New Ccna - Ajith

Cisco Certified Network Associate
(CCNA v3.0)
CCIE
C C 22-10-2016
N P
C C N A
Introduction to Cisco Certifications
CCIE
C C 22-10-2016
N P
C C N A
CERTIFICATIONS
• Cisco certifications are globally respected IT certification programs for Wide

Area Networking (Internetworking).
• Cisco has five levels of certification:
− CCENT (Cisco Certified Entry Networking Technician)
− CCNA (Cisco Certified Network Associate)
− CCNP (Cisco Certified Network Professional)
− CCIE (Cisco Certified Internetworking Expert)
− CCAr (Cisco Certified Architect)
22-10-2016
WWW.KEYGROUPS.IN
CCNAv3 Certification Track
• There are 2 tracks for CCNA examination :

• Two paper track
− ICND 1 (100-105) (On passing this exam the candidate is CCENT)
− ICND 2 (200-105) (On passing both exams the candidate is CCNA)
OR
• One paper track
− CCNA (200-125) (On passing this exam the candidate is CCNA)
22-10-2016
WWW.KEYGROUPS.IN
CCNAv3 Certification
• Cisco Certified Network Associate R&S exam is the associate level exam into
Wide Area Networking.
Exam Number : 200-125
Exam cost : 325$
Duration : 90 Minutes
Number of questions : 50-60 questions
Passing Mark : 810 / 1000
Available Languages : English
Exam Questions : Multiple-choice single answer
Multiple-choice multiple answer
Drag-and-drop
Simulations (Simlet)
Scenario Based (Testlet)
22-10-2016
WWW.KEYGROUPS.IN
Exam Question Demo
22-10-2016
WWW.KEYGROUPS.IN
Reference Books
• CCNA ICND 1 (100-105) - Wendell Odom - Cisco Press

• CCNA ICND 2 (200-105) - Wendell Odom - Cisco Press
OR
• CCNA (200-125) – Wendell Odom - Cisco Press
22-10-2016
WWW.KEYGROUPS.IN
Day wise Schedule
DAY TOPIC
1 Basics of Networking
Basic of
2 IP Addressing - IPv4
Networking
3 IP Addressing - IPv6 and OSI layers
4 External & Internal Components of Router
Basic of Router
5 Initial configuration of Router for IPv4 & IPv6 Network
and
6 WAN Connectivity and Configuration Router Connectivity
7 Subnetting (FLSM, VLSM)
8 Introduction to Routing and Static Routing for IPv4 & IPv6 Network
9 Introduction to Dynamic Routing and RIP for IPv4 & IPv6 Network
10 OSPF - Single Area for IPv4 & IPv6 Network Routing
11 OSPF - Multiple Area for IPv4 Network and EIGRP for IPv4 Network
12 EIGRP for IPv6 Network
22-10-2016
WWW.KEYGROUPS.IN
Day wise Schedule
DAY TOPIC
13 Introduction to Switch, Initial configuration, Vlan &Trunking
14 DTP, VTP, Intervlan, CDP, Port Security Switching
15 STP, Portfast, BPDU,ETHERCHANNEL & SPAN
16 Access Control List - IPv4
17 Access Control List - IPv6 Security
18 Default Routing and NAT
19 HSRP, IP SLA & EBGP
20 LOCAL AUTHENTICATION, AAA, SSH and VPN
Network Services
21 Syslog, NTP, SNMP, DHCP, IPv6 and
22 Password Recovery and Backup of IOS with TFTP, SCP, FTP Advance Concepts
23 PPP Authentication and PPPoE
24 Live setup and Q&A
22-10-2016
WWW.KEYGROUPS.IN
Basics of Networking
CCIE
C C 22-10-2016
N P
C C N A
Network
• Interconnection of two or more devices is called as a network.

• The communication between two or more interconnected devices is called
networking.
• Establishing connectivity between devices with the help of Hub / Switch /
Access Point for Data Communication.
22-10-2016
WWW.KEYGROUPS.IN
Types of Networks
• LAN - Local Area Network

• MAN - Metropolitan Area Network
• WAN - Wide Area Network
22-10-2016
WWW.KEYGROUPS.IN
LAN
• Local Area Networks are used to connect Interconnection of PCs and other
Network devices that are very close together in a limited area such as a floor of
a building, a building itself or within a campus.
Ameerpet
Data
LAN
Data
22-10-2016
WWW.KEYGROUPS.IN
MAN
• Metropolitan Area Network are used to connect networking devices that may
span around the entire city.
Ameerpet
Madhapur
Data
LAN LAN
MAN
Data Data
22-10-2016
WWW.KEYGROUPS.IN
WAN
• Wide Area Networks which connects two or more LANs present at different
geographical locations.
Hyderabad
Washington DC
Data
LAN LAN
SWITCH SWITCH
WAN
Data Data
22-10-2016
WWW.KEYGROUPS.IN
Internet
• Internet is a massive network of networks, a networking infrastructure.

• It connects millions of computers together globally, forming a network in which
any computer can communicate with any other computer as long as they are
both connected to the Internet. INTERNET
twitter.com flipkart.com
Hyderabad
Godaddy
Data
LAN LAN
Data
22-10-2016 facebook.com zoomgroup.com

WWW.KEYGROUPS.IN
Setting up a Network
• Systems
• Media
• Network Devices(Nic,Hub,Switch,Router,Access Points,Firewalls)
• Operating System
• Topology
• Protocols
22-10-2016
WWW.KEYGROUPS.IN
Media
• The purpose of the media is to transport bits from one machine to another.
Media
Guided Unguided
Co-axial Twisted pair Fiber Infrared RF
UTP STP
22-10-2016
WWW.KEYGROUPS.IN
Media
Co-axial cable
UTP Cable
STP Cable Fiber optic

22-10-2016
WWW.KEYGROUPS.IN
LAN Cable types
• Straight Through Cable

• Crossover Cable
• Rollover Cable
22-10-2016
WWW.KEYGROUPS.IN
Straight Through Cable
• Generally used for connecting two devices of different types
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
EIA/TIA 568B
Electronic Industries Alliance / Telecommunications Industry Association
22-10-2016
WWW.KEYGROUPS.IN
Crossover Through Cable
• Generally used for connecting same type of devices.
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
EIA/TIA 568B
Electronic Industries Alliance / Telecommunications Industry Association
22-10-2016
WWW.KEYGROUPS.IN
Rollover Cable
• Generally used for connecting Router console port to Computer COM port.
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
22-10-2016
WWW.KEYGROUPS.IN
Types of Twisted Pair cables
Category DTR Purpose Connector
CAT 5 100 Mbps Fast Ethernet RJ 45
CAT 5e 500 Mbps RJ 45

CAT 6 1000 Mbps Gigabit Ethernet RJ 45
22-10-2016
WWW.KEYGROUPS.IN
Network Interface Card (NIC)
• NIC is the interface between the computer and the network

• It is also known as the Lan card or Ethernet card
• Ethernet cards have a unique 48 bit address called as MAC (Media access
control) address
− MAC address is also called as Physical address or hardware address
− The 48 bit MAC address is represented as 12 Hexa-decimal digits
− Example: 0016.D3FC.603F
• Network cards are available in different speeds
− Ethernet (10 Mbps)
− Fast Ethernet (100 Mbps)
− Gigabit Ethernet (1000 Mbps)
22-10-2016
WWW.KEYGROUPS.IN
Networking Devices
• Switch
− It is a hardware device that centralizes communications between wired
devices connected within a LAN
• Wireless Access Point
− It is a hardware device that centralizes communications between wireless
and wired devices within a LAN
• Router
− It is a device which enables communication between two or more different
logical networks.
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Networking Devices
• Firewall
− It is a device which protects the network from unauthorized access
− It allows and denies the network traffic based upon policy configured.
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Network Topology
• Bus Topology
• Ring Topology
• Star Topology
• Mesh Topology
22-10-2016
WWW.KEYGROUPS.IN
Network Topology
Bus Topology Star Topology

Data
Data Data
Data
Ring Topology Mesh Topology

Data Data
Data
Data
22-10-2016
WWW.KEYGROUPS.IN
Crimping Video
22-10-2016
WWW.KEYGROUPS.IN
Network Diagram
Router Firewall
INTERNET
Printer Wireless
Switch Switch Access Point
Data
PC PC PC Server IP Phone Server PC PC PC
22-10-2016
WWW.KEYGROUPS.IN
IP Addressing
CCIE
C C 22-10-2016
N P
C C N A
IP Address
• IP Address is a Logical Address

• It is a Network Layer address (Layer 3)
• Two Versions of IP:
− IP version 4 is a 32 bit address
− IP version 6 is a 128 bit address
22-10-2016
WWW.KEYGROUPS.IN
IP version 4
• Bit is represent by 0 or 1 (i.e. Binary)

• IP address in binary form (32 bits):
01010101000001011011111100000001
• 32 bits are divided into 4 Octets:
First Octet Second Octet Third Octet Forth Octet
01010101. 00000101. 10111111. 00000001

• IP address in decimal form:
85.5.191.1
22-10-2016
WWW.KEYGROUPS.IN
IPv4 address range
Taking Example for First Octet :

Total 8 bits, Value will be 0’s and 1’s
i.e. 2⁸ = 256 combination
27 26 25 24 23 22 21 20
0 0 0 0 0 0 0 0 = 0
0 0 0 0 0 0 0 1 = 1
0 0 0 0 0 0 1 0 = 2
0 0 0 0 0 0 1 1 = 3
0 0 0 0 0 1 0 0 = 4 Total IP Address Range
0.0.0.0
to
1 1 1 1 1 1 1 1 = 255 255.255.255.255
22-10-2016
WWW.KEYGROUPS.IN
Binary to Decimal
128 64 32 16 8 4 2 1 Answer
1 1 0 0 0 0 0 0
192
0 0 0 0 1 0 1 0
10
1 0 1 0 1 0 0 0
168
1 0 1 0 1 1 0 0 172
0 0 0 1 0 0 0 0 16
22-10-2016
WWW.KEYGROUPS.IN
Decimal to Binary
Decimal 128 64 32 16 8 4 2 1
18
0 0 0 1 0 0 1 0
152
1 0 0 1 1 0 0 0
200
1 1 0 0 1 0 0 0
15
0 0 0 0 1 1 1 1
240
1 1 1 1 0 0 0 0
22-10-2016
WWW.KEYGROUPS.IN
IP Address Classification
IP address are divided into 5 Classes
• CLASS A
• CLASS B Used in LAN & WAN
• CLASS C
• CLASS D Reserved for Multicasting
• CLASS E Reserved for Research & Development
22-10-2016
WWW.KEYGROUPS.IN
Priority Bit
• Priority Bit is used for IP Address classification.

• Most significant bit(s) from the first octet are selected for Priority Bit(s).
− Class A priority bit is 0
− Class B priority bits are 10
− Class C priority bits are 110
− Class D priority bits are 1110
− Class E priority bits are 1111
22-10-2016
WWW.KEYGROUPS.IN
Class A Range
• In Class A : First bit of the first octet is reserved as priority bit, bit value is zero.
0xxxxxxx. xxxxxxxx. xxxxxxxx. xxxxxxxx
27 26 25 24 23 22 21 2 0
0 0 0 0 0 0 0 0 = 0
0 0 0 0 0 0 0 1 = 1
0 0 0 0 0 0 1 0 = 2 Class A Range
0 0 0 0 0 0 1 1 = 3
0 . 0 . 0 . 0 to
0 0 0 0 0 1 0 0 = 4
127 . 255 . 255 .255
0 1 1 1 1 1 1 1 = 127
22-10-2016
WWW.KEYGROUPS.IN
Class B Range
• In Class B : First two bits of the first octet are reserved as priority bits, bit value
as 10.
10xxxxxx. xxxxxxxx. xxxxxxxx. xxxxxxxx
27 26 25 24 23 22 21 20
1 0 0 0 0 0 0 0 = 128
1 0 0 0 0 0 0 1 = 129
1 0 0 0 0 0 1 0 = 130
1 0 0 0 0 0 1 1 = 131 Class B Range
1 0 0 0 0 1 0 0 = 132 128 . 0 . 0 . 0 to
191 . 255 . 255 .255
1 0 1 1 1 1 1 1 = 191
22-10-2016
WWW.KEYGROUPS.IN
Class C Range
• In Class C : First three bits of the first octet are reserved as priority bits, bit value
as 110.
110xxxxx. xxxxxxxx. xxxxxxxx. xxxxxxxx
27 26 2 5 24 23 2 2 21 20
1 1 0 0 0 0 0 0 = 192
1 1 0 0 0 0 0 1 = 193
1 1 0 0 0 0 1 0 = 194
1 1 0 0 0 0 1 1 = 195 Class C Range
1 1 0 0 0 1 0 0 = 196 192 . 0 . 0 . 0 to
223 . 255 . 255 .255
1 1 0 1 1 1 1 1 = 223
22-10-2016
WWW.KEYGROUPS.IN
Class D Range
• In Class D : First four bits of the first octet are reserved as priority bits, bit value
as 1110.
1110xxxx. xxxxxxxx. xxxxxxxx. xxxxxxxx
27 26 2 5 24 23 2 2 21 20
1 1 1 0 0 0 0 0 = 224
1 1 1 0 0 0 0 1 = 225
1 1 1 0 0 0 1 0 = 226
1 1 1 0 0 0 1 1 = 227 Class D Range
1 1 1 0 0 1 0 0 = 228 224 . 0 . 0 . 0 to
239 . 255 . 255 .255
1 1 1 0 1 1 1 1 = 239
22-10-2016
WWW.KEYGROUPS.IN
Class E Range
• In Class E : First four bits of the first octet are reserved as priority bits, bit value
as 1111.
1111xxxx. xxxxxxxx. xxxxxxxx. xxxxxxxx
27 26 25 24 23 22 21 20
1 1 1 1 0 0 0 0 = 240
1 1 1 1 0 0 0 1 = 241
1 1 1 1 0 0 1 0 = 242
1 1 1 1 0 0 1 1 = 243 Class E Range
1 1 1 1 0 1 0 0 = 244 240 . 0 . 0 . 0 to
255 . 255 . 255 .255
1 1 1 1 1 1 1 1 = 255
22-10-2016
WWW.KEYGROUPS.IN
Ranges
Class A Range Class B Range Class C Range

0 . 0 . 0 . 0 to 128 . 0 . 0 . 0 to 192 . 0 . 0 . 0 to
127.255.255.255 191.255.255.255 223 . 255 . 255 .255
Class D Range Class E Range

224 . 0 . 0 . 0 to 240 . 0 . 0 . 0 to
239 . 255 . 255 .255 255 . 255 . 255 .255
22-10-2016
WWW.KEYGROUPS.IN
Identifying Class
IP Address Class
10.1.100.1
A
192.1.1.1
C
224.0.0.10 D
120.200.1.1 A
150.17.2.200 B
17.1.256.1 Invalid IP Address
22-10-2016
WWW.KEYGROUPS.IN
Octet Format
• IP address is divided into Network & Host Portion
− CLASS A is written as N.H.H.H
− CLASS B is written as N.N.H.H
− CLASS C is written as N.N.N.H
22-10-2016
WWW.KEYGROUPS.IN
CLASS A – No. Networks & Hosts
• Class A Octet Format is N.H.H.H

Network bits : 8 Host bits : 24
• No. of Networks
= 2no of network bits– Priority bit
= 28-1 (-1 is Priority Bit for Class A)
= 27
= 128 – 2 (-2 is for 0 & 127 Network)
= 126 Networks
• No. of Host
= 2no of host bits -2
= 224 – 2 (-2 is for Network ID & Broadcast ID)
= 16777216 - 2
= 16777214 Hosts/Network
22-10-2016
WWW.KEYGROUPS.IN
CLASS B – No. Networks & Hosts
• Class B Octet Format is N.N.H.H

• No. of Networks
= 216-2 (-2 is Priority Bit for Class B)
= 214
= 16384 Networks
• No. of Host
= 65536 - 2
= 65534 Hosts/Network
22-10-2016
WWW.KEYGROUPS.IN
CLASS C – No. Networks & Hosts
• Class C Octet Format is N.N.N.H

• No. of Networks
= 224-3 (-3 is Priority Bit for Class C)
= 221
= 2097152 Networks
• No. of Host
= 256 - 2
= 254 Hosts/Network
22-10-2016
WWW.KEYGROUPS.IN
Network & Broadcast Address
• Network address : IP address with all bits as ZERO in the host portion.
• Broadcast address : IP address with all bits as ONES in the host portion.
• Valid IP Addresses : IP address lie between the Network Address and the
Broadcast Address.
• Only Valid IP Addresses are assigned to hosts/clients
22-10-2016
WWW.KEYGROUPS.IN
Example - Class A
• Class A : N.H.H.H
Network Address : 0xxxxxxx.00000000.00000000.00000000
Broadcast Address : 0xxxxxxx.11111111.11111111.11111111
Class A
10.0.0.0 Network Address
10.0.0.1
10.0.0.2
10.0.0.3
Valid IP Addresses
10.255.255.254
10.255.255.255 Broadcast Address
22-10-2016
WWW.KEYGROUPS.IN
Example - Class B
• Class B : N.N.H.H
Network Address : 10xxxxxx.xxxxxxxx.00000000.00000000
Broadcast Address : 10xxxxxx.xxxxxxxx.11111111.11111111
Class B
172.16.0.1
172.16.0.2
172.16.0.3 Valid IP Addresses
172.16.255.254
172.16.255.255 Broadcast Address
22-10-2016
WWW.KEYGROUPS.IN
Example - Class C
• Class C : N.N.N.H
Network Address : 110xxxxx.xxxxxxxx.xxxxxxxx.00000000
Broadcast Address : 110xxxxx.xxxxxxxx.xxxxxxxx.11111111
Class C
192.168.1.1
192.168.1.2
192.168.1.3
Valid IP Addresses
192.168.1.254
192.168.1.255
Broadcast Address
22-10-2016
WWW.KEYGROUPS.IN
Identifying Network Address and Broadcast Address
IP Address Network Address and Broadcast Address
120.1.1.1
120.0.0.0 and 120.255.255.255
172.16.1.1
172.16.0.0 and 172.16.255.255
10.100.1.10
10.0.0.0 and 10.255.255.255
192.168.1.10 192.168.1.0 and 192.168.1.255
150.10.1.1 150.10.0.0 and 150.10.255.255
22-10-2016
WWW.KEYGROUPS.IN
Identifying Valid IP Address
IP Address Valid Address
119.1.1.1
Yes
172.17.255.255
No
11.1.0.0 Yes
195.255.0.255 No
142.10.0.0 No
22-10-2016
WWW.KEYGROUPS.IN
Subnet Mask
• Subnet Mask differentiates the Network and Host portions of an IP address
• Represented with all 1’s in the network portion and with all 0’s in the host
portion.
22-10-2016
WWW.KEYGROUPS.IN
Subnet Mask - Examples
• Class A : N.H.H.H
11111111.00000000.00000000.00000000
Default Subnet Mask for Class A is 255.0.0.0
• Class B : N.N.H.H
11111111.11111111.00000000.00000000
Default Subnet Mask for Class B is 255.255.0.0
• Class C : N.N.N.H
11111111.11111111.11111111.00000000
Default Subnet Mask for Class C is 255.255.255.0
22-10-2016
WWW.KEYGROUPS.IN
Default subnet mask
IP Address Default subnet mask
17.1.1.1
255.0.0.0
202.1.0.18
255.255.255.0
190.10.1.1 255.255.0.0
102.10.1.10 255.0.0.0
192.0.0.1 255.255.255.0
22-10-2016
WWW.KEYGROUPS.IN
How Subnet Mask Works ?
IP Address : 192.168.1.1
Subnet Mask : 255.255.255.0
ANDING PROCESS :
192.168.1.1 = 11000000.10101000.00000001.00000001
255.255.255.0 = 11111111.11111111.11111111.00000000
==================================================
192.168.1.0 = 11000000.10101000.00000001.00000000
==================================================
• The output of an AND table is 1 if both its inputs are 1.

• For all other possible inputs the output is 0.
22-10-2016
WWW.KEYGROUPS.IN
Private IP Address
• There are certain addresses in each class of IP address that are reserved for
Private Networks. These addresses are called private addresses.
• These addresses are not Routable (or) valid on Internet.
Class A
10.0.0.0 to 10.255.255.255
Class B
172.16.0.0 to 172.31.255.255
Class C
192.168.0.0 to 192.168.255.255
22-10-2016
WWW.KEYGROUPS.IN
Public IP Address v/s Private IP Address
Public IP Address Private IP Address
• Used on the Internet • Used within the Organization

(i.e. Public Network) (i.e. Private Network or LAN)
• It should be unique over the • It should be unique within the LAN or
Internet. Organization
• Assigned by the Internet Service • Assigned by Network Administrator
Provider.
• Need to purchased from Internet • FREE
Service Provider.
22-10-2016
WWW.KEYGROUPS.IN
IPv6
CCIE
C C 22-10-2016
N P
C C N A
IPv6 Addresses
• IPv6 is 128 bit address

• It is represented as 32 hexadecimal numbers arranged in 8 quartets of 4
hexadecimal digit separated by a colon “ : ”
First Second Third Forth Fifth Sixth Seventh Eighth
Quartet Quartet Quartet Quartet Quartet Quartet Quartet Quartet
xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx

• IPv6 address in Hexadecimal form:
i.e. 2001:0000:0000:C15C:0000:0000:09c4:1300
• Not case sensitive for A, B, C, D, E and F
22-10-2016
WWW.KEYGROUPS.IN
Binary to Hexadecimal Table
• 4 bits = 1 hex digit

Binary Decimal Hexa- Binary Decimal Hexa-
8 4 2 1 decimal 8 4 2 1 decimal
0 0 0 0 1 0 0 1
0 0 9 9
0 0 0 1 1 1 1 0 1 0 10 A
0 0 1 0 2 2 1 0 1 1 11 B
0 0 1 1 3 3 1 1 0 0 12 C
0 1 0 0 4 4 1 1 0 1 13 D
5 5 14 E
0 1 0 1 1 1 1 0
6 6 15 F
0 1 1 0 1 1 1 1
7 7
0 1 1 1 8 8
1 0 0 0
22-10-2016
WWW.KEYGROUPS.IN
Binary to Hexadecimal
Binary Hexa-
decimal
1 1 1 1
F
1 1 0 1 1 0 1 1 DB
1 0 1 1 0 0 0 1 1 0 1 0 B1A
1 0 1 1 1 0 1 0 1 0 1 1 1 0 1 0 BABA
1 1 0 0 1 0 1 0 1 1 1 1 1 1 1 0 CAFE
1 1 1 1 1 0 1 0 1 1 0 0 1 1 1 0 FACE
1 1 0 0 0 0 1 1 1 1 0 1 0 1 0 1 C3D5
HEXADECIMAL CHART
22-10-2016
WWW.KEYGROUPS.IN
Hexadecimal to Binary
Hexa- Binary
decimal
E
1 1 1 0
9 1 0 0 1
2F 0 0 1 0 1 1 1 1
4FD 0 1 0 0 1 1 1 1 1 1 0 1
01E8 0 0 0 0 0 0 0 1 1 1 1 0 1 0 0 0
2001 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1
FE80 1 1 1 1 1 1 1 0 1 0 0 0 0 0 0 0
HEXADECIMAL CHART
22-10-2016
WWW.KEYGROUPS.IN
Rules for representing of IPv6 Address
• Omission of ZEROs
− Leading zero in any quartet can be omitted.
− Four successive zeros in a Quartet can be substituted by one zero.
• Replacing Successive Fields of Zeros with “::”
− Multiple quartet with zero can be represented as :: but only once in a
address
22-10-2016
WWW.KEYGROUPS.IN
Omission of ZERO’S
IPv6 Address IPv6 Address after Omission of ZERO’S
2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00

2001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00
2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 0001 2001 : DB8 : 10d : a : dd : c000 : e000 : 1
2001 : 2222 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001 2001 : 2222 : 0 : 0 : 0 : 0 : 0 : 1
20DB : C0A8 : 0101 : 0000 : 0000 : 0000 : 0000 : 0420 20DB : C0A8 : 101 : 0 : 0 : 0 : 0 : 420
2000 : 0 : 0 : 4DAD : 23 : 46 : BB : 101

2000 : 0000 : 0000 : 4DAD : 0023 : 0046 : 00BB : 0101
FF02 : 0 : 0 : 0 : 0 : 0 : 0 : 1
FF02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
22-10-2016
WWW.KEYGROUPS.IN
Replacing Successive Fields of Zero’s with “::”
IPv6 Address after Replacing Successive

IPv6 Address
Fields of Zero’s with “::”
2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : BC00

2001 : DB8 : 1 : 1000 : : ef0 : bc00
2002 : 1111 : 04CF : 0000 : 0000 : 0000 : 0000 : 002F
2002 : 1111 : 4CF : : 2F
3FFF : 0000 : 0000 : 0000 : 0000 : 005D : 0000 : 09CE 3FFF : : 5D : 0 : 9CE
2001 : 0000 : 0000 : FACE : B00C : 0000 : 0000 : 0069 2001 : 0 : 0 : FACE : B00C : : 69
20DB : 0000 : 0000 : 6666 : 0000 : 0000 : 0000 : 5228 20DB : 0 : 0 : 6666 : : 5228
2001 : 1111 : : 1
2001 : 1111 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
22-10-2016
WWW.KEYGROUPS.IN
Special Addresses ( IPv4 - IPv6)
IPv6 IPv4
10.0.0.0/8
Private IP
Unique local FC00::/7 172.16.0.0 to 172.31.255.255
address
192.168.0.0 to 192.168.255.255
Public IP Other Than
Global unicast 2000::/3
address Private IP addresses
Link local FE80::/10 APIPA 169.254.x.x
Multicast FF00::/8 Multicast 224.0.0.0 to 239.255.255.255
Loopback 0:0:0:0:0:0:0:1/128 Loopback 127.0.0.0/8
Default 0:0:0:0:0:0:0:0 Default 0.0.0.0
22-10-2016
WWW.KEYGROUPS.IN
Understanding IPv4
Same Network Communication
CCIE
C C 22-10-2016
N P
C C N A
IPv4 Same Network Communication
Switch Switch
PC-1 PC-2 PC-3 PC-4 PC-5 PC-6
Computer IP Address / Mask Computer IP Address / Mask
PC-1 192.168.1.10/24 PC-4 192.168.2.10/24

PC-2 192.168.1.20/24 PC-5 192.168.2.20/24
PC-3 192.168.1.30/24 PC-6 192.168.2.30/24
22-10-2016
WWW.KEYGROUPS.IN
Assigning IPv4 Address on Windows Computer
On Windows 7 or Windows 8.x or Windows 10 Computer
• Open Network and Sharing Center
• Click on Change adapter settings and Click Open.
• Right-click on your local adapter and select Properties.
• In the Local Area Connection Properties window select
Internet Protocol Version 4 (TCP/IPv4) then click the
Properties button.
• Now select the radio button Use the following IP address
and enter in the IP address and Subnet mask and click OK.
22-10-2016
WWW.KEYGROUPS.IN
Verify IPv4 Address on Windows Computer
C:\> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . :
C:\>
22-10-2016
WWW.KEYGROUPS.IN
Assigning IPv4 Address on Linux Computer
bt ~ # ifconfig eth0 192.168.1.10
22-10-2016
WWW.KEYGROUPS.IN
Verify IPv4 Address on Linux Computer
bt ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:21:97:73:58:21

inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:171979 errors:0 dropped:0 overruns:0 frame:0
TX packets:341932 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12370727 (11.7 MiB) TX bytes:463457462 (441.9 MiB)
Interrupt:20 Base address:0xe800
lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:1796 (1.7 KiB) TX bytes:1796 (1.7 KiB)
22-10-2016
WWW.KEYGROUPS.IN
Ping
• Packet Internet Groper

• Ping is a computer network administration utility used to test the reachability of a
host on an Internet Protocol (IP) network.
For IPv4 Network For IPv6 Network
• Windows • Windows
ping 192.168.201.10 ping 2001:1111::10
• Linux • Linux
ping 192.168.201.10 ping6 2001:1111::10
22-10-2016
WWW.KEYGROUPS.IN
PING
22-10-2016
WWW.KEYGROUPS.IN
Traceroute
• Traceroute is a computer network diagnostic utility used to view the route

(path) of packets across an Internet Protocol (IP) network.
For IPv4 Network For IPv6 Network
• Windows • Windows
tracert 192.168.201.10 tracert 2001:1111::10
• Linux • Linux
traceroute 192.168.201.10 traceroute6 2001:1111::10
22-10-2016
WWW.KEYGROUPS.IN
Traceroute
22-10-2016
WWW.KEYGROUPS.IN
Understanding IPv6
Same Network Communication
CCIE
C C 22-10-2016
N P
C C N A
IPv6 Same Network Communication
Switch Switch
PC-1 2001:1111::10/64 PC-4 2001:2222::10/64

PC-2 2001:1111::20/64 PC-5 2001:2222::20/64
PC-3 2001:1111::30/64 PC-6 2001:2222::30/64
22-10-2016
WWW.KEYGROUPS.IN
Assigning IPv6 Address on Windows Computer
Properties button.
• Now select the radio button Use the following IP address
and enter in the IP address and Subnet mask and click OK.
22-10-2016
WWW.KEYGROUPS.IN
C:\> ipconfig
IPv6 Address. . . . . . . . . . . . . . . . . : 2001:1111::10
Link-local IPv6 Address . . . . . . . . : fe80::449d:6a9a:2c80:80dc%64
Default Gateway . . . . . . . . . . . . . :
C:\>
22-10-2016
WWW.KEYGROUPS.IN
bt ~ # ifconfig eth0 inet6 add 2001:1111::10/64
22-10-2016
WWW.KEYGROUPS.IN
bt ~ # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 2001:1111::10 prefix len 64 scopeid 0x0<global>
ether 44:8a:5b:d4:39:3c txqueuelen 1000 (Ethernet)
RX packets 230 bytes 82110 (80.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 121 bytes 19549 (19.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
22-10-2016
WWW.KEYGROUPS.IN
Subnetting
CCIE
C C 22-10-2016
N P
C C N A
Subnetting
• Creating Multiple independent Networks from a single Network

• Converting Host bits into Network bits (i.e. converting 0’s into 1’s )
• Subnetting can be performed in two ways
− FLSM ( Fixed Length Subnet Mask )
− VLSM ( Variable Length Subnet Mask )
• Subnetting can be done based on requirement
− Number of Networks Required?
− Number of Hosts Required?
− Cisco Slash Notation
Note:-
It is very useful for Internet Service Providers (ISP), Large Organizations/
Companies etc.,
22-10-2016
WWW.KEYGROUPS.IN
Requirement of Networks
• A corporate network has 200 PC’s

• Which class of IP Address is preferred for the network ?
Answer : Class C
• There are 4 departments with 50 pc’s each
Marketing 192.168.1.1 to 192.168.1.50
Sales 192.168.1.51 to 192.168.1.100
Finance 192.168.1.101 to 192.168.1.150
IT 192.168.1.151 to 192.168.1.200
22-10-2016
WWW.KEYGROUPS.IN
Administrators Requirement
• Inter-department communication should not be there

Solution :
• Allocate different Networks to each Department
i.e.,
Marketing 192.168.1.1 to 192.168.1.50
Sales 192.168.2.1 to 192.168.2.50
Finance 192.168.3.1 to 192.168.3.50
IT 192.168.4.1 to 192.168.4.50
22-10-2016
WWW.KEYGROUPS.IN
Main Aim of Subnetting
• Problem with the previous scenario is

− Wastage of IP addresses, if it is Public IP addresses (Approx. 800 )
− To reduce the wastage of IP addresses, we have Subnetting
22-10-2016
WWW.KEYGROUPS.IN
Power table
POWER TABLE
21 = 2 29 = 512 217 = 131072 225 = 33554432
22 = 4 210 = 1024 218 = 262144 226 = 67108864
23 = 8 211 = 2048 219 = 524288 227 = 134217728
24 = 16 212 = 4096 220 = 1048576 228 = 268435456
25 = 32 213 = 8192 221 = 2097152 229 = 536870912
26 = 64 214 = 16384 222 = 4194304 230 = 1073741824
27 = 128 215 = 32768 223 = 8388608 231 = 2147483648
28 = 256 216 = 65536 224 = 16777216 232 = 4294967296
22-10-2016
WWW.KEYGROUPS.IN
Some Important Values
VALUES IN SUBNET MASK

Bit Value Mask
1 128 10000000
2 192 11000000
3 224 11100000
4 240 11110000
5 248 11111000
6 252 11111100
7 254 11111110
8 255 11111111
22-10-2016
WWW.KEYGROUPS.IN
Requirement of Subnets – 4 no's ?
• Class C : 192.168.1.0
• Octet Format is N.N.N.H
• Subnets required : 4 no's
= 2n ≥ Req. of Subnet
= 2n ≥ 4
= 22 ≥ 4
= 4 subnets
• No. of Hosts / Subnet
= 64 - 2
= 62 Hosts / Subnet
22-10-2016
WWW.KEYGROUPS.IN
Continued…
• Customized subnet mask

255. 255. 255. 0 = 255. 255. 255. 192
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 11000000
• Subnet Range
Network ID Broadcast ID
192.168.1.0 - 192.168.1.63
192.168.1.64 - 192.168.1.127
192.168.1.128 - 192.168.1.191
192.168.1.192 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Requirement of Subnets – 30 no's ?
• Class C : 192.168.1.0
• Octet Format is N.N.N.H
• Subnets required : 30 no's
= 2n ≥ Req. of Subnet
= 2n ≥ 30
= 25 ≥ 30
= 32 subnets
= 8-2
= 6 Hosts / Subnet
22-10-2016
WWW.KEYGROUPS.IN
Continued…

255. 255. 255. 0 = 255. 255. 255. 248
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 11111000
• Subnet Range
192.168.1.0 - 192.168.1.7
192.168.1.8 - 192.168.1.15
192.168.1.16 - 192.168.1.23
192.168.1.248 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Requirement of Host – 12 no's ?
• Class C : 192.168.1.0
• Octet Format is N . N . N . H
• Host required : 12 no’s
= 2n - 2 ≥ Req. of Host (-2 is for Network ID & Broadcast ID)
= 24 - 2 ≥ 12
= 16 - 2
= 14 Hosts
• No. of Subnets
= 2no of network bits
= 24
= 16 subnets
22-10-2016
WWW.KEYGROUPS.IN
Continued…

255. 255. 255. 0 = 255. 255. 255. 240
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 11110000
• Subnet Range
192.168.1.0 - 192.168.1.15
192.168.1.16 - 192.168.1.31
192.168.1.32 - 192.168.1.47
192.168.1.240 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Requirement of Host – 2 no's ?
• Class C : 192.168.1.0
• Octet Format is N . N . N . H
• Host required : 2 no’s
= 2n - 2 ≥ Req. of Host (-2 is for Network ID & Broadcast ID)
= 22 - 2 ≥ 2
= 4-2
= 2 Hosts
• No. of Subnets
= 26
= 64 subnets
22-10-2016
WWW.KEYGROUPS.IN
Continued…

255. 255. 255. 0 = 255. 255. 255. 252
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 11111100
• Subnet Range
192.168.1.0 - 192.168.1.3
192.168.1.4 - 192.168.1.7
192.168.1.8 - 192.168.1.11
192.168.1.252 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Cisco Slash Notation – example-1
• Class C : 192.168.1.65/25
• No. of Subnets
= 21
= 2 subnets
= 128 - 2
= 126 Hosts / Subnet
22-10-2016
WWW.KEYGROUPS.IN
Continued…

255. 255. 255. 0 = 255. 255. 255. 128
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 10000000
• Subnet Range
192.168.1.0 - 192.168.1.127
192.168.1.128 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Cisco Slash Notation – example-2
• Class C : 192.168.1.65/27
• No. of Subnets
= 23
= 8 subnets
= 32 - 2
= 30 Hosts / Subnet
22-10-2016
WWW.KEYGROUPS.IN
Continued…

255. 255. 255. 0 = 255. 255. 255. 224
11111111. 11111111. 11111111. 00000000 = 11111111. 11111111. 11111111. 11100000
• Subnet Range
192.168.1.0 - 192.168.1.31
192.168.1.32 - 192.168.1.63
192.168.1.64 - 192.168.1.95
192.168.1.224 - 192.168.1.255
22-10-2016
WWW.KEYGROUPS.IN
Open System Interconnect
(OSI)
CCIE
C C 22-10-2016
N P
C C N A
Open System Interconnect (OSI)
• OSI was developed by the International Organization for Standardization (ISO)

and introduced in 1984.
• It is a layered architecture (consists of seven layers).
• Each layer defines a set of functions which takes part in data communication.
22-10-2016
WWW.KEYGROUPS.IN
OSI Model Layers
Layer - 7 Application
User support Layers
Layer - 6 Presentation or
Software Layers
Layer - 5 Session
Layer - 4 Transport Core layer of the OSI
Layer - 3 Network
Network support Layers
Layer - 2 Data Link or
Physical Hardware Layers
Layer - 1
22-10-2016
WWW.KEYGROUPS.IN
Application Layer
Application It is responsible for providing an interface for the

users to interact with application services or
Presentation Networking Services .
Ex: Web browser(HTTP), Telnet etc.
Session
Transport
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Examples of Networking Services
Service Port No.

HTTP 80
FTP 21
SMTP 25
TELNET 23
TFTP 69
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Application Layer
Application Data
80 21 25 53 67 69
Presentation
Session
Transport
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Presentation Layer
Application
It is responsible for defining a standard format to
the data.
Presentation It deals with data presentation.
The major functions described at this layer are..
Session • Encoding – Decoding
Ex : ASCII, EBCDIC (Text)
Transport JPEG,GIF,TIFF (Graphics)
MIDI,WAV (Voice)
Network
MPEG,DAT,AVI (Video)
Data Link • Encryption – Decryption
• Compression – Decompression
Physical
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Presentation Layer
Application Data
Presentation Data
Session
Transport
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Session Layer
Application It is responsible for establishing, maintaining and

terminating the sessions.
Presentation Session ID is used to identify a session or
interaction.
Session Ex :
Transport • RPC Remote Procedural Call
• SQL Structured Query Language
Network • ASP AppleTalk Session protocol
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Session Layer
Application Data
Presentation Data
Session Data
Transport
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Transport Layer
Application It provides data delivery mechanism between the

applications in the network.
Presentation The major functions described at the Transport
Layer are.
Session
• Identifying Service
Transport • Multiplexing & De-multiplexing
Network
• Segmentation
• Sequencing & Reassembling
Data Link • Error Correction
• Flow Control
Physical
22-10-2016
WWW.KEYGROUPS.IN
Identifying a Service
• Identification of Services is done using port Numbers.

• Port is a logical communication Channel
Total No. Ports : 0 – 65535
Reserved Ports : 1 - 49151
Open Ports : 49152 – 65535
Command to check the ports used by the PC (Windows / Linux)
netstat
22-10-2016
WWW.KEYGROUPS.IN
Multiplexing & De-multiplexing
Application
Presentation
Session
80 21 25 53 67 69
Transport
TCP - 6 UDP - 17
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Transport Layer Protocols
• The protocols which takes care of Data Transportation at Transport layer are
TCP and UDP
TCP UDP
• Transmission Control Protocol • User Datagram Protocol

• Connection Oriented • Connection Less
• Supports Acknowledgements • No support for Acknowledgements
• Reliable communication • Unreliable communication
• Slower data Transportation • Faster data Transportation
• Protocol No is 6 • Protocol No is 17
• Ex: HTTP, FTP, SMTP • Ex: DNS, DHCP, TFTP
22-10-2016
WWW.KEYGROUPS.IN
Segmentation
HELLO!
HOW HELLO! HOW ARE YOU ?
ARE YOU?
Data
22-10-2016
WWW.KEYGROUPS.IN
Sequencing
HOW ? ARE HELLO! YOU
22-10-2016
WWW.KEYGROUPS.IN
Sequencing
HELLO! HOW ARE YOU ?

1/5 2/5 3/5 4/5 5/5
Data
22-10-2016
WWW.KEYGROUPS.IN
Reassembling
HOW ? ARE HELLO! YOU

2/5 5/5 3/5 1/5 4/5
22-10-2016
WWW.KEYGROUPS.IN
Flow Control and Error Correction
Source Destination
Window size = 3
Send 1 Due to congestion of the
Send 2 receiver, Segment 3 is lost
Send 3
ACK 3
Window size = 2
Send 3
Send 4
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Transport Layer
Application Data
Presentation Data
Session Data
Transport TH Segment
Data
Network
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Network Layer
It provides Logical addressing & Path

Application
determination (Routing)
Presentation The protocols that work in this layer are:
Routed Protocols :
Session IP, IPX, AppleTalk.. Etc
Routed protocols used to carry user data
Transport between hosts.
Routing Protocols :
Network RIP, OSPF.. Etc
Data Link Routing protocols performs Path determination
(Routing).
Physical
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Network Layer
Application Data
Presentation Data
Session Data
Device that works at Transport TH Segment
Data
Network Layer is Router
Network NH Packet
Segment
Data Link
Physical
22-10-2016
WWW.KEYGROUPS.IN
Datalink Layer
It has 2 sub layers

Application
• MAC (Media Access Control)
Presentation
It provides reliable transit of data across a physical link.
Session
It also provides ERROR DETECTION using CRC (Cyclic
Transport Redundancy Check)
Network Ex: Ethernet, Token ring…etc

• LLC (Logical Link Control)
Data Link
It provides communication with Network layer.
Physical
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Data link Layer
Application Data
Presentation Data
Session Data
Data
Devices that work at
Data link layer is Switch Network NH Packet
Segment
Data Link DT Frame

Packet DH
Physical
22-10-2016
WWW.KEYGROUPS.IN
Physical Layer
• It defines the electrical, Mechanical & functional

Application
specifications for communication between the Network
Presentation devices.
• The functions described at this layer are
Session
− Encoding/decoding:
Transport It is the process of converting the binary data into signals
based on the type of the media.
Network
− Copper media : Electrical signals of different voltages
Data Link − Fiber media: Light pulses of different wavelengths
− Wireless media: Radio frequency waves
Physical
22-10-2016
WWW.KEYGROUPS.IN
Data flow from Physical Layer
Application Data
Presentation Data
Session Data
Data
Network NH Packet
Segment
Devices that work at
physical layer are Hub , Repeater Data Link Frame
DT Packet DH
etc.
Physical Bits
22-10-2016
WWW.KEYGROUPS.IN
Encapsulation & Decapsulation
A B
Application Data Data Application
Presentation Data Data Presentation
Session Data Data Session
Data TH Segment
Data Transport
Network NH Packet
Segment NH Packet
Segment Network
Data Link DT Frame

Packet DH DT Frame
Packet DH Data Link
Physical Bits Bits Physical
22-10-2016
WWW.KEYGROUPS.IN
Comparison between OSI & TCP/IP Model
Application
Presentation Application
Session
Transport Host to Host
Network Internet
Data Link
Network Access
Physical
22-10-2016
WWW.KEYGROUPS.IN
Introduction to Routers
CCIE
C C 22-10-2016
N P
C C N A
Router
• Router is an internetworking device.

• It enables communication between two or more different logical networks.
• It is a Network Layer (layer 3) device.
• It comes from the word “ROUTE”. Hence it is also a device that finds the best
route (path) for networks.
• The IP of Router is the default gateway for all devices in LAN.
22-10-2016
WWW.KEYGROUPS.IN
Type of Routers
There are two type of Routers

• Hardware Routers:
− Cisco, Juniper, Multicom, HP, Dlink, Maipu and many more…
• Software Routers:
− Microsoft Server, Linux Server
22-10-2016
WWW.KEYGROUPS.IN
Functions of a Router
• Inter-network Communication
• Best Path Selection S0/0/1
R2
S0/0/0
• Packet Switching
• Packet forwarding S0/0
S0/1
DATA R3
R1 S0/0
S0/1
F0/0
E0/0
Source IP & Port Source IP & Port

DATA DATA
61.0.0.10 - DATA
3000 191.0.0.10 - 80
http http
Destination IP & Port Destination IP & Port
request reply
191.0.0.10 - 80 61.0.0.10 - 3000
Internet User www.yahoo.com

61.0.0.10 191.0.0.10
22-10-2016
WWW.KEYGROUPS.IN
Types of Hardware Routers
• Fixed router
− Fixed routers are non upgradable, can not add or remove the Ethernet or
serial ports.
− Does not have any slot.
− In fixed routers the ports are integrated on the mother board.(Fixed on
mother board).
• Modular router
− Modular Routers are upgradable, can add or remove the interfaces as per
our requirement.
− Number of slots available depends on the series of the router.
− Can add LAN and WAN cards.
22-10-2016
WWW.KEYGROUPS.IN
Fixed router and Modular router
22-10-2016
WWW.KEYGROUPS.IN
Cisco Router Category
• Branch Routers
• Network Edge and Aggregation Routers
• Service Provider Routers
22-10-2016
WWW.KEYGROUPS.IN
Branch Routers
• Routers used by small organization and branch offices

• Router Series - Models
− 800 series - 810, 860, 880
− 1900 series - 1905, 1921, 1941
− 2600 series - 2610, 2611, 2620
− 2800 series - 2811, 2851
− 2900 series - 2901,2911,2921
22-10-2016
WWW.KEYGROUPS.IN
Network Edge and Aggregation Routers
• Routers that are used at large organization / campus and Head Offices
• Router Series - Models
− 1000 series - 1001, 1002, 1004
− 5000 series - 5001, 5002
− 5500 series - 5508
22-10-2016
WWW.KEYGROUPS.IN
Service Provider Routers
• Routers that are used by the service providers.

• Router Series
− 6000 series
− 9000 series
22-10-2016
WWW.KEYGROUPS.IN
External Components of a Router
CCIE
C C 22-10-2016
N P
C C N A
2800 Series
22-10-2016
WWW.KEYGROUPS.IN
Interfaces on Router
22-10-2016
WWW.KEYGROUPS.IN
LAN Interfaces - RJ-45 ports
• Routers have RJ-45 ports to connect the Router to the LAN.

• The speed of the RJ-45 ports can be
− 10 Mbps Ethernet
− 10/100 Mbps Fast Ethernet
− 10/100/1000 Mbps Gigabit Ethernet
22-10-2016
WWW.KEYGROUPS.IN
LAN Connectivity
An IP address has to be assigned to this interface. It should be in the same network as that of the
LAN. This IP address is the default gateway address for all LAN systems.
Router
Fa 0/0
Straight Cable 192.168.1.1/24
Switch
Straight Cable
LAN - 192.168.1.0/24
22-10-2016
WWW.KEYGROUPS.IN
LAN Connectivity
Router
Fa 0/0
192.168.1.1/24
Cross Cable
To connect the router’s Ethernet interface
directly to a PC LAN card a cross cable is used.
LAN - 192.168.1.0/24
22-10-2016
WWW.KEYGROUPS.IN
Serial Port
• Serial port is used for WAN Connectivity.

• Serial port are available as
− 60 pin female connectors.
− Smart Serial 26 pin female connectors.
22-10-2016
WWW.KEYGROUPS.IN
HWIC
• High-speed WAN interface cards (HWICs) provide connectivity to a Wide Area

Network
22-10-2016
WWW.KEYGROUPS.IN
Console Port
• It is a local administrative port.

• It is a RJ-45 Port.
• It is used for initial configuration and advance troubleshooting.
• Note : It is the most important and sensitive port on the Router.
DB-9 Convertor Console cable
22-10-2016
WWW.KEYGROUPS.IN
Console Connectivity
RJ-45
Connector
Console Port
Rollover RJ-45 to DB-9 Computer

Cable Converter
22-10-2016
WWW.KEYGROUPS.IN
Auxiliary Port
• It is a remote administrative port.

• Used for remote administration / configuration.
• Its an RJ-45 port.
• A console / rollover cable is used to connect the auxiliary port to a dial-up
modem.
22-10-2016
WWW.KEYGROUPS.IN
Auxiliary Connectivity
22-10-2016
WWW.KEYGROUPS.IN
Interfaces of a Router
• LAN Interface
− RJ 45 Ethernet / FastEthernet / GigabitEthernet
• WAN Interface
− Normal Serial Interface
− Smart Serial Interface
• Administrative Interface
− Console
− Auxiliary
22-10-2016
WWW.KEYGROUPS.IN
Understanding IPv4 Communication
Between Different Networks
CCIE
C C 22-10-2016
N P
C C N A
IPv4 Different Network Communication
Fa 0/0 Fa 0/1
192.168.1.1 192.168.2.1
Router
Switch Switch
PC-1 192.168.1.10/24 PC-4 192.168.2.10/24

PC-2 192.168.1.20/24 PC-5 192.168.2.20/24
PC-3 192.168.1.30/24 PC-6 192.168.2.30/24
22-10-2016
WWW.KEYGROUPS.IN
Assigning Default Gateway IP Address on Windows Computer

Properties button.
• Enter Default Gateway and click OK.
22-10-2016
WWW.KEYGROUPS.IN
C:\> ipconfig
IPv4 Address. . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . : 192.168.1.1
C:\>
22-10-2016
WWW.KEYGROUPS.IN
Assigning Default Gateway IP Address on Linux Computer
bt ~ # route add default gw 192.168.1.1
22-10-2016
WWW.KEYGROUPS.IN
bt ~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.201.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
bt ~ #
22-10-2016
WWW.KEYGROUPS.IN
Understanding IPv6 Communication
Between Different Networks
CCIE
C C 22-10-2016
N P
C C N A
IPv6 Different Network Communication
Fa 0/0 Fa 0/1
2001:1111::1 2001:2222::1
Router
Switch Switch
PC-1 2001:1111::10/64 PC-4 2001:2222::10/64

PC-2 2001:1111::20/64 PC-5 2001:2222::20/64
PC-3 2001:1111::30/64 PC-6 2001:2222::30/64
22-10-2016
WWW.KEYGROUPS.IN
Assigning Default Gateway IP Address on Windows Computer

Properties button.
• Enter Default Gateway and click OK.
22-10-2016
WWW.KEYGROUPS.IN
C:\> ipconfig
IPv6 Address. . . . . . . . . . . . . . . . . : 2001:1111::10
Link-local IPv6 Address . . . . . . . . : fe80::449d:6a9a:2c80:80dc%64
Default Gateway . . . . . . . . . . . . . : 2001:1111::1
C:\>
22-10-2016
WWW.KEYGROUPS.IN
bt ~ # route -6 add default gw 2001:1111::1
22-10-2016
WWW.KEYGROUPS.IN
bt ~ # route -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 0 lo
2001:1111::/64 :: U 256 0 2 eth0
fe80::468a:5bff:fed4:3899/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0
::/0 2001:1111::1 UG 1 0 0 eth0
bt ~ #
22-10-2016
WWW.KEYGROUPS.IN
Internal Components of a Router
CCIE
C C 22-10-2016
N P
C C N A
Internal Components of Router
• ROM (Read only Memory)

− It contains a bootstrap program which searches and loads the operating
system.
− It is similar to the BIOS of a PC.
− It also contains a ROMMON for advance troubleshooting.
• Flash memory
− The Internetwork Operating System (IOS) is stored here.
− IOS is a Cisco proprietary operating system.
22-10-2016
WWW.KEYGROUPS.IN
• NVRAM (Non Volatile Random Access Memory)

− NVRAM is similar to a hard disk.
− It is also known as permanent storage.
− The startup configuration is stored here.
• RAM (Random Access Memory)

− It is also called as the main memory.
− It is a temporary storage.
− The running configuration is stored here.
22-10-2016
WWW.KEYGROUPS.IN
22-10-2016
WWW.KEYGROUPS.IN
BOOT Sequence
Power On Self Test – checks the hardware POST
ROM loads Bootstrap program and searches for the IOS ROM
IOS from Flash is loaded FLASH
The startup configuration is loaded from the NVRAM NVRAM
Boot process is completed as everything is loaded into the

RAM
RAM
Configuration Register - 0x2102

22-10-2016
WWW.KEYGROUPS.IN
Initial Configuration of Router
CCIE
C C 22-10-2016
N P
C C N A
RJ-45
Connector
Console Port

Cable Converter
22-10-2016
WWW.KEYGROUPS.IN
Access Router through Console
• Cisco Routers and Switches do not have any default IP address or Configuration,
hence its required to use the Console port for Initial Configuration.
• Require physical connection between the Cisco Router/Switch and PC via
console cable.
22-10-2016
WWW.KEYGROUPS.IN
Emulation Software
• WINDOWS
Hyper-terminal / Putty / Teraterm
• LINUX
Minicom -s/Putty
22-10-2016
WWW.KEYGROUPS.IN
Initial Configuration
Console
HYD-1
Fa 0/0
192.168.1.1/24
Switch
Computer IP Address
192.168.1.10/24
22-10-2016
WWW.KEYGROUPS.IN
Access Router through Console
• Accessing router via console from Microsoft Windows Computer

• Start a terminal emulator application, such as PUTTY.exe
• Select Serial option and set speed to 9600
• Click Open
22-10-2016
WWW.KEYGROUPS.IN
Modes of the Router
• Setup Mode
• User Mode
• Privileged Mode
• Global Configuration Mode
Interface Mode
Line Mode
Router Mode
22-10-2016
WWW.KEYGROUPS.IN
Setup Mode
• The router enters in to the setup mode if the NVRAM is empty.
Router
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
22-10-2016
WWW.KEYGROUPS.IN
User Mode
• Only some basic monitoring and limited show commands works in this mode.
− Example of commands : enable, ping, traceroute, etc.
Router
Router >
22-10-2016
WWW.KEYGROUPS.IN
Privilege Mode
• Monitoring, Troubleshooting and Verification commands works in this mode.

− Example of commands : show, configure terminal, write, etc.
Router
Router #
22-10-2016
WWW.KEYGROUPS.IN
Global Configuration Mode
• Configuration changes made in this mode affects the operation of the device as
a whole.
− Example of commands : hostname, etc.
Router
Router (config) #
22-10-2016
WWW.KEYGROUPS.IN
Interface Mode
• Commands given in this mode will apply to a specific network interface.

i.e. FastEthernet 0/0 or Serial 0/0/0
− Example of commands : ip address, no shutdown etc.
Router
Router (config-if) #
22-10-2016
WWW.KEYGROUPS.IN
Line mode
• Commands given in this mode will apply to a specific physical or virtual lines.
i.e. Console, Auxiliary or VTY.
− Example of commands : password, no shutdown etc.
Router
Router (config-line) #
22-10-2016
WWW.KEYGROUPS.IN
Accessing Router
Console
HYD-1
Fa 0/0
192.168.1.1/24
Switch
Computer IP Address
192.168.1.10/24
22-10-2016
WWW.KEYGROUPS.IN
WAN Technologies
CCIE
C C 22-10-2016
N P
C C N A
Types of Network Access
• Enterprise Access
• Internet Access
22-10-2016
WWW.KEYGROUPS.IN
Types of WAN Technologies
WAN
Enterprise Internet
Dedicated Switched VPN Dedicated Switched Broadband
GRE DSL / Cable

Leased Lines Circuit Packet Leased Lines Circuit
IPSEC Wireless
PSTN Framerelay PSTN

ISDN MPLS ISDN
22-10-2016
WWW.KEYGROUPS.IN
Dedicated
Chennai S0/0 S0/0

Bangalore
Office CHE BAN Office
Fa0/0 Fa0/0
Switch Switch
Data Data
S0/0/1 HYD S0/0/0

LAN – 192.168.1.0/24 LAN – 192.168.3.0/24
Fa0/0
Switch
HYDERABAD
Office
LAN – 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Circuit Switched
Chennai Bangalore
Fa0/0 Fa0/0
Switch Switch
Data Data
HYD
LAN – 192.168.1.0/24 LAN – 192.168.3.0/24
Fa0/0
Switch
HYDERABAD
Office
LAN – 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Packet Switched
Chennai Bangalore
Fa0/0
Service Fa0/0
Provider
Switch Switch
Data
Data Data
HYD
LAN – 192.168.1.0/24 LAN – 192.168.3.0/24
Fa0/0
Switch
HYDERABAD
Office
LAN – 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
VPN
Chennai Bangalore
Fa0/0
Internet Fa0/0
Switch Switch
Data Data
HYD
LAN – 192.168.1.0/24 LAN – 192.168.3.0/24
Fa0/0
Switch
HYDERABAD
Office
LAN – 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Internet Connectivity
Cable
Modem
VSAT
Telephone line
Fiber cable
ISDN ISDN Internet
Modem Optical
Convertor
Telephone line
Leased line
DSL Wireless
Modem router
CSU/DSU
22-10-2016
WWW.KEYGROUPS.IN
WAN Topologies
Hub & Spoke
• STAR or Hub and Spoke Topology
− Easy to deploy, Less number of connections
− No backup/redundancy
• Full Mesh Topology Full Mesh

− All branches interconnected, full redundancy
− More connections, complex configuration
• Partial Mesh Topology Partial Mesh

− Mix of Star & Full mesh topologies
22-10-2016
WWW.KEYGROUPS.IN
WAN Connectivity
CCIE
C C 22-10-2016
N P
C C N A
Leased Line Connectivity
Chennai Hyderabad
Office Office
Chennai Hyderabad
MUX MUX
Fiber Optic
V.35 Cable TELCO V.35 Cable
CHE HYD
Fa0/0 Pair of Fa0/0
192.168.1.1/24 Copper wire 192.168.2.1/24
Switch CSU / DSU CSU / DSU Switch
LAN – 192.168.1.0/24 LAN – 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Wan Connectivity Representation
S 0/0
S 0/0/1
172.16.0.1
172.16.0.2
CHE HYD
Fa 0/0 Fa 0/0
192.168.1.1 192.168.2.1
Switch Switch
Interface Network ID / Mask Interface Network ID / Mask

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.2.0/24
S 0/0 172.16.0.0/16 S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
Device Classification
DCE DTE
• Data Communication Equipment • Data Termination Equipment

• Generate clocking • Accept clocking
(i.e. Speed) (i.e. Speed)
• Master • Slave
• Example of DCE:- CSU/DSU • Example of DTE:- Router
22-10-2016
WWW.KEYGROUPS.IN
Serial - back to back cable
• When the distance between two Routers is short, a special V.35 Back to Back
Cable is used to replace the copper wire, CSU/DSU and MUX.
• For data communication using back to back Serial cable, one end has to be a
DCE and the other has to be a DTE.
ROUTER 1
DCE DTE
ROUTER 2
22-10-2016
WWW.KEYGROUPS.IN
Encapsulation
• Encapsulation is the process of adding a new Header or Trailer to data.

• The header and trailer contains information which is needed for proper
transportation of the data.
• There are different types of WAN Encapsulation:
− PPP(Point to Point Protocol)
− HDLC(High level Data link Control)
22-10-2016
WWW.KEYGROUPS.IN
Wan Encapsulation
PPP HDLC
• Point to Point Protocol • High level Data link Control

• Open Standard Protocol • Vendor proprietary Protocol
• Supports Authentication • No Support for Authentication
• Supports Compression • No Support for Compression
22-10-2016
WWW.KEYGROUPS.IN
Wan - Serial Interface Configuration on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Switch 172.16.0.2 HYD-1 172.17.0.1 Switch
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/0 172.16.0.0/16 Interface Network ID / Mask S 0/0 172.18.0.0/16
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
Identify Serial Interface (DCE or DTE)
Router# show controllers serial < no. >
22-10-2016
WWW.KEYGROUPS.IN
Router (config) # interface Serial <no.>

Router (config-if) # ip address < ip address > < subnet mask >
Router (config-if) # no shutdown
Router (config-if) # clock rate < bandwidth >
Router (config-if) # encapsulation < HDLC/PPP >
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
CHE (config)# interface serial 0/0 BAN (config)# interface serial 0/0
CHE (config-if)# ip address 172.16.0.1 255.255.0.0 BAN (config-if)# ip address 172.18.0.1 255.255.0.0
CHE (config-if)# no shutdown BAN (config-if)# no shutdown
CHE (config-if)# clock rate 64000 BAN (config-if)# clock rate 64000
CHE (config-if)# encapsulation hdlc BAN (config-if)# encapsulation hdlc
CHE (config-if)# exit BAN (config-if)# exit
CHE (config)# interface serial 0/1 BAN (config)# interface serial 0/1
CHE (config-if)# ip address 172.18.0.2 255.255.0.0 BAN (config-if)# ip address 172.17.0.2 255.255.0.0
CHE (config-if)# no shutdown BAN (config-if)# no shutdown
CHE (config-if)# encapsulation hdlc BAN (config-if)# encapsulation hdlc
CHE (config-if)# exit CHE
BAN (config-if)# exit
HYD-1
HYD-1 (config)# interface serial 0/0/0
HYD-1 (config-if)# ip address 172.17.0.1 255.255.0.0
HYD-1 (config-if)# no shutdown
HYD-1 (config-if)# clock rate 64000
HYD-1 (config-if)# encapsulation hdlc
HYD-1 (config-if)# exit
HYD-1 (config)# interface serial 0/0/1
HYD-1 (config-if)# ip address 172.16.0.2 255.255.0.0
Network Diagram
HYD-1 (config-if)# no shutdown
22-10-2016
HYD-1 (config-if)# encapsulation hdlc
HYD-1 (config-if)# exitWWW.KEYGROUPS.IN
Wan - Serial Interface - Verification
Router # show interface serial <no. >
22-10-2016
WWW.KEYGROUPS.IN
Troubleshooting Serial Interface
• Serial 0/0 is up , line protocol is up

− Layer 1 and Layer 2 Connectivity and configuration is fine
• Serial 0/0 is administratively down, line protocol is down
− ‘No Shutdown’ has to be given on the local Router’s Serial interface
• Serial 0/0 is down, line protocol is down
− Problem with the v.35 cable, CSU/DSU or ‘no shutdown’ has not been given
on the remote Router
• Serial 0/0 is up, line protocol is down
− Encapsulation mismatch or clock rate has not been given on the DCE
interface or Lease Line problem
22-10-2016
WWW.KEYGROUPS.IN
Wan - Ethernet Interface Configuration on IPv6 Network
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
Router (config) # interface <ethernet> <no.>

Router (config-if) # ipv6 address < ip > < prefix length >
22-10-2016
WWW.KEYGROUPS.IN
HYD-1 HYD-2
HYD-1 (config)# interface fastethernet 0/1 HYD-2 (config)# interface fastethernet 0/1
HYD-1 (config-if)# ipv6 address 2001:5555::1/64 HYD-2 (config-if)# ipv6 address 2001:5555::2/64
HYD-1 (config-if)# no shutdown HYD-2 (config-if)# no shutdown
HYD-1 (config-if)# exit HYD-2 (config-if)# exit
HYD-1 (config)# HYD-2 (config)#
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Wan - Ethernet Interface - Verification
Router # show interface <ethernet> <no. >
22-10-2016
WWW.KEYGROUPS.IN
Troubleshooting Ethernet Interface
• Fastethernet 0/0 is up , line protocol is up

− Layer 1 and Layer 2 Connectivity and configuration is fine
• Fastethernet 0/0 is administratively down, line protocol is down
− ‘No Shutdown’ has to be given on the local etherent interface
• Fastethernet 0/0 is up, line protocol is down
− Speed & Duplex Mismatch or ‘No Shutdown’ has not been given on the
remote device ethernet interface.
• Fastethernet 0/0 is down, line protocol is down
− Layer 1 problem - No device attached or faulty cable.
22-10-2016
WWW.KEYGROUPS.IN
IP Routing
CCIE
C C 22-10-2016
N P
C C N A
IP Routing
• Routing is the process of moving IP packets from one network to another

network.
• Routing involves two basic activities:
− Determining the best paths.
− Forwarding packets through these best paths.
22-10-2016
WWW.KEYGROUPS.IN
IP Routing
S0/0/1 S0/0/0
HYD
S0/1
S0/0
CHE
DATA S0/0 BAN
S0/1
Fa 0/0
Fa 0/0
Source IP & Port Source IP & Port

DATA DATA
61.0.0.10 - DATA
3000 191.0.0.10 - 80
http http
Destination IP & Port Destination IP & Port
request reply
191.0.0.10 - 80 61.0.0.10 - 3000
Internet User www.yahoo.com

61.0.0.10 191.0.0.10
22-10-2016
WWW.KEYGROUPS.IN
IP Routing - Network Diagram
Branch Office Head Office

S 0/0
S 0/0/1
172.16.0.1
172.16.0.2
CHE HYD
Fa 0/0 Fa 0/0
192.168.1.1 192.168.2.1
Switch Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.2.0/24
S 0/0 172.16.0.0/16 S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
Conditions for IP Routing
• The HO Router FastEthernet IP address should be in the same network as the

HO LAN and similarly the BO Router FastEthernet IP address should belong to
the same network as the BO LAN.
• The Serial interface IP between the HO and the BO should be in the same IP
network.
• HO LAN and BO LAN should be in different IP network.
• All interfaces of a Router should be in different IP network.
22-10-2016
WWW.KEYGROUPS.IN
Types of Routing
• Static Routing
• Dynamic Routing
• Default Routing
22-10-2016
WWW.KEYGROUPS.IN
Static Routing
CCIE
C C 22-10-2016
N P
C C N A
Static Routing
• Static routes are configured, maintained and updated by network administrator

manually.
• Administrator should know the destination IP network for configuration.
• Administrative distance for Static Route is 1.
Administrative Distance (AD) is the “reliability” of the

routing protocol. AD range is 0-255, lesser the
administrative distance, higher the priority
22-10-2016
WWW.KEYGROUPS.IN
Enabling Routing on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
Enabling Routing on IPv4 Network - Configuration
Router(config) # ip routing
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
CHE (config) # ip routing BAN (config) # ip routing
CHE
HYD-1
HYD-1 (config) # ip routing
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Enabling Routing on IPv4 Network - Verification
Verify the routing table

Router # show ip route
22-10-2016
WWW.KEYGROUPS.IN
Static Routing on IPv4 Network - Configuration
Router(config) # ip route < Destination Network ID >

< Destination Subnet Mask > < Next Hop IP address >
(OR)
Router(config) # ip route < Destination Network ID >

< Destination Subnet Mask > Serial <exit Serialinterfaceno>
22-10-2016
WWW.KEYGROUPS.IN
Static Routing on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
CHE (config) # ip route 192.168.2.0 255.255.255.0 172.16.0.2 BAN (config) # ip route 192.168.2.0 255.255.255.0 172.17.0.1
CHE (config) # ip route 192.168.3.0 255.255.255.0 172.18.0.1 BAN (config) # ip route 192.168.1.0 255.255.255.0 172.18.0.2
CHE
HYD-1
HYD-1 (config) # ip route 192.168.1.0 255.255.255.0 172.16.0.1

HYD-1 (config) # ip route 192.168.3.0 255.255.255.0 172.17.0.2
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Static Routing on IPv4 Network - Verification

22-10-2016
WWW.KEYGROUPS.IN
Static Routing for IPv6 Network
CCIE
C C 22-10-2016
N P
C C N A
Enabling Routing on IPv6 Network
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
Router(config) # ipv6 unicast-routing
22-10-2016
WWW.KEYGROUPS.IN
HYD-1 HYD-2
HYD-1 (config) # ipv6 unicast-routing HYD-2 (config) # ipv6 unicast-routing
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Enabling Routing on IPv6 Network - Verification
Router # show ipv6 route
22-10-2016
WWW.KEYGROUPS.IN
Router(config) # ipv6 route < ipv6 Destination prefix/prefix-length>

< Next Hop IP address >
Router(config) # ipv6 route < ipv6 Destination prefix/prefix-length>

< Next Hop IP address >
22-10-2016
WWW.KEYGROUPS.IN
Static Routing on IPv6 Network
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
HYD-1 HYD-2
HYD-1 (config) # ipv6 route 2001:2222::/64 2001:5555::2 HYD-2 (config) # ipv6 route 2001:1111::/64 2001:5555::1
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Static Routing on IPv6 Network - Verification

Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Advantages and Disadvantages of Static routing
Advantages Disadvantages
Secured No Automatic Updates

Need of Destination network ID for the
Reliable
configuration
Faster Administrative work is more
No wastage of bandwidth Used in Small networks
22-10-2016
WWW.KEYGROUPS.IN
Dynamic Routing
CCIE
C C 22-10-2016
N P
C C N A
Overview of Dynamic Routing Protocol
• Purpose of Dynamic Routing Protocol includes the following functions:

− Discover the neighbor, finding the best paths
− Maintaining the up to date routing information
− Choosing the best path in available paths.
− Whenever the best path is going down finding the new path and forwarding
the data through that path.
22-10-2016
WWW.KEYGROUPS.IN
Advantages of Dynamic Routing
• Automatic updates.
• Changes in the network topology are updated dynamically
• Only the directly connected network information is required for the
configuration
• Less Administrative work
• Selecting the best path to destination networks
• Finding the second best path if best path is no longer available.
• More scalable
• Used for medium and large Networks
22-10-2016
WWW.KEYGROUPS.IN
Types of Dynamic Routing Protocols
Dynamic Routing
IGP EGP
Distance vector Link state Advance DVP Path Vector
RIP OSPF
EIGRP BGP
IGRP IS-IS
22-10-2016
WWW.KEYGROUPS.IN
Classfull v/s Classless Routing Protocol
Classfull Routing Protocol Classless Routing Protocol
• Do not send the subnet mask in • Carries the subnet mask in the
the update update
• Doesn’t support subnetting • Supports subnetting
• Ex: RIP v1, IGRP • Ex: RIP v2, EIGRP, OSPF
22-10-2016
WWW.KEYGROUPS.IN
Routing Information Protocol
(RIP)
CCIE
C C 22-10-2016
N P
C C N A
RIP Characteristics
• Distance Vector Protocol

• Open standard
• Uses Bellman Ford Algorithm
• Classless routing protocol
• Metric = Hop Count
• Maximum hop count is 15.
• Updates are sent through the multicast address 224.0.0.9
• RIP sends periodic updates for every 30 seconds.
• RIP supports equal cost load balancing by default 4 paths (maximum upto 16
paths)
22-10-2016
WWW.KEYGROUPS.IN
RIP Characteristics
• Complete routing table is sent as update

• Each update can contain maximum of 25 routes
• Administrative distance is 120
• Uses the UDP port no 520
• Also known as “Routing by Rumor”
22-10-2016
WWW.KEYGROUPS.IN
Loopback Interface
• A loopback interface is a virtual interface that resides on a router.

• Loopback interfaces are very useful because they will never go down, unless
the entire router goes down.
• By default, router doesn’t have any loopback interfaces (loopback interfaces
are not enabled by default), but they can easily be created.
22-10-2016
WWW.KEYGROUPS.IN
Loopback Interface - Configuration
Router (config) # interface loopback < interface no. >

Router (config-if) # ip address < ip address > < subnet mask >
Router (config-if) # end
22-10-2016
WWW.KEYGROUPS.IN
RIP on IPv4 Network - Configuration
Router(config) # router rip
Router(config-router) # version 2
Router(config-router) # network < Network ID >
22-10-2016
WWW.KEYGROUPS.IN
RIP on IPv4 Network
22-10-2016
WWW.KEYGROUPS.IN
RIP on IPv4 Network - Configuration
CHE BAN
CHE (config) # router rip BAN (config) # router rip
CHE (config-router) # version 2 BAN (config-router) # version 2
CHE (config-router) # network 192.168.1.0 BAN (config-router) # network 192.168.3.0
CHE (config-router) # end BAN (config-router) # end
CHE # BAN #
CHE
HYD-1
HYD-1 (config) # router rip
HYD-1 (config-router) # version 2
HYD-1 (config-router) # network 192.168.2.0
HYD-1 (config-router) # end
HYD-1 # Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
RIP on IPv4 Network - Verification

To verify the protocols

Router # show ip protocols
22-10-2016
WWW.KEYGROUPS.IN
RIP Timers
• Update Timer : 30 sec

− Time between two consecutive updates
• Invalid Timer : 180 sec

− Time a router waits to hear an update from the neighbor
− The route is marked as unreachable if there is no update for this time period
• Flush Timer : 240 sec

− Time after which the invalid route is removed from the routing table
22-10-2016
WWW.KEYGROUPS.IN
RIP Updates
To verify the RIP Timers

Verify RIP Update Packets

Router # terminal monitor
Router # debug ip rip
22-10-2016
WWW.KEYGROUPS.IN
Change RIP Timers
Router (config) # router rip

Router (config-router) # timers basic <update timer> <invalid
timer> <holddown time> <flush timer>
HYD-1
HYD-1 (config-router) # timers basic 15 30 90 90
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Passive interface
• Passive interface is configured to stop the updates to exit out of the interface.
• If passive interface is configured between the routers no updates will be
exchanged.
22-10-2016
WWW.KEYGROUPS.IN
Configure Passive interface

Router(config-router) # passive-interface <interface type> <no.>
HYD-1
HYD-1 (config-router) # passive-interface FastEthernet0/0
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Summarization
• Combining the continuous networks in one full network and advertising to

neighbor router is called as summarization.
• Advantages of Summarization
− Less number of updates
− Reducing the size of routing table
22-10-2016
WWW.KEYGROUPS.IN
Disable auto-summary

Router(config-router) # no auto-summary
Router(config-router)# exit
HYD-1
HYD-1 (config-router) # no auto-summary
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
RIPng
CCIE
C C 22-10-2016
N P
C C N A
RIPng Characteristics
• RFC 2080 - RIP for ipv6

• Uses the multicast group FF02::9
• Multiple instances can be created on one router which is not possible in RIP
IPv4.
22-10-2016
WWW.KEYGROUPS.IN
RIPng on IPv6 Network - Configuration

Router(config) # ipv6 router rip <name>
Router(config) # interface < interface type > < no. >
Router(config-if) # ipv6 rip <name> enable
22-10-2016
WWW.KEYGROUPS.IN
RIPng on IPv6 Network
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
RIPng on IPv6 Network - Configuration
HYD-1 HYD-2
HYD-1 (config) # ipv6 router rip cisco HYD-2 (config) # ipv6 router rip cisco
HYD-1 (config-rtr) # exit HYD-2 (config-rtr) # exit
HYD-1 (config) # interface fastethernet 0/0 HYD-2 (config) # interface fastethernet 0/0
HYD-1 (config-if) # ipv6 rip cisco enable HYD-2 (config-if) # ipv6 rip cisco enable
HYD-1 (config-if) # exit HYD-2 (config-if) # exit
HYD-1 (config-if) # ipv6 rip cisco enable HYD-2 (config-if) # ipv6 rip cisco enable
HYD-1 (config-if) # end HYD-2 (config-if) # end
HYD-1 # HYD-2 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
RIPng on IPv6 Network - Verification

Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Disadvantages of RIP
• More Bandwidth is utilized for sending the updates.

• Does not consider the bandwidth in metric calculations, uses only hop count
• Slow convergence
22-10-2016
WWW.KEYGROUPS.IN
Link State Routing Protocol
• Every router maintains the full picture of the topology

• Link state protocol is more scalable
• Any change in the topology is quickly updated.
• Link state protocol has more advantages compared to distance vector routing
protocol
22-10-2016
WWW.KEYGROUPS.IN
Open Shortest Path First
(OSPF)
CCIE
C C 22-10-2016
N P
C C N A
OSPF Characteristics
• Link State Protocol

• Open standard
• Uses Dijkstra (Shortest Path First – SPF ) Algorithm
• Metric = cost= 108 / Bandwidth in bps (CISCO)
• Updates are sent through Multicast IP address 224.0.0.5
• OSPF protocol supports equal cost load balancing
− Supports Default 4 paths maximum of 16 paths.
• Administrative distance is 110
22-10-2016
WWW.KEYGROUPS.IN
OSPF Characteristics
• Neighbor is discovered and established by hello packets

• Hello packets 10 seconds, Dead interval 40 seconds.
• Unlimited Hop Count.
• OSPF sends updates (LSAs) when there is a change to one of its links.
• OSPF protocol number 89.
22-10-2016
WWW.KEYGROUPS.IN
Router ID
• The router-id is used to identify the router in OSPF

− First preference is given to router-id command
− Second preference is given to highest loopback interfaces configured on
router
− Third preference is given to highest physical ip address
ROUTER ID
192.168.202.1
12.0.0.1
2.2.2.2
S0/1 172.17.0.1/16
172.16.0.2/16 HYD-1 S0/0

F0/0
Router ID Command
192.168.2.1/24
2.2.2.2
22-10-2016
WWW.KEYGROUPS.IN
OSPF Neighbor States
Neighbor State Neighbor State
down down
A to B Links (comes up..)
RID 1.1.1.1 Init Init RID 2.2.2.2
Hello, Seen (null), RID 1.1.1.1
A Hello, Seen (1.1.1.1), RID 2.2.2.2
B
2-way 2-way
DR Election, Hello, DR=z.z.z.z DR Election,
If needed If needed
ExStart (LSA Headers)
(LSA Headers) ExStart

Exchange (Summary - LSA Headers) Exchange
(Full LSAs)
Loading Loading
Full Full
22-10-2016
WWW.KEYGROUPS.IN
OSPF Terminology
• Neighbor
− Routers that share a common link become neighbors.
− Neighbors are discovered by Hello Packets.
− To become neighbors the following should match
• Area ID
• Network ID and Subnet Mask
• Hello and Dead Intervals
• Authentication (optional)
• Adjacencies
− Adjacencies are formed once neighbor relation is established.
− In Adjacencies the database details are exchanged.
22-10-2016
WWW.KEYGROUPS.IN
OSPF Tables
• It maintains three tables :

• Neighbor Table
− Neighbor table contains information about the directly connected OSPF
neighbors forming adjacency.
• Database Table
− Database table contains information about the entire view of the topology
with respect to each router.
• Routing Table
− Routing table contains information about the best path calculated by the
shortest path first algorithm in the database table.
22-10-2016
WWW.KEYGROUPS.IN
OSPF - Neighbor Table
NEIGHBOR TABLE (Router A)

Neighbor Interface
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
S0
Hello S1 Hello
S0
B 15 E
S2 S1 S2
20
10
S0 S1 S1
Hello
10 Hello
A S2 D
S0
22-10-2016
WWW.KEYGROUPS.IN
OSPF - Database Table

Update
Neighbor Interface
Router C
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
DATABASE TABLE (Router A)
C S0
S0 Update
LAN – 10.0.0.0/8 Update
Update S1 Router E
S0 Router B S0
Router B
S1 S0
B
Router C
15 E
Router C
B E S2 S1 S2
S2 S1 S2
20
S0 S1 S1
10
AA S2
S0 D S0 S1 S1
Update
Router D
10 Router E
A S2 D
Router B
S0 Router C
22-10-2016
WWW.KEYGROUPS.IN
OSPF - Database Table

Neighbor Interface
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
DATABASE TABLE (Router A)
C S0
S0
LAN – 10.0.0.0/8 S1
S0
S0
S1 S0
B 15 E
B E S2 S1 S2
S2 S1 S2
20
S0 S1 S1
10
AA S2
S0 D S0 S1 S1
ROUTING TABLE (Router A) 10

O 10.0.0.0/8 [110/30] via B, 01:36, Serial0
A S2 D
S0
22-10-2016
WWW.KEYGROUPS.IN
Wild Card Mask
• A wild card mask can be calculated using the formula :

Global Subnet Mask
– Subnet Mask
----------------------------------
Wild Card Mask
E.g.
255.255.255.255 255.255.255.255
– 255.255.255. 0 – 255.255.255.240
------------------------ ------------------------
0. 0. 0.255 0. 0. 0. 15
22-10-2016
WWW.KEYGROUPS.IN
OSPF Single Area on IPv4 Network - Configuration
Router(config) # router ospf < Process ID >
Router(config-router) # router-id < Router ID >
Router(config-router) # network < Network ID > <Wildcard mask>
area <area ID >
22-10-2016
WWW.KEYGROUPS.IN
OSPF Single Area on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
AREA 0
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
OSPF Single Area on IPv4 Network - Configuration
CHE BAN
CHE (config) # router ospf 1 BAN (config) # router ospf 3
CHE (config-router) # router-id 1.1.1.1 BAN (config-router) # router-id 3.3.3.3
CHE (config-router) # network 192.168.1.0 0.0.0.255 area 0 BAN (config-router) # network 192.168.3.0 0.0.0.255 area 0
CHE # BAN #
CHE
HYD-1
HYD-1 (config) # router ospf 2
HYD-1 (config-router) # router-id 2.2.2.2
HYD-1 (config-router) # network 192.168.2.0 0.255.255.255 area 0
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
OSPF Single Area on IPv4 Network - Verification


To check Neighbor Table

Router # show ip ospf neighbor
To check Database Table

Router # show ip ospf database
22-10-2016
WWW.KEYGROUPS.IN
Link State Advertisement (LSA)
• Link
− Router interface
• State
− Description of interface and neighbor relation and sending to neighbor
routers.
• LSAs are additionally refreshed every 30 minutes.
22-10-2016
WWW.KEYGROUPS.IN
OSPF Packet types
• HELLO
− To Discover the neighbor
− To form neighbor relation
− Keep Alive mechanism
• DBD
− Database description the update are exchanged .
• LSR - Link state Request
− Used for requesting for a newer updated information.
• LSU – Link State Update
− Receiving the updated information from neighbors and link state update
• LSACK - Link State Acknowledgement
− Once receiving the update sends thanks for information called as link state
acknowledgement
22-10-2016
WWW.KEYGROUPS.IN
OSPF Hello Packets
To verify the OSPF Hello & Dead Timers

Verify OSPF Hello Packets

Router # debug ip ospf hello
22-10-2016
WWW.KEYGROUPS.IN
Passive interface
• Passive interface is configured to stop the hello packets from exiting out of the
interface.
• If passive interface is configured between the routers no neighbor relationship
will be formed and no updates will be exchanged.
22-10-2016
WWW.KEYGROUPS.IN
Router(config) # router ospf <pid>

HYD-1
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
OSPF Metric
• OSPF uses the cost as metric.

• Cost = Reference Bandwidth / interface Bandwidth.
• The default reference bandwidth is 100 Mbps
− 100 Mbps cost = 100Mbps/100Mbps = 1
− 1.544Mbps cost = 100Mbps/1.544Mbps = 64
Bandwidth
Interface OSPF Cost
(Kbps)
Serial 1544 64
Ethernet 10000 10
FastEthernet 100000 1
GigabitEthernet 1000000 1
22-10-2016
WWW.KEYGROUPS.IN
OSPF Cost metric for an interface
Router(config) # interface <interface type> <no.>

Router(config-if) # ip ospf cost <cost>
HYD-1
HYD-1 (config) # interface serial 0/0/0
HYD-1 (config-router) # ip ospf cost 100
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Issues with OSPF single area
My SPF Algorithm Is Running

Too many times!!!
I’m Receiving too many LSA!!!
Area 0
I’m Running out of memory

because my routing table is too
big!!
22-10-2016
WWW.KEYGROUPS.IN
Hierarchical Network Design using Areas
• OSPF Network Design is divided into multiple areas

• One area has to be designated as Area 0
• Area 0 is called the Backbone Area
• Remaining Areas are called as non back bone area.
22-10-2016
WWW.KEYGROUPS.IN
OSPF Multiple Area
BR
Other AS
Area 0
ABR ABR
IR IR IR IR IR ASBR
Area 1 Area 2
22-10-2016
WWW.KEYGROUPS.IN
Types of Routers
• Backbone Router (BR)

− The router which belongs to backbone area is called as Backbone router
• Internal Router (IR)
− The router which belongs to regular area is called Internal Router
• Area Border Router (ABR)
− The router which shares two different areas is called Area Border Router
• Autonomous System Border Router (ASBR)
− The router which is connected to different protocol is called Autonomous
system boundary router.
22-10-2016
WWW.KEYGROUPS.IN
OSPF Multiple Area on IPv4 Network - Configuration
Router(config) # router ospf < Process ID >
Router(config-router) # network < Network ID > <Wildcard mask>
area <Area ID >
22-10-2016
WWW.KEYGROUPS.IN
OSPF Multiple Area on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
AREA 0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
AREA 1 192.168.202.1 AREA 2
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
OSPF Multiple Area on IPv4 Network - Configuration
CHE BAN
CHE (config) # router ospf 1 BAN (config) # router ospf 3
CHE (config-router) # router-id 1.1.1.1 BAN (config-router) # router-id 3.3.3.3
CHE # BAN #
CHE
HYD-1
HYD-1 (config-router) # router-id 2.2.2.2
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
OSPF Multiple Area on IPv4 Network - Verification



Router # show ip ospf neighbor
To check Database Table

Router # show ip ospf database
22-10-2016
WWW.KEYGROUPS.IN
OSPFv3
CCIE
C C 22-10-2016
N P
C C N A
OSPFv3 Characteristics
• RFC 2740
• Multicast address is FF02::5 and FF02::6
• Ospfv3 is configured on link basis.
• OSPFv3 supports multiple instances on a single link.
• OSPFv3 adjacencies are formed using link-local address.
• Still uses the router-id from IPv4
22-10-2016
WWW.KEYGROUPS.IN
OSPFv3 on IPv6 Network - Configuration

Router(config) # ipv6 router ospf <Process id>
Router(config-if) # ipv6 ospf <Process id> area <Area ID >
22-10-2016
WWW.KEYGROUPS.IN
OSPFv3 on IPv6 Network
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
OSPFv3 on IPv6 Network - Configuration
HYD-1 HYD-2
HYD-1 (config) # ipv6 router ospf 2 HYD-2 (config) # ipv6 router ospf 2
HYD-1 (config-rtr) # router-id 11.11.11.11 HYD-2 (config-rtr) # router-id 22.22.22.22
HYD-1 (config-if) # ipv6 ospf 2 area 0 HYD-2 (config-if) # ipv6 ospf 2 area 0
HYD-1 (config-if) # ipv6 ospf 2 area 0 HYD-2 (config-if) # ipv6 ospf 2 area 0
HYD-1 # HYD-2 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
OSPFv3 on IPv6 Network - Verification

Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Disadvantages of OSPF
• Consumes more Memory and CPU processing time

• Complex configuration
22-10-2016
WWW.KEYGROUPS.IN
Enhanced Interior Gateway Routing Protocol
(EIGRP)
CCIE
C C 22-10-2016
N P
C C N A
EIGRP Characteristics
• Advanced Distance Vector Routing Protocol

• Open Standard, was cisco proprietary
• Diffusing update algorithm (DUAL)
• Classless Routing Protocol
• Metric = Composite Metric
− Bandwidth, Load, Delay, Reliability, MTU
• Updates are sent as multicast(224.0.0.10) or unicast
• EIGRP protocol alone supports equal and unequal cost load balancing.
• Default of 4 paths and maximum of 16 paths
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Characteristics
• Administrative Distance is 90
• Maximum Hop Count is 255 (Default 100)
• Hello timer – 5 seconds, Hold on timer - 15seconds
• Supports multiple Routed Protocols - IP, IPX, Apple talk
• EIGRP protocol number 88.
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Tables
• Neighbor Table
− Contains information about directly connected neighbors.
• Topology Table
− Contains entries for all destinations, along with the feasible distance and the
advertised distance.
− Contains the successors.
− Contains feasible successor if any.
• Routing Table
− Entries with the best path for each destination from the Topology table are
moved into the Routing Table
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Terminology
• Feasible Distance FD :
− Feasible distance (FD) is the metric of the best route to a destination, including the
local link distance.
− Feasible distance = advertised distance + local link distance (of the best path)
• Advertised Distance AD:
− The distance of a route as advertised by the neighbor. It does not include the local
link distance.
• Successor :
− The neighbor with best distance to the destination.
• Feasible Successor :
− The neighbor with second best distance to the destination, which meets this
criteria: advertised distance should be less than the feasible distance (AD <FD)
22-10-2016
WWW.KEYGROUPS.IN
EIGRP - Neighbor Table

Neighbor Interface
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
S0
Hello S1 Hello
S0
B 15 E
S2 S1 S2
20
10
S0 S1 S1
Hello
10 Hello
A S2 D
S0
22-10-2016
WWW.KEYGROUPS.IN
EIGRP - Topology Table

Update
Neighbor Interface
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
TOPOLOGY TABLE (Router A)
NetworkNeighbor TD AD FD S0
10.0.0.0/8 via B 30 10 30 S
via E 35 25 FS Update S1 Update
via D 45 35
S0
B 15 E
S2 S1 S2
20
10
S0 S1 S1
10 Update
A S2 D
S0
22-10-2016
WWW.KEYGROUPS.IN
EIGRP - Routing Table

Neighbor Interface
B S0 C
D S2
E S1
S0 LAN – 10.0.0.0/8
10
TOPOLOGY TABLE (Router A)
NetworkNeighbor TD AD FD S0
10.0.0.0/8 via B 30 10 30 S
via E 35 25 FS S1
via D 45 35
S0
B 15 E
S2 S1 S2
ROUTING TABLE (Router A)
D 10.0.0.0/8 [90/30] via B, 01:36, Serial0
20
10
S0 S1 S1
10
A S2 D
S0
22-10-2016
WWW.KEYGROUPS.IN
Autonomous System
• Autonomous system is a collection of routers under one common

administration
• Autonomous system is identified by numbers
• Autonomous system ranges from 0-65535
− Public - 1-64511
− Private - 64512-65535
22-10-2016
WWW.KEYGROUPS.IN
Routing Protocol Classification
IGP EGP
• Interior Gateway Protocol • Exterior Gateway Protocol

• Routing protocols used within an • Routing protocol used between
Autonomous system different Autonomous systems
• Ex: RIP, IGRP, EIGRP, OSPF, IS- • Ex: Border Gateway Protocol is
IS extensively used as EGP
22-10-2016
WWW.KEYGROUPS.IN
IGP and EGP
IGP IGP
RIP, OSPF, IGRP, EIGRP RIP, OSPF, IGRP, EIGRP
EGP Data
BGP
Data Data Data
• IGPs operate
ABC - ASwithin
100 an autonomous system XYZ - AS 200
• EGPs connect different autonomous systems
22-10-2016
WWW.KEYGROUPS.IN
EIGRP on IPv4 Network - Configuration
Router(config) # router eigrp < AS No >
Router(config-router) # network < Network ID >
22-10-2016
WWW.KEYGROUPS.IN
EIGRP on IPv4 Network
S 0/1
S 0/0
172.18.0.2
172.18.0.1
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
AS 100
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/1 172.18.0.0/16 Fa 0/0 192.168.2.0/24 S 0/1 172.17.0.0/16
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
EIGRP on IPv4 Network - Configuration
CHE BAN
CHE (config) # router eigrp 100 BAN (config) # router eigrp 100
CHE (config-router) # network 192.168.1.0 0.0.0.255 BAN (config-router) # network 192.168.3.0 0.0.0.255
CHE # BAN #
CHE
HYD-1
HYD-1 (config) # router eigrp 100
HYD-1 (config-router) # network 192.168.2.0 0.0.0.255
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
EIGRP on IPv4 Network - Verification



Router # show ip eigrp neighbor
To check Topology Table

Router # show ip eigrp topology
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Metric
• EIGRP uses the default metric as Bandwidth and Delay

Metric = ( BW + Delay) * 256
Metric = ((107/ Lowest Bandwidth in kbps) + (Sum of Total Delay/10)} *256
Bandwidth
Interface Delay (µs)
(Kbps)
Serial 1544 20000
Ethernet 10000 1000
FastEthernet 100000 100
GigabitEthernet 1000000 10
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Metric Calculation
S 0/1
BW- 1544 kbps S 0/0
CHE Delay-20000 µs BAN
Fa 0/0 S 0/0 BW- 1544 kbps BW- 1544 kbps S 0/1 Fa 0/0
Delay-20000 µs Delay-20000 µs
BW- 100000 kbps S 0/0/1 S 0/0/0 BW- 100000 kbps
Delay-100
Switch µs HYD-1 Delay-100
Switch µs
Fa 0/0
BW- 100000 kbps

Delay-100
Switch µs
EIGRP Metric = ((107/lowest Bandwidth in kbps) + (Sum of Total Delay/10)) *256

= (10000000/1544) + (20000 + 100 / 10) * 256
= 2172416
22-10-2016
WWW.KEYGROUPS.IN
EIGRP Packets
To verify the EIGRP Hello & Holdown Timers

Verify EIGRP Packets

Router # debug eigrp packet
22-10-2016
WWW.KEYGROUPS.IN
Passive interface
• Passive interface is configured to stop the hello packets from exiting out of the
interface.
• If passive interface is configured between the routers no neighbor relationship
will be formed and no updates will be exchanged.
22-10-2016
WWW.KEYGROUPS.IN
Router(config) # router eigrp <AS No>

HYD-1
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Router ID
• The router-id is used to identify the router in EIGRP

− First preference is given to router-id command
− Second preference is given to highest loopback interfaces configured on
router
− Third preference is given to highest physical ip address
ROUTER ID
192.168.202.1
12.0.0.1
2.2.2.2
S0/1 172.17.0.1/16
172.16.0.2/16 HYD-1 S0/0

F0/0
Router ID Command
192.168.2.1/24
2.2.2.2
22-10-2016
WWW.KEYGROUPS.IN
Configure Router ID
Router(config) # router eigrp <AS No>

Router(config-router) # eigrp router-id <router-id>
HYD-1
HYD-1 (config-router) # eigrp router-id 2.2.2.2
HYD-1 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
EIGRP - Load Balancing
• EIGRP supports two types of load balancing

− Equal cost load balancing
− Unequal cost load balancing
• Load balancing on 4 equal cost paths enabled(Default)

• Maximum paths are based on device platform (equal or unequal cost paths)
22-10-2016
WWW.KEYGROUPS.IN
EIGRP - Equal Cost Load Balancing
Metric = 100
A Metric = 200 B
Data
Metric = 100
22-10-2016
WWW.KEYGROUPS.IN
EIGRP – Unequal Cost Load Balancing
• By default it is turned off
Metric = 100
A Metric = 200 B
Data
Metric = 100
22-10-2016
WWW.KEYGROUPS.IN
EIGRPv6
CCIE
C C 22-10-2016
N P
C C N A
EIGRPv6 Characteristics
• RFC 7868
• Multicast Address for EIGRPv6 is FF02::A
• Still uses the router-id from IPv4
22-10-2016
WWW.KEYGROUPS.IN
EIGRPv6 on IPv6 Network - Configuration

Router(config) # ipv6 router eigrp <AS No>
Router(config-router) # eigrp router-id <router-id>
Router(config-router) # exit
Router(config-if) # ipv6 eigrp <AS No>
22-10-2016
WWW.KEYGROUPS.IN
EIGRPv6 on IPv6 Network
Fa 0/1 AS 100 Fa 0/1

2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
Fa 0/0 2001:1111::/64 Fa 0/0 2001:2222::/64

Fa 0/1 2001:5555::/64 Fa 0/1 2001:5555::/64
22-10-2016
WWW.KEYGROUPS.IN
EIGRPv6 on IPv6 Network - Configuration
HYD-1 HYD-2
HYD-1 (config) # ipv6 router eigrp 100 HYD-2 (config) # ipv6 router eigrp 100
HYD-1 (config-rtr) # eigrp router-id 11.11.11.11 HYD-2 (config-rtr) # eigrp router-id 22.22.22.22
HYD-1 (config-if) # ipv6 eigrp 100 HYD-2 (config-if) # ipv6 eigrp 100
HYD-1 (config-if) # ipv6 eigrp 100 HYD-2 (config-if) # ipv6 eigrp 100
HYD-1 # HYD-2 #
Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
EIGRPv6 on IPv6 Network - Verification

Network Diagram
22-10-2016
WWW.KEYGROUPS.IN
Border Gateway Protocol
(BGP)
CCIE
C C 22-10-2016
N P
C C N A
BGP Features
• Path Vector Protocol

• Open standard protocol
• Uses the path vector algorithm
• Administrative distance for EBGP is 20
• BGP exchanges routing information between Autonomous Systems
• External BGP (EBGP) which is also known as an inter-domain routing protocol,
operates outside an AS and connects one AS to another.
• Hello timer is 60 seconds, Hold on timer is 180 seconds
• BGP uses the TCP port number 179.
22-10-2016
WWW.KEYGROUPS.IN
EBGP on IPv4 Network - Configuration
Router(config) # router bgp <AS No>
Router(config-router) # network < Network ID > mask <Subnet mask>
Router(config-router) # neighbor < peer address > remote-as < peer-as-no >
Router(config-router) # end
22-10-2016
WWW.KEYGROUPS.IN
AS 100 AS 300
CHE BAN
Fa 0/0 S 0/0/0 S 0/0/1 Fa 0/0
AS 200
192.168.1.1 172.16.0.1 172.17.0.2 192.168.3.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.2.1
Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/0/0 172.16.0.0/16 Interface Network ID / Mask S 0/0/1 172.17.0.0/16
Fa 0/0 192.168.2.0/24
S 0/0/0 172.17.0.0/16
S 0/0/1 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
BAN (config) # ip routing
CHE (config) # ip routing
BAN (config) # router bgp 300
CHE (config) # router bgp 100
BAN (config-router) # network 192.168.3.0 mask 255.255.255.0
CHE (config-router) # network 192.168.1.0 mask 255.255.255.0
BAN (config-router) # network 172.17.0.0 mask 255.255.0.0
CHE (config-router) # network 172.16.0.0 mask 255.255.0.0
BAN (config-router) # neighbor 172.17.0.1 remote-as 200
CHE (config-router) # neighbor 172.16.0.2 remote-as 200
BAN (config-router) # end
CHE (config-router) # end
BAN (config) #
CHE
HYD-1
HYD-1 (config) # router bgp 200
HYD-1 (config-router) # network 192.168.2.0 mask 255.255.255.0
HYD-1 (config-router) # neighbor 172.16.0.1 remote-as 100
HYD-1 (config-router) # neighbor 172.17.0.2 remote-as 300
22-10-2016
WWW.KEYGROUPS.IN
EBGP on IPv4 Network - Verification

To verify the BGP details

Router # show ip bgp summary
Router # show ip bgp

Router # show ip bgp neighbors
22-10-2016
WWW.KEYGROUPS.IN
Administrative Distance
• When ever multiple routing protocols are configured on a router to reach the
same destination router makes use of Administrative Distance
• “Lesser the Administrative Distance more the Priority”
Routing Protocol Administrative Distance

Directly connected 0
Static Route 1
EIGRP 90
OSPF 110
RIP 120
EBGP 20
22-10-2016
WWW.KEYGROUPS.IN
Switching
CCIE
C C 22-10-2016
N P
C C N A
Ethernet
• A technology originated by the University of Hawaii, later adopted by Xerox

Corporation
• Ethernet is the most popular physical layer LAN technology.
• Ethernet standard known as IEEE Standard 802.3
• Ethernet speed is 10 Mbps.
• Types of Ethernet
− Ethernet
− FastEthernet
− GigabitEthernet
− 10 GigabitEthernet
22-10-2016
WWW.KEYGROUPS.IN
FastEthernet
• The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet
networks that need higher transmission speeds.
• FastEthernet speed is 100 Mbps.
22-10-2016
WWW.KEYGROUPS.IN
Gigabit Ethernet
• Gigabit Ethernet was developed for faster communication networks with

applications such as multimedia and Voice over IP (VoIP)
• Gigabit Ethernet standards are IEEE 802.3ab and IEEE 802.3z (optical fiber)
• Gigabit Ethernet speed is 1000 Mbps i.e. 1 Gbps
22-10-2016
WWW.KEYGROUPS.IN
10 Gigabit Ethernet
• 10 Gigabit Ethernet is the fastest and most recent of the Ethernet standards i.e.
IEEE 802.3ae.
• 10 Gigabit Ethernet is based entirely on the use of optical fiber connections.
• 10 Gigabit Ethernet speed is 10000 Mbps i.e. 10 Gbps
22-10-2016
WWW.KEYGROUPS.IN
Broadcast Domain
• A broadcast domain is a set of network devices for which a broadcast frame

sent by one device is received by all other devices in that LAN segment.
Banjara Hills
Data
LAN
Data
Data
22-10-2016
WWW.KEYGROUPS.IN
Collision Domain
• A collision domain is a set of network devices for which a frame sent by one
device could result in a collision with a frame sent by any other device in the
same LAN segment.
Banjara Hills
Data
LAN
Data
22-10-2016
WWW.KEYGROUPS.IN
How Switch works ?
MAC ADDRESS TABLE

PORT MAC-ADDRESS
Fa0/1
Fa0/2 001C-C01A-0002
Fa0/3
Banjara Hills Source MAC
001C.C01A.0002 Fa0/4
DATA
DestinationData
MAC
LAN 001C.C01A.0004
001C-C01A-0001 001C-C01A-0002
Source MAC
1 2
001C.C01A.0002
DATA
DestinationData
MAC
001C.C01A.0004
4 3
Data
001C-C01A-0004
001C-C01A-0003
22-10-2016
WWW.KEYGROUPS.IN
How Switch works ?
MAC ADDRESS TABLE

PORT MAC-ADDRESS
Fa0/1
Fa0/2 001C-C01A-0002
Fa0/3
Banjara Hills 001C-C01A-0004
Fa0/4
Data
LAN
001C-C01A-0001 001C-C01A-0002
Source MAC
1 2
001C.C01A.0002
DATA
DestinationData
MAC
001C.C01A.0004
4 3
Source MAC
001C.C01A.0004
Data DATA
Destination MAC
001C.C01A.0002
001C-C01A-0004
001C-C01A-0003
22-10-2016
WWW.KEYGROUPS.IN
How Switch works ?
MAC ADDRESS TABLE

PORT MAC-ADDRESS
Fa0/1
Fa0/2 001C-C01A-0002
Fa0/3
Banjara Hills Source MAC
001C.C01A.0002 Fa0/4
DATA
DestinationData
MAC
LAN 001C.C01A.0004
001C-C01A-0001 001C-C01A-0002
Source MAC
1 2
001C.C01A.0002
DATA
DestinationData
MAC
001C.C01A.0004
4 3
001C-C01A-0004
001C-C01A-0003
22-10-2016
WWW.KEYGROUPS.IN
Types of Switches
• Manageable switches
− On a Manageable switch an IP address can be assigned and configurations
can be made. It has a console port .
• Unmanageable switches
− On an Unmanageable switch configurations cannot be made, an IP address
cannot be assigned as there is no console port.
22-10-2016
WWW.KEYGROUPS.IN
Campus Network
• Campus is a LAN network supporting larger buildings or multiple buildings close

to a specific area
• Cisco uses three terms to describe the role of each switch in a campus design.
− Access Layer
− Distribution Layer
− Core Layer
22-10-2016
WWW.KEYGROUPS.IN
Hierarchical Design
CORE LAYER
LAYER 3
DISTRIBUTION
LAYER
LAYER 2 ACCESS LAYER
22-10-2016
WWW.KEYGROUPS.IN
Cisco’s Hierarchical Design for switches
• Access Layer Switches

Switches Series : 1900, 2950, 2960
• Distribution Layer Switches

Switches Series :
− Fixed : 3550, 3560, 3750
− Modular: 4500, 5500
• Core Layer Switches

Switches Series : 6500
22-10-2016
WWW.KEYGROUPS.IN
Initial Configuration of Switch
CCIE
C C 22-10-2016
N P
C C N A
Initial Configuration
Console
Switch
Vlan 1
192.168.1.50/24
Computer IP Address
192.168.1.10
22-10-2016
WWW.KEYGROUPS.IN
Duplex and Speed
• Switch automatically adjusts duplex mode and speed depending upon remote
device.
• We can set duplex mode and speed to match any of the supported modes.
22-10-2016
WWW.KEYGROUPS.IN
Interface Speed & Duplex - Configuration
Switch (config) # interface < interface type > < no.>

Switch (config-if) # speed { 100 | 1000 | 10000 | auto }
Switch (config) # interface < interface type > < no.>

Switch (config-if) # duplex { full | half }
22-10-2016
WWW.KEYGROUPS.IN
Methods of Switching
• Cisco switches supports three types of switching

− Store and Forward
− Cut Through
− Fragment Free
22-10-2016
WWW.KEYGROUPS.IN
Store and Forward
• This is basic mode of switching.

• Switch stores the entire frame into memory and perform CRC check, to ensure
the frame is not corrupted.
• A frame less than 64 bytes and greater than 1518 bytes is invalid, only valid
frames are processed, invalid are dropped.
• Latency is more
22-10-2016
WWW.KEYGROUPS.IN
Cut Through
• The switch reads only the first 6bytes of frame that is destination MAC address.
• As there is no CRC check the corrupted frames are also forwarded.
• This is the fastest method of switching.
• Invalid frames are processed.
22-10-2016
WWW.KEYGROUPS.IN
Fragment Free
• This is best method for switching.

• Switch checks only first 64bytes of frame for error.
• It processes only that frames that have first 64 bytes valid
• Any frame less than 64bytes is called as RUNT and this frame is invalid.
• Low latency.
22-10-2016
WWW.KEYGROUPS.IN
Virtual LAN (VLAN)
CCIE
C C 22-10-2016
N P
C C N A
Virtual LAN
• Divides a Single Broadcast domain into Multiple Broadcast domains.

• VLANs group interfaces to create a smaller broadcast domain.
• It provides Layer 2 Security.
• By default all ports of the switch are in VLAN1.
• VLAN1 is known as Administrative VLAN or Management VLAN
• VLAN can be created from 2 – 1001.
• VLAN information is stored in vlan.dat on the flash memory of the switch.
22-10-2016
WWW.KEYGROUPS.IN
How LAN works ?
SWITCH
1 2 3 4 5 6
PC1
Data PC2
Data PC3 PC4 PC5
Data PC6
Data
192.168.1.0/24
22-10-2016
WWW.KEYGROUPS.IN
How VLAN works ?
SWITCH
1 2 3 4 5 6
Sales Mktg
VLAN VLAN
10 20
PC1
Data PC2
Data PC3 PC4 PC5
Data PC6
Data
192.168.1.0/24
22-10-2016
WWW.KEYGROUPS.IN
VLAN - Configuration
Creating VLAN
Switch (config) # vlan < vlan number >

Switch (config-vlan) # name < name >
Switch (config-vlan) # exit
Implementation of Vlan
Switch (config) # interface <interface type> <interface no>

Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan < Vlan ID >
Switch (config-if) # exit
22-10-2016
WWW.KEYGROUPS.IN
24 24
SW1 - 192.168.20.50 SW2 - 192.168.20.51

1 2 3 4 5 6 1 2 3 4 5 6
Sales Mktg Sales Mktg

VLAN VLAN VLAN VLAN
10 20 10 20
PC1 PC2 PC3 PC4 PC5 PC6 PC11 PC12 PC13 PC14 PC15 PC16
22-10-2016
WWW.KEYGROUPS.IN
SW1 SW2
SW1 (config) # vlan 10 SW2 (config) # vlan 10

SW1 (config-vlan) # name SALES SW2 (config-vlan) # name SALES
SW1 (config-vlan) #exit SW2 (config-vlan) #exit
SW1 (config) # vlan 20 SW2 (config) # vlan 20
SW1 (config-vlan) # name MKTG SW2 (config-vlan) # name MKTG
SW1 (config-vlan) #exit SW2 (config-vlan) #exit
SW1 (config) # interface range fastethernet 0/1 -2 SW2 (config) # interface range fastethernet 0/1 -2
SW1 (config-if-range) # switchport mode access SW2 (config-if-range) # switchport mode access
SW1 (config-if-range) # switchport access vlan 10 CHE SW2 (config-if-range) # switchport access vlan 10
SW1 (config-if-range) # exit SW2 (config-if-range) # exit
SW1(config) # SW2(config) #
SW1 (config) # interface range fastethernet 0/5 -6 SW2 (config) # interface range fastethernet 0/5 -6
SW1 (config-if-range) # switchport mode access SW2 (config-if-range) # switchport mode access
SW1 (config-if-range) # switchport access vlan 20 SW2 (config-if-range) # switchport access vlan 20
SW1 (config-if-range) # exit SW2 (config-if-range) # exit
22-10-2016
WWW.KEYGROUPS.IN
VLAN – Verification
Switch # show vlan

Switch # show interface <interface type> <interface no.> switchport
22-10-2016
WWW.KEYGROUPS.IN
Trunk
CCIE
C C 22-10-2016
N P
C C N A
Trunk
• Trunk Port allows multiple VLAN traffic to pass through a single physical
connection by adding a header to Ethernet frame.
• Trunking protocols of two different types
ISL (Inter Switch Link) 802.1q

Cisco proprietary Open standard
30 bytes (Header + Trailer ) 4 bytes ( Header )
22-10-2016
WWW.KEYGROUPS.IN
VLAN Tagging
• VLAN Tagging is used when a link needs to carry traffic for more than one
VLAN.
• Each frame has a tag that specifies the VLAN it belongs to.
• Tag is added to the frame when it goes on to the trunk and tag is removed
when it leaves the trunk.
• Switch forwards the frame to a particular VLAN based on tag information.
22-10-2016
WWW.KEYGROUPS.IN
How VLAN Tagging works ?
Data24 Vlan 10
20 24
Data
SWITCH - 1 SWITCH - 2
1 2 3 4 5 6 1 2 3 4 5 6

VLAN VLAN VLAN VLAN
10 20 10 20
PC1
Data
Data PC2
Data PC3 PC4 PC5
Data PC6 PC11 PC12 PC13 PC14 PC15 PC16
Data
192.168.1.0/24 192.168.1.0/24
22-10-2016
WWW.KEYGROUPS.IN
Trunk - Configuration
Switch (config) # interface <interface type> <interface no.>

Switch (config-if) # switchport mode trunk
Switch (config-if) # switchport trunk allowed vlan <vlan id / all>
Switch (config-if) # end
22-10-2016
WWW.KEYGROUPS.IN
24 24
SW1 - 192.168.20.50 SW2 - 192.168.20.51

1 2 3 4 5 6 1 2 3 4 5 6

VLAN VLAN VLAN VLAN
10 20 10 20
22-10-2016
WWW.KEYGROUPS.IN
SW1 SW2
SW1 (config)# interface fastethernet 0/24 SW2 (config)# interface fastethernet 0/24
SW1 (config-if)# switchport mode trunk SW2 (config-if)# switchport mode trunk
SW1 (config-if)# switchport trunk allowed vlan all SW2 (config-if)# switchport trunk allowed vlan all
SW1 (config-if)# ^Z SW2 (config-if)# ^Z
SW1 # SW2 #
CHE
22-10-2016
WWW.KEYGROUPS.IN
Trunk – Verification
Switch # show interface trunk

22-10-2016
WWW.KEYGROUPS.IN
Native VLAN
• The native VLAN is the only VLAN whose frames are not tagged on a trunk, i.e.
native VLAN frames are transmitted unchanged.
• By default VLAN 1 is native VLAN, we can however configure another VLAN as
native VLAN.
22-10-2016
WWW.KEYGROUPS.IN
Native VLAN - Configuration

Switch (config-if) # switchport trunk native vlan <vlan id>
22-10-2016
WWW.KEYGROUPS.IN
Native VLAN – Verification
22-10-2016
WWW.KEYGROUPS.IN
Dynamic Trunking Protocol (DTP)
CCIE
C C 22-10-2016
N P
C C N A
Dynamic Trunking Protocol (DTP)
• DTP is a Cisco proprietary protocol.

• DTP is responsible for dynamically negotiates trunks between Switches.
• DTP is enabled in all Cisco switches by default.
• DTP modes
Access
Trunk
Dynamic desirable
Dynamic auto
22-10-2016
WWW.KEYGROUPS.IN
DTP Modes
Command Option Description
Access Always act as an access (Non-Trunk) port
Trunk Always act as a Trunk port
Initiates negotiation messages and responds to

Dynamic Desirable
negotiation messages to start using Trunking
Dynamic Auto Passively waits to receive trunk negotiation messages
22-10-2016
WWW.KEYGROUPS.IN
DTP Modes
Dynamic Auto TRUNK Mode Trunk
Switch Switch
Dynamic Desirable TRUNK Mode Trunk
Switch Switch
Dynamic Auto ACCESS Mode Access

Switch Switch
Dynamic Desirable ACCESS Mode Access

Switch Switch
Dynamic Auto ACCESS Dynamic Auto
Switch Switch
Dynamic Desirable TRUNK Dynamic Desirable
Switch Switch
Dynamic Auto TRUNK Dynamic Desirable
Switch Switch
22-10-2016
WWW.KEYGROUPS.IN
DTP - Configuration

Switch (config-if) # switchport mode { dynamic auto | dynamic desirable}
22-10-2016
WWW.KEYGROUPS.IN
DTP - Configuration
24 24
SW1 - 192.168.20.50 SW2 - 192.168.20.51

1 2 3 4 5 6 1 2 3 4 5 6

VLAN VLAN VLAN VLAN
10 20 10 20
22-10-2016
WWW.KEYGROUPS.IN
DTP - Configuration
SW1 SW2
SW1 (config)# interface fastethernet 0/24 SW2 (config)# interface fastethernet 0/24
SW1 (config-if)# switchport mode dynamic desirable SW2 (config-if)# switchport mode dynamic auto
SW1 (config-if)# end SW2 (config-if)# end
SW1 # SW2 #
CHE
22-10-2016
WWW.KEYGROUPS.IN
DTP – Verification

22-10-2016
WWW.KEYGROUPS.IN
VLAN Trunking Protocol (VTP)
CCIE
C C 22-10-2016
N P
C C N A
VLAN Trunking Protocol (VTP)
• Cisco proprietary protocol created to maintain VLAN configuration consistency

throughout the network.
• It provides accurate VLAN tracking and monitoring.
• Dynamic reporting of added VLANs.
• “Plug-and-play” configuration when adding new VLANs.
• VTP only works when trunking is configured on FastEthernet or higher ports.
Note: Switches should be configured with same Domain Name. Domain Names
are Case sensitive
22-10-2016
WWW.KEYGROUPS.IN
VTP Modes
• Server
− Default mode
− Create , Modify and Delete VLANs
− Forwards advertisements
− Synchronizes
• Client
− Cannot create, Modify or delete VLANs
− Does not store VLAN Information in the NVRAM
− Synchronizes
• Transparent
− Create ,Modify and Delete local VLANs only
− Does not synchronize
22-10-2016
WWW.KEYGROUPS.IN
How VTP works ?
Adding VLAN 10
VLAN Name Status

Update 1. Default Active
VTP Server
10 Sales Active
VLAN Name Status

Update
Transparent 1. Default Active
VLAN Name Status

Client 1. Default Active
10 Sales Active
22-10-2016
WWW.KEYGROUPS.IN
VTP - Configuration
Switch (config) # vtp mode { server | client | transparent }

Switch (config) # vtp domain < name >
Switch (config) # vtp password < password >
22-10-2016
WWW.KEYGROUPS.IN
VTP - Configuration
VTP Server VTP Client

24 24
SW1 - 192.168.20.50 SW2 - 192.168.20.51

1 2 3 4 5 6 1 2 3 4 5 6

VLAN VLAN VLAN VLAN
10 20 10 20
22-10-2016
WWW.KEYGROUPS.IN
VTP - Configuration
SW1 SW2
SW1 (config) # vtp domain KEYGROUPS SW2 (config) # vtp domain KEYGROUPS
Changing VTP domain name from null to KEYGROUPS Changing VTP domain name from null to KEYGROUPS
SW1 (config) # vtp password CCNA SW2 (config) # vtp password CCNA
Setting device VLAN database password to CCNA Setting device VLAN database password to CCNA
SW1 (config) # end SW2 (config) # vtp mode client
SW1 # Setting device to VTP CLIENT mode.
CHE SW2 (config) # end
SW2 #
22-10-2016
WWW.KEYGROUPS.IN
VTP – Verification
Switch # show vtp status

Switch # show vtp password
22-10-2016
WWW.KEYGROUPS.IN
Inter-VLAN Routing
CCIE
C C 22-10-2016
N P
C C N A
Inter-VLAN Routing
• Inter-vlan routing is a process of forwarding the traffic from one vlan to other
vlan using a router.
• The port where the router is connected on switch should be configured as trunk
to allow multiple vlan traffic
• The physical interface on router is divided into multiple sub-interfaces
• Each sub-interface is associated with one VLAN and one IP subnet.
• This is also called as Router on a stick.
22-10-2016
WWW.KEYGROUPS.IN
Routing between VLANs
• Routing between VLANs can be done in below ways:

− Using multiple physical links called as legacy inter-vlan routing
− Using a single link and creating sub-interfaces called as router on a stick
− Using the multi layer switch.
22-10-2016
WWW.KEYGROUPS.IN
Routing between VLANs using multiple physical links
HYD-1
Fa 0/0 Fa 0/1
192.168.1.1/24 192.168.2.1/24
SWITCH
1 2 3 4 5 6
Sales Mktg
VLAN VLAN
10 20
192.168.1.0/24 PC1 PC2 PC3 PC4 PC5

Data PC6
Data 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Routing between VLANs using single physical link
HYD-1
Fa 0/0.10 Fa 0/0.20
192.168.1.1/24 192.168.2.1/24
SWITCH
1 2 3 4 5 6
Sales Mktg
VLAN VLAN
10 20
192.168.1.0/24 PC1 PC2 PC3 PC4 PC5

Data PC6
Data 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Routing between VLANs using Multi-layer Switch
192.168.1.1/24 MULTILAYER SWITCH 192.168.2.1/24

1 2 3 4 5 6
PC1
Data PC2 PC3 PC4 PC5
Data PC6
192.168.1.0/24 192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
Router on a Stick - Configuration
Creating Sub Interface

Router (config) # interface FastEthernet 0/0 . < no. >
Router (config-subif) # encapsulation dot1q < vlan id >
Router (config-subif) # ip address < ip > < subnet mask >
Router (config-subif) # exit
Enabling IP Routing
Router (config) # ip routing
22-10-2016
WWW.KEYGROUPS.IN
ROUTER
Fa 0/0.1 Fa 0/0.2
192.168.1.1/24 192.168.2.1/24
SWITCH
1 2 3 4 5 6
Sales Mktg
VLAN VLAN
10 20
192.168.1.0/24 PC1 PC2 PC3 PC4 PC5 PC6

192.168.2.0/24
22-10-2016
WWW.KEYGROUPS.IN
ROUTER
ROUTER (config) # interface FastEthernet 0/0

ROUTER (config-if) # no shutdown
ROUTER (config-if) # exit
ROUTER (config) # interface FastEthernet 0/0.1
ROUTER (config-subif) # encapsulation dot1q 10
ROUTER (config-subif) # ip address 192.168.1.1 255.255.255.0
ROUTER (config-subif) # exit
CHE
ROUTER (config) # interface FastEthernet 0/0.2
ROUTER (config-subif) # encapsulation dot1q 20
ROUTER (config-subif) # ip address 192.168.2.1 255.255.255.0
ROUTER (config-subif) # exit
ROUTER (config) # ip routing
ROUTER (config) #
22-10-2016
WWW.KEYGROUPS.IN
Router on a Stick – Verification
22-10-2016
WWW.KEYGROUPS.IN
Cisco Discovery Protocol
(CDP)
CCIE
C C 22-10-2016
N P
C C N A
Cisco Discovery Protocol (CDP)
• It is a Cisco proprietary protocol.

• CDP is enabled by default in all Cisco devices.
• CDP advertisements are sent through all the ports by default.
• CDP Advertisement are sent every 60 seconds.
• CDP Advertisements are sent via multicast address 01:00:0c:cc:cc:cc.
22-10-2016
WWW.KEYGROUPS.IN
Advantages of CDP
• Once Layer 1 is active CDP sends the information to its active neighbors.
• It can be used for Layer 1, Layer 2, Layer 3 troubleshooting.
• Information advertised by CDP
− Logical address (if defined)
− Hostname
− Hardware Platform
− IOS Version
− Interface Type and Interface Number of local and remote device connected.
22-10-2016
WWW.KEYGROUPS.IN
CDP - Configuration
Switch (config) # cdp run
22-10-2016
WWW.KEYGROUPS.IN
CDP - Configuration
CHE HYD-1 BAN

F0/0 F0/0 F0/0
14 19 13
SW1 24 24 SW2
1 2 3 1 2 3
22-10-2016
WWW.KEYGROUPS.IN
CDP - Configuration
SW1 SW2
SW1 (config) # cdp run SW2 (config) # cdp run
CHE
22-10-2016
WWW.KEYGROUPS.IN
CDP - Verification
Switch # show cdp neighbors

Switch # show cdp neighbor detail
22-10-2016
WWW.KEYGROUPS.IN
Disadvantages Of CDP
• CDP can be used only between Cisco devices.

• Information about only directly connected neighbors can be known.
22-10-2016
WWW.KEYGROUPS.IN
Link Layer Discovery Protocol
(LLDP)
CCIE
C C 22-10-2016
N P
C C N A
Link Layer Discovery Protocol (LLDP)
• Open Standard Protocol - IEEE 802.1AB

• LLDP is a neighbor discovery protocol used by devices for advertising
information about themselves to other devices on the network.
• By default it is disabled on cisco devices, we need to manually enable it on
devices.
• LLDP Advertisement are sent every 30 seconds.
• LLDP Advertisements are sent via multicast address 01:80:c2:00:00:0e.
22-10-2016
WWW.KEYGROUPS.IN
LLDP - Configuration
Switch (config) # lldp run
22-10-2016
WWW.KEYGROUPS.IN
LLDP - Verification
Switch # show lldp neighbors

Switch # show lldp neighbor detail
22-10-2016
WWW.KEYGROUPS.IN
Spanning-Tree Protocol (STP)
CCIE
C C 22-10-2016
N P
C C N A
Redundant Topology
• To eliminate single point of failure, backup links are used.

• This type of network is called as a redundant topology.
Data
Data
22-10-2016
WWW.KEYGROUPS.IN
Problems in Redundant Topologies
• Redundant topology causes

− Multiple frame copies
− MAC address table instability
− Broadcast storms
• The above problems are collectively called layer 2 switching loops.
22-10-2016
WWW.KEYGROUPS.IN
Problems in Redundant Topologies
Data
Data
Data Data
Source MAC
001C.C01A.0002
Data DATA
Destination MAC
FFFF.FFFF.FFFF
22-10-2016
WWW.KEYGROUPS.IN
Spanning-tree Protocol
• Spanning-tree protocol is used in switched network to avoid switching loops

• It uses spanning-tree algorithm
• STP blocks redundant paths that could cause a loop
• STP is a open standard (IEEE 802.1D)
22-10-2016
WWW.KEYGROUPS.IN
STP Terminology
• Root Switch
− The switch with the best (lowest) Switch ID.
− Out of all the switches in the network, one switch is elected as a Root switch.
This Root switch becomes the focal point of the network.
• Switch ID
− Each switch has a unique identifier called a Bridge ID or Switch ID
− Bridge ID = Priority + MAC address of the switch
− Default priority is 32768
• Non-Root Switch
− All switches other than the Root switch are called Non-root switches.
22-10-2016
WWW.KEYGROUPS.IN
STP Terminology
• BPDU
− Switches exchange information using Bridge Protocol Data Units (BPDUs)
− BPDUs contain information that helps the switch to determine the topology
− BPDUs are sent every 2 sec
22-10-2016
WWW.KEYGROUPS.IN
STP Port states
States Forward frames Learn Mac-Address BPDU Duration
Blocking No No Receives 20 seconds
Listening No No Sent/receive 15 seconds
Learning No Yes Sent/receive 15 seconds
Forwarding Yes Yes Sent/receive -
22-10-2016
WWW.KEYGROUPS.IN
Root Switch Election
Switch ID: 32768. 0001.0000.0001
Root ID: 32768. 0001.0000.0001
BPDU Root ID: 32768. 0001.0000.0001
I am Root BPDU
A
Fa 0/23 Fa 0/24
Fa 0/24 Fa 0/23
BPDU
C
I am INon-Root
am Root B Fa 0/23 C I am Non-Root
Root
Fa 0/24
Switch ID: 32768. 0001.0000.0002 Switch ID: 32768. 0001.0000.0003
Root ID: 32768. 0001.0000.0002
0001.0000.0001 0001.0000.0003
Root ID: 32768. 0001.0000.0002
0001.0000.0001
BPDU Root ID: 32768. 0001.0000.0002
22-10-2016
WWW.KEYGROUPS.IN
STP Terminology
• Root port
− Every Non-Root Switch must have a Root port
− Only one port per switch can be the Root port
− All Root ports will be in forward state
− A Switch’s Root port is the port closest to the Root Switch
• The port with the least cost
• The port with the lowest Neighbor switch ID
• Lowest Physical Port Number
22-10-2016
WWW.KEYGROUPS.IN
IEEE Cost Values
Type Cost Value
Ethernet 100
Fast Ethernet 19
Gigabit Ethernet 4
10 Gigabit Ethernet 2
22-10-2016
WWW.KEYGROUPS.IN
Root Port Election
Switch ID: 32768. 0001.0000.0001
Root ID: 32768. 0001.0000.0001
Root
A
Fa 0/23 Fa 0/24
Root 19 19 Root
Port Port
Fa 0/24 Fa 0/23
C
Non-Root B C Non-Root
Fa 0/23 19 Fa 0/24
Switch ID: 32768. 0001.0000.0002 Switch ID: 32768. 0001.0000.0003
Root ID: 32768. 0001.0000.0001 Root ID: 32768. 0001.0000.0001
22-10-2016
WWW.KEYGROUPS.IN
Designated Port Election
• Designated port
− For Every segment there will be a Designated port
− A designated port will always be in Forward state
• The port with the least cost
• The port with the lowest Neighbor switch ID
• Lowest Physical Port Number
− All ports(Trunk ports) on the Root bridge are Designated ports
22-10-2016
WWW.KEYGROUPS.IN
Designated Port Election
Switch ID: 32768. 0001.0000.0001
Root ID: 32768. 0001.0000.0001
Designated Designated
Port Root Port
A
Fa 0/23 Fa 0/24
Root 19 19 Root
Port Port
Fa 0/24 Fa 0/23
C
Fa 0/23 19 Fa 0/24
Switch ID: 32768. 0001.0000.0002 Designated Switch ID: 32768. 0001.0000.0003
Port
Root ID: 32768. 0001.0000.0001 Root ID: 32768. 0001.0000.0001
22-10-2016
WWW.KEYGROUPS.IN
STP Terminology
• Non-Designated port
− The ports that are neither Root ports nor the Designated ports
− These ports are blocked by STP
22-10-2016
WWW.KEYGROUPS.IN
Root Port Election
Switch ID: 32768. 0001.0000.0001
Root ID: 32768. 0001.0000.0001
Designated Designated
Port Root Port
A
Fa 0/23 Fa 0/24
Root 19 19 Root
Port Port
Non Designated Fa 0/23
Fa 0/24
Port
C
Fa 0/23 19 Fa 0/24
Switch ID: 32768. 0001.0000.0002 Designated Switch ID: 32768. 0001.0000.0003
Port
Root ID: 32768. 0001.0000.0001 Root ID: 32768. 0001.0000.0001
22-10-2016
WWW.KEYGROUPS.IN
STP - Configuration
To configure a switch as a Root Switch
Switch (config) # spanning-tree vlan 1 root { primary | secondary }
22-10-2016
WWW.KEYGROUPS.IN
STP - Configuration
24 24
23 23
SW1 - 192.168.20.50 SW2 - 192.168.20.51
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
STP - Configuration
SW1 SW2
SW1 (config) # spanning-tree vlan 1 root primary SW1 (config) # spanning-tree vlan 1 root secondary
CHE
22-10-2016
WWW.KEYGROUPS.IN
STP - Verification
Switch # show spanning-tree
22-10-2016
WWW.KEYGROUPS.IN
Types of Spanning Tree Protocols
• Common Spanning Tree (CST)

− Open Standard - IEEE 802.1D
− One spanning-tree instance for entire switch network regardless of the
number of vlans.
• Per Vlan Spanning Tree (PVST+)
− Cisco Proprietary
− Spanning tree instance for each vlan configured in network
• RSTP
− Open standard - IEEE 802.1w
− Enhanced version of STP.
− Adding roles to ports and enhances to BPDU exchanges.
22-10-2016
WWW.KEYGROUPS.IN
Types of spanning tree protocols
• Rapid PVST (RPVSTP)

− A cisco enhancement of RSTP using PVST+
• Mutiple Spanning Tree (MST)
− Open standard - IEEE 802.1s,
− Maps multiple VLANs to same spanning tree instance.
22-10-2016
WWW.KEYGROUPS.IN
Comparison of spanning tree protocols
Protocol Standard Resources needed Convergence Number of STP Instances

STP 802.1D Low Slow One
PVST+ Cisco High Slow One for every VLAN
RSTP 802.1W Medium Fast One
Rapid PVST+ Cisco Very high Fast One for every VLAN
MST 802.1S Medium or high Fast One for multiple VLAN
22-10-2016
WWW.KEYGROUPS.IN
Disadvantage of STP – On Access Ports
• Spanning-Tree protocol is running by default on all ports of the switch.

• The spanning-tree protocol makes each port wait up to 50 seconds before data
is sent on the port.
• This delay in turn can cause problems with some applications/protocols.
• To solve above issue, Portfast can be implemented on Cisco Switches.
22-10-2016
WWW.KEYGROUPS.IN
PortFast
CCIE
C C 22-10-2016
N P
C C N A
PortFast
• Portfast allows a port to switch from disabled to forwarding state bypassing the
listening and learning states.
• The portfast feature can be enabled on a port where there are no Bridges and
switches connected, otherwise it may create loops.
• Portfast is recommended to be enabled on a port where end user devices
(hosts) are connected.
22-10-2016
WWW.KEYGROUPS.IN
Portfast - Configuration
Configure Portfast for a Switch (All Interfaces)

Switch (config) # spanning-tree portfast default
Configure Portfast for an interface

Switch (config-if) # spanning-tree portfast
22-10-2016
WWW.KEYGROUPS.IN
Portfast - Configuration
24 24
23 23
SW1 - 192.168.20.50 SW2 - 192.168.20.51
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
Portfast - Verification

Switch # show spanning-tree summary
22-10-2016
WWW.KEYGROUPS.IN
BPDU Guard
• The Cisco BPDU guard feature disables the port, if any BPDUs are received on
the port.
• This is recommended to be enabled on a port where Portfast is configured,
because if any switch connects to such a port, the local switch can block the
port preventing loops.
22-10-2016
WWW.KEYGROUPS.IN
BPDU Guard - Configuration
Configure BPDU Guard for a Switch (All Interfaces)

Switch (config) # spanning-tree bpduguard default
Configure BPDU Guard for an interface

Switch (config-if) # spanning-tree portfast bpduguard enable
22-10-2016
WWW.KEYGROUPS.IN
BPDU Guard - Configuration
24 24
23 23
SW1 - 192.168.20.50 SW2 - 192.168.20.51
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
BPDU Guard - Verification

Switch # show spanning-tree summary
22-10-2016
WWW.KEYGROUPS.IN
EtherChannel
CCIE
C C 22-10-2016
N P
C C N A
Issue with Redundant Link
• To avoid a single point of failure we go with redundancy. But whenever the

redundant link is seen switch blocks a link to avoid loops.
24 24
23 23
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
Etherchannel
• Etherchannel combines two or more physical links into one logical link.
• The purposes of aggregating link is achieve the full bandwidth, load balancing
and redundancy.
• Generally configured between switch to switch, switch to router, switch to
firewall.
• Etherchannels can consist of up to eight interfaces.
• To create etherchannel all the ports needs :
− Same Physical ports (Ethernet or Fiber)
− Speed
− Duplex
− Either ports should be access or trunk
− Native and allowed vlan on trunk ports
22-10-2016
WWW.KEYGROUPS.IN
Etherchannel
Port Channel 1
24 24
23 23
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
Etherchannel Configuration
• Static
• Port Aggregation Protocol (PAGP)
• Link aggregation control protocol (LACP)
22-10-2016
WWW.KEYGROUPS.IN
Port Aggregation Protocol (PAGP)
• It is a cisco proprietary.
• It has two modes
− Desirable
• Interface will actively ask the other side to form Etherchannel.
− Auto
• Interface will wait passively for other side to ask to form Etherchannel.
22-10-2016
WWW.KEYGROUPS.IN
Link Aggregation Control Protocol (LACP)
• It is an open standard protocol (IEEE 802.3ad)

• It has two modes
− Active
• Interface will actively ask the other side to form Etherchannel.
− Passive
• Interface will wait passively for other side to ask to form Etherchannel.
22-10-2016
WWW.KEYGROUPS.IN
Etherchannel - Configuration
Etherchannel – PAGP
Switch (config-if) # channel-protocol pagp
Switch (config-if) # channel-group 1 mode { desirable | auto }
Etherchannel – LACP
Switch (config-if) # channel-protocol lacp
Switch (config-if) # channel-group 1 mode { active | passive }
22-10-2016
WWW.KEYGROUPS.IN
Port Channel 1
24 24
23 23
1 2 3 4 5 6 1 2 3 4 5 6
22-10-2016
WWW.KEYGROUPS.IN
SW1 SW2
Switch (config) # interface range fastethernet 0/23 Switch (config) # interface range fastethernet 0/23
Switch (config-if) # channel-protocol pagp Switch (config-if) # channel-protocol pagp
Switch (config-if) # channel-group 1 mode desirable Switch (config-if) # channel-group 1 mode auto
Switch (config-if) # channel-protocol pagp Switch (config-if) # channel-protocol auto
Switch (config-if) # channel-group 1 mode desirable Switch (config-if) # channel-group 1 mode desirable
Switch (config-if) # end Switch (config-if) # end
CHE
SW1 SW2
Switch (config-if) # channel-protocol lacp Switch (config-if) # channel-protocol lacp
Switch (config-if) # channel-group 1 mode active Switch (config-if) # channel-group 1 mode passive
Switch (config-if) # channel-protocol lacp Switch (config-if) # channel-protocol lacp
Switch (config-if) # channel-group 1 mode active Switch (config-if) # channel-group 1 mode passive
Switch (config-if) # end Switch (config-if) # end
CHE
22-10-2016
WWW.KEYGROUPS.IN
Etherchannel - Verification
Switch # show etherchannel 1 summary

Switch # show interface port-channel 1
Switch # show etherchannel port-channel
22-10-2016
WWW.KEYGROUPS.IN
Port Security
CCIE
C C 22-10-2016
N P
C C N A
Port Security
• Port Security is used to control network access based on the following:

− MAC Address
− Number of MAC Addresses per port
• If any violation takes place the following actions can be configured:
− Shutdown
− Restrict
− Protect
22-10-2016
WWW.KEYGROUPS.IN
Violation Modes
• Shutdown
− The port becomes error disabled and the port LED turns off.
• Protect
− Frames with unknown source MAC address are dropped. It does not notify
that a security violation has occurred.
• Restrict
− Frames with unknown source address are dropped. It gives a notification (log
message) that security violation has occurred.
22-10-2016
WWW.KEYGROUPS.IN
Port Security & Error Recovery - Configuration

Switch (config-if) # switchport mode access
Switch (config-if) # switchport port-security maximum <value>
Switch (config-if) # switchport port-security mac-address <mac-address>
Switch (config-if) # switchport port-security violation { protect | restrict |
shutdown }
Switch (config-if) # switchport port-security
Switch (config) # errdisable recovery cause <cause>

Switch (config) # errdisable recovery interval <seconds>
22-10-2016
WWW.KEYGROUPS.IN
SW1 - 192.168.20.50
1 2 3 4 5 6
PC1 PC2 PC3 PC4 PC5 PC6
22-10-2016
WWW.KEYGROUPS.IN
SW1
SW1 (config)# interface fastethernet 0/2

SW1 (config-if)# switchport mode access
SW1 (config-if)# switchport port-security maximum 1
SW1 (config-if)# switchport port-security mac-address 0013.20B7.1232
SW1 (config-if)# switchport port-security violation shutdown
SW1 (config-if)# switchport port-security
SW1 (config-if)# exit CHE
SW1 (config) # errdisable recovery cause psecure-violation
SW1 (config) # errdisable recovery interval 30
22-10-2016
WWW.KEYGROUPS.IN
Port Security & Error Recovery - Verification
Switch # show port-security interface <interface type> <interface no.>

Switch # show interface status
Switch # show port-security
Switch # show port-security address
Switch # show errdisable recovery
22-10-2016
WWW.KEYGROUPS.IN
Switched Port Analyzer
(SPAN)
CCIE
C C 22-10-2016
N P
C C N A
Switched Port Analyzer (SPAN)
• A SPAN port mirrors traffic from a defined port to another port where a
Network Anazlyer / Monitoring Device is connected.
• Network engineers or administrators use SPAN to analyze and debug data or
diagnose errors on a network.
• Network analyzer software is used for analyzing the captured data.
i.e. Wireshark, Ethereal, etc.
22-10-2016
WWW.KEYGROUPS.IN
SPAN - Configuration
Switch (config) # monitor session <no.> source interface

<interface type> <interface no.>
Switch (config) # monitor session <no.> destination interface
<interface type> <interface no.>
22-10-2016
WWW.KEYGROUPS.IN
22-10-2016
WWW.KEYGROUPS.IN
SW1
SW1 (config) # monitor session 1 source interface FastEthernet 0/11
SW1 (config) # monitor session 1 destination interface FastEthernet 0/2
CHE
22-10-2016
WWW.KEYGROUPS.IN
SPAN - Verification
Switch (config) # show monitor
22-10-2016
WWW.KEYGROUPS.IN
Access Control List
(ACL)
CCIE
C C 22-10-2016
N P
C C N A
Access Control List (ACL)
• Access Control List are a group of commands configured on router to control

the flow of traffic from one network to another network.
• It provides layer 3 and layer 4 security.
• The router examines each packet to determine whether to forward or drop it,
based on the conditions specified in the ACL.
22-10-2016
WWW.KEYGROUPS.IN
Functions of ACL’s ?
• Controls network traffic to improve network performance

• Provide a basic level of security for network access.
• Can filter traffic based on type of traffic.
− i.e. ACL can allow Web Traffic and block all Email traffic
22-10-2016
WWW.KEYGROUPS.IN
Access Control List (ACL)
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
Switch
10 20 30 10 20 30
10 20 30
Network ID / Mask Network ID / Mask
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.201.0 network
192.168.203.10 shouldnot
host should notcommunicate
communicatewith
with192.168.202.0
192.168.202.0network
network
22-10-2016
WWW.KEYGROUPS.IN
Terminology
• Deny : Blocking a network/subnet/host/service.

• Permit : Allowing a network/subnet/host/service.
• Source Address : The address from where the request starts.
• Destination address : The address where the request ends.
• Inbound : Traffic coming into the interface.
• Outbound : Traffic going out of the interface.
22-10-2016
WWW.KEYGROUPS.IN
Terminology
• Protocols : IP (Internet Protocol)

− TCP (Transmission control protocol)
− UDP (User datagram protocol)
− ICMP (Internet control messaging protocol)
• Operators :
− eq (equal to)
− neq (not equal to)
− lt (less than)
− gt (greater than)
• Services : HTTP (80), FTP (20,21), TELNET (23), DNS (53), DHCP (67,68)
22-10-2016
WWW.KEYGROUPS.IN
Wildcard Mask
• It’s the inverse of the subnet mask, hence is also called as inverse mask.
• A bit value of 0 indicates MUST MATCH (Check Bits).
• A bit value of 1 indicates IGNORE (Ignore Bits).
• Wildcard Mask
− For a host is 0.0.0.0
− For Class A network is 0.255.255.255
− For Class B network is 0.0.255.255
− For Class C network is 0.0.0.255
22-10-2016
WWW.KEYGROUPS.IN
Wild Card Mask
• A wild card mask can be calculated using the formula :

Global Subnet Mask
– Subnet Mask
---------------------------
Wild Card Mask
E.g.
255.255.255.255 255.255.255.255
– 255.255.255. 0 – 255.255.255.240
------------------------ ------------------------
0. 0. 0.255 0. 0. 0. 15
22-10-2016
WWW.KEYGROUPS.IN
Working of Access Control List
• Works in a sequential order from top to bottom.

• If a match is found it does not check further.
• There should be at least one permit statement.
• An implicit deny blocks all traffic by default when there is no match (an
invisible statement).
• New entries are automatically added to the bottom.
• Can have one access-list per interface per direction.
• Removing of specific statement in a numbered access-lists is not possible.
22-10-2016
WWW.KEYGROUPS.IN
Types of Access-List
ACL
IPv4 IPv6
Standard Extended Extended
Named Numbered Named Numbered Named
22-10-2016
WWW.KEYGROUPS.IN
Standard Access Control List
(IPv4)
CCIE
C C 22-10-2016
N P
C C N A
Standard Access List
• The access-list number range is 1 – 99.

• Can filter a network, subnet or host.
• Two way communication is stopped.
• All services are either blocked or allowed.
• Filters traffic based only on the source address.
• Implemented closest to the destination. (Guideline)
22-10-2016
WWW.KEYGROUPS.IN
Standard ACL - Numbered - Configuration
Creation of Standard Access List - Numbered
Router (config) # access-list <acl no> <permit/deny>

<source address> <source wildcard mask>
Implementation of Standard Access List - Numbered
Router (config) # interface <interface type> <interface no>

Router(config-if) # ip access-group <number> <out/in>
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
Switch
10 20 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.201.10 host should not communicate with 192.168.202.0 network
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 # configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
HYD-1 (config) # access-list 10 deny 192.168.201.10 0.0.0.0
HYD-1 (config) # access-list 10 permit any
HYD-1 (config) #
HYD-1 (config) # interface FastEthernet 0/0

CHE
HYD-1 (config-if) # ip access-group 1 out
HYD-1 (config-if) # end
HYD-1 #
22-10-2016
WWW.KEYGROUPS.IN
Standard ACL - Numbered - Verification
Router # show ip access-lists
22-10-2016
WWW.KEYGROUPS.IN
How does a Standard ACL work ?
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
10 Switch
DATA 20 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.201.10 is accessing 192.168.202.20
22-10-2016
WWW.KEYGROUPS.IN
10 Source IP and Port

DATA 192.168.201.10 DATA
- 5000
10
CHE HYD-1
Destination IP and Port
DATA
192.168.202.10 - 80
192.168.201.0/24 192.168.202.0/24
access-list 1 deny 192.168.201.10 0.0.0.0

access-list 1 permit any
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
10 20 Switch
DATA 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.201.20 is accessing 192.168.202.20
22-10-2016
WWW.KEYGROUPS.IN
20 Source IP and Port

DATA
192.168.201.20 DATA
- 5000
10
CHE HYD-1
DATA
192.168.202.10 - 80
192.168.201.0/24 192.168.202.0/24
access-list 1 deny 192.168.201.10 0.0.0.0

access-list 1 permit any
22-10-2016
WWW.KEYGROUPS.IN
Standard ACL - Named- Configuration
Creation of Standard Access List - Named
Router (config) # ip access-list standard <acl name>

Router (config-std-nacl) # <permit/deny> <source address>
<source wildcard mask>
Implementation of Standard Access List - Named

Router(config-if) # ip access-group <acl name> <out/in>
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
Switch
10 20 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.203.10 host should communicate with 192.168.202.0 network
22-10-2016
WWW.KEYGROUPS.IN
HYD-1

HYD-1 (config) # ip access-list standard zoom
HYD-1 (config-std-nacl) # permit 192.168.203.10 0.0.0.0
HYD-1 (config-std-nacl) # exit
HYD-1 (config) #
CHE 0/0
HYD-1 (config) # interface fastethernet
HYD-1 (config-if) # ip access-group zoom out
HYD-1 #
22-10-2016
WWW.KEYGROUPS.IN
Standard ACL - Named - Verification
22-10-2016
WWW.KEYGROUPS.IN
Extended Access Control List
(IPv4)
CCIE
C C 22-10-2016
N P
C C N A
Extended Access List
• The access-list number range is 100 – 199.

• Can filter a network, subnet, host and service.
• One way communication is stopped.
• Selected services can be blocked or allowed.
• Filters traffic based on the source address, destination address and service.
• Implemented closest to the source. (Guideline)
22-10-2016
WWW.KEYGROUPS.IN
Extended ACL - Numbered - Configuration
Creation of Extended Access List - Numbered
Router (config) # access-list <acl no> <permit/deny> <protocol>

<destination address> < destination wildcard mask>
<operator> <service>
Implementation of Extended Access List - Numbered

Router(config-if) # ip access-group <number> <out/in>
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
Switch
10 20 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.202.0 network should not access 192.168.203.10 Host (Web service)

192.168.202.0 network should not ping 192.168.201.0 Network
22-10-2016
WWW.KEYGROUPS.IN
HYD-1

HYD-1 (config) # access-list 101 deny tcp 192.168.202.0 0.0.0.255 192.168.203.10 0.0.0.0 eq www
HYD-1 (config) # access-list 101 deny icmp 192.168.202.0 0.0.0.255 192.168.201.0 0.0.0.255 echo
HYD-1 (config) # access-list 101 permit ip any any
HYD-1 (config) # interface FastEthernet 0/0 CHE

HYD-1 (config-if) # ip access-group 101 in
HYD-1 (config-if) # exit
22-10-2016
WWW.KEYGROUPS.IN
Extended ACL - Numbered - Verification
22-10-2016
WWW.KEYGROUPS.IN
How does an Extended ACL work ?
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
10 Switch
20 30 10 20 30
10 20
DATA 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.202.20 is accessing 192.168.203.10 – Web Service
22-10-2016
WWW.KEYGROUPS.IN
20
DATA Source IP and Port 10
192.168.202.20DATA
- 5000
HYD-1
DATA BAN
192.168.203.10 - 80
192.168.202.0/24 192.168.203.0/24
access-list 101 deny tcp 192.168.202.0 0.0.0.255 192.168.203.10 0.0.0.0 eq 80

access-list 101 deny icmp 192.168.202.0 0.0.0.255 192.168.201.0 0.0.0.255 echo
access-list 101 permit ip any any
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
10 Switch
20 30 10 20 30
10 20
DATA 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
192.168.202.20 is accessing 192.168.203.10 – Telnet Service
22-10-2016
WWW.KEYGROUPS.IN
20
DATA Source IP and Port 10
192.168.202.20DATA
- 5000
HYD-1
DATA BAN
192.168.203.10 - 23
192.168.202.0/24 192.168.203.0/24
access-list 101 deny tcp 192.168.202.0 0.0.0.255 192.168.203.10 0.0.0.0 eq 80

access-list 101 deny icmp 192.168.202.0 0.0.0.255 192.168.201.0 0.0.0.255 echo
access-list 101 permit ip any any
22-10-2016
WWW.KEYGROUPS.IN
Extended ACL - Named - Configuration
Creation of Extended Access List - Named
Router (config) # ip access-list extended <acl name>

Router (config-ext-nacl) # <permit/deny> <protocol>
<destination address> < destination wildcard mask>
Implementation of Extended Access List - Named

Router (config-if) # ip access-group <acl name> <out/in>
22-10-2016
WWW.KEYGROUPS.IN
CHE BAN
Fa 0/0 S 0/0 S 0/1 Fa 0/0
192.168.201.1 172.16.0.1 172.17.0.2 192.168.203.1
S 0/0/1 S 0/0/0
Fa 0/0
192.168.202.1
Switch
10 20 30 10 20 30
10 20 30
192.168.201.0/24 192.168.203.0/24
Network ID / Mask
192.168.202.0/24
Only 192.168.202.10 Host should access 192.168.201.10 Host (FTP service)

192.168.202.0 Network should access any Network (Telnet Service)
22-10-2016
WWW.KEYGROUPS.IN
HYD-1

HYD-1 (config) # ip access-list extended cisco
HYD-1(config-ext-nacl) # permit tcp 192.168.202.10 0.0.0.0 192.168.201.10 0.0.0.0 eq ftp
HYD-1(config-ext-nacl) # permit tcp 192.168.202.0 0.0.0.255 any eq telnet
HYD-1(config-ext-nacl) # exit
HYD-1 (config) #
CHE
HYD-1 (config-if) # ip access-group cisco in
22-10-2016
WWW.KEYGROUPS.IN
Extended ACL - Named - Verification
22-10-2016
WWW.KEYGROUPS.IN
IPv6 Access Control List
CCIE
C C 22-10-2016
N P
C C N A
IPv6 ACL - Configuration
Creation of IPv6 Access List
Router (config) # ipv6 access-list <acl name>

Router (config-ipv6-acl) # <permit/deny> <protocol>
<IPv6 source address> <prefix length>
< IPv6 destination address> <prefix length>
Implementation of IPv6 Access List

Router (config-if) # ipv6 traffic-filter <acl name> <out/in>
22-10-2016
WWW.KEYGROUPS.IN
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
10 20 30 10 20 30
2001:1111::/64 2001:2222::/64
2001:1111::10/128 should not access 2001:1111::10/128 Host (Web service)
22-10-2016
WWW.KEYGROUPS.IN
HYD-1

HYD-1 (config) # ipv6 access-list cisco
HYD-1 (config-ipv6-acl) # deny tcp 2001:1111::10/128 2001:2222::10/128 eq 80
HYD-1 (config-ipv6-acl) # permit ipv6 any any
HYD-1(config-ipv6-acl) # exit
HYD-1 (config) #
CHE
HYD-1 (config-if) # ipv6 traffic-filter cisco in
HYD-1 (config)#
22-10-2016
WWW.KEYGROUPS.IN
IPv6 ACL - Named - Configuration
22-10-2016
WWW.KEYGROUPS.IN
Default Routing
CCIE
C C 22-10-2016
N P
C C N A
Default Routing
• A default route or gateway of last resort, allows traffic to be forwarded, even

without a specific route to a particular network.
• The default route is identified by all zeros in both the network and subnet mask
(0.0.0.0 0.0.0.0)
• It is generally configured for accessing Internet, where destination is unknown.
• It is the least preferred route in the routing table.
22-10-2016
WWW.KEYGROUPS.IN
Default Routing on IPv4 Network - Configuration
Router (config) # ip route < Destination Network ID >

< Destination Subnet Mask > < Exit Interface Type >
< Exit Interface No. >
22-10-2016
WWW.KEYGROUPS.IN
Default Routing on IPv4 Network
INTERNET
ISP
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch
PC1 PC2 PC3
Interface Network ID / Mask

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
Default Routing on IPv4 Network - Configuration
CHE
CHE # configure terminal

CHE (config) # interface serial 0/0
CHE (config-if) # ip address 202.1.0.18 255.255.255.248
CHE (config-if) # no shutdown
CHE (config-if) # encapsulation ppp
CHE (config-if) # exit CHE
CHE (config) #
CHE (config) # ip route 0.0.0.0 0.0.0.0 Serial0/0
22-10-2016
WWW.KEYGROUPS.IN
Default Routing on IPv4 Network - Verification
22-10-2016
WWW.KEYGROUPS.IN
Network Address Translation (NAT)
CCIE
C C 22-10-2016
N P
C C N A
NAT
• NAT is a process of changing one IP into another

• NAT is used to save precious public IP addresses.
• NAT is usually used to translate private IP addresses to public IP addresses and
vice versa
• It provides security
• Types of NAT
− Static (one to one mapping)
− Dynamic(many to many mapping)
− PAT (many to one mapping)
22-10-2016
WWW.KEYGROUPS.IN
Private IP Address
• There are certain addresses in each class of IP address that are reserved for
Private Networks. These addresses are called private addresses.
• These addresses are not Routable (or) valid on Internet.
Class A
10.0.0.0 to 10.255.255.255
Class B
172.16.0.0 to 172.31.255.255
Class C
192.168.0.0 to 192.168.255.255
22-10-2016
WWW.KEYGROUPS.IN
Public IP Address v/s Private IP Address
Public IP Address Private IP Address
• Used on the Internet • Used within the Organization

(i.e. Public Network) (i.e. Private Network or LAN)
• It should be unique over the • It should be unique within the LAN or
Internet. Organization
• Assigned by the Internet Service • Assigned by Network Administrator
Provider.
• Need to purchased from Internet • FREE
Service Provider.
22-10-2016
WWW.KEYGROUPS.IN
Static NAT
CCIE
C C 22-10-2016
N P
C C N A
Static NAT
• One private IP address is mapped to one public IP address.

• Generally used for hosting public servers. (Internet to Server)
• Generally configured for inbound traffic.
22-10-2016
WWW.KEYGROUPS.IN
How does Static NAT works ?
Source IP and Port Source IP and Port

61.0.0.10 - 3000
DATA ISP - 3000
61.0.0.10
DATA INTERNET ISP
http http
Destination IP and Port Destination IP and Port
requestS0/0 request
192.168.201.10 - 80 202.1.0.18 202.1.0.19 - 80
DATA
CHE TRANSLATION TABLE
Fa 0/0 INSIDE GLOBAL INSIDE LOCAL OUTSIDE LOCAL OUTSIDE GLOBAL
192.168.201.1 202.1.0.19 192.168.201.10 --- ---
202.1.0.20 192.168.201.20 --- ---
Switch
Source IP and Port

DATA
10 20 30 61.0.0.10 User
- DATA
3000
http
request
202.1.0.19 - 80

Fa 0/0 192.168.201.0/24
22-10-2016
S 0/0 202.1.0.16/29 WWW.KEYGROUPS.IN
How does Static NAT works ?

DATA DATA
192.168.201.10 - 80 202.1.0.19 - 80
http ISP http INTERNET ISP
reply reply
61.0.0.10 - 3000 S0/0 61.0.0.10 - 3000
202.1.0.18
DATA
192.168.201.1 202.1.0.19 192.168.201.10 --- ---
202.1.0.20 192.168.201.20 --- ---
Switch
Source IP and Port

10 - 80
192.168.201.10 20DATA 30 User
DATA
http
reply
61.0.0.10 - 3000
Fa 0/0 192.168.201.0/24
22-10-2016
Static NAT - Configuration
Defining NAT on Interfaces
Router (config) # interface <interface type> <interface number>

Router (config-if) # ip nat inside/outside
Configuring static NAT
Router (config) # ip nat inside source static <private ip> <public ip>
22-10-2016
WWW.KEYGROUPS.IN
INTERNET
ISP
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch
10 20 30

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
CHE

CHE (config-if) # ip nat outside
CHE (config-if) # exit
CHE (config) # interface FastEthernet 0/0
CHE (config-if) # ip nat inside CHE
CHE (config)# ip nat inside source static 192.168.201.10 202.1.0.19
22-10-2016
WWW.KEYGROUPS.IN
Static NAT - Verification
Router # show ip nat translations
22-10-2016
WWW.KEYGROUPS.IN
PAT (Overloading)
CCIE
C C 22-10-2016
N P
C C N A
PAT (Overloading)
• Many private IP addresses are mapped to one public IP address.

• Configured for outbound traffic (LAN to Internet)
• All users can access Internet at the same time.
22-10-2016
WWW.KEYGROUPS.IN
How does PAT works ?

DATA DATA
192.168.201.10 - 5000 202.1.0.18 - 5000
request request
61.0.0.10 - 80 S0/0 61.0.0.10 - 80
202.1.0.18
DATA
192.168.201.1 202.1.0.18 :5000 192.168.201.10:5000 61.0.0.10 - 80 61.0.0.10 - 80
Switch
Source IP and Port

10 - 5000
192.168.201.10 20DATA 30 WEB
DATA
http
request
61.0.0.10 - 80
Fa 0/0 192.168.201.0/24
22-10-2016

61.0.0.10 - 80
DATA ISP - 80
61.0.0.10
DATA INTERNET ISP
http http
reply S0/0 reply
192.168.201.10 - 5000 202.1.0.18 202.1.0.18 - 5000
DATA
192.168.201.1 202.1.0.18 :5000 192.168.201.10:5000 61.0.0.10 - 80 61.0.0.10 - 80
Switch
Source IP and Port

DATA
61.0.0.10 - 80
10 20 30 http
Destination IPWEB
DATA
and Port
reply
202.1.0.18 - 5000

Fa 0/0 192.168.201.0/24
22-10-2016

DATA DATA
192.168.201.20 - 5000 202.1.0.18 - 5001
request request
61.0.0.10 - 80 S0/0 61.0.0.10 - 80
202.1.0.18
DATA
192.168.201.1 202.1.0.18 :5000 192.168.201.10:5000 61.0.0.10 - 80 61.0.0.10 - 80
202.1.0.18 :5001 192.168.201.20:5000 61.0.0.10 - 80 61.0.0.10 - 80
Switch
Source IP and Port

DATA
10
192.168.201.20 20
- 5000 30
http WEB
DATA
request
61.0.0.10 - 80

Fa 0/0 192.168.201.0/24
22-10-2016

61.0.0.10 - 80
DATA ISP - 80
61.0.0.10
DATA INTERNET ISP
http http
reply S0/0 reply
192.168.201.20 - 5000 202.1.0.18 202.1.0.18 - 5001
DATA
192.168.201.1 202.1.0.18 :5000 192.168.201.10:5000 61.0.0.10 - 80 61.0.0.10 - 80
202.1.0.18 :5001 192.168.201.20:5000 61.0.0.10 - 80 61.0.0.10 - 80
Switch
Source IP and Port

DATA
61.0.0.10 - 80
10 20 30 http
Destination IPWEB
DATA
and Port
reply
202.1.0.18 - 5001

Fa 0/0 192.168.201.0/24
22-10-2016
PAT - Configuration
Defining NAT on Interfaces
Router (config) # interface <interface type> <interface number>

Router (config-if) # ip nat inside/outside
Configuring PAT
Router (config) # ip nat inside source list <acl no.> interface

< interface type > < interface no. > overload
22-10-2016
WWW.KEYGROUPS.IN
PAT - Configuration
INTERNET
ISP
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch
10 20 30

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
PAT - Configuration
CHE

CHE (config-if) # ip nat outside
CHE (config) # interface FastEthernet 0/0
CHE (config-if) # ip nat inside
CHE
CHE (config) # access-list 10 permit 192.168.201.0 0.0.0.255
CHE (config) # ip nat inside source list 10 interface serial 0/0 overload
22-10-2016
WWW.KEYGROUPS.IN
PAT - Verification
Router # show ip nat translations
22-10-2016
WWW.KEYGROUPS.IN
Network Services
CCIE
C C 22-10-2016
N P
C C N A
Syslog
CCIE
C C 22-10-2016
N P
C C N A
Syslog
• Syslog is a protocol that allows a network device to send their system

messages/notification across the network to message collectors
• Syslog is typically used for network management and security auditing.
• Syslog uses the UDP port number 514.
• Device can be configured to forward syslog messages to various destination
− Buffer : send syslog messages to internal memory buffer
− Syslog Server : send syslog messages to syslog server
22-10-2016
WWW.KEYGROUPS.IN
Message Severity Levels
Level Level Name Explanation

0 Emergency The System may be unusable
1 Alert Immediate action may be required
2 Critical A critical event took place
3 Error A router experienced an error
4 warning A condition might warrant attention
5 Notification A normal but significant condition occurred
6 Informational A normal event occurred
7 Debugging The output is a result of a debug command
22-10-2016
WWW.KEYGROUPS.IN
How Syslog Works ?
Interface
Down
S0/1 Syslog S0/0

HYD-1
Message
F0/0
Switch
Syslog Server
22-10-2016
WWW.KEYGROUPS.IN
Syslog Message Format
Timestamp Severity Level Description
Sep 22 2016 15:24:53.080 : %LINK-5-CHANGED: Interface Serial 0/0, changed state to administratively down
22-10-2016
WWW.KEYGROUPS.IN
Logging to Buffer - Configuration
Router (config) # logging on

Router (config) # logging buffered <level>
22-10-2016
WWW.KEYGROUPS.IN
Logging to Syslog Server - Configuration
Router (config) # logging on

Router (config) # logging host <server ip address>
Router (config) # logging trap <level>
Router (config) # service timestamps log datetime msec
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
F0/0
192.168.2.1/4
Switch
Computer IP Address
192.168.2.10/24
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 (config) # logging on
HYD-1 (config) # logging host 192.168.2.10
HYD-1 (config) # logging trap 7
HYD-1 (config) # service timestamps log datetime msec
HYD-1
HYD-1 (config) # logging on CHE
HYD-1 (config) # logging buffered 7
22-10-2016
WWW.KEYGROUPS.IN
Logging to Syslog Server – Verification
Router # show logging
22-10-2016
WWW.KEYGROUPS.IN
Network Time Protocol
(NTP)
CCIE
C C 22-10-2016
N P
C C N A
Manual Clock
• Manually setting the clocks of network device is neither accurate nor scalable.
• The best practice is to use Network Time Protocol (NTP)
22-10-2016
WWW.KEYGROUPS.IN
Date and Time - Configuration
Router # clock set <hh:mm:ss> <dd mm yyyy>
22-10-2016
WWW.KEYGROUPS.IN
Date and Time - Verification
Router # show clock
22-10-2016
WWW.KEYGROUPS.IN
Network Time Protocol (NTP)
• NTP (Network Time Protocol) is used to synchronize the time throughout

network devices i.e. servers, switches, routers, wireless access points, etc. to
synchronize their clocks with a central source clock.
• NTP works on UDP port 123 for both the source and destination by default.
• NTP can get correct time from internal and external source.
• Normally a router or switch will run in NTP client mode which means that it will
adjust its clock based on the time of a NTP server.
22-10-2016
WWW.KEYGROUPS.IN
NTP - Configuration
Router (config) # ntp server <server ip address>
22-10-2016
WWW.KEYGROUPS.IN
NTP - Configuration
INTERNET
ISP
NTP Server 8.8.8.8
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
NTP - Configuration
CHE
CHE (config) # ntp server 8.8.8.8
CHE (config) # exit
CHE
22-10-2016
WWW.KEYGROUPS.IN
NTP – Verification
Router # show clock

Router # show ntp associations
Router # show ntp status
22-10-2016
WWW.KEYGROUPS.IN
Simple Network Management Protocol
(SNMP)
CCIE
C C 22-10-2016
N P
C C N A
SNMP
• SNMP is an application layer protocol, uses the UDP port number 161.
• It provides a message format for communication between Network Devices
(Agents) and Network Manager.
22-10-2016
WWW.KEYGROUPS.IN
SNMP Components
• SNMP Managers
− It is software that collects information from network devices (i.e. NMS)
• SNMP Agents
− SNMP enabled network devices i.e. Router, Switch, Server, etc.
• Management Information Base:
− Contains the database of objects (information variables)
22-10-2016
WWW.KEYGROUPS.IN
How SNMP Works ?
All Interface UP Interface

Down
S0/1 SNMP
S0/0
HYD-1
Trap
F0/0
Switch
SNMP
Get
SNMP Server
22-10-2016
WWW.KEYGROUPS.IN
Management Information Base
• MIB defines each variable as object id (OID).

• Organizes that into a hierarchy of OIDs, usually shown as tree.
22-10-2016
WWW.KEYGROUPS.IN
SNMP versions
SNMP Security Bulk Retrieval

version Information
Version 1 Plain authentication with community string NO
Version 2 Plain authentication with community string YES

Version 3 Strong authentication, confidentiality and integrity YES
22-10-2016
WWW.KEYGROUPS.IN
SNMP - Configuration
Router (config) # snmp-server community <string>

< ro | rw >
Router (config) # snmp-server host <server ip address>
version <snmp version> <string>
Router (config) # snmp-server enable traps
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
F0/0
192.168.202.1/24
Switch
Computer IP Address
192.168.202.10/24
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 (config) # snmp-server community public rw
HYD-1 (config) # snmp-server host 192.168.202.10 version 2c public
HYD-1 (config) # snmp-server enable traps
HYD-1 (config) # exit
CHE
22-10-2016
WWW.KEYGROUPS.IN
SNMP – Verification
Router # show snmp community

Router # show snmp host
22-10-2016
WWW.KEYGROUPS.IN
DHCP
CCIE
C C 22-10-2016
N P
C C N A
Dynamic Host Control Protocol (DHCP)
Dynamic Host Control Protocol is used for dynamic IP address assignment to
network devices / hosts.
DHCP server provides IP address, Subnet mask, Default gateway and DNS server
IP address to DHCP clients.
Router can be configured both as a DHCP Server and DHCP Client.
22-10-2016
WWW.KEYGROUPS.IN
DHCP Server - Configuration
Router (config) # ip dhcp pool < name >

Router (dhcp-config) # network < network address > < subnet mask >
Router (dhcp-config) # default-router < router ip address >
Router (dhcp-config) # dns-server < dns server ip address >
Router (dhcp-config) # lease < days > < hours > <minutes>
Router (dhcp-config) # exit
Router (config) # ip dhcp excluded-address <start address> <end address>
Router (config)# exit
22-10-2016
WWW.KEYGROUPS.IN
INTERNET
ISP
S0/0
CHE
Fa 0/0
192.168.201.1
Switch

Fa 0/0 192.168.1.0/24
S 0/0/0 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
CHE

CHE (config) # ip dhcp pool KEYGROUPS
CHE (dhcp-config) # network 192.168.1.0 255.0.0.0
CHE (dhcp-config) # default-router 192.168.1.1
CHE (dhcp-config) # dns-server 8.8.8.8
CHE (dhcp-config) # lease 1 1 1
CHE
CHE (dhcp-config) # exit
CHE (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.50
CHE (config)# exit
22-10-2016
WWW.KEYGROUPS.IN
DHCP Server – Verification
Router # show ip dhcp binding
22-10-2016
WWW.KEYGROUPS.IN
DHCP Client - Configuration
Router (config) # interface <interface type> <interface no.>

Router (config-if) # ip address dhcp <pool name>
Router (config-if) # exit
22-10-2016
WWW.KEYGROUPS.IN
INTERNET
ISP
S0/0
CHE
Fa 0/0
192.168.1.1
Switch

Fa 0/0 192.168.1.0/24
S 0/0/0 172.16.0.0/16
22-10-2016
WWW.KEYGROUPS.IN
CHE
CHE (config)# interface serial 0/0
CHE (config-if)# ip address dhcp KEYGROUPS
CHE (config-if)# no shutdown
CHE (config-if)# exit
CHE (config)#
CHE
22-10-2016
WWW.KEYGROUPS.IN
DHCP Client – Verification
Router # show interface <interface type> <interface no>

Router # show ip interface brief
22-10-2016
WWW.KEYGROUPS.IN
Advanced IPv6
CCIE
C C 22-10-2016
N P
C C N A
IPv6 Neighbor Discovery
CCIE
C C 22-10-2016
N P
C C N A
Neighbor Discovery
• IPv6 Neighbor Discovery is a set of messages and processes that determine

relationships between neighboring nodes.
• Neighbor Discovery replaces ARP, ICMP Router Discovery, and ICMP Redirect
used in IPv4 and provides additional functionality.
22-10-2016
WWW.KEYGROUPS.IN
Neighbor Discovery Message – NS & NA
• Neighbor Solicitation (NS)

− Message used by Host for requesting Neighbor Host Mac Address
• Neighbor Advertisement (NA)
− Message used by Neighbor Host for replying Mac Address to requesting Host
22-10-2016
WWW.KEYGROUPS.IN
Neighbor Discovery Message – NS & NA
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
NA
NS
Switch Switch
10
NA
NS 20 30 10 20 30
2001:1111::/64 2001:2222::/64
22-10-2016
WWW.KEYGROUPS.IN
Neighbor Discovery Message – RS, RA & Redirect
• Router Solicitation (RS)

− Message used by Host for requesting Router IP Address
• Router Advertisement (RA)
− Message used by Router for replying to the Host with Router IP Address
• Redirect.
− Message used by Host for requesting change of IP Address to Router.
22-10-2016
WWW.KEYGROUPS.IN
Neighbor Discovery Messages
Fa 0/1 Fa 0/1
2001:5555::1 2001:5555::2
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
10
RA
RS 20 30 10 20 30
2001:1111::/64 2001:2222::/64
22-10-2016
WWW.KEYGROUPS.IN
IPv6 Address Assignment
CCIE
C C 22-10-2016
N P
C C N A
IPv6 Address Assignment
IPv6
Manual Dynamic
Static EUI-64 SLAAC DHCPv6
22-10-2016
WWW.KEYGROUPS.IN
Host Configuration
MAC address of Local system
001CC01242EA
001CC0 1242EA
FFFE
001C:C0FF:FE12:42EA
7th Initial Bit of MAC will be always “1”
021C:C0FF:FE12:42EA
HOST portion of IPv6 address
22-10-2016
WWW.KEYGROUPS.IN
IPv6 EUI-64 & SLAAC - Configuration
Assigning IPv6 Address using EUI-64

Router (config) # ipv6 unicast-routing
Router (config-if) # ipv6 enable
Router (config-if) # ipv6 address <IPv6 address> <prefix length> eui-64
Assigning IPv6 Address using SLAAC

Router (config) # ipv6 unicast-routing
Router (config-if) # ipv6 enable
Router (config-if) # ipv6 address autoconfig
22-10-2016
WWW.KEYGROUPS.IN
Fa 0/1 Fa 0/1
HYD-1 HYD-2
Fa 0/0 Fa 0/0
2001:1111::1 2001:2222::1
Switch Switch
10 20 30 10 20 30
2001:1111::/64 2001:2222::/64
22-10-2016
WWW.KEYGROUPS.IN
HYD-1 HYD-2
HYD-1 (config) # interface FastEthernet 0/0 HYD-2 (config) # interface fastEthernet 0/0
HYD-1 (config-if) # ipv6 enable HYD-2 (config-if) # ipv6 enable
HYD-1 (config-if) # ipv6 address 2001:5555::/64 eui-64 HYD-2 (config-if) # ipv6 address autoconfig
22-10-2016
WWW.KEYGROUPS.IN
IPv6 EUI-64 & SLAAC - Verification
Router # show interface <interface type > <interface no. >
22-10-2016
WWW.KEYGROUPS.IN
First Hop Redundancy Protocol
(FHRP)
CCIE
C C 22-10-2016
N P
C C N A
Importance of Redundancy
INTERNET
ISP
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch
10
Data 20 30

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
Single point of Failure
INTERNET
ISP
S0/0
202.1.0.18
CHE
Fa 0/0
192.168.201.1
Switch
10
Data 20 30

Fa 0/0 192.168.201.0/24
S 0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
First Hop Redundancy Protocol (FHRP)
• First Hop Redundancy Protocols (FHRP) are a group of protocols that provide
Default Gateway Redundancy if there is more than one path to the same
Destination.
• The following are FHRP:
− HSRP (Cisco Proprietary)
− VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL)(IETF Standard)
− GLBP (GATEWAY LOAD BALANCING PROTOCOL)(Cisco Proprietary)
22-10-2016
WWW.KEYGROUPS.IN
Hot Standby Router Protocol (HSRP)
• HSRP is a Cisco proprietary protocol.

• HSRP groups multiple physical routers
− i.e. Active router and Standby router into a single virtual router.
• Virtual IP and Mac-addresses are shared between these two physical routers.
• Routers which are grouped together must be assigned the same group number,
which can range from 0 to 255
• So when a router goes down or the link into the router fails, there is a second
physical device ready to respond to the same default gateway address
information
22-10-2016
WWW.KEYGROUPS.IN
How HSRP works ?
INTERNET
ISP1 ISP2
S0/0 S0/1
202.1.0.18 202.2.0.18
Active Router Priority-200 Priority-150 Standby

Active Router
Router
R1 R2
Fa 0/0 Virtual IP – 192.168.1.254 Fa 0/0
192.168.1.1 192.168.1.2
Switch
Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.1.0/24
S 0/0 202.1.0.16/29 S 0/0 202.2.0.16/29
Data
Data
Default Gateway
22-10-2016 192.168.1.254
WWW.KEYGROUPS.IN
HSRP Elections
• Uses multicast messages to communicate priority with other routers.

• Default priority is 100.
• Router with the highest priority will be the Active Router and second highest
will be the Standby Router
• If the priorities are the same, the first router up becomes the primary.
• The default hold timer is 10 seconds and hello timer is 3 seconds.
• Hello Messages uses multicast address 224.0.0.2 for version 1 using
UDP port 1985.
22-10-2016
WWW.KEYGROUPS.IN
HSRP Terminology
• Active router:
− Actively forwards the user traffic.
− Sends the reply for ARP messages requested for virtual mac address.
− Knows the Virtual Router IP Address.
− Sends hello messages.
• Standby router:
− Backup for active router.
− Sends hello messages.
− Whenever hello is not received, it takes the role of active router and
forwards user traffic.
22-10-2016
WWW.KEYGROUPS.IN
HSRP Version
HSRP Version 1 HSRP Version 2
• Hello Messages uses multicast • Hello Messages uses multicast

address 224.0.0.2 address 224.0.0.102
• Group number range from 0 • Group number range from 0
to 255 to 4095
22-10-2016
WWW.KEYGROUPS.IN
HSRP - Configuration
Router (config) # interface < interface type > < no. >
Router (config-if) # standby < hsrp group no. > ip < virtual ip address>
Router (config-if) # standby < hsrp group no. > priority <priority>
Router (config-if) # standby < hsrp group no. > preempt
Router (config-if) # standby version { 1 | 2 }
22-10-2016
WWW.KEYGROUPS.IN
INTERNET
ISP1 ISP2
S0/0 S0/1
202.1.0.18 202.2.0.18
Priority-200 Priority-150 Standby Router

R1 R2
Fa 0/0 Virtual IP – 192.168.1.254 Fa 0/0
192.168.1.1 192.168.1.2
Switch
Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.1.0/24
S 0/0 202.1.0.16/29 S 0/0 202.2.0.16/29
Default Gateway
22-10-2016 192.168.1.254
WWW.KEYGROUPS.IN
R1 R2
R1 (config) # interface fastEthernet 0/0 R2 (config) # interface fastEthernet 0/0
R1 (config-if) # standby 10 ip 192.168.1.254 R2 (config-if) # standby 10 ip 192.168.1.254
R1 (config-if) # standby 10 priority 200 R2 (config-if) # standby 10 priority 150
R1 (config-if) # standby 10 preempt R2 (config-if) # standby version 2
R1 (config-if) # standby version 2
22-10-2016
WWW.KEYGROUPS.IN
HSRP – Verification
Router # show standby
22-10-2016
WWW.KEYGROUPS.IN
Floating Static Route
CCIE
C C 22-10-2016
N P
C C N A
Importance of WAN Redundancy
Global DNS
8.8.8.8
INTERNET
ISP1 ISP2
S0/0 S0/1
202.1.0.18 202.1.0.17
S 0/0/1 S 0/0/0
202.1.0.17 R2
HYD-1 202.2.0.17
Fa 0/0
192.168.2.1
Switch
Switch
Data

Fa 0/0 192.168.2.0/24
S 0/0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
S 0/0/1 202.2.0.16/29
Floating Static Route
• Floating static routes are static routes configured to provide a backup path in
event of a link failure of primary static or dynamic routes.
• The floating static route is only used when the primary route is not available.
• Floating static route is configured with a higher administrative distance than
the primary route.
22-10-2016
WWW.KEYGROUPS.IN
Floating Static Route - Configuration
Router (config) # ip route < Destination Network ID >

< Destination Subnet Mask > < Exit Interface Type >
< Exit Interface No. > < Administrative Distance >
22-10-2016
WWW.KEYGROUPS.IN
Global DNS
8.8.8.8
INTERNET
ISP1 ISP2
S0/0
202.1.0.18
S 0/0/1 S 0/0/0
202.1.0.17 R2
HYD-1 202.2.0.17
Fa 0/0
192.168.202.1
Switch
Switch

Fa 0/0 192.168.202.0/24
S 0/0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
S 0/0/1 202.2.0.16/29
HYD-1
HYD-1 (config) # ip route 0.0.0.0 0.0.0.0 Serial 0/0/1
HYD-1 (config) # ip route 0.0.0.0 0.0.0.0 Serial 0/0/0 2
CHE
22-10-2016
WWW.KEYGROUPS.IN
Floating Static Route - Verification
22-10-2016
WWW.KEYGROUPS.IN
IP Service Level Agreement
(IP SLA)
CCIE
C C 22-10-2016
N P
C C N A
IP SLA
Global DNS
8.8.8.8
INTERNET
ISP1 ISP2
S0/0 S0/1
ISP1 DNS 202.1.0.18 202.2.0.18 ISP2 DNS
1.1.1.1 2.2.2.2
S 0/0/1 S 0/0/0
202.1.0.17 R2
HYD-1 202.2.0.17
Fa 0/0
192.168.202.1
Switch
Switch
Data

Fa 0/0 192.168.202.0/24
S 0/0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
S 0/0/1 202.2.0.16/29
IP SLA
• IP SLAs is a feature included in the Cisco IOS Software that can allow
administrators the ability to Analyze IP Service Levels for IP applications and
services.
• IP SLA's uses active traffic-monitoring technology to monitor continuous
traffic on the network. This is a reliable method in measuring over head
network performance.
• The best and simplest way to achieve WAN redundancy on Cisco devices is to
use Reliable Static backup routes with IP SLA tracking.
22-10-2016
WWW.KEYGROUPS.IN
IP SLA - Configuration
Router (config) # ip sla <operation-number>

Router (config-ip-sla) # icmp-echo <destination ip address>
Router (config-ip-sla-echo) # frequency < seconds >
Router (config-ip-sla-echo) # exit
Router (config) # ip sla schedule <operation-number> start-time now life forever

Router (config) # track < object-number > ip sla <operation-number>
Router (config-track) # delay down <seconds> up <seconds>
Router (config-track) # exit
Router (config) # ip route <destination network> <destination subnet mask>
<next hop ip address> track < object-number >
22-10-2016
WWW.KEYGROUPS.IN
Global DNS
8.8.8.8
INTERNET
ISP1 ISP2
S0/0 S0/1
ISP1 DNS 202.1.0.18 202.2.0.18 ISP2 DNS
1.1.1.1 2.2.2.2
S 0/0/1 S 0/0/0
202.1.0.17 R2
HYD-1 202.2.0.17
Fa 0/0
192.168.202.1
Switch
Switch

Fa 0/0 192.168.202.0/24
S 0/0/0 202.1.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
S 0/0/1 202.2.0.16/29
HYD-1
HYD-1 (config) # ip sla 1

HYD-1 (config-ip-sla) # icmp-echo 1.1.1.1
HYD-1 (config-ip-sla-echo) # frequency 5
HYD-1 (config-ip-sla-echo) # exit
HYD-1 (config) # ip sla schedule 1 start-time now life forever

HYD-1 (config) # track 10 ip sla 1
HYD-1 (config-track) # delay down CHE
20 up 10
HYD-1 (config-track) # exit
HYD-1 (config) # ip route 0.0.0.0 0.0.0.0 202.1.0.18 track 10
HYD-1 (config) # end
HYD-1 #
22-10-2016
WWW.KEYGROUPS.IN
IP SLA - Verification
22-10-2016
WWW.KEYGROUPS.IN
Local Database Authentication
CCIE
C C 22-10-2016
N P
C C N A
Local Database Authentication
• Usernames and Passwords are created on the device.

• It provides better security than a simple password.
• It is a cost effective and easily implemented security solution.
22-10-2016
WWW.KEYGROUPS.IN
Local Database Authentication - Configuration
Router (config) # username <user name> password < password >
Router (config) # line vty 0 4

Router (config-line ) # login local
Router (config-line ) # end
Router (config) #
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
F0/0
192.168.202.1/24
Switch
Computer IP Address
192.168.202.10/24
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 (config) # username zoom password cisco
HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # login local
HYD-1 (config-line) # end
CHE
22-10-2016
WWW.KEYGROUPS.IN
Disadvantage of Local Database Authentication
• Local Database needs to be replicated on all network devices

• Better and Scalable solution is to use AAA Server.
22-10-2016
WWW.KEYGROUPS.IN
AAA
CCIE
C C 22-10-2016
N P
C C N A
AAA
• Authentication
− Authentication provides the method of identifying users
• Authorization
− Authorization provides a method of controlling access to what a user can do.
• Accounting
− Accounting provides a method for collecting and sending security server
information used for billing, auditing and reporting.
22-10-2016
WWW.KEYGROUPS.IN
AAA Advantages
• Increased flexibility and control of access configuration

• Scalability
• Multiple backup systems
• Standardized authentication methods
− RADIUS, TACACS+ and Kerberos
22-10-2016
WWW.KEYGROUPS.IN
AAA Protocols
• Terminal Access Controller Access Control System (TACACS)

• Remote Access Dial In User Service (RADIUS)
22-10-2016
WWW.KEYGROUPS.IN
TACACS v/s RADIUS
TACACS RADIUS
• TACACS+ is Cisco proprietary • RADIUS is supported by multiple

protocol vendors
• TACACS+ uses TCP as Transport • RADIUS uses UDP as Transport
Layer Protocol layer Protocol
• TACACS+ encrypts the entire • RADIUS encrypts passwords only
communication
• TACACS+ treats Authentication, • RADIUS combines Authentication
Authorization and Accountability and Authorization
differently
22-10-2016
WWW.KEYGROUPS.IN
AAA Server Based Authentication - Configuration
Router (config) # aaa new-model>

Router (config) # tacacs-server host < server ip address >
Router (config) # tacacs-server key < secret key >
Router (config) # aaa authentication login default group tacacs local
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
F0/0
192.168.202.1/24
Switch
Computer IP Address
192.168.202.10/24
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 (config) # aaa new-model

HYD-1 (config) # tacacs-server host 192.168.202.10
HYD-1 (config) # tacacs-server key cisco
HYD-1 (config) # aaa authentication login default group tacacs local
CHE
22-10-2016
WWW.KEYGROUPS.IN
Remote Login Protocols
CCIE
C C 22-10-2016
N P
C C N A
Secure Shell (SSH)
• SSH is used for securely remote login on the Network devices for configuration.
• It works on TCP Port 22.
• It provides data encryption between host and network device.
• Cisco IOS should support encryption for enabling SSH.
22-10-2016
WWW.KEYGROUPS.IN
SSH - Configuration
Router (config) # ip domain-name < domain name>

Router (config) # crypto key generate rsa
Router (config) # line vty 0 4
Router (config-line) # login local
Router (config-line) # transport input ssh
Router (config-line) # end
22-10-2016
WWW.KEYGROUPS.IN
SSH - Configuration
HYD-1
F0/0
192.168.202.1/24
Switch
Computer IP Address
192.168.202.10/24
22-10-2016
WWW.KEYGROUPS.IN
SSH - Configuration
HYD-1
HYD-1 (config) # ip domain-name keygroups.com
HYD-1 (config) # crypto key generate rsa
HYD-1 (config) # line vty 0 4
HYD-1 (config-line) # login local
HYD-1 (config-line) # transport input ssh
HYD-1 (config-line) # end
22-10-2016
WWW.KEYGROUPS.IN
Virtual Private Network
(VPN)
CCIE
C C 22-10-2016
N P
C C N A
Communication via Internet
Chennai Bangalore
Fa0/0
Internet Fa0/0
Switch Switch
Hello What sup
HYD
LAN – 192.168.201.0/24 LAN – 192.168.203.0/24
Fa0/0
Switch
HYDERABAD
Office
LAN – 192.168.202.0/24
22-10-2016
WWW.KEYGROUPS.IN
Virtual Private Network
• It provides a private communication channel over a public network.

• Provides security
• Provides point to point connectivity
• Scalability
22-10-2016
WWW.KEYGROUPS.IN
VPN
Chennai Bangalore
$%$&)*& &^(*%@#
Fa0/0
Internet Fa0/0
Switch Switch
Hello What sup
HYD
LAN – 192.168.201.0/24 LAN – 192.168.203.0/24
Fa0/0
Switch
HYDERABAD
Hello
What sup Office
LAN – 192.168.202.0/24
22-10-2016
WWW.KEYGROUPS.IN
Features of VPN
• Confidentiality (Privacy)
• Authentication
• Data integrity
• Anti-replay
22-10-2016
WWW.KEYGROUPS.IN
Types of VPN
• GRE
• IPSec VPN
• SSL VPN
• DMVPN (Dynamic Multipoint VPN)
22-10-2016
WWW.KEYGROUPS.IN
Generic Routing Encapsulation ( GRE )
• GRE is a tunneling protocol that was originally developed by Cisco.

• GRE provides tunneling of Non-IP traffic (IPX and Appletalk) and Multicast
traffic (which is not done by IPSec).
• However, GRE provides only tunneling without any encryption.
22-10-2016
WWW.KEYGROUPS.IN
GRE - Configuration
Router (config) # interface tunnel < no. >

Router (config-if) # ip address < address > < subnet mask >
Router (config-if) # tunnel source < tunnel source ip address >
Router (config-if) # tunnel destination < tunnel destination ip address >
22-10-2016
WWW.KEYGROUPS.IN
GRE - Configuration
INTERNET
VPN TUNNEL
ISP ISP
S0/0/0 S0/0/1
202.1.0.18 202.2.0.18
CHE BAN
Fa 0/0 Fa 0/0
192.168.1.1 192.168.3.1
Switch Switch

Fa 0/0 192.168.1.0/24 Fa 0/0 192.168.3.0/24
S 0/0/0 202.1.0.16/29 S 0/0/1 202.2.0.16/29
22-10-2016
WWW.KEYGROUPS.IN
GRE - Configuration
CHE BAN
CHE (config) # int tunnel 0 BAN (config) # int tunnel 0
CHE (config-if) # ip add 1.1.1.1 255.255.255.0 BAN (config-if)# ip add 1.1.1.2 255.255.255.0
CHE (config-if) # tunnel mode gre ip BAN (config-if) # tunnel mode gre ip
CHE (config-if) # tunnel source serial 0/0 BAN (config-if)# tunnel source serial 0/1
CHE (config-if) # tunnel destination 202.2.0.18 BAN (config-if)# tunnel destination 202.1.0.18
CHE (config-if) # end BAN (config-if)# end
22-10-2016
WWW.KEYGROUPS.IN
GRE – Verification
Router # show interface tunnel < no.>
22-10-2016
WWW.KEYGROUPS.IN
Password Recovery
CCIE
C C 22-10-2016
N P
C C N A
Password Recovery - Steps
• Connect the console cable from Router console Port to PC COM port
• Open the Emulation Software (Putty)
• Restart the Router
• Press Ctrl + Break to Enter into Rommon mode
22-10-2016
WWW.KEYGROUPS.IN
RJ-45
Connector
Console Port

Cable Converter
22-10-2016
WWW.KEYGROUPS.IN
Password Recovery
Con 0
Router
E0
Switch
22-10-2016
WWW.KEYGROUPS.IN
Password Recovery - BOOT Sequence
Power On Self Test – checks the hardware POST
ROM loads Bootstrap program and searches for the IOS ROM
IOS from Flash is loaded FLASH
Boot process is completed bypassing startup configuration RAM
Configuration Register - 0x2142
22-10-2016
WWW.KEYGROUPS.IN
Rommon1 > confreg 0x2142

Rommon2 > reset
22-10-2016
WWW.KEYGROUPS.IN
Router > enable

Router # copy startup-config running-config
Router # configure terminal
Router (config) # enable secret < new password >
Router (config) # interface FastEthernet 0/0
Router (config) # exit
Router (config) # config-register 0x2102
Router (config) # end
Router # write
Router # reload
22-10-2016
WWW.KEYGROUPS.IN
PPP over Ethernet
(PPPoE)
CCIE
C C 22-10-2016
N P
C C N A
PPP over Ethernet (PPPoE)
• PPP over Ethernet (PPPoE) is a method of encapsulating PPP frames so that

they can be sent over an Ethernet network.
• PPPoE is generally used by Internet Service Providers (ISPs) to provide
Broadband Internet access based upon user authentication.
• We can configure Cisco router as PPPoE Client for Broadband Internet Access.
22-10-2016
WWW.KEYGROUPS.IN
PPPoE Client - Configuration
Router (config) # interface < ethernet interface > < no. >
Router (config-if) # no ip address
Router (config-if) # pppoe enable
Router (config-if) # pppoe-client dial-pool-number <no.>
Router (config-if) # exit
Router (config) # interface dialer < no. >
Router (config-if) # mtu 1492
Router (config-if) # ip address negotiated
Router (config-if) # encapsulation ppp
Router (config-if) # ppp authentication pap callin
Router (config-if) # ppp pap sent-username < username > password < password >
Router (config-if) # dialer pool < no. >
Router (config-if) # ppp ipcp route default
22-10-2016
WWW.KEYGROUPS.IN
INTERNET
ISP
Fa 0/1
HYD-1
Fa 0/0
192.168.202.1
Switch
PC1 PC2 PC3

Fa 0/0 192.168.202.0/24
22-10-2016
WWW.KEYGROUPS.IN
HYD-1
HYD-1 (config) # interface fastethernet 0/1

HYD-1 (config-if) # no ip address
HYD-1 (config-if) # pppoe enable
HYD-1 (config-if) # pppoe-client dial-pool-number 1
HYD-1 (config) # interface dialer 1
HYD-1 (config-if) # mtu 1492
HYD-1 (config-if) # ip address negotiated
HYD-1 (config-if) # encapsulation ppp
HYD-1 (config-if) # ppp authentication pap callin
HYD-1 (config-if) # ppp pap sent-username cisco password ccna
HYD-1 (config-if) # dialer pool 1
HYD-1 (config-if) # ppp ipcp route default
22-10-2016
WWW.KEYGROUPS.IN
PPPoE Client – Verification
Router # show interfaces dialer < no. >
22-10-2016
WWW.KEYGROUPS.IN

New Ccna - Ajith

Uploaded by

Copyright:

Available Formats

New Ccna - Ajith

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

New Ccna - Ajith

Uploaded by

Copyright:

Available Formats

Cisco Certified Network Associate

• Cisco certifications are globally respected IT certification programs for Wide

• There are 2 tracks for CCNA examination :

• CCNA ICND 1 (100-105) - Wendell Odom - Cisco Press

• Interconnection of two or more devices is called as a network.

• LAN - Local Area Network

• Internet is a massive network of networks, a networking infrastructure.

22-10-2016 facebook.com zoomgroup.com

Co-axial Twisted pair Fiber Infrared RF

STP Cable Fiber optic

• Straight Through Cable

• Generally used for connecting two devices of different types

• Generally used for connecting same type of devices.

Category DTR Purpose Connector

CAT 5 100 Mbps Fast Ethernet RJ 45

CAT 5e 500 Mbps RJ 45

• NIC is the interface between the computer and the network

Bus Topology Star Topology

Ring Topology Mesh Topology

PC PC PC Server IP Phone Server PC PC PC

• IP Address is a Logical Address

• Bit is represent by 0 or 1 (i.e. Binary)

First Octet Second Octet Third Octet Forth Octet

01010101. 00000101. 10111111. 00000001

Taking Example for First Octet :

IP address are divided into 5 Classes

• CLASS B Used in LAN & WAN

• CLASS D Reserved for Multicasting

• CLASS E Reserved for Research & Development

• Priority Bit is used for IP Address classification.

Class A Range Class B Range Class C Range

Class D Range Class E Range

17.1.256.1 Invalid IP Address

• IP address is divided into Network & Host Portion

− CLASS A is written as N.H.H.H

− CLASS B is written as N.N.H.H

− CLASS C is written as N.N.N.H

• Class A Octet Format is N.H.H.H

• Class B Octet Format is N.N.H.H

• Class C Octet Format is N.N.N.H

• Only Valid IP Addresses are assigned to hosts/clients

IP Address Network Address and Broadcast Address

IP Address Valid Address

• Subnet Mask differentiates the Network and Host portions of an IP address

IP Address Default subnet mask

• The output of an AND table is 1 if both its inputs are 1.

Public IP Address Private IP Address

• Used on the Internet • Used within the Organization

• IPv6 is 128 bit address

xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx : xxxx

• 4 bits = 1 hex digit

IPv6 Address IPv6 Address after Omission of ZERO’S

2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00

2000 : 0 : 0 : 4DAD : 23 : 46 : BB : 101

IPv6 Address after Replacing Successive

2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : BC00

Multicast FF00::/8 Multicast 224.0.0.0 to 239.255.255.255

Loopback 0:0:0:0:0:0:0:1/128 Loopback 127.0.0.0/8

Default 0:0:0:0:0:0:0:0 Default 0.0.0.0