwarding. The port enters the learning state from the listening state through the operation of Spanning-Tree Protocol.

Forwarding State - A port in the forwarding state forwards frames, as shown in Figure C-5. The port enters the forwarding state from the learning state through the operation of Spanning-Tree Protocol.

Disabled State - A port in the disabled state does not participate in frame forwarding or the operation of Spanning-Tree Protocol. A port in the disabled state is virtually nonoperational.

WAN PROTOCOLS

X.25 - ITU-T standard that defines how connections between DTE and DCE are maintained for remote terminal access and computer communications in PDNs. X.25 specifies LAPB, a data link layer protocol, and PLP, a network layer protocol. Frame Relay has to some degree superseded X.25.

Frame Relay
Frame relay is a fast WAN protocol that operates at the Physical and Data Link layers of the OSI model. Works between DTE and DCE devices. Uses Packet Switching. DTE consists of terminals, PC's, routers and bridges all which are customer owned end node devices. DCE devices such as packet switchers are owned by the service provider. Frame Relay uses PVC's and SVC's but most usually PVC's. The connection is identified by a Data Link Connection Identifier (DLCI).

ISDN/LAPD
Integrated Services Digital Network (ISDN) is a digital service designed to run over existing telephone networks. ISDN can support both data and voice simultaneously. ISDN is referenced by a ITU-T group of protocols that encompass the OSI Physical, Data Link, and Network Layers.

HDLC
The High Level Data Link Control Protocol is a link layer protocol that is the standard encapsulation type for Cisco Serial interfaces. SDLC was modified to produce HDLC. Maps to 802.2

SDLC - Synchronous Data Link Control.
SNA data link layer communications protocol. SDLC is a bit-oriented, full-duplex serial protocol that has spawned numerous similar protocols, including HDLC and LAPB.

PPP
The Point to Point Protocol is a data link protocol that can be used over either asynchronous (dial-up) or synchronous (ISDN) media. It used the Link Control protocol (LCP) to maintain the data link. It has a number of features including Authentication using either PAP or CHAP and compression. PPP is set on the interface by typing. Router(config-if)#encapsulation ppp PPP must be enabled on both ends of the interface to allow communication.

DDR - dial-on-demand routing.
Technique whereby a Cisco router can automatically initiate and close a circuit-switched session as transmitting stations demand. The router spoofs keep-alives so that end stations treat the session as active. DDR permits routing over ISDN or telephone lines using an external ISDN terminal adaptor or modem.

WAN DEVICES 

Routers	Offer both internetwork and WAN interface controls
ATM Switches	High-speed cell switching between both LANs and WANs
X.25 and Frame Relay Switches	Connect private data over public circuits using digital signals
Modems	Connect private data over public telephone circuits using analog signals
(CSU/DSU) Channel Service Units/Data Service Units	Customer Premises Equipment (CPE) which is used to terminate a digital circuit at the customer site
Communication Servers	Dial in/out servers that allow dialing in from remote locations and attach to the LAN
Multiplexors	Device that allows more than one signal to be sent out simultaneously over one physical circuit

NETWORK PROTOCOLS

The two parts to every Network address is the Network id and the Host ID. In TCP/IP this is decided by the subnet mask. For 172.18.16.6 with a default SM of 255.255.0.0 the network id is 172.18 and the host id is 16.6.
In IPX/SPX the first 8 hex digits represent the network id and the remaining 12 hex digits represent the host id (the MAC address) for example 00017C80.0200.8609.33E9 00017C80 would be the network id and 0200.8609.33E9 would be the host id.

TCP/IP Port numbers:

TCP:     protocol number 6
ftp:      21
telnet:  23
smtp:   25
UDP:    protocol number 17
Dns:     53
Tftp:    69
Snmp:  161

IP Addresses are split into 5 classes. These are Class A, Class B, Class C, Class D, and Class E. Class D is used for multicast addresses and Class E is used for research projects. We generally only use the first three classes of IP addresses, Class A, Class B, and Class C.

The following table provides reference information about the five IP address classes: 

IP Address Class	Format	Purpose	High-Order Bit(s)	Address Range	No. Bits Network/Host	Max. Hosts
A	N.H.H.H	Large Org.	0	1 - 126	7/24	2^24-2
B	N.N.H.H	Medium Org	10	128 - 191	14/16	2^16-2
C	N.N.N.H	small Org.	110	192 - 223	22/8	2^8-2
D	N/A	Multicast	1110	224 -239	N/A	N/A
E	N/A	Experimental	1111	240 - 254	N/A	N/A

Exclusions to IP addressing

Network address of all 0s	Interpreted to mean "this network or segment"	Example: We'll use a class A address for this example 0.5.154.10
Network address of all 1s	Interpreted to mean "all networks"	Example: Well stay with a class A address for this example 255.5.154.10
Network 127	Reserved for loopback tests	Example: 127.0.0.0
Node address of all 0s	Interpreted to mean "this node"	Example: For this example we'll use a class A address - 123.0.0.0
Node address of all 1s	Interpreted to mean "all nodes" on the specified network	Example: For this example we'll use the class A address again - 123.255.255.255
Entire IP address set to all 0s	Used by Cisco routers to designate the default route	Example: 0.0.0.0
Entire IP address set to all 1s	Broadcast to all nodes on the current network	Example: 255.255.255.255

Transmission Control Protocol
TCP is a connection oriented transport layer protocol with built in reliability. Takes large blocks of data and breaks it down into segments. It numbers and sequences each segment so the destination's TCP protocol can re-assemble back into the original order. TCP uses acknowledgement via sliding windows. Has a large overhead due to built in error checking. Works at Port 6

User Datagram Protocol
UDP is a connectionless oriented transport protocol for use when the upper layers provide error-recovery and reliability. UDP does not sequence data or re-assemble it into any order after transmission. Works at Port 17

TCP/IP Network Layer (OSI) or Internet (DOD) protocols are IP, ARP, RARP, BOOTP, and ICMP

Internet Protocol
IP provides routing and a single interface to the upper layers. No upper layer protocol and no lower layer protocol have any functions relating to routing. IP receives segments from the transport layer and fragments them into packets including the hosts IP address.

Address Resolution Protocol
ARP is responsible for resolving MAC addresses to IP addresses. It stores these in its arp cache for later use. It does this to inform a lower layer of the destination MAC address.

Reverse Address Resolution Protocol
RARP resolves IP addresses to MAC addresses on diskless workstations.

Boot Strap Protocol
BootP is used also for diskless workstations when it requires an IP address.

Internet Control Message Protocol
ICMP is a management protocol and messaging service provider for IP. Its messages are carried as IP datagram's. ICMP is used in the following events:

• Destination Unreachable
  If a router cannot send an IP packet any further it uses an ICMP echo to send a message back to the sender notifying it that the remote node is unreachable.

• Buffer Full
  If a routers memory buffer is full ICMP will send out this message to the originator.

• Hops
  Each IP datagram is assigned a path. This consists of hops. If it goes through the maximum number of hops the packet is discarded and the discarding router send an ICMP echo to the host.

• Ping
  Ping uses ICMP echo messages to check connectivity.

Subnetting
Subnetting an IP address is when you move the Network Address portion of the IP Address into the Host Address Section to facilitate more networks but less hosts.

 

Class	Format	Default Subnet Mask
A	Net.Node.Node.Node	255.0.0.0
B	Net.Net.Node.Node	255.255.0.0
C	Net.Net.Net.Node	255.255.255.0

The test will ask questions on determining the maximum number of subnets and the maximum number of host id's per subnet. So let's look at how to figure that out.

Maximum number of subnets

2 (to the power of number of masked bits in subnet mask) -2 = number of subnets

We start with a Base 2 (binary), then figure to the power of masked out bits (or in laymens terms, the number of 1's in the binary form of the subnet mask).

For an example of this, let's look at a Class B subnet mask of 255.255.192.0 which is 11111111.11111111.11000000.00000000 in binary. The number of masked out bits in this number is 2. We get that from 192 (11000000), count the 1's. So at this point we have 2 to the power of 2 which is 4. For the last step, we then minus 2 from that number. So for this example, the maximum number of subnets would be 2.

Maximum number of host id's per subnet

2(to the power of number of unmasked bits in subnet mask) -2 = number of host id's

Once again, we start with a Base 2 (binary), then figure to the power of unmasked bits (or in laymens terms the number of 0's in the binary form of the subnet mask).

For an example, let's look at that Class B subnet mask of 255.255.192.0 again, which is 11111111.11111111.11000000.00000000 in binary. The number of unmasked bits in this number is 14. We get that from 192.0 (11000000.00000000), count the 0's. So at this point, we have 2 to the power of 14 which is 16,384. For the last step we then minus 2 from that number. So for this example, the maximum number of host id's would be 16,382.

IP addresses can be verified by either using Telnet, Ping, Or Trace
Telnet - Verifies the application-layer software between source and destination stations.
This is the most complete test mechanism available.
Ping - Uses the ICMP protocol to verify the hardware connection at the logical address of the network layer.

Commands returned
! - Successful receipt of an echo reply
. - Times out waiting for datagram reply
U - Destination unreachable error
C - Congestion-experienced packet
I - Ping interrupted (for example, Ctrl-Shift-6 X)
? - Packet type unknown
& - Packet Time to Live exceeded.

Trace - Uses Time-To-Live (TTL) values to generate messages from each router used along the path. This is very powerful in its ability to locate failures in the path from the source to the destination.

Commands returned
!H -The probe was received by the router, but not forwarded, due to an access list.
P - The protocol was unreachable.
N - The network was unreachable.
* - Time out.

IPX PROTOCOL

IPX Protocol Stack:

Application, presentation, session A  RIP, SAP, NCP, NLSP, etc.
Transport - IPX, SPX
Network - IPX
Data link - ODL Open Data Link
Physical - whatever

IPX

Connectionless, and communicates via sockets
Each host runs its own internal ipx network in addition to any lan network

Addressing:

10 byte address
first 4 bytes are network - need to be unique, otherwise whatever..
last 6 bytes are node - usually just use the MAC address

SPX

Sequence Packet eXchange
Connection oriented protocol
Creates virtual circuits, with specific connection Ids

RIP

Routing information protocol
Distance vector protocol that establishes routes between ipx networks
Judges based on ticks (1/18 second units) and hops
Broadcast every 60 seconds
Used to provide each server with a complete network map

SAP

Service advertising protocol
Servers use it to advertise, clients use it to locate services
Broadcast every 60 seconds

NLSP

NetWare Link Services Protocol
Link-state protocol to replace RIP and SAP someday

NCP

NetWare Core Protocol
Provides access to server resources

Netware in a nutshell

• Strict client-server model (nobody is both)

• Servers provide files, printing, messaging, applications, and databases

• Every netware server (or cisco router) creates a SAP table of all services offered by all servers

• A client issues a GNS (GetNearestServer request) broadcast to find out what is on the local SAP

IPX ADDRESS AND ENCAPSULATION TYPE 

Interface Type	Encapsulation Type	IPX Frame Type
Ethernet	novell-ether (default) arpa sap snap	Ethernet_802.3 Ethernet_II Ethernet_802.2 Ethernet_Snap
Token Ring	sap (default) snap	Token-Ring Token-Ring_Snap
FDDI	Snap (default) sap	Fddi_Snap Fddi_802.2

Routing Protocols

RIP: Routing Information Protocol

Distance - vector routing protocol
Updates every 30 seconds
Route invalid timer 90 seconds: time before route considered invalid.
Route flush timer: 240 seconds: route removed from table
Can use metrics (1-15) to weight against some interfaces
15 hop limit

OSPF: Open Shortest Path First

Link-state routing
Very infrequent broadcast updates
Extremely granular metrics

NLSP: Novell's Link State Protocol

Link-state

IGRP: Interior Gateway Routing Protocol (cisco proprietary)

Distance-vector
Metrics and hop count from 1-255
Measures delay in units of 10 milliseconds
Measures bandwidth - on serial connection this needs to be set, default is T1
Measures reliability as 1-255 (255 optimal):
Measures load: 0-255 (0 = no-load)
Allows multi-path routing (dual links of equal bandwidth to 1 location)
Implements hold-downs, split horizons, and poison reverse updates
Update timer is 90 seconds, invalid timer is 270 seconds (3 times update)
Hold down timer is 280 (3 times update +10 seconds)
flush timer is 630 seconds (7 times update)
administrative distances: (reliability of information)
0 = direct connection, 1 = static, 100 = igrp, 110 =ospf, 120 = rip, 255 = unknown

EIGRP: Enhanced IGRP

Hybrid routing protocol
Uses distance vectors, however they are triggered by changes, not timers.
Faster convergence, multiprotocol support

Distance- vector:

Uses second-hand info
Problems detecting /closing routing loops (counting to infinity)
Judges 'best' based on hop counts
Convergence can get pretty lengthy
Split horizon: enforces that information is not sent back in direction it came
from
Route poisoning: Helps prevent incorrect updates by setting route down
explicitly
Hold-downs: prevents routes from changing too quickly, to allow time for
stabilization

Link-state

No-second hand info, and understands entire network
Uses LSP packets to build 'personal' copy of entire network structure to
route from
LSP: link-state packets or "hello packets"
Chooses 'best' path based on: bandwidth, congestion, metrics, etc.
Update times can be set very lengthy as changes cause triggered updates.

EXTERIOR routing protocols

EGP: Exterior Gateway Protocol
        Polls neighbors
        exchanges info about AS with neighbors
        distance vector
        very simple

BGP: Border Gateway Protocol

 Can detect routing loops
 Can work between AS

Access lists

Basics:
    Access lists must be created, then applied to an interface
    Access lists can filter incoming or outgoing from an interface
    Packets are compared only until a match is made
    Packets that do not meet any criteria on the list are discarded

Note: The order of the list is very important. Watch out on the exam.

 

1-99	IP Standard Access List
100-199	IP Extended Access List
200-299	Protocol Type-code Access List
300-399	DECnet Access List
600-699	Appletalk Access List
700-799	48-bit MAC Address Access List
800-899	IPX Standard Access List
900-999	IPX Extended Access List
1000-1099	IPX SAP Access List
1100-1199	Extended 48-bit MAC Address Access List
1200-1299	IPX Summary Address Access List

 

Access List	Filters	Wildcard Masks	Additional Notes
Standard IP	Source IP address field in the packet s IP header	To put simply, when the ip is broken down to binary, the 1's allow everything and the 0's must match exactly.	Wildcard mask examples: 0.0.0.0=entire address must match. 0.255.255.255=only the first octet must match, the rest will allow everything. 255.255.255.255=allow everything
Extended IP	Source IP or Destination IP, or TCP or UDP Source or Destination Ports, or Protocol	Same as standard	The key word ANY implies any ip value is allowed, the keyword HOST implies the ip exactly has to match
Standard IPX	Packets sent by clients and servers, and SAP updates sent by servers and routers	Configured as a hexadecimal number instead of binary	-1 means any and all network numbers; works as "ANY"
Extended IPX	Source Network or Node, or Destination Network or Node, or IPX Protocol, or IPX Socket, or SAP	Match multiple networks with one statement, again in hexadecimal	The most practical use of the protocol type is for NetBIOS
SAP	Sent and received SAP traffic	N/A	Updates its own SAP tables. Again uses -1 to mean "ANY"

Top