Lecture Notes

Cisco 1 Review
Network Enterprise = a collection of computers working in a collection of networks for an

organization working as one functional unit.
The job of the Network Administrator is to:
Interconnection LANs so geographically remote services can be accessed

Ensuring the network has as high as possible bandwidth
Implementing new technologies
OSI Model Review
Reason for a layer model:
Reduces complexity
Standardizes interfaces
Facilitates modular engineering
Ensure interoperability
Accelerates evolution
Simplifies teaching and learning
Host vs. Media Layer
Application
Host Presentation
Session
Transport
Network
Media Data Link
Physical
The host layers provided accurate data delivery between computers
The media layers control all physical delivery of data
OSI Individual Layers
Application
Provides network services to applications that users use

Network redirectors allow applications like Word and Excel to see the network
Presentation
Coverts user data to computer data

Code formatting, includes compression and encryption
Responsible fro representing data so source and destination can computers can
communicate
Session
Responsible for opening a connection

Responsible for maintaining that connection
Responsible for closing the connection at session termination
Application at this layer include NFS, SQL
Transport
Responsible for the three way handshake – synchronization of the connection

Responsible for a reliable connection, flow control and error correction through the
use of TCP
Uses windowing for flow control
Responsible for retransmission of lost or unacknowledged segments
Ensuring data from a source arrives at the destination intact and in order
Network
Responsible for logical addressing and path determination

Protocols running at this layer include RIP, IRGP, OSPF
Data Link
Provides access to the media (wires)

Handles error notification
Physically addresses the packet
Deterministic – Token Ring

Non-deterministic – broadcast Ethernet, CSMA/CD
Physical
Carries bits, signals

Procedural and functional means for activating and maintaining links between
systems
Encapsulation – Peer-to-Peer Communications

Application Layer Deals with data
Presentation Layer Deals with data
Session Layer Deals with data
Transport Layer Segments data, adds a header, tracking information, error
information
Network Layer Packets segmented data, adds a header, source and destination
address
Data Link Layer Frames the packets, adds a header that includes the MAC address of
the destination, adds a trailer
Physical Converts frames into data bits, 0s and 1s, and sends out on the media
Email example of the encapsulation process:

Followed the creation and send of an email document through the OSI stack
LAN Devices and Technologies
Bridge
Layer 2, Data Link, device

Filters data based on MAC address
By definition only has two ports
Breaks up collision domains
Switch
Layer 2, Data Link, device

Same functionality as a bridge, only multiported
Also used as a hub that allows full-duplex, dedicated full-bandwidth to segments
and desktops, resulting in a collision free domain
Hub
Layer 1 ,Physical, device

Central connection point for computers
Serves as a repeater to extend the network
Router
Layer 3, Network, device
Interconnects dissimilar networks
By definition, operates on all layers below it, Data Link and Physical
Routes data based on IP address
Determines the data path
Media Types
Coax
UTP
Fiber Optic
Common Technologies
Token Ring – a fading technology

Ethernet – CSMA/CD, most widely used and understood
FDDI – Fiber Distributed Data Interface
Ethernet/802.3
Cable Requirements
10Base2 – max length 185 meters

10Base5 – max length 500 meters
10BaseT – max length 100 meters, T = twisted pair
Characteristics
Uses broadcast technology

Every device see every frame sent
Collisions occur as a matter of course
Not very secure, since all frames are seen by all the nodes, it is very easy to pick
one off
Uses shared media – first come, first served
Collision are resolved by use of the CSMA/CD standard
Listens for a quiet time on the line to transmit

Continues to listen, for a voltage spike, which indicates a collision
If a collision is detected, the node will send out a jam signal that tell the
devices to stop sending for a random period of time
When the random time period is up and the line is quiet, the data is
retransmitted
ARP – Address Resolution Protocol
Helps machines to resolve MAC addresses

Sends out an ARP request to nodes to send back their MAC addresses
Only works within a network, one side of a router
If the request hits a router, the router will send back its own MAC address
A router will always handle all requests for devices not on the same network
TCP and UPD
TCP
UPD
Transmission Control Protocol User Datagram Protocol

Connection Oriented Connectionless
Acknowledge/Retransmission No Acknowledgement
Routing Protocols, Streaming Audio, Gaming,
Email, FTP, E-Commerce
Video Conferencing
Windowing
High Overhead, Bulky Low Overhead
IP Addressing
32-bits at the Network layer broken into 4 octets

Class A 1 – 126
Class B 128 – 192
Class C 192 – 223
Class D 224 – 239 Multicasting – sending to more than 1 node, but not all nodes
Class E 240 – 255 Experimental
Class A
N HHH 1 Network octet, 3 Host octets

27 = 126 network addresses 224 = >16 million hosts
Class B
NN HH 2 Network octets, 2 Host octets
224 = 16,384 network addresses 216 = 65,534 hosts
Class C
NNN H 3 Network octets, 1 Host octet
221 = > 2 million network addresses 28 = 254 hosts
WANS and ROUTERS
WANs
Devices
Provide for the exchange of data packets/frames between router/bridges and the
LANs they support
Interconnect LANs separated by wide geographic areas
WAN Connect Devices
Routers
Internetworking
WAN serial interfaces
Functions:
Internal - small LANs, stay internal to one area

Backbone - primary path for traffic that is most often sourced from one and
destined for other networks
Area border - connect two or more areas
Autonomous - communicates with router in other autonomous systems
WAN Bandwidth Switches
Used primarily by ISPs

Provides equipment that connects to WAN bandwidth for voice, data and video
communication
Modems
Also referred to as CSU/DSU (Channel Service Unit/Digital Service Unit)

Interfaced with voice grade connection - converts signal from analog to digital
incoming and digital to analog outgoing
DCE (Digital Communications Equipment) side of ISDN (Integrated Services Digital
Network) services
Communications Server
Primarily used by ISPs and large corporation

Provide dial in and dial out abilities
WAN Standards
Standards that describe the Physical and Data Link Layers
Physical Layer
Protocols that describe how to provide electrical, mechanical and functional

connections for WAN service
Obtained from providers
Describes the interface between DCE (Digital Communications Equipment) and DTE
(Digital Terminal Equipment)
Typically DCE is the service provider and DTE is the attached device
Services offered by DTE are made available through a modem or a DSU/CSU
Data Link Layer
Describes how frames are carried between systems on a single link

Includes protocols designed to operate over dedicated point-to-point multipoint and
multi-access switched services such as Frame Rely
WAN standards are defined and managed by a number of groups, International
Telecommunications Union - Telecommunication Standardization Sector (ITU-T),
International Standards Organization (ISO), Internet Engineering Task Force (IETF),
Electronic Industries Association (EIA)
Encapsulation Methods
HDLC
Cisco default
Streamlined, no windowing or flow control
May not be compatible with other vendors
Supports both Point-to-Point and Multi-Point configurations with minimal overhead
Frame Relay
High quality, digital facilities

Simplified framing with no error correction
Connection orientated
Can send Layer 2 data more rapidly than other WAN protocols
Ensuring data from a source arrives at the destination intact and in order
PPP (Point-to-Point)
Developed by IETF (Internet Engineering Task Force), replaces SLIP (Serial Line
Internet Protocol)
Can check link quality during the connection
Supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake
Authentication Protocol)
WAN Technology
Dedicated Line
T Series and E Series

Uses time division multiplexing to slice up data and assign time slots for
transmission
Uses twisted pair wire
Extremely popular
Moderately priced
xDSL (Digital Subscriber Line)
New WAN technology for home use; decreasing bandwidth as distance from phone
company equipment increases
Provides data rates as high as 51.84 Mbps
Many varieties of DSL technologies
SONET (Synchronous Optical Network)
OC-1 to OC-192; very high bandwidth

Uses Lasers to divide the wave length; wave division multiplexing
Used mostly by ISPs
Very expensive
Analog
Dial up Modem
56 kbps
Works with Plain Old Telephone System (POTS)
Wide spread use at a low cost
Cable Modems
Uses the same cable as Television

Increasing in popularity
Maximum bandwidth can be 10 Mbps
Bandwidth degrades as more users in the area attach to the segment
Wireless
Terrestrial Satellite
Can serve remote and mobile

Bandwidth
users
Low cost Very high cost
Line of sight usually
required
Moderate usage Widespread usage
Switched Services
Circuit Switched
POTS
- not a computer data service
ISDN
- 1st all digital dialup service
- Moderate cost
- 128 Kbps possible using BRI; 2B channels for signals, 1 D channel for data
Packet Switched
X.25
- Connection Orientated
- Reliable
- Uses store and forward technology
Frame Rely
- Connectionless
- Packet switched version of ISDN
- Data rates up o 44.736 Mbps
- Low cost
Cell Switched
ATM (Asynchronous Transfer Mode)

- Relatively new, related to broadband ISDN
- Maximum bandwidth of 622 Mbps
- Developed to provide one technology for both LANs and WANs to transport
data, video and voice
- High cost, widespread usage
SMDS (Switched Multimegabit Data Service)
- Closely related to ATM

- Typically used in MANs (Metropolitan Area Network)
- Maximum bandwidth is 44.736 Mbps
- Twisted pair or optical fiber
- Relatively high cost, not very widespread
ROUTERS
RAM
Stores routing tables

Provides running memory for configuration flies
Contents are lost when powered down or restarted
NVRAM
Nonvolatile RAM
Stores backup/startup configuration
Contents remain when powered down or restarted
Flash
Uses EEPROM
Holds the IOS (Internet Operating System)
Can hold multiple versions of the IOS
ROM
Power on diagnostics, a bootstrap program, operating system software

Holds a trimmed down version of the operating system for backup
Interface
Network connection through which packets enter and exit

Attached on the motherboard or as separate modules
Router Basics: Commands/Configurations
COMMANDS
There are two basic Router Interface Modes, USER and PRIVILEGED.
User EXEC Mode
View only mode

No changes or configurations can be done
Default mode
Prompt = routername>
Privileged EXEC Mode
User mode
Full power to configure
Enter "enable" while in User EXEC mode to access
Prompt = routername#
Command Lists
In either the User EXEC or Privileged mode, type a ? at the prompt for a list of
available commands
routername>? User EXEC mode

routername#? Privileged mode
If the list exceeds the screen size, "more" will be displayed at the bottom of the
screen. Use the space bar to advance to the next screen or the enter key to
advance one line at a time
Command Help
Type a "?" after the command help is needed on to get a list of options that can
be used. For example:
routername>show ? Will display a list of options to use with the

"show" command.
To get help with a command, type a partial command followed by a "?". For
example:
routername>clo? Will display a list of commands the start with

"clo".
Error Indicator Programs
When an error is made in the command string, a carat (^) symbol will indicate
where in the string the error is. An error message will also be displayed. For
example:
routername>show runnig-config
^
ROUTER BASICS
Configuration Instruments
Console port via a rollover cable

WAN/LAN link
AUX port (requires a modem)
TFTP
The easiest way to do the configuration is use a rollover cable attached to the COM 1 or
COM 2 port on a PC. On the PC, run a HyperTerminal session to log in to the router.
Router RAM
When a router is powered on, ROM starts and performs the POST and starts up
the bootstrap program stored in RAM.
If the Bootstrap can find the IOS, it is loaded into RAM
The command EXEC is also loaded in RAM. This is the command interpreter
which translates key input into a router readable format
The Active Configuration File is loaded into RAM and executed one line at a time
All configuration tables are loaded to RAM
Any left over RAM is turn into Buffer space for incoming and outgoing packets
Router Modes
The following table illustrates different router modes that can be used for configuration
or viewing:
Router “Show” Command
The "show" command gets its information from various system files as shown in the
diagram below.
Displays the configuration of the system hardware,
software version, names and sources of configuration
show version files, the boot images, and displays the reason for the
last system reboot
show startup-config Displays the backup configuration file
show flash Shows information about the Flash memory device
show interface Displays statistics for all interfaces configured on the
router
show processes Displays information about the active processes
show protocols Displays the configured protocols. This command
show the status of any configured Layer 3 (Network)
protocol
show running-config Displays the active configuration file
show memory Shows statistics about the router’s memory, including
memory free pool statistics
show stacks Monitors the stack use of processes and interrupt
routines
show buffers Provides statistics for the buffer pools on the router
NETWORK NEIGHBOR ROUTERS
Cisco Discovery Protocol (CDP)
Provides a single proprietary command to access a summary of what

configuration look like on other directly attached routers.
Designed to be implemented as a very simple, low overhead protocol
CDP can be small yet retrieve a lot of useful information about neighbor routers
Since all the information is passed in router machine language, this helps to
keep the overhead low
Show CDP Interface
Port Identifier
Port Status
Timers
Resends CDP information every 60 seconds
Holdtime is 180 seconds, information is discarded after 180 seconds
If no CDP information is received, router is assumed gone or down
Show CDP Neighbors
Only shows information about the router that is directly attached to the router
requesting the information.
Device identifiers
The routers configured hostname and domain name (if any)
Address list
Ay least one address for SNAP, and up to one address for each supported
protocol
Port identifier
For example, Ethernet 0, Ethernet 1, and Serial 0
Capabilities list
For example, information on whether the device acts as a source route bridge as
well as a router
Show CDP Entry [Device name]
Displays a single cached entry for a device
TESTING METHODS
Basic testing of a network should proceed in sequence from one OSI model layer to
the next
Application Layer
Telnet
Part of the TCP/IP protocol suite
Virtual terminal protocol that allows connections to be made to hosts
A router can have five simultaneous incoming Telnet sessions
The show sessions command will display all active connections
A successful Telnet test indicates that all seven layers are functioning
correctly for the associated source and destination
An unsuccessful test can mean a bad address, a bad name or a problem with
access permissions
Telnet Operations
Network Layer
PING
Source sends a packet to a destination

Source waits for a reply packet from destination
Results can help evaluate the path to host reliability, identify delays, and
determine whether the host can be reached or is functioning
! = PING was sent and received
. = PING was sent, no reply
!.!.!. = not a reliable path
Trace
Tests each step along the path, every router the packet passes through will
send information back
Takes advantage of the error messages generated by routers when a packet
exceeds its Time-To-Live (TTL) or hop count value
If one of the routers fails to respond, an * (asterisk) takes the place of the
router name
The Trace command will continue to try and reach the destination until it is
reached, the hop count limit is reached or the command is terminated using
Ctrl-Shift-6 escape sequence
Some routers are set up not to respond, so a failed response does not
necessarily indicate a problem
Show IP Route
Look at the routing table directions that the router uses to determine how it
will direct traffic across the network
DATA LINK and PHYSICAL
Show Interfaces Serial
The hardware includes cables, connectors and interfaces, must make the
actual connection between the devices
The software is responsible for the messages such as keepalive messages,
control information, and user information that are passed between the two
connected router interfaces
One of the most important elements of the command is the display of the line
and data link protocol status
The Clear Counters command should be used to reset the counters to zero to
get a better picture of the current status of the network
Router# show int s 1
Serial is up, line protocol is up
Hardware is CxBus Serial
Description. 56Kb Line San Jose - MP

Telnet Operation
Carrier Detect
(Line status)
Keepalives
Serial1 is up, line protocol is up Operational
Serial1 is up line protocol is down Connection Problem
Serial1 is down, line protocol is down Interface Problem
Serial1 is administratively down, line protocol is down Disabled

DEBUG COMMAND
An aid in tracking down problems on a router or other hosts in the network

Started in the Privileged EXEC mode
Starts a console display of the network events specified in the command
parameter
The terminal monitor command is used to forward debug output to a Telnet
session terminal
By default, the router sends system error messages and output form the debug
EXEC command to the console terminal
Use the undebug all or no debug all command to turn off debugging
BOOT UP/STARTUP SEQUENCE and ROUTER CONFIGURATION
POST
Similar to the POST on a PC. Makes sure the router starts with all of its hardware tested
BOOTSTRAP
A generic bootstrap Loader - located in ROM, loads Cisco Operating System
Operating System loaded

The operating system can be found in one of several locations, Flash, TFTP Server,
ROM
The hardware and software components are loaded. As it loads, the data is sent to
the terminal
Configuration file from NVRAM is loaded
If the configuration file can not be found, a question driven initial configuration setup
dialog is started
This dialog is not intended for anything complex and is only providing a minimal setup
for startup
STARTUP COMMANDS
Show startup-config
Show running-config
Erase Startup-config
Reload
Setup
BOOT UP WITHOUT CONFIG FILE
Automatically enters the setup process

The main purpose for the setup process is to supply enough information to get a minimal
startup file
All default answers are enclosed in brackets
CTRL+C will cancel the setup process
Once cancelled all interfaces are administratively shutdown
When the configuration is complete, the file created will be displayed on the terminal for
review. If it is OK, answer yes, if not, answer no
SETTING GLOBAL PARAMETERS
Router name
Password -- enable secret will encrypt the password and it will not show up as plain text
Enable password is the same as enable secret password
Interface config must be done for each installed interface with the established values
When the configuration is complete, review the script created and save or start over
SCRIPT REVIEW
After the initial setup is complete, the configuration mode is used to make changes to the
script
The script file is additive, it can be added to, but nothing can be removed
CONFIGURATION FILES
Console
NVRAM
TFTP server
Mode
Privileged
Global Config
Other
If configuring in the privileged EXEC mode it can be done via the console, modem or a
virtual (remote) terminal. The copy command can also be used to load a
configuration from a network TFTP server.
WORKING WITH 11.X CONFIGURATION FILES
VERSION 10.3 (PRE IOS 11.0) COMMANDS
These commands still work, but they are not documented in the newer IOS versions.
config term
config mem
config net - TFTP server

write term
write mem
write net - TFTP server
show config
write erase
COPYING TO TFTP SERVER
copy running-config tftp
Enter IP Address of the TFTP server
Enter the name of the config file
Confirm yes or no
COPYING FROM TFTP SERVER
copy tftp running-config
Select the host or network
Enter the IP Address of the server
Enter the name of the config file (uses DOS 8.3 naming convention)
Confirm yes or no
NVRAM COMMANDS
config memory
erase startup-config
copy running-config startup-config
show startup-config
ROUTER CONFIGURATION
The diagram above shows how the levels of the configuration mode is separated. The
EXEC commands available in user mode are a subset of the EXEC commands available
in privileged mode. From the privileged mode the global configuration mode and the
specific configuration modes can be accessed. To exit the specific configuration
mode and get to the global configuration mode type "exit". To get from the privileged
mode, type "exit" again.
GLOBAL MODE ROUTER CONFIGURATION
Global configuration commands apply to features that affect the system as a

whole. The privileged EXEC command "configure device" is used to enter the global
configuration mode. Device can be NVRAM, terminal or a file stored on a server, the
default is terminal.
Router(config-if) router rip This will configure the routing protocol used, in this
case rip.
Pouter(config-if) interface ethernet 0 This will start the configuration for the type,
Ethernet, on port 0.
All interfaces, for instance serial and Ethernet, start administratively down. After
configuring the interface, the command "no shutdown" is used to bring the interface
up.
SERIAL PORT CONFIGURATION EXAMPLE
Set up bandwidth and clock rate. The clock rate is entered in bits per second.
Router(config)# interface serial 0

Router(config-if)# bandwidth 56
Router(config-if)# clockrate 56000
CONFIGURATION METHODS
The diagram below show the steps that should be followed when making changes for
IOS version 11.X and newer. If an error is found in a line or lines, the command "no"
will backout specific lines.
PASSWORD CONFIGURATION
The "line console 0" command establishes a password on the console terminal.
Router(config)# line console 0

Router(config-line)# login
Router(config-line)# password cisco (cisco is used for example)
The "line vty 0 4" command establishes password protection on incoming Telnet
sessions
Router(config)# line vty 0 4

Router(config-line)# login
Router(config-line)# password cisco (cisco is used for example)
The "enable password" command restricts access to privileged EXEC mode.
Router(config)# enable password san-fran (san-fran is used for example)
The password can be encrypted by the "service password-encryption"

command. The command "no service password-encryption will remove it.
Router(config)# service password-encryption

(set passwords here)
Router(config)# no service password-encryption
ROUTER IDENTIFICATION
The identification of a router is set in global configuration mode and consists of a

router name, login banner and interface description.
ROUTER BOOT
The order that the router uses to look for it's Operating System depends on a value in
the configuration register. This can be changed using the command "config-register" .
Router# configure terminal

Router(config)# config-regiser 0x10F
The table below shows the values that can be used for config-register command. All
values here are HEX numbers.
Value Description
0x100 Use ROM monitor mode (manually boot using the b command
0x101 Automatically boot from ROM (default if router has no Flash memory
0x102 to Examine the NVRAM for boot system commands (0x102 is the default if the
0x10F router has Flash memory
NOTE: At Cascadia, these values all start with a "2" so 0x100 would be 0x2100.
All routers have a default "fallback" sequence they will try to use for the boot if the
IOS can't be located where the register value points it to.
FLASH Flash is always tried first, if it can't be found

there, drops down to the TFTP server
TFTP SERVER If nothing can be located on the server, the last

resort is the ROM
ROM This should only be used as a last resort. ROM

may not contain the latest version and
no matter what version is found, it may lack
functionality, features and configurations
The "boot system" command can also be used to specify the fallback sequence.
Router# configure terminal

Router(config)# boot system flash IOS_filename
Router(config)# boot system tftp IOS_filename tftp_address
Router(config)# boot system rom
To check the register setting the "show version" command is used. This will also show
the IOS_filename and where is was booted from last.
System image file is "c4500-f-mz", booted via tftp from 171.69.1.129
Configuration register is 0x102b
PREPARING TO USE TFTP
On the router, check the Flash to make sure there is enough free space for the IOS
image and ping the TFTP server, make sure it is there
Router# show flash This will display the available memory and what is
currently there
Router# ping 171.69.1.129
On the TFTP server, make sure the filename and the path are known
CISCO IOS NAMING CONVENTIONS
The Cisco naming convention contains three parts:
- The platform on which the image runs

- A letter or series of letters that identifies the special capabilities and
feature sets supported
- Specifies where the image runs and whether it has been zipped or
compressed
Password Recovery and the TCP/IP

Protocol Suite
Password Recovery
Hopefully this is something that will not be done routinely, but as a recovery in case
the password is "lost". Lost can mean many things, maybe the person that previously
maintained the routers has suddenly left the company and no one knows the
passwords or maybe they have just plain been forgotten. In any case, the following
procedure can be done to either change all the passwords or change only one. This
procedure will change the console login password only and uses values appropriate for
Cascadia Community College.
Physical access to the router is required

Cold boot the router, power off, wait 10 seconds, power on
Within 60 seconds of the reboot process, press Ctrl + Break. This will interrupt, or
halt, the boot process.
The ">" prompt will appear
Type in o/r 0x2142 and press enter. This will force the router to bypass the
startup configuration files by changing the boot configuration register.
Type in "i" and press enter. This will cause a reboot, bypassing the configuration
files.
Since the startup files were bypassed, the router will ask if you want to enter the
setup dialog. Enter "no" and press enter.
The router will now boot in to the default mode. The prompt, Router>, will be
displayed.
A password will not be required since the startup files have been bypassed.
Type "enable" at the Router> prompt.
The prompt will change to Router#.
We are now in, but the router is basically empty. No tables, configurations or
routing information.
Copy the startup-config in NVRAM to running-config. This will load the startup
configuration in RAM, where it can be manipulated.
Enter the global configuration mode by typing, "configure terminal".
The router prompt will change to Router(config)#
From here, type in:
enable secret
line 0
login
password XXXXXXX (The X's represent the new password)
exit
The console login password is now changed, make sure you remember it! This will
also return the router to the EXEC mode with a prompt of Router#.
Now the routers boot configuration register must be changed from 2142 to its
normal 2102 value.
Type in o/r 2102 at the prompt.
Type in "show version" to make sure the register is set to change on reboot. It
should say "2102 on next reboot".
Copy running-config to startup-config to save the changes to NVRAM. This is the
configuration we want the router to use on reboot.
Enter "reload" and the router will reboot.
Check to ensure the console password is set correctly after the reboot is complete
and you are done.
TCP/IP Protocol Suite
History
The TCP/IP protocol suite was developed by the Department of Defense and Defense
Advanced Research Projects Agency (DARPA) to ensure that in the event of some
national catastrophic event, emergency communications would still be possible.
Later, the Berkeley Software Distribution of UNIX included the TCP/IP protocol
suite. Currently, TCP/IP is the Internetwork communications standard and the
Transport protocol for the Internet.
Compared to the OSI model, the TCP/IP protocol stack has some differences. Instead
of a seven layer model, TCP/IP used a four layer model. TCP/IP provides all the
functionality, but may use different methods.
Application Layer
In the TCP/IP model, this layer combines the Application, Presentation and Session
layers of the OSI model. This layer includes protocols for File Transfer, E-mail,
Remote Login, Network Management and Name Management.
The Application also includes the utilities, traceroute and ping which can be used for
troubleshooting. There are also some Windows based utilities at this layer, nbtstat,
netstat and ipconfig/winipcfg. The illustrations below show the output for the
traceroute, nbtstat and netstat commands.
Transport Layer
The Transport layer gives us two very important protocols, TCP and UDP.
TCP is a connection-orientated, reliable protocol. It provides a guaranteed delivery

of segments. This results in a protocol that carries with it a high operating overhead.
UDP is a connectionless and unreliable protocol. The reliability is totally left up to

the Application Layer. Since UPD offers none of reliability of TCP, it is faster than
TCP and also operates with a low overhead.
TCP Segment
Fields
Source Port - The source port for this segment

Destination Port - The destination port for this segment
Sequence Number - The number used to correctly sequence the segments on
arrival
Acknowledgement Number - The number of the next expected TCP octet
HLEN - The number of 32-bit words in the header
Reserved - Set to 0
Codes Bits - The control functions, setup and termination of a session
Window - The number of octets the sender is willing to accept
Checksum - The calculated checksum of the header and data fields
Urgent Pointer - Indicator of the end of urgent data
Options - One currently defined, maximum size of the TCP segment size
Data - Upper layer protocol data
UDP Segment
The size of the different segments alone should explain part of reason UDP is faster!
Fields
Source Port - The source port for this segment

Destination Port - The destination port for this segment
Length - Length of the packet from the UDP header to the end of the valid data,
not including any padding
Checksum - The calculated checksum of the header and data fields
Data - Upper layer protocol data
UDP uses no windowing or acknowledgements. It is designed for applications that do

not need to put sequences of data segments together.
The protocols that use UDP include:
TFTP
SNMP
NFS (Network File System)
DNS (Domain Name System)
Ports
As seen in the above TCP and UDP segment diagrams, both use port numbers in the
source and destination fields, not IP addresses. These port numbers are used to pass
information to upper layers and also to keep track of different simultaneous network
conversations. Port numbers identify the upper layer protocol that is using the
transport.
In the example above, some of the "Well Known Ports" are displayed. As an example,
when a host needs to transfer a file, FTP port 21 will be used to set and control the
connection and FTP port 20 will be used to transfer the data. These ports are widely
known and therefore easily hacked into. Most administrators will change these
numbers so they are more secure and the hackers will have to work harder to find
them.
TCP Three-Way Handshake
For a connection to be established, the two end stations must synchronize on each
other's initial TCP sequence numbers. This initial exchange ensures that lost data can
be recovered. The following steps are followed in this initial synchronization:
1. A --> B SYN - My sequence number is X

2. A <-- B ACK - Your sequence number is X -1; expect X + 1 next
3. A <-- B SYN - My sequence number is Y
4. A --> B ACK - Your sequence number is Y -1; expect Y + 1 next
Because step 2 and 3 are combined into one message, it is called a three-way
handshake. The following diagram might better illustrate this process.
TCP/IP Windowing
TCP/IP uses a "sliding window" technique for flow control and communication
efficiency. The window size specifies the number of packets, starting with the
acknowledgment number, that the receiving host's TCP layer is currently prepared to
receive.
Simply stated, once the window fills with data, the destination host sends an ACK for
the packets received in that window. The window on the sending host slides over to
select new data to send.
The sliding part of the sliding window refers to the fact that the window size is
negotiated dynamically during the TCP session. A sliding window results in more
efficient use of bandwidth because a lager window size allows more packets to be
transmitted pending acknowledgment.
The diagram below illustrates the sliding window. Note, that even though the
Receiver has an advertised window of C - G, the Network will only support C - F,
therefore a window size of C - F will be used.
Internet Layer
This layer corresponds to the Network Layer of the OSI Model and is responsible for
getting packets through a network using software addressing.
Several protocols operate at this layer:
IP - Provides connectionless, best-effort delivery routing of datagrams, is not

concerned with the content of the datagrams; looks for a way to move the
datagrams to their destination
ICMP - Provides control and messaging capabilities
ARP - Determines the data link layer (MAC) addresses for known IP addresses
RARP - Determines network addresses when data link layer addresses are known
IP Datagram
Below is a diagram of an IP datagram. It contains an IP header and data and is

surrounded by the Media Access Control (MAC) layer header and trailer. One segment
may be transmitted as a series of datagrams that are reassembled into the segment at
the destination.
Fields
VERS - Version number
HLEN - Header length, in 32-bit words
Type of Service - How the datagram should be handled
Total Length - Total length, header + data
Identification, Flags, Frag. Offset - Provides fragmentation of datagrams to allow
differing MTU's in the Internetwork
TTL - Time-To-Live
Protocol - The upper-layer (Layer 4) protocol sending and receiving the datagram
Header Checksum - An integrity check on the header
Source IP Address and Destination IP Address - 32-bit IP addresses
IP Options - Network testing, debugging, security, and other options
Data - Data
ICMP - Internet Control Message Protocol
ICMP messages are carried in IP datagrams and are used to send error and control
messages between 2 TCP/IP hosts or between a host server and a gateway to the
Internet. The following are the defined messages used by ICMP:
Destination unreachable
Time-to-live exceeded
Parameter problem
Source quench
Redirect
Echo request
Echo reply
Timestamp request
Timestamp reply
Information request
Information reply
Address mask request
Address mask reply
Probably the most common use of ICMP messages is done by the PING utility. As
illustrated below, PING uses the Echo Request and Echo Reply message.
ARP - Address Resolution Protocol
ARP maps IP addresses to MAC addresses. Networked devices maintain the detail of
the MAC and IP addresses of other devices on the network in an ARP table or
cache. This table or cache is maintained in RAM. If a device needs to send data to
another device, it checks its cache to see if the MAC address is cached. If it is not
there, the device will initiate an ARP request to the local network as follows:
Source sends the IP information in a broadcast to network
If the IP address is on the local network, the destination will send back its MAC
address
If the IP address is not on the local network, the router will send its MAC address to
the source
The source will use the routers MAC address to send it's information and the router
will forward it on
The example below illustrates the process the source computer would use if it can't
locate the MAC address in it's own cache and needs to broadcast the request on the
local network.
There are two types of ARP addresses, static and dynamic. Static ones have been
manually added to the table and dynamic ones have been cached from previous ARP
requests. To view the table currently on a system, the command arp -a is used.
RARP - Reverse Address Resolution Protocol
This works very similar to ARP except the MAC address is known and the IP address
needs to be resolved. This process is normally used for a diskless workstation and
requires a server. The server maintains a table of MAC to IP addresses. During the
bootup process, the client will ask the RARP server for their IP address.
IP Addressing and Subnets

Subnetting Problems
Section 1
To solve the problem, start with what is known.
Answer 125.12.127.254
Answer 125.12.96.1
Known:
125.0.0.0 Network address

1500 Subnets are required
Subnet 99 Calculations
Solve For:
A. Network Address for the Network Subnet 99
B. First Available Address the Network Subnet 99
C. Last Available Address in the Network Subnet 99
Given the network address of 125.0.0.0, it can be determined to be a Class A

address.
Class A octets are defined as N.H.H.H or nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
N = a Network octet and H = a Host octet. So 125 is the network portion and 0.0.0 is
the host portion of the address.
Since 1500 subnets are needed and the formula used to determine subnets is 2n - 2,
where n = the number of bits borrowed, start with a "n" value that you think might
work. In this case, 10 is used.
210 - 2 = 1024 - 2 = 1022 which is not enough so we will bump it up to 11
211 - 2 = 2048 - 2 = 2046 which will work fine for the 1500 requirement
Borrowing 11 bits will make the octets look like:

nnnnnnnn.ssssssss.ssshhhhh.hhhhhhhh
and in binary format:
01111101.11111111.11100000.00000000
To solve for the network subnet of 99, first convert 99 to binary.
1100011
This is now plugged into the subnet portion, starting form the RIGHT.
01111101.00001100.01100000.00000000
This number also represents the network address for subnet 99

A. 125.12.96.0
The first available address in the network is when the last octet = 1. So the first
address is
B. 125.12.96.1
The last available address in the network is when the network and subnet portion
stays the same and the host portion is all 1's EXCEPT the last bit in the last
octet. (01111101.00001100.01111111.11111110)
C. 125.12.127.254
Solve For:

address.

01111101.11111111.11100000.00000000
10001100
01111101.00010001.10000000.00000000
A. 125.17.128.0
address is
B. 125.17.128.1
stays the same and the host portion is all 1's EXCEPT the last bit in the last octet.
C. 125.17.159.254
Solve For:
Answer 125.12.96.0

address.

01111101.11111111.11100000.00000000
11001000
01111101.00011001.00000000.00000000
A. 125.25.0.0
address is
B. 125.25.0.1
C. 125.25.31.254
Solve For:
Answer 125.17.128.0
Answer 125.25.0.0
Answer 125.15.0.0
Answer 125.15.31.254
Answer 125.15.0.1
Answer 125.25.0.1
Answer 125.25.31.254
Answer 125.17.128.1
Answer 125.17.159.254
C. Last Available Address in the Network

Subnet 120

address.

01111101.11111111.11100000.00000000
1111000
01111101.00001111.00000000.00000000
A. 125.15.0.0
address is
B. 125.15.0.1
C. 125.15.31.254
Section 2
The problems below are more complex and require more conversions to complete
23
Known:
IP Address: 199. 241. 154. 251
Subnet Mask: 255. 255. 255. 224
Solve For: Ans Solution Procedure:

Based on the IP Address 0f 199, this is a Class C
Address.
Address Class C
Only the last octet will be used for subnetting
purposes.
Convert the last octet of the subnet mask 224 to
binary
Bits Borrowed 3
224 = 1 1 1 0 0 0 0 0
The 1's denote the bits borrowed, 3
The number subnets created = 2n, where n = the
Subnets Created 8 number of bits borrowed
23 = 8
The number of hosts created = 2n, where n = the
Subnet Hosts
32 number of bits left
Created
25 = 32
Usable Subnets 6 The usable subnets = 23 - 2 = 6
Usable Hosts 30 The usable hosts = 25 - 2 = 30
The subnet number is found by converting the last
octet of the IP Address to binary.
Subnet Number 7 251 = 1 1 1 1 1 0 1 1
The first 3 bits borrowed, 1 1 1, equal the subnet
Converted to decimal = 7
Using the same value as above, the host portion is

Subnet Host converted to decimal which = the host number
27
Number 11011
The definition of a network address is when all bits
in the network portion are 0's. So using the same
Subnet Network
224 number:
Address
11100000
The definition of a broadcast address is when all
bits in the host portion are 1's. So using the same
Subnet Broadcast
255 number:
Address
11111011
24
Known:
IP Address: 199. 241. 154. 239
Subnet Mask: 255. 255. 255. 248

Address.
Address Class C
purposes.
binary
Bits Borrowed 5
248 = 1 1 1 1 1 0 0 0
25 = 32
Subnet Hosts
Created
23 = 8
239 = 1 1 1 0 1 1 1 1
Subnet Number 29
The first 3 bits borrowed, 1 1 1 0 1, equal the
subnet
Using the same value as above, the host portion is
Subnet Host converted to decimal which = the host number
7
Number 111
Subnet Network
232 number:
Address
11101000
Subnet Broadcast
255 number:
Address
11111111
25
Known:
IP Address: 199. 241. 154. 241
Subnet Mask: 255. 255. 255. 192

Address Class C
Address.
purposes.
binary
Bits Borrowed 2
192 = 1 1 0 0 0 0 0 0
22 = 4
Subnet Hosts
Created
26 = 64
Subnet Number 3 241 = 1 1 1 1 0 0 0 1
The first 2 bitss borrowed, 1 1, equal the subnet
Using the same value as above, the network portion

Subnet Host is converted to decimal which = the host number
49
Number 110001
The definition of a network address is when all bitss
Subnet Network
192 number:
Address
11000000
bitss in the host portion are 1's. So using the same
Subnet Broadcast
241 number:
Address
11110001
26
Known:
IP Address: 199. 241. 154. 198
Subnet Mask: 255. 255. 255. 252

Address.
Address Class C
purposes.
binary
Bitss Borrowed 6
252 = 1 1 1 1 1 1 0 0
The 1's denote the bitss borrowed, 6
Subnets Created 64 number of bitss borrowed
26 = 64
Subnet Hosts
Created
22 = 4
198 = 1 1 0 0 0 1 1 0
Subnet Number 49
The first 6 bits borrowed, 1 1 0 0 0 1, equal the
subnet
Using the same value as above, the network portion
Subnet Host is converted to decimal which = the host number
2
Number 10
Subnet Network
196 number:
Address
11000100
Subnet Broadcast
254 number:
Address
11111110
27
Known:
IP Address: 221. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 5
Subnet Number: 15
Subnet Host Number: 5

Address.
Address Class C
purposes.
Borrowing 5 bits creates the following subnet mask
11111000
Subnet Mask 248
Converted to decimal = 248 Subnet Mask =
255.255.255.248
This is subnet number 15, so binary 15 is plugged
Subnet Network into the subnet portion
120
Address 01111000
This is subnet host 5, so binary 5 is plugged into the
host portion
IP Address 125 01111101
Converted to decimal = 125 IP Address =

221.241.154.125
25 = 32
Subnet Hosts
Created
23 = 8
Subnet Broadcast
127 number:
Address
01111111
Another way of doing the above problem is by using the Magic Number (MR).
The Magic Number = 2bits remaining
Known:
IP Address: 221. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 5
Subnet Number: 15

Address.
Address Class C
purposes.
Magic Number 8 23 = 8

11111000
Subnet Mask 248
Converted to decimal = 248 Subnet
Address = 221.241.154.248
MR x Subnet # = 4th Octet
Subnet Network
120 8 x 15 = 120 Subnet Network
Address
Address = 221.241.154.120
(MR + Subnet #) + Host # = 4th Octet
IP Address 125 (8 x 15) + 5 = 125 IP
Address = 221.241.154.125
25 = 32
Subnet Hosts
Created
23 = 8
(MR x Subnet #) + (MR - 1) = 4th Octet
Subnet Broadcast
127 (8 x 15) + (8 - 1) = 127 Subnet Broadcast
Address
Address = 221.241.154.127
28
Known:
IP Address: 220. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 4
Subnet Number: 14

Address.
Address Class C
purposes.
11110000
Subnet Mask 240
255.255.255.240
224
Address 11100000
This is subnet host 14, so binary 14 is plugged into
the host portion
IP Address 238 11101110
199.241.154.238
24 = 16
Subnet Hosts
Created
24 = 16
Subnet Broadcast
239 number:
Address
11101111
Known:
IP Address: 220. 241. 154. ___
Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 4
Subnet Number: 14

Address.
Address Class C
purposes.

11110000
Subnet Mask 240
Mask = 255.255.255.240
Subnet Network
Address
Address = 220.241.154.224
IP Address 238 (16 x 14) + 14 = 238 IP
Address = 220.241.154.238
24 = 16
Subnet Hosts
Created
24 = 16
Subnet Broadcast
Address
Address = 220.241.154.239
29
Known:
IP Address: 220. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 6
Subnet Number: 30

Address.
Address Class C
purposes.
11111100
Subnet Mask 252
255.255.255.252
120
Address 01111000
This is subnet host 3, so binary 3 is plugged into the
host portion
IP Address 123 01111011
220.241.154.123
26 = 64
Subnet Hosts
Created
22 = 4
Subnet Broadcast
123 number:
Address
01111011
Known:
IP Address: 220. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 6
Subnet Number: 30

Address.
Address Class C
purposes.

11111100
Subnet Mask 252
Mask = 255.255.255.252
Subnet Network
Address
Address = 220.241.154.120
IP Address 123 (4 x 30) + 3 = 123 IP
Address = 220.241.154.123
26 = 64
Subnet Hosts
Created
22 = 4
Subnet Broadcast
Address
Address = 220.241.154.123
30
Known:
IP Address: 220. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 2
Subnet Number: 2
Address.
Address Class C
purposes.
11000000
Subnet Mask 192
255.255.255.192
This is subnet number 2, so binary 2 is plugged into
Subnet Network the subnet portion
128
Address 10000000
This is subnet host 54, so binary 54 is plugged into
the host portion
IP Address 182 10110110
220.241.154.182
22 = 4
Subnet Hosts
Created
26 = 64
Subnet Broadcast
191 number:
Address
10111111
Known:
IP Address: 220. 241. 154. ___

Subnet Mask: 255. 255. 255. ___
Bits Borrowed: 2
Subnet Number: 2

Address.
Address Class C
purposes.

11000000
Subnet Mask 192
Mask = 255.255.255.192
Subnet Network
Address
Address = 220.241.154.128
IP Address 182 (64 x 2) + 54 = 182 IP
Address = 220.241.154.182
22 = 4
Subnet Hosts
Created
26 = 64
Subnet Broadcast
Address
Address = 220.241.154.191
IP Addressing
Each node using the TCP/IP protocol suite has a unique 32-bit logical address. This
address is known as the IP address and is expressed in 32-bit dotted-decimal
format.
Each router interface or device must be configured with an IP address.
The address can not be all one's or zero's.
Each company on the Internet is viewed as a single unique network that must be
reached before an individual host on that network can be reached.
Private addressing can be used internally, but at least one public address is
required to get out to the Internet. This is usually known as the gateway.
Routers all have routing tables containing addresses to networks, no host
information is usually contained.
An IP address and a subnet mask in an IP network host address achieve three
purposes:
1. Enables the host to process the receipt and transmission of packets
2. Specify the host's local IP address
3. Specify a range of IP addresses that share the cable with the
host
Broadcast messages are intended to be seen by every host on the network
Flooded broadcast messages, 255.255.255.255, will not be forwarded by the router
and are considered a local broadcast
Directed broadcast messages are directed to a specific network are allowed and
forwarded
Router Address Configuration Commands
The ip address command, in the interface configuration mode, is used to establish

the logical IP address of an interface
Router(config-if)# ip address ip-address subnet-mask
The term ip command, in the interface configuration mode, is used to specify the
format of the network masks in all interfaces for the current session
Router(config-if)# term ip netmask-format
Format options for the term ip command are:
Bit count
Dotted decimal (the default)
Hexadecimal
The ip host command makes a name to address conversion in the routers
configuration table
Router(config-if)# ip host computer1 174.17.1.101
The ip name-server command defines which hosts can provide the name
service. Up to six servers can be specified.
Router(config-if)# ip name-server server-address1
To map domain name to IP addresses:
The host names must be identified

A name server must be specified
DNS must be enabled
Domain Name Service (DNS) is enabled by default with a server address of

255.255.255.255, a local broadcast
The command no ip-domain-lookup turns off name-to-address translation in the
router
Router(config-if)# no ip domain-lookup
Router(config-if)# ip domain-lookup (This command will enable domain
lookup)
The show hosts command displays the cached list of hostnames and addresses
Show Hosts Fields Description
Host Names of learned hosts

Descriptions of how information was learned and its current
Flag
status
perm Manually configured in a static host table
temp Acquired from DNS use
OK Entry is current
EX Entry has aged out or expired
Age Time, measured in hours, since software referred to the entry
Type Protocol field
Address(es) Logical address associated with the name of the host
Router Address Verification
Since address problems are the most common problems that occur on IP networks, it
is important to verify the addresses before completing the configuration.
The three commands used to verify addressing are:
telnet Verifies the application layer software between source and destination
stations. This is the most complete testing
mechanism available.
ping Uses the ICMP protocol to verify the hardware connection and the logical
address at the Internet layer. This is a
very basic command and the most common means of testing IP
connectivity.
trace Uses TTL values to generate messages from each router used along the
path. This is a very powerful command used
to locate failures in the path from the source to the destination.
Ping Command Response Values

Character Definition
! Successful receipt of an echo reply
. Timed out waiting for a datagram reply
U Destination unreachable error
C Congestion-experienced packet
I ping interrupted (ctrl - shift - 6 X)
? Packet type unknown
& Packet TTL exceeded
Extended ping mode is used to specify supported Internet header options which are
valuable for advanced troubleshooting.
The graphic below show the options available.
The trace command reaches the target destination, as asterisk (*) is reported at the
display. In other cases, the asterisk indicates a timeout in response to one of the
probe packets. Other response values are included in the table below.
Trace Command Response Values

Response Definition
The probe was received by the router but
!H not forwarded, which is usually due to an
access list
P The protocol was unreachable
N The network was unreachable
U The port was unreachable
* Timed out
Magic Number Subnetting
Subnetting Class B Addresses
Solve for the unknowns in the problems below using the "Magic Number"
process. The unknowns are highlighted in yellow, all given values are in
black.
IP Address: 199.241.154.153
Subnet Mask: 255.255.255.192
Class: C
Bits Borrowed: 2
Subnets
4
Created:
Hosts Created: 64
Magic Number: 64
Useable
2
Subnets:
Useable Hosts: 62
Network
Subnet 2
Number:
Network
Subnet Host 25
Number:
Subnet
Network 199.241.154.128
Address:
Subnet
Broadcast 199.241.154.191
Address:
1. The first thing needed to solve the problem is the address class. This
will determine how many octets will be involved in the process. Since
the fist octet of the IP Address is 199, we know this is a class C
address.
2. Based on the 4th octet of the Subnet Mask, 192, we know the 2 bits
were borrowed.
3. To find the Subnets Created, the formula 2 # of bits borrowed is used. 22 =
4
4. To find the Hosts Created, the formula 2 # of bits remaining is used. 26 =
64
5. The Magic Number is simply equal to the number of hosts, 64
6. The Usable Subnets is 4 - 2 = 2
7. The Usable Hosts is 64 - 2 = 62
8. To find the Network Subnet and Subnet Network Host Number, the
formula below is used:
9. The Subnet Broadcast Address is found using the formula, (MR x
Subnet #) + (MR -1)
10. That gives us, (64 x 2) + (64 - 1) = 128 + 63 = 191
IP Address: 199.241.154.167
Subnet Mask: 255.255.255.248
Class: C
Bits Borrowed: 5
Subnets
32
Created:
Hosts Created: 8
Magic Number: 8
Useable
30
Subnets:
Useable Hosts: 6
Network
Subnet 20
Number:
Network
Subnet Host 7
Number:
Subnet
Network 199.241.154.160
Address:
Subnet
Broadcast 199.241.154.167
Address:
address.
2. Based on the 4th octet of the Subnet Mask, 248, we know the 5 bits
were borrowed.
32
4. To find the Hosts Created, the formula 2 # of bits remaining is used. 23 = 8
8. To find the Network Subnet and Subnet Network Host Number, the
formula below is used:
Subnet #) + (MR -1)
10. That gives us, (8 x 20) + (8 - 1) = 160+ 7 = 167
47
IP Address: 220.241.154.68
Subnet
255.255.255.240
Mask:
Class: C
Bits
4
Borrowed:
Subnets
16
Created:
Hosts
16
Created:
Magic
16
Number:
Useable
14
Subnets:
Useable
14
Hosts:
Network
Subnet 4
Number:
Network
Subnet Host 4
Number:
Subnet
Network 220.241.154.64
Address:
Subnet
Broadcast 220.241.154.79
Address:
address.
2. It is given that 4 bits were borrowed, so the 4th octet of the subnet
would be 240
16
16
8. To find the Subnet Network Address the formula, MR x Subnet
Number. 16 x 4 = 64
Subnet #) + (MR -1)
10. That gives us, (16 x 4) + (16 - 1) = 64 + 15 = 79
11. To find the 4th octet of the IP address the formula is, MR x
Subnet # + Host #. 16 x 4 + 4 = 68
48
IP Address: 220.241.154.125
Subnet Mask: 255.255.255.248
Class: C
Bits Borrowed: 5
Subnets
32
Created:
Hosts Created: 8
Magic Number: 8
Useable
30
Subnets:
Useable Hosts: 6
Network
Subnet 15
Number:
Network
Subnet Host 5
Number:
Subnet
Network 220.241.154.120
Address:
Subnet
Broadcast 220.241.154.127
Address:
address.
2. It is given that 5 bits were borrowed, so the 4th octet of the subnet
would be 248
32
4. To find the Hosts Created, the formula 2 # of bits remaining is used. 23 = 8
8. To find the Subnet Network Address the formula, MR x Subnet
Number. 8 x 15 = 120
Subnet #) + (MR -1)
10. That gives us, (8 x 15) + (8 - 1) = 120 + 7 = 127
11. To find the 4th octet of the IP address the formula is, MR x
Subnet # + Host #. 8 x 15 + 5 = 125
Subnetting Class B Addresses

The formulas change depending on the number of bits borrowed and so does
the level of complexity!
All of the 3rd octet and some of the 4th octet. Complexity = medium
All of the 3rd octet and none of the 4th octet. Complexity = low
Some the 3rd octet and none of the 4th octet. Complexity = high
Solve for the unknowns in the problems below using the "Magic Number"
process. The unknowns are highlighted in yellow, all given values are in
black.
67
IP Address: 155.10.15.123
Subnet Mask: 255.255.255.224
Class: B
Bits Borrowed: 11
Subnets
2048
Created:
Hosts Created: 32
Magic Number: 32
Useable
2046
Subnets:
Useable Hosts: 30
Network
Subnet 123
Number:
Network
Subnet Host 27
Number:
Subnet
Network 155.10.15.96
Address:
Subnet
Broadcast 155.10.15.127
Address:
the fist octet of the IP Address is 155, we know this is a class B
address.
2. Based on the 3rd and 4th octet of the Subnet Mask, 255 and 224, we
know the 11 bits were borrowed.
2048
32
8. To find the IP Address for the 3rd and 4th Octet, the formula below is
used:
9. The Subnet Network Address is found using the formula below.

9. The Subnet Broadcast Address is found using the formula below.
The easiest Class B formula is when all of the 3rd octet is borrowed and
none of the 4th.
IP Address:
155. 10.
15.123
Subnet Mask: 255.255.255.0
Class: B
Bits Borrowed: 8
Subnets Created: 256
Hosts Created: 256
Useable Subnets: 254
Useable Hosts: 254
Network Subnet
Number:
15
Network Subnet
123
Host Number:
Subnet Network
155.10.15.0
Address:
Subnet Broadcast
155.10.15.255
Address:
Network Subnet Number = IP of the 3rd Octet

Network Subnet Host Number = IP of the 4th Octet
Subnet Network Address is found by replacing the 4th Octet with 0
Subnet Broadcast Address is found by replacing the 4th Octet with 255
Routing, Routing Protocols and

Troubleshooting
ROUTING
Path determination for traffic going through a network cloud occurs at the
network layer (Layer3)
The network layer provides best-effort end-to-end packet delivery across

interconnected networks
In the diagram below, each line number represents a address that a router
will use for forwarding packets
The router uses the network address to identify the destination network of
a packet within an internetwork
A router generally uses a path determination or a switching function to

relay a packet from one data link to another
The router uses the network portion of the address to select the most
appropriate path to pass the packet to the next router and the switching
function allows the router to forward the packet from one interface to
another
A routed protocol is any network protocol that provides enough

information in its network layer address to allow a packet to be forwarded
from one host to another based on the addressing scheme
A routing protocol provides mechanisms for sharing routing information

between routers. RIP, IGRP, EIGRP and OSPF are examples
At each router hop, the routers network layer examines the incoming
packets layer 3 header to determine the destination network and then
references the routing table, encapsulates the packet again and queues for
delivery to the next hop
Since routers are capable of supporting independent routing protocols and

maintaining routing tables for several routed protocols, they are capable of
delivering packets from several routed protocols over the same data links
Static routes are administered manually, and allows information to be

revealed specified
Dynamic routes are automatically updated by a routing process
whenever new information is received for the internetwork
A default route directs packets to the next hop when that hop is not
explicitly listed in the routing table
Dynamic routing success depends on:
1. Maintenance of a routing table

2. Timely distribution of knowledge, in the form of routing
updates, to other routers
A routing protocol defines the set of rules used by a router when it

communicates with neighboring routers
1. How to send updates

2. What knowledge is contained in these updates
3. When to send this knowledge
4. How to locate recipients of the updates
Metrics that are most commonly used by routers are:
1. Bandwidth - The data capacity of a link

2. Delay - The length of time required to move a packet along
each link from source to
destination
3. Load - Amount of activity on a network resource such as a
router or link
4. Reliability - Usually a reference to the error rate of each
network link
5. Hop Count - The number of routers that a packet must travel
through before reaching its
destination
6. Ticks - The delay on a data link using IBM PC clock ticks
7. Cost - An arbitrary value, usually based on bandwidth,
monetary expense, or other
measurement, that is assigned by a network administrator
Convergence is when all routers on a internetwork are all operating with
the same knowledge
Distance Vector Routing requires each router receives a routing table

from its directly connected neighboring routers
In the above diagram, each router discovers the best path to destination
networks based on the information they receive from each neighbor. Each
network table entry has an accumulated distance vector to show how far
away that network is in a given direction.
Routing Loops can occur if a network's slow convergence on a new

configuration causes inconsistency routing entries
To keep a routing protocol from looping endlessly, distance vector

protocols define a specific arbitrary maximum number of hops
Another way to reduce routing loops and speed up convergence is through

the technique called split horizon. Information about a route is never sent
back in the direction it was received.
Hold-down timers are used to prevent regular update messages form

inappropriately reinstating a route that might have gone bad
Link-State Routing uses the following:
1. Link-state advertisements (LSAs)

2. A topological database
3. The Shortest Path First (SPF) algorithm and the resulting SPF
tree
4. A routing table of paths and ports to each network
As shown above, whenever a link-state topology changes, the routers that

first become aware of the change send a new LSA to other routers or to a
designated router that all other routers can use for updates.
In most cases running link-state routing protocols use more memory and
perform more processing than distance-vector routing protocols
Bandwidth is also a concern during the initial discovery process when

packet flooding occurs
Distance-Vector and Link-State Operational Qualities
Distance-Vector Link-State
Views network topology Gets common view of entire

from neighbors perspective network topology
Adds distance vectors from Calculates the shortest path to

router to router other routers
Frequent periodic updates, Event-triggered updates, fast

slow convergence convergence
Passes copies of routing Passes link-state routing updates to
table to neighbor routers other routers
A Balanced Hybrid type of routing protocol combines aspects of both

distance-vector and link-state routing. This protocol converges rapidly and
uses fewer resources such as bandwidth, memory, and processor
overhead.
No matter what protocol is used, all routers must be capable of seamlessly

handling packets encapsulated into different lover-level frames without
changing the packets Layer 3 addressing
LAN-to-LAN Routing
The LAN hosts depend on the router and its consistent network addressing
to find the best path. Although the lower layer framing must change as the
router passes packet traffic from Ethernet on Network 1 to Token Ring on
Network 2, the Layer 3 addressing for source and destination remains the
same.
LAN-to-WAN Routing
The network layer must relate to and interface with various lower level
layers for LAN-to-WAN traffic. Routers enable LAN-to-WAN packet flow by
keeping the end-to-end source and destination addresses constant while
encapsulating the packet in data link frames, as appropriate, for the next
hop along the path.
Routers are extremely versatile devices that are responsible for the very
existence of the Internet.
ROUTING PROTOCOLS
Each router interface must be configured with an IP address and subnet

mask
Routers maintain an address-to-port association table
Routers learn paths to destinations three different ways:
Static Routes - Manually defined as the next hop to a

destination
Default Routes - Manually defined as the path to take when
there is no known route to the
destination
Dynamic Routing - The router learns of paths to destinations by
receiving periodic updates
from other routers
The ip route command sets up a static route and uses the following
syntax:
ip route network [mask] {address | interface} [distance]
network Destination network or subnet
mask Subnet mask
address IP address of next-hop router
Name of interface to use to get to

interface
destination network
distance The administrative distance
The ip default-network command establishes a default route by using the

following syntax:
ip default-network network-number
Exterior routing protocols are used for communication between
autonomous systems
Interior routing protocols are used within single autonomous systems
An autonomous system consists of router run by one or more

administrators, that present a consistent view of routing to the external
world
Interior IP routing protocols include the following:
RIP - a distance vector routing protocol

IGRP - Cisco's distance vector routing protocol
OSPF - A link state routing protocol
EIGRP - A balanced hybrid routing protocol
The selection of an IP routing protocol involves setting both global and

interface parameters
Global tasks include selecting a routing protocol, either RIP or IGRP, and
indicating IP network number by way of specific subnet entries
The interface task is to assign network/subnet addresses and the

appropriate subnet mask to each interface
The router command starts a routing process
Router(config)# router protocol {keyword}
The network command is required because it enables the touring

processes to determine which interfaces will participate in sending and
receiving routing updates
Router(config)# network network-number
protocol This is either RIP, IGRP or Enhanced IGRP

This could be an autonomous system, which is used with protocols
that requires an autonomous system, such as IGRP. The network
network command is required because it allows the routing process to
determine which interfaces will participate in the sending and
receiving of routing updates
network-
This is a directly connected network
number
RIP includes the following key characteristics:
- It is a distance-vector routing protocol

- Hop count is used as the metric for path selection
- If the hop count is greater than 15, the packet is discarded
- By default, routing updates are broadcast every 30 seconds
The router rip command selects RIP as the routing protocol and starts the
dynamic routing process
The show ip protocol command displays values of routing timers and

network information pertaining to the router
Router> show ip protocol
The show ip route command displays the contents of the IP routing table
along with a code that indicates how that information was learned
Router> show ip route
IGRP is a distance-vector routing protocol developed by Cisco. IGRP

sends routing updates at 90-second intervals, advertising networks for a
particular autonomous system.
IGRP includes the following key characteristics:
- Versatility that enables it to automatically handle

indefinite, complex, topologies
- Flexibility for segments that have different bandwidth and
delay characteristics
- Scalability for functioning in very large networks
The IGRP routing protocol uses two metrics: bandwidth and delay
IGRP can be configured to use a combination of variables to determine a

composite metric. The variables include the following:
- Bandwidth
- Delay
- Load
- Reliability
The router igrp command selects IGRP as a routing protocol and starts
the dynamic routing process
Router(config)# router igrp autonomous-system

(The autonomous system identifies the IGRP router
processes that will share routing
information)
The show ip protocol command will display the algorithm used to calculate
the routing metric for IGRP
By default, the values of the constants K1 and K3 are set to 1. K2, K4 and
K5 values are defaulted to 1.
Router> show ip protocols
Routing Protocol is igrp 300

Sending updates every 90 seconds,
next due in 55 seconds
Invalid after 270 seconds, hold down
280, flushed after 360
Outgoing update filter list for all
interfaces is not set
Incoming update filter list for all
interfaces is not set
Default networks flagged in outgoing
updates
Default networks accepted from
incoming updates
IGRP metric weight K1=1, K2=0, K3=1,
K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing igrp 300
Routing for Networks:
183.8.0.0
144.253.0.0
Routing Information Sources
Gateway Distance
Last Update
144.253.100.1 100
0:00:52
183.8.128.12 100
0:00:43
183.8.64.130 100
0:00:02
Distance: (default is 100)
The show ip interfaces command displays the status and global

parameters associated with all IP interfaces
Router> show ip interfaces
The show ip route command displays the contents of the IP routing table
Router> show ip route
The debug ip rip command displays RIP routing updates as they are sent
and received
Router# debug ip rip
Caution should be used running the debug commands; they are processor
intensive and can decrease network performance or cause loss of
connectivity
To turn off debug, the command no debug ip rip or no debug all can be
used
TROUBLESHOOTING
Common Layer 1, Layer 2, and Layer 3 issues:

Layer 1
Broken cables
Physical
Disconnected cables
Cables connected to the wrong ports
Intermittent cable connections
Cables incorrectly terminated
Wrong cables used for the tasks at hand (must use cross-
connects, rollovers, and straight-through cables correctly)
Transceiver problems
DCE cable problems
DTE cable problems
Devices powered off
Layer 2 Data
Improperly configured serial interfaces
Link
Improperly configured Ethernet interfaces
Incorrect clock rate settings on serial interfaces
Improper encapsulation set on serial interfaces (HDLC is default)
Faulty NIC
Layer 3
Routing protocol not enabled
Network
Wrong routing protocol enabled
Incorrect network/IP address
Incorrect subnet masks
Incorrect interface addresses
Incorrect DNS-to-IP bindings (host table entries)

Wrong autonomous system number for IGRP
General Model For Troubleshooting
Step 1: Define the problem. What are the symptoms and the potential
causes?
Step 2: Gather the facts. Isolate the possible causes.
Step 3: Consider the possibilities. Based on the facts gathered, narrow

the focus to areas relevant to the
specific problem. This is the step where you sent the boundaries
for the problem.
Step 4: Create an action plan. Devise a plan in which you manipulate

only one variable at a time.
Step 5: Implement the action plan. Perform each step carefully while
testing to see if the symptom
disappears.
Step 6: Observe the results. Determine whether you resolved the

problem. If so, the process is
complete.
Step 7: Repeat the process. If you did not resolve the problem, move to
the next most likely cause on
your list. Return to step 4, and repeat the process until you solve
the problem.
ARP Problems:
An ARP entry could be corrupted

An interface might have been changed out and the ARP entry has not been
updated
Use commands that can help you isolate the problem:

From the router:
show ip route
ping
show int s0 (or s2,e1,etc.)
show arp
show run
traceroute
From the PC:
ipconfig
winipcfg
tracert
ping
telnet
netstat -rn
route add
arp -a
To display a list of the routes on a Windows PC:
C:\>netstat -rn
Route Table
Active Routes:
Network Address Netmask Gateway
Address Interface Metric
0.0.0.0 0.0.0.0 168.71.8.10
168.71.8.2 1
168.71.8.0 255.255.255.0 168.71.8.1
168.71.8.2 1
168.71.8.2 255.255.255.255 127.0.0.1
127.0.0.1 1
168.71.0.0 255.255.0.0 168.71.8.1
168.71.8.2 1
168.71.255.255 255.255.255.255 168.71.8.2
168.71.8.2 1
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
224.0.0.0 255.0.0.0 168.71.8.2
168.71.8.2 1
255.255.255.255 255.255.255.255 168.71.8.2
168.71.8.2 1
Active Connections
Proto Local Address Foreign Address State
The following will flush existing gateways and add a new gateway
dynamically at the DOS prompt:
C:\>route -f add 0.0.0.0 mask 0.0.0.0 168.71.8.1
C:\>netstat -rn
Route Table
Active Routes:
Network Address Netmask Gateway
Address Interface Metric
0.0.0.0 0.0.0.0 168.71.8.1
168.71.8.2 1
168.71.8.0 255.255.255.0 168.71.8.1
168.71.8.2 1
168.71.8.2 255.255.255.255 127.0.0.1
127.0.0.1 1
168.71.0.0 255.255.0.0 168.71.8.1
168.71.8.2 1
168.71.255.255 255.255.255.255 168.71.8.2
168.71.8.2 1
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
224.0.0.0 255.0.0.0 168.71.8.2
168.71.8.2 1
255.255.255.255 255.255.255.255 168.71.8.2
168.71.8.2 1
Active Connections
Proto Local Address Foreign Address State
Remember that these commands are only temporary. Rebooting the PC

restores the defaults.

Lecture Notes

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Lecture Notes

Transféré par

Droits d'auteur :

Formats disponibles

Cisco 1 Review

Network Enterprise = a collection of computers working in a collection of networks for an

The job of the Network Administrator is to:

Interconnection LANs so geographically remote services can be accessed

OSI Model Review

Reason for a layer model:

Host vs. Media Layer

Media Data Link

OSI Individual Layers

Provides network services to applications that users use

Coverts user data to computer data

Responsible for opening a connection

Responsible for the three way handshake – synchronization of the connection

Responsible for logical addressing and path determination

Provides access to the media (wires)

Deterministic – Token Ring

Carries bits, signals

Encapsulation – Peer-to-Peer Communications

Email example of the encapsulation process:

LAN Devices and Technologies

Layer 2, Data Link, device

Layer 2, Data Link, device

Layer 1 ,Physical, device

Token Ring – a fading technology

10Base2 – max length 185 meters

Uses broadcast technology

Listens for a quiet time on the line to transmit

ARP – Address Resolution Protocol

Helps machines to resolve MAC addresses

TCP and UPD

Transmission Control Protocol User Datagram Protocol

32-bits at the Network layer broken into 4 octets

N HHH 1 Network octet, 3 Host octets

NN HH 2 Network octets, 2 Host octets

224 = 16,384 network addresses 216 = 65,534 hosts

NNN H 3 Network octets, 1 Host octet

221 = > 2 million network addresses 28 = 254 hosts

WANS and ROUTERS

WAN Connect Devices

Internal - small LANs, stay internal to one area

WAN Bandwidth Switches

Used primarily by ISPs

Also referred to as CSU/DSU (Channel Service Unit/Digital Service Unit)

Primarily used by ISPs and large corporation

Protocols that describe how to provide electrical, mechanical and functional

Describes how frames are carried between systems on a single link

High quality, digital facilities

T Series and E Series

xDSL (Digital Subscriber Line)

SONET (Synchronous Optical Network)

OC-1 to OC-192; very high bandwidth

Uses the same cable as Television

Can serve remote and mobile

ATM (Asynchronous Transfer Mode)

SMDS (Switched Multimegabit Data Service)

- Closely related to ATM

Stores routing tables

Power on diagnostics, a bootstrap program, operating system software

Network connection through which packets enter and exit

Router Basics: Commands/Configurations

User EXEC Mode

View only mode

Privileged EXEC Mode