SPNGN1101SG Vol1

SPNGN1
Building Cisco Service

Provider Next-Generation
Networks, Part 1
Volume 1
Version 1.01
Student Guide
Text Part Number: 97-3127-02

Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Student Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Students, this letter describes important
course evaluation access information!
Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
Cisco Systems is committed to bringing you the highest-quality training in the industry.
Cisco learning products are designed to advance your professional goals and give you
the expertise you need to build and maintain strategic networks.
Cisco relies on customer feedback to guide business decisions; therefore, your valuable
input will help shape future Cisco course curricula, products, and training offerings.
We would appreciate a few minutes of your time to complete a brief Cisco online
course evaluation of your instructor and the course materials in this student kit. On the
final day of class, your instructor will provide you with a URL directing you to a short
post-course evaluation. If there is no Internet access in the classroom, please complete
the evaluation within the next 48 hours or as soon as you can access the web.
On behalf of Cisco, thank you for choosing Cisco Learning Partners for your
Internet technology training.
Sincerely,
Cisco Systems Learning

Table of Contents
Volume 1
Course Introduction 1
Overview 1
Learner Skills and Knowledge 2
Course Goal and Objectives 3
Course Flow 4
Additional References 5
Cisco Glossary of Terms 5
Your Training Curriculum 6
Your Training Curriculum 7
IP Fundamentals 1-1
Overview 1-1
Module Objectives 1-1
Defining Functions of Networking 1-3
Overview 1-3
Objectives 1-3
Network Definition 1-4
Common Physical Components of a Network 1-5
Cisco Hierarchical Model 1-6
Cisco IP NGN Model 1-7
Interpreting a Network Diagram 1-8
Network Benefits 1-10
Cisco IP NGN User Applications 1-11
Impact of User Applications on the Network 1-12
Characteristics of a Network 1-13
Physical Topology 1-16
Logical Topologies 1-17
Bus Topology 1-18
Single-Ring and Dual-Ring Topology 1-19
Star and Extended-Star Topology 1-20
Full-Mesh and Partial-Mesh Topology 1-21
Types of Physical Connections 1-22
Copper 1-23
Optical Fiber 1-23
Wireless 1-23
Summary 1-24
Introducing TCP/IP Layers and the OSI Reference Model 1-25
Overview 1-25
Objectives 1-25
TCP/IP Layers and the OSI Model 1-27
Layer 1: The Physical Layer 1-29
Layer 2: The Data Link Layer 1-30
Layer 3: The Network Layer 1-31
Layer 4: The Transport Layer 1-32
Layer 5: The Session Layer 1-33
Layer 6: The Presentation Layer 1-34
Layer 7: The Application Layer 1-35
TCP/IP Stack 1-36
TCP/IP Stack vs. the OSI Model 1-38
Protocol Data Units 1-39
Encapsulation 1-40
Example: Sending a Package Through a Postal Service 1-41
Layer 2 and Layer 3 Addresses 1-43
IP Characteristics 1-44
IPv4 Address Representation 1-45
IPv6 Address Representation 1-47
Mapping a Physical Address to a Network Address 1-49
ARP Table 1-50
Host-to-Host Communication 1-51
Host-Based Tools: ping 1-62
Host-Based Tools: arp 1-63
Host-Based Tools: tracert 1-65
Summary 1-66
Managing IP Addressing 1-69
Overview 1-69
Objectives 1-69
Types of IPv4 Addresses 1-71
Reserved IPv4 Address 1-73
Network Address 1-73
Directed Broadcast Address 1-74
Local Broadcast Address 1-74
Local Loopback Address 1-74
Autoconfiguration IP Addresses 1-74
Network ID 1-74
Host ID 1-74
Private and Public IPv4 Addresses 1-75
Private IPv4 Addresses 1-75
Public IPv4 Addresses 1-76
IPv6 Address Formats and Types 1-77
Link-Local IPv6 Unicast Addresses 1-78
Global IPv6 Unicast Addresses 1-79
Unique Local IPv6 Unicast Addresses 1-80
Special-Purpose IPv6 Unicast Addresses 1-82
Multicast IPv6 Addresses 1-83
Anycast IPv6 Addresses 1-85
IPv4 Header Format 1-86
IPv6 Header Format 1-88
IPv4 and IPv6 Header Comparison 1-90
Assigning Addresses in IPv6 1-91
Stateless IPv6 Autoconfiguration 1-93
DHCPv6 1-95
Internet Control Message Protocol 1-96
ICMP Type 1-97
ICMP in the IPv6 Neighbor Discovery 1-99
ICMP Message Type 133: Router Solicitation 1-99
ICMP Message Type 134: Router Advertisement 1-99
ICMP Message Type 135: Neighbor Solicitation 1-100
ICMP Message Type 136: Neighbor Advertisement 1-100
ICMP Message Type 137: Redirect Message 1-100
Verifying the IP Address of a Host 1-101
Enabling IPv6 on Windows 1-102
The ipconfig Command 1-103
Domain Name System 1-105
DNS-Supported Objects 1-106
Record Types 1-106
Forward Lookups 1-107
DNS Tree Structure 1-109
Summary 1-111
References 1-112
Describing the TCP/IP Transport Layer 1-113
Overview 1-113
Objectives 1-113
Transport Layer 1-114
Session Multiplexing 1-114
ii Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Identification of Applications 1-115
Segmentation 1-115
Flow Control 1-115
Connection-Oriented Transport Protocol 1-115
Reliable vs. Best-Effort Comparison 1-116
Reliability (Connection-Oriented) 1-116
Best-Effort (Connectionless) 1-117
UDP Characteristics 1-118
TCP Characteristics 1-119
TCP/IP Application Layer Overview 1-121
Interaction with Network and Application Layers 1-123
Interaction with the Application Layer 1-124
TCP and UDP Headers 1-125
TCP Connection Establishment 1-127
TCP Connection Teardown 1-130
TCP Flow Control 1-132
Maximize Throughput 1-139
Global Synchronization 1-139
Summary 1-140
Explaining Network Security 1-141
Overview 1-141
Objectives 1-141
Common Network Attacks 1-142
Physical Installations 1-142
Reconnaissance Attacks 1-143
Access Attacks 1-144
Password Attacks 1-144
Threat Capabilities 1-145
Closed Networks 1-146
Open Networks 1-147
Need for Network Security 1-148
Network Protection Implementation Cost and Benefits 1-149
CIA Triad 1-150
Cisco Network Foundation Protection 1-151
E-Business Challenge 1-152
Attacking a Network 1-153
Classes of Attack 1-154
Service Provider Specific Attacks 1-155
Summary 1-156
References 1-156
Explaining IP Addressing and Subnets 1-157
Overview 1-157
Objectives 1-157
Subnets 1-158
Subnet Masks 1-160
VLSM 1-162
End-System Subnet Mask Operations 1-163
Default Gateways 1-164
How Routers Use Subnet Masks 1-165
Applying the Subnet Address Scheme 1-166
IP Address Plans 1-167
Procedure for Implementing Subnets 1-171
Determining Subnet Addresses Example 1-172
Example: Applying a Subnet Mask for a Class C Address 1-174
Example: Applying a Subnet Mask for a Class B Address 1-176
Example: Applying a Subnet Mask for a Class A Address 1-178
Variable-Length Subnet Mask 1-180
Summary 1-183
Module Summary 1-185
 2012 Cisco Systems, Inc. Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 iii
Module Self-Check 1-187
Module Self-Check Answer Key 1-194
Basic LAN Switching 2-1
Overview 2-1
Module Objectives 2-1
Understanding Ethernet 2-3
Overview 2-3
Objectives 2-3
LAN Definition 2-4
Example: A Small Office LAN 2-5
Example: An Enterprise LAN 2-5
LAN Components 2-6
LAN Functions 2-7
LAN Sizes 2-8
History of Ethernet 2-9
LAN Standards 2-10
LLC Sublayer 2-10
MAC Sublayer 2-10
LAN Specifications 2-11
Carrier Sense Multiple Access with Collision Detection 2-12
Ethernet Frame 2-14
Ethernet MAC Address 2-15
Summary 2-17
Connecting to an Ethernet LAN 2-19
Overview 2-19
Objectives 2-19
Ethernet on Layer 1 2-20
Network Interface Card 2-22
Ethernet Media 2-23
Copper Ethernet 2-24
Copper Ethernet Media Requirements 2-26
RJ-45 Connector 2-28
Straight-Through Ethernet Cables 2-30
Straight-Through Cable for 10BASE-T and 100BASE-T 2-31
Straight-Through Cable for 1000BASE-T 2-31
Crossover Ethernet Cables 2-32
Crossover Cable for 10BASE-T and 100BASE-T 2-32
Crossover Cable for 1000BASE-T 2-33
Straight-Through vs. Crossover Cables 2-34
Ethernet Fiber Connection 2-35
Fiber Optic Materials 2-37
Fiber Types 2-38
Optical Transmitters 2-39
Fiber Connector Types 2-41
Fiber Connector Maintenance 2-44
Dense Wavelength-Division Multiplexing 2-45
Summary 2-46
Using Switched LAN Technology 2-47
Overview 2-47
Objectives 2-47
Ethernet Limitations 2-48
Extending Ethernet LAN Segments 2-50
Hubs and Collisions 2-51
Collision Domains and Broadcast Domains 2-52
Switches and Bridges 2-53
Ethernet Bridges 2-55
Ethernet Switches 2-56
iv Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Features of Modern Ethernet Switches 2-58
Switching Operation 2-60
Microsegmentation 2-62
Modern LANs 2-63
Summary 2-64
Operating a Cisco Switch 2-65
Overview 2-65
Objectives 2-65
Cisco IOS Software Features 2-67
Configuring Cisco IOS Switches 2-68
External Configuration Sources 2-69
Router/Switch Internal Components 2-71
Cisco IOS Command Line 2-73
Cisco IOS EXEC Modes 2-74
Command Line Help Facilities 2-76
Enhanced Editing Commands 2-80
Command History 2-82
show version Command 2-83
show flash Command 2-84
Cisco IOS Configuration 2-85
Viewing an IOS Configuration 2-88
Loading an IOS Configuration 2-90
Device Configurations Files 2-91
Cisco IOS copy Command 2-93
Saving and Backing Up the Configuration 2-94
Startup Process 2-95
Detailed Power-On Boot Sequence 2-96
Finding the Cisco IOS Image 2-97
Configuration Register 2-99
Initial Bootup Output from a Switch 2-101
Initial Configuration Using Setup 2-103
Basic Configuration 2-104
Summary 2-108
Understanding Switch Security 2-111
Overview 2-111
Objectives 2-111
Securing Administrative Access 2-112
Reconnaissance Attacks 2-113
Access Attacks 2-113
Password Attacks 2-114
Password Attack Threat Mitigation 2-115
Configuring Passwords 2-116
Configuring the Banner 2-118
Telnet vs. SSH 2-119
Enabling SSH Access 2-120
Verifying SSH 2-121
Restricting Access to the Switched Network 2-122
Configuring Port Security 2-124
More on Port Security Configuration 2-126
Verifying Port Security 2-127
Port Security with Sticky MAC Addresses 2-129
Securing Unused Ports 2-130
Summary 2-131
 2012 Cisco Systems, Inc. Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 v
Performing Switched Network Optimizations 2-133
Overview 2-133
Objectives 2-133
Port Settings 2-135
Full-Duplex Communication 2-136
Example: Data Conversations 2-136
Media Rates 2-137
Setting Duplex and Speed Options 2-138
Verifying Duplex and Speed Options 2-140
Cisco ME 3400 Series Port Types 2-141
Configuring the Port Type in Cisco ME 3400 Series Switches 2-143
Network Redundancy and Loops 2-145
Example: Broadcast Storms 2-146
Example: Multiple Transmissions 2-147
Example: Instability of the MAC Database 2-148
Spanning Tree Protocol 2-149
Spanning Tree Standards 2-150
Comparison of Spanning Tree Protocols 2-152
Spanning Tree Operation 2-154
Root Bridge Selection 2-157
Example: Selecting the Root Bridge 2-157
Spanning Tree Cost and Priority 2-158
Example: Selecting the Root Port on Non-Root Bridge 2-158
Spanning Tree Port States 2-159
Rapid Spanning Tree Protocols 2-161
Default Spanning Tree Configuration 2-163
Configuring Rapid PVST+ on Cisco ME Switches 2-164
EtherChannel 2-168
Configuring EtherChannel 2-170
Flex Link 2-177
Configuring Flex Link 2-178
Summary 2-181
Troubleshooting Switch Issues 2-183
Overview 2-183
Objectives 2-183
Layered Troubleshooting 2-184
Copper Media Issues 2-185
Fiber Media Issues 2-186
show interfaces Command 2-188
Excessive Noise 2-189
Excessive Collisions 2-190
Port Issues 2-191
Duplex-Related Issues 2-192
Speed-Related Issues 2-193
Configuration Issues 2-194
Summary 2-195
Module Summary 2-197
Module Self-Check 2-199
Module Self-Check Answer Key 2-205
vi Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
SPNGN1
Course Introduction
Overview
The Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01
course is an instructor-led course that is presented by Cisco Learning Partners to their end-user
customers. This five-day course provides network engineers and technicians with the basic
knowledge and skills necessary to support a service provider network.
The course provides knowledge of the major components of a network and helps learners to
understand how service provider networks function. The course introduces Cisco IP Next-
Generation Network (IP NGN) architecture that helps service providers to build modern,
scalable, and reliable networks.
The course also includes classroom activities with remote labs that are useful to gain practical
skills for deploying basic Cisco IOS XE and XR Software features to operate and support the
service provider network.
Learner Skills and Knowledge
This subtopic lists the skills and knowledge that learners must possess to benefit fully from the
course. The subtopic also includes recommended Cisco learning offerings that learners should
first complete to benefit fully from this course.
• Basic computer literacy

• Basic Microsoft Windows navigation skills
• Basic Internet usage skills
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN1 v1.01—3
2 Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Course Goal and Objectives
This topic describes the course goal and objectives.
• To provide you with the

knowledge and skills
necessary to install, operate,
and troubleshoot
a small network
Upon completing this course, you will be able to meet these objectives:
 Describe how networks function, and identify major network components, functions of
network components, and the OSI reference model
 Using the host-to-host packet delivery process, describe issues that are related to increasing
traffic on an Ethernet LAN and identify switched LAN technology solutions to Ethernet
networking issues
 Describe the reasons for extending the reach of a LAN and the methods that can be used
 Describe the reasons for connecting networks with routers and how routed networks
transmit data by using TCP/IP
 Describe the function of WANs and the major devices of WANs
 Configure PPP encapsulation, static and dynamic routing, and NAT
 Describe different management tools that are used to manage a service provider network
© 2012 Cisco Systems, Inc. Course Introduction 3

Course Flow
This topic presents the suggested flow of the course materials.
Day 1 Day 2 Day 3 Day 4 Day 5

Course Module 2: Module 3: Module 4: Module 5:
Introduction Basic LAN Basic IP Connectivity Network
A Switching Routing Technologies Management
M Module 1: and WANs and Security
IP
Fundamentals
Lunch
Module 1: Module 2: Module 3: Module 4: Module 5:
IP Basic LAN Basic IP Connectivity Network
P
Fundamentals Switching Routing Technologies Management
M and WANs and Security
The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.
Additional References
This topic presents the Cisco icons and symbols that are used in this course, as well as
information on where to find additional technical references.
Cisco IOS Router Cisco IOS XE Router Cisco IOS XR Router
Multilayer Workgroup
Switch Switch
Network
Cloud Laptop Server
Cisco Glossary of Terms

For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and
Acronyms glossary of terms at
http://docwiki.cisco.com/wiki/Internetworking_Terms_and_Acronyms_%28ITA%29_Guide.

Your Training Curriculum
This topic presents the training curriculum for this course.
Cisco Certifications
www.cisco.com/go/certifications
You are encouraged to join the Cisco Certification Community, a discussion forum open to
anyone holding a valid Cisco Career Certification (such as Cisco CCIE®, CCNA®, CCDA®,
CCNP®, CCDP®, CCIP®, CCVP®, or CCSP®). It provides a gathering place for Cisco certified
professionals to share questions, suggestions, and information about Cisco Career Certification
programs and other certification-related topics. For more information, visit
http://www.cisco.com/go/certifications.
Your Training Curriculum
This topic presents the training curriculum for this course.
Expand Your Professional Options and Advance Your Career
Architect
Cisco CCNA Service Provider
Expert Building Cisco Service Provider Next-
Generation Networks, Part 1 (SPNGN1) v1.01
Professional Building Cisco Service Provider Next-
Generation Networks, Part 2 (SPNGN2) v1.01
Associate
Entry
www.cisco.com/go/certifications
Cisco Qualified Specialist certifications demonstrate significant competency in specific

technology areas, solutions, or job roles. Individuals who have earned an associate-level career
certification or higher are eligible to become qualified in these focused areas. With one or more
specialist certifications, network professionals can better align their core expertise with current
industry needs.
For more information on the Cisco Qualified Specialist certification, visit
http://www.cisco.com/go/certifications.

Module 1
IP Fundamentals
Overview
To understand how networks function, it is important to gain a basic understanding of the major
components of a network. This module introduces fundamental computer and network
components, as well as the characteristics, functions, benefits, metrics, and attributes that are
used to characterize features and performance.
Module Objectives
Upon completing this module, you will be able to describe IP fundamentals that are important
to building IP networks, host-to-host communication, as well as network components and
functions. This ability includes being able to meet these objectives:
 Describe the common components, purposes, and functions of a network
 Explain the need for a comprehensive network security policy
 Describe the layers of the OSI model, as well as classification of devices and their
functions according to their layer in the OSI model
 List the sequence of steps that are used by IP operations to manage IP addresses
 Explain the key functions of the TCP/IP transport layer
 Describe subnets and how routing is necessary to transfer traffic from one subnet to another
1-2 Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
Lesson 1
Defining Functions of
Networking
Overview
Understanding the benefits of computer networks and how they function is important in
maximizing the communication channels between end users.
This lesson explains how users benefit from using networks.
Objectives
Upon completing this lesson, you will be able to describe the common components, purposes,
and functions of a network. You will be able to meet these objectives:
 Describe the definition of a network.
 Describe the common physical components of a network
 Describe the Cisco hierarchical network model
 Describe the Cisco IP Next-Generation Network model
 Describe how to interpret a Cisco network diagram and identifies the common icons use
 Describe the benefits of the network
 Identify common user applications in an IP NGN environment
 Describe how different application types impact network performance
 Describe various characteristics of a network.
 Describe the various physical network topologies
 Describe the logical network topologies
 Describe the bus topology
 Describe single-ring and dual-ring topologies
 Describe star and extended-star topologies
 Describe full-mesh and partial-mesh topologies
 Describe the types of physical connections used in networks
Network Definition
This topic describes the definition of a network.
Home Office Mobile User
Network
Branch Office Headquarters

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN1 v1.01—1-3
A network is a connected collection of devices and end systems such as computers and servers
that can communicate with each other. Networks carry data in many types of environments,
including homes, small businesses, and large enterprises. Large enterprise networks may have a
number of locations that need to communicate with each other. Based on where workers are
situated, these locations are usually called main office (or headquarters) and remote locations
(branch offices, home offices, and mobile workers).
You may use a network in your home office to communicate via the Internet to locate
information or send messages to friends. You may also have a small office that is set up with a
network that connects other computers and printers in the office. Similarly, you may work in a
large enterprise with many computers, printers, storage devices, and servers that are used to
communicate and store information from many departments over large geographic areas.
Common Physical Components of a Network
This topic describes the common physical components of a network.
Router
Switch Switch Access Point
PC Printer Server Desktop IP Phone Laptop
There are five major categories of physical components in a computer network:

 Endpoints: Computers, printers, servers, IP phones, web cameras, and so on, serve as
endpoints in the network. They send and receive data.
 Interconnections: The interconnections consist of components that provide a means for
data to travel from one point in the network to another. Interconnections include several
different types of components:
— Network interface cards (NICs)
— Network media (such as cables or wireless)
— Connectors that provide the connection points for the media
 Switches: Switches are devices that provide network attachment to the end systems and
intelligent switching of the data within the local network.
 Routers: Routers interconnect networks and choose the best paths between networks.
 Wireless LAN (WLAN) devices: WLANs connect network devices, computers, and other
endpoints to the network without cables. The minimum requirement for wireless access to
the network is an endpoint with WLAN NIC and an access point that is connected to the
wired network.
© 2012 Cisco Systems, Inc. IP Fundamentals 1-5

Cisco Hierarchical Model
This topic describes the Cisco hierarchical network model.
Core
High-Speed Switching
Distribution
Policy-Based Connectivity
Access
Local and Remote Workgroup Access
The hierarchical model divides networks or their modular blocks into the access, distribution,
and core layers:
 Access layer: The access layer is used to grant user access to network devices. In a campus
network environment, the access layer generally incorporates LAN switches with ports that
provide connectivity to workstations and servers. In the WAN environment, the access
layer at remote sites or teleworkers may provide access to the corporate network across
WAN technology.
 Distribution layer: The distribution layer acts as the interface between the access layer
and the core layer. This layer aggregates the wiring closets and uses switches to segment
workgroups and isolate network issues in a campus environment. Similarly, the distribution
layer aggregates WAN connection at the edge of the campus and provides policy-based
connectivity.
 Core layer (also referred to as the backbone): The core layer is a high-speed backbone
that is designed to switch packets as fast as possible. Because the core is critical for
connectivity, it must provide a high level of availability and adapt to changes very quickly.
Cisco IP NGN Model
This topic describes the Cisco IP Next-Generation Network model.
Access
Aggregation
IP Edge
Core
Residential
Mobile Users
Business
The Cisco IP Next-Generation Network (IP NGN) infrastructure layer is a very important
component of a modern service provider network. It provides the reliable, high-speed, and
scalable foundation of a network. End users are connected to service providers through a
customer premises equipment (CPE) device, which can use any possible technology. Access
and aggregation network devices are responsible for enabling connectivity between customer
equipment and service provider edge equipment. The core network is used for fast switching
packets between edge devices.
This model is used throughout the course.

Interpreting a Network Diagram
This topic describes how to interpret a Cisco network diagram and identifies the common icons
used.
PC Internet
Access
Network
Gi0/2 192.168.1.0/24 Gi0/1

.1 .2
Fa0/5 Gi0/1 Gi0/0
Fa0/7 Fa0/11 S0/0
S0/1
PC PC
The network diagram captures network-related information. The amount of information and the
detail differs from organization to organization. A series of lines and icons commonly
represents the network topology. Here are some of the more common networking icons that are
used in this diagram:
 : A network such as the Internet, an access network, a lab network, and so on
 : A router
 : A workgroup LAN switch
 : A WLAN access point (AP)
 : A server
 : An end-user desktop PC
 : An end-user laptop
 : An Ethernet link
 : A serial link
 : A wireless link
 : An unprotected optical link
 : A protected optical link
Other information may be included in the network diagram as space allows. For example, it is
common to identify the interface on a device in the S0/0/0 format for a serial interface, Fa0/0
for a Fast Ethernet interface, or Gi0/1 for a Gigabit Ethernet interface. It is also common to
include the network address of the segment in the 192.168.1.0/24 format. In this example,
192.168.1.0 indicates the network address, /24 indicates the subnet mask, and .1 and .2 at the
device ends indicate IP addresses on interfaces (.1 corresponds to 192.168.1.1).

Network Benefits
This topic describes the benefits of the network.
• Data and applications

• Resources
• Network storage
• Backup devices
Network
Print Server Storage
Switch Switch
Router
Printer PC Tape Drive
PC
Networks allow end users to share information and hardware resources. The major resources
that are shared in a computer network include the following:
 Data and applications: When users are connected through a network, they can share files
and software application programs. Information becomes more easily available, which
promotes more-efficient collaboration on work projects.
 Resources: Devices such as printers are among the resources that can be shared.
 Network storage: The network makes storage available to users in several ways. Direct-
attached storage (DAS) connects physical storage to a PC or to a shared server. Network-
attached storage (NAS) makes storage available through a special network appliance.
Finally, SANs provide a network of storage devices.
 Backup devices: A network can also include backup devices such as tape drives that
provide a central means to save files from multiple computers. Network storage also
provides archive capability to ensure business continuance and disaster recovery.
Users who are connected by a network can benefit from efficiency of operation through
commonly available components that are used in everyday tasks. These tools include sharing
files, printing, and storing data. The results are reduced expenditures and increased
productivity.
Security is also an important concern. Balance is required between the need for network
security and the need for connectivity and ease of use.
Cisco IP NGN User Applications
This topic identifies common user applications in an IP NGN environment.
• Web browser (Internet Explorer, Firefox, Google Chrome, Opera, etc.

• Instant messaging (Skype, AOL, Google Talk, Yahoo)
• Video (YouTube, Cisco TelePresence)
• Voice (VoIP, Skype)
• Databases (file servers)
Many applications are available for users in an IP NGN environment. Some of these
applications are common to nearly all users:
 Web browser: A web browser allows access to the Internet through a common interface.
The Internet provides a wealth of information and is vital to the productivity of home and
business users. A web browser provides a common interface for communicating with
suppliers and customers. Processing orders and fulfillment, as well as locating information,
are now routinely performed electronically over the Internet, which saves time and
increases overall productivity. Popular web applications today include online shopping,
electronic banking, social networks, podcasting, wikis, blogs, and so on. The most
commonly used browsers are Microsoft Internet Explorer, Mozilla Firefox, Apple Safari,
Google Chrome, and Opera.
 Instant messaging: Instant messaging began in the personal user-to-user space and now
provides considerable benefit in the corporate world. There are many instant messaging
applications such as those provided by Skype, AOL, Google, Microsoft Yahoo, and WebEx
that provide data encryption and logging—features that are essential for corporate use.
 Video: Digital video and audio signals can now be captured, digitized, compressed,
streamed, and then carried by an IP network. There are several forms of VoIP such as
Internet video (YouTube), IPTV, video conferencing (Cisco TelePresence), mobile TV, and
so on.
 Voice: Like video signals, analog voice signals can be digitalized, encoded, packetized, and
transported over an IP network rather than over a PTSN network. Most commonly used are
IP phones, software VoIP (Skype), and mobile and integrated VoIP.
 Database: This type of application allows users in a network to store information in central
locations such as file servers. All users in the network can easily retrieve selected
information in the formats that are most useful to them.
Impact of User Applications on the Network
This topic describes how different application types impact network performance.
• Batch applications:
- FTP, TFTP, and inventory updates
- No direct human interaction
- Bandwidth important, but not critical
• Interactive applications:
- Inventory inquiries and database
updates
- Human-to-machine interaction
- Because a human is waiting for a
response, response time is
important but not critical, unless the
wait becomes excessive.
• Real-time applications:
- VoIP and video
- Human-to-human interaction
- End-to-end latency critical
Applications can affect network performance and, conversely, network performance can affect
applications.
Historically, when considering the interaction between the network and applications that ran on
the network, bandwidth was the main concern.
Batch applications (such as FTP, TFTP, and inventory updates) are initiated by a user and then
run to completion by the software with no further direct human interaction. Because of this type
of operation, bandwidth is important but not critical, as long as the time it takes the application
to complete is not excessive.
Interactive applications (such as inventory inquiries and database updates) require more human
interaction. The user requests some type of information from the server and waits for a reply.
Bandwidth becomes more important because users can get impatient with slow responses.
However, because response time is usually more dependent on the server than on the network,
bandwidth is still not critical. In most cases, quality of service (QoS) features can overcome
bandwidth limitations by giving interactive applications preference over batch applications.
Similar to interactive applications, real-time applications (such as VoIP and video applications)
involve human interaction. For video, because of the amount of information that is transmitted,
bandwidth has become critical. In addition, because these applications are time-critical, latency
(that is, delay through the network) is also critical. Even variations regarding the amount of
latency can affect the voice and video quality. Not only is proper bandwidth mandatory, QoS is
mandatory as well. VoIP and video applications must be given the highest priority.
Characteristics of a Network
This topic lists various characteristics of a network.
Mobile Residential Business

Access Access Access
Application Layer
Services Layer
Mobile Video Cloud

Services Services Services
IP Infrastructure Layer
Access Aggregation IP Edge Core
• The Cisco IP NGN is a next-generation service provider infrastructure

for video, mobile, and cloud or managed services.
• The Cisco IP NGN provides all-IP network for services and applications,
regardless of access type.
The Cisco IP NGN architecture enables service providers to start developing fixed or mobile
convergence, starting with the transport in the access, aggregation, and core networks. The
Cisco IP NGN targets service providers with an existing centralized wireline services edge
network. Service providers will maintain and evolve this network layer as part of their future
services, network, and organizational evolution.
The Cisco IP NGN architecture constructs a flexible, comprehensive, and generic framework
that is structured around the most common layers in service provider networks: customer
premises, access networks, aggregation networks, edge networks, core networks, network
management, and network admission layers. The access, aggregation, and core layers are used
for transport of mobile, video, and cloud or managed services.
The idea of the Cisco IP NGN networks is to provide all-IP transport for all services and
applications, regardless of access type. IP infrastructure, service, and application layers are
separated in Cisco IP NGN networks; thus enabling the addition of new services and
applications without any changes in the transport network.

Access
Aggregation
IP Edge
Core
Residential
Mobile Users
Business
Customer-to-provider connectivity:
• IP infrastructure layer of the Cisco IP NGN
• Edge devices of the service provider
Customer-to-provider connectivity is about connecting a customer to a service provider in a

way that meets various customer requirements. Customer-to-provider connectivity is a part of
the IP infrastructure layer of the Cisco IP NGN. It focuses on CPE and service provider edge
devices.
• Topology
• Speed
• Cost
• Security
• Availability
• Scalability
• Reliability
You can describe a network according to its performance and structure:
 Topology: In networks, there are physical and logical topologies. The physical topology is
the arrangement of the cables, network devices, and end systems. The logical topology is
the path that the data is transferred over in a network. For example, a physical topology is
how the network devices are actually interconnected with wires and cables. A logical
topology is how the network devices appear connected to the users.
 Speed: Speed is a measure of the data rate in bits per second (b/s) of a given link in the
network.
 Cost: Cost indicates the general expense of the network components, installation, and
maintenance of the network.
 Security: Security indicates how protected the network is, including the information that is
transmitted over the network. The subject of security is important and constantly evolving.
You should consider security whenever you take actions that affect the network.
 Availability: Availability is a measure of the probability that the network will be available
for use when it is required. For networks that are meant to be used 24 hours per day, 7 days
per week, 365 days per year, availability is calculated by dividing the time that it is actually
available by the total time in a year and then multiplying by 100 to get a percentage.
([Number of minutes in a year – downtime] / [Number of minutes
in a year]) * 100 = Percentage availability
For example, if a network is unavailable for 15 minutes per year because of network
outages, you can calculate its percentage of availability as follows:
([525600 – 15] / [525600]) * 100 = 99.9971
 Scalability: Scalability indicates how well the network can accommodate additional users
and data transmission requirements. If you design and optimize a network for only the
current requirements, it can be very expensive and difficult to meet new needs when the
network grows.
 Reliability: Reliability indicates the dependability of the components that make up the
network, such as the routers, switches, PCs, and servers. Reliability is often measured as a
probability of failure, or mean time between failures (MTBF).
These characteristics and attributes provide means to compare different networking solutions.

Physical Topology
This topic describes the various physical network topologies.
• Physical layout of the devices and cabling

• Four primary categories:
- Bus
- Ring
- Star
- Mesh
Bus Topology Ring Topology Star Topology Mesh Topology
The physical topology of a network refers to the physical layout of the devices and cabling.
You must match the appropriate physical topology to the type of cabling that you will install,
such as twisted pair, coaxial, and fiber. Therefore, understanding the type of cabling that is used
is important in understanding each type of physical topology. Following are the four primary
categories of physical topologies:
 Bus: In early bus topologies, computers and other network devices were cabled together in
a line by using coaxial cable. Modern bus topologies establish the bus in a hardware device
and connect the host devices to the bus by using twisted-pair wiring.
 Ring: Computers and other network devices are cabled together with the last device
connected to the first to form a circle or ring. This category includes single-ring and dual-
ring topologies. The physical connection can be made by using either coaxial or fiber
wiring.
 Star: A central cabling device connects the computers and other network devices. This
category includes star and extended-star topologies. The physical connection is commonly
made by using twisted-pair wiring.
 Mesh: Every network device is cabled with many others. Redundant links offer reliability
and self-healing. The physical connection is commonly made by using fiber or twisted-pair
wiring
Logical Topologies
This topic describes the logical network topologies.
Logical topologies are logical paths that the signals use to

travel from one point on the network to another.
Server
Switch Router
D
E I
Switch
PC A to PC I
logical link
A B C
Hub Bridge
F J
G
The logical topology of a network refers to the logical paths that the signals (data) use to travel
from one point in the network to another point. This path defines the way in which data
accesses the network media and transmits packets across it.
The physical and logical topologies of a network can be the same. For example, in a network
that is physically shaped like a linear bus, the data travels along the length of the cable.
Therefore, the network has both a physical and a logical bus topology.
On the other hand, a network can have physical and logical topologies that are quite different.
For example, a physical topology in the shape of a star, in which cable segments connect all
computers to a central hub, can have a logical ring topology (a token ring, for example). In a
ring, the data travels from one computer to the next through a logical ring. Inside the hub, the
wiring connections are providing the logical ring, and the signal actually travels around in a
circle from one port to the next. Therefore, it is not always possible to predict how data travels
in a network simply by observing its physical layout.
A physical star topology is by far the most common implementation of LANs. Ethernet uses a
logical bus topology in either a physical bus or a physical star topology. An Ethernet hub is an
example of a physical star topology with a logical bus topology.

Bus Topology
This topic describes the bus topology.
All devices receive the signal.
Commonly referred to as a linear bus, all of the devices on a bus topology are effectively
connected by a single cable.
The figure illustrates the bus topology. In a bus topology, a cable proceeds from one computer
to the next like a bus line going through a city. The main cable segment must end with a
terminator that absorbs the signal when it reaches the end of the line or wire. If there is no
terminator, the electrical signal representing the data bounces back at the end of the wire,
causing errors in the network.
Single-Ring and Dual-Ring Topology
This topic describes single-ring and dual-ring topologies.
Single-ring topology: Dual-ring topology:

• Signals travel around the ring • Signals travel in opposite directions
• Single point of failure • More resilient than the single ring
topology
Two links connected to the

same networking device
In a ring topology, all the devices in a network are connected in the form of a ring or a circle.
Unlike the physical bus topology, a ring type of topology has no beginning or end that needs to
be terminated. Data is transmitted in a way that is very different from the logical bus topology.
In one implementation, a “token” travels around the ring, stopping at each device. If a device
wants to transmit data, it adds that data and the destination address to the token. The token then
continues around the ring until it finds the destination device, which takes the data out of the
token. The advantage of using this type of method is that there are no collisions of data packets.
There are two types of ring topology:
 Single-ring: In a single-ring topology, all the devices in the network share a single cable,
and the data travels in one direction only. Each device waits its turn to send data over the
network. The single ring, however, is susceptible to a single failure, stopping the entire ring
from functioning.
 Dual-ring: In a dual-ring topology, two rings allow data to be sent in both directions. This
setup creates redundancy or fault tolerance. If one ring fails, the data will be transmitted on
the other ring. An example of such a topology is an optical ring.

Star and Extended-Star Topology
This topic describes star and extended-star topologies.
Star topology: Extended-star topology:

• Transmission through a central • More resilient than the star
point topology
• Single point of failure
The star topology is the most common physical topology in Ethernet LANs.
When installed, the star topology resembles spokes in a bicycle wheel. It is made up of a central
connection point that is a device where all the cabling segments actually meet (for example, a
hub, a switch, or a router). Each device in the network is connected to the central device with
its own cable.
Although a physical star topology costs more to implement than the physical bus topology, the
advantages of a star topology make it worth the additional expense. Each device is connected to
the central device with its own wire. Cable problems affect one device only while the rest of the
network remains operational. This benefit is extremely important and is the reason why almost
every newly designed Ethernet LAN has a physical star topology.
When a star network is expanded to include an additional network device that is connected to
the main network devices, the topology is referred to as an extended-star topology. The
problem with the pure extended-star topology is that if the central node point fails, large
portions of the network can become isolated.
Full-Mesh and Partial-Mesh Topology
This topic describes full-mesh and partial-mesh topologies.
Full-mesh topology: Partial-mesh topology:

• Highly fault-tolerant • Trade-off between fault
• Expensive to implement tolerance and cost
Another type of topology similar to the star topology is the mesh topology.
The full-mesh topology (shown on the left) connects all devices or nodes to one another for
redundancy and fault tolerance. Implementing a full-mesh topology is expensive and difficult.
This method is the most resistant to failures, because any single link that fails will not affect
device reachability. The formula to calculate the number of connections that are required to
form a full-mesh is n * (n - 1) / 2. For example, in the figure on the left, to create a full-mesh
between 6 nodes, a total of 15 connections are required.
6 * (6-1) / 2 = 15
In a partial-mesh topology, at least one device maintains multiple connections to all other
devices, without having a full-mesh topology. This method trades off the cost of meshing all
devices by allowing the network designer to choose which nodes are the most critical and
appropriately interconnect them.

Types of Physical Connections
This topic describes the types of physical connections used in networks.
• Copper cable (DSL, cable, and serial)

• Optical fiber (FTTH)
• Wireless (Wi-Fi, mobile data connections, and WiMax)
Copper
Optical Fiber
Internet
Wireless
In a typical journey across the Internet, a packet may cross various media. The table lists the
three common methods of connecting the small office to the Internet.
Internet Connection Methods
Medium Type Description
Copper Wired  Electrical signals

 Includes cables, such as twisted-pair telephone
wire, coaxial cable, or Category 5 unshielded
twisted-pair (UTP) cable
Optical fiber Wired  Light signals

 Thin strands of glass or plastic that carry light
signals
 Represents another form of networking media
Air (the Earth Wireless  Microwaves signals
atmosphere or space)  Connection types:
– The home wireless connection between a
wireless router and a computer with a
wireless network card
– The terrestrial wireless connection between
two ground stations
– The communication between devices on
Earth and satellites
Copper
The copper medium requires a termination device or modem at the end of the link and is used
by DSL, cable, and serial connectivity methods:
 DSL: DSL uses the existing telephone lines. The incoming lines are terminated into a
modem that converts the incoming digital encoding into an Ethernet format.
 Cable: Cable uses the cable television (CATV) infrastructure. Similar to DSL, the
incoming lines are terminated into a modem that converts the incoming digital encoding
into an Ethernet format.
 Serial: Serial links (such as T1, E1, T3, and E3) use the classic digital local loops. The
termination is done by a CSU/DSU.
In all three cases, the Ethernet output is sent to a router that is part of the CPE.
Optical Fiber
Optical fiber replaces the copper medium in modern environments and provides a reliable high-
bandwidth connection to the Internet. Optical fiber links are well-known as fiber-to-the-home
(FTTH) solutions.
Wireless
Wireless communication provides connectivity without the use of wires or optical fiber. Air is
the usual transmission medium for wireless communication. The distance depends on the
technology that is used, as well as modulation and other factors. Wi-Fi, mobile data
connections, and WiMax are some ways to establish a wireless connection to the Internet:
 Wi-Fi: Wi-Fi is a trademark of the Wi-Fi Alliance and is used with certified products that
belong to WLAN devices that are based on the IEEE 802.11 standards.
 Mobile data connections: Mobile data connections enable mobile devices or users to
access Internet resources without the use of wires or optical fiber.
 WiMax: WiMax is a telecommunications technology that provides wireless transmission
of data. The WiMax technology is based on the IEEE 802.16 standards and is an alternative
to cable and DSL.

Summary
This topic summarizes the key points that were discussed in this lesson.
• A network is a connected collection of devices that can communicate

with each other.
• Five major component categories of a network are: endpoints,
interconnections, switches, routers, and wireless devices.
• Cisco hierarchical model divides networks into the access, distribution,
and core layers.
• The Cisco IP NGN infrastructure layer provides the reliable, high-speed,
and scalable foundation of a network.
• The network diagram captures network-related information, such as
network devices and network topology.
• The major resources that are shared in a computer network include data
and applications, peripherals, storage devices, and backup devices.
• Popular user applications in networks are web browsers, instant
messaging, video and voice, and databases.
• Applications can affect network performance and network performance
can affect applications.
• Characteristics of a network are: topology, speed, cost, security,

availability, scalability, and reliability.
• A physical topology describes the layout for wiring the physical devices.
• A logical topology describes how information flows through a network.
• All of the devices on a bus topology are effectively connected by a single
cable.
• In a ring topology, all the devices in a network are connected in the form
of a ring or a circle.
• The star topology is the most common physical topology in Ethernet
LANs.
• The full-mesh topology connects all devices or nodes to one another for
redundancy and fault tolerance.
• Three common media to interconnect devices are copper cable, optical
fibre, and wireless.
Lesson 2
Introducing TCP/IP Layers and

the OSI Reference Model
Overview
The Open Systems Interconnection (OSI) reference model was created to help define how
network processes function, including the various components of networks and transmission of
data. Understanding the structure and purpose of the OSI model is central to understanding how
one host communicates with another.
The TCP/IP suite is a combination of two individual protocols: Transmission Control Protocol
(TCP) and Internet Protocol (IP). The TCP/IP is divided into layers, each of which performs
specific functions in the data communication process. This lesson describes the TCP/IP layers
and the OSI model. This lesson also describes IP and MAC addresses and mapping between
these addresses by use of the ARP protocol.
Objectives
Upon completing this lesson, you will be able to describe the TCP/IP layers and the OSI model.
This ability includes being able to meet these objectives:
 Describe the purpose of the OSI model
 Describe the physical layer of the OSI model
 Describe the data link layer of the OSI model
 Describe the network layer of the OSI model
 Describe the transport layer of the OSI model
 Describe the session layer of the OSI model
 Describe the presentation layer of the OSI model
 Describe the application layer of the OSI model
 Describe the TCP/IP stack
 Compares the TCP/IP stack to the OSI model
 Describe protocol data units
 Describe encapsulation and de-encapsulation processes
 Explain the layer 2 MAC address and the mapping of the MAC address to the IP address.
 Describe the IP component of TCP/IP stack
 Describe IPv4 addressing
 Describe IPv6 addressing
 Describe the Address Resolution Protocol and how an ARP table is built
 Present a simple host-to-host data transfer between two hosts on the same network segment
 Describe the Windows ping command
 Describe the Windows arp command
 Describe the Windows tracert command
TCP/IP Layers and the OSI Model
This topic describes the purpose of the OSI model.
• Reduces complexity OSI Model

• Standardizes interfaces
7 Application
• Facilitates modular engineering
• Ensures interoperable 6 Presentation
technology
• Accelerates evolution 5 Session
• Simplifies teaching and learning
4 Transport
3 Network
2 Data Link
1 Physical
The OSI reference model provides a means of describing how data is transmitted over a
network. The model addresses hardware, software, and data transmission.
An OSI reference model provides a common reference for maintaining consistency within all
types of network protocols and services. A reference model is not intended to be an
implementation specification nor is it intended to provide a sufficient level of detail to define
precisely the services of the network architecture. The primary purpose of a reference model is
to aid in clearer understanding of the functions and process involved.
The early development of networks was chaotic in many ways. The early 1980s saw
tremendous increases in the number and sizes of networks. As companies realized that they
could save money and gain productivity by using networking technology, they added or
expanded existing networks as fast as new network technologies and products were introduced.
By the mid-1980s, companies began to experience difficulties from all of the expansions they
had made. It became more difficult for networks that used different specifications and
implementations to communicate with one another. The companies realized that they needed to
move away from proprietary networking systems—those systems that are privately developed,
owned, and controlled.
To address the problem of networks being incompatible and unable to communicate with each
other, the ISO researched different network schemes. Because of this research, the ISO created
a model to provide a framework on which to build a suite of open systems protocols. The vision
was that this set of protocols would be used to develop an international network that would not
be dependent on proprietary systems.

As a reference, the OSI model provides an extensive list of functions and services that can
occur at each layer of the protocol stack. The OSI model also describes the interaction of each
layer with the layers directly above and below it. More importantly, the OSI model facilitates
an understanding of how information travels throughout a network. It provides vendors with a
set of standards that ensure greater compatibility and interoperability between the various types
of network technologies that are produced by companies around the world. It is also used for
data network design, operation specifications, and troubleshooting.
The OSI reference model separates network functions into seven categories. This separation of
networking functions is called layering. The OSI reference model has seven numbered layers,
each one illustrating a particular network function:
 Layer 1: The physical layer
 Layer 2: The data link layer
 Layer 3: The network layer
 Layer 4: The transport layer
 Layer 5: The session layer
 Layer 6: The presentation layer
 Layer 7: The application layer
The OSI reference model provides a number of benefits in understanding how networks
function, by doing the following:
 Reducing complexity: It breaks network communications into smaller, simpler parts.
 Standardizing interfaces: It standardizes network components to allow multivendor
development and support.
 Facilitating modular engineering: It allows different types of network hardware and
software to communicate with one another.
 Ensuring interoperable technology: It prevents changes in one layer from affecting the
other layers; thus allowing for quicker development.
 Accelerating evolution: It provides for effective updates and improvements to individual
components without affecting other components or having to rewrite the entire protocol
stack.
 Simplifying teaching and learning: It breaks network communications into smaller
components to make learning easier.
Layer 1: The Physical Layer
This topic describes the physical layer of the OSI model.
Binary transmission: OSI Model

• Defines the electrical, 7 Application
mechanical, procedural, and
functional specifications for
activating, maintaining, and 6 Presentation
deactivating the physical link.
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The first layer, the physical layer, defines the electrical, mechanical, procedural, and functional
specifications for activating, maintaining, and deactivating the physical link for bit transmission
between end devices. Physical layer specifications are defining characteristics such as voltage
levels, timing of voltage changes, physical data rates, maximum transmission distances,
physical connectors, and other similar attributes.

Layer 2: The Data Link Layer
This topic describes the data link layer of the OSI model.
Access to media: OSI Model

• Defines how data is formatted 7 Application
for transmission and how
access to the network is
controlled. 6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The second layer, the data link layer, defines how data is formatted for transmission and how
access to the physical media is controlled. This layer also typically includes error detection and
correction to ensure reliable delivery of the data.
Layer 3: The Network Layer
This topic describes the network layer of the OSI model.
Data delivery: OSI Model

• Routes data packets 7 Application
• Selects best path to deliver data
• Provides logical addressing and 6 Presentation
path selection
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The third layer, the network layer, provides connectivity and path selection between two host
systems that may be located on geographically separated networks. The growth of the Internet
has increased the number of users that access information from sites around the world. The
network layer is the layer that manages the connectivity of these users by providing logical
addressing.

Layer 4: The Transport Layer
This topic describes the transport layer of the OSI model.
End-to-end connections: OSI Model

• Handles transportation issues 7 Application
between hosts
• Establishes, maintains, and 6 Presentation
terminates virtual circuits
• Ensures data transport reliability
5 Session
and flow control
4 Transport
3 Network
2 Data Link
1 Physical
The fourth layer, the transport layer, defines services to segment, transfer, and reassemble the
data for individual communications between the end devices. For example, business users in
large corporations often transfer large files from field locations to a corporate site. Reliable
delivery of the files is important, so the transport layer will break down large files into smaller
segments that are less likely to incur transmission issues.
The transport layer shields the upper layers from transport implementation details. Specifically,
issues such as reliability of transport of data between two hosts are assigned to the transport
layer. In providing a communication service, the transport layer establishes, maintains, and
properly terminates virtual circuits. Transport error detection and recovery, as well as
information flow control, ensure reliable service.
The boundary between the transport layer and the session layer can be thought of as the border
between application protocols and dataflow protocols. Whereas the application, presentation,
and session layers are concerned with application issues, the transport, network, data link, and
hysical layers are concerned with data transport issues.
Layer 5: The Session Layer
This topic describes the session layer of the OSI model.
Interhost communication: OSI Model

• Establishes, manages, and 7 Application
terminates sessions between
applications
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The fifth layer, the session layer, establishes, manages, and terminates sessions between two
communicating hosts. The session layer also synchronizes dialog between the presentation
layers of the two hosts and manages their data exchange. For example, web servers have many
users that are connected to them, so there are many communication processes open at a given
time. It is important to keep track of which user communicates on which path.
In addition to session regulation, the session layer offers provisions for efficient data transfer,
class of service (CoS), and exception reporting of session layer, presentation layer, and
application layer problems.

Layer 6: The Presentation Layer
This topic describes the presentation layer of the OSI model.
Data representation: OSI Model

• Formats and structures data 7 Application
• Negotiates data transfer syntax
for application layer 6 Presentation
• Provides encryption
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The sixth layer, the presentation layer, ensures that the information that is sent at the
application layer of one system is readable by the application layer of another system. For
example, an application on a PC communicates with another computer. One PC is using
extended binary coded decimal interchange code (EBCDIC) and the other one is using ASCII
to represent the same characters. If necessary, the presentation layer translates between multiple
data formats by using a common format.
The presentation layer may also encrypt the data that is sent across a network.
Layer 7: The Application Layer
This topic describes the application layer of the OSI model.
Network processes to OSI Model

applications: 7 Application
• Provides network services to
application processes (such as
6 Presentation
email, file transfer, and terminal
emulation)
• Provides user authentication 5 Session
4 Transport
3 Network
2 Data Link
1 Physical
The seventh layer, the application layer, is the OSI layer that is closest to the user. This layer
provides network services to the applications of the user, such as email, file transfer, and
terminal emulation. The application layer differs from the other layers in that it does not
provide services to any other OSI layer. It provides services only to applications that are
outside of the OSI model. The application layer determines the identity and availability of
intended communication partners, provides user authentication, and synchronizes and
establishes agreement on procedures for application error recovery and control of data integrity.

TCP/IP Stack
This topic describes the TCP/IP stack.
• Application layer: TCP/IP Stack

- Represents data users
- Encodes and controls the dialog
• Transport layer: Application
- Supports the communication
between end devices across
diverse network
• Internet layer:
Transport
- Provides logical addressing
- Determines best path through the
network Internet
• Network access layer:
- Controls the hardware devices
and media that make up the Network Access
network
The TCP/IP suite (or Internet protocol suite) is a description framework for computer network
protocols that were created in the 1970s by Defense Advanced Research Projects Agency
(DARPA), an agency of the U.S. Department of Defense. It evolved from Advanced Research
Projects Agency Network (ARPANET), which was the first WAN in the world and a
predecessor of the Internet. The TCP/IP stack and related protocols are maintained by the IETF.
Like the OSI model, the TCP/IP suite is a means of organizing components in an order that
reflects their functions in relation to one another. It defines four categories of functions that
must occur for communications to be successful. The components, or layers, of the TCP/IP
stack are as follows:
 Network access layer (also referred to as the data link layer): The network access layer
covers the same processes as the two lower OSI layers: the physical layer and the data link
layer.
 Internet layer (also referred to as the network layer): The Internet layer provides
routing of data from the source to the destination by defining the IP packet and the IP
addressing scheme, moving data between the data link and transport layers, routing packets
of data to remote hosts, and performing fragmentation and reassembly of data packets. The
Internet layer can carry data for a number of different upper-transport-layer protocols.
These protocols are each identified by a unique protocol number.
 Transport layer: The transport layer is the core of the TCP/IP architecture. It provides
communication services directly to the application processes that are running on network
hosts. An end-to-end message transmission or connecting applications at the transport layer
can be categorized as connection-oriented (implemented in TCP) or connectionless
(implemented in UDP).
 Application layer: The application layer provides applications for file transfer, network
troubleshooting, and Internet activities. It also supports network application programming
interfaces (APIs) that allow programs that have been created for a particular operating
system to access the network.

TCP/IP Stack vs. the OSI Model
This topic compares the TCP/IP stack to the OSI model.
TCP/IP Stack OSI Model
Application
Application Presentation
Session
Transport Transport
Internet Network
Data Link
Network Access
Physical
The OSI model and the TCP/IP stack were developed by different organizations at
approximately the same time. The purpose was to organize and communicate the components
that guide the transmission of data. The layers of the TCP/IP stack correspond to the layers of
the OSI model as follows:
 The TCP/IP network access layer roughly corresponds to the OSI physical and data link
layers and is concerned primarily with interfacing with network hardware and accessing the
transmission media.
Note Because the TCP/IP network access layer contains both the OSI data link and physical
layers, it has become common to modify the classic four-layer TCP/IP model into a five-layer
model.
 The TCP/IP Internet layer corresponds closely to the network layer of the OSI model and
manages the IP addressing of and routing between network devices.
 The TCP/IP transport layer, like the OSI transport layer, provides the means for multiple
host applications to access the network layer, either in a best-effort mode or through a
reliable delivery mode.
 The TCP/IP application layer addresses applications that communicate with the lower
layers of the TCP/IP model and corresponds to the separate application, presentation, and
session layers of the OSI model. These layers of the OSI model provide additional features
that are related to applications.
Unfortunately, the speed at which the TCP/IP-based Internet was adopted and the rate at which
it expanded caused the OSI protocol suite development and acceptance to lag behind. Although
few of the protocols that were developed by using the OSI specifications are in widespread use
today, the seven-layer OSI model has made major contributions to the development of other
protocols and products for all types of new networks.
Protocol Data Units
This topic describes protocol data units.
PDUs OSI Layers
Datagrams Application
Datagrams Presentation
Datagrams Session
Segments Transport
Packets Network
Frames Data Link
Bits Physical
Each layer of the OSI model at the source must communicate with its peer layer at the
destination so that data packets can travel from the source to the destination.
During the process of peer-to-peer communication, the protocols at each layer exchange
packets of information called protocol data units (PDUs) between peer layers. These data
packets originate at a source on a network and then travel to a destination. Each layer depends
on the OSI layer below it to provide a service. To perform its service function, the lower layer
uses encapsulation to put the PDU from the upper layer into the lower layer data field. During
encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer
above in accordance with the protocol that is being used. At each stage of the process, a PDU
has a different name to reflect its new appearance. Although there is no Universal Naming
Convention for PDUs, in this course the PDUs are named according to the protocols of the OSI
protocol suite:
 Data (or Datagram): The general term for the PDU used at the application, presentation,
and session layers.
 Segment: A transport layer PDU.
 Packet: A network layer PDU.
 Frame: A data link layer PDU.
 Bit: A PDU that is used when physically transmitting data over a medium.

Encapsulation
This topic describes encapsulation and de-encapsulation processes.
Legend: Sender
HDR = Header
User Data
L7
7 Application HDR
User Data
L6 L7
6 Presentation HDR HDR
User Data
L5 L6 L7
5 Session HDR HDR HDR
User Data
L4 L5 L6 L7
4 Transport HDR HDR HDR HDR
User Data
L3 L4 L5 L6 L7
3 Network HDR HDR HDR HDR HDR
User Data
L2 L3 L4 L5 L6 L7
2 Data Link HDR HDR HDR HDR HDR HDR
User Data FCS
1 Physical Bits
Information that is transmitted over a network must undergo a process of conversion at the
sending end and the receiving end of the communication. That conversion process is known as
encapsulation and de-encapsulation of data.
The information that is sent on a network is referred to as data or data packets. As application
data is passed down the protocol stack on its way to be transmitted across the network media,
various protocols add information to it at each layer. This process is commonly known as the
encapsulation process. Each layer adds a header (and a trailer, if applicable) to the data before
passing it down to a lower layer. The headers and trailers contain control information for the
network devices and receiver to ensure proper delivery of the data and to ensure that the
receiver can correctly interpret the data.
The figure illustrates how encapsulation occurs. It shows the manner in which data travels
down through the layers. The following steps occur to encapsulate data:
Step 1 The user data is sent from an application to the application layer.
Step 2 The application layer adds the application layer header (Layer 7 header) to the user
data. The Layer 7 header and the original user data become the data that is passed
down to the presentation layer.
Step 3 The presentation layer adds the presentation layer header (Layer 6 header) to the
data. The Layer 6 header and the previous data become the data that is passed down
to the session layer.
Step 4 The session layer adds the session layer header (Layer 5 header) to the data. The
Layer 5 header and the previous data become the data that is passed down to the
transport layer.
Step 5 The transport layer adds the transport layer header (Layer 4 header) to the data. The
Layer 4 header and the previous data become the data that is passed down to the
network layer.
Step 6 The network layer adds the network layer header (Layer 3 header) to the data. The
Layer 3 header and the previous data become the data that is passed down to the data
link layer.
Step 7 The data link layer adds the data link layer header and trailer (Layer 2 header and
trailer) to the data. A Layer 2 trailer is usually the frame check sequence (FCS),
which is used by the receiver to detect whether the data is in error. The Layer 2
header, the previous data, and the Layer 2 trailer become the data that is passed
down to the physical layer.
Step 8 The physical layer then transmits the bits onto the network media.
Example: Sending a Package Through a Postal Service

Encapsulation is like sending a package through a postal service. The first step is to put the
contents of the package into a container. Next, you write the address of the location to which
you want to send the package on the outside of the container. Then you put the addressed
package into the postal service collection bin, and the package begins its route toward its
destination.
Legend: Receiver
HDR = Header
User Data
L7
7 Application HDR
User Data
L6 L7
6 Presentation HDR HDR
User Data
L5 L6 L7
5 Session HDR HDR HDR
User Data
L4 L5 L6 L7
4 Transport HDR HDR HDR HDR
User Data
L3 L4 L5 L6 L7
3 Network HDR HDR HDR HDR HDR
User Data
L2 L3 L4 L5 L6 L7
2 Data Link HDR HDR HDR HDR HDR HDR
User Data FCS
1 Physical Bits
When receiving messages on a network, the protocol stack on a host operates from the bottom
to the top. The process of encapsulation is reversed at the receiving host. The data is de-
encapsulated as it moves up the stack toward the end-user application.

When the remote device receives a sequence of bits, the physical layer at the remote device
passes the bits to the data link layer for manipulation. The data link layer performs the
following steps:
Step 1 The data link layer checks the data link trailer (the FCS) to see if the data is in error.
Step 2 If the data is in error, it may be discarded, and the data link layer may ask for the
data to be retransmitted.
Step 3 If the data is not in error, the data link layer reads and interprets the control
information in the data link header.
Step 4 The data link layer strips the data link header and trailer and then passes the
remaining data up to the network layer, based on the control information in the data
link header.
Each subsequent layer performs a similar de-encapsulation process.
The de-encapsulation process is like the reading of the address on a package to see if it is for
you, and then removing the contents of the package if it is addressed to you.
Network Topology
Host A Router Router Host B
Data Flow
User Data
process-to-process User Data
Application Application
L4 Other
host-to-host User Data
Transport HDR HDRs Transport
L3 L4 Other
Internet Internet User Data
HDR HDR HDRsInternet Internet
L2 L3 L4 Other
Link Link User
Link Data Link
HDR HDR HDR HDRs
Fiber,
Ethernet Ethernet
Satellite, etc.
The example shows that applications on two remote hosts are communicating.
Layer 2 and Layer 3 Addresses
This topic explains the layer 2 MAC address and the mapping of the MAC address to the IP
address.
• Components of a MAC address:

- 1-bit broadcast: Identifies broadcast MAC address
- 1-bit local: Identifies local MAC address
- 22-bit OUI: Identifies the manufacturer of the NIC card
- 24-bit vendor-assigned end-station address: Uniquely identifies the Ethernet hardware
• MAC address notation:
- A MAC address is expressed as six groups of two hexadecimal digits, separated by hyphens
(-) or colons (:), in transmission order.
1 1 22 bits 24 bits
Broadcast
Local
OUI Vendor-Assigned
00:00:0c:43:2e:08
For IP communication on Ethernet-connected networks to take place, it is necessary for the

logical (IP) Layer 3 address to be bound to the physical (MAC) Layer 2 address of its
destination. This process is performed by the Address Resolution Protocol (ARP).
The MAC sublayer of the OSI data link layer manages physical addressing issues, and the
physical address is a number in hexadecimal format that is actually burned into the network
interface card (NIC). This address is referred to as the MAC address (often referred to as the
burned-in address [BIA]) and is expressed as groups of hexadecimal digits that are organized in
pairs or quads (for example, 00:00:0c:43:2e:08 or 0000:0c43:2e08).
Each device on a LAN must have a unique MAC address. The MAC address identifies the
logical location of a specific computer on a LAN. Although some vendors allow the
modification of the MAC address to meet local needs, it should not be changed unless there is
some specific need.
The 48-bit Ethernet MAC address is composed of two components:
 24-Bit Organizationally Unique Identifier (OUI): The OUI identifies the manufacturer
of the NIC card. The IEEE regulates the assignment of OUI numbers. Within the OUI,
there are two bits that have meaning only when used in the destination address:
— Broadcast or multicast bit: The broadcast bit indicates to the receiving interface
that the frame is destined for all or a group of end stations on the LAN segment.
— Universal or local bit: Normally the combination of OUI and a 24-bit station
address is universally unique; however, if the BIA MAC address is modified locally,
this Locally Administered Address bit should be set.
 24-Bit vendor-assigned end station address: This field uniquely identifies the Ethernet
hardware.

IP Characteristics
This topic describes the IP component of TCP/IP stack.
• Operates at OSI network layer and at Internet layer of the TCP/IP stack
• Connectionless protocol
• Packets treated independently
• Hierarchical addressing
• Best-effort delivery
• No data-recovery features
• Media-independent
• Two variants: IPv4 and IPv6
The IP component of the TCP/IP determines where packets of data are routed based on their
destination addresses. IP has certain characteristics that are related to how it manages this
function.
IP uses packets to carry information through the network. A packet is a self-contained,
independent entity that contains data and sufficient information to be routed from the source to
the destination without reliance on earlier exchanges.
IP has the following characteristics:
 IP operates at Layer 3 of the OSI model (network layer) and at Internet layer of the TCP/IP
stack.
 IP is a connectionless protocol in which a one-way datagram is sent to the destination
without advance notification to the destination device. The destination device receives the
data and does not return any status information to the sending device.
 Each packet is treated independently, which means that each packet can travel a different
way to the destination.
 IP uses hierarchical addressing in which the network ID is like a street, and the host ID is
like a house or office building on that street.
 IP provides service on a best-effort basis and does not guarantee packet delivery. A packet
can be misdirected, duplicated, or lost on the way to its destination.
 IP does not provide any special features that recover corrupted packets. These services are
instead provided by the end systems of the network.
 IP operates independently of the medium that is carrying the data.
 There are two different types of IP addresses: IPv4 and IPv6.
IPv4 Address Representation
This topic describes IPv4 addressing.
• IPv4 is a 32-bit binary number.

• For readability, the 32-bit binary number can be divided into four 8-bit
binary octets (B B B B, where B is an 8-bit binary field).
• Each octet can be converted into a decimal number (D D D D, where D
is a decimal number).
• An address can be written in dotted decimal format (D.D.D.D).
Example:
11000000101010000110010000010001
11000000 10101000 01100100 00010001
192 168 100 17
192.168.100.17
In any given IPv4 address, a portion of the 32-bit number represents the network and the
remaining bits represent the host. Although many computers may share the same network
address, combining the network address with a host address uniquely identifies each device that
is connected to the network.
Converting a 32-Bit IP Binary Number to a Dotted Decimal Notation
Step Action Notes
1. Start with a 32-bit IP binary number. 11000000101010000110010000010001

2. For usability, these 32 numbers are broken 11000000 10101000 01100100
up into four groups of numbers called 00010001
octets. One octet is 8 bits.
3. Each octet is then represented as a 192 168 100 17

decimal number between 0 and 255.
4. These decimal numbers are then 192.168.100.17

separated by a period or dot. This scheme
is known as “dotted decimal notation.”
The IPv4 address can be written as 192.168.100.17 and spoken as “192 dot 168 dot 100 dot
17.”

Host Address
Network Host
32 bits
Network Address
Network 0000000000
32 bits
Broadcast Address
Network 1111111111
32 bits
Logical IP addresses are used to identify the location of specific devices on an IP network so
that data can reach those network locations efficiently. Every host, computer, networking
device, or peripheral that is connected to the Internet has a unique 32-bit IPv4 address that
identifies it. Without a structure for allocating all of those IP addresses, it would be impossible
to route packets efficiently. Learning how IP addresses are structured and how they function in
the operation of a network provides an understanding of how IP packets are forwarded over
networks that use TCP/IP.
The IPv4 address is the most common type of address that is currently used on the Internet.
IPv4 addresses are 32-bit numbers that describe the location of a network device.
An IP address is a hierarchical address and consists of two parts:
 Network ID: The network address portion (network ID) describes the network of which
this IP address is a part. The router maintains information about routes to each network.
 Host ID: The host address component (host ID) identifies a specific endpoint. These
endpoints are the servers, computers, and other devices that are connected to the network.
Host IDs are assigned to individual devices (end-user devices, printers, network devices,
and so on).
IPv6 Address Representation
This topic describes IPv6 addressing.
• X:X:X:X:X:X:X:X, where X is a 16-bit hexadecimal field

• Case-insensitive for hexadecimal A, B, C, D, E, and F
• Leading zeros in a field are optional (2031:0:130F:0:0:9C0:876A:130B).
• Successive fields of 0 can be represented as a double-colon (::), but
only once per an address.
Examples:
2031:0000:130f:0000:0000:09c0:876a:130b
Correct
2031:0:130f::9c0:876a:130b
Incorrect
2031::130f::9c0:876a:130b
ff01:0:0:0:0:0:0:1 = ff01::1
0:0:0:0:0:0:0:1 = ::1
0:0:0:0:0:0:0:0 = ::
IPv6 addresses are 128 bits long, which is four times the size of IPv4 addresses. The 128 bits
means that there are 3.4 * 1038 possible IPv6 addresses.
128 bits = 2128 = 3.4 * 1038
IPv6 addresses are represented as a series of eight 16-bit hexadecimal fields that are separated
by colons. The A, B, C, D, E, and F in hexadecimal fields are case-insensitive.
There are some ways to shorten the writing of IPv6 addresses:
 The leading zeros in a field are optional, so 010F can be written as 10F, and 0000 can be
written as 0.
 Successive fields of zeros can be represented as a double colon (::), but only once in an
address.
Caution An address parser can identify the number of missing zeros by separating the two parts and
filling in zeros until the 128 bits are completed. However, if two double colons are placed in
the address, there is no way to identify the size of each block of zeros. Therefore, only one
double colon is possible in a valid IPv6 address.
The use of the double-colon technique makes many addresses very small; for example,
ff01:0:0:0:0:0:0:1 becomes ff01::1. The unspecified address is written as a double colon
because it contains only zeros.
The figure shows the use of the double colon to represent multiple contiguous 16-bit chunks of
zeros in an IPv6 address.
In the incorrect example, the parser cannot tell whether the missing bits (three16-bit sections)
are apportioned with 16 bits at the first double colon and 32 bits at the last double colon, or
some other combination.
Unicast Address
Network Prefix Interface ID
64 bits
128 bits
Multicast Address
FFx y Group ID
112 bits
Flags
Scope
Unicast addresses identify a single interface. The address consists of 64 bits for the network
prefix and 64 bits for the interface ID.
The network prefix identifies the particular network, and the interface ID in the IPv6 unicast
address is used to identify the interface on a link. The interface IDs can also be thought of as
the host portion of an IPv6 address and must be unique on that link. These IDs may also be
unique over a broader scope—when the ID is derived directly from the data link layer address
of the interface (for example, IEEE 802 MAC), the scope of that ID is assumed to be universal
(global).
Interface IDs are always 64 bits long and can be created dynamically, based on Layer 2
addresses such as Ethernet MAC addresses.
Multicast addresses identify a set of interfaces. A multicast address is made up of the first 8 bits
of all ones, a 4-bit flag field, a 4-bit scope field, and a 112-bit group ID.
Mapping a Physical Address to a Network Address
This topic describes how a Layer 2 address is mapped to a Layer 3 address.
I need the MAC I heard that broadcast.

address of I am 172.16.3.2. Here is
172.16.3.2. my MAC address.
IP: 172.16.3.2 = ???
IP: 172.16.3.2 = Ethernet: 0800.0200.1111
Map IP Ethernet
Local ARP
In order to send data to a destination on the local LAN, a host on an Ethernet network must
know the physical (MAC) address of the destination host. ARP provides the essential service of
mapping network (IP) addresses to physical addresses on a network. In reference to the OSI
layers, the ARP operations are generally thought of as being somewhere between data link and
network layers (Layers 2 and 3).
The term “address resolution” refers to the process of binding the network layer IP address of a
remote device to its locally reachable, data link layer MAC address. The address is considered
resolved when ARP broadcasts the known information—the target destination IP address and
its own IP address. All of the devices on the Ethernet segment receive the broadcast. When the
target recognizes itself by reading the contents of the ARP request packet, it responds with the
required MAC address in its ARP reply. The address resolution procedure is completed when
the originator receives the ARP reply packet from the destination host, which contains the
required destination MAC address. The originator updates its table that contains all of the
current IP-to-MAC address bindings. This table is usually called the ARP cache or ARP table.
The ARP table is used to maintain a correlation between each IP address and its corresponding
MAC address.
The bindings in the ARP table are kept current by a process of aging-out unused entries after a
period of inactivity. The default time for this aging is usually 300 seconds (5 minutes). This
short timeout ensures that the table does not contain information for systems that may be
switched off or that have been moved.
If no device responds to the ARP request, the packet is dropped because an Ethernet frame
cannot be created without knowing the destination MAC address.

ARP Table
This topic describes the Address Resolution Protocol and how an ARP table is built.
C:\>arp –a
Interface: 192.168.1.27 --- 0xb

Internet Address Physical Address Type
192.168.1.25 00-26-bb-57-1e-7e dynamic
192.168.1.100 00-1a-a2-44-cf-20 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
224.0.0.253 01-00-5e-00-00-fd static
239.255.255.250 01-00-5e-7f-ff-fa static
Each IP device on a network segment maintains a table in memory that is called the ARP table
or ARP cache. This table maps the IP addresses of other devices on the network with their
physical (MAC) addresses. Each entry, or row, of the ARP table has a pair of values: an IP
address and a MAC address. The relationship between the two values is a map—it simply
means that you can locate an IP address in the table and discover the corresponding MAC
address. The ARP table caches the mapping for the devices on the local LAN.
When a host wants to transmit data to another host on the same network, it searches the ARP
table to see if there is an entry. If there is an entry, the host will use it; but if there is not, the
ARP will be used to get an entry.
The ARP table entries are usually created and maintained dynamically. It adds and changes
address relationships as they are used on the local host. The entries in an ARP table expire after
a certain period (300 seconds by default). However, when the local host wants to transmit data
again, the entry in the ARP table is regenerated through the ARP process.
The ARP table entries can also be statically (manually) defined. For example, the first two
entries in the figure are learned dynamically while the remaining entries were statically defined.
Host-to-Host Communication
This topic presents a simple host-to-host data transfer between two hosts on the same network
segment and illustrates the ARP process in more details.
Application: Network, can you set up a

reliable connection to 192.168.3.2 for me?
Transport: I will use TCP.
Transport: TCP, set up a

session to 192.168.3.2.
TCP: IP, send this TCP SYN to 192.168.3.2.
TCP
SYN
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
In this example, an application on the host with a Layer 3 address of 192.168.3.1 wants to send
some data to the host with a Layer 3 address of 192.168.3.2 on the local LAN. The application
wants to use a reliable transport layer connection. The application requests this service from the
transport layer.
The transport layer selects TCP to set up the session. TCP initiates the session by passing a
TCP header with the SYN bit set and the destination Layer 3 address (192.168.3.2) to the IP
layer.

IP: Layer 2, send this packet
to 192.168.3.2.
Layer 2: ARP, do you have a

mapping for 192.168.3.2?
ARP: Is 192.168.3.2 in my ARP table? No, I

guess Layer 2 will have to put the packet in
the parking lot until I do an ARP.
SRC IP DST IP TCP

192.168.3.1 192.168.3.2 SYN
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The IP layer encapsulates the TCP SYN flag in a Layer 2 packet by prepending the local Layer
3 address and the destination Layer 3 address that IP received from TCP. IP then passes the
packet to Layer 2.
Layer 2 needs to encapsulate the Layer 3 packet into a Layer 2 frame. To perform this
encapsulation, Layer 2 needs to map the Layer 3 destination address of the packet to its MAC
address. Layer 2 does this mapping by requesting a mapping from the ARP table.
The host checks its ARP table. In this example, the host has not communicated with the other
host yet, so there is no entry in its ARP table. This results in Layer 2 holding the packet until
the ARP process can provide a mapping.
Parking Lot
Packet
ARP: First comes the ARP request. It will
state: “I am 192.168.3.1 with a MAC address
of 0800:0222:2222. Are you 192.168.3.2?”
ARP: Layer 2, send this request using our

MAC as the source MAC and a broadcast
as the destination MAC.
Layer 2: Message sent.
ARP
Request
ARP SRC MAC DST MAC
Request 0800:0222:2222 Broadcast
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The ARP process builds an ARP request and passes it to Layer 2. The ARP process instructs
Layer 2 to send the ARP request to the broadcast MAC address. Layer 2 encapsulates the ARP
request in a Layer 2 frame. This Layer 2 frame contains the broadcast MAC address that is
provided by the ARP process as the destination MAC address, and the local MAC address as
the source address.
Layer 2 sends the ARP request to host 192.168.3.2.

Parking Lot
Packet
Layer 2: I just received a frame with a

broadcast MAC address, so I will process it.
The protocol ID indicates that the packet
belongs to ARP. Let me strip the Layer 2
header and send it to ARP.
ARP SRC MAC DST MAC

Request 0800:0222:2222 Broadcast
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
When host 192.168.3.2 receives the frame, it notes the broadcast address, which means it can
process the frame. The host examines the Layer 2 header, which indicates that this is an ARP
packet, so the host strips the Layer 2 encapsulation and forwards it to the ARP process.
Parking Lot
Packet
Layer 2: ARP, here is

something for you.
ARP: I just received an ARP request

from 192.168.3.1. Let me add its IP and
MAC addresses to my ARP table. Now I
can respond to the request.
ARP
Request
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The remaining ARP request is passed to the ARP.

The ARP process on host 192.168.3.2 updates its own ARP table with the information that is
found in the ARP request (192.168.3.1 maps to the 0800:0222:2222 MAC address).
Parking Lot
Packet
ARP: The ARP reply will state that I
am 192.168.3.2 with a MAC address
of 0800:0222:1111.
ARP: Layer 2, send this reply using our MAC

address as the source MAC and
0800:0222:2222 as the destination MAC.
Layer 2: Message sent.

ARP
Reply
DST MAC SRC MAC ARP
0800:0222:2222 0800:0222:1111 Reply
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
ARP builds a response and passes it to Layer 2. ARP tells Layer 2 to send the response to the
MAC address 0800:0222:2222 (host 192.168.3.1). The ARP reply will indicate to host
192.168.3.1 that the 192.168.3.2 IP address maps to the MAC address 0800:0222:1111.
Layer 2 encapsulates the ARP reply in a Layer 2 frame by using the destination MAC address
that is provided by the ARP process and the local source MAC address.

Parking Lot
Packet
Layer 2: I just received a frame with my MAC

address, so I will process it. The protocol ID
indicates that the packet belongs to ARP.
Let me strip the Layer 2 header and send it
to ARP.
DST MAC SRC MAC ARP

0800:0222:2222 0800:0222:1111 Reply
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
When host 192.168.3.1 receives the frame, it notes that the destination MAC address is the
same as its own MAC address, so it processes the frame. The host examines the Layer 2 header,
which indicates that this is an ARP packet, so the host strips the Layer 2 encapsulation and
forwards it to the ARP process.
Parking Lot
Packet
Layer 2: ARP, here is

something for you.
ARP: I just received an ARP reply from

192.168.3.2. Let me add its IP and MAC
addresses to my ARP table.
ARP
Reply
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
Layer 2 passes the remaining ARP reply to the ARP process.

The ARP process on host 192.168.3.1 updates its ARP table.
ARP: Layer 2, I have 192.168.3.2 mapped to
0800:0222:1111.
Layer 2: I can now send out

that pending packet.
TCP DST IP SRC IP SRC MAC DST MAC

SYN 192.168.3.2 192.168.3.1 0800:0222:2222 0800:0222:1111
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The ARP process on host 192.168.3.1 passes the mapping to Layer 2.

Layer 2 can now send the pending Layer 2 frame out to host 192.168.3.2 by using the
destination MAC address of 0800:0222:1111.

TCP: I need to send a SYN
ACK to the TCP SYN that I
received.
TCP
SYN
SRC IP DST IP TCP

192.168.3.1 192.168.3.2 SYN
DST MAC SRC MAC SRC IP DST IP TCP

0800:0222:1111 0800:0222:2222 192.168.3.1 192.168.3.2 SYN
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
When host 192.168.3.2 receives the frame, it notes that the destination MAC address is the
same as its own MAC address, so it processes the frame. The host examines the Layer 2 header,
which indicates that this is an IP packet, so the host strips the Layer 2 encapsulation and
forwards it to the IP (Layer 3) process. The host examines the Layer 3 (IP) header, which
indicates that this is a TCP packet, so the host strips the Layer 3 encapsulation (IP header) and
forwards it to the TCP (Layer 4—transport layer) process.
TCP: Send this message.
SYN
ACK
DST MAC SRC MAC SRC IP DST IP SYN

0800:0222:2222 0800:0222:1111 192.168.3.2 192.168.3.1 ACK
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The TCP process on host 192.168.3.2, in response to the SYN, passes a SYN ACK down the
stack to be encapsulated. The SYN ACK is sent to host 192.168.3.1.
TCP: I received the ACK.
SYN
ACK
SRC IP DST IP SYN

192.168.3.2 192.168.3.1 ACK
DST MAC SRC MAC SRC IP DST IP SYN

0800:0222:2222 0800:0222:1111 192.168.3.2 192.168.3.1 ACK
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
At host 192.168.3.1, the frame is passed up the stack, where encapsulation is removed. The
SYN ACK is passed to the TCP process.
TCP: I need to let the other end know that I

received the SYN ACK to complete the
session establishment.
TCP
ACK
TCP DST IP SRC IP SRC MAC DST MAC

ACK 192.168.3.2 192.168.3.1 0800:0222:2222 0800:0222:1111
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The host 192.168.3.1 must inform the neighbor that a SYN ACK arrived. The TCP ACK is sent
to the host 192.168.3.2.

Layer 4: Application, I have
your session set up.
Application: OK, I will send

you some data.
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
Now that the three-way handshake has been completed, TCP can inform the application that the
session has been established.
Application: Here is the data.
APP
DATA
TCP APP
SEQ = 3 DATA
SRC IP DST IP TCP APP

192.168.3.1 192.168.3.2 SEQ = 3 DATA
DST MAC SRC MAC SRC IP DST IP TCP APP

0800:0222:1111 0800:0222:2222 192.168.3.1 192.168.3.2 SEQ = 3 DATA
APP TCP DST IP SRC IP SRC MAC DST MAC

DATA SEQ = 3 192.168.3.2 192.168.3.1 0800:0222:2222 0800:0222:1111
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The application can now send the data over the session, relying on TCP for error detection and
reliable transfer.
TCP: Application, here is
some data.
APP
DATA
TCP APP
SEQ = 3 DATA
SRC IP DST IP TCP APP

192.168.3.1 192.168.3.2 SEQ = 3 DATA
DST MAC SRC MAC SRC IP DST IP TCP APP

0800:0222:1111 0800:0222:2222 192.168.3.1 192.168.3.2 SEQ = 3 DATA
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The host 192.168.3.2 receives the frame with the application data. The frame is passed up the
stack, where encapsulation is removed and application data is delivered to the correct
application.
TCP: I need to send an ACK

to the data that I received.
ACK = 4
SEQ = 3
DST MAC SRC MAC SRC IP DST IP ACK = 4

0800:0222:2222 0800:0222:1111 192.168.3.2 192.168.3.1 SEQ = 3
Layer 3 = 192.168.3.1 Layer 3 = 192.168.3.2

Layer 2 = 0800:0222:2222 Layer 2 = 0800:0222:1111
The TCP process on the destination host acknowledges the data that it has received. The data
exchange will continue until the application stops sending data.

Host-Based Tools: ping
This topic describes the Windows ping command.
C:\>ping example.com
Pinging example.com [192.0.34.166] with 32 bytes of data:
Reply from 192.0.34.166: bytes=32 time=19ms TTL=45

Ping statistics for 192.0.34.166:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 19ms, Average = 18ms
The ping command is a utility for testing IP connectivity between hosts. It sends out requests
for responses from a specified host address. The ping command uses a Layer 3 protocol that is
a part of the TCP/IP suite called Internet Control Message Protocol (ICMP), and it uses the
ICMP echo request and ICMP echo reply packets.
If the host at the specified address receives the ICMP echo request, it responds with an ICMP
echo reply packet. For each packet sent, the ping command measures the time that is required
to receive the reply. As each response is received, the ping command displays the time between
the request being sent and when the response is received. By using interval timing and response
rates, the ping command estimates the round-trip time (RTT), generally in milliseconds, and
the packet-loss rate between hosts. This RTT is a measure of the network performance.
ping [-t] [-a] [-n Count] [-l Size] [-f] [-i TTL] [-v TOS] [-r Count] [-s Count] [{-j HostList | -k
HostList}] [-w Timeout] [TargetName] [/?]
The table lists the most commonly used ping Windows command parameters.
Commonly Used Parameters of the ping Windows Command
Parameter Description
-t Specifies that the ping command should continue sending ICMP echo request
messages to the destination until it is interrupted. To interrupt and display
statistics, press Ctrl-Break. To interrupt and quit ping, press Ctrl-C.
-n Count Specifies the number of ICMP echo request messages sent. The default is 4.
-l Size Specifies the length of the data field in the ICMP echo request messages that are
sent in bytes. The default size is 32. The maximum size is 65,527.
/? Displays help at the command prompt.
Host-Based Tools: arp
This topic describes the Windows arp command.
C:\>arp –a
Interface: 192.168.1.27 --- 0xb

Internet Address Physical Address Type
192.168.1.25 00-26-bb-57-1e-7e dynamic
192.168.1.100 00-1a-a2-44-cf-20 dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
224.0.0.253 01-00-5e-00-00-fd static
239.255.255.250 01-00-5e-7f-ff-fa static
The arp Windows command displays and modifies entries in the ARP cache that are used to
store IP addresses and their resolved Ethernet physical (MAC) addresses. As shown in the
figure, the arp Windows command lists all devices that are currently in the ARP cache. The
information that is displayed for each device includes the IP address, physical (MAC) address,
and the type of addressing (static or dynamic).
The cache can be cleared by using the arp -d Windows command if the network administrator
wants to repopulate the cache with updated information.
arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s
InetAddr EtherAddr [IfaceAddr]] [/?]

The table lists the arp Windows command parameters.
Parameters of the arp Windows Command
-a [InetAddr] [-N Displays current ARP cache tables for all interfaces. To display the
IfaceAddr] ARP cache entry for a specific IP address, use arp -a with the
InetAddr parameter, where InetAddr is an IP address. To display the
ARP cache table for a specific interface, use the -N IfaceAddr
parameter where IfaceAddr is the IP address that is assigned to the
interface.
Note The -N parameter is case-sensitive.
-g [InetAddr] [-N Identical to -a.

IfaceAddr]
-d InetAddr Deletes an entry with a specific IP address. To delete an entry in a
[IfaceAddr] table for a specific interface, use the IfaceAddr parameter, where
IfaceAddr is the IP address that is assigned to the interface. To
delete all entries, use the asterisk (*) wildcard character in place of
InetAddr.
-s InetAddr EtherAddr Adds a static entry to the ARP cache that resolves the IP address
[IfaceAddr] InetAddr to the physical address EtherAddr. To add a static ARP
cache entry to the table for a specific interface, use the IfaceAddr
parameter where IfaceAddr is an IP address that is assigned to the
interface.
/? Displays help at the command prompt. The arp Windows command

that is used without parameters displays help as well.
Host-Based Tools: tracert
This topic describes the Windows tracert command.
C:\>tracert yahoo.com
Tracing route to yahoo.com [66.94.234.13]

over a maximum of 30 hops:
1 1 ms 1 ms 1 ms rtp-username-vpn.cisco.com [10.83.2.161]
2 67 ms 59 ms 57 ms rtp5-access-sdg1-t10.cisco.com [10.82.96.2]
3 58 ms 58 ms 57 ms rtp5-access-gw1-vlan100.cisco.com [10.83.100.9]
4 58 ms 58 ms 57 ms rtp7-bb-gw1-ge5-8.cisco.com [10.81.254.117]
5 60 ms 59 ms 57 ms rtp5-rbb-gw1-ge4-2.cisco.com [10.81.254.181]
6 59 ms 58 ms 58 ms rtp7-dmzbb-gw1.cisco.com [64.102.241.135]
7 60 ms 60 ms 58 ms rtp1-isp-gw1-g1-2.cisco.com [64.102.254.193]
8 59 ms 58 ms 58 ms rtp5-isp-ssw1-v110.cisco.com [64.102.254.174]
9 59 ms 59 ms 58 ms rtp5-isp-ssw1-v151.cisco.com [64.102.254.249]
10 60 ms 60 ms 59 ms rtp1-isp-gw1-v100.cisco.com [64.102.254.165]
11 64 ms 66 ms 65 ms sl-gw20-rly-1-0.sprintlink.net [144.232.244.209]
12 64 ms 66 ms 68 ms sl-bb20-rly-3-2.sprintlink.net [144.232.14.29]
13 66 ms 64 ms 65 ms sl-bb24-rly-9-0.sprintlink.net [144.232.14.122]
14 66 ms 66 ms 69 ms sl-st22-ash-5-0.sprintlink.net [144.232.20.155]
15 67 ms 68 ms 67 ms te-4-2.car4.Washington1.Level3.net [4.58.111.169]
16 67 ms 127 ms 68 ms ae-2-54.bbr2.Washington1.Level3.net [4.68.121.97]
17 136 ms * 137 ms as-1-0.bbr2.SanJose1.Level3.net [64.159.0.242]
18 134 ms 136 ms 133 ms ae-23-52.car3.SanJose1.Level3.net [4.68.123.45]
19 142 ms 135 ms 135 ms 4.71.112.14
20 133 ms 134 ms 134 ms ge-3-0-0-p271.msr2.scd.yahoo.com [216.115.106.191]
21 135 ms 135 ms 135 ms ten-2-3-bas1.scd.yahoo.com [66.218.82.221]
22 136 ms 136 ms 135 ms w2.rc.vip.scd.yahoo.com [66.94.234.13]
Trace complete.
The traceroute is a utility that allows observation of the path between two hosts. Use the
tracert Windows command to observe the path between two hosts.
The trace generates a list of hops that are successfully reached along the path. This list provides
important verification and troubleshooting information. If the data reaches the destination, the
trace lists the interface on every router in the path. If the data fails at some hop along the way,
the address of the last router that responded to the trace is known. This address is an indication
of where the problem or security restrictions reside.
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_host
The table lists the tracert Windows command parameters.
Parameters of the tracert Windows Command
-d Denies resolution of addresses to hostnames.
-h maximum_hops Specifies the maximum number of hops to search for the target.
-j host-list Specifies the loose source route along the host-list.
-w timeout Waits the number of milliseconds specified by the timeout value for
each reply.
target_host Specifies the name or IP address of the target host.

Summary
• As a reference model, the OSI model provides an extensive list of

functions and services that can occur at each of its seven layers.
• The physical layer defines the electrical, mechanical, procedural, and
functional specifications for a physical link.
• The data link layer, defines how data is formatted for transmission and
how access to the physical media is controlled.
• The network layer provides connectivity and path selection between two
host.
• The transport layer defines services to segment, transfer, and
reassemble the data for individual communications between the end
devices.
• The session layer establishes, manages, and terminates sessions
between two communicating hosts.
• The presentation layer ensures that the information that is sent at the
application layer of one system is readable by the application layer of
another system.
• The application layer provides network services to the applications.

• TCP/IP is a protocol stack like OSI and is widely used today.
• Layers in TCP/IP model correspond to layers in OSI model with some
layers being combined.
• The protocols at each layer exchange packets of information called
protocol data units
• As application data is passed down the protocol stack on its way to be
transmitted across the network media, various protocols add information
to it at each level. This is commonly known as the encapsulation
process.
• The MAC address is a 48-bit number usually represented in
hexadecimal format.
• The IP protocol determines where packets of data are routed based on
their destination IP addresses.
• The IPv4 address is a 32-bit number that is represented in decimal
format.
• The IPv6 address is a 128-bit number that is represented in
hexadecimal format.
• ARP is responsible for mapping of IPv4 addresses to physical
addresses.
• The ARP table caches the mapping for the devices on the local LAN.
• Before two hosts can exchange traffic using TCP, TCP has to establish
connection using three-way handshake.
• The ping command is a utility for testing IP connectivity between hosts.
• The arp Windows command displays and modifies entries in the ARP
cache.
• The traceroute is a utility that allows observation of the path between
two hosts.

Lesson 3
Managing IP Addressing
Overview
There are various aspects to IP addressing, including calculations for constructing an IP
address, classes of IP addresses that are designated for specific routing purposes, and public
versus private IP addresses.
Although manual assignment of IP address information is possible, it does not scale and is a
barrier to deployment and maintenance of networks. Therefore, protocols for the automatic
assignment of IP address information have evolved and now provide this essential function
without end-user intervention. This lesson describes how IP address protocols function.
Objectives
Upon completing this lesson, you will be able to list the sequence of steps that are used by IP
operations to manage IP addresses. This ability includes being able to meet these objectives:
 List the different types of the IP addresses
 Describe the IPv4 addresses reserved by the IANA for special use
 Describe private and public IPv4 addresses.
 Describe the IPv6 address formats and types
 Describe the IPv6 link-local unicast address
 Describe generic IPv6 unicast addresses
 Describe unique local IPv6 unicast addresses
 Describe special-purpose IPv6 unicast addresses
 Describe multicast IPv6 addresses
 Describe anycast IPv6 addresses
 Describe the IPv4 header format
 Describe the IPv6 header format
 Compare the IPv4 and IPv6 header formats
 Describe IPv6 address assignment
 Describe stateless IPv6 address autoconfiguration
 Describe DHCPv6
 Describe ICMP
 Describe the ICMP types used in IPv4 and IPv6
 Describe how ICMP is used in the IPv6 neighbor discovery process
 Verify the IPv4 and IPv6 address of a host
 Describe how to enable IPv6 on a Windows PC
 Describe the ipconfig command
 Describe the basic purpose of a DNS
 Describe the supported DNS objects
 Describe the DNS hierarchy
Types of IPv4 Addresses
This topic describes the different types of the IP addresses.
Class A: The first bit is fixed.

0xxxxxxx . Host . Host . Host
Class B: The first 2 bits are fixed.

10xxxxxx . Network . Host . Host
Class C: The first 3 bits are fixed.

110xxxxx . Network . Network . Host
Class D: The first 4 bits are fixed.

1110xxxx . . Multicast .
Class E: The first 4 bits are fixed.

1111xxxx . . Experimental .
Assigning IPv4 addresses to classes is known as classful addressing. The classes were
determined during the early days of the Internet by the Internet Assigned Numbers Authority
(IANA).
Each IPv4 address is broken down into a network ID and the host ID. In addition, a bit or bit
sequence at the start of each address determines the class of the address. There are five
IPv4address classes:
 Class A: Class A address block is designed to support extremely large networks with more
than 16 million host addresses. The Class A address uses only the first octet (8 bits) of the
32-bit number to indicate the network address. The remaining three octets of the 32-bit
number are used for host addresses. The first bit of a Class A address is always “0.” Any
address that starts with a value between 1 and 127 in the first octet of the 32-bit number is a
Class A address. In this address, 127 is the reserved first octet for loopback addresses, such
as the 127.0.0.1 address that is assigned to a PC.
 Class B: Class B address space is designed to support the needs of moderate- to large-size
networks with more than 65,000 hosts. The Class B address uses two of the four octets (16
bits) to indicate the network address. The remaining two octets specify host addresses. The
first two bits of the first octet of a Class B address are always binary 10. Any address that
starts with a value in the range of 128 to 191 in the first octet is a Class B address.
 Class C: Class C address space is the most commonly available among all address classes.
This address space is intended to provide addresses for small networks with a maximum of
254 hosts. In a Class C address, the first three octets (24 bits) of the IP address identify the
network portion, with the remaining octet reserved for the host portion. A Class C address
begins with binary 110. If an address contains a number in the range of 192 to 223 in the
first octet, it is a Class C address.

 Class D: Class D addresses are reserved for multicast. Multicast is a mechanism for
defining groups of nodes and sending IP messages to that group rather than to every node
on the LAN (broadcast) or just one other node (unicast).Multicast is mainly used on
research networks.
Class D addresses should not be used by ordinary nodes on the Internet.
 Class E: Similar to Class D addresses, Class E addresses are also reserved and should not
be used. Some research organizations use Class E addresses for experimental purposes.
However, nodes that try to use these addresses on the Internet will be unable to
communicate properly.
 Class E also includes the limited broadcast address 255.255.255.255. A broadcast involves
delivering a message from one sender to many recipients. Senders direct an IP broadcast to
255.255.255.255 to indicate that all other nodes on the local network should pick up that
message. This broadcast is “limited” in that it does not reach every node on the Internet,
only nodes on the LAN.
Technically, IP reserves the entire range of addresses from 255.0.0.0 through

255.255.255.255 for broadcast, and this range should not be considered part of the normal
Class E range.
The table lists the range of host addresses within each class.
Range of Host Addresses Within IPv4 Address Classes
Class Range of Host Addresses
Class A 1.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255
Class D 224.0.0.0 to 239.255.255.255
Class E 240.0.0.0 to 255.255.255.255
Reserved IPv4 Address
This topic describes the IPv4 addresses reserved by the IANA for special use.
IPv4 addresses reserved by IANA for special use:

• Network address
• Directed broadcast address
• Local broadcast address
• Local loopback address
• Autoconfiguration IP addresses
• Network ID
• Host ID
Certain IP addresses are reserved by the IANA and cannot be assigned to individual devices on
a network. These reserved addresses include a network address, which is used to identify the
network itself, and a broadcast address, which is used for broadcasting packets to all of the
devices on a network.
Network Address
The network address is a standard way to refer to a network. An IP address that has binary
zeros in all of the host bit positions is reserved for the network address, as in these examples:
 10.0.0.0 is an example of a Class A network. This network contains, for example, the host
10.1.2.3. All hosts in the 10.0.0.0 will have the same network bits.
 172.16.0.0 is an example of a Class B network.
 192.16.1.0 is an example of a Class C network.
A router uses the network IP address when it searches its IP route table for the destination
network location.
The decimal numbers that fill the first two octets in a Class B network address are assigned.
The last two octets contain zeros because those 16 bits are for host numbers and are used for
devices that are attached to the network. An example of an IP address for a device in the
172.16.0.0 network is 172.16.16.1. In this example, 172.16 is the network address portion and
16.1 is the host address portion.

Directed Broadcast Address
The broadcast IP address is a special address for each network that allows communication to all
of the hosts in that network. To send data to all of the hosts in a network, a host can send a
single packet that is addressed to the broadcast address of the network. The broadcast address
uses the highest address in the network range. This is the address in which the bits in the host
portion are all ones. For the network 10.0.0.0 with eight network bits, the broadcast address
would be 10.255.255.255. This address is also referred to as the directed broadcast.
For the 172.16.0.0 network, the broadcast that would be sent out to all of the devices on that
network would include a destination address of 172.16.255.255.
The directed broadcast is capable of being routed. However, for some versions of the Cisco IOS
software, routing directed broadcasts is not the default behavior.
Local Broadcast Address

If an IP device wants to communicate with all of the devices on the local network, it sets the
destination address to all ones (that is, 255.255.255.255) and transmits the packet. For example,
hosts that do not know their network number and are asking a server for it may use this address.
The local broadcast is never routed.
Local Loopback Address

A local loopback address is used to let the system send a message to itself for testing. The
loopback address creates a shortcut method for TCP/IP applications and services that run on the
same device to communicate with one another. A typical local loopback IP address on an IP
end-host is 127.0.0.1.
Autoconfiguration IP Addresses
IPv4 addresses in the address block 169.254.0.0 to 169.254.255.255 are designated as link-local
addresses. These addresses can be automatically assigned to the local host by the operating
system in environments where no IP configuration is available. This address can be used only
for local network connectivity and operates with many caveats, one of which is that it will not
be routed. You will mostly see this address as a failure condition when a PC fails to obtain an
address via DHCP.
Network ID
The network portion of an IP address is also referred to as the network ID. This is important
because most hosts on a network can directly communicate only with devices in the same
network. If the hosts need to communicate with devices that have interfaces that are assigned to
another network ID, they must go through a network device that can route data between the
networks. This is true even when the devices share the same physical media segment.
A network ID enables a router to put a packet onto the appropriate network segment. The host
ID helps the router deliver the Layer 2 frame encapsulating the packet to a specific host on the
network. As a result, the IP address is mapped to the correct MAC address, which is needed by
the Layer 2 process on the router to address the frame.
Host ID
The host address component (host ID) identifies a specific endpoint. These endpoints are the
servers, computers, and other devices that are connected to the network. Host IDs are assigned
to individual devices (end-user devices, printers, network devices, and so on).
Private and Public IPv4 Addresses
This topic describes private and public IPv4 addresses.
Class Private Address Ranges

Class A 10.0.0.0–10.255.255.255
Class B 172.16.0.0–172.31.255.255
Class C 192.168.0.0–192.168.255.255
Class Public Address Ranges

Class A 1.0.0.0–9.255.255.255
11.0.0.0–126.255.255.255
Class B 128.0.0.0–172.15.255.255
172.32.0.0–191.255.255.255
Class C 192.0.0.0–192.167.255.255
192.169.0.0–223.255.255.255
Private IPv4 Addresses

Some networks connect to each other through the Internet, while others are private.
While Internet hosts require a globally unique IP address, private hosts that are not connected
to the Internet can use any valid address, as long as it is unique within the private network.
However, because many private networks exist alongside public networks, grabbing “just any
address” is strongly discouraged.
In 1994, the IETF released an RFC 1597 document (Address Allocation for Private Internets),
which stated that many organizations used TCP/IP and IP addresses, yet remained unconnected
to the Internet. RFC 1597 was updated to RFC 1918 (Address Allocation for Private Internets)
and suggested that a block of the available IPv4 address space could be set aside for private
networks. Private networks that needed IPv4 for application support without requiring
connectivity to the Internet could simply use addresses from those IPv4 addresses that were
allocated for private use.
Three blocks of IPv4 addresses (one Class A network, 16 Class B networks, and 256 Class C
networks) are designated for private, internal use. The table shows the address ranges for each
class. Addresses in these ranges are not routed on the Internet backbone. Internet routers are
configured to discard private addresses.
Private IPv4 Addresses
Class Private Address Range
Class A 10.0.0.0–10.255.255.255
Class B 172.16.0.0–172.31.255.255
Class C 192.168.0.0–192.168.255.255

When addressing a nonpublic intranet, these private addresses can be used instead of globally
unique addresses.
When a network that is using private addresses must connect to the Internet, it is necessary to
translate the private addresses to public addresses. This translation process is called Network
Address Translation (NAT). A router is often the network device that performs NAT.
Public IPv4 Addresses

Public IPv4 addresses are used for the hosts that are publicly accessible from the Internet.
Internet stability depends directly on the uniqueness of publicly used network addresses.
Therefore, a mechanism is needed to ensure that addresses are, in fact, unique. This mechanism
was originally managed by an organization that is known as Internet Network Information
Center (InterNIC), which was later succeeded by IANA.
To obtain an IP address or block of addresses, you must contact an ISP. The ISP will then
contact its upstream registry or its appropriate Regional Internet Registry (RIR) at one of these
organizations:
 African Network Information Center (AfriNIC)
 Asia Pacific Network Information Center (APNIC)
 American Registry for Internet Numbers (ARIN)
 Latin American and Caribbean Network Information Center (LACNIC)
 Réseaux IP Européens Network Coordination Centre (RIPE NCC)
With the rapid growth of the Internet, public IP addresses began to run out. With the IANA
exhaustion on January 31, 2011, and the APNIC exhaustion on April 15, 2011, some parts of
the world have already exhausted their IPv4 allocations, and the remaining RIRs are expected
to deplete their pools within a few years. Some mechanisms, such as NAT, classless
interdomain routing (CIDR), variable-length subnet masks (VLSMs), and IPv6 were developed
to help solve the problem.
IPv6 Address Formats and Types
This topic describes the IPv6 address formats and types.
• Unicast:
- Link-local addresses
- Global unicast addresses
- Unique local addresses
- Special-purpose unicast:
• Unspecified
• Loopback
• IPv4-mapped
• Multicast
• Anycast
• No support for broadcast addresses in IPv6
IPv6 supports three types of addresses:

 Unicast (one to one)
 Multicast (one to many)
 Anycast (one to nearest)
Each address type has specific rules regarding its construction and use.
IPv6 unicast addresses can be aggregated with prefixes of arbitrary bit length, like IPv4
addresses under CIDR.
There are several types of unicast addresses in IPv6, including link-local addresses, global
addresses, unique local addresses, and site-local addresses (deprecated). There are also some
special-purpose subtypes of global unicast, such as the unspecified address, loopback address,
and IPv6 addresses with embedded IPv4 addresses. Additional address types or subtypes might
be defined in the future.
IPv6 has no support for broadcast addresses in the way that they are used in IPv4. Instead,
specific multicast addresses (such as the all-nodes multicast address) are used.
A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, or
multicast).

Link-Local IPv6 Unicast Addresses
This topic describes the IPv6 link-local unicast address.
• Have a scope limited to the link

• Are automatically configured with the interface identifier
• When used, must be paired with outgoing interface information
128 bits
0 Interface ID
64 bits
1111 1110 10
FE80::/10
10 bits
All IPv6-enabled interfaces must have a link-local address.

Link-local addresses are used for addressing on a single link, so they have a scope that is
limited to the link. Link-local addresses are created dynamically on all IPv6 interfaces by using
a specific link-local prefix, fe80::/10 and a 64-bit interface ID.
Link-local addresses are used for automatic address configuration, neighbor discovery, and
router discovery. Many routing protocols also use the link-local addresses.
Link-local addresses can serve as a way to connect devices on the same local network, without
requiring global or unique local addresses.
When communicating with a link-local address, you must specify the outgoing interface
because every interface connects to fe80::/10.
Global IPv6 Unicast Addresses
This topic describes generic IPv6 unicast addresses.
• Global unicast addresses are addresses for generic use of IPv6.

• Interface identifier should be kept at 64 bits.
Provider Site Interface
Global Routing Prefix Subnet ID Interface ID

n bits m bits 128-n-m bits
Global unicast addresses correspond to the principal use of IPv6 addresses for generic global
IPv6 traffic and consume the most important part of the address space.
The structure of a global unicast address is as follows:
 A global routing prefix, typically a /48, is assigned to a site.
 A subnet ID, typically 16 bits, is used to identify links within a site.
 The interface ID, which is typically 64 bits long, identifies the interface of the node. The
interface ID can be of arbitrary length but should be kept at 64 bits for several reasons:
— Stateless autoconfiguration of hosts depends on the 64-bit length of the interface ID.
— Some operating systems, such as Microsoft Windows XP, do not allow the changing
of the default network mask.
— Because of the greater length of addresses in IPv6, some hardware platforms might
be limited to hardware-assisted forwarding of prefixes that are as long as 64 bits.
Longer prefixes are processed in software.
Examples of global addresses can be found in RFC 3587 (IPv6 Global Unicast Address
Format). The structure that is proposed in this document provides for aggregation of routing
prefixes to limit the number of entries in the global routing table.

Unique Local IPv6 Unicast Addresses
This topic describes unique local IPv6 unicast addresses.
• FC00::/7:
- FC00::/8 planned to be globally managed
- FD00::/8 assigned locally by network administration
• For network in which only internal IPv6 communication is required
• Not routable on the Internet
Prefix Random Identifier Site Interface
FD00::/8 Global ID Subnet ID Interface ID

8 bits 40 bits 16 bits 64 bits
Unique local addresses were designed as a replacement for site-local addresses, specifically to
resolve some scoping issues. Unique local addresses have a site-specific scope but are almost
globally unique; that is, they are highly unlikely to have an address-space conflict.
The structure of a unique local address is as follows:
 The 8-bit fd00::/8 prefix:
— They are not allocated by an address registry and may be used in networks by
anyone without outside involvement.
— The fc00::/8 block has been proposed to be managed by an allocation authority.
 A 40-bit random identifier:
— Random identifier is a pseudo-random global ID (the least significant 40 bits from
the result of Secure Hash Algorithm 1[SHA-1]; 64-bit time of day plus extended
universal identifier [EUI]-64)
 A 16-bit subnet ID to identify the subnet within the site
 A 64-bit interface ID
Unique local addresses are defined in RFC 4193 (Unique Local IPv6 Unicast Addresses).
These addresses are used specifically to address implementation problems with the use of site-
local addresses, as well as address space conflicts that such use might cause. Unique local
addresses also provide an IP addressing mechanism for organizations that prefer the concept of
private address space for most internal communications and as part of their security policy
architecture.
Today, many companies use RFC 1918 addresses within their organizations. Network
engineers tend to gravitate toward the 10.0.0.0/8 reserved block. This practice leads to
problems when companies merge. The IETF was concerned that the same issue would arise
with site-local addresses, so it designed unique local addresses to introduce a large random
component (random identifier) into the nonroutable prefix space. There is almost no chance of
a prefix collision when two merging companies use properly self-allocated unique local address
prefixes.

Special-Purpose IPv6 Unicast Addresses
This topic describes special-purpose IPv6 unicast addresses.
• Unspecified address:
- 0:0:0:0:0:0:0:0
- Used as a placeholder when no address is available (initial DHCP request, DAD)
• Loopback address:
- 0:0:0:0:0:0:0:1
- Same as 127.0.0.1 in IPv4
• IPv4-mapped addresses:
- Used to represent the addresses of IPv4 nodes as IPv6 addresses
- Used for next-hop representation in Cisco 6PE and 6VPE
- Used in network stacks when both address families are processed internally as IPv6
0 FFFF IPv4 Address

80 bits 16 bits 32 bits
0:0:0:0:0:ffff:192.0.2.100 = ::ffff:192.0.2.100 = ::ffff:c000:0246
An unspecified address (0:0:0:0:0:0:0:0, or simply ::) is used on a network only as a source

address for special purposes. An unspecified address is a placeholder when no address is
available. For example, an unspecified address is used when a host requests an address to a
DHCP server or when a Duplicate Address Detection (DAD) packet is sent. An unspecified
address should never be the source address of an IPv6 packet, and routers must not forward
packets with an unspecified source.
The loopback address (0:0:0:0:0:0:0:1, or simply ::1) identifies a local interface in the IP stack.
This address is the IPv6 equivalent of the IPv4 127.0.0.1 loopback.
IPv4-mapped addresses are IPv6 addresses that represent IPv4 addresses. On a dual-stack node
(that is, a node that supports both IPv6 and IPv4), an IPv6 application that sends traffic to a
destination that is represented by an IPv4-mapped IPv6 address will send IPv4 packets to that
destination.
In most cases, the IPv4-mapped addresses are used inside the dual-stack node application
programming interface (API; see RFC 2133, Basic Socket Interface Extensions for IPv6). RFC
2765 (Stateless IP/ICMP Translation Algorithm [SIIT]) specifies a transition mechanism in
which IPv4-mapped addresses are used in IPv6 packets. Dual-stack nodes often internally treat
IPv4 addresses as IPv4-mapped addresses in order to process IP addresses as 128 bits. Syslog
entries on a dual-stack system that logs IPv4 addresses are often logged as IPv4-mapped 128-
bit addresses. These entries are also used for next-hop representation with the Cisco IPv6
Provider Edge Router over Multiprotocol Label Switching (MPLS) (Cisco 6PE) and IPv6 on a
VPN to Provider Edge Router (Cisco 6VPE) when an IPv4 address is used for the next hop of
an IPv6 prefix.
Multicast IPv6 Addresses
This topic describes multicast IPv6 addresses.
• Multicast is used in the context of one-to-many.

• Explicit multicast scope is a new concept in IPv6.
8 bits
F F
1111 1111
112 bits
FFx y Group ID
Flags: 4 Bits = “0”, “R”, “P”, “T”

Scope: 1 = Interface-local
Flags Scope 2 = Link-local
3 = Subnet-local
8 bits
4 = Admin-local
5 = Site-local
8 = Organization
E = Global
A multicast address identifies a group of interfaces. Traffic that is sent to a multicast address is
sent to multiple destinations at the same time. An interface may belong to any number of
multicast groups. Multicast is used in the core of many functions in IPv6.
Multicast addresses identify a set of interfaces. The address is made up of the first 8 bits of all
ones, a 4-bit flag field, a 4-bit scope field, and a 112-bit group ID:
 The first octet of all ones identifies the address as a multicast address (in other words,
multicast addresses are defined by the prefix ff00::/8).
 The second octet defines the flags and the scope of the multicast address:
— The Flags field identifies whether the multicast address is a well-known address or
whether it is a transient multicast address. Flags are defined as 0RPT, and these
conditions apply:
 0 is reserved and must equal 0.
 R indicates rendezvous point and is almost always set to 0.
 P indicates prefix dependency and is almost always set to 0.
 T is the temporary bit. For a temporary multicast address, T equals 1; for a
permanent multicast address, T equals 0.
Note If R equals 1, P and T must also equal 1.
— The Scope field identifies the scope of the multicast address:

 The scope parameter equals 1 for the scope of the interface (loopback
transmission).

 The scope parameter equals 2 for the link scope (like the unicast link-local
scope).
 The scope parameter equals 3 for the subnet-local scope, in which subnets may
span multiple links.
 The scope parameter equals 4 for the administrative-local scope
(administratively configured).
 The scope parameter equals 5 for the site scope.
 The scope parameter equals 8 for the organizational scope (multiple sites).
 The scope parameter equals E for the global scope.
Note For example, a multicast address that starts with ff02::/16 is a permanent multicast address
with a link-local scope.
 The 112-bit group ID identifies the multicast group.
Multicast is frequently used in IPv6 and replaces broadcast. There is no broadcast in IPv6.
There is no Time to Live (TTL) in IPv6 multicast. The scoping is defined inside the address.
Anycast IPv6 Addresses
This topic describes anycast IPv6 addresses.
• Used in the context of one-to-nearest

• Assigned to more than one interface
• Allocated from the unicast address space
• Indistinguishable from regular unicast addresses
• Must be explicitly configured as anycast on the node
• All nodes with the same anycast address should behave the same way
Prefix Interface ID
n bits 128-n bits
An IPv6 anycast address is assigned to an interface on more than one node. When a packet is
sent to an anycast address, it is routed to the nearest interface that has that address. The nearest
interface is found according to the measure of distance (metric) of the particular routing
protocol. All nodes that share the same address should behave the same way so that the service
is offered similarly regardless of the node that services the request.
The idea of anycast in IP was proposed in 1993. For IPv6, anycast is defined as a way to send a
packet to the nearest interface that is a member of the anycast group. This technique enables a
type of mechanism that can discover the nearest node of a specific group.
Anycast addresses are allocated from the unicast address space, so they are indistinguishable
from the unicast address. When the anycast addresses are assigned to a node interface, the node
must be explicitly configured to know that the address is an anycast address.
There is little widespread experience with anycast usage. The router-subnet anycast and the
mobile IPv6 home agent anycast are among the few anycast addresses that are currently
assigned.
Tip The root Domain Name System (DNS) servers use IPv4 anycast. There are 13 root server
addresses, but a much larger number of widely dispersed hosts provide DNS services.
Anycast is a powerful function of IP networks and is probably underused today.

IPv4 Header Format
This topic describes the IPv4 header format.
Version IHL Type of Service Total Length

Identification Flags Fragment Offset
TTL Protocol Header Checksum 20 Octets
Source Address
Destination Address
Variable
Options Padding
Length
Data Portion
32 bits
The header format for each IP packet carries crucial information for the routing and processing
of each packet payload. Header construction also plays an important role in the efficiency and
extensibility of the network.
The IPv4 header contains 12 fields. Following those 12 fields is an Options field of variable
length, and a data portion, which is usually the transport layer segment. The basic IPv4 header
has a size of 20 octets. The Options field increases the size of the IP header.
The following fields make up the IPv4 header:
 Version: This 4-bit field indicates the IP header format, which is based on the version
number. Version 4 is the current version; therefore, this field is set to 0100 (4 in binary) for
IPv4 packets. This field is set to 0110 (6 in binary) in IPv6 networks.
 IHL: Internet header length. This 4-bit field indicates the length of the header in 32-bit
words (4 bytes) so that the beginning of the data can be found in the IP header. The
minimum value for a valid header (five 32-bit words) is 5 (0101).
 Type of Service (ToS): This field is 8 bits in length. Quality of service (QoS) parameters
such as IP precedence or differentiated services code point (DSCP) are found in this field.
These are explained further in this chapter.
 Total Length: This 16-bit field represents the length of the datagram or packet in bytes,
including the header and data. The maximum length of an IP packet can be 216 – 1 =
65,535 bytes. Routers use this field to determine whether fragmentation is necessary by
comparing the total length with the outgoing maximum transmission unit (MTU).
 Identification: This 16-bit field identifies fragments for reassembly.
 Flags: This 3-bit field indicates whether the packet can be fragmented and whether more
fragments follow. Bit 0 is reserved and set to 0. Bit 1 indicates May Fragment (0) or Do
Not Fragment (1). Bit 2 indicates Last Fragment (0) or More Fragments to follow (1).
 Fragment Offset: This 13-bit field indicates (in bytes) where in the packet this fragment
belongs. The first fragment has an offset of 0.
 TTL: Time to Live. This 8-bit field indicates the maximum time that the packet is to
remain on the network. Each router decrements this field by 1 for loop avoidance. If this
field is 0, the packet must be discarded. This scheme permits routers to discard
undeliverable packets.
 Protocol: This 8-bit field indicates the upper-layer protocols like TCP, UDP, Internet
Control Message Protocol (ICMP), and so on.
 Header Checksum: Cyclic redundancy check (CRC) on IPv4 header only.
 Source Address: 32-bit sender IPv4 address.
 Destination Address: 32-bit receiver IPv4 address.
 IP options: This field is variable in length. The options provide for control functions that
are useful in some situations but unnecessary for the most common communications.
Specific options are security, loose source routing, strict source routing, record route, and
timestamp.
 Padding: This field is variable in length. It ensures that the IP header ends on a 32-bit
boundary.

IPv6 Header Format
This topic describes the IPv6 header format.
Version Traffic Class Flow Label

Payload Length Next Header Hop Limit
Source Address
40 Octets
Destination Address
Next Header
Variable
Extension Header Information
Length
Data Portion
32 bits
The IPv6 header has 40 octets. The IPv6 header has fewer fields, compared to the IPv4 header,
and the header is aligned on 64-bit boundaries to enable fast processing by current and next-
generation processors. Address fields are four times larger than in IPv4.
The IPv6 header contains eight fields:
 Version: This 4-bit field contains the number 6, instead of the number 4 as in IPv4.
 Traffic Class: This 8-bit field is like the Type of Service (ToS) field in IPv4. IPv6 nodes
can mark the packet with a traffic class that can be used in differentiated services.
Differentiated services functionalities are the same in IPv6 and IPv4.
 Flow Label: This new field has a length of 20 bits and is used to mark individual traffic
flows with unique values, which routers can use to provide per-flow nondefault treatment.
 Payload Length: This 16-bit field is like the Total Length field in IPv4, but because the
IPv6 base header is a fixed size, this field describes the length of the payload only, not of
the entire packet.
 Next Header: The value of this 8-bit field determines the type of information that follows
the basic IPv6 header. This field can be a transport layer packet, such as TCP or UDP, or it
can be an extension header, as shown in the figure. The Next Header field is like the
Protocol field in IPv4 but has been renamed to reflect the more general usage—it may point
to a Layer 3 IPv6 extension header rather than a Layer 4 protocol.
 Hop Limit: This 8-bit field specifies the maximum number of hops that an IP packet can
traverse. Each hop or router will decrease this field by one.
Note IPv6 renames the TTL field to Hop Limit because the term more closely reflects the way that
the field is used. The original design of IP (as described in RFC 791 [Internet Protocol—
DARPA Internet Program Protocol Specification]) called for all clocks on the network to be
synchronized and for the TTL to be measured in seconds. This design was later seen as
impractical, and the TTL field began to be used as a simple hop counter, in which packets
are discarded if the hop count is decremented to zero before the final delivery.
 Source Address: This field of 16 octets or 128 bits identifies the source of the packet.
 Destination Address: This field of 16 octets or 128 bits identifies the destination of the
packet.
Following these eight fields are the extension headers, if any. The number of extension headers
is not fixed, so the total length of the extension header chain is variable.

IPv4 and IPv6 Header Comparison
This topic compares the IPv4 and IPv6 header formats.
IPv4 Header IPv6 Header

Version IHL ToS Total Length Version Traffic Class Flow Label
Identification Flags Fragment Offset Payload Length Next Header Hop Limit
TTL Protocol Header Checksum
Source Address
Source Address
Destination Address
Options Padding
Legend: Destination Address
Field Field name kept from IPv4 to IPv6
Field Field not kept in IPv6
Field Field name and position changed in IPv6
Field New field in IPv6
IHL = Internet Header Length

ToS = Type of Service
The figure shows that the number of fields in the IPv6 header has decreased significantly from
the number of fields in the IPv4 header. The new IPv6 header is thus simpler than the IPv4
header:
 Half of the previous IPv4 header fields have been removed. This enables simpler
processing of the packets, enhancing the performance and routing efficiency.
 All fields are aligned to 64 bits, which enables direct storage and access in memory by fast
lookups.
 There is no checksum. Not only is the space in the header reused, but more importantly, the
routers in the path do not do recalculation, which also provides routing efficiency.
These and other enhancements improve hardware-based processing, which provides scalability
of the forwarding rate for the next generation of high-speed networks. This benefit, however,
remains to be seen because 128-bit addresses are larger than the word-size of the current
processors. This situation results in more lookups to obtain the complete 128-bit address.
Assigning Addresses in IPv6
This topic describes IPv6 address assignment.
• Static assignment:
- Manual interface ID assignment
- EUI-64 interface ID assignment
• Dynamic assignment
- Stateless autoconfiguration:
- DHCPv6 (stateful)
/23 /32 /48 /64
2001 0DB8 Interface ID
Registry
ISP Prefix
Site Prefix
Subnet Prefix
IP hosts need to know the information like IP address, default gateway, DNS servers,
hostname, and so on, before they can communicate with other hosts. There are several methods
for assigning IPv4 addresses. Most common are manual assignment and automatic assignment
by using DHCP protocol. IPv6 changes the mechanisms for learning some of these facts,
compared to IPv4. At the same time, several other types of IPv6 addresses are used by the new
IPv6 protocols.
IPv6 addresses use interface IDs to identify interfaces on a link. The interface ID can be treated
as the host portion of an IPv6 address. Interface IDs are required to be unique on a specific link.
Interface IDs are always 64 bits long and can be dynamically derived from a Layer 2 address
(MAC).
There are several ways to assign an IPv6 address to a device:
 Static assignment by use of a manual interface ID
 Static assignment by use of an EUI-64 interface ID
 Dynamic assignment by use of a stateless autoconfiguration
 Dynamic assignment by use of a DHCPv6 (stateful autoconfiguration)
One way to statically assign an IPv6 address to a device is to manually assign both the prefix
(network) and interface ID (host) portion of the IPv6 address.
Another way to statically assign an IPv6 address is to configure the prefix portion of the IPv6
address and derive the interface ID portion from the Layer 2 MAC address of the device, which
is known as the EUI-64 interface ID.

The management of the IPv6 address allocation process is delegated to IANA. Its main function
is the assignment of large address blocks to the RIRs, which have the delegated task of
allocation to service providers and Local Internet Registries (LIRs).
The IANA has allocated 2001::/16 for initial IPv6 unicast use, and each RIR gets several /23
prefixes from the IANA. Further, RIRs allocate a /32 prefix to service providers. It is
recommended that service providers allocate a /48 prefix to each end customer. Since the prefix
length for IPv6 subnet is always /64, a customer has 65536 (216) subnets available to use.
Stateless IPv6 Autoconfiguration
This topic describes stateless IPv6 address autoconfiguration.
• Often uses Layer 2 identifier (derived from OUI)

• Autoconfiguration with no collisions
• “Plug-and-play”
MAC Address:
00:2c:04:00:fe:56
1 Router Solicitation (RS)

request prefix
Router sends network-type

2
information (prefix, default
route, etc.)
3 Host autoconfigured address:

prefix received + 64-bit
interface ID
Having a much larger address space available, IPv6 engineers designed a way to enable
autoconfiguration of the addresses while still keeping the global uniqueness. A router on the
local link will send network-type information, such as the prefix of the local link and the
default route, to all the nodes on the local link. A host can autoconfigure itself by appending its
data link layer address (in a special 64-bit EUI-64 format) to the local link prefix (64 bits). This
autoconfiguration results in a complete 128-bit IPv6 address that is usable on the local link and
is, most likely, globally unique. To avoid the rare event of address collision, a process is
enabled to detect duplicate addresses.
Autoconfiguration enables “plug-and-play,” which connects devices to the network without any
configuration and without any stateful servers (such as DHCP servers). Autoconfiguration is an
important feature for enabling deployment of new devices on the Internet, such as cell phones,
wireless devices, home appliances, networks, and so on.
Autoconfiguration can be accomplished in two ways:
 Stateless, via neighbor discovery and router advertisements
 Stateful, by use of a DHCPv6 server
The difference between the two is that with the stateful method, a record is kept of which hosts
are assigned which addresses. The stateless method maintains no such records. Hosts use
stateless autoconfiguration to receive base information (in some cases) along with an indication
of whether additional configuration settings are available via a DHCP server. This can include
the IP options in addition to autoconfigure hardware such as IP phones, wireless access points,
video endpoints, and so on.

The figure illustrates the stateless autoconfiguration steps:
Step 1 The PC configures its link-local address and sends a router solicitation to request a
prefix for stateless autoconfiguration.
Step 2 The router replies with a router advertisement, including prefix information.
Step 3 The host is autoconfigured with a 128-bit IPv6 address.
DHCPv6
This topic describes DHCPv6.
DHCPv6 is an updated version of DHCP for IPv4:

• Supports new addressing
• Enables more control than stateless autoconfiguration
• Can be used for renumbering
• Can be used for automatic domain-name registration of hosts by using
DDNS
DHCPv6 is an updated version of DHCP for use with IPv6. It supports the addressing model of
IPv6 and benefits from new IPv6 features:
 Enables more control than serverless or stateless autoconfiguration
 Can function in a routerless environment, using only servers
 Can be used concurrently with stateless autoconfiguration
 Can be used for renumbering
 Can be used for automatic domain name registration of hosts by use of the Dynamic
Domain Name System (DDNS)
 Was ratified in RFC 3315 (Dynamic Host Configuration Protocol for IPv6 [DHCPv6]) in
July 2003

Internet Control Message Protocol
This lesson describes ICMP.
The ICMP packet is identified as 1 in the Protocol field of the IPv4 header
and 58 in the Next Header field of the IPv6 header.
IP Basic Header
ICMP Packet
ICMP Type ICMP Code Checksum
ICMP Data
ICMP plays an important role in troubleshooting networks, facilitating simple tools (such as
ping), or determining that a packet could not reach its destination. ICMP messages have also
been leveraged for abusive purposes, such as denial of service (DoS) attacks.
ICMP enables nodes to make diagnostic tests and report problems. It implements two kinds of
messages:
 Error messages such as Destination Unreachable, Packet Too Big, or Time Exceeded
 Informational messages such as Echo Request and Echo Reply
The ICMP packet is identified as 1 in the Protocol field of the IPv4 header and 58 in the Next
Header field of the IPv6 header. An ICMP packet is like a transport layer packet in the sense
that it is the last chunk of information in the IP packet. However, ICMP is part of IP; it is not a
Layer 4 protocol. Inside the ICMP packet, the ICMP Type field identifies the type of the ICMP
message. The ICMP Code field further details the specifics of this type of message. For the
receiver to check the integrity of the ICMP packet, the Checksum field is computed over the
ICMP packet and some fields in the IP header. The ICMP Data field contains information that
is sent to the receiver for diagnostics or information purposes.
ICMPv6 is used in the path MTU mechanism in which an ICMPv6 message of the Packet Too
Big type is sent back to the path MTU discoverer. This message contains the MTU of the next
link. This process enables the path MTU mechanism at the origin to resend the packet with the
received MTU from the ICMPv6 message.
ICMPv4 is often blocked by security policies in corporate firewalls because of known attacks
that are based on ICMP. ICMPv6 is no different in this context, but it has the ability to use IP
Security (IPsec) authentication and encryption if a security association exists between the
parties. These security services decrease the possibilities of an attack that is based on ICMPv6.
ICMP Type
This topic describes the ICMP types used in IPv4 and IPv6.
ICMP Type IPv4 IPv6

Destination Unreachable 3 1
Packet Too Big - 2
Fragmentation Needed 3 -
Time Exceeded 11 3
Parameter Problem 12 4
Echo Request 8 128
Echo Reply 0 129
An ICMP type 3 (in IPv4) or 1 (in IPv6) error message is used to report destination-
unreachable conditions. The code provides granularity to the source node to determine why the
packet could not reach its destination.
Note ICMPv6 error messages can be sent back to the source node by any intermediate node on
the network. Unlike a successful Echo Request and Echo Reply exchange, which is end-to-
end, ICMPv6 error messages are sent by the node that encounters the problem. Therefore,
if a packet is undeliverable at any point in the path, that node will use its own IPv6 source
address to send the error message, which has impacts on firewalls and other infrastructure
devices.
An ICMP type 2 (in IPv6 only) error message is an integral piece of the Path Maximum
Transmission Unit Discovery (PMTUD) process and should not be blocked on a network.
Note IPv4 also uses ICMP messages to implement PMTUD. The difference is that in IPv4 the
node that sends the Packet Too Big message cannot specify the optimal forward MTU of the
next hop but can only report that the current packet is too large.
An ICMP type 11 (in IPv4) or 3 (in IPv6) error message indicates Time Exceeded, which in
one case means that the hop limit has been reached. There are two codes:
 0 indicates Hop Limit Exceeded.
 1 indicates Fragment Reassembly Time Exceeded.

An ICMP type 12 (in IPv4) or 4 (in IPv6) error message indicates Parameter Problem. As with
other ICMP error messages, a portion of the invoking packet that caused this error is included
in the ICMP message.
The ping application uses Echo Request packets to probe for active systems. The Echo Reply
packet is the return response that is sent by a node that receives the Echo Request.
ICMP in the IPv6 Neighbor Discovery
This topic describes how ICMP is used in the IPv6 neighbor discovery process.
• How does IP acquire the Layer 2 address of a neighbor?

- Known network layer address, unknown data link layer address
- IPv4 uses ARP
- IPv6 uses neighbor discovery
• Neighbor discovery:
- Queries for duplicate addresses
- Determines the data link layer address of a neighbor
- Finds neighbor routers on link
- Is achieved by using ICMPv6 with IPv6 multicast
Neighbor discovery is used on-link for router solicitation and advertisement, for neighbor
solicitation and advertisement (acquisition of data link layer addresses for IPv6 neighbors), and
for the redirection of nodes to the best gateway.
Neighbor discovery is a process that enables these functions:
 Determines the data link layer address of a neighbor on the same link, like the Address
Resolution Protocol (ARP) does in IPv4
 Finds neighbor routers
 Keeps track of neighbors
Neighbor discovery achieves these results by using ICMP with multicast addresses.
ICMP Message Type 133: Router Solicitation

A node needs its address in the early stage of the boot process. Instead of waiting for the next
router advertisement to get the information to configure its interfaces, a node sends an ICMP
message type 133, which is identified as Router Solicitation message. This message asks the
routers on the network to reply immediately with a router advertisement so that the node can
immediately autoconfigure.
ICMP Message Type 134: Router Advertisement

Router advertisements are sent periodically. All the routers respond with a normal Router
Advertisement message that has the all-nodes multicast address as the destination address.

ICMP Message Type 135: Neighbor Solicitation
Neighbor solicitation is a process of determining the data link layer address of a neighbor. This
function is similar to ARP in IPv4.
The ICMP message type 135, which is identified as Neighbor Solicitation, is sent on the link.
The source address is the IPv6 address of the source node, if known. The destination address is
the solicited-node multicast address that corresponds to the IPv6 address of the destination
node. The message also includes the data link layer address of the source node so that the
destination node can use that address immediately.
ICMP Message Type 136: Neighbor Advertisement

Neighbor advertisement works with neighbor solicitation. When the destination node receives
an ICMP message type 135, it responds with an ICMP message type 136, which is identified as
Neighbor Advertisement, on the link. The source address of the responding message is the IPv6
address of the destination node, and the destination address is the IPv6 address of the source
node, because it is the answer. The data portion includes the data link layer address of the
destination node, which is redundant, and the data link layer address that is included in the
frame. After receiving the answer, the source node and the destination node can communicate
on the link because the data link layer addresses are known to both.
ICMP Message Type 137: Redirect Message

A router sends a Redirect Message to signal the rerouting of a packet to a better on-link router.
The host that receives this message reroutes future packets via the better router. This process is
equivalent to the ICMP redirect function in IPv4.
Verifying the IP Address of a Host
This topic describes how to verify the IPv4 and IPv6 address of a host.
Most operating systems provide a series of tools that can be used to verify the host addressing.
On a PC with the Microsoft Windows 7 operating system, you can set and view the IP address
that is configured by browsing to the Control Panel > Network and Internet > Network
Connections and reviewing properties of the desired connection. In this example, the PC is
configured to obtain the address from a DHCP server.
Note Different versions of the Microsoft Windows operating system provide the TCP/IP
information on different locations.

Enabling IPv6 on Windows
This topic describes how to enable IPv6 on a Windows PC.
GUI configuration for IPv6 is similar to IPv4 configuration. The figure shows a sample empty
configuration of the IPv6 protocol. An IPv6 address can be configured statically or acquired
automatically. When configuring a static address, you need to specify the IP address, prefix
length, and default gateway. There is no netmask setting; the prefix length is used instead.
DNS servers are still listed. For any additional DNS servers or other settings, click the
Advanced button.
The ipconfig Command
This topic describes the ipconfig command.
C:\Users\username>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PCUSER

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
<...part of the output omitted...>
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-15-58-2F-21-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:db8::0215:582f:21e6(Preferred)
Temporary IPv6 Address. . . . . . : 2001:db8::1234:5678(Preferred)
Link-local IPv6 Address . . . . . : fe80::0215:582f:21e6%10(Preferred)
IPv4 Address. . . . . . . . . . . : 209.165.200.251(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Lease Obtained. . . . . . . . . . : 29. August 2011 7:59:08
Lease Expires . . . . . . . . . . : 30. August 2011 7:59:07
Default Gateway . . . . . . . . . : fe80::1%10
209.165.200.226
<...rest of the output omitted...>
The ipconfig command can be used to display all current TCP/IP network configuration values
at the command line of a Windows computer. By using different parameters, the command can
also be used to refresh DHCP and DNS settings. Used without parameters, ipconfig displays
the IP address, subnet mask, and default gateway for all adapters.
ipconfig [/all] [/renew [adapter]] [/release [adapter]] [/flushdns] [/displaydns] [/registerdns]
[/showclassid adapter] [/setclassid adapter [classID]]
Commonly used parameters are as follows:
 /all: Displays the complete TCP/IP configuration for all adapters. Without this parameter,
ipconfig displays only the IP address, subnet mask, and default gateway values for each
adapter. Adapters can represent physical interfaces such as installed network adapters or
logical interfaces such as dialup connections.
 /renew [adapter]: Renews DHCP configuration for all of the adapters (if an adapter is not
specified) or for a specific adapter if the Adapter parameter is included. This parameter is
available only on computers with adapters that are configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that appears when you
use ipconfig without parameters.
 /release [adapter]: Sends a DHCPRELEASE message to the DHCP server to release the
current DHCP configuration and discard the IP address configuration for either all of the
adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is
included. This parameter disables TCP/IP for adapters that are configured to obtain an IP
address automatically. To specify an adapter name, type the adapter name that appears
when you use ipconfig without parameters.
 /?: Displays help at the command prompt.

The ipconfig command also displays the IPv6 addresses before the IPv4 addresses and
indicates the type of IPv6 address by use of the following labels:
 IPv6 Address: A global address with a permanent interface ID.
 Temporary IPv6 Address: A global address with a randomly derived interface ID that has
a short valid lifetime.
 Link-local IPv6 Address: A link-local address with its corresponding zone ID (the
interface index).
 Site-local IPv6 Address: A site-local address with its corresponding zone ID (the site ID).
Note By default, the interface names containing an asterisk (*) are tunneling interfaces.
Domain Name System
This topic describes basic purpose of a DNS.
• TCP/IP suite application layer protocol

• A way to translate human-readable names into IP addresses
What is the IP address of

www.cisco.com?
DNS is a distributed Internet directory service that is used to translate between domain names
and IP addresses, between IP addresses and domain names, to control Internet email delivery,
and more. This topic describes the function of DNS.
In data networks, devices are labeled with numeric IP addresses so that they can participate in
sending and receiving messages over the network. However, most people have a difficult time
remembering this numeric address. Therefore, domain names were created to convert the
numeric address into a simple, recognizable name.
The DNS was created for domain names to address resolution for these networks. DNS uses a
set of servers to resolve the names that are associated with these numbered addresses. The DNS
protocol defines an automated service that matches resource names with the required numeric
network address.

DNS-Supported Objects
This topic describes the supported DNS objects.
• Several types of DNS objects

exist: Node 1
node1.example.com
- A, AAAA, PTR, MX, etc. 192.168.201.23
• Two DNS issues exist for
IPv6:
- IPv6 record support
- IPv6 transport support
• DNS uses A for IPv4 and
AAAA for IPv6 forward
lookups
Node 5
node5.example.com
2001:db8:0:1abc:cc5::55b1
Examples of A and AAAA records:

node1.example.com. IN A 192.168.201.23
node5.example.com. IN AAAA 2001:db8:0:1abc:cc5::55b1
The DNS servers maintain a database for holding the relations between domain names (such as
http://www.example.com) and IP addresses. This information is stored in DNS databases in the
form of records. Depending on the record type (quad-A [AAAA], A, MX, and so on), different
information is stored. An MX record, for example, stores the IP address of the mail server for
that domain (for example, http://mail.example.com).
Two types of lookups are used most in DNS:
 Forward lookups provide resolution from a domain name to an IP or IPv6 address.
 Reverse lookups provide resolution from an IP address to a domain name.
Record Types
There are several types of objects in a DNS record about a domain. These include several types
of records:
 A records: For IPv4 name-to-address lookups
 AAAA records: For IPv6 name-to-address lookups
 MX records: For the IP address of the mail server
To support IPv6 in DNS, make these two updates to the DNS client and server systems:
 Update to accept IPv6 record formats.
 Update to run over both IPv6 and IPv4 transport.
These updates do not have to happen at the same time. Early DNS implementations often
support the new AAAA records, but run only over IPv4 transport. These early systems will
work only for dual-stack clients and servers. An IPv6-only implementation would not work
because DNS would not use IPv6 transport.
Here are the three records or formats for IPv6:
 Forward lookups
 Nibble format (reverse lookups)
 Bitwise format (reverse lookups)—deprecated
Bitwise format is no longer recommended and has been moved to experimental status, but some
implementations still deploy it.
Forward Lookups
Forward lookups (name to address) are completed via the AAAA record (quad A), which is the
address record for IPv6 DNS. This record links a hostname to a 128-bit address, which is the
forward lookup record.
Here are examples of A and AAAA records:
node1.example.com. IN A 192.168.201.23
node5.example.com. IN AAAA 2001:db8:0:1abc:cc5::55b1
There were A6 records to resolve an IPv6 address from a name; however, they are deprecated.
AAAA records are used instead.
• Reverse lookups:
- IPv6 uses PTR records for Node 4
reverse lookups, similar to node4.example.com
2001:db8:0:1abc:cc5::25e4
IPv4, but with the new nibble
format
Node 5
node5.example.com
2001:db8:0:1abc:cc5::55b1
Examples of Nibble-Formatted Records:

$ORIGIN c.b.a.1.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
4.e.5.2.0.0.0.0.0.0.0.0.5.c.c.0 14400 IN PTR node4.example.com.
1.b.5.5.0.0.0.0.0.0.0.0.5.c.c.0 14400 IN PTR node5.example.com.
Reverse lookups (address to name) are still accomplished by use of the pointer (PTR) record.
There are two formats for address representation: one recommended and one deprecated, which
is not recommended.

The nibble format is preferred. It uses the top-level domain “ip6.arpa” (initially the top-level
domain was called “ip6.int,” but that convention was deprecated in RFC 4159 and no longer
needs to be maintained). Notice that in the following example, that address representation is
backward, with each 4-bit position (one hexadecimal character) separated by a “.” (dot). There
is no compressed format for the address, so you cannot eliminate leading zeros.
$ORIGIN c.b.a.1.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
4.e.5.2.0.0.0.0.0.0.0.0.5.c.c.0 14400 IN PTR
node4.example.com.
1.b.5.5.0.0.0.0.0.0.0.0.5.c.c.0 14400 IN PTR
node5.example.com.
The bitwise, or “bitlabel,” format is no longer preferred. The format was specified in RFC
2673, Binary Labels in the Domain Name System, in August 1999 as a proposed standard, but
was moved to experimental status by RFC 3363, Representing IPv6 Addresses in the Domain
Name System (DNS), in August 2002. Apparently, some DNS implementations were rejecting
the bitlabel format queries as “malformed,” rather than returning a PTR record (where one
existed) or “none found” (which would allow the querier to switch to nibble format and
proceed). Notice, in the following example, that this representation is forward-specified.
$ORIGIN \[x20010db800001abc/64].ip6.arpa
\[x0cc50000000025e4/64] 14000 IN PTR node4.example.com
\[x0cc50000000055b1/64] 14000 IN PTR node5.example.com
DNS Tree Structure
This topic describes the DNS hierarchy.
• IPv6 needs an updated version of a DNS server and client resolver.

• The DNS tree structure in IPv6 is identical to the one in IPv4:
- Root DNS server
- Top-level domain DNS server
- Authoritative DNS server for each particular domain
• From the operational perspective, there are three types of DNS servers:
- Primary
- Secondary
- Caching
• The majority of DNS root servers are accessible by using IPv6:
- Enabled end-to-end IPv6 communication without using IPv4 for
communication with the Root DNS server
- Removed the need for dual stack (from DNS perspective)
The hierarchy of DNS servers is best described with a tree. On the top of the hierarchy, are root
DNS servers (only 13 clusters of these servers exist in the world).
Below the root server are top-level domain DNS servers (TLDs), which resolve IP addresses
for top-level domains such as .com, .net, .org, .us, .uk, and so on.
Beneath TLD servers are authoritative servers for each domain. These resolve IP addresses
from their domains only (such as for http://example.com).
The IPv6 DNS tree structure is identical to the deployed structure for IPv4. Clients query local
caching servers, which locate the DNS server with the authoritative records for a given zone
through message exchange with a root DNS server. They then return records to the client (and
cache the information locally for near-term future use). Typically, a protocol-independent
application will query for both an A and an AAAA record, and then generally prefer the IPv6
path.
These major components of the DNS tree structure are included:
 Root DNS
 Primary authoritative DNS
 Secondary authoritative DNS
 Caching DNS (typically also deployed in sets; not a single machine)
 Client-based DNS resolver library
For redundancy and operational efficiency, there are primary and secondary DNS servers for
every hierarchy level and cache DNS servers that cache results of DNS queries within
enterprise networks.

• Authoritative primary and secondary DNS servers support both IPv6 and IPv4
records:
- Forward and reverse zones are rarely on the same system
- Reverse zones are often maintained by ISPs
• Caching DNS is typically provided by ISPs (for home or small business) or by
large enterprises for in-house clients.
PC1 PC2
node4.example.com node5.example.com
2001:db8:0:1abc:cc5::25e4 2001:db8:0:1abc:cc5::55b1 Root DNS–ISC CA USA
Primary DNS–Forward Secondary DNS–Forward IPv4: 192.168.79.201
SOA = example.com SO A = example.com IPv6: 2001:db8:e:53
2001:db8:400:200c 2001:db8:300:400a
192.168.2.20 192.168.2.20
Router
Cache
DNS A
Router
Root DNS–WIDE Tokyo
IPv4: 172.30.232.40
Primary DNS–Reverse Secondary DNS–Reverse IPv6: 2001:db8:f:3::35
SOA = 2001:db8:0::/48 SOA = 2001:db8:0::/48
2001:db8:700:abcd::1000 2001:db8:600:ef12::2000
192.168.2.130 192.168.2.140
PC3 Cache
node45.example2.com DNS B
Root DNS servers contain records that link domain names to their authoritative DNS servers.
There are currently 13 root DNS IP addresses (there are more than 13 servers—many addresses
are IPv4-anycast addresses and “front” a number of servers). The root DNS servers are not
uniformly addressable on their IPv6 addresses; some are reachable over IPv6 transport, but
several are still not.
Top-Level DNS servers resolve IP addresses for TLDs such as .com, .net, .org, .info, .biz, and
for country TLDs (ccTLDs) such as .us, .uk, .de, .hk, .au, and so on.
For a given domain, Authoritative Primary DNS servers contain the official records for hosts
within a given domain name. For reverse lookups, authoritative primary DNS servers contain
the official reverse-lookup records for the given IP address. Typically, the forward authoritative
DNS server is not the same host as the reverse authoritative DNS server.
Here are examples of records that are maintained on these DNS servers:
“node4.example.com” – 2001:db8:0:1abc:cc5::25e4
“2001:db8:0:1abc:cc5::25e4” – node4.example.com
For a given domain, Secondary DNS servers provide a backup in case the primary DNS server
fails. Secondary DNS servers periodically transfer records from the primary DNS server.
Caching DNS servers answer queries from client devices and help reduce the load on the
primary, secondary, and root DNS servers. No records are permanently maintained on caching
DNS servers. When a caching DNS server helps resolve a record on behalf of a client, it stores
the record locally in a cache for a time—to use when answering other clients asking for the
same record—before discarding it.
Client devices are IP nodes that use a DNS resolver to translate names to addresses and
addresses to names. Client devices are configured to point to multiple caching servers.
Summary
• There are five IPv4 address classes.

• Certain IPv4 addresses are reserved by the IANA and cannot be
assigned to individual devices on a network.
• Three blocks of IPv4 addresses are designated for private, internal use.
• IPv6 supports three types of addresses: unicast, multicast, and anycast.
• Link-local IPv6 addresses are used for automatic address configuration,
neighbor discovery, and router discovery.
• Global unicast IPv6 addresses are for generic use of IPv6.
• Unique IPv6 local addresses provide an IP addressing mechanism for
organizations that prefer the concept of private address space for
internal communications.
• An unspecified address (::) is used on a network only as a source
address for special purposes.
• Multicast IPv6 addresses uses the FF/8 range.
• An IPv6 anycast address is assigned to an interface on more than one

node.
• The IPv4 header carries crucial information for the routing of an IP
packet.
• The IPv6 header has 40 octets as opposed to IPv4 which has 20 octets.
• The IPv6 header is simpler than the IPv4 header in terms of header
fileds number.
• Global unicast IPv6 addresses can be assigned manually or dynamically
using stateless autoconfiguration or DHCPv6.
• Autoconfiguration enables plug-and-play, which connects devices to the
network without any configuration and without any stateful DHCP
servers.
• DHCPv6 is an updated version of DHCP for use with IPv6.
• ICMP plays an important role in troubleshooting networks, facilitating
simple tools, or determining that a packet could not reach its destination.

• ICMP provides different types of ICMP messages.
• In IPv6, ARP was replaced by neighbor discovery which uses ICMPv6.
• Most operating systems provide a series of tools that can be used to
verify the host addressing.
• An IPv6 address on the Windows host can be configured statically or
acquired automatically.
• The ipconfig command can be used to display all TCP/IP network
configuration values of a Windows computer.
• DNS is a distributed directory service that is used to translate between
domain names and IP addresses.
• Two types of lookups are used most in DNS: forward and reverse
lookups.
• On the top of the DNS hierarchy, are root DNS servers. Below the root
server are top-level domain DNS servers. Beneath TLD servers are
authoritative servers for each domain.
References
For additional information, refer to these resources:
 RFC 1597 (Address Allocation for Private Internets) at http://tools.ietf.org/html/rfc1597
 RFC 1918 (Address Allocation for Private Internets) at http://tools.ietf.org/html/rfc1918
 RFC 3587 (IPv6 Global Unicast Address Format) at http://tools.ietf.org/html/rfc3587
 RFC 4193 (Unique Local IPv6 Unicast Addresses) at http://tools.ietf.org/html/rfc4193
 RFC 2133 (Basic Socket Interface Extensions for IPv6) at http://tools.ietf.org/html/rfc2133
 RFC 2765 (Stateless IP/ICMP Translation Algorithm [SIIT]) at
http://tools.ietf.org/html/rfc2765
 RFC 791 (Internet Protocol—DARPA Internet Program Protocol Specification) at
 RFC 3315 (Dynamic Host Configuration Protocol for IPv6 [DHCPv6]) at
Lesson 4
Describing the TCP/IP

Transport Layer
Overview
The transport layer is responsible for the overall end-to-end transfer of application data. The
processes that are described in the Open Systems Interconnection (OSI) transport layer accept
data from the application layer and prepare it for addressing at the network layer. The transport
layer also encompasses functions to enable multiple applications to communicate over the
network at the same time on a single device.
For the Internet and internal networks to function correctly, data must be delivered reliably. In
the OSI and TCP/IP models, the transport layer manages the process of reliable data delivery.
The transport layer hides details of any network-dependent information from the higher layers
by providing transparent data transfer. The TCP/IP UDP and TCP operate between the network
layer and the application layer to hide details of any network-dependent information from the
application layer. This lesson describes the function of the transport layer and how UDP and
TCP operate.
Objectives
Upon completing this lesson, you will be able to explain the key functions of the transport
layer. You will also be able to explain the role of two TCP/IP transport layer protocols and their
functionalities, including reliability, port addressing, and segmentation. This ability includes
being able to meet these objectives:
 Explain the purpose and functions of the transport layer
 Compare reliable and best-effort network connections
 Describe UDP
 Describe TCP
 Describe the different TCP/IP applications
 Describe how TCP and UDP interact with the network and application layers
 Explain the UDP and TCP headers
 Describe the TCP three-way handshake
 Describe TCP connection teardown
 Describe the TCP flow control mechanisms
Transport Layer
Residing between the application and network layers, the transport layer is fundamental to the
operation of the TCP/IP layered network architecture. This topic describes the functions of the
transport layer.
• Session multiplexing
• Identification of different
applications
• Segmentation
• Flow control
(when required)
• Connection-oriented
(when required)
• Reliability (when required)
The network layer directs information to its destination, but it cannot guarantee that the
information will arrive in the correct order, free of errors, or even that it will arrive at all. The
two most common transport layer protocols of the TCP/IP protocol suite are TCP and UDP.
Both protocols manage the communication of multiple applications and provide
communication services directly to the application process on the host. The basic service that is
provided by the transport layer is tracking the individual communication between applications
on the source and destination hosts. This service is called session multiplexing and is performed
by both UDP and TCP. The premium service that is provided by the transport layer is ensuring
reliable delivery, which is performed only by TCP.
In addition, if TCP is used, the transport layer has the further responsibilities of establishing
end-to-end operations, segmenting data and managing each piece, reassembling the segments
into streams of application data, flow control, and applying reliability mechanisms.
Session Multiplexing
Session multiplexing is an activity in which a single computer with a single IP address is able
to have multiple sessions occur simultaneously. A session is created when a source machine
needs to send data to a destination machine. Most often, this process involves a reply, but a
reply is not mandatory. The session is created and controlled within the IP network application,
which contains the functionality of OSI Layers 5 through 7.
A best-effort session is very simple. The session parameters are sent to UDP. A best-effort
session sends data to the indicated IP address by use of the port numbers that are provided.
Each transmission is a separate event, and no memory or association between transmissions is
retained.
1-114 Building Cisco Service Provider Next Generation Networks, Part 1 (SPNGN1) v1.01 © 2012 Cisco Systems, Inc.
When using the reliable TCP service, a connection must first be established between the sender
and the receiver before any data can be transmitted. TCP opens a connection and negotiates
connection parameters with the destination. During data flow, TCP maintains reliable delivery
of the data and, when complete, closes the connection.
For example, you enter a URL for Cisco into the address line in the browser window, and the
Cisco site corresponding to the URL appears. With the Cisco site open, you can open the
browser again in another window and type in another URL. Two sites are open using only one
IP connection, because the session is sorting the separate requests that are based on the port
number.
Identification of Applications
In order to pass data streams to the proper applications, the transport layer must identify the
target application. To accomplish this, the transport layer assigns an identifier to an application.
The TCP/IP protocols call this identifier a port number. Each software process that needs to
access the network is assigned a port number that is unique in that host. This port number is
used in the transport layer header to indicate to which application that piece of data is
associated.
Segmentation
TCP takes data chunks from the application layers and prepares them for shipment onto the
network. Each chunk is broken up into smaller segments, which will fit the maximum
transmission unit (MTU) of the underlying network layers. UDP is simpler; it does no checking
or negotiating, and expects the application process to give it data that will work.
Flow Control
If a sender transmits data faster than the receiver can receive it, the receiver will drop the data
and require it to be retransmitted. Retransmission can waste time and network resources, which
is why most flow control methods try to maximize the transfer rate and minimize the
requirements to retransmit.
Basic flow implementation in TCP uses acknowledgments that are generated by the receiver.
For every data chunk sent, the sender waits for this acknowledgment from the receiver before
sending the next part. However, if the round-trip time (RTT) is significant, the overall
transmission rate may slow to an unacceptable level. A mechanism called windowing increases
network efficiency when combined with basic flow control. Windowing allows a receiving
computer to advertise how much data it is able to receive before transmitting an
acknowledgment to the sending computer.
Connection-Oriented Transport Protocol

Within the transport layer, a connection-oriented protocol, such as TCP, establishes the session
connection and then maintains the connection during the entire transmission. When the
transmission is complete, the session is terminated. This concept is covered in more detail in
the “Reliable vs. Best-Effort” topic.

Reliable vs. Best-Effort Comparison
This topic compares reliable and best-effort network connections.
Reliable Best-Effort
Connection Type Connection-oriented Connectionless
Protocol TCP UDP
Sequencing Yes No
Uses • Email • Voice streaming
• File sharing • Video streaming
• Downloading
“Reliable” and “best-effort” are terms that describe two different types of connections between
computers. Each type has advantages and disadvantages.
Reliability (Connection-Oriented)
TCP reliability has three main objectives:
 Recognition and correction of data loss
 Recognition and correction of duplicate or out-of-order data
 Avoidance of congestion in the network
Applications such as databases, web pages, and email require that all of the sent data arrive at
the destination in its original condition in order for the data to be useful. Any missing data
could cause a corrupt communication that is either incomplete or unreadable. Therefore, these
applications are designed to use a transport layer protocol that implements reliability.
Some applications that use TCP are as follows:
 Web browsers
 Email
 File transfers
TCP is the reliable protocol at the transport layer. To support the reliable part of TCP operation,
a connection is established. Establishing a connection ensures that the application is ready to
receive the data. During the initial process of connection establishment, an exchange of
information about the capabilities of the receiver and agreement of starting parameters is made.
These parameters are then used for the tracking of the data transfer for the duration of the
connection.
When the sending computer transmits data, it gives the data a sequence number. The receiver
then responds with an acknowledgment number equal to the next expected sequence number.
This exchange of sequence and acknowledgment numbers allows the protocol to recognize
when data gets lost or duplicated, or arrives out of order. TCP is a complex transport layer
protocol, and this module provides only a very high-level discussion of the TCP operational
details.
Best-Effort (Connectionless)
Reliability is not always necessary. For example, in a video stream, if a packet is dropped and
then retransmitted, it will appear out of order. This disruption may appear as distortion in the
image, but may not even be noticeable to the user. Generally, in real-time applications, such as
voice and video streaming, dropped packets can be tolerated, as long as the overall percentage
of dropped packets is low.
Some applications that use UDP are as follows:
 DNS
 Video streaming
 VoIP
UDP, being best-effort, does not need or want to keep information about previously sent data.
Therefore, UDP does not need to establish any connection with the receiver; thus the term
“connectionless.” There are many situations in which this type of connection is more desirable
than a reliable one. A connectionless protocol is desirable for applications that require faster
communication without verification of receipt.

UDP Characteristics
This topic describes UDP.
• Operates at the transport layer of the OSI model and the TCP/IP stack
• Provides applications with access to the network layer without the
overhead of reliability mechanisms
• Is a connectionless protocol
• Provides limited error checking
• Provides best-effort delivery
• Has no data-recovery features
UDP is a simple protocol that provides the basic transport layer functions. A description of
UDP includes these characteristics:
 UDP operates at Layer 4 (transport layer) of the OSI model and the TCP/IP stack.
 UDP provides applications with access to the network layer without the overhead of
reliability mechanisms.
 Like IP, UDP is a connectionless protocol in which a one-way datagram is sent to a
destination without advance notification to the destination device.
 UDP is capable of performing a very limited style of error checking. The UDP datagram
includes an optional checksum value, which the receiving device can use to test the
integrity of the data. Additionally, the UDP datagram includes a pseudoheader that includes
the destination address. If the receiving device sees that the datagram is directed to an
inactive port, it returns a message that the port is unreachable.
 UDP provides service on a best-effort basis and does not guarantee data delivery, because
packets can be misdirected, duplicated, or lost on the way to their destination.
 UDP does not provide any special features that recover lost or corrupted packets. This
functionality does not mean that applications that use UDP are always unreliable. It simply
means that these functions are not provided by the transport layer protocol.
Using UDP services is analogous to using the post office regular service to send your bill
payments. You address each payment to the specific company address, stamp the envelope, and
include your return address. The postal service guarantees its best effort to deliver each
payment. It does not, however, guarantee delivery, and it is not responsible for telling you that
delivery was successful or unsuccessful. Like regular mail service, UDP is a very simple
protocol that provides only the most basic data transfer services.
TCP Characteristics
This topic describes TCP.
• Transport layer of the OSI model and the TCP/IP stack

• Access to the network layer for applications
• Connection-oriented protocol
• Full-duplex mode operation
• Error checking
• Sequencing of data packets
• Reliable delivery—acknowledgment of receipt
• Data-recovery features
• Flow control
TCP is another protocol in the transport layer of the TCP/IP stack that provides addressing
information so that data can be transmitted over a network. It is a connection-oriented protocol
that provides data reliability between hosts. TCP has a number of characteristics that are related
to the way in which it accomplishes this transmission.
TCP is characterized as follows:
 Like UDP, TCP operates at Layer 4 (transport layer) of the OSI model and the TCP/IP
stack.
 Like UDP, TCP provides a service to the applications: access to the network layer.
 TCP is a connection-oriented protocol where two network devices set up a connection to
exchange data. The end systems synchronize with one another to manage packet flows and
adapt to congestion in the network.
 A TCP connection is a pair of virtual circuits, one in each direction, so that it operates in
full-duplex mode.
 TCP provides error checking by including a checksum in the datagram to verify that the
TCP header information is not corrupt.
 TCP segments are numbered and sequenced so that the destination can reorder segments
and determine if data is missing.

 Upon receipt of one or more TCP segments, the receiver returns an acknowledgment to the
sender to indicate that it received the segment. Acknowledgments form the basis of
reliability within the TCP session. When the source receives acknowledgment, it knows
that the data has been successfully delivered. If the source does not receive
acknowledgment within a predetermined amount of time, it retransmits that data to the
destination. It may also terminate the connection if it determines that the receiver is no
longer on the connection.
 TCP provides recovery services in which the receiver can request retransmission of a
segment.
 TCP provides mechanisms for flow control. Flow control assists the reliability of TCP
transmission by adjusting the effective rate of data flow between the two services in the
session. Flow control operation is discussed later in this lesson.
Reliable data delivery services are critical for applications such as file transfers, database
services, transaction processing, and other mission-critical applications in which delivery
of every packet must be guaranteed. TCP provides this reliability and sometimes sacrifices
speed. UDP provides speed at the expense of reliability.
Using TCP services is analogous to sending certified mail through a postal service.
Imagine that you live in San Francisco and that you have a book that must be sent to your
mother in New York. You discover that the postal service will only process letters. You rip
the pages out of the book and put each page in a separate envelope. To ensure that your
mother reassembles the book correctly, you number each envelope. You address the
envelopes and send the first one as certified mail. The postal service delivers it by any
truck and any route but, because it is certified, upon delivery, the carrier must get a
signature from your mother and return a certificate of delivery to you.
Sending each page separately is tedious, so you send several envelopes together. The
postal service again delivers each envelope by any truck and any route. Your mother signs
a separate receipt for each envelope in the batch as she receives them. If one envelope is
lost in transit, you will not receive a certificate of delivery for that numbered envelope, and
you would resend only that page. After receiving all the envelopes, your mother puts the
pages in the right order and pastes them back together to make the book. Like certified
mail, TCP is a complex protocol that offers precise and traceable data transfer services.
TCP/IP Application Layer Overview
This topic describes the different TCP/IP applications.
• File transfer
– FTP (TCP ports 20 and 21)
– TFTP (UDP port 69)
– NFS (TCP port 25)
• Email
– SMTP (TCP port 25)
– POP (TCP port 110)
• Remote login
– Telnet (TCP port 23)
– SSH (TCP port 22)
– rlogin (TCP port 513)
• Network management
– SNMP (UDP port 161)
• Name management
– DNS (TCP and UDP port 53)
In addition to the IP, TCP, and UDP protocols, the TCP/IP suite also includes applications that
support other services such as file transfer, email, and remote login.
These are some of the applications that TCP/IP supports:
 FTP: FTP is a reliable, connection-oriented service that uses TCP (ports 20 and 21 for data
transfer and control, respectively) to transfer files between systems that support FTP. FTP
supports bidirectional binary and ASCII file transfers.
 TFTP: TFTP is a connectionless service that uses UDP (port 69). Routers use TFTP to
transfer configuration files and Cisco IOS images, as well as other files between systems
that support TFTP.
 Simple Mail Transfer Protocol (SMTP): SMTP enables email to be transported across
data networks between different types of server and client software. It also makes email
exchange over the Internet possible. SMTP uses TCP (port 25).
 Post Office Protocol (POP): POP is used by email clients to retrieve email messages from
a remote server. POP uses TCP (port 110).
 Telnet: Telnet provides the capability to remotely access another computer, servers, and
networking devices. Telnet enables a user to log into a remote host and execute commands.
It uses TCP (port 23) because Telnet sends its message in unencrypted cleartext. Most
organizations now use Secure Shell (SSH) (which uses TCP on port 22) for remote
communications.

 Simple Network Management Protocol (SNMP): SNMP is an application layer protocol
that uses UDP (port 161) and facilitates the exchange of management information between
network devices. SNMP enables network administrators to manage network performance,
find and solve network problems, and plan for network growth.
 Domain Name System (DNS): DNS is used to resolve Internet names to IP addresses.
DNS uses a distributed set of servers to resolve names that are associated with numbered
addresses. DNS uses both TCP and UDP on port 53.
Interaction with Network and Application Layers
This topic describes how TCP and UDP interact with the network and application layers.
F T H D T S
T e T N F N
P l T S T M
Application
Layer n P P P
e
t Port
Numbers
21 23 80 53 69 161
Transport
Protocols
Layer TCP UDP
Network
Layer IPv6 IPv4
IP transfers information in the form of packets, which are also called datagrams. IP uses a
protocol number in the IPv4 header or the next header in the IPv6 header to identify which
protocol to use for a particular datagram.
IPv4 uses a protocol number in the datagram header to identify the upper layer protocol to
which the data field of the datagram will be passed. Each number relates to a different protocol.
IPv6 uses the Next Header field. The value of this field determines the type of information that
follows the basic IPv6 header. This field can be a transport layer packet, such as TCP or UDP,
or it can be an extension header. The Next Header field is like the Protocol field of IPv4 but has
additional functions.
The host or router reads the protocol number from the header of the datagram, compares it to
the entries in the transport protocol table, and then passes it to the appropriate protocol. For
example, if the protocol number is 6, IP delivers the datagram to TCP. If the protocol number is
17, IP delivers the datagram to UDP.
Although most traffic uses TCP or UDP, which both use IP at the network layer as a transport,
there are other protocols that can use IP as a transport. Approximately 100 other transport layer
protocols have registered protocol numbers that allow them to use IP as a transport, such as
Internet Control Message Protocol (ICMP).

Interaction with the Application Layer
UDP and TCP use internal software ports to support multiple conversations between different
network devices. A single host may have multiple sessions that run at the same time while
connected to one or more computers, and each session must be distinguished from another.
This differentiation is done with port numbers. Each of these sessions is multiplexed through
the same network interface and local network link. Segments from each of these sessions are
interleaved and sent through the network interface. A port can be thought of as a message
queue through which these segments pass.
In the header of each segment or datagram, there is a source and a destination port. The source
port number for this communication is associated with the originating application on the local
host. The destination port number for this communication is associated with the destination
application on the remote host.
While server processes have static port numbers assigned to them, clients dynamically choose a
port number for each conversation. When a client application sends a request to a server
application, the destination port number in the header is the port number that is assigned to the
service that is running on the remote host. This destination port number is configured, either by
default or manually, and client software must know what port number is associated with the
server process on the remote host. For example, when a web browser application makes a
request to a web server, the browser uses TCP and port number 80 unless otherwise specified.
This port number is used because TCP port 80 is the default port number that is assigned to
web-serving applications. Many common applications have default port assignments.
Well-known ports are permanently assigned by the Internet Assigned Numbers Authority
(IANA), and are numbered 1023 and below. These numbers are assigned to applications that
are fundamental to the Internet. By defining these well-known ports for server applications,
client applications can be programmed to request a connection to that specific port and its
associated service. For example, Telnet always uses port 23, FTP always uses port 21, and so
on.
Registered ports are listed by the IANA and are numbered from 1024 to 49151. These ports are
used for proprietary applications such as Lotus Mail. When not used for a server resource, these
ports may also be dynamically selected by a client as its source port.
Dynamically assigned ports are assigned numbers between 49152 and 65535. These ports are
assigned dynamically for the duration of a specific session.
TCP and UDP Headers
This topic describes the components of the TCP and UDP headers.
TCP segments are sent by using IP packets. The TCP header follows the IP header and supplies
information that is specific to the TCP protocol. Flow control, reliability, and other TCP
characteristics are achieved by having fields in the TCP segment header, each with a specific
function. The minimum TCP header size is 20 bytes and the maximum is 60 bytes, allowing for
up to 40 bytes of options in the TCP header. The fields of the TCP header include the
following:
 Source port: Number of the calling port (16 bits).
 Destination port: Number of the called port (16 bits).
 Sequence number: The sequence number of the first data octet (byte) in this segment,
which is used to ensure correct sequencing of the arriving data (32 bits).
 Acknowledgment number: The next TCP octet that is expected by the receiver (32 bits).
 Header length: Number of 32-bit words in the header (4 bits).
 Reserved: Set to 0 (3 bits).
 Flags: Used in session management and in treatment of segments (9 bits). A single bit that
has a specific meaning is often referred to as a “flag.”
 Window size: Number of octets that the device is willing to accept (16 bits).
 Checksum: Calculated checksum of the header and fields that are used for error checking
(16 bits).
 Urgent pointer: Indicates the end of the urgent data (16 bits).
 Options: The variable-length field, which contains optional headers that you may want to
use.
 Data: Upper-layer protocol data (varies in size).

UDP has the advantage of providing for low-overhead data delivery. The low-overhead
advantage is why the UDP header length is always only 64 bits (8 bytes). This figure shows the
field definitions in the UDP segment, which include the following:
 Source port: Number of the calling port (16 bits)
 Destination port: Number of the called port (16 bits)
 Length: Length of UDP header and UDP data (16 bits)
 Checksum: Calculated checksum of the header and data fields (16 bits)
 Data: Upper-layer protocol (ULP) data (varies in size)
Application layer protocols that use UDP include DNS, SNMP, DHCP, Routing Information
Protocol (RIP), TFTP, Network File System (NFS), and online games.
TCP Connection Establishment
The user of a reliable transport layer service must establish a connection-oriented session with
its peer system. This topic describes the TCP three-way handshake.
The transport layer can provide connection-oriented sessions by creating sessions between the
applications. These connections prepare the applications to communicate with each other
before any data is transmitted. Within these sessions, the data for communication between the
two applications can be closely managed.
For data transfer to begin, the sending and the receiving applications must inform their
respective operating systems that a connection will be initiated. One machine initiates a
connection that must be accepted by the other. Protocol software modules in the two operating
systems communicate by sending messages across the network to verify that the transfer is
authorized and that both sides are ready.
After successful synchronization has occurred, the two end systems have an established
connection and data transfer can begin. During transfer, the two machines continue to verify
that the connection is still valid.

TCP requires an established connection between two end systems before data transfer can
begin. That is achieved by using a process that is called the three-way handshake. Control bits
(indicated as “CTL” in the diagram) in the TCP header indicate the progress and status of the
connection. The three-way handshake processing is as follows:
 Establishes that the destination device is present on the network
 Verifies that the destination device has an active service and is accepting requests on the
destination port number that the initiating client intends to use for the session
 Informs the destination device that the source client intends to establish a communication
session on that port number
This process involves setting the synchronization (SYN) bit and acknowledgment (ACK) bit in
the segment header between the two devices. Another important function that is performed
during connection establishment is that the first device informs the second device of the initial
sequence number (ISN), which is used to track data bytes on this connection.
Flags are used in a three-way handshake:
 SYN: Only the first packet that is sent from each end should have this flag set. SYN is used
during session setup to agree on initial sequence numbers. Sequence numbers are random.
 ACK: The receiver will send an ACK that equals the sender’s sequence number plus the
len, or amount of data, at the TCP layer.
 Finish (FIN): No more data from sender.
This table includes a simplified explanation of the three-way handshake process.
TCP Connection Setup Procedure
Step Action Notes
1 The connection requestor sends a The synchronization segment specifies the

synchronization segment to the number of the port to which the sender wants to
receiving device (SYN bit set), which connect. The synchronization segment also
starts the handshake process. contains the ISN value to be used by the
acknowledgment process.
2 The receiving device responds with a The receiving device responds by indicating the
segment with the SYN bits and ACK sequence number of the next byte of data that is
bits set to negotiate the connection and expected from the sender. The next sequence
acknowledge receipt of the number is the ISN of the sender, which is
synchronization segment of the sender. incremented by one.
3 The initiating device acknowledges the The SYN bit is unset in the TCP header, which
synchronization segment of the confirms that the three-way handshake is
receiver. completed.

TCP Connection Teardown
One or both of the processes in the connection will run out of data to send and will shut down
the TCP session. This topic describes the teardown of the TCP connection.
During normal operation, both of the machines are sending and receiving data simultaneously.
Closing the connection by one machine means that machine will no longer send data, but can
continue to receive it until the other machine has decided to stop sending. Connection
termination is implemented so that each machine terminates its end of the connection
separately. Usually, connection teardown is initiated on just one machine, indicating it wants to
close the connection. The other machine may not be aware that its peer wants to end the
connection at all, and because of that, several steps are required to ensure that the connection is
shut down gracefully by both machines and that no data is lost in the process.
Host A Host B
Send FIN
1
(SEQ=100, CTL=FIN)
FIN received
Send ACK
(SEQ=101, CTL=ACK) 2
ACK received
Send FIN
(SEQ=300, CTL=FIN) 3
FIN received
Send ACK
4
(SEQ=301, CTL=ACK)
ACK received
In the normal case, each side terminates its end of the connection independently by setting the
FIN bit. A FIN message serves as a connection termination request to the other device but can
also carry data like a regular segment. The device that receives the FIN responds with an
acknowledgment (ACK) to indicate that it was received. Remember that the connection is not
terminated until both sides have finished the teardown procedure by sending a FIN and
receiving an ACK, so teardown sequence is a pair of two-way handshakes.
TCP Connection Teardown Procedure
Step Action Notes
1 The host initiating teardown sends a The receiving device may have to wait for a certain
finish segment to the receiving device amount of time to indicate that it is ready to shut
(FIN) bit set, which starts the teardown down.
process.
2 The receiving device responds with a The receiving device responds by indicating the
segment with the ACK bits set to sequence number of the next byte of data that is
acknowledge receipt of the finish expected from the sender. The next sequence
segment of the sender. number is the ISN of the sender, which is
incremented by one.
3 The receiving host sends its finish The SYN bit is unset in the TCP header, which
segment with the FIN bit set. confirms that the three-way handshake is
completed.
4 The host initiating teardown responds

with a segment with the ACK bits set to
acknowledge receipt of the finish
segment of the receiver.
Sometimes, both devices may decide to terminate a connection simultaneously. In this case,
each sends a FIN and before getting an ACK for it, receives the FIN of the other device. Each
acknowledges the other’s FIN and waits to ensure that its ACK is received by the other device
before closing the connection. In either case, the result is the same.

TCP Flow Control
Flow control enhances the reliability of TCP transmission by adjusting the effective rate of data
flow between the two services in the session. This topic describes the TCP flow control
mechanisms.
When data transfer is in progress, there can be congestion. The sending computer may be a
high-speed device that is capable of generating traffic faster than the network can carry it. Also,
if many computers simultaneously send datagrams to a single destination, the destination
device can experience congestion while attempting to receive all of the datagrams. When
datagrams arrive too quickly for the receiving device to process, they will be temporarily stored
in memory. This memory space, or buffer, is not infinite; therefore, if datagrams keep coming
and the memory is full, datagrams will be discarded or dropped.
TCP provides mechanisms for flow control. Flow control assists the reliability of TCP
transmission by adjusting the effective rate of data flow between the two services in the
session. When the source is informed that the specified amount of data in the segments has
been received, the source can continue sending more data for this session.
Because lost data is unacceptable, flow control is a requirement of the system. The transport
function can issue a “not ready” indicator to the sender. This indicator is actually the receiving
computer advertising a new window size of 0. The “not ready” indicator tells the sender to stop
sending data and wait for a “ready” indicator. Once the receiving computer has processed
enough datagrams to make space available, the transport function sends a “ready” indicator to
the sending computer. When the sender receives this indicator, it resumes sending datagrams.
1
TCP performs sequencing of segments by providing sequence numbers and acknowledgment

numbers in the TCP headers.
Some applications transmit large amounts of data. In some cases, it is many gigabytes. It would
be impractical to send all of this data in one large piece. No other network traffic could be
transmitted while this data was being sent. A large piece of data could take minutes or even
hours to send. In addition, if there was an error, the entire data file would be lost or have to be
re-sent. Dividing application data into pieces ensures that data is transmitted within the limits of
the media and that data from different applications can be multiplexed onto the media.
In TCP, each segment contains the port of the sender (source port), the port of the receiver
(destination port), the sequence number, and the acknowledgment number. The port numbers
are set up during the initial phase of the TCP connection, and they remain static throughout the
connection. The sender generates the sequence numbers before it transmits the segments. This
sequence number allows the transport layer functions on the destination host to reassemble
segments in the order in which they were transmitted. This mechanism ensures that the
destination application has the data in the exact form that the sender intended. Each segment
comes with a forward reference ACK number. TCP reassembles the segments into the proper
order at the receiver end. Notice that, in the figure, the sequence more-realistically shows the
sequence numbers referring to the bytes of data being sent in each segment.
In the example in the figure, the host on the left is sending data to the host on the right. It sends
a segment that contains 10 bytes of data for this session and a sequence number equal to 1 in
the header.

The receiving host on the right receives the segment at Layer 4 and determines that the
sequence number is 1 and that it has 10 bytes of data. The host then sends a segment back to the
host on the left to acknowledge the receipt of this data. In this segment, the host sets the
acknowledgment number to 11 to indicate that the next byte of data that it expects to receive in
this session is byte number 11.
Note The ACK value in the source host stays 1 to indicate that the segment is part of an ongoing
conversation and the number in the Acknowledgment Number field is valid.
When the sending host on the left receives this acknowledgment, it can now send the next
segment that contains data for this session (250 bytes in the example) starting with byte
number 11.
A TCP connection is a reliable connection. The sending and receiving computers use
acknowledgments to ensure that the data is sent and received as specified. The data must arrive
without errors and in the correct order.
TCP performs sequencing of segments with a forward reference acknowledgment. The forward
reference acknowledgment comes from the receiving device and tells the sending device which
segment it is expecting to receive next.
One of the functions of TCP is to make sure that each segment reaches its destination. The TCP
services on the destination host acknowledge the data that it has received from the source
application.
In this example, the complex operation of TCP is simplified in a number of ways. Simple
incremental numbers are used as the sequence numbers and acknowledgments, although in
reality, the sequence numbers track the number of bytes that are received. In a TCP simple
acknowledgment, the sending computer transmits a segment, starts a timer, and waits for
acknowledgment before transmitting the next segment. If the timer expires before receipt of the
segment is acknowledged, the sending computer retransmits the segment and starts the timer
again.
Imagine that each segment is numbered before transmission. At the receiving station, TCP
reassembles the segments into a complete message. If a sequence number is missing in the
series, that segment and all subsequent segments may be retransmitted.

Windowing allows the sending computer to send out a number of packets without receiving
acknowledgment of those packets. This mechanism helps maintain the speed and reliability of
the connection.
TCP windowing controls the transmission rate to a level where receiver congestion and data
loss do not occur.
In the most basic form of reliable, connection-oriented data transfers, ignoring network
congestion issues, the recipient acknowledges the receipt of each data segment to ensure the
integrity of the transmission. However, if the sender must wait for an acknowledgment after
sending each segment, throughput is low because it depends on the round-trip time (RTT)
between sending data and receiving the acknowledgment.
Most connection-oriented, reliable protocols allow more than one segment to be outstanding at
a time. This functionality can work because there is time available after the sender completes a
segment transmission and before the sender processes an acknowledgment of receipt. During
this interval, the sender can transmit more data as long as the window at the receiver is large
enough to process more than one segment at a time. The window is the number of data
segments that the sender is allowed to send without getting acknowledgment from the receiver.
This figure shows an example of fixed windowing with a window size of 3.
Windowing allows a specified number of unacknowledged segments to be sent to the receiver
in order to reduce latency. Latency in this instance refers to the amount of time that it takes for
data to be sent and the acknowledgment to be returned.
These steps explain the windowing process in a TCP connection.
Basic Operation, Window Size = 3
Step Action Notes
1 The sender and receiver exchange their initial This occurs during the connection setup
window size values of three segments before procedure.
an acknowledgment must be sent.
2 The sender transmits segments 1, 2, and 3 to The sender transmits the segments, starts a
the receiver. timer, and waits for an acknowledgment
from the receiver.
3 The receiver receives segment 1, 2, and 3 The receiver acknowledges the successful
and returns ACK = 4 to the sender. receipt of the previous segments by stating
the next segment number that is expected.
4 The sender receives ACK = 4 and transmits The sender transmits the segments, starts a
segments 4, 5, and 6 to the receiver. timer, and waits for an acknowledgment
from the receiver.
5 The receiver receives segment 4, 5, and 6 The receiver acknowledges the successful
and returns ACK = 7. receipt of previous segments by stating the
next segment number that is expected.
The numbers that are used in this example are simplified for ease of understanding. These
numbers actually represent octets (bytes) and would be increasing in much larger numbers that
represent the contents of TCP segments, not the segments themselves.

TCP uses a sliding window technique to specify the number of segments, starting with the
acknowledgment number that the receiver can accept.
In fixed windowing, the window size is established and does not change. In sliding windowing,
the window size is negotiated at the beginning of the connection and can change dynamically
during the TCP session. A sliding window results in more-efficient use of bandwidth because a
larger window size allows more data to be transmitted pending acknowledgment. If the
destination needs to slow down the rate of communication because of limited buffer memory, it
can send a smaller window size value to the source as part of an acknowledgment. Also, if a
receiver reduces the advertised window size to 0, this reduced window size effectively stops
any further transmissions until a new window that is greater than 0 is sent.
In this figure, the window size is 3. The sender can transmit three segments to the receiver. At
that point, the sender must wait for an acknowledgment from the receiver. After the receiver
acknowledges the receipt of the three segments, the sender can transmit three more. However,
if resources at the receiver become scarce, the receiver can reduce the window size so that it
does not become overwhelmed and have to drop data segments.
Each acknowledgment that is transmitted by the receiver contains a window advertisement that
indicates the number of bytes that the receiver can accept. This number of bytes is the window
size. This functionality allows the window to be expanded or contracted as necessary in order
to manage buffer space and processing.
TCP maintains a separate congestion window size (CWS) parameter, which is normally the
same size as the window size of the receiver. The CWS is cut in half when segments are lost.
Segment loss is perceived as network congestion. TCP invokes sophisticated backoff and
restart algorithms so that it does not contribute to network congestion.
This dynamic increasing and decreasing of window size is a continuous process in TCP and
determines the optimum window size for each TCP session. In highly efficient networks,
window sizes may become very large because data is not being lost. In networks where the
underlying infrastructure is being stressed, the window size will likely remain small.
Sliding Window Operation
Step Action Notes
1 The sender and the receiver exchange their This functionality occurs during the
initial window size values. In this example, connection setup procedure.
the window size is 3 segments before an
acknowledgment must be sent.
2 The sender transmits segments 1, 2, and 3 The sender will wait for an acknowledgment
to the receiver. from the receiver after sending segment 3.
3 The receiver receives segments 1 and 2, but The processing at the receiver may slow
now can only process a window size of 2. down for many reasons, such as when the
ACK = 3WS = 2 CPU is searching a database or
downloading a large graphic file.
4 The sender transmits segments 3 and 4. The sender will wait for an acknowledgment
from the receiver after sending segment 4.
5 The receiver acknowledges receipt of The receiver acknowledges the successful

segments 3 and 4, but still maintains a receipt of segments 3 and 4 by requesting
window size of 2. transmission of segment 5.
ACK = 5WS = 2
Maximize Throughput
The congestion windowing algorithm manages the rate of sent data. This congestion
windowing minimizes data being dropped as well as the time that is spent recovering dropped
data; therefore, efficiency is improved.
Global Synchronization
While the congestion windowing algorithm improves efficiency in general, it can also have a
negative effect on efficiency by causing global synchronization of the TCP process. Global
synchronization occurs when all of the same senders use the same algorithm and their behavior
synchronizes. The senders all perceive the same congestion and all back off at the same time.
Then, because the senders are all using the same algorithm, they all come back at the same
time, which creates waves of congestion.

Summary
• The purpose of the transport layer is to hide the network requirements

from the application layer and to ensure end-to-end transfer of
application data.
• Some applications, such as web browser or email, require reliable,
connection oriented transfer of data. However, for real-time applications
it is more desirable to use connectionless transfer of data.
• UDP is a simple protocol that provides the unreliable transport layer
functions.
• TCP is a a connection-oriented protocol that provides data reliability
between hosts.
• TCP/IP suite also includes applications that support other services such
as file transfer, web browsing, and email.
• IPv4 uses a protocol number in the datagram header to identify the

upper layer protocol to which the data will be passed. Each number
relates to a different protocol.
• TCP functionalities are achieved by having fields in the TCP segment
header. Each field has a specific function.
• To establish the TCP session, the hosts perform a three-way handshake.
• To close the TCP session, the hosts perform a teardown procedure.
• Flow control mitigates the problem of a transmitting host overflowing the
buffers in the receiving host and slowing network performance.
Lesson 5
Explaining Network Security

Overview
The network infrastructure, services, and data that are contained on network-attached
computers are crucial personal and business assets. Compromising the integrity of these assets
could have serious business and financial repercussions. Securing a network infrastructure
includes the physical protection of devices that provide network connectivity and the
prevention of unauthorized access to the management software that resides on them.
The application of an effective security policy is the most important step that an organization
must take to protect itself. An effective security policy is the foundation for all of the activities
that are undertaken to secure network resources. This lesson describes network security.
Objectives
Upon completing this lesson, you will be able to explain the need for a comprehensive network
security policy. This ability includes being able to meet these objectives:
 Describe some of the common network attack categories
 Describe how security threats have increased
 Describe closed networks
 Describe open networks
 Describe the need for network security
 Describes how an increase in network security implementations can lead to a decrease in
the potential loss of revenue.
 Describe the relationship between confidentiality, integrity, and availability
 Describe the Cisco Network Foundation Protection strategy for network infrastructure
protection
 Describe the challenges associated with e-business
 Describe different ways to attack networks, motives behind the attacks, and the classes of
attacks
 Describe service provider-specific network attacks
Common Network Attacks
This topic describes some of the common network attack categories.
• Physical installations:
- Hardware threats
- Environmental threats
- Electrical threats
- Maintenance threats
• Reconnaissance attacks: Learning information about a target network by
using readily available information and applications
• Access attacks: Attacks on networks or systems for several reasons:
- To retrieve data
- To gain access
- To escalate their access privileges
• Password attacks: Tools that are used by hackers to compromise
passwords
Improper and incomplete network device installation is an often-overlooked security threat that,
if left unheeded, can have dire results. Software-based security measures alone cannot prevent
premeditated or even accidental network damage that results from poor installation.
Physical Installations
Often forgotten, but no less important, are threats to the physical infrastructure. An attacker can
physically compromise the use of network resources. The following are physical threats and
ways to mitigate them:
 Hardware threats: This is the threat of physical damage to the router or switch hardware.
Mission-critical network equipment should be located in wiring closets or in computer or
telecommunications rooms that meet these minimum requirements:
— The room must be locked with only authorized personnel being allowed access.
— The room should be inaccessible via a dropped ceiling, raised floor, window,
ductwork, or point of entry other than the secured access point.
— If possible, use electronic access control, with all entry attempts being logged by
security systems and monitored by security personnel.
— If possible, security personnel should monitor activity via security cameras with
automatic recording.
 Environmental threats: Environmental threats include threats such as temperature
extremes (too hot or too cold) or humidity extremes (too wet or too dry). Take these actions
to limit environmental damage to network devices:
— Supply the room with dependable temperature and humidity control systems.
Always verify the recommended environmental parameters of the network
equipment with the supplied product documentation.
— Remove any sources of electrostatic and magnetic interference in the room.
— If possible, remotely monitor and alarm the environmental parameters of the room.
 Electrical threats: Electrical threats include voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss. Electrical supply problems
can be limited by adhering to these guidelines:
— Install uninterruptible power supply (UPS) systems for mission-critical network
devices.
— Install backup generator systems for mission-critical supplies.
— Plan for and initiate regular UPS or generator testing and maintenance procedures
that are based on the manufacturer-suggested preventative maintenance schedule.
— Install redundant power supplies on critical devices.
— Monitor and alarm power-related parameters at the power supply and device levels.
 Maintenance threats: Maintenance threats include poor handling of key electronic
components, ESD, lack of critical spares, poor cabling, poor labeling, and so on.
Maintenance-related threats compose a broad category that includes many items. Follow
these general rules to prevent maintenance-related threats:
— Clearly label all equipment cabling and secure the cabling to equipment racks to
prevent accidental damage, disconnection, or incorrect termination.
— Use cable runs, raceways, or both to traverse rack-to-ceiling or rack-to-rack
connections.
— Always follow ESD procedures when replacing or working with internal router and
switch device components.
— Maintain a stock of critical spares for emergency use.
— Do not leave a console connected to and logged into any console port. Always log
off administrative interfaces when leaving a station.
— Do not rely upon a locked room as the only necessary protection for a device.
Always remember that no room is ever totally secure. After intruders are inside a
secure room, there is nothing to stop them from connecting a terminal to the console
port of a router or a switch.
Reconnaissance Attacks
Reconnaissance is the unauthorized discovery and mapping of systems, services, or
vulnerabilities. Reconnaissance is also known as information gathering and, in most cases,
precedes an actual access or denial of service (DoS) attack. First, the malicious intruder
typically conducts a ping sweep of the target network to determine which IP addresses are
alive. Then the intruder determines which services or ports are active on the live IP addresses.
From this information, the intruder queries the ports to determine the type and version of the
application and operating system that is running on the target host. Most commonly, utilities
such as protocol analyzers are used for capturing and decoding network data.

Reconnaissance is somewhat analogous to a thief investigating a neighborhood for vulnerable
homes, such as an unoccupied residence or a house with an easy-to-open door or window to
break into. In many cases, intruders look for vulnerable services that they can exploit later,
when there is less likelihood that anyone is looking.
To mitigate reconnaissance attacks, the use of encryption is encouraged, and protocols with
known weaknesses should not be used in the network.
Access Attacks
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web
services. Attackers aim at gaining entry to web accounts, retrieve data from confidential
databases, escalate access privileges, and gather other sensitive information.
Password Attacks
“Password attack” usually refers to repeated attempts to identify a user account, password, or
both. These repeated attempts are called “brute force attacks” or “dictionary attacks.” Password
attacks are also implemented by using other methods, including Trojan horse programs, IP
spoofing, and packet sniffers.
A security risk exists when passwords are stored as cleartext or are not complex enough.
Encrypted and complex passwords are necessary to overcome risks. On most systems,
passwords are processed through an encryption algorithm that generates a one-way hash on
passwords. You cannot reverse a one-way hash back to its original text. Most systems do not
decrypt the stored password during authentication—they store the one-way hash. During the
login process, you supply an account and password, and the password encryption algorithm
generates a one-way hash. The algorithm compares this hash to the hash that is stored on the
system. If the hashes are the same, the algorithm assumes that the user supplied the proper
password.
Passing the password through an algorithm results in a password hash. The hash is not the
encrypted password, but rather a result of the algorithm. The strength of the hash is that the
hash value can be re-created only with the original user and password information. Retrieving
the original information from the hash is impossible. This strength makes hashes perfect for
encoding passwords for storage. In granting authorization, the hashes, rather than the plain
password, are calculated and compared.
Threat Capabilities
This topic describes how security threats have increased.
Sophistication
of Hacker Tools
High Stealth
Diagnostics Packet Forging
and Spoofing
Scanners Sniffers
Backdoors Hijacking
Sessions
Exploiting Known
Vulnerabilities Disabling
Audits
Password
Cracking Self-Replicating
Code
Technical
Password
Guessing Knowledge
Required
Low
1980 1990 2000 2010
As security measures have improved over the years, some of the most common types of attacks
have diminished in frequency, while new attacks have emerged. The figure shows how the
increasing sophistication of hacking tools and the decreasing skills that are needed to use these
tools have combined to pose increasing threats to open networks. With the development of
large open networks, security threats have increased significantly in the past 20 years. Hackers
have discovered more network vulnerabilities, and hacking tools have become easier to use.
You can now download applications that require little or no hacking knowledge to use as
hacking tools. Applications that are intended for troubleshooting, maintaining, and optimizing
networks can, in the wrong hands, be used maliciously and pose severe threats.

Closed Networks
This topic describes closed networks.
Attacks from inside the network remain a threat.
Closed Network
Frame Relay
Leased
Remote Site
PSTN
Leased Line
The overall security challenge is to find a balance between two important needs:
 Open networks to support evolving business requirements and freedom-of-information
initiatives
 Protection of private, personal, and strategic business information
The easiest way to protect a network from an outside attack is to close it off completely from
the outside world. A closed network provides connectivity only to trusted known parties and
sites; a closed network does not allow a connection to public networks.
Because there is no outside connectivity, networks that are designed in this way can be
considered safe from outside attacks. However, internal threats still exist. The Computer
Security Institute (CSI) in San Francisco, California, estimates that 60 to 80 percent of network
misuse comes from inside the enterprise.
Open Networks
This topic describes open networks.
Internet
Mobile and
Internet Internet
Remote Users
Dialup
Remote Site
Mobile and
Remote Users
Remote Site Partner Site
Today, corporate networks require access to the Internet and other public networks. It is
common for corporate networks to have several access points to public and other private
networks. Securing open networks is extremely important.

Need for Network Security
This topic describes the need for network security.
• The network infrastructure, services, and data are crucial personal and
business assets.
• Modern networks must balance accessibility to network resources with
the protection of sensitive data.
• An effective security policy provides guidelines about the activities to
secure the network of an organization.
Computer networks have grown in size and importance in a very short time. If the security of
the network is compromised, there could be serious consequences, such as loss of privacy, theft
of information, and even legal liability. To make the situation even more challenging, the types
of potential threats to network security are always evolving. As e-business and Internet
applications continue to grow, finding the balance between being isolated and open is critical.
The implementation of an effective security policy is the most important step that an
organization can take to protect its network. It provides guidelines about the activities to carry
out and the resources to use to secure the network of an organization.
Network Protection Implementation Cost and
Benefits
This topic describes how an increase in network security implementations can lead to a
decrease in the potential loss of revenue.
• Productivity lost:
- Employees * hours lost
- Burdened hourly rate = Loss Revenue [%]
25
• Damaged reputation:
- Customers 20
- Suppliers 15 Loss of
- Business partners Revenue
10
• Revenue lost:
- Direct revenue loss 5 Cost of
Security
- Compensatory payments 0 Measures
- Future lost revenue
-5
• Impaired financial performance:
- Revenue recognition -10
- Cash flow
- Lost discounts
• Security breaches:
- Lawsuits
Each company must understand how to protect its assets and information. Terms like lowered
productivity, damaged reputation, loss of revenue, lowered financial performance, and
regulatory action question the cost of security investments versus the cost of compromised
network.
The chart shows how an increase in security solutions can lead to a decrease in loss of revenue.
It is important to say that some outages are so severe that they can eventually lead to closing
the business.
As companies expand their business initiatives and operations via the Internet, the potential for
compromising the network increases significantly. Many organizations have determined their
cost of downtime; however, the cost of downtime is often greater than originally estimated.
Some measurable costs include the following:
 Loss of worker productivity while the system or network is crashed.
 Labor and materials that are required for IT personnel to detect, repair, and contain the
damage to compromised resources. Lost business due to unavailability of e-commerce
sites, customer information, or databases that are needed by management, sales, or
production personnel.
 Fines and penalties that are incurred if the breach violates service level agreements (SLAs)
or regulatory requirements.
 Loss of market share during downtime.
 Legal costs that are incurred as a result of lawsuits if confidential client information is
leaked.

CIA Triad
This topic describes the relationship between confidentiality, integrity, and availability.
Confidentiality
PROTECTION
Integrity Availability
To provide adequate protection of network resources, the procedures and technologies that are
deployed need to guarantee three things, sometimes referred to as the CIA (confidentiality,
integrity, and availability) triad:
 Confidentiality: Providing confidentiality of data guarantees that only authorized users can
view sensitive information.
 Integrity: Providing integrity of data guarantees that only authorized subjects can change
sensitive information; this might also guarantee the authenticity of data.
 System and data availability: System and data availability provides uninterrupted access
by authorized users to important computing resources and data.
When designing network security, a designer must be aware of the following:

 The threats (possible attacks) that could compromise security
 The associated risks of the threats; that is, how relevant those threats are for a particular
system
 The cost to implement the proper security countermeasures for a threat
 A cost versus benefit analysis to determine if it is worthwhile to implement the security
countermeasures
Cisco Network Foundation Protection
This topic describes the Cisco Network Foundation Protection strategy for network
infrastructure protection.
Continuous service delivery requires a methodical approach to

protecting router planes.
Data plane
ability to forward data
Service Delivery
Control plane
ability to route Network
availability and
performance
Cisco NFP Management plane

ability to manage
To address the increasing complexity of attacks in a heightened security environment, Cisco has
enhanced Cisco IOS security features and services for both network devices and the
infrastructure; thus ensuring the availability of network devices under all circumstances. Cisco
Network Foundation Protection (Cisco NFP) provides a strategy for network infrastructure
protection by using Cisco IOS security features.
Cisco NFP divides the device into three planes:
 Control plane: The ability to route traffic
 Management plane: The ability to manage the device
 Data plane: The ability to forward data
Several tools make up the Cisco NFP strategy. Here are some of the Cisco NFP tools that are
available in Cisco IOS Software:
 NetFlow
 Encryption
 IP Source Tracker
 Access control lists (ACLs)
 Quality of service (QoS) tools
 Flexible Packet Matching (FPM)
 Unicast Reverse Path Forwarding (uRPF)
 Remotely triggered black hole (RTBH) filtering
 CPU and memory threshold notifications

E-Business Challenge
This topic describes the challenges associated with e-business.
Business security
Internet
requirements: Business
• Defense in depth Value
• Multiple components
• Integration into
e-business
E-Commerce Supply Chain Customer Care
infrastructure
• Comprehensive
blueprint
Workforce E-Learning
Optimization
Internet
Presence
Corporate
Internet Intranet
Access
Expanded Access; Heightened Security Risks
Security has moved to the forefront of network management and implementation. For the
survival of many businesses, it is necessary to allow open access to network resources and to
ensure that data and resources are as secure as possible. The increasing importance of e-
business and the need for private data to traverse potentially unsafe public networks increase
the need to develop and implement a corporate-wide network security policy. Establishing a
network security policy should be the first step in changing a network over to a secure
infrastructure.
The Internet has created expectations for a company to build stronger relationships with
customers, suppliers, partners, and employees. E-business challenges companies to become
more agile and competitive. The benefit of this challenge is that new applications for e-
commerce, supply-chain management, customer care, workforce optimization, and e-learning
have been created. These applications simplify and improve processes. They also lower costs
while increasing turnaround times and user satisfaction.
As enterprise network managers open their networks to more users and applications, they also
expose the networks to greater risk. The result has been an increase in business security
requirements. Security must be included as a fundamental component of any e-business
strategy.
E-business requires mission-critical networks that can accommodate ever-increasing
constituencies, as well as ever-increasing demands on capacity and performance. These
networks also need to process voice, video, and data traffic as networks converge into
multiservice environments.
Attacking a Network
This topic describes different ways to attack networks, motives behind the attacks, and the
classes of attacks.
Adversaries Motivations Classes of Attack
• Hackers • Intelligence • Passive

• Crackers • Theft • Active
• Script kiddies • Money • Close-in
• Spammers • DoS • Insider
• Phishers • Embarrassment • Distributed
• Cyber criminals • Challenge
• Nation-states
• Terrorists
• Disgruntled
employees
• Competitors
To defend against attacks on information and information systems, organizations must define
the threat in these three terms:
 Adversaries: Until the 1980s, everyone with a high level of skill in computing was known
as a “hacker.” Over time, the distinction between people who seem to use such skills
responsibly and those who seem to use them maliciously or criminally became important.
Many members of the first group argue that those people in the second group should be
called “crackers” rather than hackers, but the common usage has become ingrained. The
former have become known within the computer security industry as “white hats” and the
latter as “black hats.” Less-experienced malicious crackers are often called “script kiddies.”
In recent years, spammers, who send large quantities of undesirable email messages, and
phishes, who attempt to acquire sensitive information by masquerading, have also become
significant threats. Cyber criminals, in general, tend to use a computer to take or alter data
or to gain unlawful use of computers or services. Other potential adversaries might include
nation-states, terrorists, criminals, disgruntled employees, and corporate competitors.
 Adversary motivations: The motivations of adversaries may include intelligence
gathering, theft of intellectual property or sensitive information, money, DoS,
embarrassment of the company or clients, or the challenge of exploiting a notable target.
 Classes of attack: Classes of attack may include passive monitoring of communications,
active network attacks, close-in attacks, exploits by insiders, and distributed attacks through
remote access.
Information systems and networks offer attractive targets and should be resistant to attack from
the complete range of threat agents, from individual hackers to nation-states. A system must be
able to limit damage and recover rapidly when attacks occur.

Classes of Attack
There are five classes of attack:
 Passive: Passive attacks include traffic analysis, monitoring of unprotected
communications, decrypting weakly encrypted traffic, and capturing authentication
information such as passwords. Passive interception of network operations lets adversaries
see upcoming actions. Passive attacks result in the disclosure of information or data files to
an attacker without the consent or knowledge of the user. Examples include the disclosure
of personal information such as credit card numbers and medical files.
 Active: Active attacks include attempts to circumvent or break protection features,
introduce malicious code, and steal or modify information. These attacks are mounted
against a network backbone, exploit information in transit, electronically penetrate an
enclave, or attack an authorized remote user during an attempt to connect to an enclave.
Active attacks result in the disclosure or dissemination of data files, DoS, or modification
of data.
 Close-in: Close-in attacks consist of ordinary individuals attaining close physical proximity
to networks, systems, or facilities for modifying, gathering, or denying access to
information. Close physical proximity is achieved through surreptitious entry to the
network, open access, or both.
 Insider: Insider attacks can be malicious or nonmalicious. Malicious insiders intentionally
eavesdrop, steal or damage information, use information in a fraudulent manner, or deny
access to other authorized users. Nonmalicious attacks typically result from carelessness,
lack of knowledge, or intentional circumvention of security for reasons such as performing
a task.
 Distributed: Distributed attacks focus on the malicious modification of hardware or
software at the factory or during distribution. These attacks introduce malicious code such
as a back door to a product to gain unauthorized access to information or to a system
function at a later date.
Service Provider Specific Attacks
This topic describes service provider-specific network attacks.
• DoS and distributed DDoS attacks

• Excessive traffic and resource depletion caused by infected machines
• Attacking BGP routing
• DNS misinformation
• Device compromise
As the Internet becomes more of a place for doing business and not just exchanging
information, it becomes a greater target for attackers. As the framework of the global network,
ISPs are often involved in security incidents, either as a target of an attack or as one of the
defenders.
In addition to the general security concerns that affect anyone who uses IT technology or
connects to the Internet, service providers have their own set of security-related issues to
manage. The most important security issues that service providers face are the following:
 DoS and distributed denial of service (DDoS) attacks: DoS and DDoS attacks are aimed
at disabling access to various Internet services for legitimate users.
 Excessive traffic and resource depletion: Excessive traffic and resource depletion that are
caused by infected machines can generate problems for service providers.
 Attacking Border Gateway Protocol (BGP): Attacking BGP routing and injecting faulty
BGP routes for traffic redirection is one of the techniques that attackers are using to obtain
the “interesting” traffic.
 Domain Name System (DNS): DNS information is sometimes used to redirect Internet
traffic to serve the needs of people with criminal intent.
 Device compromise: Device compromise means breaking into vital components of the
network infrastructure and modifying their configuration.

Summary
• Sophisticated attack tools and open networks continue to generate an

increased need for network security policies and infrastructure to protect
organizations from internally and externally based attacks.
• Applications that are intended for troubleshooting, maintaining, and
optimizing networks can, in the wrong hands, be used maliciously and
pose severe threats.
• In closed networks only attacks from inside remain a threat.
• Enterprises require access to the Internet and thus open network, which
should be secured from outside threats.
• The implementation of an effective security policy is the most important
step that an organization can take to protect its network.
• Organizations must balance network security needs against e-business

processes, legal issues, and government policies.
• Network security procedures and technologies should provide
confidentiality, integrity, and data availability.
• Cisco Network Foundation Protection provides a strategy for network
infrastructure protection by using Cisco IOS security features.
• As network managers open their networks to more users and
applications, they also expose the networks to greater risk.
• Network adversaries come in many shapes and sizes, with multiple
motivations and use different classes of attacks.
• Service providers face their own set of security-related issues, such as
DoS attacks, attack to BGP and attacks to DNS.
References
For additional information, refer to these resources:
 http://www.cisco.com/web/about/security/intelligence/sp_infrastruct_scty.html
Lesson 6
Explaining IP Addressing and

Subnets
Overview
Subnetworks, also known as subnets, are very common in all but the smallest of network
environments, segmenting the network into smaller divisions that have their own addresses.
This lesson describes subnets and how routing is necessary to transfer traffic from one subnet to
another.
Objectives
Upon completing this lesson, you will be able to describe and calculate subnet addresses. This
ability includes being able to meet these objectives:
 Describe the purposes and functions of subnets
 Describe the function and application of subnet masks
 Describe variable-length subnet masks
 Describe how end-systems use subnet masks
 Describes the function of a default gateway Describe how routers use subnet masks to route
network traffic
 Describe how to implement subnet masks
 Describe IP address plans
 List the required steps for implementing subnets
 Provide an example of how to determine subnet addresses in eight easy steps
 Provide an example of applying a subnet mask to a Class C address
 Provide an example of applying a subnet mask to a Class B address
 Provide an example of applying a subnet mask to a Class A address
 Provide an example of how to apply variable-length subnet masks
Subnets
Network administrators often need to divide networks, especially large networks, into
subnetworks, or subnets, to provide addressing flexibility. This topic describes the purposes and
functions of subnets.
The problems with a flat topology are as follows:

• All devices share the same Layer 2 broadcast domain.
• It is difficult to apply a security policy.
A company that occupies a three-story building might have a network that is divided by floors,
with each floor divided into offices. Think of the building as the network, the floors as the three
subnets, and the offices as the individual host addresses.
A subnet segments the hosts within the network. With no subnets, the network has a flat
topology. A flat topology has a short routing table and relies on Layer 2 MAC addresses to
deliver packets. MAC addresses have no hierarchical structure. As the network grows, the use
of the network bandwidth becomes less and less efficient.
The disadvantages of a flat network are as follows:
 All devices share the same bandwidth.
 All devices share the same Layer 2 broadcast domain.
 It is difficult to apply security policies because there are no boundaries between devices.
On an Ethernet network that is connected by hubs, every host on the same physical network
sees all the packets on the network. On a switch-connected network, the host sees all
broadcasts. In heavy traffic, many collisions can be caused by two or more devices transmitting
simultaneously. The devices detect the collision, stop transmitting, and later begin transmitting
at a random interval. To users, this process is perceived as the network slowing down. Routers
can be used in these situations to separate networks by breaking the network into multiple
subnets.
• Smaller networks are easier to
manage.
• Overall traffic is reduced.
• You can more easily apply
network security policies.
The advantages of subnetting a network are as follows:

 Smaller networks are easier to manage and map to geographical or functional requirements.
 Overall network traffic is reduced, which can improve performance.
 You can more easily apply network security measures at the interconnections between
subnets than throughout the entire network.
In multiple-network environments, each subnetwork may be connected to the Internet via a

single router, as shown in the figure. In this example, the network is subdivided into multiple
subnetworks. The actual details of the internal network environment and how the network is
divided into multiple subnetworks are inconsequential to other IP networks.
A subnet mask identifies the network-significant portion of an IP address. This portion is,
simply, the part that identifies which network the host device is on (that is, the network
address). This is important for the efficiency of the routing operation.

Subnet Masks
This topic describes the function and application of subnet masks.
• Tells the router the number of bits to look at when routing

• Defines the number of bits that represent the network part
When the IPv4 method of identifying addresses and address classes was developed, a two-level
address (network and host) seemed sufficient. Each address class (A, B, and C) had a default
mask that was associated with it, and because the mask was predefined, it was not necessary to
explicitly configure the mask.
As the number of network-connected devices grew, it became clear that this was an inefficient
use of network addresses. To overcome this problem, a third level of addressing, consisting of
subnets, was developed.
A subnet address includes the original classful network portion plus a subnet field, which is
also known as the extended network prefix. The subnet field and the host field are created from
the original classful host portion. To create a subnet address, you can borrow bits from the
original host field and designate them as the subnet field. However, subnets cannot work
without a way to identify the part of the address that is network-significant and the part that is
host-significant. For this reason, explicit subnet masks need to be configured.
The subnet address is created by taking address bits from the host portion of Class A, Class B,
and Class C addresses. Usually a network administrator assigns the subnet address locally. Like
IP addresses, each subnet address must be unique.
The default number of bits in the network portion is referred to as the classful prefix length.
Therefore, a Class A address has a classful prefix length of /8, a Class B address has a classful
prefix length of /16, and a Class C address has a classful prefix length of /24.
Subnetting allows you to create multiple logical networks from a single address block. This
operation is done by extending the mask to borrow some of the bits from the host portion of the
Class A, Class B, or Class C address to create additional network bits. For each bit borrowed,
you double the number of subnetworks available, but fewer host addresses are available per
subnet.
In general, you can use this formula to calculate the number of usable subnets that exist, given
the number of subnet bits used: Number of subnets = 2n (in which n is the number of subnet
bits).
• Subnet masks, like IP addresses, are represented in the dotted decimal

format, such as 255.255.255.0.
• The number 1 reflects the network part of the IP address.
Although subnet masks use the same format as IP addresses, they are not IP addresses
themselves. Each subnet mask is 32-bits long, divided into four octets, and is usually
represented in the dotted decimal notation like IP addresses. In their binary representation,
subnet masks have all 1s in the network and subnetwork portions and all 0s in the host portion.
There are only eight valid subnet mask values per octet. The subnet field always immediately
follows the network number. That is, the borrowed bits must be the first n bits, starting with the
most significant bit (MSB) of the default host field, where n is the desired size of the new
subnet field (see figure). The subnet mask is the tool that is used by the router to determine
which bits are routing (network and subnet) bits and which bits are host bits.
If all 8 bits in any octet are binary 1s, the octet has a decimal equivalent of 255. This is why
there is a “255” in a decimal representation of a default subnet. In Class A, the default subnet
address is 255.0.0.0 or 11111111.00000000.00000000.00000000. If the three highest order bits
from the next highest order host octet are borrowed, they add up to 224. This translates to
255.224.0.0, or 11111111.11100000.00000000.00000000.

VLSM
This topic describes variable-length subnet masks.
Subnet 172.16.14.0/24 is divided into smaller subnets.

• Subnet with one mask (/27).
• Then further subnet one of the unused /27 subnets into multiple /30
subnets.
A variable-length subnet mask (VLSM) affords the options of including more than one subnet
mask within a network and of subnetting an already subnetted network address. VLSM offers
the following benefits:
 More efficient use of IP addresses: Without the use of VLSMs, companies must
implement a single subnet mask within an entire Class A, B, or C network number.
For example, consider the 172.16.0.0/16 network address that is divided into subnetworks
using /24 masking. One of the subnetworks in this range, 172.16.14.0/24, is further divided
into smaller subnetworks using /27 masking. These smaller subnetworks range from
172.16.14.0/27 to 172.16.14.224/27.
In the figure, one of these smaller subnets, 172.16.14.128/27, is further divided using the
/30 prefix, which creates subnets with only two hosts, to be used on the WAN links. The
/30 subnets range from 172.16.14.128/30 to 172.16.14.156/30. The WAN links used the
172.16.14.132/30, 172.16.14.136/30, and 172.16.14.140/30 subnets out of the range.
 Greater capability to use route summarization: VLSM allows more hierarchical levels
within an addressing plan and thus allows better route summarization within routing tables.
For example, in the figure, subnet 172.16.14.0/24 summarizes all of the addresses that are
further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from
172.16.14.128/30.
 Isolation of topology changes from other routers: Another advantage to using route
summarization in a large, complex network is that it can isolate topology changes from
other routers. For example, when a specific link in the 172.16.27.0/24 domain is rapidly
fluctuating between being active and inactive (called flapping), the summary route does not
change. Therefore, no router that is external to the domain needs to keep modifying its
routing table because of this flapping activity.
End-System Subnet Mask Operations
This topic describes how end-systems use subnet masks.
The end system uses the subnet mask to compare the network portion of the local network
address with the destination network address of the packet to be sent.
Before an end system can send a packet to its destination, it must first determine if the
destination address is on the local network. If it is, the end system will use the Address
Resolution Protocol (ARP) process to bind the IP address to the MAC address. If it is not, the
packet must be forwarded to the default gateway router for transmission to the destination
network.

Default Gateways
The host is able to use the ARP to map the MAC address of the destination to the IP address of
the destination, only if the two hosts are on the same network. If the two hosts are on different
networks, the sending host must send the data to the default gateway, which will forward the
data to the destination. This topic describes the function of a default gateway.
OK, I have some data to send to 192.168.3.2.
That IP address is not in my network.
I guess I have to send the data to the

default gateway and let it forward it.
Default Gateway
Layer 3 = 10.1.1.1
Layer 3 = 10.1.1.2 Layer 3 = 192.168.3.2
The default gateway is needed to send a packet out of the local network. If the network portion
of the destination address of the packet is different from the network of the originating host, the
packet has to be routed outside of the original network. To do this, the packet is sent to the
default gateway. This default gateway is a router interface that is connected to the local
network. The default gateway interface has a network layer address that matches the network
address of the hosts. The hosts are configured to recognize that address as the default gateway.
On a Windows computer, the Internet Protocol (TCP/IP) Properties tools are used to enter the
default gateway IP address. The host IP address as well as the default gateway address must
have the same network portion of their respective addresses.
How Routers Use Subnet Masks
This topic describes how routers use subnet masks to route network traffic.
The subnet mask identifies the network-significant part of an IP address. Routers need this
information to determine how to get a packet to the desired destination.
All routers have routing tables. Depending on the location of the router in the network
hierarchy, the table may be small and simple or large and complex.
The router populates the routing table with the network-significant part of all known networks
to compare the destination network addresses of packets that need to be forwarded. If the
network is not directly attached to the router, the router stores the address of the next-hop router
to which the packet should be forwarded. For routers to function without the need to store all
destination networks in their tables, they use a default route to which packets not matching any
entry in the route table are forwarded.
Procedure for Routing with Subnet Masks
Step Action Notes
1. Host A determines that the destination Router A has a route to the destination network
network requires the use of its default 10.3.1.0 and forwards the packet to Router B
gateway router (Router A). through the indicated interface.
2. Because the 10.3.1.0/24 network is

directly connected to Router B interface
fa0/2, Router B will use ARP to determine
the MAC address of Host B.

Applying the Subnet Address Scheme
This topic describes how to implement subnet masks.
When configuring routers, each interface is connected to a different network or subnet segment.
An available host address from each different network or subnet must be assigned to the
interface of the router that connects to that network or subnet (see figure). In this example, the
router has two Ethernet interfaces. The interface that is connected to the 172.16.2.0 subnetwork
is assigned the IP address of 172.16.2.1, and the other interface that is connected to the
172.16.3.0 subnetwork is assigned the IP address of 172.16.3.1. All of the attached hosts need
to have their addresses within the range of the subnet. Any host that is configured with an
address outside of this would not be reachable.
IP Address Plans
Most network administrators work with existing networks, complete with subnets and subnet
masks in place. Network administrators need to be able to determine, from an existing IP
address, which part of the address is the network and which part is the subnet to create the IP
plan. This topic describes IP address plans.
Number Number of Number of Bits Number of

of Bits Subnets Remaining in Hosts Possible
Borrowed Possible Host ID Per Subnet
(s) (2s) (8 – s = h) (2h – 2)
1 2 7 126
2 4 6 62
3 8 5 30
4 16 4 14
5 32 3 6
6 64 2 2
7 128 1 0
8 256 0 0
Each time 1 bit is borrowed from a host field, there is 1 less bit remaining in the host field that
can be used for host numbers, and the number of host addresses that can be assigned decreases
by a power of 2.
The exception to this rule is 31-bit subnet masks (that is, 1-bit host identifiers). In such
networks, usually point-to-point links, only two hosts (the endpoints of a point-to-point link)
may be connected. Specification of a network address and broadcast addresses is not necessary.
Use of 31-bit prefixes on IPv4 point-to-point links is specified in RFC 3021.
Consider a Class C network address, for example, in which all 8 bits in the last octet are used
for the host ID; therefore, there are 256 possible numbers. The actual number of possible
addresses available to assign to hosts is 254 (256 – 2 reserved addresses).
Now, imagine that this Class C network is divided into subnets. If 2 bits are borrowed from the
default 8-bit host field, the size of the host field decreases to 6 bits. All possible combinations
of 0s and 1s that could occur in the remaining 6 bits produce a total number of possible hosts
that could be assigned in each subnet. This number, which formerly was 256, is now 64. The
number of usable host numbers decreases to 62 (64 – 2).
In the same Class C network, if 3 bits are borrowed, the size of the host field decreases to 5 bits
and the total number of assignable hosts for each subnet decreases to 32 (25). The number of
usable host numbers decreases to 30 (32 – 2). The number of possible host addresses that can
be assigned to a subnet is related to the number of subnets that have been created. In a Class C
network, for example, the usable subnets that are created are 8, each having 30 (32 – 2) usable
host addresses.

(s) (2s) (16 – s = h) (2h – 2)
1 2 15 32,766
2 4 14 16,382
3 8 13 8,190
… … … …
13 8192 3 6
14 16384 2 2
15 32768 1 0
16 65536 0 0
Now consider a Class B network address in which 16 bits are used for the network ID and 16
bits are used for the host ID. There are 65,536 (216) possible addresses available to assign to
hosts (65,534 usable addresses, after subtracting the two addresses, the broadcast and the
subnet addresses, that cannot be used).
Imagine that this Class B network is divided into subnets. If 2 bits are borrowed from the
default 16-bit host field, the size of the host field decreases to 14 bits. All possible
combinations of 0s and 1s that could occur in the remaining 14 bits produce a total number of
possible hosts that could be assigned in each subnet. Thus, the number of hosts that are
assigned to each subnet is now 16,382.
In the same Class B network, if 3 bits are borrowed, the size of the host field decreases to 13
bits and the total number of assignable hosts for each subnet decreases to 8192 (213). The
number of usable host numbers decreases to 8190 (8192 – 2). In a Class B network, for
example, the usable subnets that are created are 6 (8 – 2), each having 8190 (8192 – 2) usable
host addresses.
(s) (2s) (24 – s = h) (2h – 2)
1 2 23 8,388,606
2 4 22 4,194,302
3 8 21 2,097,150
… … … …
21 2097152 3 6
22 4194304 2 2
23 8388608 1 0
24 16777216 0 0
Finally, consider a Class A network address, in which 8 bits are used for the network ID and 24
bits are used for the host ID. There are 16,777,216 (224) possible addresses available to assign
to hosts (16,777,214 usable addresses, after subtracting the two addresses, the broadcast and the
subnet addresses, that cannot be used).
Now, imagine that this Class A network is divided into subnets. If 6 bits are borrowed from the
default 24-bit host field, the size of the host field decreases to 18 bits. All possible
combinations of 0s and 1s that could occur in the remaining 18 bits produce a total number of
possible hosts that could be assigned in each subnet. This number is now 262,142, while it was
formerly 16,777,216. The number of usable hosts decreases to 262,140 (262,142 – 2).

Subnet
Subnet Mask Subnet Valid Host Range
Address
172.16.0.0 255.255.224.0 172.16.0.0/19 172.16.0.1 to 172.16.31.254
172.16.32.0 255.255.224.0 172.16.32.0/19 172.16.32.1 to 172.16.63.254
172.16.64.0 255.255.224.0 172.16.64.0/19 172.16.64.1 to 172.16.95.254
172.16.96.0 255.255.224.0 172.16.96.0/19 172.16.96.1 to 172.16.127.254
172.16.128.0 255.255.224.0 172.16.128.0/19 172.16.128.1 to 172.16.159.254
172.16.160.0 255.255.224.0 172.16.160.0/19 172.16.160.1 to 172.16.191.254
172.16.192.0 255.255.224.0 172.16.192.0/19 172.16.192.1 to 172.16.223.254
172.16.224.0 255.255.224.0 172.16.224.0/19 172.16.224.1 to 172.16.255.254
The first subnet that is obtained after subnetting the network address is called subnet zero and
the last subnet that is obtained is called the all-ones subnet.
Consider a Class B address, 172.16.0.0. By default, this address has 16 bits reserved for
representing the host portion; thus allowing 65534 (216 – 2) valid host addresses. If network
172.16.0.0/16 is subnetted by borrowing three bits from the host portion, eight (23) subnets are
obtained. The table is an example showing the subnets that are obtained by subnetting the
address 172.16.0.0, the resulting subnet mask, the corresponding broadcast addresses, and the
range of valid host addresses.
In the example, the first subnet (subnet 172.16.0.0/19) is called subnet zero and the last subnet
that is obtained when subnetting network 172.16.0.0 (subnet 172.16.224.0/19) is called the all-
ones subnet.
The class of the network that is subnetted and the number of subnets that are obtained after
subnetting have no role in determining subnet zero. It is the first subnet that is obtained when
subnetting the network address. When you write the binary equivalent of the subnet zero
address, all the subnet bits (bits 17, 18, and 19, in this case) are zeros. Subnet zero is also
known as the all-zeros subnet or zero subnet. Also, when you write the binary equivalent of the
subnet zero address, all the subnet bits (bits 17, 18, and 19, in this case) are ones; hence the
name.
Traditionally, it was strongly recommended that subnet zero and the all-ones subnet not be used
for addressing. This is why network engineers required to calculate the number of subnets that
are obtained by borrowing three bits would calculate 23 – 2 (6) and not 23 (8). The – 2 takes
into account that subnet zero and the all-ones subnet are not used traditionally.
Before Cisco IOS Software Release 12.0, Cisco routers, by default, did not allow an IP address
belonging to subnet zero to be configured on an interface. However, if a network engineer
working with a Cisco IOS Software release older than 12.0 finds it safe to use subnet zero, the
ip subnet-zero command in the global configuration mode can be used to overcome this
restriction. As of Cisco IOS Software Release 12.0, Cisco routers now have ip subnet-zero
enabled by default, but if the network engineer feels that it is unsafe to use subnet zero, the no
ip subnet-zero command can be used to restrict the use of subnet zero addresses.
Procedure for Implementing Subnets
This topic lists the required steps for implementing subnets.
1. Determine the IP address that is assigned by the registry authority.

2. Based on the organizational and administrative structure, determine the
number of subnets that are required.
3. Based on the address class and required number of subnets,
determine the number of bits that you need to borrow from the host ID.
4. Determine the binary and decimal value of the subnet mask.
5. Apply the subnet mask to the network IP address to determine the
subnet and host addresses.
6. Assign subnet addresses to specific interfaces for all devices that are
connected to the network.
The procedure that is described in the figure explains how to select the number of subnets that
you need for a particular network and then apply a mask to implement subnets.
Procedure for Implementing Subnets
Step Action Example
1. Determine the IP address for your network Assume that you are assigned a Class B
as assigned by the registry authority. address of 172.16.0.0.
2. Based on your organization and Assume that you are managing a worldwide
administrative requirements and structure, network in 25 countries. Each country has an
determine the number of subnets that are average of four locations. Therefore, you will
required for the network. Be sure to plan need 100 subnets.
for future growth.
3. Based on the address class and the To create 100 subnets, you need to borrow 7
number of subnets you selected, bits (27 – 2 = 126).
determine the number of bits you need to
borrow from the host ID.
4. Determine the binary and decimal values For a Class B address with 16 bits in the
of the subnet mask you select. network ID, when you borrow 7 bits, the mask
is /23.
Binary value of the mask:
11111111.11111111.11111110.00000000
Decimal value of the mask: 255.255.254.0
5. Apply the subnet mask for the network IP address to determine the subnet and host
addresses. You will also determine the network and broadcast addresses for each subnet.
6. Assign subnet addresses to specific subnets on your network.

Determining Subnet Addresses Example
This topic provides an example of how to determine subnet addresses in eight easy steps.
IP Address: 192.168.221.37 Subnet Mask /29
Step Description Example

1. Write the octet that is being Host octet: 37
split in binary. Host octet in binary: 00100101
2. Write the mask or classful Assigned mask: 255.255.255.248 (/29)
prefix length in binary. Host octet in binary: 11111000
3. Draw a line to delineate the Split octet (binary): 00100101
significant bits in the assigned Split mask (binary): 11111 000
IP address. Cross out the
mask so that you can view the
significant bits in the IP
address.
When working in a classful networking environment that uses fixed-length subnet masks, you
can determine the entire network addressing scheme that is based on a single IP address and its
corresponding subnet mask.
The figure shows the first three of eight steps that are used to determine the subnet of a given IP
address. In this example, the IP address and subnet mask are as follows:
 Network address: 192.168.221.37
 Subnet mask: 255.255.255.248
4. Copy the significant bits four 00100 000 (network address)
times. 00100 001 (first address in subnet
5. In the first line, define the 00100 110 (last address in subnet)
network address by placing 00100 111 (broadcast address)?
all zeros in the Completed Subnet Addresses
nonsignificant bits. Network address: 192.168.221.32
6. In the last line, define the Subnet mask: 255.255.255.248
broadcast address by First subnet: 192.168.221.32
placing all ones in the First host address: 192.168.221.33
nonsignificant bits. Last host address: 192.168.221.38
7. In the middle lines, define the Broadcast address: 192.168.221.39
first and last host number. Next subnet: 192.168.221.40
8. Increment the subnet bits 1 000 (next subnet)

00101
by one.
The figure shows the last five of eight steps that are used to determine the subnet of a given IP
address.
After converting the addresses from binary to decimal, the addresses for the subnets are as
follows:
 First subnet address: 192.168.221.32
 First host address: 192.168.221.33
 Last host address: 192.168.221.38
 Broadcast address: 192.168.221.39
 Next subnet address: 192.168.221.40
Notice that the range of the address block, including the subnet address and directed-broadcast
address in this example, is from 192.168.221.32 through 192.168.221.39, which includes eight
addresses. The address block is the same size as the number of host bits (2h = 23 = 8).

Example: Applying a Subnet Mask for a Class C
Address
This topic provides an example of applying a subnet mask to a Class C address.
IP Address 192.168.5.139 Subnet Mask /27

IP Address 192 168 5 139
IP Address 11000000 10101000 00000101 100001011
Subnet Mask 11111111 11111111 11111111 11100000 /27
Network (2) 1000000 10101000 00000101 10000000
Network (10) 192 168 5 128
First host 192 168 5 100000001=129
Last Host 192 168 5 10011110=158
Direct 192 168 5 10011111=159
Broadcast
Next Network 192 168 5 10100000=160
Given the address of 192.168.5.139 and knowing that the subnet mask is 255.255.255.224, the
subnet number is 11111111.11111111.11111111.11100000, or /27.
Steps to Determine Class C Subnet Addresses
1. Write the octet that is being split in binary. 10001011
2. Write the mask or classful prefix length in binary. 11100000
3. Draw a line to delineate the significant bits in the 100 | 01011

assigned IP address. 111 | 00000
Cross out the mask so you can view the
significant bits in the IP address.
4. Copy the significant bits four times. 100 00000 (first subnet address)
100 00001 (first host address)
5. In the first line, define the network address by
placing 0s in the remaining host bits. 100 11110 (last host address)
100 11111 (broadcast address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits.
7. In the middle lines, define the first and last host ID

for this subnet.
8. Increment the subnet bits by 1 to determine the 101 00000 (next subnet address)
next subnet address.
Repeat Steps 4 through 8 for all subnets.
Subnet Addresses Table
Subnet Subnet ID Host Range Broadcast Address
No.
All 0s 192.168.5.0 192.168.5.1 to 192.168.5.30 192.168.5.31
1 192.168.5.32 192.168.5.33 to 192.168.5.62 192.168.5.63
2 192.168.5.64 192.168.5.65 to 192.168.5.94 192.168.5.95
3 192.168.5.96 192.168.5.97 to 192.168.5.126 192.168.5.127
4 192.168.5.128 192.168.5.129 to 192.168.5.158 192.168.5.159
5 192.168.5.160 192.168.5.161 to 192.168.5.190 192.168.5.191
6 192.168.5.192 192.168.5.193 to 192.168.5.222 192.168.5.223
All 1s 192.168.5.224 192.168.5.225 to 192.168.5.254 192.168.5.255

Example: Applying a Subnet Mask for a Class B
Address
This topic provides an example of applying a subnet mask to a Class B address.

IP Address 172 16 139 46
IP Address 10101100 00010000 10001011 00101110
Subnet Mask 11111111 11111111 11110000 00000000 /20
Network (2) 10101100 00010000 10000000 00000000
Network (10) 172 16 128 0
First host 172 16 10000000 00000001=128.1
Last Host 172 16 10001111 11111110=143.254
Direct 172 16 10001111 11111111=143.255
Broadcast
Next Network 172 16 10010000 00000000=144.0
Given the address of 172.16.139.46 and knowing that the subnet mask is 255.255.240.0, or /20,
you can determine the subnet and host addresses for this network.
Steps to Determine Class B Subnet Addresses
3. Draw a line to delineate the significant bits in the

1111 | 0000

for this subnet.
Subnet Subnet ID Host Range Broadcast
No.
All 0s 172.16.0.0 172.16.0.1 to 172.16.15.254 172.16.15.255
1 172.16.16.0 172.16.16.1 to 172.16.31.254 172.16.31.255
2 172.16.32.0 172.16.32.1 to 172.16.47.254 172.16.47.255
……….
13 172.16.208.0 172.16.208.1 to 172.16.223.254 172.16.223.255
14 172.16.224.0 172.16.224.1 to 172.16.239.254 172.16.239.255
All 1s 172.16.240.0 172.16.240.1 to 172.16.255.254 172.16.255.255

Example: Applying a Subnet Mask for a Class A
Address
This topic provides an example of applying a subnet mask to a Class A address.

IP Address 10 172 16 211
IP Address 00001010 10101100 00010000 11010011
Subnet Mask 11111111 11111111 11000000 00000000 /18
Network (2) 00001010 10101100 00000000 00000000
Network (10) 10 172 0 0
First host 10 172 00000000 0000001=0.1
Last Host 10 172 00111111 11111110=63.254
Direct 10 172 00111111 11111111=63.255
Broadcast
Next Network 10 172 01000000 00000000=64.0
Given the address of 10.172.16.211 and knowing that the subnet mask is /18, you can
determine the subnet and host addresses for this network.
Steps to Determine Class A Subnet Addresses
3. Draw a line to delineate the significant bits in the 00 | 010000


for this subnet.
Subnet Subnet ID Host Range Broadcast
No.
All 0s 10.0.0.0 10.0.0.1 to 10.0.63.254 10.0.63.255
1 10.0.64.0 10.0.64.1 to 10.0.127.254 10.0.127.255
2 10.0.128.0 10.0.128.1 to 10.0.191.254 10.0.191.255
……….
1021 10.255.64.0 10.255.64.1 to 10.255.127.254 10.255.127.255
1022 10.255.128.0 10.255.128.1 to 10.255.191.254 10.255.191.255
All 1s 10.255.192.0 10.255.192.1 to 10.255.255.254 10.255.255.255

Variable-Length Subnet Mask
This topic provides an example of how to apply variable-length subnet masks.
• VLSM—Subnetting a subnet for efficient use of IP addresses

• Subnet 192.168.1.0/24 is divided into smaller subnets:
- Subnet with one mask (/27)
- Further subnet one of the unused /27 subnets into multiple /30 subnets
Basic subnetting is sufficient for networks but does not provide the flexibility that is needed in
larger enterprise networks.
VLSM provides for efficient use of address space. It also allows for hierarchal IP addressing,
which allows routers to take advantage of route summarization. Route summarization reduces
the size of routing tables in distribution and core routers. Smaller routing tables require less
CPU time for routing lookups.
VLSM is the concept of subnetting a subnet. It was initially developed to maximize addressing
efficiency. With the advent of private addressing, the primary advantage of VLSM now is
organization and summarization. VLSM affords the options of including more than one subnet
mask within a network and of subnetting an already subnetted network address.
In the figure, the subnet address 172.16.32.0/20, used for this portion of the enterprise network,
is generated from subnetting the 172.16.0.0/16 Class B network into multiple /20 subnets.
By using VLSM, you can further subnet an already subnetted address. Consider, for example,
that your region of the enterprise network has a subnet address of 172.16.32.0/20 and that you
need to assign addresses to multiple LANs. Additionally, each LAN must have 50 hosts within
your region. With VLSM, you can further subnet address 172.16.32.0/20 to give you more
network addresses and fewer hosts per network. For example, if you subnet 172.16.32.0/20 to
172.16.32.0/26, you gain 64 (26) subnets, each of which could support 62 (26 – 2) hosts.

In the figure, the subnet addresses that are used on the Ethernet LANs are generated from
subdividing the 172.16.32.0/20 subnet into multiple /26 subnets.
To calculate the subnet addresses that are used on the WAN links, further subnet one of the
unused /26 subnets. In the figure, the subnet addresses that are used on the WAN links are
generated from subdividing the 172.16.33.0/26 subnet into multiple /30 subnets. This
mechanism provides 16 (24) subnets and 2 (22 – 2) hosts for each of the WANs.
Summary
• Subnets segment hosts within a network into smaller networks.

• Subnet mask defines a number of bits in IP address that represent
network part.
• A variable-length subnet mask (VLSM) introduces more than one subnet
mask within a network and subnetting an already subnetted network
address.
• End systems use subnet masks to compare the network portion of the
local network addresses with the destination addresses of the packets to
be sent.
• The default gateway is needed to send a packet out of the local network.
• Routers use a subnet mask to determine how to get a packet to the
desired destination.
• All hosts in the same network need to have their addresses within the
range of the subnet.
• Class C network can be subnetted into up to 64 subnets for two hosts.

• When implementing subnets, you should first determine the number of
subnets that are required.
• Network IP address can be determined by placing all zeros into the host
past of the IP address.
• A subnet with mask /27 supports up to 30 hosts.
• VLSMs let you more efficiently allocate IP addresses by adding multiple
layers of the addressing hierarchy.

Module Summary
This topic summarizes the key points that were discussed in this module.
• A network is a connected collection of devices (computers,

interconnections, routers, and switches) that can communicate with each
other, providing the means for users to share hardware and applications.
• Networks today must be secured from physical as well as network
attacks. Service providers are often the target attacks but also the
defenders.
• Host-to-host communications are governed by OSI and TCP/IP.
• TCP/IP defines a 32-bit IPv4 address that is represented by 4 octets
separated by a period. IPv6 addresses use 16-bit hexadecimal number
fields separated by colons (:) to represent the 128-bit addressing format.
• The purpose of the transport layer is to hide the network requirements
from the application layer and to ensure end-to-end transfer of
application data. UDP is a connectionless, best-effort delivery protocol,
while TCP is connection-oriented and delivers data reliably.
• The default gateway is needed to send a packet out of the local network.
This module covered the IP fundamentals that are important to build an IP network, host-to-
host communication, as well as network components and functions. It then covered basic
concepts of network security and presented TCP/IP layers and the OSI model, with
special emphasis on network and transport layers. Finally, the module ended with routing
foundations and an explanation of the subnets, default gateway, and construction of an IP plan.

Module Self-Check
Use the questions here to review what you learned in this module. The correct answers and
solutions are found in the Module Self-Check Answer Key.
Q1) Which three statements about networks are accurate? (Choose three.) (Source: Defining
Functions of Networking)
A) Networks are used to transmit data in various environments, including homes,
small businesses, and large enterprises.
B) A main office can have hundreds or even thousands of people who depend on
network access to do their jobs.
C) A network is a connected collection of devices that can communicate with each
other.
D) A main office usually has one large network to connect users.
E) The purpose of a network is to create a means to provide workers with access
to all information and components that are accessible by the network.
F) Remote locations cannot connect to a main office through a network.
Q2) What is the purpose of network interconnections? (Source: Defining Functions of
Networking)
A) to connect separate networks and filter the traffic over those networks so that
the data is transmitted through the most efficient route
B) to choose the path over which data is sent to its destination
C) to provide a means for data to travel from one point to another in the network
D) to provide network attachment to the end systems and intelligent switching of
the data within the local network
Q3) Which three are part of the Cisco Hierarchical Network Model? (Choose three.)
(Source: Defining Functions of Networking)
A) access
B) distribution
C) transport
D) core
E) data

Q4) Match each network characteristic to its definition. (Source: Defining Functions of
Networking)
_____ 1. speed
_____ 2. cost
_____ 3. security
_____ 4. availability
_____ 5. scalability
_____ 6. reliability
_____ 7. topology
A) indicates how easily users can access the network
B) indicates the dependability of the network
C) indicates the protection level of the network itself and the data that is
transmitted
D) indicates how fast data is transmitted over the network
E) indicates how well the network can accommodate more users or data
transmission requirements
F) indicates the structure of the network
G) indicates the general price of components, installation, and maintenance of the
network
Q5) Which statement about logical topologies is accurate? (Source: Defining Functions of
Networking)
A) A logical topology defines the way in which the computers, printers, network
devices, and other devices are connected.
B) A logical topology depends solely on the type of computer that is to be
included in the network.
C) A logical topology describes the paths that the signals travel from one point on
a network to another.
D) A network cannot have different logical and physical topologies.
Q6) Match each topology type to its correct description. (Source: Defining Functions of
Networking)
_____ 1. All of the network devices connect directly to each other in a linear
fashion.
_____ 2. All of the network devices are directly connected to one central point, with
no other connections between them.
_____ 3. All of the devices on a network are connected in the form of a circle.
_____ 4. Each device has a connection to all of the other devices.
_____ 5. At least one device maintains multiple connections to other devices.
_____ 6. This design adds redundancy to the network.
A) star
B) bus
C) mesh
D) ring
E) partial-mesh
F) dual-ring
Q7) What is the main threat to a closed network? (Source: Explaining Network Security)
A) a deliberate attack from outside
B) a deliberate or accidental attack from inside
C) misuse by customers
D) misuse by employees
Q8) Which two factors have recently influenced the increase in threats from hackers?
(Choose two.) (Source: Explaining Network Security)
A) Hacker tools require more technical knowledge to use.
B) Hacker tools have become more sophisticated.
C) Hacker tools have become less sophisticated.
D) Hacker tools require less technical knowledge to use.
Q9) Which two statements about the purpose of the OSI model are accurate? (Choose two.)
(Source: Introducing TCP/IP Layers and the OSI Reference Model)
A) The OSI model defines the network functions that occur at each layer.
B) The OSI model facilitates an understanding of how information travels
throughout a network.
C) The OSI model ensures reliable data delivery through its layered approach.
D) The OSI model allows changes in one layer to affect the other layers.
Q10) Match each OSI layer to its function. (Source: Introducing TCP/IP Layers and the OSI
Reference Model)
_____ 1. physical
_____ 2. data link
_____ 3. network
_____ 4. transport
_____ 5. session
_____ 6. presentation
_____ 7. application
A) provides connectivity and path selection between two host systems that may be
located on geographically separated networks
B) ensures that the information sent at the application layer of one system is
readable by the application layer of another system
C) defines how data is formatted for transmission and how access to the network
is controlled
D) segments data from the system of the sending host and reassembles the data
into a data stream on the system of the receiving host
E) defines the electrical, mechanical, procedural, and functional specifications for
activating, maintaining, and deactivating the physical link between end systems
F) provides network services to the applications of the user, such as email, file
transfer, and terminal emulation
G) establishes, manages, and terminates sessions between two communicating
hosts and also synchronizes dialogue between the presentation layers of the
two hosts and manages their data exchange

Q11) At which layer does de-encapsulation first occur? (Source: Introducing TCP/IP Layers
and the OSI Reference Model)
A) application
B) data link
C) network
D) transport
Q12) Match each TCP/IP stack layer to its function. (Source: Introducing TCP/IP Layers and
the OSI Reference Model)
_____ 1. provides applications for file transfer, network troubleshooting, and
Internet activities, and supports the network
_____ 2. defines how data is formatted for transmission and how access to the
network is controlled
_____ 3. defines the electrical, mechanical, procedural, and functional specifications
for activating, maintaining, and deactivating the physical link between end
systems
_____ 4. provides routing of data from the source to a destination by defining the
packet and addressing scheme, moving data between the data link and
transport layers, routing packets of data to remote hosts, and performing
fragmentation and reassembly of data packets
_____ 5. provides communication services directly to the application processes that
are running on different network hosts
A) physical layer
B) data linklayer
C) Internet layer
D) transport layer
E) application layer
Q13) How many bits are in an IPv4 address? (Source: Introducing TCP/IP Layers and the
OSI Reference Model)
A) 16
B) 32
C) 48
D) 64
E) 128
Q14) How many bits are in an IPv6 address? (Source: Introducing TCP/IP Layers and the
OSI Reference Model)
A) 16
B) 32
C) 48
D) 64
E) 128
Q15) Which statement is true of a directed-broadcast address? (Source: Introducing TCP/IP
Layers and the OSI Reference Model)
A) A broadcast address has all 0s in the host field.
B) Any IP address in a network can be used as a broadcast address.
C) A directed-broadcast address has all 1s in the host field.
D) None of the above is correct.
Q16) Which two of these addresses are private IP addresses? (Choose two.) (Source:
Managing IP Addressing)
A) 10.215.34.124
B) 127.16.71.43
C) 172.17.10.10
D) 225.200.15.10
Q17) Which three are IPv6 address types? (Choose three.) (Source: Managing IP
Addressing)
A) unicast
B) multicast
C) broadcast
D) anycast
Q18) When a host acquires an IPv6 address by appending its data link layer address to the
local link prefix, this situation is called _____. (Source: Managing IP Addressing)
A) autoassignment
B) dynamic assignment
C) dynamic configuration
D) autoconfiguration
Q19) Which two of these applications use ICMP? (Choose two.) (Source: Managing IP
Addressing)
A) ping
B) SNMP
C) traceroute
D) SMTP
E) http
Q20) Which two of these records are used for IP name-to-address lookups (both IPv4 and
IPv6)? (Choose two.) (Source: Managing IP Addressing)
A) A records
B) AA records
C) A3 records
D) AAAA records
E) A6 records
F) AAAAAA records

Q21) Which three statements about IP are accurate? (Choose three.) (Source: Introducing
TCP/IP Layers and the OSI Reference Model)
A) IP is a connectionless protocol.
B) IP uses relational addressing.
C) IP delivers data reliably.
D) IP operates at Layer 2 of the TCP/IP stack and OSI model.
E) IP does not provide any recovery functions.
F) IP delivers data on a best-effort basis.
Q22) Which three statements about TCP are accurate? (Choose three.) (Source: Describing
the TCP/IP Transport Layer)
A) TCP operates at Layer 3 of the TCP/IP stack.
B) TCP is a connection-oriented protocol.
C) TCP provides no error checking.
D) TCP packets are numbered and sequenced so that the destination can reorder
packets and determine if a packet is missing.
E) TCP provides no recovery service.
F) Upon receipt of one or more TCP packets, the receiver returns an
acknowledgment to the sender indicating that it received the packets.
Q23) When a single computer with one IP address has several websites open at once, this
situation is called _____. (Source: Describing the TCP/IP Transport Layer)
A) windowing
B) session multiplexing
C) segmenting
D) connection-oriented protocol
Q24) TCP is best for which two applications? (Choose two.) (Source: Describing the TCP/IP
Transport Layer)
A) email
B) voice streaming
C) downloading
D) video streaming
Q25) Which three characteristics apply to UDP? (Choose three.) (Source: Describing the
TCP/IP Transport Layer)
A) Packets are treated independently.
B) Packet delivery cannot be prioritized.
C) Packet delivery is not guaranteed.
D) Lost or corrupted packets are not re-sent.
E) It is a connection-oriented protocol.
Q26) In a TCP connection setup, the initiating device sends which message? (Source:
Describing the TCP/IP Transport Layer)
A) ACK
B) receive SYN
C) send SYN
D) SYN ACK
Q27) Acknowledgment and windowing are two forms of _____. (Source Describing the
TCP/IP Transport Layer)
A) flow control
B) TCP connection
C) TCP sequencing
D) reliable connections
Q28) Windowing provides which of the following services? (Source: Describing TCP/IP
Transport Layer)
A) The sender can multiplex.
B) The receiver can have outstanding acknowledgments.
C) The receiver can multiplex.
D) The sender can transmit a specified number of unacknowledged segments.
Q29) Where are sequence numbers and acknowledgment numbers found? (Source:
Describing TCP/IP Transport Layer)
A) UDP header
B) TCP header
C) initial sequence number
D) application layer
Q30) If the two hosts are on different networks, the sending host must send the data to the
_____. (Source: Explaining IP Addressing and Subnets)
A) Router
B) Default gateway
C) Layer 3 switch

Module Self-Check Answer Key
Q1) A, B, C
Q2) C
Q3) A, B, D
Q4) 1 = D, 2 = G, 3 = C, 4 = A, 5 = E, 6 = B, 7 = F
Q5) C
Q6) 1 = B, 2 = A, 3 = D, 4 = C, 5 = E, 6 = F
Q7) B
Q8) B, D
Q9) A, B
Q10) 1 = E, 2 = C, 3 = A, 4 = D, 5 = G, 6 = B, 7 = F
Q11) B
Q12) 1 = E, 2 = B, 3 = A, 4 = C, 5 = D
Q13) B
Q14) E
Q15) C
Q16) A, C
Q17) A, B, D
Q18) D
Q19) A, C
Q20) A, D
Q21) A, E, F
Q22) B, D, F
Q23) B
Q24) A, C
Q25) A, C, D
Q26) C
Q27) A
Q28) D
Q29) B
Q30) B
Module 2
Basic LAN Switching

Overview
LAN switching is a form of packet switching that is used in LANs on Layer 2 of the TCP/IP
model. Understanding how a LAN functions, including network components, frames, Ethernet
addresses, and operational characteristics is important for an overall knowledge of networking
technologies. This module describes how switching technology contributes to the efficiency of
a LAN by reducing congestion and increasing bandwidth in comparison to obsolete hubs and
bridges.
Cisco IOS Software is feature-rich network system software that provides network intelligence
for business-critical solutions. Functions of Cisco IOS Software and its configuration are
described in this module. The module also describes problems with loops at Layer 2 of the
TCP/IP model and provides solutions by describing various loop-avoidance mechanisms. It is
important to secure administrative access to the device by using Cisco IOS Software and to be
able to resolve common switch network issues.
This module describes the functions of switches in connecting networks and how switches
transmit data through networks using TCP/IP.
Module Objectives
Upon completing this module, you will be able to describe LAN switching concepts and
discuss considerations when implementing switching on the network. This ability includes
being able to meet these objectives:
 List the characteristics and benefits of a LAN, including its components and their related
functions
 List the types and functions of the connection components of an Ethernet LAN
 Identify switched LAN technology solutions to Ethernet networking issues
 Operate and configure a Cisco switch
 Secure basic configuration of a Cisco switch
 Describe basic network optimization procedures
 Identify and resolve common switch network issues
Lesson 1
Understanding Ethernet
Overview
Understanding how a LAN functions, including network components, frames, Ethernet
addresses, and operational characteristics, is important for an overall knowledge of networking
technologies. This lesson describes a LAN and provides fundamental knowledge about LAN
characteristics, components, and functions. It also describes the basic operations of an Ethernet
LAN and how frames are transmitted over it.
Objectives
Upon completing this lesson, you will be able to list the characteristics and benefits of a LAN,
including its components and their related functions. This ability includes being able to meet
these objectives:
 Define a LAN
 Describe the components of a LAN
 Describe the functions provided by a LAN
 Describe various types and sizes of LANs
 Describe the evolution of Ethernet
 Identify the standards for Ethernet LANs
 Describe how Ethernet LANs manage the physical signals using Carrier Sense Multiple
Access with Collision Detection (CSMA/CD)
 Describe the format of an Ethernet Frame
 Describe how the MAC address is formatted in an Ethernet LAN
LAN Definition
This topic defines a LAN.
• Layer 2 switching is essential for building IP NGN infrastructure
Access
Aggregation
IP Edge
Core
Residential
Mobile Users
Business
• A LAN is a network of computers and other components located
relatively close together.
Small Office LAN
Large Office LAN
A LAN is a network of computers and other components that are located relatively close
together in a limited area. LANs can vary widely in their size, from only two computers in a
home office or small business to hundreds of computers in a large corporate office or in
multiple buildings.
The defining characteristics of LANs, in contrast to WANs, include their usually higher data
transfer rates, smaller geographic area, and lack of a need for leased telecommunication lines.
Example: A Small Office LAN

A small home business or a small office environment could use a small LAN to connect two or
more computers and to connect the computers to one or more shared peripheral devices, such as
printers.
Example: An Enterprise LAN

A large corporate office could use multiple LANs to accommodate hundreds of computers and
shared peripheral devices, for departments such as finance or operations, spanning many floors
in an office complex.
© 2012 Cisco Systems, Inc. Basic LAN Switching 2-5

LAN Components
This topic describes the components of a LAN.
• Computers: PC
- PCs
- Servers
• Interconnections:
- Network interface cards (NICs)
- Media
Switch
• Network devices:
- Hub
- Switches
• Protocols:
- Ethernet
- IP PC Server
- Address Resolution Protocol (ARP)
- DHCP
Regardless of its size, a LAN requires these fundamental components for its operation:
 Computers: Computers serve as the endpoints in the network, sending and receiving data.
 Interconnections: Interconnections allow data to travel from one point to another in the
network. Interconnections include these components:
— Network interface cards (NICs): NICs translate the data that is produced by the
computer into a format that can be transmitted over the LAN.
— Network media: Network media, such as cables or wireless media, transmit signals
from one device on the LAN to another.
 Network devices: A LAN requires Ethernet switches. which form the aggregation point for
LANs. Ethernet switches operate at Layer 2 of the OSI model and provide intelligent
distribution of frames within the LAN.
 Protocols: Protocols are sets of rules governing data transmission over a LAN and include
the following:
— Ethernet protocols
— IP
— Address Resolution Protocol (ARP) and Reverse ARP (RARP)
— DHCP
Switched Ethernet is the most common data link layer and physical layer implementation for
LANs. At the higher layers, TCP/IP is the standard. Smaller LANs generally consist of one or
more switches that are linked to each other, and at least one is often connected to a router, cable
modem, or asymmetric DSL (ADSL) modem for Internet access.
LAN Functions
This topic describes the functions provided by a LAN.
• Data and applications:

- Sharing files and applications
- More efficient collaboration
• Shared resources:
- Cameras
- Printers
• Communication path to other networks:
- Access to the Internet
LANs provide network users with communication and resource-sharing functions:

 Data and applications: When users are connected through a network, they can share files
and even software application programs. This makes data more easily available and
promotes more efficient collaboration on work projects.
 Resources: The resources that can be shared include both input devices (such as cameras)
and output devices (such as printers).
 Communication path to other networks: If a resource is not available locally, on the
LAN, via a gateway (router), the router can provide connectivity to remote resources (for
example, access to the Internet).

LAN Sizes
This topic describes various types and sizes of LANs.
• A LAN can be configured in a variety of sizes, depending on the

requirements of the environment in which it operates.
Small office,
home office
(SOHO) LAN Enterprise LAN
LANs can be of various sizes to fit different work requirements:

 Small office, home office (SOHO): The SOHO environment typically has only a few
computers and some peripherals, such as printers.
 Enterprise: The enterprise environment may include many separate LANs in a large office
building or in different buildings on a corporate campus. In the enterprise environment,
there may be hundreds of computers and peripherals in each LAN.
History of Ethernet
This topic describes the evolution of Ethernet.
Year Ethernet Activity

1970 First packet radio network
1973 Ethernet invented at Xerox
1977 U.S. patent issued
1982 DIX releases 10 Mb/s Ethernet
1992 First stackable Ethernet hub
2002 IEEE approves 802.3ae; 10 Gb/s
June 2010 40 Gb/s and 100 Gb/s Ethernet standardized as IEEE 802.3ba
40 Gb/s serial single-mode optical fiber standard (40GBASE-FR)
March 2011
as IEEE 802.3bg
The term Ethernet refers to the family of LAN products covered by the IEEE 802.3 standard
that defines what is commonly known as the Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) protocol. Ethernet has been commercially available since about 1980,
largely replacing competing wired LAN standards. Most common are Ethernet over twisted
pair to connect end systems, and fiber-optic versions for site backbones. Ethernet is
standardized as IEEE 802.3.
Ethernet was originally developed in the 1970s by Digital Equipment Corp. (DEC), Intel, and
Xerox, and was called DIX Ethernet. It later came to be called thick Ethernet (because of the
thickness of the cable that is used in this type of network), and it transmitted data at 10
megabits per second (Mb/s). The standard for Ethernet was updated in the 1980s to add more
capability, and the new version of Ethernet was referred to as Ethernet Version 2 (also called
Ethernet II).
The IEEE is a professional organization that defines network standards. IEEE standards are the
predominant LAN standards in the world today. In the mid-1980s, an IEEE workgroup defined
new standards for Ethernet-like networks. The set of standards that they created was called
Ethernet 802.3 and was based on the CSMA/CD process. Ethernet 802.3 specified the physical
layer (Layer 1) and the MAC portion of the data link layer (Layer 2). Today, this set of
standards is most often referred to simply as “Ethernet.”

LAN Standards
This topic identifies the standards for Ethernet LANs.
LLC Sublayer IEEE 802.2
Ethernet II / IEEE 802.3

Data Link
Layer
MAC
IEEE 802.3ab
IEEE 802.3u
IEEE 802.3z
Token Ring /
Sublayer
IEEE 802.3
IEEE 802.5
FDDI
Physical Physical
Layer Layer
OSI Layers LAN Specifications
The figure shows how LAN protocols map to the OSI reference model.
The IEEE divides the OSI data link layer into two separate sublayers:
 Logical Link Control (LLC): Transitions up to the network layer.
 MAC: Transitions down to the physical layer.
LLC Sublayer
The IEEE created the LLC sublayer to allow part of the data link layer to function
independently from existing technologies. This layer provides versatility in services to the
network layer protocols that are above it, while communicating effectively with the variety of
MAC and Layer 1 technologies below it. The LLC, as a sublayer, participates in the
encapsulation process.
An LLC header tells the data link layer what to do with a packet when it receives a frame. For
example, a host receives a frame and then looks in the frame header to understand that the
packet is destined for the IP protocol at the network layer.
MAC Sublayer
The MAC sublayer deals with physical media access. The IEEE 802.3 MAC specification
defines MAC addresses, which uniquely identify multiple devices at the data link layer. The
MAC sublayer maintains a table of MAC addresses (physical addresses) of devices.
LAN Specifications
There are several 802.3 communication standards, including 802.3u, 802.3z, and 802.3ab:
 802.3u: 100BASE-TX, 100BASE-T4, and 100BASE-FX Fast Ethernet at 100 Mb/s with
autonegotiation
 802.3z: 1000BASE-X Gb/s Ethernet over Fiber-Optic at 1 Gb/s
 802.3ab: 1000BASE-T Gb/s Ethernet over twisted pair at 1 Gb/s

Carrier Sense Multiple Access with Collision
Detection
This topic describes how Ethernet LANs manage the physical signals using Carrier Sense
Multiple Access with Collision Detection (CSMA/CD).
Carrier Sense
Multiple Access
Collision
Collision
Collision Detection
(Backoff Algorithm)
JAM JAM JAM JAM JAM
Ethernet LANs manage the signals on a network by CSMA/CD, which is an important aspect
of Ethernet. The figure illustrates the CSMA/CD process.
In an Ethernet LAN, before transmitting, a computer (CSMA/CD station) first listens to the
network media. If the media is idle, the computer sends its data. After a transmission has been
sent, the computers on the network compete for the next available idle time to send another
frame. This competition for idle time means that none of the stations has an advantage over
another on the network.
A collision occurs when two stations listen for network traffic, hear none, and transmit
simultaneously. In this case, both transmissions are damaged, and the stations must retransmit
at some later time. CSMA/CD stations must be able to detect collisions to know that they must
retransmit.
The extent of the network segment over which collisions occur is referred to as the collision
domain. The size of the collision domain has an impact on efficiency, and therefore on data
throughput.
When a station transmits, the signal is referred to as a carrier. The NIC senses the carrier and
consequently refrains from broadcasting a signal. If there is no carrier, a waiting station knows
that it is free to transmit. This is the “carrier sense” part of the protocol.
In the CSMA/CD process, priorities are not assigned to particular stations, so all stations on the
network have equal access. This is the “multiple access” part of the protocol. If two or more
stations attempt a transmission simultaneously, a collision occurs. The stations are alerted of
the collision, and they execute a backoff algorithm that randomly schedules retransmission of
the frame. This scenario prevents the machines from repeatedly attempting to transmit at the
same time. Collisions are normally resolved in microseconds. This is the “collision detection”
part of the protocol. The CSMA/CD access method is half-duplex. Half-duplex means that only
one station can transmit at a time. When Ethernet is operating in full-duplex mode, CSMA/CD
is not used. Full-duplex mode allows stations to transmit and receive data simultaneously.

Ethernet Frame
This topic describes the format of an Ethernet Frame.
Field Length (Bytes)

8 6 6 2 46–1500 4
T
Destin. Source y
Preamble Data FCS
Address Address p
e
Ethernet Frame
Field Length (Bytes)

7 1 6 6 2 46–1500 4
L
S e
Destin. Source n
Preamble O g
802.2 Header and Data FCS
Address Address
F t
h
IEEE 802.3 Frame

Legend:
Destin. Address = Destination Address
FCS = Frame Check Sequence
SOF = Start-of-Frame Delimiter
In Ethernet terminology, the “container” into which data is placed for transmission is called a
frame. The frame contains header information, trailer information, and the actual data that is
being transmitted.
The figure illustrates all of the fields that are in a MAC layer of the Ethernet frame:
 Preamble: This field consists of seven bytes of alternating 1s and 0s, which are used to
synchronize the signals of the communicating computers.
 Start-of-frame (SOF) delimiter (802.3 only): This field contains bits that signal the
receiving computer that the transmission of the actual frame is about to start and that any
data following is part of the packet.
 Destination address: This field contains the MAC address of the NIC on the local network
to which the packet is being sent.
 Source address: This field contains the MAC address of the NIC of the sending computer.
 EtherType or length: In the Ethernet II standard, this field contains a code that identifies
the network layer protocol. In the 802.3 standard, this field specifies the length of the data
field. Therefore, the protocol information is contained in 802.2 fields, which are at the LLC
layer that is contained in the 802.2 header and data field.
 Data and pad: This field contains the data that is received from the network layer on the
transmitting computer. This data is then sent to the same protocol on the destination
computer. If the data is too short, a string of extraneous bits is used to “pad” the field to its
minimum length of 46 bytes.
 Frame check sequence (FCS): This field includes a checking mechanism to ensure that
the packet of data has been transmitted without corruption.
Ethernet MAC Address
This topic describes how the MAC address is formatted in an Ethernet LAN.
Components of a MAC address:

• 24-bit Organizational Unique Identifier (OUI):
- Identifies the manufacturer of the NIC card
- IEEE regulates the assignment of OUI numbers
- Includes broadcast or multicast bit, and locally-administered address bit
• 24-bit vendor-assigned end station address:
- Uniquely identifies the Ethernet hardware
1 1 22 bits 24 bits
Broadcast
Local
OUI Vendor-Assigned
The address that is on the NIC is the MAC address—often referred to as the burned-in address
(BIA)—and some vendors allow the modification of this address to meet local needs. There are
two components of a 48-bit Ethernet MAC address:
 24-bit Organizationally Unique Identifier (OUI): The OUI identifies the manufacturer of
the NIC card. The IEEE regulates the assignment of OUI numbers. For example, one of the
Cisco cards is assigned an OUI of 0x00-00-0C. Within the OUI, there are 2 bits that have
meaning only when used in the destination address:
— Broadcast or multicast bit: This indicates to the receiving interface that the frame
is destined for all or a group of end stations on the LAN segment.
— Locally Administered Address bit: Normally the combination of OUI and a 24-bit
station address is universally unique. However, if the address is modified locally,
this bit should be set.
 24-bit vendor-assigned end station address: This uniquely identifies the Ethernet
hardware.

• MAC address is expressed as six groups of two hexadecimal digits,
separated by hyphens (-) or colons (:), in transmission order
1 1 22 bits 24 bits
Broadcast
Local
OUI Vendor-Assigned
00:00:0c:43:2e:08
The MAC sublayer of the OSI data link layer manages physical addressing issues, and the
physical address is a number in hexadecimal format that is actually burned into the NIC. This
address is referred to as the MAC address and it is expressed as groups of hexadecimal digits
that are organized in pairs or quads; for example:
00:00:0c:43:2e:08
or
0000:0c43:2e08
Each device on a LAN must have a unique MAC address to participate in the network. The
MAC address identifies the location of a specific computer on a LAN. Unlike other kinds of
addresses that are used in networks, the MAC address should not be changed unless there is
some specific need.
Following is an example of displaying the MAC address, which defaults to the burned-in
address (BIA) on one of the Gigabit Ethernet interfaces on a Cisco switch, where
e8ba.70b5.6401 is the burned-in MAC address for that interface:
SW1#show interface gi0/1
GigabitEthernet0/1 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is e8ba.70b5.6401 (bia
e8ba.70b5.6401)
Summary
• A LAN is a network that is located in a limited area.

• The components of a LAN are computers, interconnections, network
devices, and protocols.
• A LAN provides network users with communication and resource-
sharing functions.
• A LAN can be of various sizes to fit different requirements.
• Ethernet was originally developed in the 1970s by Digital Equipment
Corp. (DEC), Intel, and Xerox, and was called DIX Ethernet.
• Ethernet LAN standards specify cabling and signaling at both physical
and data link layers of the OSI model.
• Ethernet LANs manage the signals on a network by CSMA/CD, which is
an important aspect of Ethernet.
• The Ethernet frame contains header information, trailer information, and
the actual data.
• The MAC address is a 48-bit number usually represented in
hexadecimal format.

Lesson 2
Connecting to an Ethernet
LAN
Overview
In addition to understanding the components of an Ethernet LAN and the standards that govern
its architecture, it is also important to understand the connection components of an Ethernet
LAN. This lesson describes the connection components of an Ethernet LAN, including network
interface cards (NICs), copper and fiber-optic cables, and connectors.
Objectives
Upon completing this lesson, you will be able to list the types and functions of the connection
components of an Ethernet LAN. This ability includes being able to meet these objectives:
 Define the types of Ethernet LAN connection media and list the connection requirements
for an Ethernet LAN
 Describe the function of the network interface card (NIC) in an Ethernet LAN
 Describe the various Ethernet implementations and the associated specifications
 List the characteristics of straight-through and crossover twisted-pair cables, and explain
the appropriate uses for each
 Describe the standards for running Ethernet over unshielded twisted pair wiring
 Describe the RJ-45 connector used in Ethernet UTP installations
 Describe the wiring standards and uses for straight-through Ethernet cables
 Describe the wiring standards and uses for crossover Ethernet cables
 Compare straight-through and crossover Ethernet cables
 Describe fiber as a connection media
 Describe how fiber-optic cables are constructed
 Describe multimode and single-mode fiber
 Describe the function and specifications for optical transmitters
 Describe the various connector types used to terminate fiber-optic cables
 Describe how to maintain fiber-optic connectors
 Describe dense wavelength-division multiplexing
Ethernet on Layer 1
This topic defines the types of Ethernet LAN connection media and lists the connection
requirements for an Ethernet LAN.
• The mechanical properties for Ethernet depend on the type of physical

medium:
- Coaxial (not used anymore)
- Copper
- Fiber optic
• Ethernet was originally based on the idea of computers communicating
over a shared coaxial cable, sharing files and applications.
© 2012 Cisco and/or its affiliates. All rights reserved. SPGN1 v1.01—2-3
The mechanical properties for Ethernet depend on the type of physical medium, with coaxial,
copper, fiber, and wireless media available. Although wireless is increasing in popularity for
desktop connectivity, copper and fiber are the most popular physical layer media used for
connecting network deployments.
Ethernet was originally based on the idea of computers communicating over a shared coaxial
cable acting as a broadcast transmission medium. Originally, shared Ethernet coaxial cable (the
shared medium) traversed a building or campus to connect to every attached machine. A
scheme that is known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
governed the way that the computers shared the channel.
Through the first half of the 1980s, the 10BASE5 implementation of an Ethernet used a coaxial
cable that was 9.5 mm (0.374 inches) in diameter, called “thick Ethernet” or “thicknet.” Its
successor, 10BASE2, also called “thin Ethernet” or “thinnet,” used a cable similar to cable
television cable of the era. The emphasis was on making installation of the cable easier and less
costly. Modifying Ethernet to conform to twisted-pair telephone wiring already installed in
commercial buildings provided another opportunity to lower costs, expand the installed base,
and leverage building design. Thus, twisted-pair Ethernet was the next logical development in
the mid-1980s, beginning with StarLAN. Unshielded twisted-pair (UTP)-based Ethernet cable
became widely deployed with the 10BASE-T standard. This system replaced the coaxial cable
systems with a system of full-duplex switches linked via UTP.
• Modifying Ethernet to conform to
twisted pair telephone wiring
already installed in commercial
buildings provided opportunity to
lower costs.
• Unshielded twisted-pair (UTP)-
based Ethernet, which uses
copper, became widely deployed
since the 10BASE-T standard.
• Fiber-optic variants of Ethernet
offer high performance, electrical
isolation, and wide distance (tens
of kilometers, with some versions).
With the advent of the 10BASE-T standard in 1990, Ethernet switches supplemented the half-
duplex CSMA/CD scheme with a full-duplex system offering higher performance at a lower
cost than routers. With the arrival of 100BASE-T, Ethernet switches capable of mixed-speed
and mixed-duplex operation were built.
The Ethernet physical layer evolved over a considerable time span and encompasses several
physical media interfaces and magnitudes of speed. Fiber-optic variants of Ethernet offer high
performance, electrical isolation, and distance (tens of kilometers with some versions). In
general, network protocol stack software will work similarly on all varieties.

Network Interface Card
This topic describes the function of the network interface card (NIC) in an Ethernet LAN.
• Computer hardware component

that connects a computer to a
network
• NIC is plugged into a
motherboard and provides a port
for connecting to the network PCs
• Unique MAC address is burned
onto each NIC by the
manufacturer
• NIC is a device working on:
- OSI Layer 1 (physical)
- OSI Layer 2 (data link)
A network interface card (NIC) (also known as a network interface controller, network adapter,
LAN adapter, and similar terms) is a computer hardware component that connects a computer
to a computer network. NIC plugs into a motherboard and provides a port for connecting to the
network. NIC constitutes the computer interface with the LAN.
NIC communicates with the network through a serial connection and with the computer
through a parallel connection. When a NIC is installed in a computer, it requires an interrupt
request line (IRQ), an I/O address, a memory space within the operating system, and driver
software that allow it to perform its function. An IRQ is a signal that informs a CPU that an
event needing its attention has occurred. An IRQ is sent over a hardware line to the
microprocessor. An example of an interrupt request being issued is when a key is pressed on a
keyboard, and the CPU must move the character from the keyboard to RAM. An I/O address is
a location in memory that is used by an auxiliary device to enter data into or retrieve data from
a computer.
The MAC address is burned onto each NIC by the manufacturer, providing a unique physical
network address. It is both an OSI Layer 1 (physical layer) and Layer 2 (data link layer) device
because it provides physical access to a networking medium and provides a low-level
addressing system by using MAC addresses.
Ethernet Media
This topic describes the various Ethernet implementations and the associated specifications.
• 40 Gb/s and 100 Gb/s Ethernet standardized in June 2010 as IEEE

802.3ba, with one addition in March 2011 as IEEE 802.3bg
Ethernet Media Maximum Segment Length Connector

Implementation
100BASE-TX EIA/TIA Category 5 UTP 2 pair 100 m (328 ft) ISO 8877 (RJ-45)
1000BASE-T EIA/TIA Category 5 UTP 4 pair 100 m (328 ft) ISO 8877 (RJ-45)
1000BASE-SX • 62.5-micron multimode fiber • 275 m (900 ft) N/A

• 50-micron multimode fiber • 550 m (1800 ft)
1000BASE-LX 9-micron single-mode fiber 3–10 km (1.9–6.2 miles) N/A
10GBASE-SR • 62.5-micron multimode fiber • 26–82 m (85–270 ft) N/A

• 50-micron multimode fiber • 300 m (980 ft)
10GBASE-LR 9-micron single-mode fiber 10–25 km (6.2–15.5 miles) N/A
40GBASE single-mode fiber 10 km (6.2 miles) N/A
100GBASE multimode fiber 40 km (24.8 miles) N/A
The cable and connector specifications that are used to support Ethernet implementations are
derived from the EIA/TIA standards body. The categories of cabling that are defined for
Ethernet are derived from the EIA/TIA-568 (SP-2840) Commercial Building
Telecommunications Wiring Standards. EIA/TIA specifies an RJ-45 connector for UTP cable.
The table in the figure compares the cable and connector specifications for some of the more
popular Ethernet implementations. The speed ranges from 1 Mb/s to 100 Gb/s, and the physical
medium can range from bulky coaxial cable to twisted pair to optical fiber.
10 Gigabit Ethernet is becoming more popular in both enterprise and carrier networks, with 40-
Gb/s and 100-Gb/s Ethernet ratified. 40-Gb/s and 100-Gb/s speeds were standardized in June
2010 as IEEE 802.3ba, with one addition in March 2011 as IEEE 802.3bg.
The following describes how to interpret the letters following the term “100BASE”
(100BASE-XX):
 The first letter is the type of wire:
— "T" means twisted-pair cable (for example, the common Category 5 in use today).
— "S" means short-range multimode optical cable (less than 100 m [328 feet]).
— "L" means long-range, single-mode or multimode optical cable (100 m [328 feet] to
10 km [6.2 miles]).
— "E" means extended-range optical cable (10 to 40 km [6.2 to 24.9 miles]).
— "Z" means long-range single-mode cable at a higher wavelength.
 The second letter is the coding scheme:
— "X" means 4B/5B block coding for Fast Ethernet or 8B/10B block coding for
Gigabit Ethernet.
— "R" means 64B/66B block coding.

Copper Ethernet
This topic lists the characteristics of straight-through and crossover twisted-pair cables, and
explains the appropriate uses for each.
Characteristic Value
Speed and throughput From 10 Mb/s to 10 Gb/s
Average cost per node Least expensive
Media and connector size Small
Maximum cable length Varies
Ethernet over twisted-pair technology uses twisted-pair cables for the physical layer of an
Ethernet computer network. Twisted-pair cabling is a type of wiring in which two conductors
(the forward and return conductors of a single circuit) are twisted together for the purposes of
canceling EMI from external sources (for example, electromagnetic radiation from UTP cables,
and crosstalk between neighboring pairs).
A UTP cable is a four-pair wire. Each of the eight individual copper wires in a UTP cable is
covered by an insulating material. In addition, the wires in each pair are twisted around each
other. The advantage of a UTP cable is its ability to cancel interference, because the twisted-
wire pairs limit signal degradation from EMI and radio frequency interference (RFI). To further
reduce crosstalk between the pairs in a UTP cable, the number of twists in the wire pairs varies.
Both UTP and shielded twisted-pair (STP) cables must follow precise specifications regarding
how many twists or braids are permitted per meter.
A UTP cable is used in various types of networks. When used as a networking medium, a UTP
cable has four pairs of either 22- or 24-gauge copper wire. A UTP used as a networking
medium has an impedance of 100 ohms, differentiating it from other types of twisted-pair
wiring, such as that used for telephone wiring. Because a UTP cable has an external diameter of
approximately 0.43 cm (0.17 inches), its small size can be advantageous during installation.
The categories of UTP cable are as follows:
 Category 1: Used for telephone communications—not suitable for transmitting data
 Category 2: Capable of transmitting data at speeds of up to 4 Mb/s
 Category 3: Used in 10BASE-T networks—can transmit data at speeds up to 10 Mb/s
 Category 4: Used in Token Ring networks—can transmit data at speeds up to 16 Mb/s
 Category 5: Capable of transmitting data at speeds up to 100 Mb/s
 Category 5e: Used in networks running at speeds up to 1000 Mb/s (1 Gb/s)
 Category 6: Consists of four pairs of 24-gauge copper wires, which can transmit data at
speeds of up to 1 Gb/s
 Category 6a: Used in networks running at speeds up to 10 Gb/s

Copper Ethernet Media Requirements
This topic describes the standards for running Ethernet over unshielded twisted pair wiring.
Ethernet Media Maximum Segment Length Signaling

Implementation
10BASE-T EIA/TIA Category 3, 4, 5 100 m (328 ft) Manchester coded
UTP 2 pair
100BASE-TX EIA/TIA Category 5 UTP 2 pair 100 m (328 ft) 4B5B MLT-3 coded
1000BASE-T EIA/TIA Category 5, 5e UTP 4 100 m (328 ft) PAM-5 coded

pair
10GBASE-T EIA/TIA Category 5, 5e UTP 4 100 m (328 ft) DSQ128
pair
Twisted-pair standards are 10BASE-T, 100BASE-TX, 1000BASE-T, and 10GBASE-T running

at 10 Mb/s, 100 Mb/s, 1 Gb/s, and 10 Gb/s, respectively. These four standards all use eight-
position modular connectors, usually called RJ-45 in this context. Higher-speed
implementations nearly always support the lower speeds as well, so in most cases different
generations of equipment can be freely mixed. This capability is designated 10/100 for
connections that support up to 100 Mb/s or 10/100/1000 for connections that support speeds up
to 1000 Mb/s (1 Gb/s). The cables usually have four pairs of wires (though 10BASE-T and
100BASE-TX only require two of the pairs). Each of the four standards supports both full-
duplex and half-duplex communication.
10BASE-T and 100BASE-TX only require two pairs to operate, located on pins 1 plus 2 and
pins 3 plus 6. Moreover, 1000BASE-T requires all four pairs to operate, pins 1 plus 2, 3 plus 6,
4 plus 5, and 7 plus 8.
A 10BASE-T transmitter sends two differential voltages: +2.5 V and −2.5 V.
A 100BASE-TX transmitter follows the same wiring patterns as 10BASE-T but is more
sensitive to wire quality and length, due to the higher bit rates. A 100BASE-TX transmitter
sends three differential voltages: +1 V, 0 V, and −1 V.
A 1000BASE-T transmitter uses all four pairs bidirectionally. The standard on copper twisted-
pair is IEEE 802.3ab for Category 5e UTP, or 4D-PAM5—four dimensions using pulse
amplitude modulation (PAM) with five voltages: −2 V, −1 V, 0 V, +1 V, and +2 V. While +2 V
to −2 V voltage may appear at the pins of the line driver, the voltage on the cable is nominally
+1 V, +0.5 V, 0 V, −0.5 V, and −1 V.
10GBASE-T, or IEEE 802.3an-2006, is a standard released in 2006 to provide 10-Gb/s
connections over UTP or STP cables, over distances up to 100 m (328 feet). 10GBASE-T cable
infrastructure can also be used for 1000BASE-T, allowing a gradual upgrade from 1000BASE-
T using autonegotiation to select which speed to use.
Category 6 features more stringent specifications for crosstalk and system noise. The cable
standard provides performance of up to 250 MHz and is suitable for 10BASE-T, 100BASE-TX
(Fast Ethernet), 1000BASE-T/1000BASE-TX (Gigabit Ethernet), and 10GBASE-T (10 Gigabit
Ethernet). Category 6 cable has a reduced maximum length when used for 10GBASE-T.
Category 6a cable, or Augmented Category 6, is characterized to 500 MHz and has improved
alien crosstalk characteristics, allowing 10GBASE-T to be run for the same distance as
previous protocols.

RJ-45 Connector
This topic describes the RJ-45 connector used in Ethernet UTP installations.
RJ-45 was originally a telephone-only standard. It is one of the many registered jacks, like RJ-
11, another telephone standard. As a registered jack, telephone RJ-45 specifies the physical
male and female connectors as well as the pin assignments of the wires in a telephone cable.
The original RJ-45 uses a special keyed 8P2C modular connector, with pins 5 and 4 wired for
tip and ring of a single telephone line and pins 7 and 8 connected to a programming resistor. It
is meant to be used with a high-speed modem and it is obsolete today.
Telephone installers who wired telephone RJ-45 jacks were familiar with the pin assignment
that was part of the RJ-45 standard. However, near-identical physical connectors for computer
networking became popular, and they informally inherited the name RJ-45 due to the
overwhelming similarity to the telephone standard. While telephone RJ-45 uses a “keyed”
variety of the 8P body, meaning that it may have an extra tab that a computer RJ-45 connector
is unable to mate with, the visual difference from an Ethernet 8P is subtle.
The only other difference is the presence of extra conductors in the cable, which cannot be seen
without very close inspection. True telephone RJ-45 connectors are a special variant of 8P2C,
meaning only that the middle two positions have conductors in them, while pins 7 and 8 are
shorting a programming resistor. Computer RJ-45 is 8P8C, with all eight conductors present.
Understandably, because telephone RJ-45 8P connectors never saw wide usage and computer
8P connectors are quite well known today, RJ-45 is used almost exclusively to refer to
Ethernet-type computer connectors. Electronics catalogs that are not specialized to the
telephone industry advertise 8P8C modular connectors as “RJ-45.” Virtually all electronic
equipment that uses an 8P8C connector (or possibly any 8P connector at all) will document it
as an “RJ-45” connector. In common usage, RJ-45 also refers to the pin assignments for the
attached cable, which are actually defined in the wiring standard EIA/TIA-568-B.
If you look at the RJ-45 transparent-end connector, you can see eight colored wires, twisted
into four pairs. Four of the wires (two pairs) carry the positive or true voltage and are
considered “tip” (T1 through T4); the other four wires carry the inverse of false voltage
grounded and are called “ring” (R1 through R4). Tip and ring are terms that originated in the
early days of the telephone. Today, these terms refer to the positive and negative wires in a
pair. The wires in the first pair in a cable or a connector are designated as T1 and R1, the
second pair as T2 and R2, and so on.
The RJ-45 plug is the male component, crimped at the end of the cable. As you look at the male
connector from the front, as shown in the figure, the pin locations are numbered from 8 on the
left to 1 on the right.
The jack is the female component in a network device, wall, cubicle partition outlet, or patch
panel. As you look at the female connector from the front, as shown in the figure, the pin
locations are numbered from 1 on the left to 8 on the right.

Straight-Through Ethernet Cables
This topic describes the wiring standards and uses for straight-through Ethernet cables.
8 Brown 8
Server
White Brown
Orange
White Blue
Straight-through cable Blue
White Orange
Switch Green
Router 1 White Green 1
10BASE-T and 100BASE-TX 1000BASE-T

Pin Label Pin Label Pin Label Pin Label
1 TX+ 1 TX+ 1 BI_DA+ 1 BI_DA+
2 TX- 2 TX- 2 BI_DA- 2 BI_DA-
3 RX+ 3 RX+ 3 BI_DB+ 3 BI_DB+
4 NC 4 NC 4 BI_DC+ 4 BI_DC+
5 NC 5 NC 5 BI_DC- 5 BI_DC-
6 RX- 6 RX- 6 BI_DB- 6 BI_DB-
7 NC 7 NC 7 BI_DD+ 7 BI_DD+
8 NC 8 NC 8 BI_DD- 8 BI_DD-
In addition to identifying the correct EIA/TIA category of cable to use for a connecting device
(depending on which standard is being used by the jack on the network device), you will need
to determine which of the following to use:
 A straight-through cable
 A crossover cable
Twisted-pair Ethernet standards are such that the majority of cables can be wired straight-
through (pin 1 to pin 1, pin 2 to pin 2, and so on), but others may need to be wired in the
crossover form (receive to transmit and transmit to receive). In a straight-through cable, the RJ-
45 connectors on both ends of the cable show all the wires in the same order. If the two RJ-45
ends of a cable are held side-by-side in the same orientation, the colored wires (or strips or
pins) will be seen at each connector end. If the order of the colored wires is the same at each
end, the cable type is straight-through.
It is conventional to wire cables for 10 Mb/s or 100 Mb/s Ethernet to either the T568A or
T568B standards. These standards differ only in that they swap the positions of the two pairs
that are used for transmitting (TX) and receiving (RX). A cable with T568A wiring at one end
and T568B wiring at the other end is referred to as a crossover cable.
Straight-Through Cable for 10BASE-T and 100BASE-T
10BASE-T and 100BASE-TX only require two pairs to operate, located on pins 1 plus 2 and
pins 3 plus 6. A 10BASE-T or 100BASE-TX node, such as a PC, transmits on pin 1 and 2 and
receives on pin 3 and 6 to a network device using a straight-through cable.
Straight-Through Cable for 10BASE-T and 100BASE-T
Server Server or Host
Pin Number Color Function Pin Number Color Function
1 White/Green TX+ 1 White/Green TX+
2 Green TX- 2 Green TX-
3 White/Orange RX+ 3 White/Orange RX+
6 Orange RX- 6 Orange RX-
Straight-Through Cable for 1000BASE-T

1000BASE-T requires all four pairs to operate, pins 1 and 2, 3 and 6, 4 and 5, and 7 and 8.
Straight-Through Cable for 1000BASE-T
1 White/Green BI_DA+ 1 White/Green BI_DA+
2 Green BI_DA- 2 Green BI_DA-
3 White/Orange BI_DB+ 3 White/Orange BI_DB+
4 Blue BI_DC+ 4 Blue BI_DC+
5 White/Blue BI_DC- 5 White/Blue BI_DC-
6 Orange BI_DB- 6 Orange BI_DB-
7 White/Brown BI_DD+ 7 White/Brown BI_DD+
8 Brown BI_DD- 8 Brown BI_DD-

Crossover Ethernet Cables
This topic describes the wiring standards and uses for crossover Ethernet cables.
EIA/TIA T568A EIA/TIA T568B
Crossover cable 8 Brown 8

White Brown
Orange
White Blue
Blue
White Orange
Green
Switch Switch
1 White Green 1
10BASE-T and 100BASE-TX 1000BASE-T

Pin Label Pin Label Pin Label Pin Label
1 TX+ 3 RX+ 1 BI_DA+ 3 BI_DB+
2 TX- 6 RX- 2 BI_DA- 6 BI_DB-
3 RX+ 1 TX+ 3 BI_DB+ 1 BI_DA+
4 NC 4 NC 4 BI_DC+ 7 BI_DD+
5 NC 5 NC 5 BI_DC- 8 BI_DD-
6 RX- 2 TX- 6 BI_DB- 2 BI_DA-
7 NC 7 NC 7 BI_DD+ 4 BI_DC+
8 NC 8 NC 8 BI_DD- 5 BI_DC-
An Ethernet crossover cable is a type of Ethernet cable used to connect computing devices
together directly where they would normally be connected via a network switch or router, such
as directly connecting two PCs via their network interface controllers. With crossover cables,
the RJ-45 connectors on both ends show that some of the wires on one side of the cable are
crossed to a different pin on the other side of the cable.
In practice, it does not matter if non-crossover Ethernet cables are wired as T568A or T568B,
as long as both ends follow the same wiring format. Typical commercially available "prewired"
cables can follow either format, depending on the manufacturer. What this means is that the
cables of one manufacturer are wired differently than cables of another manufacturer, yet both
are correct and will work.
Crossover Cable for 10BASE-T and 100BASE-T

Specifically, for Ethernet, pin 1 at one RJ-45 end should be connected to pin 3 at the other end.
Pin 2 at one end should be connected to pin 6 at the other end, as shown in the table.
Crossover Cable for 10BASE-T and 100BASE-T
1 White/Green TX+ 3 White/Green RX+
2 Green TX- 6 Green RX-
3 White/Orange RX+ 1 White/Orange TX+
6 Orange RX- 2 Orange TX-
Crossover Cable for 1000BASE-T
1000BASE-T requires all four pairs to operate, pins 1 and 2, 3 and 6, 4 and 5, and 7 and 8.
Crossover Cable for 1000BASE-T
1 White/Green BI_DA+ 3 White/Green BI_DA+
2 Green BI_DA- 6 Green BI_DA-
3 White/Orange BI_DB+ 1 White/Orange BI_DB+
4 Blue BI_DC+ 7 Blue BI_DC+
5 White/Blue BI_DC- 8 White/Blue BI_DC-
6 Orange BI_DB- 2 Orange BI_DB-
7 White/Brown BI_DD+ 4 White/Brown BI_DD+
8 Brown BI_DD- 5 Brown BI_DD-

Straight-Through vs. Crossover Cables
This topic compare straight-through and crossover Ethernet cables.
• Crossover cables needed only in older network installations

• Auto-MDIX automatically detects the required cable connection
Straight-Through Cable Crossover Cable
The figure shows the guidelines for choosing which type of cable to use when interconnecting
Cisco devices. In addition to verifying the category specification on the cable, you must
determine when to use a straight-through versus a crossover cable.
Use straight-through cables for the following cabling:
 Switch to router
 Switch to PC or server
Use crossover cables for the following cabling:

 Switch to switch
 Router to router
 Router Ethernet port to PC NIC
 PC to PC
Owing to the inclusion of automatic medium dependent interface/medium dependent interface

crossover (MDI/MDIX) configuration capability in most modern Ethernet equipment, use of
crossover cables is typically only necessary in older network installations. Auto-MDIX
automatically detects the required cable connection type and configures the connection
appropriately, removing the need for crossover cables to interconnect switches or connecting
PCs peer-to-peer. As long as it is enabled on either end of a link, either type of cable can be
used.
Ethernet Fiber Connection
This topic describes fiber as a connection media.
• Dopant particles are evenly distributed all through the core of the fiber.
Core
9 125 250
Cladding
Buffer (or Coating)

Dimensions are in microns (10–6 meters)
An optical fiber is a flexible, transparent fiber made of very pure glass (silica) not much bigger
than a human hair that acts as a waveguide, or “light pipe,” to transmit light between the two
ends of the fiber. Optical fibers are widely used in fiber-optic communications, which permits
transmission over longer distances and at higher bandwidths (data rates) than other forms of
communication. Fibers are used instead of metal wires because signals travel along them with
less loss and are also immune to EMI.
The two fundamental components that allow a fiber to confine light are the core and the
cladding. Most of the light travels from the beginning to the end inside the core. The cladding is
around the core to provide the confinement. The diameters of the core and cladding are shown
in the figure, but the core diameter may vary for different fiber types. In this case, the core
diameter of 9 microns is very small considering the diameter of a human hair, which is about
50 microns. The outer diameter of the cladding is a standard size of 125 microns. The size must
be standard because of a connector, which enables component manufacturers to make
connectors for all fiber-optic cables.
The third element in this picture is the buffer (coating). The buffer has nothing to do with the
confinement of the light in the fiber. Its purpose is to protect the glass from scratches and
moisture. The fiber-optic cable can be scratched or easily broken, like a glass pane. If the fiber
is scratched, the scratch could propagate and leave the fiber in two pieces. Another important
aspect of fiber is the need to keep it dry.

• Light should be reflected in such way to stay inside the optical fiber
(multiple paths may be possible)
• Refraction: Light leaks out of fiber core (not good)
• Reflection: Light remains in fiber core (good)
Light goes through the core of the optical fiber. Two photons can occupy the same space,
which means that light paths might be crossed. The same explanation is used when describing
how multiple wavelengths can be inside the same fiber at the same time.
As the light is reflected from the edge between two different materials, it is important to keep it
inside the core. This can be done by selecting the correct material for the core and cladding.
The phenomenon that needs to occur for the light to be confined within the core is reflection.
Reflection is a light ray bouncing off the interface of two materials, while refraction is the
bending of the light ray going from one material to another. Light in the core will remain in the
core by being reflected as it travels left to right in the picture. On the other hand, light that
strikes the cladding at a different angle will undergo refraction, where the light exits the core
and proceeds into the cladding. Refraction is harmful for optical communications. Light that is
lost into the cladding cannot be used for intelligent communications. When refraction occurs,
light is lost from the fiber.
Fiber Optic Materials
This topic describes how fiber-optic cables are constructed.
• Fiber core and cladding are made of silica.

• Light is confined in the core because of the properties of glass.
• The properties are controlled by selectively adding various elements.
• The buffer (or coating) is usually plastic or Kevlar to protect the fiber.
The core and the cladding are made of solid glass. The only difference between the core and the
cladding is the way that the glass was made. The glass in the core and the cladding has different
impurities added to change the speed of light in the glass. These speed differences are what
confine the light to the core.
The buffer needs to be tough. Many people think that fiber can be handled like wire. The buffer
is thought of as insulation, like insulation on wire. It is not insulation. As mentioned, the buffer
has nothing to do with the confinement of the light in the fiber, but protects the glass from
scratches and the effects of the environment.
Fiber core and cladding are made of silica, which is SiO2 or silicon dioxide.

Fiber Types
This topic describes multimode and single-mode fiber.
• Multimode Fiber (MMF): Multimode Fiber (MMF)

- Core diameter varies:
n2 Cladding
• 50 microns for step index
• 62.5 microns for graded index
- Cladding diameter is 125 microns n1 Core
- Bit rate-distance product is more
than 500 MHz-km
- Allows many paths (“modes”) for
the light—LED transmitter Single-Mode Fiber (SMF)
• Single-Mode Fiber (SMF):
- Core diameter is 9 microns n2 Cladding
- Cladding diameter is 125 microns
- Bit rate-distance product is more n1 Core
than 100 THz-km
- Allows only one single path for
the light—laser transmitter
The most significant difference between single-mode fiber (SMF) and multimode fiber (MMF)
is in the ability of the fiber to send light over long distances at high bit rates. In general, MMF
is used for shorter distances at a lower bit rate than SMF. For long-distance communications,
SMF is preferred. There are many variations of fiber for both MMF and SMF.
The most significant physical difference is in the size of the core. The glass in the two fibers is
the same and the index of refraction change is similar. Core diameter can make a major
difference. The diameter of fiber cladding is universal for matching fiber ends.
The effect of having different-sized cores in fiber is that the two fiber types will support
different ways for the light to get through the fiber. In the figure, the top image illustrates
MMF. MMF supports multiple ways for the light from one source to travel through the fiber.
This is the reason for the name “multimode.” Each path can be thought of as a mode.
For SMF, the possible ways for light to get through the fiber have been reduced to one, which
is the reason that SMF is named “single-mode.”
The table summarizes MMF and SMF characteristics.
MMF and SMF Characteristics
MMF Characteristics SMF Characteristics
LED transmitter is usually used Laser transmitter is usually used
Lower bandwidth and speed Higher bandwidth and speed
Shorter distances Longer distances
Less expensive More expensive
Optical Transmitters
This topic describes the function and specifications for optical transmitters.
• Turn electrical current into light

• Common light sources for fiber communications are LEDs and lasers
LEDs Lasers
Primarily short reach over MMF in the Primarily intermediate and long reach
850 nm and 1310 nm range over both MMF and SMF in the 1310 nm
and 1550 nm range
Lower power (-25 to -20 dBm) Higher power (-3 to +8 dBm)
Wide spectral width (35 to 100 nm) Narrow spectral width (0.01 to 6 nm)
Lower cost Higher cost
There are basically two alternatives for producing light to be sent in a fiber—LEDs and lasers.
Both LEDs and lasers are made using integrated circuit techniques of material growth and
selective material removal with subsequent regrowth. The main difference between these two
devices and the microprocessor in your computer is the material that is used. The material used
for a microprocessor is silicon. For fiber-optic devices, the material is a combination of gallium
and arsenic, which are elements in the periodic table. By combining these materials, light can
be induced. Silicon has a more difficult time in emitting light because of the way that nature
“engineered” the material.
Differences between LEDs and laser devices are in the way that the various layers of material
are grown and the selective way that material is removed. More steps are needed to make lasers
than LEDs, which is one reason that lasers cost more than LEDs.
Infrared (IR) LEDs are one of the possible types of optical transmitters. LEDs are low-speed,
low-energy, and low-cost light emitters. Low energy means lower distances. Laser emitters are
used for longer distances. LEDs are typically used with MMF. Manufacturers are producing
two main types of LEDs:
 SLEDs (surface-emitting LEDs): SLEDs are difficult to focus but they are inexpensive.
 ELEDs (edge-emitting LEDs): ELEDs are easier to focus, faster, and more expensive.
Laser emitters are the second choice to implement optical transmitters. Sometimes they are
called Injection Laser Diodes (ILDs), as they are emitting the light as LEDs but the injected
beam is narrow.

Laser emitters are typically used with SMF. They have narrow beam and are well-focused. The
speeds are faster, as well as the energy that gives the systems longer distance. Emitters with
these parameters are more expensive.
Various technologies are available:
 FP (Fabry-Perot) laser
 DFB (distributed feedback) laser
 VCSEL (vertical cavity surface emitting laser)
Fiber Connector Types
This topic describes the various connector types used to terminate fiber-optic cables.
• About 70 different connector types

in use
• Threaded, bayonet, or push-pull
• Metal or plastic sleeve
• Simplex connectors:
- ST—Typical for patch panels
(durability)
- SC—Typical for enterprise equipment
- FC—Typical for telco equipment
An optical fiber connector terminates the end of an optical fiber. A variety of optical fiber
connectors are available. The main differences among types of connectors are dimensions and
methods of mechanical coupling. Generally, organizations will standardize on one type of
connector, depending on what equipment or type of fiber that they commonly use.
Organizations often use one connector for multimode fiber and one connector for single-mode
fiber. There are about 70 different connector types now in use.
Based on the way to connect, there are three different types of connectors:
 Threaded
 Bayonet
 Push-pull
Based on the material used, the connectors consist of one of these materials:
 Metal
 Plastic sleeve
These are the types of simplex connectors:

 ST: Typical for patch panels (durability)
 SC: Typical for enterprise equipment
 FC: Typical for telecommunications equipment

In data communications and telecommunications applications, small form-factor connectors
(for example, LC connectors) and multifiber connectors (for example, Media Termination Point
[MTP] connectors) are replacing the traditional connectors (such as SC connectors), mainly to
pack more connectors on the overcrowded faceplate and thus reduce the footprint of the
systems.
• Swapping between transmit and receive cable is a common cause of

errors in patching.
• Duplex connectors are used to avoid swapping transmit and receive
cables.
For each link in optical systems, two fibers or one span is required. One fiber is connected to
the transmit port and the other one to the receive port. Mistakes sometimes happen when
connecting these fibers. Swapping between transmit and receive cables is a common cause of
errors in patching. One way to avoid this is by using duplex connectors.
The FDDI connector with mechanical keying is widely used.
Volition
• Competing technologies
• No official standard:
- MT-RJ
- Volition
- LC:
• Classical design
MT-RJ
• Like a mini-SC
- Panduit Opti-Jack LC Opti-Jack
- SC-DC and SC-QC
- MU
SC-DC
The use of SFF (small form factor) connectors is not officially a standard solution, but rather a
competing technology. MT-RJ, Volition, LC, Opti-Jack, SC-DC, SC-QC, and MU are some
examples. The MT-RJ duplex connector is a public domain design and is backed by AMP and
Siecor. It is popular because of a similar space factor as classical structured cabling. The
Volition connector has a radical V-groove design and is backed by 3M. It is very inexpensive
and has only 0.03–0.33-dB loss.
The LC connector has a classical design and is backed by Lucent. It looks like a mini-SC
connector but it is half-sized. The Panduit Opti-Jack connector uses a duplex design and is the
easiest to install. The construction makes it also suitable for plastic optical fibers (POFs).
SC-DC and SC-QC connectors were designed with two or four ferrules in an SC sleeve. The
connector was initially backed by IBM. MU connectors are very small and backed by NTT in
Japan.
SFP (small form-factor pluggable) is normally used with SFF connectors on Ethernet line cards
to give flexibility on ports and connectors.

Fiber Connector Maintenance
This topic describes how to maintain fiber-optic connectors.
• Dust particles can be 20 microns or larger.

• A 1-micron dust particle landing on the core of an SMF can cause up to
1 dB of loss.
• Fiber-optic connectors need to be cleaned every time they are mated
and unmated.
• Warning: Do not inspect or clean optical connectors that are emitting
optical power.
• Warning: Optical power can permanently damage eyes or burn skin.
• Note: Maintenance procedures are intended for use by qualified
personnel only.
Dirt is the main cause of problems with connectors. Damage to the fiber or connector by the
installer is the second cause of problems. Dust or dirt particles can be 20 μm or larger. The size
of the dust is significant if you compare the size of the core in SMFs. SMFs have cores 8 to 9
μm in diameter. Dust particles smaller than 1 μm can be suspended almost indefinitely in the
air. A 1-μm dust particle landing on the core of an SMF can cause up to 1 dB of loss.
Fiber-optic connectors, as well as optical fibers, need to be cleaned every time that they are
mated and unmated.
Caution Do not inspect or clean optical connectors that are emitting optical power. Optical power will
permanently damage eyes or burn skin.
Note Cleaning procedures should be done by qualified personnel only.
Dense Wavelength-Division Multiplexing
This topic describes dense wavelength-division multiplexing.
• Optical signals of different wavelengths do not interfere with each other

on the fiber.
• Wavelengths used in DWDM are tightly spaced in the 1550-nm window.
• DWDM takes multiple signals, each of which is assigned a distinct
wavelength (channel), and injects them onto a single fiber.
Dense wavelength-division multiplexing (DWDM) is a method of passively combining

multiple wavelengths by color. Equipment that combines only a few such wavelengths is
known as wavelength-division multiplexing (WDM) or coarse wavelength-division
multiplexing (CWDM). The most widely used transponders, however, use tens or hundreds of
channels in tightly spaced grids, thus the name DWDM.
DWDM is an optical technology that is used to increase bandwidth over existing fiber-optic
backbones as optical signals of different wavelengths do not interfere with each other on the
fiber. Wavelengths that are used in DWDM systems are tightly spaced in the 1550-nm window.
In DWDM networks, several higher-speed signals can be combined in one single output fiber.
Each of these signals is assigned a distinct wavelength (channel) before being injected onto a
single fiber. The device that is used for combining all incoming wavelengths together is called
a filter or multiplexer. A similar device is then needed on the other side to separate all
wavelengths from the composite signal.
DWDM functions typically used to be carried out in dedicated optical equipment such as
transponders, capable of operating the wavelength conversion from, for example, a
“traditional” 1310-nm laser to a DWDM channel with very tight control over the wavelength
stability.
IP over DWDM (IPoDWDM) is the Cisco paradigm to design cost-effective, converged,
scalable optical networks that are based on Cisco high-end routers and switches with 10-
Gigabit Ethernet ports equipped with a tunable DWDM interface.

Summary
• The mechanical properties for Ethernet depend on the type of physical

medium, with coaxial, copper, fiber, and wireless media available.
• NIC plugs into a motherboard and provides a port for connecting to the
network.
• The speed of Ethernet ranges from 1 Mb/s to 100 Gb/s, and the physical
medium can range from bulky coaxial cable to twisted pair to optical
fiber.
• Ethernet over twisted-pair technology uses twisted-pair cables for the
physical layer.
• Twisted-pair standards are 10BASE-T, 100BASE-TX, 1000BASE-T, and
10GBASE-T.
• RJ-45 was originally a telephone-only standard.
• Use a straight-through cable for connecting a switch to a router.
• Use a crossover cable for connecting a switch to another switch.
• Auto-MDIX automatically detects the required cable connection type and

configures the connection appropriately.
• The two fundamental components that allow a fiber to confine light are
the core and the cladding.
• The core and the cladding are made of solid glass.
• Two types of fiber optics exist: multimode and single-mode.
• There are two options to produce light for a fiber: a LED and a laser.
• A variety of optical fiber connectors are available.
• Fiber-optic connectors, as well as optical fibers, need to be cleaned
every time that they are mated and unmated.
• DWDM is an optical technology that is used to increase bandwidth over
existing fiber-optic backbones by multiplexing multiple wavelength.
Lesson 3
Using Switched LAN

Technology
Overview
LANs are a relatively low-cost means of sharing expensive resources. LANs allow multiple
users in a relatively small geographic area to exchange files and messages and to access shared
resources such as file servers. LANs have rapidly evolved into support systems that are critical
to communications within an organization. This lesson describes the challenges that shared
LANs face as they confront the increasing need for bandwidth and speed to satisfy the needs of
multiple users. The addition of bridges and switches to networks can provide a means to
maximize the speed and efficiency of LANs by reducing congestion and increasing bandwidth.
This lesson describes how LAN switching technology contributes to the efficiency of a LAN.
Objectives
Upon completing this lesson, you will be able to describe switched LAN technology solutions
to Ethernet networking issues. This ability includes being able to meet these objectives:
 Define Ethernet LAN segments and their distance limitations
 Describe how a hub can be used to extend Ethernet LAN segments
 List the characteristics and functions of a hub in an Ethernet LAN
 Describe and compares collision domains and broadcast domains
 Identify the typical causes of network congestion on an Ethernet LAN, describe how a
bridge or switch alleviates network congestion
 Describe the purpose and operation of Ethernet bridges
 Describe the purpose and operation of Ethernet switches
 Describe the features of modern Ethernet switches
 Describe how a modern Ethernet switch forwards packets
 Describe the purpose of microsegmentation in an Ethernet LAN
 Describe how modern Ethernet LANs are designed
Ethernet Limitations
This topic describes Ethernet LAN segments and their distance limitations.
• Signals degrade with transmission distance.

• Each Ethernet type has a maximum segment length.
A segment is a network connection that is made by a single unbroken network cable. Ethernet
cables and segments can span only a limited physical distance, beyond which transmissions
become degraded because of line noise, reduced signal strength, and failure to follow the
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) specifications for
collision detection. Cable type, data rate, and modulation technique affect the maximum
segment length.
Any device that operates at Layer 1 of the Open Systems Interconnection (OSI) model will not
terminate the Ethernet segment of the LAN, because Layer 1 devices only repeat the electrical
signals.
Each type of Ethernet specification has a defined set of cable type, data rate, and modulation
technique, which in turn define a maximum segment length, as shown in the table.
Here are guidelines, using 10BASE-T (Ethernet over twisted pair) as an example:
 The 10 refers to the speed supported, in this case 10 Mb/s.
 Base means that it is baseband Ethernet.
 The T means twisted-pair, Category 5 or above.
 FL means over fiber-optic cable.
Ethernet Segment Distance Limitations
Ethernet Description Segment Length
Specification
100BASE-TX 100-Mb/s Ethernet over twisted 100 m (308 ft)

pair
100BASE-FX Fast Ethernet over fiber-optic 400 m (1312 ft)

cable
1000BASE-T Gigabit Ethernet over twisted pair 100 m (308 ft)
1000BASE-LX Gigabit Ethernet over fiber-optic 550 m (1804 ft) if 62.5-micron (µ or 50-µ
cable multimode fiber; 10 km (6.2 miles) if 10-µ
single-mode fiber); 3 to 10 km (1.9 to 6.2
miles) if 9-µ single-mode fiber is used
1000BASE-SX Gigabit Ethernet over fiber-optic 275 m (902 ft) if 62.5-µ multimode fiber;
cable 550 m (1804 ft) if 50-µ multimode fiber
10GBASE-SR 10 Gigabit Ethernet over fiber- 26 to 82 m (85 to 269 ft) if 62.5-µ

optic cable multimode fiber; 300 m (984 ft) if 50-µ
multimode fiber
10GBASE-LR 10 Gigabit Ethernet over fiber- 3 to 10 km (1.9 to 6.2 miles) (9-µ single-
optic cable mode fiber)

Extending Ethernet LAN Segments
This topic describes how a hub can be used to extend Ethernet LAN segments.
• Shares bandwidth
• Extends cable distances
• Repeats or amplifies signal
• Number of repeaters/hubs is limited
A repeater is a physical-layer device that takes a signal from a device on the network and acts
as an amplifier. Adding repeaters to a network extends the segments of the network so that data
can be communicated successfully over longer distances. There are, however, limits on the
number of repeaters that can be added to a network.
A hub, which also operates at the physical layer, is similar to a repeater. When a hub receives a
transmission signal, it amplifies the signal and retransmits it. Unlike a repeater, however, a hub
can have multiple ports to connect to a number of network devices. Therefore, a hub
retransmits the signal to every port to which a workstation or server is connected. Hubs do not
read any of the data passing through them and they are not aware of the source or destination of
the frame. Essentially, a hub simply receives incoming bits, amplifies the electrical signal, and
transmits these bits through all of its ports to the other devices on the network.
A hub extends, but does not terminate, an Ethernet LAN. The bandwidth limitation of a shared
technology remains. Although each device has its own cable that connects into the hub, all
users of a given Ethernet segment compete for the same amount of bandwidth.
Hubs and Collisions
This topic lists the characteristics and functions of a hub in an Ethernet LAN.
• Stations may transmit simultaneously, collisions can occur.

• The more collisions that occur, the worse the congestion becomes.
• Hubs cannot improve collision issues.
Collisions are by-products of the CSMA/CD method that is used by Ethernet. In an Ethernet
network, many devices share the same segment. Despite listening to see if the media is free,
stations may transmit simultaneously. If two or more stations on a shared media transmit at the
same time, a collision results and the frames are destroyed. When the sending stations
recognize the collision event, they will transmit a special “jam” signal for a predetermined time
so that the devices on the segment will know that the frame has been corrupted and stop
communicating. The sending stations will then begin a random timer that must be completed
before attempting to retransmit the data.
As networks become larger and use more bandwidth, it becomes more likely that stations will
attempt to transmit data simultaneously and collisions will occur. The more collisions that
occur, the worse the congestion becomes, and network accessibility can become slow or
nonexistent.
Adding a hub to an Ethernet LAN can overcome the limits of the distance that a frame can
travel on a segment before the signal degrades, but hubs cannot improve collision issues.

Collision Domains and Broadcast Domains
This topic describes and compares collision domains and broadcast domains.
Collision Broadcast
Domain 1 Domain 1 Broadcast Collision
Domain 2 Domain 1
Collision
Domain 2
Router
Collision
Collision Domain 2
Domain 3
In expanding an Ethernet LAN to accommodate more users with more bandwidth requirements,
you can create separate physical network segments, called collision domains, so that collisions
are limited to a domain rather than the entire network.
In traditional Ethernet segments, the network devices compete for the same bandwidth, with
only one device being able to transmit data at a time. The network segments that share the same
bandwidth are known as collision domains, because when two or more devices within that
segment try to communicate at the same time, collisions may occur.
It is possible, however, to use other network devices operating at Layer 2 and above of the OSI
model to divide a network into segments and reduce the number of devices that are competing
for bandwidth. Each new segment, then, results in a new collision domain. More bandwidth is
available to the devices on a segment, and collisions in one collision domain do not interfere
with the working of the other segments.
The broadcast domain is another key concept. The filtering of frames by switches based on
their MAC addresses does not extend to filtering broadcast frames. By their very nature,
broadcast frames must be forwarded. Therefore, a collection of interconnected switches forms a
single broadcast domain. It takes a Layer 3 entity, such as a router, to terminate a Layer 2
broadcast domain.
As shown in the figure, each switch port connects to a single PC or server, where each switch
port represents a unique collision domain. Each router port connects to a different IP subnet
where each IP subnet represents a unique broadcast domain.
Switches and Bridges
This topic describes the typical causes of network congestion on an Ethernet LAN, how a
bridge or switch alleviates network congestion.
Development of network devices on Layer 1 and Layer 2 of OSI model

• Hub
- Device for connecting multiple devices together and making them act as a
single network segment
- Not used anymore
• Bridge
- Connects multiple network segments at the data link layer (Layer 2) of the OSI
mode
- Has only few ports
- Not used anymore
• Switch
- Has more ports than bridge
- Used currently
An Ethernet hub is a device for connecting multiple twisted pair or fiber-optic Ethernet devices
and making them act as a single network segment. Hubs work at the physical layer (Layer 1) of
the OSI model. The device is a form of multiport repeater. Repeater hubs also participate in
collision detection, forwarding a jam signal to all ports if it detects a collision.
Historically, the main reason for purchasing hubs rather than switches was their price. This
motivator has largely been eliminated by reductions in the price of switches, but hubs can still
be useful in special circumstances, such as for inserting a protocol analyzer into a network
connection.
A network bridge connects multiple network segments at the data link layer (Layer 2) of the
OSI model. In Ethernet networks, the term bridge formally means a device that behaves
according to the IEEE 802.1D standard. A bridge and switch are very much alike. A switch is a
bridge with more ports, more features, and faster performance by typically using hardware
ASICs.
Bridges are similar to repeaters or network hubs, devices that connect network segments at the
physical layer (Layer 1) of the OSI model. However, with bridging, traffic from one network is
managed rather than simply rebroadcast to adjacent network segments. Bridges are more
complex than hubs or repeaters. Bridges can analyze incoming data packets to determine if the
bridge is able to send the given packet to another segment of the network.
Like bridges, switches also connect LAN segments. Switches operate at much higher speeds
than bridges, provide higher port density, and support more advanced functionality.

Most common causes of network congestion:
• Increasingly powerful computer and network technologies
• High volume of network traffic
• High-bandwidth applications
Segment
Hub
Corporate
Internet
The most common causes of network congestion are as follows:

 Increasingly powerful computer and network technologies: Today, CPUs are much
faster and more powerful than those used in early LANs, therefore they can send more data
at higher rates through the network.
 Increasing volume of network traffic: Network traffic is now more common, as remote
resources are necessary to carry out basic work. Additionally, broadcast messages can
adversely affect end-station and network performance, although TCP/IP is not a high user
of broadcasts in general.
 High-bandwidth applications: Software applications are richer in their functionality and
are requiring more bandwidth to process. Desktop publishing, engineering design, video on
demand (VoD), electronic learning (e-learning), and streaming video—all of these
applications require considerable processing power and speed. This puts a large burden on
networks to manage the transmission of their files and requires sharing of the applications
among users.
In the figure, all the devices are hubs, therefore, there is just one collision domain.
Ethernet Bridges
This topic describes the purpose and operation of Ethernet bridges.
Bridge characteristics:
• Operate at Layer 2 of the OSI model
• Forward, filter, or flood frames
• Has only few ports
• Lacks high performance
Bridge
Segment 1 Segment 2
Corporate
Internet
Ethernet bridges are used to divide a single Ethernet LAN into multiple segments. This
arrangement increases the number of collision domains, reducing network congestion.
Some of the most important characteristics of bridges are as follows:
 Bridges operate at Layer 2 of the OSI model.
 Bridges are more “intelligent” than hubs. Bridges can analyze incoming frames and
forward (or drop) them based on specific address information.
 Bridges can buffer frames between two or more LAN segments.
 Bridges create more collision domains, allowing more than one device to transmit
simultaneously without causing a collision.
 Bridges maintain MAC address tables.
 Bridges have fewer ports and lower performance than LAN switches.
Adding bridges to a network provides a number of benefits, including the following:

 Isolating potential network problems to specific segments
 Minimizing unnecessary network traffic by filtering data frames within or between LAN
segments
 Extending a LAN to cover greater distances by joining multiple segments
In the figure, the bridge has three ports. Two of the ports that are shown are connected to a hub.
Each bridge port represents a collision domain, so there are three collision domains.

Ethernet Switches
This topic describes the purpose and operation of Ethernet switches.
Switch characteristics:
• High port density
• Large frame buffers
• Mixture of port speeds
• Fast internal switching (high performance)
• Forward, filter, or flood frames
Switch
Segment 1 Segment 2
Corporate
Internet
Like bridges, switches connect LAN segments, use a table of MAC addresses to determine the
segment to which the data is to be sent, and reduce network traffic. Switches, however, operate
at much higher speeds than bridges and support more advanced functionality, as follows:
 High port density: Compared to bridges, switches have high port densities. 24-port and
48-port switches are common, with speeds of 100 Mb/s, 1 Gb/s, and 10 Gb/s. Large
enterprise switches may support hundreds of ports.
 Large frame buffers: The ability to store more received frames before having to drop
them is useful, particularly when there may be congested ports to servers or other parts of
the network.
 Port speeds: Depending on the cost of a switch, it may be possible to support a mixture of
media rates.
 Fast internal switching: Having fast internal switching allows the support of many ports
at 100 Mb/s, 1 Gb/s, and 10 Gb/s. The method that is used may be a fast internal bus or
shared memory, which affects the overall performance of the switch.
Switches use one of the following two forwarding methods for switching data between network
ports:
 Cut-through switching: In this method, the switch acts upon the data as soon as it is
received, even if the transmission is not complete. The switch determines which port to
forward the data to, and starts the process without buffering the data, basing the decision on
the first frame that it receives. This is a faster method than the store-and-forward method,
but there is no error-checking to ensure the accuracy of the data. A variant of cut-through
switching is fragment-free switching, in which the frame is not forwarded until there is no
possibility of a collision occurring.
 Store-and-forward switching: In this method, when the switch receives the data, it stores
the data in buffers until the complete frame is received. During the storage process, the
switch analyzes the frame for information about its destination. In this process, the switch
also performs an error check.
 Fragment-free switching: Cut-through switching provides low latency. However, it is
subject to forwarding bad frames. The switch must start forwarding the frame before the
switch can ensure that a collision has not occurred. Fragment-free switching will ensure
that enough bytes are read from the source to detect a collision before forwarding.
Fragment-free switching can be thought of as a compromise between the high latency and high
integrity of store-and-forward switching, and the low latency and reduced integrity of cut-
through switching. In practice, the difference between using cut-through and store-and-forward
methods has turned out to be unimportant, because the marginal reduction in latency by cut-
through switching has been offset by the low jitter (variability in latency) of store-and-forward
switching.
In the figure, three of the switch ports are shown where two of the ports are connected to a hub.
Each switch port represents a collision domain, so there are three collision domains.

Features of Modern Ethernet Switches
This topic describes the features of modern Ethernet switches.
Dedicated Communication Multiple Simultaneous

Between Devices Conversations
100 Mb/s 1 Gb/s
Full-Duplex
Media-Rate Adaptation
Communications
The similarities between bridges and switches are as follows:

 Both bridges and switches connect LAN segments.
 Both bridges and switches use a table of MAC addresses to identify the segment to which a
data frame should be sent.
 Both bridges and switches help to reduce network traffic.
However, switches provide the following important functions, resulting in even greater benefits
for eliminating network congestion:
 Dedicated communication between devices: This increases frame throughput. Switches
with one user per port have microsegmented the network. In this type of configuration,
each user receives access to the full bandwidth and does not have to contend for available
bandwidth with other users. As a result, collisions do not occur.
 Multiple simultaneous conversations: Multiple simultaneous conversations can occur by
forwarding, or switching, several packets at the same time, increasing network capacity by
the number of conversations supported. For example, when frames are being forwarded
between ports 1 and 2, another conversation can be happening between ports 5 and 6. This
is possible because of I/O buffers and fast internal transfer between ports.
 Full-duplex communication: After a connection is microsegmented, it has only two hosts
(the switch and the host). It is now possible to configure the ports so they can both receive
and send data at the same time, which is called full-duplex communication. For example,
point-to-point 100-Mb/s connections have 100 Mb/s of transmission capacity and 100 Mb/s
of receiving capacity, for an effective 200-Mb/s capacity on a single connection. The
configuration between half-duplex and full-duplex is automatically negotiated at the time
that the link connection is established. (Half-duplex means that there is transmission of data
in just one direction at a time).
 Media-rate adaptation: A LAN switch that has ports with different media rates can adapt,
for instance, between 100 and 1000 Mb/s, allowing bandwidth to be matched as needed.
Without this ability, it would not be possible to have different media-rate ports operating at
the same time.

Switching Operation
This topic describes how a modern Ethernet switch forwards packets.
Switches build a table of learned MAC addresses, which are associated with the port on which
they can be reached. Switches then use these MAC addresses as they decide whether to filter,
forward, or flood frames.
The table shows how switches process unicast frames.
How Switches Process Unicast Frames on an Ethernet LAN
Step Action
1. When a unicast frame is received on a port, the switch compares the destination MAC
address to the MAC addresses contained in its tables.
2. If the switch determines that the destination MAC address of the frame resides on the same
network segment as the source, it does not forward the frame. This process is called
filtering, and by performing this process, switches can significantly reduce the amount of
traffic going between network segments by eliminating the unnecessary frames.
3. If the switch determines that the destination MAC address of the frame is not from the same
network segment as the source, it forwards the frame to the appropriate segment.
4. If the switch does not have an entry for the destination address, it will transmit the frame out
all ports except the port on which it received the frame. This process is called flooding.
The figure shows an example where the destination MAC address is a broadcast address, and
the switch learns the network topology by analyzing the source address of incoming frames
from all attached networks. The table describes this process.
Switching Frames Procedure
Step Action
1. The switch receives a broadcast frame from PC A on port 1.
2. The switch enters the source MAC address and the switch port that received the frame into the
MAC table.
3. Because the destination address is a broadcast, the switch floods the frame to all ports,
except the port on which it received the frame.
4. The destination device replies to the broadcast with a unicast frame addressed to PC A.
5. The switch enters the source MAC address of PC B and port number of the switch port that
received the frame into the MAC table. The destination address of the frame and its
associated port is found in the MAC table.
6. The switch can now forward frames between source and destination devices without flooding,
because it has entries in the MAC table that identify the associated ports.

Microsegmentation
This topic describes the purpose of microsegmentation in an Ethernet LAN.
Microsegmentation of the Network
Implementing LAN switching provides microsegmentation, which eliminates the possibility of

collisions on the network segment, providing a number of benefits in increasing network
performance. Each device on a network segment is directly connected to a switch port and does
not have to compete with any other device on the segment for bandwidth. This important
function eliminates collisions and increases the effective data rate through full-duplex
operation, resulting in a significant increase in available bandwidth.
Data transmission can be compared to a freeway, with data frames traveling over the freeway
like automobiles. Just as automobiles use on-ramps to access the freeway, devices join the
network when they want to transmit data. As more cars travel on the freeway, however, the on-
ramps may become congested, allowing access to only a few cars, and there may even be
collisions. If each car had its own on-ramp, however, all the cars would have equal access to
the freeway, and there would be no delays or collisions. The microsegmentation that LAN
switches provide gives each network device its own “on-ramp,” so the device does not have to
compete with other devices to use the network “freeway.”
Modern LANs
This topic describes how modern Ethernet LANs are designed.
• Users grouped by physical location

• More switches added to the network
• Switches connected by high-speed links
In switched networks, how users are grouped is largely determined by their physical location.
For example, all the users that are connected to a switch on the first floor of an office building
will belong to the same workgroup, while all the users connected to a switch on the second
floor will belong to a different workgroup. This type of arrangement allows each group to
access the devices on the network, such as servers, with a reduced chance of collisions,
maximizing the overall performance of the network.
To accommodate more users and higher demand for network resources and bandwidth, more
switches are added to networks. With the addition of more switches on a network, however, the
amount of data traffic between them increases; therefore, there is a need to ensure that the
speed and performance of the communication paths between the switches and other network
devices are also increased.

Summary
• Ethernet cables and segments can span only a limited physical distance,
after which transmissions become degraded.
• A hub extends network segments by receiving incoming bits, amplifying
the electrical signal, and transmitting these bits.
• The network segments that share the same bandwidth are called
collision domains.
• A Layer 3 device is needed to terminate a Layer 2 broadcast domain.
• A switch offers greater benefits for eliminating network congestion than
bridges.
• Ethernet bridges are used to divide a single LAN into multiple collision
domains.
• Switches operate at much higher speeds than bridges and support more
advanced functionalities.
• A switch provides dedicated communication between devices, multiple
simultaneous conversations, full-duplex communication, and media-rate
adaptation.
• Switches build a table of learned MAC addresses, which are associated
with individual port.
• Microsegmentation eliminates the possibility of collisions on a network
segment.
• To accommodate more users and higher demand for network resources
and bandwidth, add more switches to the network.
Lesson 4
Operating a Cisco Switch

Overview
Cisco IOS Software is feature-rich network system software, providing network intelligence to
meet all networking demands. This lesson describes Cisco IOS Software and the basic CLI
functions and operations. The lesson also describes each step of the Cisco IOS boot sequence.
Knowledge of the Cisco IOS boot sequence is helpful when troubleshooting the boot process of
a Cisco device. This lesson also describes the procedures and commands that are required to
manage configuration files and to perform a basic setup on Layer 2 Cisco IOS switches.
Objectives
Upon completing this lesson, you will be able to describe how to operate and configure a Cisco
switch. This ability includes being able to meet these objectives:
 List the Cisco IOS Software features Describe the initial configuration requirements for a
Cisco IOS switch
 Describe the sources used to configure a Cisco IOS switch or router
 Describe the common internal components of Cisco routers and switches
 Describe the Cisco IOS Command Line Interface
 Describe the user and privileged EXEC modes of Cisco routers and switches
 Describe how to obtain help when configuring Cisco routers and switches
 Describe enhanced editing commands available in CLI mode
 Describe how to use the command history when configuring Cisco routers and switches
 Describe the show version command
 Describe the show flash command
 Describe how to navigate between the different configuration modes and submodes
 Describe how to view a running or saved IOS configuration
 Describe how to load an IOS configuration on a Cisco router or switch
 Describe device configuration files
 Describe how to use the Cisco IOS copy command
 Describe how to save and back up the configuration file
 Describe the Cisco IOS boot process on Cisco switches and routers
 Describe the power-on boot sequence of a Cisco IOS network device
 Describe the order of operation for determining which IOS image a Cisco IOS network
device uses to boot
 Describe the purpose of the configuration register and how to modify the default settings
 Provide an example of a Catalyst bootup sequence and the switch setup dialog
 Describe how to use the system configuration dialog to perform the initial setup of a Cisco
Catalyst switch
 Perform basic Cisco IOS configurations on switches
Cisco IOS Software Features
This topic lists the Cisco IOS Software features.
• Features to carry the chosen network protocols and functions

• Connectivity for high-speed traffic between devices
• Security to control access and prohibit unauthorized network use
• Scalability to add interfaces and capability as needed for network growth
• Reliability to ensure dependable access to networked resources
The Cisco IOS Software platform is implemented on Cisco hardware platforms, including
Cisco enterprise-based routers and Cisco Catalyst LAN switches and Metro Ethernet switches.
Cisco IOS Software is a package of routing, switching, internetworking, and
telecommunications functions that are tightly integrated with a multitasking operating system.
Note The Cisco routers use one of the three different operating systems: Cisco IOS Software
(described in this lesson), Cisco IOS XE Software, and Cisco IOS XR Software.
Cisco IOS Software enables the following network services in Cisco products:
 Features to carry the chosen network protocols and functions
 Connectivity that allows high-speed traffic between devices
 Security to control access and prohibit unauthorized network use
 Scalability that adds interfaces and capability, as needed, for network growth
 Reliability that ensures dependable access to networked resources
The Cisco IOS Software CLI is accessed through a console connection, a modem connection,
or a Telnet or Secure Shell (SSH) session. Regardless of which connection method is used,
access to the Cisco IOS Software CLI is generally referred to as an EXEC session. Cisco IOS
CLI operations on routers is similar to CLI operations on switches.

Configuring Cisco IOS Switches
This topic describes the initial configuration requirements for a Cisco IOS switch.
• Initial default settings are sufficient for the switch to operate at Layer 2.
• A Cisco device will prompt for initial configuration if there is no
configuration in memory.
• Additional configuration tasks set up the device with the following:
- Protocol addressing and parameter settings
- Options for administration and management
When a Cisco IOS switch is started for the first time, its initial configuration with default
settings is sufficient for it to operate at Layer 2 as a switch.
Compared to the switch default configuration, when a Cisco router is started for the first time,
the router will not have sufficient information in its initial default configuration to start routing
traffic at Layer 3.
When you boot a router or a switch that does not have a startup configuration, the router or
switch will prompt you to enter certain basic management setup information, using a dialog
called setup.
The setup dialog can be used to configure basic device management settings such as:
 Device name (hostname)
 Passwords
 IP address and subnet mask on an interface
 Simple Network Management Protocol (SNMP) information
External Configuration Sources
This topic describes the sources used to configure a Cisco IOS switch or router.
• Devices can be configured from many sources
A switch and other network devices, such as a router, can be configured from the following
locations:
 Console terminal: Upon initial installation, you can configure the switch or router from
the console terminal, which is connected directly via the console port on the switch or
router. You will need the following items to configure a Cisco device from the console
port:
— RJ-45-to-RJ-45 rollover cable
— PC or equivalent with communications software such as Hyperterm configured with
the following settings:
 Speed: 9600 b/s
 Data bits: 8
 Parity: None
 Stop bit: 1
 Flow control: None
 Remote terminal: To access a switch or router remotely, a modem connection to the
auxiliary port of the router allows a remote device to be configured from a remote terminal.
However, the auxiliary port of the router must first be configured for communication with
the external modem. Cisco Catalyst switches do not have auxiliary ports. You will need the
following items to connect remotely to the auxiliary port on a router:
— Straight-through serial cable
— 14.4-kb/s modem
— PC or equivalent with suitable communications software

After the switch or router has been configured with a basic configuration, such as having the
correct IP address, management access configurations, and so on, you can access and manage
the switch or router remotely in the following ways:
 Establish a terminal session using Telnet or SSH.
 Configure the device by downloading a previously written configuration file from a TFTP
or FTP server on the network.
 Download a configuration file using a network management software application such as
CiscoWorks.
 Configure the device using the GUI, such as using the Cisco Configuration Professional
GUI to configure the Cisco Integrated Services Routers (ISRs).
Router/Switch Internal Components
This topic describes the common internal components of Cisco routers and switches.
NVRAM
RAM (Configuration
register)
ROM Interfaces
Flash CPU
The major components of a router or switch are shown in the figure. Most of these components
are hardware:
 RAM: This read/write memory contains the software and data structures that allow the
network device to function. The principal software running in RAM is the Cisco IOS
Software image and the running configuration. The RAM also contains the routing tables
and packet buffers. RAM memory is volatile—its memory contents will be lost when
power is turned off.
 ROM: This type of memory contains microcode for basic functions to start and maintain
the router or switch, including bootstrap and POST (power-on self-test). The ROM also
contains the ROM monitor (ROMMON), which is used for disaster recovery functions,
such as password or Cisco IOS image recovery. On some older Cisco IOS router platforms,
the ROM also contains a subset of Cisco IOS ( a mini-version of Cisco IOS Software with
limited capabilities), which is used for Cisco IOS image file recovery, such as when the
Cisco IOS image file in flash memory is erased. ROM memory is nonvolatile—it maintains
the memory contents even when the power is off.
Here are three major areas of microcode that are generally contained in ROM:
— Bootstrap code: The bootstrap code is used to bring the router or switch up during
initialization. It reads the configuration register to determine how to boot, and then,
if instructed to do so, loads the Cisco IOS Software.
— POST: POST is the microcode that is used to test the basic functionality of the
router or switch hardware and determine which components are present.
— ROMMON: This is a low-level operating system that is normally used for
manufacturing, testing, troubleshooting, and password and IOS image recovery. In
ROMMON mode, the router has no routing capabilities.

 Flash memory: Flash read/write memory is primarily used to store the Cisco IOS Software
image. Some devices run the Cisco IOS Software image directly from flash memory and do
not need to transfer it to RAM. Flash memory is nonvolatile—it maintains the memory
contents even when the power is off.
 NVRAM: This read/write memory is mainly used to store the saved configuration file,
called the startup-config. NVRAM uses a built-in battery to maintain the data when power
is removed from the router or switch. The configuration register is used to control how the
router or switch boots. The configuration register is part of the NVRAM.
 Interfaces: Interfaces are the physical connections to the external world for the router or
switch.
Cisco IOS Command Line
This topic describes the Cisco IOS Command Line Interface (CLI).
• The CLI is used to enter commands.

• Operations vary on different
internetworking devices.
• Users type or paste entries in the
console command modes.
• Command modes have distinctive
prompts.
• Enter key instructs device to parse and
execute the command.
• Two primary EXEC modes are user
mode and privileged mode.
To enter commands into the Cisco IOS CLI, type or paste the entries within one of the several
console command modes. Each command mode is indicated with a distinctive prompt. The
Enter key instructs the device to parse and execute the command.
Cisco IOS Software uses a hierarchy of commands in its command-mode structure. Each
command mode supports specific Cisco IOS commands that are related to a type of operation
on the device.
As a security feature, Cisco IOS Software separates the EXEC sessions into the following two
access levels:
 User EXEC: Allows a person to access only a limited number of basic monitoring
commands
 Privileged EXEC: Allows a person to access all device commands, such as those used for
configuration and management, and can be password-protected to allow only authorized
users to access the device

Cisco IOS EXEC Modes
This topic describes the user and privileged EXEC modes of Cisco IOS routers and switches.
There are two main EXEC modes for entering commands:

• User mode
• Privileged mode
USER mode:
• Limited examination of switch or
router
• Command prompt: hostname>
The figure describes the two EXEC modes and shows the command prompt for the user EXEC
mode.
The procedure that is outlined in the table describes how to access the EXEC modes on a Cisco
switch or router.
Step Action Results and Notes
1. Log in to the device with a A prompt appears, signifying the user EXEC mode. The
username and password (if right arrow (>) in the prompt indicates that the router or
login authentication has been switch is at the user EXEC level.
configured). hostname>
Enter exit to close the session from the user EXEC mode.
2. Enter the ? command at the The ? command in the privileged EXEC mode reveals many
user EXEC-level prompt to more command options than it does at the user EXEC level.
display command options that This ? feature is referred to as context-sensitive help.
are available in the user EXEC
mode.
The user EXEC level does not contain any commands that might alter the operation of the
router or switch. For example, the user EXEC mode does not allow reloading or configuring of
the router or switch.
Privileged mode:
• Detailed examination of switch or
router
• Enables configuration and debugging
• Prerequisite for other configuration
modes
• Change to the privileged EXEC mode
from the user EXEC mode:
hostname> enable
• Command prompt: hostname#
Critical commands, such as those related to configuration and management, require that you are
in the privileged EXEC mode.
To change to the privileged EXEC mode from the user EXEC mode, enter the enable
command at the hostname> prompt. If an enable password or an enable secret password is
configured, the switch or router will then prompt for that password.
When the correct enable password is entered, the switch or router prompt changes to
hostname#, indicating that the user is now at the privileged EXEC level. Entering the ?
command at the privileged EXEC level will reveal many more command options than those
available at the user EXEC level.
To return to the user EXEC level, enter the disable command at the hostname# prompt.

Command Line Help Facilities
This topic describes how to obtain help when configuring Cisco IOS routers and switches.
Type of CLI Help Description
Provides a list of commands and the

Context-Sensitive Help arguments associated with a specific
command
Identifies problems with any commands
Console Error Messages that are incorrectly entered so that they
can be altered or corrected
Allows recall of long or complex
Command History Buffer commands or entries for re-entry, review,
or correction
The Cisco IOS CLI on Cisco devices offers the following types of help:
 Command help: Enter the character sequence followed immediately by a question mark.
Do not include a space before the question mark. The device will display a list of
commands that start with the characters that you entered. For example, enter the sh?
command to get a list of commands that begin with the character sequence sh.
 Command syntax help: Enter the ? command to get command syntax help to see how to
complete a command. Enter a question mark in place of a keyword or argument. Include a
space before the question mark. The network device will then display a list of available
command options, with <cr> standing for carriage return. For example, enter show ? to get
a list of the command options supported by the show command.
Note Cisco devices have similar command-line help facilities. All of the help facilities that are
mentioned in this section apply to both Cisco IOS routers and Catalyst switches, unless
otherwise stated.
Special Ctrl and Escape key sequences reduce the need to re-enter entire command strings.
Cisco IOS Software provides several commands and characters to recall or complete command
entries from a history buffer that keeps the last several commands that you entered. These
commands can be reused instead of re-entered, if appropriate.
Console error messages help identify problems with an incorrect command entry. Error
messages that might be encountered while using the CLI are shown in the table.
Error Message Meaning How to Get Help
% Ambiguous You did not enter enough Re-enter the command followed by a question
command: characters for your device to mark (?), without a space between the command
“show con” recognize the command. and the question mark.
The possible keywords that you can enter with
the command are displayed.
% Incomplete You did not enter all the Re-enter the command, followed by a question
command keywords or values that are mark (?), with a space between the command
required by this command. and the question mark.
% Invalid You entered the command Enter a question mark (?) to display all of the
input incorrectly. The caret (^) commands or parameters that are available.
detected at marks the point of the error.
‘^’ marker
The command history buffer stores the commands that have been most recently entered. To see
these commands, enter the Cisco IOS show history EXEC command.

Switch#clok
Translating "clok" Symbolic translation
% Bad IP address or host name
% Unknown command or computer name, or unable to find computer address
Switch#cl?
clear clock
Command prompting
Switch#clock
% Incomplete command.
Switch#clock ?
read-calendar Read the hardware calendar into the clock
set Set the time and date
update-calendar Update the hardware calendar from the clock
Switch# <Ctrl-P> clock set

% Incomplete command. Last command recall
You can use context-sensitive help to determine the syntax of a particular command. For
example, if the device clock needs to be set but the clock command syntax is not known, the
context-sensitive help provides a means to check the syntax for setting the clock.
If the word “clock” is entered, but misspelled, the system performs a symbolic translation of the
misspelled command as parsed by Cisco IOS Software. If no CLI command matches the string
input, an error message is returned. If there is no Cisco IOS command that begins with the
misspelled letters, the device will interpret the misspelled command as a hostname and attempt
to resolve the hostname to an IP address, then try to use Telnet to connect to that host.
Context-sensitive help will provide a list of commands that begin with the character string (no
space between the command and the question mark) even if you enter just the first part of the
command, such as cl?. In this cl? example, both the clear and clock commands will be
displayed since those are the only two commands that begin with cl.
If you enter the command clock, but an error message indicating that the command is
incomplete is displayed, enter the question mark (?) command (preceded by a space) to
determine what arguments are required for the command. In the clock ? example, the help
output shows that the keyword set is required after clock.
If you now enter the command clock set, but another error message appears indicating that the
command is still incomplete, press the Ctrl-P (or Up Arrow) key to repeat the last command
entry. Then, add a space and enter the question mark (?) command to display a list of command
arguments that are available at that point for the given command, such as clock set ?
The example shows that after the last command recall, the administrator used the question mark
(?) command to reveal the additional arguments, which involve entering the current time using
hours, minutes, and seconds.
Switch#clok
Translating "clok"
% Bad Switch#
IP address or set
clock host11:22:00
name
% Unknown command or
% Incomplete computer name, or unable to find computer address
command.
Switch#cl?
Switch# clock set 11:22:00 ?
clear clock Command prompting
<1-31> Day of the month
MONTH Month of the year
Switch#clock Command prompting
% Incomplete
Switch# command.
clock set 11:22:00 07 8 Syntax Checking
^
Switch#clock ?
% Invalid input detected at '^' marker.
read-calendar Read the hardware calendar into the clock
set Switch# clock Set
set the time and
11:22:00 date
07 August
update-calendar Update the hardware calendar from the clock
% Incomplete command.
Switch# <Ctrl-P>
Switch# clock
clock set set
11:22:00 07 August ?
% Incomplete command.Year Command prompting
<1993-2035> Last command recall
Switch# clock set 11:22:00 07 August 2011
The figure continues to illustrate how to set the device clock.

If, after entering the current time, you still see the Cisco IOS Software error message indicating
that the command entered is incomplete, recall the command, add a space, and enter the
question mark (?) to display a list of command arguments that are available at that point for the
given command. In the example, enter the day, month, and year using the correct syntax, then
press Return to execute the command.
Syntax checking uses the caret symbol (^) as an error-location indicator. The caret symbol
appears at the point in the command string where an incorrect command, keyword, or argument
has been entered. The error-location indicator and interactive help system provide a way to
easily find and correct syntax errors. In the clock example, the caret symbol (^) indicates that
the month was entered incorrectly. The parser is expecting the month to be spelled out.

Enhanced Editing Commands
This topic describes enhanced editing commands available in CLI mode.
Key Sequence Description
Ctrl-A Moves to the beginning of the command line
Ctrl-E Moves the cursor to the end of the command line
Esc-B Move back one word
Esc-F Move forward one word
Ctrl-B Move back one character
Ctrl-F Move forward one character

Ctrl-D Delete a single character
Tab Completes command
Although the enhanced line editing mode is automatically enabled, you can disable it. It may be
a good idea to disable enhanced line editing if there are scripts that do not interact well when
enhanced line editing is enabled. Use the terminal editing EXEC command to turn on
advanced line editing features and the terminal no editing EXEC command to disable
advanced line editing features.
One of the advanced line editing features is to provide horizontal scrolling for commands that
extend beyond a single line on the screen. When the cursor reaches the right margin, the
command line shifts ten spaces to the left. The first ten characters of the line can no longer be
seen, but you can scroll back to check the syntax at the beginning of the command.
The dollar sign ($) indicates that the line has been scrolled to the left. To scroll back, press
Ctrl-B or the Left Arrow key repeatedly until you are at the beginning of the command entry,
or press Ctrl-A to return directly to the beginning of the line.
The key sequences that are indicated in the figure are shortcuts or hot keys that are provided by
the Cisco IOS CLI. Use these key sequences to move the cursor around on the command line
for corrections or changes.
The table describes each of the shortcuts that are shown in the figure and some additional
shortcuts for command-line editing and controlling command entry.
Command-Line Editing Description

Key Sequence
Ctrl-A Moves the cursor to the beginning of the command line
Ctrl-E Moves the cursor to the end of the command line
Esc-B Moves the cursor back one word
Esc-F Moves the cursor forward one word
Command-Line Editing Description
Key Sequence
Ctrl-B Moves the cursor back one character
Ctrl-F Moves the cursor forward one character
Ctrl-D Deletes a single character to the left of the cursor
Backspace Removes one character to the left of the cursor
Ctrl-R Redisplays the current command line
Ctrl-U Erases a line
Ctrl-W Erases a word to the left of the cursor
Ctrl-Z Ends configuration mode and returns to the EXEC prompt
Tab Completes a partially entered command if enough characters have been

entered to make it unambiguous
Note The Escape key is not functional on all terminals.

Command History
This topic describes how to use the command history when configuring Cisco IOS routers and
switches.
Key Sequence /
Description
Command
Ctrl-P or Up Arrow Recalls last (previous) command
Ctrl-N or Down Arrow Recalls more recent commands
show history Shows command buffer contents

terminal history
Sets session command buffer size
size lines
The Cisco IOS CLI provides a history or record of commands that have been entered. This
feature, called the command history, is particularly useful in helping recall long or complex
commands or entries.
With the command history feature, you can complete the following tasks:
 Display the contents of the command buffer.
 Set the command history buffer size.
 Recall previously entered commands that are stored in the history buffer. There is a buffer
for the EXEC mode and another buffer for the configuration mode.
By default, command history is enabled and the system records the last ten command lines in
its history buffer.
To change the number of command lines that the system will record during the current terminal
session only, use the terminal history user EXEC mode command.
To recall commands in the history buffer beginning with the most recent command, press
Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively older commands.
To return to more recent commands in the history buffer after recalling older commands with
Ctrl-P or the Up Arrow key, press Ctrl-N or the Down Arrow key. Repeat the key sequence
to recall successively more recent commands.
On most computers, there are additional select and copy and paste facilities available from the
terminal emulation program, such as Hyperterm. Copy a previous command string, paste or
insert it as the current command entry, and press Return.
show version Command
This topic describes the show version command.
SW1#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version 12.2(53)SE,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 17:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02600000
ROM: Bootstrap program is ME340x boot loader

BOOTLDR: ME340x Boot Loader (ME340x-HBOOT-M) Version 12.2(44r)EY, RELEASE SOFTWARE
(fc1)
SW1 uptime is 1 week, 1 day, 8 hours, 48 minutes

System returned to ROM by power-on
System image file is "flash:me340x-metroaccessk9-mz.122-53.SE/me340x-metroaccessk9-
mz.122-53.SE.bin"
< text omitted >
Configuration register is 0xF
Use the show version EXEC command to display the configuration of the system hardware, the
serial number, the Cisco IOS Software version, where the Cisco IOS image file was loaded
from, the memory size, and the configuration register setting.
The table describes some of the output fields from the show version command.
Output Description
Cisco IOS Software Information identifying the software by name and release number.
Release Always specify the complete version number when reporting a possible
software problem. In the example, the router is running Cisco IOS Software
Release 15.0(1)M5.
Uptime Current days and time since the system was last booted.
In the example, the router uptime is 1 week, 1 day, 8 hours, and 48 minutes.
Platform Shows the hardware platform information including revision and RAM. In the
example platform is Cisco 2900.
The figure shows partial output from a Cisco ME340x switch. To see the complete output, use
the show version command on the Cisco ME340x switch in the lab activity.

show flash Command
This topic describes the show flash command.
SW1#show flash:
Directory of flash:/
2 -rwx 616 Mar 1 1993 00:00:48 +00:00 vlan.dat

3 -rwx 1934 Apr 3 1993 09:04:30 +00:00 private-config.text
4 drwx 512 Mar 1 1993 00:09:09 +00:00 me340x-metroaccessk9-mz.122-53.SE
9 -rwx 4120 Apr 3 1993 09:04:30 +00:00 multiple-fs
10 -rwx 2325 Apr 3 1993 09:04:30 +00:00 config.text
25933824 bytes total (16856064 bytes free)
The show flash command displays the contents of flash memory, including the image
filenames and sizes.
In the example, the bottom line tells how much flash memory is available and how much flash
memory is currently being used.
Cisco IOS Configuration
This topic describes how to navigate between the different configuration modes and submodes.
When Cisco switches or routers are configured from the CLI that runs on the console or a
remote terminal, the Cisco IOS Software provides a CLI called the EXEC. The EXEC
interprets the commands that are entered and carries out the corresponding operations.
To change from user EXEC mode to privileged EXEC mode, enter the enable command. The
switch then prompts for the enable password. Enter the correct enable password. By default, the
enable password is not configured.

Configuration modes:
• Global configuration mode:
Switch# configure terminal
Switch(config)# hostname SW1
• Interface configuration mode:

SW1(config)# interface GigabitEthernet 0/1
SW1(config-if)# no shutdown
The Cisco IOS command-line interface is organized around the concept of modes. You move in
and out of several different modes while configuring a router, and which mode you are in
determines which commands you can use. Each mode has a set of commands available in that
mode, and some of these commands are only available in that mode. In any mode, typing a
question mark will display a list of the commands available in that mode.
To configure any feature of the switch or router, you must enter configuration mode, which is
the first submode of the privileged EXEC mode. In the privileged EXEC mode, you issue the
command configure terminal. As shown in the figure, the prompt changes to indicate the
mode that you are in.
In configuration mode (also referred to as “global configuration mode”), you can set options
that apply systemwide. For instance, you should name your device so that you can easily
identify it. You can name your device in configuration mode with the hostname command. As
shown in the figure, when you set the name of the host, the prompt immediately changes to
SW1 rather than Switch. It is important to name your routers and switches with an organized
naming scheme.
After you enter privileged EXEC mode, the prompt ends with a pound sign (#). There are
numerous configuration modes that you can enter only after entering privileged EXEC mode.
Each of these configuration modes has a prompt in this form:
Switch(arguments)#
The configuration modes all end with the pound sign. Many of the configuration modes have
submodes of their own. When you enter the global configuration mode, you have access to all
of the configuration information and options that the Cisco IOS Software provides, either
directly from the global configuration mode or from one of its submodes.
Cisco interface naming is straightforward. On some of the Cisco IOS routers and switches, the
individual interfaces are referred to by this convention:
media type slot#/port#
"Media type" refers to the type of media for which the port is an interface, such as Fast
Ethernet. Slot numbers are only applicable for routers that provide slots into which you can
install modules. These modules contain several ports for a given media. The slots are numbered
on the router. Port number refers to the port in reference to the other ports in that module.
Numbering is left-to-right, and all numbering starts at 0.
To configure a particular port (interface), use the interface configuration mode. You enter
interface configuration mode with the interface configuration command. Configuring most
interfaces for LAN connections might consist only of assigning a network layer address (IP
address) on a router and making sure that the interface is not administratively shut down. An
interface may be correctly configured and physically connected, yet be administratively down.
In this state, it will not function. The command for causing an interface to be administratively
down is shutdown. To enable an interface from an administratively down state, you can use the
no shutdown command.

Viewing an IOS Configuration
This topic describes how to view a running or saved IOS configuration.
Cisco switches and routers have the following three primary types of memory:
 RAM: Stores routing tables (routers), fast switching cache, running configuration, and so
on
 NVRAM: Used for writable permanent storage of the startup configuration
 Flash: Provides permanent storage of the Cisco IOS Software image, backup
configurations, and any other files via memory cards
The show startup-config privileged EXEC command displays the saved configuration in
NVRAM. The show running-config privileged EXEC command displays the current running
configuration in RAM.
Current configuration Saved configuration
Router#show running-config Router#show startup-config

Building configuration... Using 1578 out of 262136 bytes
!
Current configuration : 2945 bytes version 15.0
! service timestamps debug datetime msec
version 15.0 service timestamps log datetime msec
service timestamps debug datetime msec no service password-encryption
service timestamps log datetime msec !
no service password-encryption hostname Router
! !
hostname Router <...output omitted...>
!
<...output omitted...>
In NVRAM
In RAM
The show running-config command displays the current running configuration in RAM.
The “Building configuration…” output indicates that the running configuration is being built
from the active configurations that are stored in RAM.
After the running configuration is built from RAM, the “Current configuration: 2945 bytes”
message appears, indicating that this is the current configuration running in RAM and the size
of the current running configuration in bytes.
The show running-config command also has various command options to filter the running
configurations that will be displayed. For example, you can use the show running-config
interface gi0/1 command to only display the interface gi0/1 running configuration:
The first line of the show startup-config command output indicates the amount of NVRAM
that is used to store the configuration. For example, “Using 1578 out of 262136 bytes” indicates
that the total size of the NVRAM is 262,136 bytes and the current configuration that is stored in
NVRAM takes up 1578 bytes.

Loading an IOS Configuration
This topic describes how to load an IOS configuration on a Cisco router or switch.
• Load and execute the configuration from NVRAM.

• If no configuration is present in NVRAM, enter setup mode.
After you have entered the commands to configure the router or switch, you must save the
running configuration to NVRAM with the copy running-config startup-config privileged
EXEC command. If the configuration is not saved to NVRAM and the router or switch is
reloaded, the configuration will be lost and the router or switch will revert to the last
configuration saved in NVRAM.
After the Cisco IOS Software image is loaded and started, the router or switch must be
configured to be useful. If there is an existing saved configuration file (startup-config) in
NVRAM, it is executed. If there is no saved configuration file in NVRAM, the router or switch
enters the setup utility.
The setup utility prompts a user at the console for specific configuration information to create a
basic initial configuration on the router or switch. The setup utility is only available on Cisco
IOS and IOS XE routers and switches, and is not available on Cisco IOS XR routers.
If there is no saved configuration file in NVRAM, Cisco IOS and IOS XE routers can begin an
AutoInstall process. AutoInstall is a Cisco IOS Software feature that provides for the
configuration of a new routing device automatically when the device is initialized. It attempts
to download a configuration from a TFTP server. AutoInstall can occur over a LAN or serial
interface—it requires a connection to the network and a previously configured TFTP server to
respond to the download request. AutoInstall is only available on Cisco IOS and IOS XE
routers and switches, and is not available on Cisco IOS XR routers.
Device Configurations Files
This topic describes device configuration files.
Configuration files contain the Cisco IOS Software configuration commands that are used to
customize the functionality of a Cisco network device, such as a router, access server, or
switch. Commands are parsed, that is, translated and executed, by the Cisco IOS Software
when you boot the system. The startup configuration file is loaded to RAM as the running
configuration or when you enter configuration commands at the CLI in configuration mode.
Configuration files are stored in the following locations:
 The running configuration is stored in RAM.
 The startup configuration is stored in NVRAM.
You can copy configuration files from the router or switch to a file server using FTP, Remote
Copy Protocol (RCP), or TFTP. For example, you can copy configuration files to back up a
current configuration file to a server before changing its contents, allowing the original
configuration file to be restored from the server. The protocol that is used depends on which
type of server is used.
You can copy configuration files from a TFTP, RCP, or FTP server to the running
configuration in RAM or to the startup-config file in NVRAM of the router or switch for one of
the following reasons:
 To restore a backed-up configuration file.
 To use the configuration file for another router or switch. For example, you may add
another router or switch to the network and want it to have a similar configuration as the
original router or switch. By copying the file to the network server and making the changes
to reflect the configuration requirements of the new router or switch, you can save time by
not re-creating the entire file.

 To load the same configuration commands onto all the routers or switches in the network
so that all the routers or switches have similar configurations.
One key feature of the Cisco IOS File System (IFS) is the use of the URL convention to specify
files on network devices and the network.
The table contains some commonly used URL prefixes for Cisco network devices.
Prefix Description
bootflash: Bootflash memory
flash: Flash memory. This prefix is available on all platforms. For platforms that
do not have a device named flash, the prefix flash: is aliased to slot0.
Therefore, the prefix flash: can be used to refer to the main flash memory
storage area on all platforms.
ftp: FTP network server
nvram: NVRAM
rcp: The RCP network server
slot0: The first Personal Computer Memory Card International Association

(PCMCIA) flash memory card
slot1: The second PCMCIA flash memory card
system: Contains the system memory, including the current running configuration
tftp: TFTP network server
Cisco IOS copy Command
This topic describes how to use the Cisco IOS copy command.
In addition to using AutoInstall, the setup utility, or the CLI to load or create a configuration,
there are several other sources for configurations that you can use.
You can use the Cisco IOS Software copy privileged EXEC command to move configurations
from one component or device to another. The syntax of the copy command requires that the
first argument indicate the source from where the configuration is to be copied, followed by the
destination to where the configuration is to be copied. For example, in the copy running-
config tftp: command, the running configuration in RAM is copied to a TFTP server.
Use the copy running-config startup-config command after a configuration change is made in
the RAM and must be saved to the startup-config file in NVRAM. Similarly, copy the startup-
config file in NVRAM back into RAM with the copy startup running command. Notice that
you can abbreviate the commands.
Similar commands exist for copying between a TFTP server and either NVRAM or RAM.
Use the configure terminal command to interactively create configurations in RAM from the
console or remote terminal.
Use the erase startup-config command to delete the saved startup-config file in NVRAM.
When a configuration is copied into RAM from any source, the configuration merges with the
existing configuration in RAM. New configuration parameters are added and changes to
existing parameters overwrite the old parameters. Configuration commands that exist in RAM
for which there is no corresponding command in NVRAM remain unaffected. Copying the
running configuration from RAM into the startup configuration file in NVRAM will overwrite
the startup-config file in NVRAM.

Saving and Backing Up the Configuration
This topic describes how to save and back up the configuration file.
Router#copy running-config startup-config

Destination filename [startup-config]?
Building configuration...
[OK]
Copies current
configuration to NVRAM
Router#copy running-config tftp:

Address or name of remote host []? 10.1.1.1
Destination filename [running-config]? wgroa.cfg
!!!
1684 bytes copied in 13.300 secs (129 bytes/sec
Copies current
configuration to backup
TFTP server
After you enter the commands to configure the router or switch, you must save the running
configuration to NVRAM with the copy running-config startup-config command. If the
configuration is not saved to NVRAM and the router or switch is reloaded, the configuration
will be lost and the router or switch will revert to the last configuration saved in NVRAM.
You can use the TFTP servers to store configurations in a central place, allowing centralized
management and updating. Regardless of the size of the network, there should always be a copy
of the current running configuration online as a backup.
The copy running-config tftp: command allows the current configuration to be uploaded and
saved to a TFTP server. The IP address or name of the TFTP server and the destination
filename must be supplied. During the copying process, a series of exclamation marks shows
the progress of the upload.
The copy tftp: running-config command downloads a configuration file from the TFTP server
to the running configuration of the RAM. Again, the address or name of the TFTP server and
the source and destination filename must be supplied. In this case, because you are copying the
file to the running configuration, the destination filename should be “running-config,” because
it is a merge process rather than an overwrite process.
Startup Process
This topic describes the Cisco IOS boot process on Cisco switches and routers.
1. Find and check device hardware.

2. Find and load Cisco IOS Software image.
3. Find and apply device configurations.
When a Cisco device starts, the following three main operations are performed on the
networking device:
1. The device performs hardware-checking routines. A term that is often used to describe this
initial set of routines is power-on self-test (POST).
2. After the hardware has been shown to be in good working order, the device performs
system startup routines. These initiate the device Cisco IOS operating system software.
3. After the Cisco IOS operating system is loaded, the device tries to find and apply the
device startup configurations that establish the details that are needed for the device
operations.

Detailed Power-On Boot Sequence
This topic describes the power-on boot sequence of a Cisco IOS network device.
1. Perform power-on self-test (POST).

2. Load and run bootstrap code.
3. Find the Cisco IOS Software.
4. Load the Cisco IOS Software.
5. Find the configuration.
6. Load the configuration.
7. Run the configured Cisco IOS Software.
When power is initially applied to a Cisco device, the events occur in the order that is shown in
the table.
Step Event Description
1. Perform POST This is a series of hardware tests that verifies that all components of the
Cisco device are functional. During this test, a device also determines
what hardware is present. POST executes from microcode resident in
the system ROM.
2. Load and run bootstrap Bootstrap code is used to perform subsequent events, such as locating
code the Cisco IOS Software, loading it, and then running it. When the Cisco
IOS Software is loaded and running, the bootstrap code is not used until
the next time that the router is reloaded or power-cycled.
3. Find the Cisco IOS The bootstrap code determines where the Cisco IOS Software to be run
Software is located. Normally, the Cisco IOS Software image is located in the
flash memory. The configuration register and configuration file
determine where the Cisco IOS Software images are located and which
image file to use.
4. Load the Cisco IOS After the bootstrap code has found the proper image, it then loads that
Software image into RAM and starts the Cisco IOS Software. Some devices do
not load the Cisco IOS Software image into RAM, but execute it directly
from flash memory.
5. Find the configuration The default is to look in NVRAM for a valid saved configuration file
called startup-config.
6. Load the configuration The desired configuration for the router is loaded and executed. If no
configuration exists, a device will enter the setup utility or attempt an
AutoInstall to look for a configuration file from a TFTP server.
7. Run the configured Cisco The Cisco device is now running the configured Cisco IOS Software.
IOS Software
Finding the Cisco IOS Image
This topic describes the order of operation for determining which IOS image a Cisco IOS
network device uses to boot.
1. Checks configuration register

2. Parses configuration for boot system command
3. Defaults to first file in flash memory
4. Attempts to boot from network server
5. Boot helper image
6. ROMMON
The bootstrap code is responsible for locating the Cisco IOS Software. It searches for the image
according to the following sequence:
1. The bootstrap code checks the boot field of the configuration register. The boot field is the
lower 4 bits of the configuration register and is used to specify how the router boots. These
bits can point to flash memory for the Cisco IOS image, the startup-config file (if one
exists) for commands that tell the router how to boot, or a remote TFTP server—or these
bits can specify that no Cisco IOS image is to be loaded and to start the Cisco IOS subset
image in ROM. The configuration register bits perform other functions as well, such as
selection of console rate (bits per second [b/s]) rate and whether to use the saved
configuration file (startup-config) in NVRAM.
For example, a configuration register value of 0x2102 (the “0x” indicates that the digits
that follow are in hexadecimal notation) has a boot field value of 0x2 (the right-most digit
in the register value is 2 and represents the lower 4 bits of the register).
2. If the boot field value of the configuration register is from 0x2 to 0xF, the bootstrap code
parses the startup-config file in NVRAM for the boot system commands that specify the
name and location of the Cisco IOS Software image to load. Several boot system
commands can be entered in sequence to provide a fault-tolerant boot plan.
The boot system command is a global configuration command that allows you to specify
the source for the Cisco IOS Software image to load. Some of the syntax options available
include the following:
— boot system flash [filename]
— boot system tftp [filename][server-address]
— boot system rom

3. If there are no boot system commands in the configuration, the router defaults to loading
the first valid Cisco IOS image in flash memory and running it.
4. If no valid Cisco IOS image is found in flash memory, the router attempts to boot from a
network TFTP server using the boot field value as part of the Cisco IOS image filename.
Note Booting from a network TFTP server is a seldom-used method of loading a Cisco IOS
Software image.
Note Not every router has a boothelper image, so Steps 5 and 6 do not always follow.
5. By default, if booting from a network TFTP server fails after five tries, the router will boot
the boothelper image (the Cisco IOS subset) from ROM. The user can also set bit 13 of the
configuration register to 0 to tell the router to try to boot from a TFTP server continuously
without booting the Cisco IOS subset from ROM after five unsuccessful tries.
6. If there is no boothelper image or if it is corrupted, the router will boot the ROMMON from
ROM.
Configuration Register
This topic describes the purpose of the configuration register and how to modify the default
settings.
Router# show version

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5, RELEASE
SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Router uptime is 2 weeks, 2 days, 15 hours, 47 minutes

System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M5.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
<…output omitted…>
Cisco CISCO2901/K9 (revision 1.0) with 2584575K/36864K bytes of memory.

Processor board ID FTX1518048U
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
4099032K bytes of ATA System CompactFlash 0 (Read/Write)
Configuration register is 0x2102

The configuration register includes information specifying where to locate the Cisco IOS
Software image. You can examine the configuration register setting with the show version
command, and you can change the configuration register value with the config-register global
configuration command.
Before altering the configuration register, you should determine how the router is currently
loading the software image. The show version command will obtain the current configuration
register value. The last line of the display contains the configuration register value.
The configuration register is a 16-bit register. The lowest 4 bits of the configuration register
(bits 3, 2, 1, and 0) form the boot field. A hexadecimal number is used as the argument to set
the value of the configuration register. The default value of the configuration register is
0x2102.
The guidelines for changing the boot field are as follows:
 The boot field is set to 0 to enter ROMMON mode automatically. This value sets the boot
field bits to 0000. In ROMMON mode, the router displays the “>” or “rommon>” prompt,
depending on the router processor type. From ROMMON mode, you can use the boot
command to manually boot the router.
 The boot field is set to 1 to configure the system to boot the Cisco IOS subset automatically
from ROM. This value sets the boot field bits to 0001. The router displays the
“Router(boot)>” prompt in this mode.
 The boot field is set to any value from 0x2 to 0xF to configure the system to use the boot
system commands in the startup-config file in NVRAM. The default is 0x2. These values
set the boot field bits to 0010 through 1111.

The show version command is used to verify changes in the configuration register setting. The
new configuration register value takes effect when the router reloads.
Note When using the config-register command, all 16 bits of the configuration register are set.
Be careful to modify only the bits that you are trying to change, for example, the boot field,
and leave the other bits as they are. Remember that the other configuration register bits
perform functions that include the selection of console rate (b/s) and whether to use the
saved configuration in NVRAM.
The Cisco Metro Ethernet (ME) Series Switches is built for service providers offering Ethernet
access services to customers. These switches allow service providers to deploy Ethernet-to-the-
home (ETTH) "triple play" services and Ethernet-to-the-business (ETTB) VPN services in a
customer location, enabling the delivery of more differentiated Ethernet services. The Cisco
ME switches are based on the most widely deployed Cisco Catalyst IOS access switches with
additional Ethernet services and features.
On most Cisco switches, such as the ME3400 switches that are in the lab, the configuration
register has a fixed default value of 0xF, which is not user-configurable.
ME3400#show version
Cisco IOS Software, ME340x Software (ME340x-METROACCESSK9-M), Version
12.2(53)SE, RELEASE SOFTWARE (fc2)
<output omitted>
Configuration register is 0xF
Initial Bootup Output from a Switch
This topic provides an example of a Catalyst bootup sequence and the switch setup dialog.
After POST completes successfully on a switch or router, there is a prompt to enter the initial
configuration using the setup dialog. The setup dialog can be used to assign IP information,
hostnames, passwords, and to create a default configuration for continued operation. Later, the
CLI can be used to customize the configuration.
An example of a Catalyst switch setup dialog is as follows:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: no
First, would you like to see the current interface summary? [yes]: no
Configuring global parameters:
Enter host name [Switch]: Switch
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password,
after entered, becomes encrypted in the configuration.
Enter enable secret: secret_password
The enable password is used when you do not specify an
enable secret password, with some older software versions,
and some boot images.
Enter enable password: enable_password
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: vty_password
Configure SNMP Network Management? [no]: no
Configuring interface parameters:
Do you want to configure Vlan1 interface? [yes]: yes
Configure IP on this interface? [yes]: yes

IP address for this interface: 10.1.1.140
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Do you want to configure FastEthernet0/1 interface? [yes]: n
..text omitted ..
Do you want to configure FastEthernet0/24 interface? [yes]: n
Would you like to enable as a cluster command switch? [yes/no]: n
Initial Configuration Using Setup
This topic describes how to use the system configuration dialog to perform the initial setup of a
Cisco Catalyst switch.
After the required settings are entered, the setup program displays the configuration to be
confirmed, as follows:
The following configuration command script was created:
hostname SwitchX
enable secret 5 $1$oV63$8z7cBuveTibpCn1Rf5uI01
enable password enable_password
line vty 0 15
password vty_password
no snmp-server
!
interface Vlan1
ip address 10.1.1.140 255.255.255.0
!
interface FastEthernet0/1
<... part of the output omitted...>
!
end
[0] Go to the IOS command prompt without saving this config.

[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]:2
Building configuration...
[OK]
Use the enabled mode 'configure' command to modify this configuration.
Enter 2 to complete the initial configuration and save the configuration to NVRAM.

Basic Configuration
This topic explains basic Cisco IOS configuration: setting the clock, the hostname, the domain
name, switch management IP address, and setting the switch default gateway.
Sets the local identity for the network device
Switch(config)# hostname CoreSwitch

CoreSwitch(config)#
One of the first tasks in configuring a network device is to name it. Naming the device provides
a means to better manage the network by being able to uniquely identify each device within the
network. The name of the device is considered to be the hostname and is the name that is
displayed at the system prompt. The switch name is assigned in global configuration mode. In
the example that is shown in the figure, the switch name is set to CoreSwitch.
CoreSwitch(config)#ip domain name name
Example:
CoreSwitch(config)#ip domain name cisco.com
• Defines cisco.com as the default domain name
To define a default domain name that the Cisco IOS Software uses to complete unqualified
hostnames (names without a dotted-decimal domain name), use the ip domain name command
in global configuration mode. To disable use of the Domain Name System (DNS), use the no
form of this command.
Any IP hostname that does not contain a domain name (that is, any name without a dot) will
have the dot and Cisco.com appended to it before being added to the host table.

CoreSwitch(config)#interface vlan 1
CoreSwitch(config-if)#ip address {ip address} {mask}
CoreSwitch(config-if)#no shutdown
Example:
CoreSwitch(config)#interface vlan 1
CoreSwitch(config-if)#ip address 192.0.2.2 255.255.255.0
CoreSwitch(config-if)#no shutdown
• Use the no shutdown command to make the interface operational.
On switches operating in Layer 2, the switch management interface operates as a switch virtual
interface. Remote access to the switch management interface is accomplished using
applications such as SSH. Because of this, a Layer 3 address must be assigned to the switch. If
the management interface is to reside in VLAN 1, then you need to configure the switch
management IP address under interface VLAN 1.
To configure an IP address and subnet mask for the switch, you must be in VLAN interface
configuration mode and then use the ip address configuration command. An IP address is
required on the switch for management purposes.
For example, an IP address must be assigned if a Telnet or SSH connection is to be used, or if
the SNMP will be used to manage the switch.
You must use the no shutdown interface configuration command to make the interface
operational. To verify the IP address configuration on the VLAN 1 interface, use the show ip
interface brief | inc vlan 1 EXEC command.
For Layer 3-capable switches, you can also manually assign an IP address to a port if you first
put the port into Layer 3 mode by using the no switchport interface command.
ME3400(config-if)#interface FastEthernet0/1
ME3400(config-if)#ip address 10.1.1.1 255.255.255.0
^
% Invalid input detected at '^' marker.
ME3400 (config-if)#no switchport
ME3400 (config-if)#ip address 10.1.1.1 255.255.255.0
ME3400 (config-if)#
• Sets a default gateway for the switch to the IP address of next-hop
router
CoreSwitch(config)#ip default-gateway {ip address}
Example:
CoreSwitch(config)#ip default-gateway 10.1.1.1
10.1.1.1
To configure a default gateway for the switch, use the ip default-gateway command. Enter the
IP address of the next-hop router interface that is directly connected to the switch. This
next-hop router should have connectivity to the rest of the networks. After the default gateway
is configured, the switch has connectivity to the remote networks that it needs to communicate
with for switch management purposes.
If a Layer 3-capable switch is configured for IP routing, it does not need to have a default
gateway set.

Summary
• Cisco IOS Software functions include carrying the chosen network

protocols, connectivity, security, scalability, and reliability.
• Default settings are sufficient for a switch to operate at Layer 2.
• Switches and routers can be configured to use a configuration file from
many sources.
• The most important components of a router or switch are CPU, RAM,
ROM, Flash memory, NVRAM, and interfaces.
• The CLI supports two EXEC modes: user and privileged.
• The user EXEC level does not contain any commands that might alter
the operation of a router or switch.
• The Cisco IOS CLI offers two types of help.
• Enhanced line editing mode is enabled by default.
• The Cisco IOS CLI provides a history or record of commands that have
been entered.
• Use the show version command to display the Cisco IOS Software
version.
• Use the show flash command to display the content of flash memory.
• To change from user EXEC mode to privileged EXEC mode, use the
enable command.
• The show startup-config command displays the saved configuration.
The show running-config command displays the current running
configuration.
• After the Cisco IOS Software image is started, a configuration file is
loaded from NVRAM.
• The running configuration is stored in RAM. The startup configuration is
stored in NVRAM.
• Use the copy command to copy configuration files from one location to
another.
• If the configuration is not saved to NVRAM and the router or switch is
reloaded, the configuration will be lost.
• When a device boots, it performs tests, finds, and loads software, finds
and loads configurations, and finally runs the software.
• POST is a series of hardware tests that verifies that all components of
the Cisco device are functional.
• At router startupt, the bootstrap code first checks the configuration
register.
• The configuration register specifies how a router will boot and how a
configuration file will be loaded.
• After POST completes successfully on a switch or router, there is a
prompt to enter the initial configuration using the setup dialog.
• The setup dialog can be used to assign IP information, hostnames,
passwords, and to create a default configuration for continued operation.
• For management access to a switch, you must configure the switch
management IP address and switch default gateway.

Lesson 5
Understanding Switch Security

Overview
After physical access is secured, you must ensure that access to the switch via the console port
and the vty ports is secure. In addition, it is important to ensure that unused switch ports are not
left unsecured.
Objectives
Upon completing this lesson, you will be able to configure security for a Cisco switch. This
ability includes being able to meet these objectives:
 Mitigate hardware, environmental, electrical, and maintenance-related security threats to
Cisco switches
 Describe how to mitigate password attacks
 Describe how to configure passwords on a Cisco IOS network device
 Describe how to configure a banner message that appears when a user logs into a Cisco
IOS network device
 Compare Telnet and SSH
 Describe how to enable SSH access to Cisco IOS network devices
 Describe how to verify that SSH access is properly configured
 Describe port security
 Describe how to configure port security
 Describe how to verify that port security is properly configured
 Describe how to configure port security with sticky MAC addresses
 Describe how to secure unused ports
Securing Administrative Access
This topic describes how to mitigate hardware, environmental, electrical, and maintenance-
related security threats to Cisco switches.
• Physical installation threats

- Hardware threats
- Environmental threats
- Electrical threats
- Maintenance threats
• Reconnaissance attacks—Learning information about a target network
by using readily available information and applications
• Access attacks—Attacks on networks or systems for these reasons:
- Retrieve data
- Gain access
- Escalate their access privileges
• Password attacks—Tools used by hackers to compromise passwords
Incorrect and incomplete network device installation is an often-overlooked security threat.

Software-based security measures alone cannot prevent premeditated or even accidental
network damage due to poor installation.
The following are physical threats:
 Hardware threats: The threat of physical damage to the router or switch hardware.
Mission-critical Cisco network equipment should be located in wiring closets or in
computer or telecommunications rooms that meet these minimum requirements:
— The room must be locked with only authorized personnel allowed access.
— The room should not be accessible via a dropped ceiling, raised floor, window,
ductwork, or point of entry other than the secured access point.
— If possible, use electronic access control with all entry attempts logged by security
systems and monitored by security personnel.
— If possible, security personnel should monitor activity via security cameras with
automatic recording.
 Environmental threats: Environmental threats include temperature and humidity
extremes. Take these actions to limit environmental damage to Cisco network devices:
— Supply the room with dependable temperature and humidity control systems.
Always verify the recommended environmental parameters of the Cisco network
equipment with the supplied product documentation.
— Remove any sources of electrostatic and magnetic interference in the room.
— If possible, remotely monitor and alarm the environmental parameters of the room.
 Electrical threats: Electrical threats include voltage spikes, insufficient supply of voltage
(brownouts), unconditioned power (noise), and total power loss. Electrical supply problems
can be limited by adhering to these guidelines:
— Install uninterruptible power supply (UPS) systems for mission-critical Cisco
network devices.
— Install backup generator systems for mission-critical supplies.
— Plan for and initiate regular UPS or generator testing and maintenance procedures
that are based on the manufacturer-suggested preventative maintenance schedule.
— Install redundant power supplies on critical devices.
— Monitor and alarm power-related parameters at the power supply and device levels.
 Maintenance threats: Maintenance threats include ESD that is caused by poor handling of
key electronic components, lack of critical spares, poor cabling, poor labeling, and so on.
Maintenance-related threats compose a broad category that includes many items. Follow
the general rules that are listed here to prevent maintenance-related threats:
— Clearly label all equipment cabling and secure the cabling to equipment racks to
prevent accidental damage, disconnection, or incorrect termination.
— Use cable runs, raceways, or both, to traverse rack-to-ceiling or rack-to-rack
connections.
— Always follow ESD procedures when replacing or working with internal router and
switch device components.
— Maintain a stock of critical spares for emergency use.
— Do not leave a console connected to and logged into any console port. Always log
off administrative interfaces when leaving a station.
— Do not rely upon a locked room as the only protection for a device. Always
remember that no room is ever totally secure. After intruders are inside a secure
room, there is nothing to stop them from connecting a terminal to the console port of
a Cisco router or switch.
Reconnaissance Attacks
Reconnaissance is the unauthorized discovery and mapping of systems, services, or
vulnerabilities. Reconnaissance is also known as information-gathering and, in most cases,
precedes an actual access or denial-of-service (DoS) attack. First, the malicious intruder
typically conducts a ping sweep of the target network to determine which IP addresses are
alive. Then the intruder determines which services or ports are active on the live IP addresses.
From this information, the intruder queries the ports to determine the type and version of the
application and operating system running on the target host.
Reconnaissance is somewhat analogous to a thief investigating a neighborhood for vulnerable
homes, such as an unoccupied residence or a house with an easy-to-open door or window to
break into. In many cases, intruders look for vulnerable services that they can exploit later
when there is less likelihood that anyone is looking.
Access Attacks
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web
services to gain entry to web accounts, confidential databases, and other sensitive information.

Password Attacks
“Password attack” usually refers to repeated attempts to identify a user account, password, or
both. These repeated attempts are called “brute-force attacks.” Password attacks are
implemented using other methods too, including Trojan horse programs, IP spoofing, and
packet sniffers.
A security risk exists when passwords are stored as cleartext. You need to encrypt passwords to
overcome risks. On most systems, passwords are processed through an encryption algorithm
that generates a one-way hash on passwords. You cannot reverse a one-way hash back to its
original text. Most systems do not decrypt the stored password during authentication—they
store the one-way hash. During the login process, you supply an account and password, and the
password encryption algorithm generates a one-way hash. The algorithm compares this hash to
the hash stored on the system. If the hashes are the same, the algorithm assumes that the user
supplied the proper password.
Remember that passing the password through an algorithm results in a password hash. The hash
is not the encrypted password, but rather a result of the algorithm. The strength of the hash is
that the hash value can be recreated only with the original user and password information, and
that retrieving the original information from the hash is impossible. This strength makes hashes
perfect for encoding passwords for storage. In granting authorization, the hashes, rather than
the plain password, are calculated and compared.
Password Attack Threat Mitigation
This topic describes how to mitigate password attacks.
• Do not allow users to use the same

password on multiple systems.
• Disable accounts after a certain
number of unsuccessful login
attempts.
• Do not use cleartext passwords.
• Use “strong” passwords, for
example, “mY8!Rthd8y” rather than
“mybirthday.”
Password attack threat-mitigation methods include these guidelines:

 Do not allow users to have the same password on multiple systems. Most users have the
same password for each system they access, as well as for their personal systems.
 Disable accounts after a specific number of unsuccessful logins. This practice helps to
prevent continuous password attempts.
 Do not use cleartext passwords. Use either a one-time password (OTP) or an encrypted
password.
 Use strong passwords. Strong passwords are at least eight characters long and contain
uppercase letters, lowercase letters, numbers, and special characters. Many systems now
provide strong password support and can restrict users to strong passwords.

Configuring Passwords
This topic describes how to configure passwords on a Cisco IOS network device.
Console Password:
Switch(config)#line console 0
Switch(config-if)#login
Switch(config-if)#password cisco
Virtual Terminal Password:

Switch(config)#line vty 0 4
Switch(config-if)#login
Switch(config-if)#password sanjose
Enable Password:
Switch(config)#enable password cisco
enable secret Password:

Switch(config)#enable secret sanfran
service password-encryption Commands:

Switch(config)#service password-encryption
Switch(config-if)#no service password-encryption
You can secure a switch by using passwords to restrict access. Using passwords and assigning
privilege levels is a way to provide terminal access control in a network and is a form of
management plane hardening. Passwords can be established on individual lines, such as the
console, and to the privileged EXEC mode. Passwords are case-sensitive.
Note The passwords shown in the figure are for instructional purposes only. Passwords that are
used in an actual implementation should meet the requirements of a “strong” password.
Each Telnet port on the switch is known as a vty port. There are a maximum of five vty ports
on the switch, allowing five concurrent Telnet sessions. On the switch, the vty ports are
numbered from 0 through 4.
Use the line console 0 command followed by the password and login subcommands to require
login and establish a login password on the console terminal or on a vty port. By default, login
is not enabled on the console or vty ports.
The line vty 0 4 command, followed by the login and password subcommands, requires login
and establishes a login password on incoming Telnet sessions.
The login local command can be used to enable password checking on a per-user basis using
the username and password specified with the username global configuration command. The
username command establishes username authentication with encrypted passwords.
The enable password global command restricts access to the privileged EXEC mode. You can
assign an encrypted form of the enable password, called the enable secret password, by entering
the enable secret command with the desired password at the global configuration mode
prompt. If the enable secret password is configured, it is used instead of the enable password,
rather than in addition to it.
You can also add a further layer of security, which is particularly useful for passwords that
cross the network or are stored on a TFTP server. Cisco provides a feature that allows the use
of encrypted passwords. To set password encryption, enter the service password-encryption
command in the global configuration mode.
Passwords that are displayed or set after you configure the service password-encryption
command will be encrypted.
To disable a command, enter no before the command. For example, use the no service
password-encryption command to disable password encryption.

Configuring the Banner
This topic describes how to configure a banner message that appears when a user logs into a
Cisco IOS network device.
• Defines and enables a message-of-the-day (MOTD) banner, which

appears before the login prompt
Configuring MOTD banner:

Switch(config)#banner motd # Access for authorized users only.
Please enter your username and password. #
User connecting to the device:

Access for authorized users only. Please enter your username and password.
Switch>
To define and enable a message-of-the-day (MOTD) banner, use the banner motd command in
global configuration mode. To delete the MOTD banner, use the no form of this command.
Follow banner motd command with one or more blank spaces and a delimiting character of
your choice (“#” in the example). Then enter one or more lines of text, terminating the message
with the second occurrence of the delimiting character. When a user connects to the device, the
MOTD banner appears before the login prompt.
This MOTD banner is displayed to all terminals connected and is useful for sending messages
that affect all users (such as impending system shutdowns).
Telnet vs. SSH
This topic compares Telnet and SSH.
• Telnet
- Still existing access method
- Insecure (passwords sent in cleartext)
- Do not use it
• SSH
- Always prefer it over Telnet
- Communication is encrypted
- Use version 2, if possible
Telnet
SSH
Telnet is the most common method of accessing a network device. However, Telnet is an
insecure way of accessing a network and is therefore not a secure option. Secure Shell protocol
(SSH) is a secure replacement for Telnet that gives the same type of access. Communication
between the client and server is encrypted in both SSHv1 and SSHv2. Implement SSHv2 when
possible because it uses a more enhanced security encryption algorithm.
The SSH Server feature on Cisco devices enables an SSH client to make a secure, encrypted
connection to a Cisco router. This connection provides functionality that is similar to that of an
inbound Telnet connection. Before SSH, security was limited to Telnet security. SSH allows a
strong encryption to be used with the Cisco IOS Software authentication. The SSH server in
Cisco IOS Software will work with publicly and commercially available SSH clients.

Enabling SSH Access
This topic describes how to enable SSH access to Cisco IOS network devices.
Generate RSA key pair:

Configure domain
Switch(config)#ip domain-name cisco.com name
Switch(config)#crypto key generate rsa
The name for the keys will be: Switch.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Generates an RSA key pair for your
device, which automatically enables SSH.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Additional configuration:
Sets username and password
Switch(config)#username cisco password cisco to Switch local database
Switch(config)#ip ssh version 2
Switch(config)#line vty 0 15 Indicates use of SSHv2
Switch(config-line)#login local
Switch(config-line)#transport input ssh Sets username and password
to Switch local database
Indicates only SSH is allowed
to connect to vty lines
You can generate a Rivest, Shamir, and Adleman (RSA) key pair for your router, which
automatically enables SSH. You must define a domain name to be able to generate an RSA key
pair.
You must also enable password checking at login by using the login command in line
configuration mode. The command login local is used in the example, which selects local
password checking from Switch local database. To set the username and password to the
Switch local database, use the username password command in global configuration mode. It
is recommended that you use SSH version 2, so use the ssh version 2 command.
If you want to make sure that only SSH connections to the device are allowed, use the
transport input ssh command. By using this command, you forbid users using Telnet to
connect to the device.
You should first test the authentication without SSH to make sure that authentication works
with the switch. Authentication can be with a local username and password (as in the example)
or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or
RADIUS.
Verifying SSH
This topic describes how to verify that SSH access is properly configured.
Verifying if SSH is enabled:

Switch# show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Check SSH connection to the device:

Switch# show ssh
Connection Version Encryption State Username
0 1.5 3DES Session started cisco
You can establish an SSH connection to the SSH-enabled device (a switch in this example)
using an SSH client on your PC, such as PuTTY. When establishing a connection for the first
time from a specific computer, you will receive a security alert window, which indicates that
the server host key is not cached in the PuTTY cache. By adding a key to the cache, you will
avoid a security alert window every time that you establish an SSH connection from that
computer.
To display the version and configuration data for SSH on the device that you configured as an
SSH server, use the show ip ssh command. In the example, SSH version 2 is enabled.
To check the SSH connection to the device, use the show ssh command. In the example, a user
with the username “cisco” has an established SSH connection to the switch.

Restricting Access to the Switched Network
This topic describes port security.
PROBLEM: SOLUTION:
• Hacking tools enable attackers • Port security limits MAC flooding
to flood switch CAM tables with attacks and locks down the port.
bogus MACs. • Allowed frames are forwarded.
• This turns the switch into a hub • New MAC addresses over limit
and floods all unicast frames. are not allowed.
• Switch CAM table limits number • Switch responds to nonallowed
of MAC addresses. frames.
Port security is a feature that restricts a switch port to a specific set or number of MAC
addresses. Those addresses can be learned dynamically or configured statically. The port will
then provide access to frames from only those addresses. If the number of addresses is limited
to four but no specific MAC addresses are configured, the port will allow any four MAC
addresses to be learned dynamically, and port access will be limited to those four dynamically
learned addresses.
A port security feature called “sticky learning,” available on some switch platforms, combines
the features of dynamically learned and statically configured addresses. When sticky learning is
configured on an interface, the interface converts dynamically learned addresses to “sticky
secure” addresses. This adds them to the running configuration as if they were configured with
the switchport port-security mac-address command.
Scenario
Imagine five individuals whose laptops are allowed to connect to a specific switch port when
they visit an area of the building. You want to restrict switch port access to the MAC addresses
of those five laptops and allow no addresses to be learned dynamically on that port.
Process
The table describes the process that can achieve the desired results for this scenario.
Implementing Port Security
Step Action Notes
1. Configure port security. Configure port security to allow only five

connections on that port. Configure an entry
for each of the five allowed MAC addresses.
This configuration, in effect, populates the
MAC address table with five entries for that
port and allows no additional entries to be
learned dynamically.
2. Allowed frames are processed. When frames arrive on the switch port, their
source MAC address is checked against the
MAC address table. If the frame source MAC
address matches an entry in the table for
that port, the frames are forwarded to the
switch to be processed like any other frames
on the switch.
3. New addresses are not allowed to create When frames with a nonallowed MAC
new MAC address table entries. address arrive on the port, the switch
determines that the address is not in the
current MAC address table and does not
create a dynamic entry for that new MAC
address, because the number of allowed
addresses has been limited.
4. The switch responds to nonallowed frames. The switch will disallow access to the port
and take one of these configuration-
dependent actions:
 The entire switch port can be shut down.
 Access can be denied for that MAC
address only and a log error can be
generated.
 Access can be denied for that MAC
address but without generating a log
message.
Note Port security cannot be applied to trunk ports where addresses might change frequently.
Implementations of port security vary by Cisco Catalyst platform. Check documentation to
determine if and how particular hardware supports this feature.

Configuring Port Security
This topic describes how to configure port security.
Configuration Scenario
• Port security enabled
• Allow only two different MAC addresses to be connected to Gi 0/1 switch
port
• Allow only 0000.1111.aaaa and 0000.11111.bbbb MAC addresses
• If computers with other MAC addresses connect to Gi 0/1, port Gi 0/1
should be disabled
aaaa bbbb
Gi 0/1
cccc dddd
The figure shows an example of a configuration scenario. Port security will be enabled on the
Gigabit Ethernet 0/1 interface of the switch and only two MAC addresses will be allowed to
connect to this port, 0000.1111.aaaa and 0000.1111.bbbb. If any computer with a different
MAC address tries to connect to Gigabit Ethernet 0/1, the port will be disabled.
Configuration
aaaa bbbb
Gi 0/1
Sets a maximum number of

MAC addresses that will be
allowed on Gi 0/1 port.
cccc dddd Enables port security

Specifies which MAC
addresses will be
Switch(config)# interface fa0/1
allowed on Gi 0/1 port.
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security mac-address 0000.1111.aaaa
Switch(config-if)# switchport port-security mac-address 0000.1111.bbbb
Switch(config-if)# switchport port-security violation shutdown
Defines what action an interface will take if a

nonallowed MAC address attempts access.
To configure port security so that switch port access is limited to a finite number and a specific
set of end-device MAC addresses, follow the steps in the table.
Port Security Configuration Steps
Step Description
1. Enable port security.

Switch(config-if)#switchport port-security
2. Set a maximum number of MAC addresses that will be allowed on this port. The default is one.
Switch(config-if)#switchport port-security maximum value
3. (Optional) Specify which MAC addresses will be allowed on this port.

Switch(config-if)#switchport port-security mac-address mac-address
Switch(config-if)#switchport port-security mac-address mac-address
4. Define what action an interface will take if a nonallowed MAC address attempts access.
Switch(config-if)#switchport port-security violation {shutdown |
restrict | protect}

More on Port Security Configuration
Here are some additional points to bear in mind about port security:
 Port security is enabled on a port-by-port basis.
 By default, only one MAC address is allowed access through a given switch port when port
security is enabled. The port security configuration can increase that number. It implies no
restriction on specific MAC addresses, but only on the total number of addresses that can
be learned by the port.
 Access to the switch port can be restricted to one or more specific MAC addresses. If the
number of specific MAC addresses that are assigned when you use this command is lower
than the value parameter that you set, then the remaining allowed addresses can be learned
dynamically. If you specify a set of MAC addresses that is equal to the maximum number
allowed, access is limited to that set of MAC addresses.
 By default, if the maximum number of connections is achieved and a new MAC address
attempts to access the port, the switch must take one of these actions:
— Protect: Frames from the nonallowed address are dropped, but there is no log of the
violation.
— Restrict: Frames from the nonallowed address are dropped, a log message is
created, and a Simple Network Management Protocol (SNMP) trap is sent.
— Shut down: If any frames are detected from a nonallowed address, the interface is
errdisabled, a log entry is made, an SNMP trap is sent, and manual intervention or
errdisable recovery must be used to make the interface usable. You need to disable
and enable the interface to be usable.
Verifying Port Security
This topic describes how to verify that port security is properly configured.
Verification
• Verifies the ports on which port security has been enabled
• Displays security violation count information and security actions to be
taken per interface
Switch# show port-security interface GigabitEthernet0/1

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 60 mins
Aging Type : Inactivity
SecureStatic Address Aging : Enabled
Maximum MAC Addresses : 2
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.1111.aaaa:1
Security Violation Count : 0
You can use the show port-security command to verify the ports on which port security has
been enabled. This command also displays count information and security actions to be taken
per interface.
The full command syntax is as follows:
Switch# show port-security [interface intf_id] address
Arguments are provided to view the port security status by interface or to view the addresses
that are associated with port security on all interfaces.
Use the interface argument to provide output for a specific interface.

Verification
Switch# show port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
------------------------------------------------------------------------
Gi0/1 2 1 0 Shutdown
------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
Switch# show port-security address

Secure Mac Address Table
------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0000.1111.aaaa SecureDynamic Gi0/1 60 (I)
------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
You can use the show port-security command to verify the ports on which port security has
been enabled. It also displays count information and security actions to be taken per interface.
The full command syntax is as follows:
Switch# show port-security [interface intf_id] address
Arguments are provided to view the port security status by interface or to view the addresses
that are associated with port security on all interfaces.
Use the address argument to display MAC address table security information. The remaining
age column is populated only when it is specifically configured for a given interface.
The example displays output from the show port-security address privileged EXEC
command.
Port Security with Sticky MAC Addresses
This topic describes how to configure port security with sticky MAC addresses.
• Sticky MAC addresses can limit switch port access to a single, specific
MAC address without the network administrator having to gather the
MAC address of every device and manually associate it with a particular
switch port.
Switch(config)# interface GigabitEthernet0/1

Switch(config-if)# switchport port-security mac-address sticky
Converts learned MAC address

to sticky secure MAC address
Switch# show port-security address

Secure Mac Address Table
------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0000.1111.aaaa SecureSticky Gi0/1 -
Port security can be used to mitigate spoof attacks by limiting access through each switch port
to a single MAC address. This prevents intruders from using multiple MAC addresses over a
short time period but does not limit port access to a specific MAC address. The most restrictive
port security implementation would specify the exact MAC address of the single device that is
to gain access through each port. Implementing this level of security, however, requires
considerable administrative overhead.
Port security has a feature called sticky MAC addresses that can limit switch port access to a
single, specific MAC address without the network administrator having to gather the MAC
address of every legitimate device and manually associate it with a particular switch port.
When sticky MAC addresses are used, the switch port will convert dynamically learned MAC
addresses to sticky MAC addresses and subsequently add them to the running configuration as
if they were static entries for a single MAC address to be allowed by port security. Sticky
secure MAC addresses will be added to the running configuration but will not become part of
the startup configuration file unless the running configuration is copied to the startup
configuration after addresses have been learned. If they are saved in the startup configuration,
they will not have to be relearned upon switch reboot, and this provides a higher level of
network security.
The command that follows will convert all dynamic port-security learned MAC addresses to
sticky secure MAC addresses:
switchport port-security mac-address sticky

Securing Unused Ports
This topic describes how to secure unused ports.
• Unsecured ports can create a security hole.

• A switch plugged into an unused port will be added to the network.
• Secure unused ports by disabling interfaces.
Switch(config)# interface GigabitEthernet0/1

Switch(config-if)# shutdown
Shuts down an interface
• To disable an interface, use the shutdown command in interface

configuration mode.
• To enable a disabled interface, use the no shutdown command
A hacker can plug a switch into an unused port and become part of the network. Therefore,
unsecured ports can create a security hole. To prevent this issue, you should secure unused
ports by disabling unused interfaces (ports).
To disable an interface, use the shutdown command in interface configuration mode. To restart
a disabled interface, use the no form of this command: no shutdown.
Summary
• Physical installation threats are hardware threats, environmental threats,

electrical threats, and maintenance threats.
• One of the password attack threat-mitigation methods is to not allow
users to use the same password on multiple systems.
• You can secure a switch by using passwords to restrict access.
• Use the banner command to configure a banner.
• Telnet is the most common method of accessing a network device.
However, Telnet is an insecure way of accessing a network and is
therefore not recommended.
• To enable SSH access to a device, you have to create an RSA key pair
first.
• You can establish an SSH connection to the SSH-enabled device using

an SSH client.
• Port security is a feature that restricts a switch port to a specific set or
number of MAC addresses.
• Port security limits MAC flooding attacks and locks down the port.
• Use the show port-security command to verify the ports on which port
security has been enabled.
• Port security with sticky MAC addresses enables administrators to limit a
port to a MAC address without explicitly specifying the MAC address.
• Secure unused ports by disabling interfaces.

Lesson 6
Performing Switched Network

Optimizations
Overview
Most complex networks include redundant devices to avoid single points of failure. Although a
redundant topology eliminates some problems, it can introduce other problems. Spanning Tree
Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while
preventing undesirable loops in a switched network.
This lesson explains port settings such as duplex, speed, and port types. The lesson identifies
switched network optimizations, including problems that are caused by redundant switched-
network topologies, and the functionality of STP to prevent these problems. It also describes
the Flex Link feature as an alternative to STP, and EtherChannel, which bundles several
physical links into one logical link.
Objectives
Upon completing this lesson, you will be able to describe basic network optimization
procedures. This ability includes being able to meet these objectives:
 Compare half-duplex and full-duplex operation in an Ethernet LAN
 Describe the media rates that are used in different layers of a service provider network
 Describe how to configure duplex and media rates in a Cisco Catalyst switch
 Describe how to verify that duplex and media rates are properly configured
 Describe the port type settings in the Cisco ME 3400 Series switches
 Describe how to configure the port type settings in the Cisco ME 3400 Series switches.
 Describe how loops can affect performance in a switched LAN
 Describe how STP protects against loops resulting from physical redundancy in an Ethernet
LAN
 Describe the spanning tree standards
 Compares the various spanning tree standards
 Describe how spanning tree operates to prevent loops
 Describe how a root bridge is selected
 Describe the function of the spanning tree cost and priority parameters
 Describe the spanning tree port states
 Describe how RSTP provides faster convergence in a switched network
 Describe the default spanning tree configuration in Cisco Catalyst switches and Cisco ME
switches
 Describe how to configure Rapid PVST+ on Cisco ME switches
 Describe how EtherChannel link bundling works
 Describe how to configure EtherChannel
 Describe how Flex Link can be used as an alternative to STP in smaller networks
 Describe how to configure Flex Link
Port Settings
This topic compares half-duplex and full-duplex operation in an Ethernet LAN.
Half Duplex:
• Unidirectional data flow
• Higher potential for collision
• Hub connectivity
Full Duplex:
• Point-to-point only
• Attached to dedicated switched port
• Requires full-duplex support on both ends
• Collision-free
• Collision detect circuit disabled
Half-duplex transmission mode implements Ethernet Carrier Sense Multiple Access with
Collision Detection (CSMA/CD). The traditional shared LAN operates in half-duplex mode
and is susceptible to transmission collisions across the wire.
Full-duplex Ethernet significantly improves network performance without the expense of
installing new media. Full-duplex transmission between stations is achieved by using point-to-
point connections. This arrangement is collision-free. Frames that are sent by the two connected
end nodes cannot collide because the end nodes use two separate circuits in the cable. Each
full-duplex connection uses only one port. Full-duplex communication increases effective
bandwidth by allowing both ends of the connection to transmit simultaneously.
Full-duplex port connections are point-to-point links between switches or end nodes, but not
between shared hubs. Nodes that are directly attached to a dedicated switch port with network
interface cards (NICs) that support full duplex should be connected to switch ports that are
configured to operate in full-duplex mode. Most NICs sold today offer full-duplex capability.
In full-duplex mode, the collision detect circuit is disabled.
Nodes that are attached to hubs that share their connection to a switch port must operate in half-
duplex mode because the end stations must be able to detect collisions.

Full-Duplex Communication
Because each device on a microsegmented switched LAN is connected directly to a port on a
switch, the switch port and that device have a point-to-point connection. In networks with hubs
instead of switches, devices can communicate in only one direction at a time because they must
compete for the network bandwidth. This type of communication is referred to as half-duplex
communication, because it allows data to be either sent or received at one time, but not both.
Microsegmented switch ports, however, can provide the devices that are connected to them
with full-duplex mode communication, allowing the devices to both send and receive data
simultaneously. This ability effectively doubles the amount of bandwidth between the devices.
Example: Data Conversations

If you use a voice communication device such as a walkie-talkie, you will be communicating in
half-duplex mode. You can talk, but then you must stop talking to hear what the person on the
other end of the communication is saying. With a telephone, however, you can communicate
with someone in full-duplex mode—each person can both talk and hear what the other person
says simultaneously.
Media Rates
This topic describes the media rates that are used in different layers of a service provider
network.
• Different speeds required at different layers of service provider network
Access
Aggregation
IP Edge
Core
Residential
Mobile Users
Business
There are a number of higher-speed Ethernet protocols (such as Fast Ethernet, Gigabit Ethernet,
10 Gigabit Ethernet) that can provide the speed that is required to ensure the performance that
is vital to service provider networks. However, the cost of implementing high-speed
connections in all parts of a service provider network would be very expensive and would not
be consistently used by all users and devices. Employing a hierarchy of connectivity, therefore,
is usually the most efficient way to supply speed where it will be most effective.
Different speeds are required at different layers of service provider networks.

Setting Duplex and Speed Options
This topic describes how to configure duplex and media rates in a Cisco Catalyst switch.
Setting Duplex Options:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#duplex {auto | full | half}
Setting Speed Options:

Switch(config-if)#speed {10 | 100 | 1000
| auto [10 | 100 | 1000] | nonegotiate}
Use the duplex interface configuration command to specify the duplex mode of operation for
switch ports.
The duplex parameters on Cisco switches are as follows:
 The auto option sets autonegotiation of duplex mode. With autonegotiation enabled, the
two ports communicate to decide the best mode of operation.
 The full option sets full-duplex mode.
 The half option sets half-duplex mode.
For Fast Ethernet and 10/100/1000 ports, the default is auto. For 100BASE-FX ports, the
default is full. The 10/100/1000 ports operate in either half- or full-duplex mode when they are
set to 10 or 100 Mb/s, but when set to 1000 Mb/s, they operate only in full-duplex mode.
Note To determine the default duplex mode settings for the Gigabit Interface Converter (GBIC)
module ports, refer to the documentation that came with your GBIC module.
You can configure interface speed on Fast Ethernet (10/100 Mb/s) and Gigabit Ethernet
(10/100/1000 Mb/s) ports. You can configure Fast Ethernet ports to full-duplex, half-duplex, or
to autonegotiate mode. You can configure Gigabit Ethernet ports to full-duplex mode or to
autonegotiate. You can also configure Gigabit Ethernet ports to half-duplex mode if the speed
is 10 or 100 Mb/s. Half-duplex mode is not supported on Gigabit Ethernet ports operating at
1000 Mb/s.
Except for 1000BASE-T small form-factor pluggable (SFP) modules that are installed in the
SFP module slots, you cannot configure speed on SFP module ports, but you can configure
speed to not negotiate (the nonegotiate command) if connected to a device that does not
support autonegotiation.
If both ends of the line support autonegotiation, you should use the default setting of
autonegotiation. If one interface supports autonegotiation and the other end does not, configure
duplex and speed on both interfaces—do not use the auto setting on the supported side.

Verifying Duplex and Speed Options
This topic describes how to verify that duplex and media rates are properly configured.
Switch# show interfaces FastEthernet 0/1

FastEthernet0/21 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e8ba.70e1.fa97 (bia e8ba.70e1.fa97)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
276235 packets input, 18119499 bytes, 0 no buffer
Received 38666 broadcasts (38666 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
Verify the duplex settings by using the show interfaces command on the switch. The show
interfaces privileged EXEC command displays statistics and status for all or specified
interfaces. The figure shows the duplex setting of an interface.
Autonegotiation can at times produce unpredictable results. By default, when autonegotiation
fails, the switch running Cisco IOS Software sets the corresponding switch port to half-duplex
mode. This type of failure happens when an attached device does not support autonegotiation.
If the device is manually configured to operate in the half-duplex mode, it will match the
default mode of the switch. However, autonegotiation errors can happen if the device is
manually configured to operate in full-duplex mode. This configuration, half-duplex on one end
and full-duplex on the other, causes late collision errors at the half-duplex end. To avoid this
situation, manually set the duplex parameters of the switch to match the attached device.
If the switch port is in full-duplex mode and the attached device is in half-duplex mode, check
for frame check sequence (FCS) errors on the switch full-duplex port.
You can use the show interfaces command to check for FCS late collision errors.
Cisco ME 3400 Series Port Types
This topic describes the port type settings in the Cisco ME 3400 Series switches.
ME switches have three port types:

• User Network Interface (UNI)
- No switching of local traffic
- Host A on UNI port cannot see host B
on other UNI port
- Ports connected to end devices Customer Core
Network Network
• Network-to-Network Interface (NNI)
- Only four ports can be configured as UNI NNI
NNI ports or
ENI
- Ports connected to end devices
• Enhanced Network Interface (ENI)
- Same functionality as UNI ports
- Support for some additional protocols
that are not supported in UNI ports
(Cisco Discovery Protocol, STP,
LACP, PAgP)
Cisco ME 3400 Series switches are designed to meet the needs of Metro Ethernet service
providers. They introduce new concepts and features to make the product easier to manage,
deploy, and troubleshoot. One of new features is the concept of three port types:
 UNI: User-Network Interface
 NNI: Network-to-Network Interface
 ENI: Enhanced Network Interface
Based on the port type, certain features or behaviors are enabled or disabled to ease
configuration, deployment, and troubleshooting.
UNI ports have these features or behaviors, by default:
 No switching of local traffic—no local switching protects customers from each other. (Host
A does not see host B.)
 Control-Plane Security is enabled, which protects against DoS attacks.
 By using multiple UNI ports on the same device, up to eight UNI ports can be configured
to do local switching.
NNI ports have these features or behaviors, by default:

 For the Cisco ME 3400-24TS switch, by default, the two SFP ports are NNI ports.
 For the Cisco ME 3400G-12CS and ME 3400G-2CS switches, by default, the SFP-only
ports are NNI ports.
 There can be a maximum of four ports defined as NNI ports (This is applicable to Cisco
ME 3400-24TS and ME 3400G-12CS switches. All four ports can be configured as NNI on
Cisco ME 3400G-2CS switches.)

ENI ports have these features or behaviors, by default:
 ENI ports have the same functionality as UNI ports.
 ENI ports support some additional protocols that are not supported in UNI ports.
Note In Cisco IOS Software Release 12.2(25)SEG and later—if the metro IP access image is
running, all ports can be optionally configured as NNI (not limited to 4).
UNI ports are typically connected to a host, such as a PC or a Cisco IP phone. NNI ports are
typically connected to a router or to another switch. ENI ports have the same functionality as
UNI ports, but can be configured to support protocol control packets for Cisco Discovery
Protocol, STP, Link Layer Discovery Protocol (LLDP), and EtherChannel Link Aggregation
Control Protocol (LACP) or Port Aggregation Protocol (PAgP). By default, the 10/100 ports
and the dual-purpose ports on Cisco ME 3400-12CS and ME 3400-2CS switches are
configured as UNI ports, and the SFP-only module uplink ports are configured as NNI ports.
You must configure ports to be ENIs—no ports are ENIs by default.
Configuring the Port Type in Cisco ME 3400 Series
Switches
This topic describes how to configure the port type settings in the Cisco ME 3400 Series
switches.
Setting Port Type:

Switch(config-if)#port-type {eni | nni | uni}
Verifying Interface Port Types:

Switch# show port-type
Port Name Vlan Port Type
--------- ------------------ ---------- ----------------------------
Fa0/1 1 User Network Interface (uni)
.
.
.
Fa0/21 1 Enhanced Network Interface (eni)
Gi0/1 1 Network Node Interface (nni)
Gi0/2 1 Network Node Interface (nni)
By default, all of the 10/100 ports on the Cisco ME switch are configured as UNI ports, and the
SFP module ports are configured as NNI ports. You can also configure the port type as ENI.
You use the port-type interface configuration command to change the port types. If the switch
is running the metro base or metro access image, only four ports on the switch can be
configured as NNI ports at one time, but all ports on the switch can be configured as UNI ports
or ENI ports. Starting with Cisco IOS Release 12.2(25)SEG, if the switch is running the metro
IP access image, there is no limit to the number of NNI ports that can be configured on the
switch.
When you change a port from NNI to UNI or ENI, or the reverse, any features exclusive to the
port type revert to the default configuration. For Layer 2 protocols, such as STP, Cisco
Discovery Protocol, and LLDP, the default for UNI and ENI ports is disabled (although they
can be enabled on ENI ports) and the default for NNI ports is enabled.
The default state for a UNI or ENI port is administratively down to prevent unauthorized users
from gaining access to other ports as you configure the switch. Traffic is not switched between
these ports, and all arriving traffic at UNI or ENI ports must leave on NNI ports to prevent a
user from gaining access to the private network of another user.
The default status for an NNI port is administratively up to allow a service provider remote
access to the switch during initial configuration. A port can be reconfigured from UNI to NNI
or ENI and the reverse. When a port is reconfigured as another interface type, it inherits all the
characteristics of that interface type. When you reconfigure a UNI or ENI port to be an NNI
port, you must enable the port before it becomes active.

Changing the port type from UNI to ENI does not affect the administrative state of the port. If
the UNI status is shut down, it remains shut down when reconfigured as an ENI port. If the port
is in a no shutdown state, it remains in the no shutdown state. At any time, all ports on the
Cisco ME switch are either UNI, NNI, or ENI.
To display interface type information for the Cisco ME switch, use the show port-type
command.
Network Redundancy and Loops
This topic describes how loops can affect performance in a switched LAN.
• Redundant topology eliminates single point of failure

• Redundant switch topology causes broadcast storms, multiple frame
copies, and MAC address table instability
• Loop avoidance mechanism is required
LOOP
While redundant designs can eliminate the possibility of a single point of failure that causes a
loss of function for the switched or bridged network, you must consider problems that
redundant designs can cause. Some of the problems that can occur with redundant links and
devices in switched or bridged networks are as follows:
 Broadcast storms: Without some loop-avoidance process in operation, each switch or
bridge floods broadcasts endlessly. This situation is commonly called a broadcast storm.
 Multiple frame transmission: Multiple copies of unicast frames may be delivered to
destination stations. Many protocols expect to receive only a single copy of each
transmission. Multiple copies of the same frame can cause unrecoverable errors.
 MAC database instability: Instability in the content of the MAC address table results
from copies of the same frame being received on different ports of the switch. Data
forwarding can be impaired when the switch consumes the resources that are coping with
instability in the MAC address table.
Layer 2 LAN protocols, such as Ethernet, lack a mechanism to recognize and eliminate
endlessly looping frames. Some Layer 3 protocols implement a Time to Live (TTL) mechanism
that limits the number of times that a Layer 3 networking device can retransmit a packet.
Lacking such a mechanism, Layer 2 devices continue to retransmit looping traffic indefinitely.
A loop-avoidance mechanism is required to solve each of these problems.

Broadcast storms:
• Host X sends a broadcast.
• Switches continue to propagate broadcast traffic.
A broadcast storm occurs when each switch on a redundant network floods broadcast frames
endlessly. Switches flood broadcast frames to all ports except the port on which the frame was
received.
Example: Broadcast Storms

The figure illustrates the problem of a broadcast storm. The following describes the sequence of
events that start a broadcast storm:
1. When host X sends a broadcast frame, such as an Address Resolution Protocol (ARP) for
its default gateway (router Y), switch A receives the frame.
2. Switch A examines the destination address field in the frame and determines that the frame
must be flooded onto the lower Ethernet link, segment 2.
3. When this copy of the frame arrives at switch B, the process repeats, and the frame is
forwarded to the upper Ethernet segment, which is segment 1, near switch B.
4. Because the original copy of the frame also arrives at switch B from the upper Ethernet
link, these frames travel around the loop in both directions, even after the destination
station has received a copy of the frame.
A broadcast storm can disrupt normal traffic flow. It can also disrupt all of the devices on the
switched or bridged network because the CPU in each device on the segment must process the
broadcasts. Thus, a broadcast storm can lock up the PCs and servers that are trying to process
all of the broadcast frames.
A loop avoidance mechanism eliminates this problem by preventing one of the four interfaces
from transmitting frames during normal operation, therefore breaking the loop.
Multiple frame copies:
• Host X sends a unicast frame to router Y.
• The MAC address of router Y has not been
learned by either switch.
• Router Y will receive two copies of the same frame.
In a redundant topology, multiple copies of the same frame can arrive at the intended host,
potentially causing problems with the receiving protocol. Most protocols are not designed to
recognize or cope with duplicate transmissions. In general, protocols that make use of a
sequence-numbering mechanism assume that many transmissions have failed and that the
sequence number has recycled. Other protocols attempt to hand the duplicate transmission to
the appropriate upper-layer protocol (ULP), with unpredictable results.
Example: Multiple Transmissions

The figure illustrates how multiple transmissions can occur. The following lists the sequence of
events describing how multiple copies of the same frame can arrive at the intended host:
1. When host X sends a unicast frame to router Y, one copy is received over the direct
Ethernet connection, segment 1. At more or less the same time, switch A receives a copy of
the frame and puts it into its buffers.
2. If switch A examines the destination address field in the frame and finds no entry in the
MAC address table for router Y, switch A floods the frame on all ports except the
originating port.
3. When switch B receives a copy of the frame through switch A on segment 2, switch B also
forwards a copy of the frame to segment 1 if it cannot locate an entry in the MAC address
table for router Y.
4. Router Y receives a copy of the same frame for the second time.
A loop-avoidance mechanism eliminates this problem by preventing one of the four interfaces
from transmitting frames during normal operation, therefore breaking the loop.

MAC database instability:
• Host X sends a unicast frame to router Y.
• The MAC address of router Y has not been learned by either switch.
• Switches A and B learn the MAC address of host X on port 1.
• The frame to router Y is flooded.
• Switches A and B incorrectly learn the MAC address of host X on port 2.
MAC database instability results when multiple copies of a frame arrive on different ports of a
switch. This subtopic describes how MAC database instability can arise and the problems that
can result.
Example: Instability of the MAC Database

In the figure, switch B installs a database entry, mapping the MAC address of host X to port 1.
Sometime later, when the copy of the frame that is transmitted through switch A arrives at port
2 of switch B, switch B removes the first entry and installs an entry that incorrectly maps the
MAC address of host X to port 2, which connects to segment 2.
Depending on its internal architecture, the switch in question may or may not cope well with
rapid changes in its MAC database. Again, a loop-avoidance mechanism eliminates this
problem by preventing one of the four interfaces from transmitting frames during normal
operation, therefore breaking the loop.
Spanning Tree Protocol
This topic describes how STP protects against loops resulting from physical redundancy in an
Ethernet LAN.
• Provides a loop-free redundant network topology by placing certain ports

in the blocking state
• STP published in the IEEE 802.1D specification
• MST and PVRST+ have become the predominant spanning tree
protocols
NO
LOOP
STP provides loop resolution by managing the physical paths to given network segments. STP
allows physical path redundancy while preventing the undesirable effects of active loops in the
network. STP is an IEEE committee standard defined as 802.1D.
STP behaves as follows:
 STP forces certain ports into a standby state so that they do not listen to, forward, or flood
data frames. The overall effect is that there is only one path to each network segment that is
active at any time.
 If there is a problem with connectivity to any of the segments within the network, STP re-
establishes connectivity by automatically activating a previously inactive path, if one
exists.
 Currently, Multiple Spanning Tree (MST) and Rapid Per VLAN Spanning Tree Plus
(Rapid PVST+) have become the predominant protocols—therefore, this course will focus
on these protocols.
STP uses bridge protocol data units (BPDUs) to communicate between switches.

Spanning Tree Standards
This topic describes the spanning tree standards.
• 802.1D-1998: The legacy standard for bridging and STP

- CST: Assumes one spanning-tree instance for the entire bridged network,
regardless of the number of VLANs
• PVST+: A Cisco enhancement of STP that provides a separate 802.1D
spanning-tree instance for each VLAN configured in the network
• 802.1D-2004: An updated bridging and STP standard
• 802.1s (MST): Maps multiple VLANs into the same spanning-tree
instance
• 802.1w (RSTP): Improves convergence over 1998 STP by adding roles
to ports and enhancing BPDU exchanges
• Rapid PVST+: A Cisco enhancement of RSTP using PVST+
There are several varieties of spanning tree protocols:

 STP itself is the original IEEE 802.1D version (802.1D-1998) that provides a loop-free
topology in a network with redundant links.
 Common Spanning Tree (CST) assumes one spanning-tree instance for the entire bridged
network, regardless of the number of VLANs.
 PVST+ is a Cisco enhancement of STP that provides a separate 802.1D spanning-tree
instance for each VLAN configured in the network. The separate instance supports
PortFast, UplinkFast, BackboneFast, BPDU guard, BPDU filter, root guard, and loop
guard.
 The 802.1D-2004 version is an updated version of the STP standard. It includes other
standards.
 Multiple Spanning Tree Protocol (MSTP) is an IEEE standard inspired by the earlier Cisco
proprietary Multi-Instance Spanning Tree Protocol (MISTP) implementation. MST maps
multiple VLANs into the same spanning-tree instance. The Cisco implementation of MSTP
is MST, which provides up to 16 instances of Rapid STP (RSTP) and combines many
VLANs with the same physical and logical topology into a common RSTP instance. Each
instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard.
 RSTP, or IEEE 802.1w, is an evolution of STP that provides faster convergence of STP.
 Rapid PVST+ is a Cisco enhancement of RSTP that uses Per VLAN Spanning Tree Plus
(PVST+). Rapid PVST+ provides a separate instance of 802.1w per VLAN. The separate
instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard.
Note When Cisco documentation and this course refer to implementing RSTP, they are referring
to the Cisco RSTP implementation, or Rapid PVST+.
The Cisco RSTP implementation (Rapid PVST+) is far superior to that of 802.1D STP and
even PVST+, from a convergence perspective. It greatly improves the restoration times for any
VLAN that requires a topology convergence because a link status has changed to up, and it
greatly improves the convergence time over BackboneFast for any indirect link failures.
Note If a network includes other vendor switches, you should isolate the different STP domains
with Layer 3 routing to avoid STP compatibility issues.

Comparison of Spanning Tree Protocols
This topic compares the various spanning tree standards.
Resources
Standard Convergence
Needed
STP 802.1D Low Slow
PVST+ Cisco High Slow
RSTP 802.1w Medium Fast
Rapid PVST+ Cisco Very high Fast
MSTP 802.1s Cisco Medium or high Fast
These are characteristics of various spanning tree protocols:

 STP assumes one 802.1D spanning-tree instance for the entire bridged network, regardless
of the number of VLANs. Because there is only one instance, the CPU and memory
requirements for this protocol are lower than for the other protocols. However, because
there is only one instance, there is only one root bridge and one tree. This means that traffic
for all VLANs flows over the same patch, which can lead to suboptimal traffic flows.
Because of the limitation of 802.1D, STP is slow to converge.
 PVST+ is a Cisco enhancement of STP that provides a separate 802.1D spanning-tree
instance for each VLAN that is configured in the network. The separate instance supports
PortFast, UplinkFast, BackboneFast, BPDU guard, BPDU filter, root guard, and loop
guard. Creating an instance for each VLAN increases the CPU and memory requirements
but allows for per-VLAN root bridges, which allows the STP tree to be optimized for the
traffic of each VLAN. Convergence of this version is similar to the convergence of 802.1D.
However, convergence is per-VLAN.
 RSTP, or IEEE 802.1w, is an evolution of STP that provides faster STP convergence. This
version addresses many of the convergence issues, but because it still has a single instance
of STP, it does not address the suboptimal traffic flow issues. To support faster
convergence, the CPU usage and memory requirements of this version are slightly more
than those of CST but less than those of RSTP+.
 Rapid PVST+ is a Cisco enhancement of RSTP that uses PVST+. It provides a separate
instance of 802.1w per VLAN. The separate instance supports PortFast, BPDU guard,
BPDU filter, root guard, and loop guard. This protocol addresses both the convergence
issues and the suboptimal traffic flow issues. To address these issues, this version has the
largest CPU and memory requirements.
 MSTP is an IEEE standard inspired by the earlier Cisco proprietary MISTP
implementation. To reduce the number of required STP instances, MSTP maps multiple
VLANs that have the same traffic flow requirements into the same spanning-tree instance.
The Cisco implementation of MSTP is MST, which provides up to 16 instances of RSTP
(802.1w) and combines many VLANs with the same physical and logical topology into a
common RSTP instance. Each instance supports PortFast, BPDU guard, BPDU filter, root
guard, and loop guard. The CPU and memory requirements of this protocol are less than
those of Rapid PVST+ but more than those of RSTP.

Spanning Tree Operation
This topic describes how spanning tree operates to prevent loops.
STP and its successor protocols provide loop resolution by managing the physical paths to
given network segments. STP allows physical path redundancy while preventing the
undesirable effects of active loops in the network. STP is an IEEE committee standard defined
as 802.1D. RSTP is defined as 802.1w.
STP and RSTP behave as follows:
 STP forces certain ports into a standby state so that they do not listen to, forward, or flood
data frames. The overall effect is that there is only one path to each network segment that is
active at any time.
 If there is a problem with connectivity to any of the segments within the network, STP or
RSTP reestablishes connectivity by automatically activating a previously inactive path, if
one exists.
• One root bridge per broadcast domain
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused
STP performs three steps to provide a loop-free logical network topology:

1. Elects one root bridge: STP has a process for electing a root bridge. Only one bridge can
act as the root bridge in a given network. On the root bridge, all ports are designated ports.
Designated ports are normally in the forwarding state. When in the forwarding state, a port
can send and receive traffic. In the figure, switch X is elected as the root bridge.
2. Selects the root port on the non-root bridge: STP establishes one root port on each non-
root bridge. The root port is the lowest-cost path from the non-root bridge to the root
bridge. Root ports are normally in the forwarding state. Spanning-tree path cost is an
accumulated cost that is calculated on the bandwidth. In the figure, the lowest-cost path to
the root bridge from switch Y is through the 100BASE-T Fast Ethernet link.
3. Selects the designated port on each segment: On each segment, STP establishes one
designated port. The designated port is selected on the bridge that has the lowest-cost path
to the root bridge. Designated ports are normally in the forwarding state, forwarding traffic
for the segment. In the figure, the designated port for both segments is on the root bridge
because the root bridge is directly connected to both segments. The 10BASE-T Ethernet
port on switch Y is a nondesignated port because there is only one designated port per
segment. Nondesignated ports are normally in the blocking state to logically break the loop
topology. When a port is in the blocking state, it is not forwarding traffic but can still
receive traffic.

On a non-root bridge, as the spanning tree receives BPDUs on various ports, it determines the
roles that each port will fill in the topology. There are four 802.1D port roles.
Port Role Description
Root port This port exists on non-root bridges and is the switch port with the best
path to the root bridge. Root ports forward traffic toward the root bridge,
and the source MAC address of frames that are received on the root
port is capable of populating the MAC table. Only one root port is
allowed per bridge.
Designated port This port exists on root and non-root bridges. For root bridges, all
switch ports are designated ports. For non-root bridges, a designated
port is the switch port that will receive and forward frames toward the
root bridge as needed. Only one designated port is allowed per
segment. If multiple switches exist on the same segment, an election
process determines the designated switch, and the corresponding
switch port begins forwarding frames for the segment. Designated ports
are capable of populating the MAC table.
Nondesignated port The nondesignated port is a switch port that is not forwarding (blocking)
data frames and is not populating the MAC address table with the
source addresses of frames that are seen on that segment.
Disabled port The disabled port is a switch port that is shut down.
By examining the switch port roles on a switch, the spanning tree can determine the most
desirable forwarding path for data frames.
Root Bridge Selection
This topic describes how a root bridge is selected.
• Root bridge = switch with lowest bridge ID

• Switch X is root bridge
Default Priority: 32768 Default Priority: 32768

MAC: 0c000.1111.1111 MAC: 0c000.2222.2222
Switch X Switch Y
Bridge
Bridge ID = MAC Address
Priority
2 bytes 6 bytes
Switches and bridges running the spanning-tree algorithm exchange configuration messages
with other switches and bridges at regular intervals (every 2 seconds, by default). Switches and
bridges exchange these messages using a multicast frame that is called the bridge protocol data
unit (BPDU). One of the pieces of information included in the BPDU is the bridge ID (BID).
STP calls for each switch or bridge to be assigned a unique BID. Typically, the BID consists of
a priority value (2 bytes) and the bridge MAC address (6 bytes). The default priority, in
accordance with IEEE 802.1D, is 32,768 (1000 0000 0000 0000 in binary, or 0x8000 in
hexadecimal format), which is the midrange value. The root bridge is the bridge with the lowest
BID.
Note A Cisco switch uses one of its MAC addresses from a pool of MAC addresses that are
assigned either to the backplane or to the supervisor module, depending on the switch
model.
Example: Selecting the Root Bridge

In the figure, both switches are using the same default priority. The switch with the lowest
MAC address is the root bridge. In the example, switch X is the root bridge with a BID of
0x8000 (0c00.1111.1111).

Spanning Tree Cost and Priority
This topic describes the function of the spanning tree cost and priority parameters.
• Cost determines root port determination

• Root port is the port with lowest cumulative cost from non-root bridge to
root bridge
• For ports with equal cost, priority is used as arbitration
To determine its root port (the best port toward the root bridge), each switch uses a cost value.
Each port link speed is associated with a cost. The cost to the root bridge is calculated using the
cumulative costs of all links between the local switch and the root bridge.
Common cost values are as follows:
10-Gb/s link: cost 1
1-Gb/s link: cost 4
100-Mb/s link: cost 19
10-Mb/s link: cost 100
The root port is the port with the lowest cumulative cost from the non-root bridge to the root
bridge.
Example: Selecting the Root Port on Non-Root Bridge

In the preceding example, switch 0000.1111.3333 has three links that can link to the root
bridge. Suppose that all links are 100-Mb/s links.
Both Port 1 and Port 2 would have a cost of 19. Port 3 would have a cost of 38. Port 1 or Port 2
would be elected as root port.
When two ports have the same cost, arbitration can be done using the priority value. Priority is
a combination of a default value and port number. The default value is 128. The first port will
have a priority of 128.1, the second port will have a priority of 128.2, and so on. With this
logic, the lower port is always chosen as the root port when priority is the determining factor.
Spanning Tree Port States
This topic describes the spanning tree port states.
• Spanning tree transits each port through several different states:
When you power up the switch, spanning tree is enabled by default, and every NNI port in the
Cisco ME switch (and every ENI port on which STP has been enabled), as well as any other
port in other switches in the VLAN or network that are participating in spanning tree, goes
through the blocking and transitory states of listening and learning. Spanning tree stabilizes
each interface at the forwarding or blocking state.
Note UNI ports on a Cisco ME switch are shut down, by default, and when they are brought up,
they immediately start forwarding traffic. ENI ports act the same as UNI ports, unless you
have specifically enabled STP on the port. UNI ports are always in the forwarding state. ENI
ports in the default STP mode (disabled) are also in the forwarding state, but you can enable
STP on an ENI port.
Each Layer 2 port on a switch running STP exists in one of these five port states:
 Blocking: In this state, the Layer 2 port is a nondesignated port and does not participate in
frame forwarding. The port receives BPDUs to determine the location and root ID of the
root switch and which port roles (root, designated, or nondesignated) each switch port
should assume in the final active STP topology. By default, the port spends 20 seconds in
this state (max age).
 Listening: In this state, the spanning tree has determined that the port can participate in
frame forwarding according to the BPDUs that the switch has received so far. At this point,
the switch port is not only receiving BPDUs, but is also transmitting its own BPDUs and
informing adjacent switches that the switch port is preparing to participate in the active
topology. By default, the port spends 15 seconds in this state (forward delay).

 Learning: In this state, the Layer 2 port prepares to participate in frame forwarding and
begins to populate the content-addressable memory (CAM) table. By default, the port
spends 15 seconds in this state (forward delay).
 Forwarding: In this state, the Layer 2 port is considered part of the active topology, and
forwards frames and also sends and receives BPDUs.
 Disabled: In this state, the Layer 2 port does not participate in spanning tree and does not
forward frames. The disabled state is not strictly part of STP, and a network administrator
can manually disable a port.
Rapid Spanning Tree Protocols
This topic describes how RSTP provides faster convergence in a switched network.
RSTP provides much faster convergence when topology changes occur in

a switched network:
• Specific port states:
- Discarding
- Learning
- Forwarding
• Specific port roles:
- Root port
- Designated port
- Alternative port
- Backup port
RSTP is an improvement on the original 802.1D STP standard. RSTP provides faster
convergence when topology changes occur in a switched network. By using specific port states,
port roles, and link types, RSTP quickly adapts to network topology transitions.
Configuration of RSTP is much the same as in 802.1D, except for a few variations and
identifiable characteristics in the spanning tree verification commands.
RSTP provides rapid convergence following the failure or re-establishment of a switch, switch
port, or link. An RSTP topology change will cause a transition in the appropriate switch ports
to the forwarding state through either explicit handshakes or a proposal and agreement process
and synchronization.
With RSTP, the role of a port is separated from the state of a port. For example, a designated
port could be in the discarding state temporarily, even though its final state is to be forwarding.
The RTSP port states correspond to the three basic operations of a switch port: discarding,
learning, and forwarding.
The table describes the characteristics of RSTP port states.
Port State Description
Discarding This state is seen in both a stable active topology and during topology synchronization and
changes. The discarding state prevents the forwarding of data frames, thus “breaking” the
continuity of a Layer 2 loop.
Learning This state is seen in both a stable active topology and during topology synchronization and
changes. The learning state accepts data frames to populate the MAC table to limit flooding
of unknown unicast frames.
Forwarding This state is seen only in stable active topologies. The forwarding switch ports determine the
topology. Following a topology change, or during synchronization, the forwarding of data
frames occurs only after a proposal and agreement process.

In all port states, a port will accept and process BPDU frames.
The port role defines the ultimate purpose of a switch port and the way that it handles data
frames. Port roles and port states are able to transition independently of each other. RSTP uses
these definitions for port roles.
The table defines port roles.
Port Role Description
Root port The root port is the switch port on every non-root bridge that is the chosen
path to the root bridge. There can be only one root port on every switch. The
root port assumes the forwarding state in a stable active topology.
Designated port Each segment has at least one switch port as the designated port for that
segment. In a stable, active topology, the switch with the designated port
receives frames on the segment that are destined for the root bridge. There
can be only one designated port per segment. The designated port assumes
the forwarding state. All switches that are connected to a given segment
listen to all BPDUs and determine the switch that will be the designated
switch for a particular segment.
Alternative port The alternative port is a switch port that offers an alternative path toward the
root bridge. The alternative port assumes a discarding state in a stable,
active topology. An alternative port is present on nondesignated switches
and makes a transition to a designated port if the current designated path
fails.
Backup port The backup port is an additional switch port on the designated switch with a
redundant link to the segment for which the switch is designated. A backup
port has a higher port ID than the designated port on the designated switch.
The backup port assumes the discarding state in a stable, active topology.
Establishing the additional port roles allows RSTP to define a standby switch port before a
failure or topology change. The alternative port moves to the forwarding state if there is a
failure on the designated port for the segment.
A proposal and agreement process between neighbor switches is unique to RSTP. Also,
topology change notifications (TCNs) are transferred in a very different manner than they are in
802.1D STP operation. Configuration of RSTP is much the same as in 802.1D, except for a few
variations and identifiable characteristics in the spanning tree verification commands.
Default Spanning Tree Configuration
This topic describes the default spanning tree configuration in Cisco Catalyst switches and
Cisco ME switches.
• Default spanning tree configuration for Cisco Catalyst switches:

- PVST+
- Enabled on all ports in VLAN 1
- Slower convergence after topology change
• Default spanning tree configuration for Cisco ME switches:
- Rapid PVST+
- Faster convergence after topology change
- Enabled on NNI ports in VLAN 1
- Disabled on ENI ports (can be enabled)
- Not supported on UNI ports
Cisco Catalyst switches support three types of spanning tree:

 PVST+
 Rapid PVST+
 MSTP
The default spanning tree mode for Cisco Catalyst switches is PVST+, which is enabled on all
ports. PVST+ has slower convergence after a topology change than Rapid PVST+.
The default spanning tree mode for Cisco ME switches is Rapid PVST+, which is enabled by
default only for NNI ports. Rapid PVST+ can be enabled on ENI ports also. No spanning tree
standard is supported on UNI ports.

Configuring Rapid PVST+ on Cisco ME Switches
This topic describes how to configure Rapid PVST+ on Cisco ME switches.
• Enable/change spanning tree mode to Rapid PVST+
• Set the port type of Fa 0/21 to ENI and Fa 0/23 to NNI on SW1
• Enable spanning tree on SW1 ENI ports
• Remember: spanning tree should be enabled on all ENI ports
SW1
Fa 0/23 Fa 0/21
(NNI) (ENI)
Fa 0/21 Fa 0/21
Fa 0/23 Fa 0/23
SW2 SW3
The figure shows an example of a configuration scenario. On SW1, Rapid PVST+ mode of
spanning tree will be configured. This mode is actually the default configuration of a spanning
tree option on Cisco ME switches.
Additionally, the port type on interface Fast Ethernet 0/21 will be changed to ENI, while
interface Fast Ethernet 0/23 port type will be changed to NNI. While NNI ports are spanning
tree-enabled, by default, this is not the case with ENI ports. This is why spanning tree should be
manually enabled on the ENI switch port.
Only the configuration on the SW1 switch will be shown.
Configuration
SW1
Fa 0/23 Fa 0/21
(NNI) (ENI)
SW2 SW3
spanning-tree mode rapid-pvst Sets spanning tree

interface FastEthernet0/21 mode to Rapid PVST+.
port-type eni Sets interface port
spanning-tree type to ENI.
!
port-type nni
Sets interface port
type to NNI.
The figure shows a configuration for Rapid PVST+ for Cisco ME switches. Use the spanning-
tree mode global configuration command to enable Rapid PVST+:
spanning-tree mode {mst | pvst | rapid-pvst}
Use the port-type interface configuration command to change the port types to NNI or ENI.
Note On a Cisco ME switch, UNI ports are always in the forwarding state. ENI ports in the default
STP mode (disabled) are also in the forwarding state, but you can enable STP on an ENI
port.
Note UNI ports are shut down by default, and when they are brought up, they immediately start
forwarding traffic. ENI ports act the same as UNI ports, unless you have specifically enabled
STP on the port.
Use the spanning-tree interface configuration command with no keywords on an ENI port to
enable a spanning-tree instance on the interface.

Verification
• Displays bridge ID of local switch (Bridge ID) and bridge ID of root bridge (Root ID)
• Displays status and role of interfaces
• Displays spanning tree characteristics of local switch and root bridge
SW1# show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address e8ba.70b5.4280
Cost 19
Port 25 (FastEthernet0/23)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address e8ba.70e1.fa80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------
Fa0/21 Altn BLK 19 128.23 P2p
Fa0/23 Root FWD 19 128.25 P2p
To verify STP or Rapid PVST+ operation, use the show spanning-tree vlan command. This
command reveals spanning tree mode, bridge ID of local switch (Bridge ID), and bridge ID of
the root bridge (Root ID). MAC addresses for the local switch are different than for the root
bridge, so the SW1 switch is not the root bridge. You can also assume that from the fact that
one of the ports on the SW1 switch is in a blocking state.
Verification
• Shows where root bridge resides
• SW2 is root bridge
SW1
Fa 0/23 Fa 0/21
(NNI) X (ENI)
Fa 0/21 Fa 0/21
Fa 0/23 Fa 0/23
SW2 SW3
SW1# show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
VLAN0001 32769 e8ba.70b5.4280 19 2 20 15 Fa0/23
To check, from SW1, which switch (SW2 or SW3) is the root bridge, use the show spanning-
tree root command. This command shows where the root bridge resides. In the example, the
root bridge resides on the Fa 0/23 interface, meaning that SW2 is the root bridge because it has
the lowest bridge ID.

EtherChannel
This topic describes how EtherChannel link bundling works.
• Creates logical links made up of

several similar physical links
• Viewed as one logical link to STP
• Provides the following:
- More bandwidth
- Load balancing
- Redundancy
• Supported for switch ports (Layer 2)
and routed ports (Layer 3)
EtherChannel is a technology that allows you to create logical links that are made up of several
physical links. You will learn how to configure Layer 2 EtherChannels.
EtherChannel is a technology that was originally developed by Cisco as a LAN switch-to-
switch technique of grouping several Fast Ethernet or Gigabit Ethernet ports into one logical
channel. This technology has many benefits:
 It relies on the existing switch ports. There is no need to upgrade the switch-to-switch link
to a faster and more expensive connection.
 Most of the configuration tasks can be done on the EtherChannel interface instead of on
each individual port, thus ensuring configuration consistency throughout the switch-to-
switch links.
 EtherChannel provides redundancy. The overall link is seen as one logical connection, so
the loss of one physical link does not create a change in the topology. Spanning tree
recalculation does not need to take place. As long as at least one physical link is present,
the EtherChannel is functional, even if its overall throughput decreases.
 Load balancing is possible between the links of the same EtherChannel. Depending on the
hardware platform, you can implement one or several methods, such as source-MAC to
destination-MAC or source-IP to destination-IP load balancing across the physical links.
EtherChannel is always implemented in powers of two—two, four, or eight physical links can
be bundled together into a logical EtherChannel link. Keep in mind that the logic of
EtherChannel is to increase the speed between switches. This concept was extended as the
EtherChannel technology became more popular, and some hardware nonswitch devices support
link aggregation into an EtherChannel link. In any case, EtherChannel creates a one-to-one
relationship. You can create an EtherChannel link between two switches or between an
EtherChannel-enabled server and a switch, but you cannot send traffic to two different switches
through the same EtherChannel link. One EtherChannel link always connects two devices only.
The individual EtherChannel group member port configuration must be consistent on both
devices. If the physical ports of one side are configured as trunks, the physical ports of the other
side must also be configured as trunks. Each EtherChannel has a logical port channel interface.
A configuration that is applied to the port channel interface affects all physical interfaces that
are assigned to that interface. (This configuration can consist of STP commands or commands
to configure a Layer 2 EtherChannel as a trunk or an access port.)
You can use the EtherChannel technology to bundle ports of the same type. On a Layer 2
switch, EtherChannel is used to aggregate access ports or trunks. Keep in mind that
EtherChannel creates an aggregation that is seen as one logical link. When several
EtherChannel bundles exist between two switches, spanning tree may block one of the bundles
to prevent redundant links. When spanning tree blocks one of the redundant links, it blocks one
EtherChannel, thus blocking all the ports belonging to this EtherChannel link. Where there is
only one EtherChannel link, all physical links in the EtherChannel are active because spanning
tree sees only one (logical) link.
On Layer 3 switches, you can convert switched ports to routed ports. You can also create
EtherChannel links on Layer 3 links. This functionality will be highlighted in a later module.

Configuring EtherChannel
This topic describes how to configure EtherChannel.
Basic tasks:
• Identify the ports to use on each switch.
• Configure channel group on interface.
- Specify a channel group number.
- Specify the mode, which will set protocol:
• On (no negotiation)
• Auto/desirable (PAgP)
• Active/passive (LACP)
• Configure port-channel interface.
- Duplex, speed, and other parameters.
• Verify connectivity.
Before implementing EtherChannel in a network, you should plan the steps necessary to make
it successful. Prior planning can help to prevent problems during the installation, because you
are logically organizing the necessary steps and providing checkpoints and verification, as
necessary.
The first step is to identify the ports that you will use for the EtherChannel on both switches.
This task helps identify any issues with previous configurations on the ports and ensures that
the proper connections are available. Each Layer 2 interface should have the appropriate
protocol identified (PAgP, LACP, or no protocol), have a channel group number to associate all
the given interfaces with a port group, and be configured as to whether negotiation should
occur.
Note In this course, interfaces will be forced to channel without PAgP or LACP protocols.
After the connections are established, a couple of commands can ensure that both sides of the
EtherChannel have formed and are providing aggregated bandwidth. When physical interfaces
are channeled, a new virtual interface is created, called port channel.
Guidelines:
• Port channel interface configuration changes affect the EtherChannel.
• Physical interface configuration changes affect the interface only.
• All interfaces within an EtherChannel must have same configuration:
- Same speed and duplex
- Same mode (access or trunk)
- Same native and allowed VLANs on trunk ports
- Same access VLAN on access ports
Configure these parameters on the port channel interface.
Follow these guidelines and restrictions when configuring EtherChannel interfaces:

 Port channel versus interface configuration: After you configure an EtherChannel, any
configuration that you apply to the port channel interface affects the EtherChannel. Any
configuration that you apply to the physical interfaces affects only the specific interface
that you configure.
 Speed and duplex: Configure all interfaces in an EtherChannel to operate at the same
speed and in the same duplex mode. If one interface in the bundle is shut down, it is treated
as a link failure and traffic will traverse other links in the bundle.
 VLAN match: All interfaces in the EtherChannel bundle must be assigned to the same
VLAN or be configured as a trunk.
 Range of VLANs: An EtherChannel supports the same allowed range of VLANs on all the
interfaces in a trunking Layer 2 EtherChannel. If the allowed range of VLANs is not the
same, the interfaces do not form an EtherChannel. For Layer 2 EtherChannels, either assign
all interfaces in the EtherChannel to the same VLAN or configure them as trunks.
Note Only NNI and ENI ports support LACP or PAgP.
 STP path cost: Interfaces with different STP port path costs can form an EtherChannel as
long as they are otherwise compatibly configured. Setting a different STP port path cost
does not, by itself, make interfaces incompatible with the formation of an EtherChannel.

• Configure EtherChannel between SW1 and SW3
• EtherChannel should be manually configured
• Bundled logical interface should be port channel 1
• Verify EtherChannel configuration
SW1
Fa 0/21
Fa 0/22
Fa 0/21
Fa 0/22
SW2 SW3
The figure shows an example configuration scenario. On SW1 and SW3, EtherChannel will be
configured.
Interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22 should be manually bundled (no
negotiation protocol used) to logical interface port channel 1.
Configuration
SW1
Fa 0/21
Fa 0/22
Fa 0/21
Fa 0/22
SW2 SW3
Selects several interfaces and

SW1(config)#interface range FastEthernet 0/21 - 22 configures them together
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
SW3(config)#interface range FastEthernet 0/21 - 22 Manually creates port

SW3(config-if-range)#channel-group 1 mode on channel interface
Creating a port-channel interface Port-channel 1
The figure shows a configuration for EtherChannel. Use the interface range command to
configure more than one interface at the same time. In the example, interfaces Fast Ethernet
0/21 and Fast Ethernet 0/22 are channeled, so these two interfaces are configured
simultaneously.
To assign the port to a channel group, use the channel-group command:
channel-group channel-group-number mode on
In the example, interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22 on SW1 and SW3 are
assigned to channel group 1, as requested.
When you configure an EtherChannel in the “on” mode, no negotiations take place. The switch
forces all compatible ports to become active in the EtherChannel. The other end of the channel
(on the other switch) must also be configured in the on mode—otherwise, packet loss can
occur.
Ports that are configured in the on mode in the same channel group must have compatible port
characteristics, such as speed and duplex. Ports that are not compatible are suspended, even
though they are configured in the on mode.
On the Cisco ME 3400 Series Ethernet Access Switch, LACP and PAgP are available only on
NNI or ENI ports. The active, auto, desirable, and passive keywords are not visible on UNI
ports.

Verification
• Displays one line of information per port channel
SW1# show etherchannel summary

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1

Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/21(P) Fa0/22(P)
When several port channel interfaces are configured on the same device, you can use the show
etherchannel summary command to display one line of information per port channel.
In the example, interfaces Fast Ethernet 0/21 and Fast Ethernet 0/22 are bundled into logical
interface port channel 1.
From here on, you can configure logical interface port channel 1 as any other physical
interface:
SW1#show interfaces Port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is e8ba.70e1.fa97 (bia
e8ba.70e1.fa97)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, link type is auto, media type is
unknown
input flow-control is off, output flow-control is
unsupported
Members in this channel: Fa0/21 Fa0/22
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:02:33, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output
drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 145 multicast, 0 pause input
0 input packets with dribble condition detected
57 packets output, 6344 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

Verification
• Provides information on the role of the interface in the EtherChannel
• Interface Fast Ethernet 0/21 is part of the EtherChannel bundle 1
SW1#show interfaces FastEthernet 0/21 etherchannel

Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Po1
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:02m:09s
Use the show interfaces type port/mod etherchannel to provide information on the role of the
interface in EtherChannel.
In the example, interface Fast Ethernet 0/21 is part of EtherChannel bundle 1.
Flex Link
This topic describes how Flex Link can be used as an alternative to STP.
• Flex Link is a pair of Layer 2 interfaces

• One interface is backup to the other active interface
• Alternative to STP
• Provides basic link redundancy
• Only one link is forwarding traffic
SW2 SW3
Flex Link
pair
Fa 0/23 Fa 0/24
SW1
Flex Links are a pair of a Layer 2 interfaces (switchports or port channels), where one interface
is configured to act as a backup to the other. The feature provides an alternative solution to the
STP, allowing users to turn off STP and still provide basic link redundancy. Flex Links are
typically configured in service provider or enterprise networks where customers do not want to
run STP on the switch. If the switch is running STP, it is not necessary to configure Flex Links
because STP already provides link-level redundancy or backup.
You configure Flex Links on one Layer 2 interface (the active link) by assigning another Layer
2 interface as the Flex Link or backup link. When one of the links is up and forwarding traffic,
the other link is in standby mode, ready to begin forwarding traffic if the other link shuts down.
At any given time, only one of the interfaces is in the linkup state and forwarding traffic. If the
primary link shuts down, the standby link starts forwarding traffic. When the active link comes
back up, it goes into standby mode and does not forward traffic. STP is disabled on Flex Link
interfaces.
In the figure, interfaces Fast Ethernet 0/23 and Fast Ethernet 0/24 on SW1 are connected to
uplink switches SW2 and SW3. Because they are configured as Flex Links, only one of the
interfaces is forwarding traffic, and the other is in standby mode. If port Fast Ethernet 0/23 is
the active link, it begins forwarding traffic between port Fast Ethernet 0/23 and SW2. The link
between Fast Ethernet 0/24 (the backup link) and SW3 is not forwarding traffic. If Fast
Ethernet 0/23 goes down, Fast Ethernet 0/24 comes up and starts forwarding traffic to SW3.
When Fast Ethernet 0/23 comes back up, it goes into standby mode and does not forward
traffic—Fast Ethernet 0/24 continues forwarding traffic.

Configuring Flex Link
This topic describes how to configure Flex Link.
Guidelines:
• You can configure only one Flex Link backup link for any active link.
• Backup link must be a different interface from the active interface.
• An interface can belong to only one Flex Link pair.
• An interface can be a backup link for only one active link.
• Neither of the links can be a port that belongs to an EtherChannel.
• A backup link does not have to be the same type (Fast Ethernet, Gigabit
Ethernet, or port channel) as the active link.
• STP is disabled on Flex Link ports.
Follow these guidelines and restrictions when configuring Flex Link pairs:
 You can configure only one Flex Link backup link for any active link, and it must be a
different interface from the active interface.
 An interface can belong to only one Flex Link pair. An interface can be a backup link for
only one active link. An active link cannot belong to another Flex Link pair.
 Neither of the links can be a port that belongs to an EtherChannel. However, you can
configure two port channels (EtherChannel logical interfaces) as Flex Links, and you can
configure a port channel and a physical interface as Flex Links, with either the port channel
or the physical interface as the active link.
 A backup link does not have to be the same type (Fast Ethernet, Gigabit Ethernet, or port
channel) as the active link. However, you should configure both Flex Links with similar
characteristics so that there are no loops or changes in behavior if the standby link begins to
forward traffic.
 STP is disabled on Flex Link ports. If STP is configured on the switch, Flex Links do not
participate in STP in all VLANs in which STP is configured. With STP not running, be
sure that there are no loops in the configured topology.
• Configure Flex Link pair of interfaces Fa 0/23 and Fa 0/24 on SW1
• Make Fa 0/24 as a backup to Fa 0/23
SW2 SW3
Flex Link
pair
Fa 0/23 Fa 0/24
(Active) (Backup)
SW1
The figure shows an example configuration scenario. On the SW1 Flex Link pair of interfaces,
Fast Ethernet 0/23 and Fast Ethernet 0/24 will be configured on SW1. Interface Fast Ethernet
0/24 is backup to the active interface, Fast Ethernet 0/23.
Configuration
SW2 SW3
Flex Link
pair
Fa 0/23 Fa 0/24
(Active) (Backup)
SW1
SW1(config)#interface FastEthernet 0/23

SW1(config-if)# switchport backup interface FastEthernet 0/24
Configures interface as
part of a Flex Link pair.
The figure shows a configuration for Flex Link. Enter the interface configuration mode of the
interface that you want to be the active interface in the Flex Link pair. Use the switchport
backup interface interface-id command to configure a physical Layer 2 interface (or port
channel) as a backup interface in a Flex Link pair.

Verification
• Displays active and backup interface in Flex Link pair
SW1# show interfaces switchport backup
Switch Backup Interface Pairs:
Active Interface Backup Interface State

------------------------------------------------------------------------
FastEthernet0/23 FastEthernet0/24 Active Up/Backup Standby
Use the show interfaces switchport backup command to display the Flex Link backup
interface that is configured for an interface, or to display all Flex Links that are configured on
the switch, and the state of each active and backup interface (up or standby mode).
In the example, interface Fast Ethernet 0/23 is the active interface in the Flex Link pair, while
interface Fast Ethernet 0/24 is the backup interface for this pair.
Summary
• You can specify duplex and speed settings on switch interfaces.

• Different media rates are required in different layers of a service provider
network.
• If both ends of the line support autonegotiation, you can use the default
setting of autonegotiation.
• You can use the show interfaces command to verify the speed and
duplex settings.
• Cisco ME switches support three types of interfaces: UNI, NNI, and ENI.
• Use the port-type command to change the port type.
• While redundant designs eliminate the possibility of a single point of
failure, you have to consider problems that redundant designs can
cause.
• STP provides a loop-free redundant topology by blocking certain ports.
• There are several variations of spanning tree protocol available.

• Rapid PVST+ addresses both the convergence issues and suboptimal
traffic flow issues.
• STP allows physical path redundancy while preventing the undesirable
effects of active loops in the network.
• Switches running STP have to first elect a root bridge.
• Each switch running STP have to calculate a cost of path toward the
root bridge.
• Each Layer 2 port on a switch running STP exists in one of these five
port states: blocking, listening, learning, forwarding, and disabled.
• RSTP is an improvement on the original STP standard and provides
faster convergence.

• The default spanning tree mode for Cisco Catalyst switches is PVST+.
• Use the spanning-tree mode rapid-pvst command to enable Rapid
PVST+.
• EtherChannel creates a logical link made up of several physical links.
• All interfaces within an EtherChannel must have the same Layer 1 and
Layer 2 configuration.
• Flex Link is a pair of Layer 2 interface, where one interface is backup to
the other active interface.
• You can configure only one Flex Link backup link for any active link.
Lesson 7
Troubleshooting Switch Issues

Overview
Most issues that affect the switched network are encountered during the original
implementation. After being installed, a network should continue to operate without issues.
Nevertheless, issues do occur—cabling becomes damaged, configurations change, new devices
are connected to the switch that require switch configuration changes, and so on. Ongoing
maintenance is necessary. This lesson describes how to troubleshoot switch issues.
This lesson explains port settings such as duplex, speed, and port types. The lesson identifies
switched network optimizations, including problems that are caused by redundant switched-
network topologies, and the functionality of STP to prevent these problems. It also describes
the Flex Link feature as an alternative to STP, and EtherChannel, which bundles several
physical links into one logical link.
Objectives
Upon completing this lesson, you will be able to identify and resolve common switch network
issues. This ability includes being able to meet these objectives:
 Describe troubleshooting layer 2 switch issues using a layered approach
 Identify and resolve common switched network copper media issues
 Describe common issues with fiber media
 Describe how to use the show interfaces command to troubleshoot media issues
 Describe how to identify excessive noise
 Describe how to identify and correct excessive numbers of collisions
 Identify and resolve common access port issues
 Describe how to identify and correct duplex-related issues
 Describe how to identify and correct speed-related issues
 Identify and resolve common configuration issues
Layered Troubleshooting
This topic describes troubleshooting layer 2 switch issues using a layered approach.
• Switches operate at Layer 2 of the OSI model.

• Switches provide an interface with the physical media.
• Problems are generally seen at Layer 1 and Layer 2.
• Layer 3 issues can arise related to access to the management functions
of the switch.
Network Layer
Data Link Layer

Problems may
Physical Layer occur here
Switches operate at Layer 1 of the Open Systems Interconnection (OSI) model, providing an
interface to the physical media. Switches also operate at Layer 2 of the OSI model, providing
switching frames that are based upon MAC addresses. Therefore, problems are generally seen
at Layer 1 and Layer 2. Some Layer 3 issues can also result, regarding IP connectivity to the
switch for management purposes.
Troubleshooting should follow a layered approach. Using a layered approach, you can isolate
and troubleshoot problems on a specific layer. Using the OSI model as a reference, you can use
a bottom-up or a top-down approach. The following pages present a bottom-up approach,
starting with the physical layer.
Copper Media Issues
This topic describes how to identify and resolve common switched network copper media
issues.
Copper media issues have several possible sources:

• Wiring becomes damaged.
• New EMI sources are introduced.
• Traffic patterns change.
• New equipment is installed.
Switched network media issues are common. Wiring often becomes damaged. These are some
examples of situations leading to media issues:
 In an environment that formerly used Category 3 wiring, maintenance installs a new air
conditioning system that introduces new EMI sources into the environment.
 In an environment using Category 5 wiring, cabling is run too close to an elevator motor.
 Poor cable management puts strain on RJ-45 connectors, causing one or more wires to
break.
 New applications change traffic patterns.
An action as simple as a user connecting a hub to the switch port in an office in order to
connect a second PC can cause an increase in collisions.

Fiber Media Issues
This topic describes common issues with fiber media.
Fiber media issues have several possible sources:

• Macrobend losses
- Bending the fiber in too small a radius causes light to escape.
- Light strikes the core or cladding at less than the critical angle.
- Total internal reflection no longer happens—light leaks out.
Light
Fiber core
Radius
greater than
25–30 mm
= no loss
There are some ways in which light can be lost from the fiber. Some of these are manufacturing
problems (for example, microbends, macrobends, and splicing fibers that do not have their
cores centered), while others are physics problems (back reflections), in which light will reflect
whenever it encounters a change in the index of refraction.
Macrobends are typically applied to the fiber during the fiber installation process.
There is an alternative explanation for light leaking out at a macrobend. Part of the traveling
light wave is called an evanescent wave and travels inside the cladding. Around the bend, part
of the evanescent wave must travel faster than the speed of light in the material. Because this is
not possible, nature radiates that part out of the fiber.
Bend losses can be minimized by designing a larger index difference between the core and the
cladding. Another approach is to operate at the shortest possible wavelength and perform good
installations.
• Splice losses
- Nonconcentric cores can cause losses for both splices and connectors.
- Both rely on the outer diameter of the fiber being concentric with the cores.
Core-to-core
Splices are a way to connect two fibers. The best way to align the fiber cores is to use the
outside diameter of the fiber as a guide. Assuming that the core is at the center of the fiber, you
can achieve a good splice. If the core is off-center, then it is impossible to create a good splice.
You must then cut the fiber further upstream and test again.
Another possible issue is that the fibers to be spliced have dirt on their ends. Dirt can cause
many problems. The worst problem is if the dirt intercepts some or all of the light from the
core. Recall that the core for single-mode fiber (SMF) is only 9 micrometres.

show interfaces Command
This topic describes how to use the show interfaces command to troubleshoot media issues.
Switch#show interfaces FastEthernet 0/1

FastEthernet0/1 is up, line protocol is up (connected) [1]
Hardware is Fast Ethernet, address is e8ba.70e1.fa83 (bia e8ba.70e1.fa83)
.
.
Output omitted
.
.

3 input errors, 3 CRC, 0 frame, 0 overrun, 0 ignored [2]
0 watchdog, 54678 multicast, 0 pause input
0 input packets with dribble condition detected
298340 packets output, 19093760 bytes, 0 underruns
[3] 8 output errors, 1790 collisions,
[4]10 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Damaged wiring and EMI commonly show up as excessive collisions and noise. Changes in
traffic patterns and the installation of a hub will show up as collisions and runt frames. These
symptoms are best viewed using the show interface command. The table explains the
highlighted fields in the figure.
Callout Field Description
1 Interface and Indicates whether the interface hardware is currently active or whether
line protocol it has been disabled by an administrator. If the interface is shown as
status "disabled," the device has received more than 5000 errors in a
keepalive interval, which is 10 seconds, by default. If the line protocol
is shown as "down" or "administratively down," the software processes
that handle the line protocol consider the interface unusable (because
of unsuccessful keepalives) or the interface has been disabled by an
administrator.
2 Input errors, Total number of errors that are related to no buffer, runt, giant, CRC,
including cyclic frame, overrun, ignored, and abort. Other input-related errors can also
redundancy increment the count, so this sum might not balance with the other
check (CRC) counts.
errors and
framing errors
3 Output errors Number of times that the receiver hardware was unable to hand
received data to a hardware buffer because the input rate exceeded
the ability of the receiver to handle the data.
4 Collisions Number of messages that are retransmitted because of an Ethernet

collision. This is usually the result of an overextended LAN. LANs can
become overextended when an Ethernet or transceiver cable is too
long or when there are more than two repeaters between stations.
Excessive Noise
This topic describes how to identify excessive noise.
Suggested steps:
• Use the show interface ethernet EXEC command:
- The command determines the status of the device Ethernet interfaces.
- The presence of many CRC errors but not many collisions is an indication of
excessive noise.
• Inspect the cables for damage.
When you troubleshoot issues that are related to excessive noise, two steps are suggested to
help isolate and resolve the issues:
 Use the show interface EXEC command to determine the status of the Ethernet interfaces
of the device. The presence of many CRC errors but not many collisions is an indication of
excessive noise.
 Inspect the cables for damage.

Excessive Collisions
This topic describes how to identify and correct excessive numbers of collisions.
Suggested steps:
• Use the show interface command to check the rate of collisions:
- The total number of collisions as a percentage of the total number of output
packets should be 0.1 percent or less.
• Use a time domain reflectometer (TDR) to find any unterminated
Ethernet cables:
- A TDR is a device that sends signals through a network medium to check
cable continuity and other attributes.
• Look for a jabbering transceiver attached to a host:
- This might require host-by-host inspection or the use of a protocol analyzer.
- Jabber occurs when a device that is experiencing circuitry or logic failure
continuously sends random (garbage) data.
When you troubleshoot issues that are related to excessive collisions, three steps are suggested
to help isolate and resolve the issue:
 Use the show interface command to check the rate of collisions. The total number of
collisions compared to the total number of output packets should be 0.1 percent or less.
 A time domain reflectometer (TDR) is a device that sends signals through a network
medium to check cable continuity and other attributes. Use a TDR to find any unterminated
Ethernet cables.
 Jabber occurs when a device that is experiencing circuitry or logic failure continuously
sends random (garbage) data. Look for a jabbering transceiver attached to a host. This
might require host-by-host inspection or the use of a protocol analyzer.
When you troubleshoot issues that are related to excessive late collisions, two steps are
suggested to help isolate and resolve the issue:
 Use a protocol analyzer to check for late collisions. Late collisions should never occur in a
properly designed Ethernet network. They usually occur when Ethernet cables are too long
or when there are too many repeaters in the network.
 Verify that the distance between the first and last host on the segment is within the
specification.
Port Issues
This topic describes how to identify and resolve common access port issues.
• Media-related issues
• Duplex-related issues
full auto
• Speed-related issues
100 auto
A media-related issue may be reported as an access issue. For example, the user may say “I
cannot access the network.” Media issues should be isolated and resolved as indicated in the
previous topic. Duplex-related issues result from a mismatch in duplex settings. Speed-related
issues result from a mismatch in speed settings.

Duplex-Related Issues
This topic describes how to identify and correct duplex-related issues.
Examples:
• One end set to full and the other set to half results in mismatch
• One end set to full and autonegotiation set on the other end
• One end set to half and autonegotiation set on the other end
• Autonegotiation set on both ends
full ? half
Here are some examples of duplex-related issues:

 One end set to full and the other set to half results in a mismatch.
 One end set to full and autonegotiation set on the other end:
— Autonegotiation fails, and that end reverts to half.
— It results in a mismatch.
 One end set to half and autonegotiation set on the other end:
— Autonegotiation fails, and that end reverts to half.
— Both ends at half, and there is no mismatch.
 Autonegotiation on both ends:
— One end fails to full, and the other end fails to half.
— Example: A Gigabit Ethernet interface defaults to full, while a 10/100 defaults to
half.
— Autonegotiation fails on both ends, and they revert to half.
Speed-Related Issues
This topic describes how to identify and correct speed-related issues.
Examples:
• One end set to one speed and the other set to another speed, resulting
in a mismatch
• One end set to a higher speed and autonegotiation enabled on the other
end
• Autonegotiation set on both ends
?
100 auto
Here are some examples of speed-related issues:

 One end set to one speed and the other set to another speed, resulting in a mismatch
 One end set to a higher speed and autonegotiation enabled on the other end:
— If autonegotiation fails, the autonegotiation end reverts to its lowest speed.
— This results in a mismatch.
— Autonegotiation fails on both ends, and they revert to their lowest speed.

Configuration Issues
This topic describes how to identify and resolve common configuration issues.
• Know what you have before you start:

- Hard copy
- Text file
- TFTP server
• Verify changes before you save:
- Confirm that the issue was corrected and no new issues were created.
• Save the current configuration:
- copy running-config start-config
• Secure the configuration:
- Password-protect the console
- Password-protect the vty
- Password-protect EXEC mode
You should always know what you have before you start with device configuration, hardware,
and topology. When you have a working configuration, keep a copy. For example, keep both a
hard copy and an electronic copy—a text file on a PC or a copy stored on a TFTP server.
When you make changes, before saving the running configuration, verify that the changes
accomplish what you wanted and do not cause unexpected issues.
Changes that are made by an unauthorized person, whether malicious or not, can be disastrous.
To ensure that you have secured the configuration, have both the console and vty ports
protected by a strong password. Also ensure that a strong password has been enabled on the
EXEC mode.
Summary
• Use a layered approach to troubleshooting.

• Issues in copper media are common and have differrent sources.
• Macrobends are typical sources of losses in fiber media.
• Use the show interface command to troubleshoot media issues.
• When you troubleshoot issues that are related to excessive noise, you
should inspect the cable for damage.
• Collisions should never occur in properly designed switched network.
• Common port issues are duplex or speed-related.
• If autonegotiation of duplex fails, both ends could revert to different
settings and there is a mismatch.
• If autonegotiation of speed fails, both ends could revert to different
settings and there is a mismatch.
• Keep a copy of configurations and protect the running configuration.

Module Summary
This topic summarizes the key points that were discussed in this module.
• A LAN includes computers, interconnections, network devices, and

protocols.
• UTP cable is four-pair wire, where wires in each pair are twisted around
each other.
• Switches operate at much higher speeds than bridges, support high port
density with large frame buffers, and provide faster internal switching.
• The major internal components of a Cisco device include CPU, RAM,
ROM, flash memory, NVRAM, and the configuration register.
• Secure a device by using passwords to restrict access by setting the
console password, virtual terminal password, and enable password.
• Redundant switch topology causes broadcast storms, multiple frame
copies, and MAC address table instability. STP provides loop-free
redundant switch topology by placing certain ports in the blocking state.
• Use a layered approach for troubleshooting common switching issues.
This module covers the basics of LAN switching and technologies used on Layer 1 and Layer 2
of the TCP/IP model. The module also covers the functions of Cisco IOS Software and its basic
configuration. The module first presents the components of LAN and Ethernet protocol. The
module then covers different media used for Ethernet on Layer 1 of the TCP/IP model. The
module also presents the historical evolution of devices on Layer 2 of the TCP/IP model and
major internal components of a Cisco device. Finally, the module ends with an explanation of
the issues that redundant topology at Layer 2 of TCP/IP model introduces and how to avoid
these and some other common switching issues.

Module Self-Check
Use the questions here to review what you learned in this module. The correct answers and
solutions are found in the Module Self-Check Answer Key.
Q1) What are three characteristics of Ethernet? (Choose three.) (Source: Understanding
Ethernet)
A) based on the CSMA/CD process
B) a standard that has been replaced by Ethernet II
C) specifies the physical layer (Layer 1)
D) developed in the mid-1970s
E) specifies the MAC portion of the data link layer (Layer 2)
F) also referred to as thick Ethernet
Q2) Which statement about an Ethernet address is accurate? (Source: Understanding
Ethernet)
A) The address used in an Ethernet LAN directs data to the proper receiving
location.
B) The source address is the 4-byte hexadecimal address of the NIC on the
computer that is generating the data packet.
C) The destination address is the 8-byte hexadecimal address of the NIC on the
LAN to which a data packet is being sent.
D) Both the destination and source addresses consist of an 8-byte hexadecimal
number.
Q3) Which statement about MAC addresses is accurate? (Source: Understanding Ethernet)
A) A MAC address is a number in hexadecimal format that is physically located
on the NIC.
B) A MAC address is represented by hexadecimal digits that are organized in
pairs.
C) It is not necessary for a device to have a unique MAC address to participate in
the network.
D) The MAC address can never be changed.
Q4) Which statement about NICs is accurate? (Source: Connecting to an Ethernet LAN)
A) The NIC plugs into a USB port and provides a port for connecting to the
network.
B) The NIC communicates with the network through a serial connection and
communicates with the computer through a parallel connection.
C) The NIC communicates with the network through a parallel connection and
communicates with the computer through a serial connection.
D) An NIC is also referred to as a switch adapter.
Q5) Which minimum category of UTP is required for Ethernet 1000BASE-T? (Source:
Connecting to an Ethernet LAN)
A) Category 3
B) Category 4
C) Category 5
D) Category 5e

Q6) Match multimode fiber and single-mode fiber with their characteristics listed. (Source:
Connecting to an Ethernet LAN)
A) MMF
B) MMF
C) SMF
D) SMF
_____ 1. Longer distances
_____ 2. Shorter distances
_____ 3. Less expensive
_____ 4. More expensive
Q7) Which three statements best describe collisions? (Choose three.) (Source: Using
Switched LAN Technology)
A) Collisions occur when two or more stations on a shared media transmit at the
same time.
B) Larger segments are less likely to have collisions.
C) In a collision, the frames are destroyed, and each station in the segment begins
a random timer that must be completed before attempting to retransmit the
data.
D) Adding a hub to a network can improve collision issues.
E) Collisions are by-products of a shared LAN.
F) More segments on a network mean greater potential for collisions.
Q8) Which of these choices best describes a collision domain? (Source: Using Switched
LAN Technology)
A) two or more devices trying to communicate at the same time
B) two networks that are connected
C) network segments that share the same bandwidth
D) none of the above
Q9) What type of hardware will help eliminate collisions? (Source: Using Switched LAN
Technology)
A) repeater
B) bridge
C) hub
D) extender
Q10) Match each term related to the operation of a switch in a network to its description.
(Source: Using Switched LAN Technology)
_____ 1. If the switch determines that the destination MAC address of the frame
resides on the same network segment as the source, it does not forward the
frame.
_____ 2. If the switch determines that the destination MAC address of the frame is
not from the same network as the source, it transmits the frame to the
appropriate segment.
_____ 3. If the switch does not have an entry for the destination address, it will
transmit the frame out of all ports except the port on which it received the
frame.
A) flooding
B) filtering
C) forwarding
Q11) When a Cisco device starts up, which of the following does it run to check its
hardware? (Source: Operating a Cisco Switch)
A) flash
B) RAM
C) POST
D) TFTP
Q12) Which access level allows a person to access all router commands and can be password
protected to allow only authorized individuals to access the router? (Source: Operating
a Cisco Switch)
A) user EXEC level
B) setup EXEC level
C) enable EXEC level
D) privileged EXEC level
Q13) How do you instruct a Cisco device to parse and execute an entered command?
(Source: Operating a Cisco Switch)
A) Press the Send key.
B) Press the Enter key.
C) Add a space at the end of the command.
D) Wait 5 seconds after you enter a command.
Q14) Which CLI prompt indicates that you are working in privileged EXEC mode? (Source:
Operating a Cisco Switch)
A) hostname#
B) hostname>
C) hostname-exec>
D) hostname-config
Q15) Which command would you enter in the privileged EXEC mode to list the command
options? (Source: Operating a Cisco Switch)
A) ?
B) init
C) help
D) login

Q16) Which Cisco IOS command correctly configures an IP address and subnet mask on a
switch? (Source: Operating a Cisco Switch)
A) ip address
B) ip address 196.125.243.10
C) 196.125.243.10 ip address
D) ip address 196.125.243.10 255.255.255.0
Q17) Which two of the following would be considered a physical threat? (Choose two.)
(Source: Understanding Switch Security)
A) A user leaves a password in their desk.
B) Someone turns off the power to the switch to block network access.
C) Someone turns off the air conditioning system in the network closet.
D) Someone breaks into the cabinet that contains the network documentation.
Q18) Which four of the following can be protected with a password? (Choose four.) (Source:
Understanding Switch Security)
A) console access
B) vty access
C) tty access
D) user level access
E) EXEC level access
Q19) Which of the following is customized text that is displayed before the username and
password login prompts? (Source: Understanding Switch Security)
A) message of the day
B) login banner
C) access warning
D) user banner
E) warning message
Q20) Which of the following is a Cisco IOS command that can be used to control access to a
switch port based upon a MAC address? (Source: Understanding Switch Security)
A) shutdown
B) port security
C) mac-secure
D) firewall
Q21) Which of the following is a Cisco IOS command that can be used to increase the
security of unused switch ports? (Source: Understanding Switch Security)
A) shutdown
B) port security
C) mac-secure
D) firewall
Q22) Match each function description with either full-duplex or half-duplex communication.
(Source: Performing Switched Network Optimizations)
_____ 1. The network sends and receives data frames one at a time, but not
simultaneously.
_____ 2. This communication type effectively doubles the amount of bandwidth
between the devices.
_____ 3. The network sends and receives data frames simultaneously.
A) full-duplex communication
B) half-duplex communication
Q23) Which problem is caused by redundant connections in a network? (Source: Performing
Switched Network Optimizations)
A) microsegmentation
B) loops
C) degradation
D) collisions
Q24) Which statement best describes how loops can affect performance in a switched LAN?
(Source: Performing Switched Network Optimizations)
A) Broadcast storms may be created when loops occur, preventing data from
being transmitted over the network.
B) Any multicast, broadcast, or unknown traffic will be flooded out to all ports.
C) Incorrect information may be updated to the MAC address tables, resulting in
inaccurate forwarding of frames.
D) The loop removes the frame from the network.
Q25) Which statement accurately describes Spanning Tree Protocol? (Source: Performing
Switched Network Optimizations)
A) STP assigns roles to bridges and ports to ensure that only one forwarding path
exists through the network at any given time.
B) STP automatically keeps the previously inactive path inactive.
C) STP eliminates the segments in which there are problems.
D) STP allows ports to listen to, forward, and flood data frames.
Q26) Which feature provides an alternative solution to the Spanning Tree Protocol? (Source:
Performing Switched Network Optimizations)
A) EtherChannel
B) port security
C) Flex Link
D) shutting down the port
Q27) Which Cisco IOS command is the most useful when troubleshooting media issues?
(Source: Troubleshooting Switch Issues)
A) show controller
B) show run
C) show interface
D) show counters

Q28) Which Cisco IOS command is the most useful when troubleshooting port access
issues? (Source: Troubleshooting Switch Issues)
A) show controller
B) show run
C) show interface
D) show counters
Q29) Which three of the following are methods used to mitigate configuration issues?
(Choose three.) (Source: Troubleshooting Switch Issues)
A) Secure unused ports.
B) Secure the configuration.
C) Verify changes before you save.
D) Know what you have before you start.
Module Self-Check Answer Key
Q1) A, D, E
Q2) A
Q3) A
Q4) B
Q5) D
Q6) 1 = C, 2 = A, 3 = B, 4 = D
Q7) A, C, D
Q8) C
Q9) B
Q10) 1 = B, 2 = C, 3 = A
Q11) C
Q12) D
Q13) B
Q14) A
Q15) A
Q16) D
Q17) B, C
Q18) A, B, C, E
Q19) B
Q20) B
Q21) A
Q22) 1 = B, 2 = A, 3 = A
Q23) B
Q24) A
Q25) A
Q26) C
Q27) C
Q28) C
Q29) B, C, D


SPNGN1101SG Vol1

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

SPNGN1101SG Vol1

Transféré par

Droits d'auteur :

Formats disponibles

SPNGN1

Building Cisco Service

Text Part Number: 97-3127-02

Cisco Systems Learning

• Basic computer literacy

• To provide you with the

© 2012 Cisco Systems, Inc. Course Introduction 3

Day 1 Day 2 Day 3 Day 4 Day 5

Cisco IOS Router Cisco IOS XE Router Cisco IOS XR Router

Cisco Glossary of Terms

© 2012 Cisco Systems, Inc. Course Introduction 5

Expand Your Professional Options and Advance Your Career

Cisco Qualified Specialist certifications demonstrate significant competency in specific

© 2012 Cisco Systems, Inc. Course Introduction 7

Home Office Mobile User

Branch Office Headquarters

Switch Switch Access Point

PC Printer Server Desktop IP Phone Laptop

There are five major categories of physical components in a computer network:

© 2012 Cisco Systems, Inc. IP Fundamentals 1-5

Local and Remote Workgroup Access

© 2012 Cisco Systems, Inc. IP Fundamentals 1-7

Gi0/2 192.168.1.0/24 Gi0/1

 : A network such as the Internet, an access network, a lab network, and so on

 : A workgroup LAN switch

 : A WLAN access point (AP)

 : An unprotected optical link

 : A protected optical link

© 2012 Cisco Systems, Inc. IP Fundamentals 1-9

• Data and applications

Printer PC Tape Drive

• Web browser (Internet Explorer, Firefox, Google Chrome, Opera, etc.

Mobile Residential Business

Mobile Video Cloud

Access Aggregation IP Edge Core

• The Cisco IP NGN is a next-generation service provider infrastructure

© 2012 Cisco Systems, Inc. IP Fundamentals 1-13

Access Aggregation IP Edge Core

Customer-to-provider connectivity is about connecting a customer to a service provider in a

© 2012 Cisco Systems, Inc. IP Fundamentals 1-15

• Physical layout of the devices and cabling

Bus Topology Ring Topology Star Topology Mesh Topology

Logical topologies are logical paths that the signals use to

© 2012 Cisco Systems, Inc. IP Fundamentals 1-17

All devices receive the signal.

Single-ring topology: Dual-ring topology:

Two links connected to the

© 2012 Cisco Systems, Inc. IP Fundamentals 1-19

Star topology: Extended-star topology:

Full-mesh topology: Partial-mesh topology:

© 2012 Cisco Systems, Inc. IP Fundamentals 1-21

• Copper cable (DSL, cable, and serial)

Copper Wired  Electrical signals

Optical fiber Wired  Light signals

© 2012 Cisco Systems, Inc. IP Fundamentals 1-23

• A network is a connected collection of devices that can communicate

• Characteristics of a network are: topology, speed, cost, security,

Introducing TCP/IP Layers and

• Reduces complexity OSI Model

© 2012 Cisco Systems, Inc. IP Fundamentals 1-27

Binary transmission: OSI Model

© 2012 Cisco Systems, Inc. IP Fundamentals 1-29

Access to media: OSI Model