Académique Documents
Professionnel Documents
Culture Documents
Application
File, Print, database, apps,web
Presentation
Encryption, compression, translations, ebdic etc.
Session
Dialog control - nfs, sql, rpc , Connection establishment, data transfer,
connection release
Transport
End to end connection, Flow control, Data integrity, Retransmissions
Segments re-ordered before delivery, Make / tear down virtual circuits
Network
Routing , Map of network (logical)
Data Link
Framing
Ensures messages delivered to correct device
MAC - Media Access Control
Framing with header & trailer. contains MAC address of source & destination
Media Access - method of communicating with Physical medium
Logical Topology - eg Star shaped "ring" in TR
error detection
LLC - Logical Link Control
Optional
Flow control with stop/start codes
error correction
Destination Service Access Point (DSAP) and Source SAP allow upper-layers to
work over different LANs by providing comms between Network & data/physical
layers regardless of physical/logical actually used
Physical
Physical topology
DTE - Data terminal equipment = router etc.
DCE - Data circuit terminating equipment @ service provider
DTE connects through modem or Channel / data service unit (C/DSU)
Connection oriented / Connectionless
Connectionless
Not guarenteed delivery
IPX or UDP
IP. TCP adds flow control & reliability at Transport layer
Connection oriented
Uses a virtual cicuit
Still not guarenteed but has flow control, relability, error checking
SPX,TCP
Data link addresses / network addresses
Data link = hardware = mac address
Network address = logical = IP or IPX address = Network layer
internetworks created with routers from logical addresses
Router places packet in frame with dest. mac address or next hop
Reasons for layered model
Divides complexity into sections
Uses standard interfaces to ease interoperability
Developers can change one layers features without others
It allows specialisation
Eases troubleshooting
5 conversion steps of data encapsulation
Each layer encapsulates layer above until full packet formed
Application produces data
Presentation encodes it
Session layer syncs the session with remote
Transport layer transports to remote host using: : Segment
Network layer to add routing info. : Packet / datagram
Data link layer frames packet : Frame
Physical puts the bits on the medium
Flow control /Buffering
Packets Q up in router buffers awaiting data link layer
Packets lost if buffer overflows
Source-Quench messages
Help prevent buffer overflow
Asks source to slow down
Receiving packets, gets too many so starts discarding.
Each time segment dropped send source quench message
source receives source-quench message and slows down sending until it no
longer receives them then starts increasing speed until it gets them again.
Windowing
Destination ack's every n segments having agreed a window of n
Sourcesends 3 packets
Dest. received 3 packets, sends ack.
source recvs ack so sends 3 more segments
if source does not get ack it sends 3 packets again after a timeout, sending at a
slower rate.
Internetworking functions of OSI model
Packets, frames, routing
Chapter 2, WAN Protocols
Differentiate between types
Frame Relay
High performance
Physical & Data link levels
Designed for ISDN
Error correction is for higher levels
Connection oriented PVC's
Frame Relay VCis 2x DTE with packet switched network inbetween, eah VC is
identified by a Data Link Connection Identifier (DCLI)
ISDN - Integrated Services Digital Network
Physical, Data Link, Network, Transport Layers
set of comms protocols
HDLC - ISO standard
Data Link Layer, bit based for sync. serial links
High Level Data Link control
Cisco HDLC Won't communicate with any other vendor's
PPP
Async or Sync
Uses Link Control Protocol to build data link connections
Compression
CHAP / PAP authentication
Uses NCP to support IPX, IP, Appletalk, Decnet etc.
Frame Relay Terms
CO - Central Office
CPE - Customer Premise Equipment
DCE
DTE - typically routers
DLCI
demarc - Termination point of service provider's cable
PSE - packet switch exchange
PVC SVC
local loop - demarc to CO
Frame Relay config
Subinterfaces
int s0.## [multipoint] / [point-to-point]
as many as needed, 0 to 32 bit value
p-2-p are for single virtual circuit, multi are when router is at centre of star
Mapping
int s0.16 point-to-point
encap frame-rela ietf
no inverse-arp
ip address 172.16.30.1 255.255.255.0
frame-relay map ip 172.16.30.17 20 cisco broadcast
frame-relay map ip 172.16.30.18 30 broadcast
frame-relay map ip 172.16.30.19 40 broadcast
standard
access-list [number] [permit / deny] [source] [dest]
access-list ? gives list of numbers
800-899 = standard ipx
eg access-list 810 permit 30 10
access-list 810 deny 50 10
allows net 30 access to 10 but 50 not allowed access to 10
all other networks denied access to 10 too
other way:
access-list 811 deny 50 10
access-list 811 permit -1 -1
int e0
ipx access-group 811 out
^z
-1 in ipx list =ip "any"
extended
access-list [no.] permit / deny] [protocol] [source] [socket] [dest] [socket]
900-999 = ex ipx.
access-list 910 permit -1 -1 0 -1 0 log
can now filter on sap, ipx, spx, socket no. etc.
if any access list in usethen automatic deny any atend of lis
sap filters
access-list [#] [perm deny] [source] service type
1000-1099 = sap filter
config t
access-list 1010 permit [ipx no.].mac.mac.mac 0
0 matche all services
int e0
ipx input-sap-filter 1010
^z
Apply access list to port with
config t
int s0
ipx access-group # [in/out]
CHAPTER 5 - Routing!
RIP
enforces rule that says routing info. cannot be sentback the way it came.
rout poisoning
enter down network as 16 = unreachable = infinite
therefore router does not listen to other routers saying net is up until it can see it,
at which point it will tell it's neighbours
hold-downs
work with rout poisoning
prevents rapid change, allows downed route to come back up
triggered updates
hold down tme xpires
hold down timer receives update saying net status has changed
static routes
can also cause loop if bad!
1-99
acc list # perm/deny 10.0.0.5 0.0.0.0
in and out are routers perspective, ie out of router
ip access-group ## [in/out] (witin config t, int e0)
wildcard matching: std, ext : reverse subnet mask, eg 0.0.0.255
extended on source, dest, ip, protocol
100-199
acc list # perm/deny protocol source dest port
access-list 110 permit tcp host 172.x.x.x host y.y.y.y eq 8080
access-list 110 permit tcp 172.x.x.0 host y.y.y.y eq 8080
access-list 110 permit tcp any any eq ww
host is same as x.x.x.x 0.0.0.0
any is 0.0.0.0 255.255.255.255
port is port no. or well known service name, www, smtp, pop3 etc.
protocol is udp, tcp, icmp when filtering by port.
monitoring access lists
show access-lists
shows all running
shows each line & no. of packets that matched!
sh ip access-list
shows only ip access lists
sh log
add log to end of command, will log:
acc list #, source addr/port, dest addr/port, no. of packets
can be redirected to syslog server
clear access-list counters [#]
show run conf and sh ip int e0 show which access lists on port
sh access-list ## shows just ##
CHAPTER 7 - LAN SWITCHING
port config switching
software based
frame switching
multiple simaltaneous
catalysts
cell switching
atm, 53 byte cells
full duplex
bridges
switches
100baseX
2 class ii repeaters
tx = 100m fx=412 metres h. duplex
store &forward
used by catalyst
stp, sta
vlans
cat 3000,5000
Inter switch link (ISL)
unique id header of each frame
id removed before exiting switch except via isl
data link layer
frame addresses change after each router
packet logical addresses do not change