Académique Documents
Professionnel Documents
Culture Documents
1
connectée, statique, dynamique)
• Interpréter une entrée réseau distante dans une table de routage IPv4
• Interpréter une entrée réseau directement connectée dans une table de routage IPv4
• Expliquer les principales différences entre le routage statique et dynamique
• Reconnaître les entrées de routage dynamiques dans la table de routage d'un routeur
1
Chapter 1 - Sections & Objectives
1.1 Router Initial Configuration
• Configure a router to route between multiple directly-connected networks.
• Describe the primary functions and features of a router.
• Connect devices for a small, routed network.
• Configure basic settings on a router to route between two directly-connected networks, using
CLI.
• Verify connectivity between two networks that are directly connected to a router.
1.2 Routing Decisions
• Explain how routers use information in data packets to make forwarding decisions in a small to
medium-sized business network.
• Explain the encapsulation and de-encapsulation process used by routers when switching
packets between interfaces.
• Explain the path determination function of a router.
2
Chapter 1 - Sections & Objectives
1.3 Router Operation
• Explain how a router learns about remote networks when operating in a small to
medium-sized business network.
• Explain routing table entries for directly connected networks.
• Explain how a router builds a routing table of directly connected networks.
• Explain how a router builds a routing table using static routes.
• Explain how a router builds a routing table using a dynamic routing protocol.
3
1.1 Router Initial Configuration
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
1 – Routing Concepts
1.1 – Router Initial Configuration
4
Router Functions
Characteristics of a Network
Networks are relied on for web
applications, IP telephony, video
conferencing, interactive gaming, e-
commerce, and much more.
Characteristics referred to when
discussing networks:
• Topology
• Physical topology – arrangement of the cables,
network devices, and end systems; it describes how
the network devices are actually interconnected with
wires and cables
• Logical topology – describes the path over which the
data is transferred in a network and how the
network devices appear connected to network users
• Speed – measure of the data rate in bits
per second (b/s) of a given link in the
network
5
Router Functions
Characteristics of a Network (Cont.)
• Cost – general expense for purchasing of
network components as well as installation
and maintenance of the network
• Security – indicates how protected the
network is, including the information that is
transmitted over the network
• Availability – refers to the likelihood that the
network is available for use when it is required
• Scalability – indicates how easily the network
can accommodate more users and data
transmission requirements as they increase
• Reliability – indicates the dependability of the
components that make up the network
including the routers, switches, PCs, and
servers; often measured as MTBF (mean time
between failures)
6
Router Functions
Why Routing?
Router:
• Connects one network to another
network
• Determines the best route to the
destination before forwarding
traffic to the next router along
the path
• Responsible for routing traffic
between network
• Routing table used to determine
the most efficient path to reach
the destination
7
Router Functions
Routers Are Computers A router is a specialized computer and
requires the same components to
operate as computers including:
• Central Processing Unit (CPU)
• Operating System (OS)
• A desktop computer might use the Windows
Operating System, but a Cisco Router uses the Cisco
Internetwork Operating System (IOS).
• Memory and storage (RAM, ROM, NVRAM,
Flash, hard drive)
• Non-volatile vs. volatile memory
• Which one requires constant power to retain
content?
8
Router Functions
Routers Are Computers (Cont.)
9
Router Functions
Routers Interconnect Networks
Router is responsible for forwarding
packets from network to network, from
the source to the destination
Multiple networks on a router require
multiple interfaces that each belong to
a different IP network
• These interfaces are used to connect:
• LANs – Ethernet networks that contain PCs,
printers, and servers
• WANs – used to connect networks over large
geographical areas such as to an ISP
10
Router Functions
The primary functions of a router are to:
Routers Choose Best Paths • Determine the best path to send packets
• Forward packets toward their destination
11
Connect Devices
Connect to a Network
Home Office devices might
connect as follows:
• Laptops and tablets connect
wirelessly to a home router.
• A network printer connects using
an Ethernet cable to the switch
port on the home router
• The home router connects to the
Internet service provider cable
modem using an Ethernet cable.
• The cable modem connects to
the ISP network.
12
Connect Devices
Connect to a Network (Cont.)
Branch site devices might connect
as follows:
• Desktop PCs, VoIP phones, and
corporate resources such as file
servers and printers connect to Layer
2 switches using Ethernet cables.
• Laptops and smartphones connect
wirelessly to wireless access points
(WAPs).
• The WAPs connect to switches using
Ethernet cables.
• Layer 2 switches connect to an
Ethernet interface on the edge router
using Ethernet cables.
• The edge router connects to a WAN
service provider.
13
Connect Devices
Connect to a Network (Cont.)
Central site devices might connect as
follows:
• Desktop PCs and VoIP phones connect to
Layer 2 switches using Ethernet cables.
• Layer 2 switches connect redundantly to
multilayer Layer 3 switches using
Ethernet fiber-optic cables.
• Layer 3 multilayer switches connect to an
Ethernet interface on the edge router
using Ethernet cables.
• The corporate website server connects to
the edge router interface.
• The edge router connects to a WAN SP
and also to an ISP for backup purposes.
14
Connect Devices
Default Gateways Devices need the following information
for network access: IP address, subnet
mask, and default gateway.
When a host sends a packet to a device
that is on the same IP network, the
packet is forwarded out the host interface
to the destination device. The router does
not need to get involved.
When a host sends a packet to a device
on a different IP network, the packet is
forwarded to the default gateway
because the host device cannot
communicate with devices outside of the
local network.
The default gateway is the device that
routes traffic from the local network to
devices on remote networks, such as
Routers are also usually configured with their own default gateway. devices on the Internet.
15
Connect Devices
Document Network Addressing When designing a new network or
mapping an existing one, the
documentation should identify:
• Device names
• Interfaces used in the design
• IP addresses and subnet masks
• Default gateway addresses
The figure in the left shows two
useful documents:
• Topology diagram – provides a visual
reference that indicates the physical
and logical Layer 3 addressing.
• An addressing table – captures device
names, interfaces, IPv4 addresses,
subnet masks, and default gateway
addresses.
16
Connect Devices
Enable IP on a Host A host can be assigned IP
address information either:
• Statically –
• Manually configure the IP address,
subnet mask, default gateway and
probably the DNS server IP address.
• Servers and printers commonly use
static address assignment.
• Dynamically –
• IP address information is obtained
from a Dynamic Host Configuration
Protocol (DHCP) server.
• DHCP server provides an IP address,
subnet mask, default gateway and
probably the DNS server information.
• Most host devices uses DHCP.
17
Connect Devices
Host computers connect to a wired
Device LEDs network using a RJ-45 Ethernet cable.
Most network interface cards have one or
two LED indicators next to the interface.
• Green LED indicates a good connection.
• A blinking green indicates network activity.
• No light indicates a problem with either the
network cable or the network itself.
Network infrastructure devices also use
LEDs to provide a quick status view. For
example, a Cisco Catalyst 2960 switch:
• Green LEDs indicate a switch is functioning
normally.
• Amber LEDs indicate a malfunction.
Cisco routers also use various LED
indicators to provide status information.
18
Connect Devices
Console Access Devices including routers and switches are
commonly accessed using Secure Shell (SSH)
or HyperText Transfer Protocol Secure
(HTTPS).
Console access is usually only required when
initially configuring a device, or if remote
access fails.
Console access requires:
• Console cable – RJ-45 to DB-9 serial cable or a
USB serial cable.
• Terminal emulation software – Tera Term, PuTTY,
or HyperTerminal
Cable is connected between the serial port of
the host and the console port on the device.
19
Connect Devices
Enable IP on a Switch
Network devices require IP
addresses in order for the
network administrator to
connect to the devices using
Telnet, SSH, HTTP, or HTTPS.
A switch requires an IP
address to be configured on a
virtual interface, called the
switched virtual interface
(SVI).
Commands in the figure to
the left should be used to
configure the IP address on
vlan 1 and also the default-
gateway information.
20
Router Basic Settings
Configure Basic Router Settings Cisco routers and switches have
similar initial configuration steps:
• Name the device in order to
distinguish it from other devices in
the network using the hostname
command in global config mode.
• Secure management access as
shown in the figure to the left in
order to secure privileged EXEC,
user EXEC, and remote access.
• Configure a banner to provide legal
notification of unauthorized access
in global config mode: banner
motd ** Authorized Access Only!
**
Always save your configuration
changes and verify your settings:
R1# copy running-config startup-
config
21
Router Basic Settings
Configure an IPv4 Router Interface Layer 2 switches support LANs
and have multiple FastEthernet or
Gigabit Ethernet ports.
Routers support LANs and WANs
and have many types of interfaces
including Gigabit Ethernet and
High-Speed WAN Interface Card
(HWIC) slots to support WAN
connections.
As shown in the figure to the left,
an interface must be configured
with an IP address, subnet mask,
and activated with the no
shutdown command.
Note: In a lab environment, the serial interface with
the cable end labeled DCE needs to be configured
with a clock rate command.
22
Router Basic Settings
An IPv4 loopback interface is
Configure an IPv4 Loopback Interface typically configured on a router for
testing and management purposes.
A loopback interface is a logical
interface internal to the router.
• It is not assigned to a physical port
and can not be connected to any
other device.
• It is a software interface that is
automatically placed in an “up” state
as long as the router is functioning.
Some routing protocols such as OSPF
require an address for identification,
the loopback address can be used
rather than an interface address
which might go down on occasion,
disrupting OSPF routing.
23
Verify Connectivity of Directly Connected Networks
Verify Interface Settings The following commands are used to
verify the operation and
configuration of an interface:
• show ip interface brief – Displays a summary for all
interfaces including the IPv4 address of the interface
as well as the current operational status.
• show ip route – Displays the contents of the IPv4
routing table.
• show running-config interface interface-id – Displays
the commands configured on the specified interface.
24
Verify Connectivity of Directly Connected Networks
Filter Show Command Output Commands that generate multiple screens of
output are, by default, paused after 24 lines.
• The spacebar allows you to see the next set of
lines, while the ENTER key will display the next
line.
• Use the terminal length command to change the
number of lines to be displayed.
Another useful feature that makes it easier to
view show output is by filtering the output.
To enable the filtering command, use the
pipe character, “|”. For example:
• show running-config | section line con – shows the section that starts
with “line con”
• show ip interface brief | include down – includes all output that
matches “down”
• show ip interface brief | exclude up – “excludes all output that
matches up”
• show running-config | begin line – shows all the remaining output
starting with “line”
25
Verify Connectivity of Directly Connected Networks
Command History Feature The command history feature shows
previously executed commands when
recalled.
Press Ctrl+P or the Up Arrow key to recall
commands in the history buffer.
• The most recent commands are displayed
first
• Keep pressing Up Arrow to recall the
commands in the history buffer.
By default, command history is enabled
and the last 10 commands are stored in
the history buffer.
Use the terminal history size user EXEC
command to change this number.
Use the show history privileged EXEC
command to display the contents of the
buffer.
26
1.2 Routing Decisions
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
1 – Routing Concepts
1.2 – Routing Decisions
27
Switching Packets Between Networks
Router Switching Function
The primary function of a
router is to forward packets
toward their destination.
• Uses a switching function
which is a process that
accepts a packet on one
interface and forwards it out
of another interface. This is
not to be confused with the
function of a Layer 2 switch.
• The switching function also
encapsulates the packets in
the appropriate data link
frame type for the outgoing
interface.
28
Switching Packets Between Networks
When a router receives a packet from one
Router Switching Function (Cont.) network that is destined for another network,
the router performs the following three steps:
• Step 1. De-encapsulates the Layer 2 frame
header and trailer to expose the Layer 3 packet.
• Step 2. Examines the destination IP address of
the IP packet to find the best path in the routing
table.
• Step 3. If the router finds a path to the
destination, it encapsulates the Layer 3 packet
into a new Layer 2 frame and forwards the
frame out the exit interface.
As a packet travels from the source device to the
destination device, the Layer 3 IP addresses do
not change. However, the Layer 2 data link
addresses change at every hop as it is de-
encapsulated and re-encapsulated.
29
Switching Packets Between Networks
Send a Packet For PC1 to send a packet to PC2,
the following occurs:
• PC1 must determine if the
destination IPv4 address is on the
same network. If it is on the same
network, PC1 will obtain the
destination MAC address from its
ARP cache or use an ARP request.
• Because the destination network is
on a different network, PC1
forwards the packet to its default
gateway.
• To determine the MAC address of
the default gateway, PC1 checks its
ARP table for the IPv4 address of the
default gateway and its
corresponding MAC address. An ARP
request is sent if it is not found.
• When PC1 has the MAC address of
Router R1, it can forward the packet.
30
Switching Packets Between Networks
When R1 receives the Ethernet
Forward to the Next Hop frame from PC1, the following
occurs:
• R1 examines the destination MAC
address which matches the MAC
address of the receiving interface and
copies the frame into its buffer.
• R1 identifies the Ethernet Type field as
0x800 which indicates that the
Ethernet frame contains an IPv4 packet
in the data portion of the frame.
• R1 de-encapsulates the Ethernet
frame.
• Because the destination IPv4 address
of the packet, 192.168.4.10, does not
match any of the directly connected
networks on R1, R1 searches the
routing table for a corresponding route.
• R1’s Routing Table has a route for the
192.168.4.0/24 network.
31
Switching Packets Between Networks When R1 receives the Ethernet
Forward to the Next Hop (Cont.) frame from PC1, the following
occurs:
• The route that R1 finds to the
192.168.4.0/24 network has a next-hop
address of 192.168.2.2 and an exit
interface of FastEthernet 0/1.
• This will require that the IPv4 packet be
encapsulated in a new Ethernet frame
with the destination MAC address of
the IPv4 address of the next-hop
router, 192.168.2.2
• Because the exit interface is on an
Ethernet network, R1 must resolve the
next-hop IPv4 address with a
destination MAC address using ARP,
assuming it is not in its ARP cache.
• When R1 has the MAC address for the
next-hop, the Ethernet frame is
forwarded out of the FastEthernet 0/1
interface of R1.
32
Switching Packets Between Networks
Packet Routing
R2 examines the destination
MAC address. Because it
matches the MAC address of its
receiving interface, R2 copies the
frame into its buffer.
R2 determines that that frame
contains an IPv4 packet in the
data portion of the frame.
R2 de-encapsulates the Ethernet
frame.
The process outlined to the right describes what Because the destination IP
happens when router R2 receives a frame on its FA0/0 address is on a different
interface that needs to be forwarded to router R3. network, the routing table is
searched to find a corresponding
route for the destination IPv4
address.
33
Switching Packets Between Networks
The routing table of R2 has a route
Packet Routing (Cont.) to the 192.168.4.0/24 network with
a next-hop IPv4 address of
192.168.3.2 and an exit interface of
Serial 0/0/0.
Because the exit interface is not
Ethernet, R2 does not have to
resolve the next-hop IP-v4 address
with a destination MAC address.
The IPv4 packet is encapsulated into
a new data link frame used by the
exit interface and sent out the Serial
0/0/0 exit interface.
Because there are no MAC
addresses on serial interfaces, R2
sets the data link destination
address to an equivalent of a
broadcast.
34
Switching Packets Between Networks
Reach the Destination
R3 copies the data link PPP
frame into its buffer.
R3 de-encapsulates the data link PPP frame.
35
Path Determination
Routing Decisions The primary function of a router is
to determine the best path to send
packets.
A routing table search results in one
of three path determinations:
• Directly connected network – If the
destination IP address belongs to a
network that is directly connected to
the router, the packet is forwarded out
of that interface.
• Remote network – If the destination IP
address of the packet belongs to a
remote network, the packet is
forwarded to another router.
• No route determined – If the
destination IP address does not belong
to a connected network or is in the
routing table, the packet is sent to
Gateway of Last Resort.
36
Path Determination Determining the best path to a destination network
Best Path involves the evaluation of multiple paths and selecting
the optimum or shortest path to reach that network.
37
Path Determination
Load Balancing
If a router has two or more paths with
identical metrics to the same destination
network, the router will forward the packets
using both paths equally.
The routing table contains a single
destination network, but has multiple exit
interfaces – one for each equal cost path.
This is referred to as equal cost load
balancing.
If configured correctly, load balancing can
increase the effectiveness and performance
of the network.
Equal cost load balancing can be configured
to use both dynamic routing protocols and
static routes.
EIGRP supports unequal cost load balancing.
38
Path Determination
Administrative Distance If a router has multiple routing
protocols configured and static
routes, it is possible that the
routing table might have more than
one route source for the same
destination network.
Each routing protocol might prefer
a different path to reach the same
destination. How does the router
know which path to choose?
The Cisco IOS uses what is known as
the administrative distance (AD) to
determine which route to install in
the routing table.
Which route source is more trustworthy, Internal The AD represents the
EIGRP or OSPF? “trustworthiness” of the route. The
lower the AD, the more
trustworthy.
39
1.3 Router Operation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
1 – Routing Concepts
1.3 – Router Operation
40
Analyze the Routing Table
The routing table of a router stores
The Routing Table information about:
• Directly connected routes – Obtained
from the active router interfaces.
• Remote routes – These are remote
networks connected to other routers
that are learned from dynamic
routing protocols or are statically
configured.
A routing table is a data file in RAM
that is used to store information
about directly connected and
remote networks.
The routing table contains next hop
associations for remote networks.
The association tells the router
what the next hop is for a
destination network.
41
Analyze the Routing Table
On a Cisco router, the show ip route command
Routing Table Sources can be used to display the IPv4 routing table.
42
Analyze the Routing Table
Remote Network Routing Entries You must know how to interpret
the content of IPv4 and IPv6
routing tables. The figure to the
left highlights the details for the
route to the remote network
10.1.1.0:
• Route source – how the route was learned
• Destination network – address of the remote
network
• Administrative distance – trustworthiness of the
route
• Metric – value assigned to reach the remote
network; lower the better
• Next-hop – the IPv4 address of the next router
to forward the packet to
• Route timestamp – how much time has passed
since the route was learned
• Outgoing interface – exit interface to forward
packet out of
43
Directly Connected Routes
Directly Connected Interfaces
A new router without any
configured interfaces will have an
empty routing table – as shown in
the figure.
Before the interface state is
considered up/up and added to the
IPv4 routing table, the interface
must:
• Be assigned a valid IPv4 or IPv6 address
• Be activated with the no shutdown command
• Receive a carrier signal from another device such as
a router, switch, or host.
44
Directly Connected Routes
Directly Connected Routing Table Entries
With IOS version 15 and later, an
active directly connected interface
creates two routing table entries
as shown in the figure:
• The route source “C” identifies the
route as a directly connected
network.
• The route source “L” identifies the
IPv4 address assigned to the router’s
interface.
The routing table entry shows the
destination network as well as the
outgoing interface to use when
forwarding packets to the
destination network.
45
Directly Connected Routes
Directly Connected Examples
When the interfaces are
configured with an
appropriate IP address,
subnetmask, and activated
with the no shutdown
command, they will be
automatically added to the
routing table as shown in the
figure to the left.
As each interface is added,
the routing table
automatically adds the
connected (‘C’) and local (‘L’)
entries.
46
Statically Learned Routes
Static Routes
After directly connected interfaces are
configured and added to the routing
table, then static or dynamic routing
can be configured.
Static routes are manually configured
and define an explicit path between
two networking devices.
If the network topology changes,
static routes must manually be
reconfigured.
Benefits of static routes include:
• Improved security
• Resource efficiency – less bandwidth
usage and no CPU cycles are used to
calculate and communicate route
47
Statically Learned Routes
Static Routes (Cont.) There are two main types of static routes in
the routing table:
• Static route to a specific network
• Default static route
IPv4 static routes are configured using the
following command:
• ip route network mask { next-hop-ip | exit-intf }
A static route appears in the routing table
with the code ‘S’.
A default static route is similar to a default
gateway on a PC or host. The default static
route specifies the exit point to use when
the routing table does not have a path for
the destination network. Use the
command:
• ip route 0.0.0.0 0.0.0.0 { exit-intf | next-hop-ip
}
48
Statically Learned Routes
The figure to the left shows the
Static Route Examples configuration of an IPv4 default static
route on R1 to the Serial 0/0/0 interface.
• The ‘S’ indicates that it is a static route
• The asterisk (*) identifies this as a possible
candidate to be the default route.
• Notice that this route was chosen to be the
Gateway of last resort (default route).
Here are two static route configurations
from R2 to reach the two LANs on R1:
• ip route 192.168.10.0 255.255.255.0 s0/0/0
• ip route 192.168.11.0 255.255.255.0 209.165.200.225
49
Dynamic Routing Protocols Dynamic routing protocols are used by
Dynamic Routing routers to share information about the
reachability and status of remote
networks.
Rather than manually configuring static
routes, dynamic routing protocols use
network discovery to share information
about the networks that it knows about
with other routers that are using the
same routing protocol.
• Routers automatically learn about remote
networks from other routers
• These networks and the best path to each
are added to the routing table of the
router.
Routers have converged after they have
finished exchanging and updating their
routing tables. Routers then maintain
the networks in their routing tables.
50
Dynamic Routing Protocols
IPv4 Routing Protocols One of the major advantages of
dynamic routing protocols over static
routes -determine a new best path if
the initial path becomes unusable.
Dynamic routing protocols can adjust
to topology changes without involving
the network administrator.
Cisco routers support a variety of IPv4
routing protocols including:
• EIGRP
• OSPF
• IS-IS
• RIP
• Use router ? in global config mode to see
the complete list.
51
1.4 Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
1 – Routing Concepts
1.4 – Summary
52
Conclusion
Chapter 2: Routing Concepts
Configure a router to route between multiple directly connected networks.
Explain how routers use information in data packets to make forwarding decisions in a
small to medium-sized business network
Explain how a router learns about remote networks when operating in a small to medium-
sized business network.
2.4 – Summary
2.4.1 – Conclusion
2.4.1.3 – Chapter 2: Configure a Network Operating System
Configurez un routeur à router entre plusieurs réseaux directement connectés.
Expliquer comment les routeurs utilisent les informations contenues dans les paquets de
données pour prendre des décisions de transfert dans un réseau d'entreprise de taille
petite à moyenne
Expliquer comment un routeur apprend les réseaux distants lorsqu'il fonctionne dans un
réseau d'entreprise de taille petite à moyenne.
53
Chapter 2: Static Routing
54
Chapter 2 - Sections & Objectives
2.1 Static Routing Advantages
• Explain how static routes are implemented in a small to medium-sized business network.
• Explain advantages and disadvantages of static routing.
• Explain the purpose of different types of static routes.
2.2 Configure Static and Default Routes
• Configure static routes to enable connectivity in a small to medium-sized business network.
• Configure IPv4 static routes by specifying a next-hop address.
• Configure an IPv4 default route.
• Configure IPv6 static routes by specifying a next-hop address.
• Configure an IPv6 default route.
• Configure a floating static route to provide a backup connection.
• Configure IPv4 and IPv6 static host routes that direct traffic to a specific host.
55
Chapter 2 - Sections & Objectives (Cont.)
2.3 Troubleshoot Static and Default Routes
• Given an IP addressing scheme, configure IP address parameters on devices to provide end-to-end connectivity
in a small to medium-sized business network.
• Explain how a router processes packets when a static route is configured.
• Troubleshoot common static and default route configuration issues.
56
2.1 Implement Static Routes
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
2 - Static Routing
2.1 – Implement Static Routes
57
Static Routing
Reach Remote Networks
A router learns about remote networks in two ways:
• Manually entered into the route table using static routes
• Static routes are not automatically updated and must be reconfigured when topology changes
• Dynamically (Automatically) learned using a routing protocol
58
Static Routing
Why Use Static Routing?
59
Static Routing
When to Use Static Routes
Three uses for static routes:
Stub Networks and
Smaller networks that are not Stub Routers
expected to grow
Routing to and from stub networks
• Stub network accessed by a single
route and has one neighbor
• 172.16.3.0 is a stub network
A single default route to represent
a path to any network not found in
the routing table
• Use default route on R1 to point to R2
for all other networks
60
Types of Static Routes
Static Route Applications
61
Types of Static Routes
Standard Static Route
62
Types of Static Routes
Default Static Route
Default route matches all packets and is
used when a packet does not match a
specific route in the routing table
Can be dynamically learned or statically
configured
Default Static route uses 0.0.0.0/0 as
the destination IPv4 address
Creates a Gateway of Last Resort
Common use is when connecting a
company’s edge router to the ISP
network
Router has only one router to which it
is connected
63
Types of Static Routes
Summary Static Route
Multiple static routes can be summarized into a single network address
• Destination networks must be contiguous
• Multiple static routes must use the same exit interface or next hop
• In figure, four networks is summarized into one summary static route
64
Types of Static Routes
Floating Static Route
Static routes that are used to
provide a backup path Floating Static
Used when primary route is not Route
available
Configured with a higher
administrative distance
(trustworthiness) than the
primary route
Example: EIGRP administrative
distance equals 90. A floating
static route with an AD of 91 or
higher would serve as backup
route and will be used if EIGRP
route goes down.
65
2.2 Configure Static and Default
Routes
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
2 - Static Routing
2.2 – Configure Static and Default Routes
66
Configure IPv4 Static Routes
ip route Command
67
Configure IPv4 Static Routes
Next-Hop Options
In this example, each router only has entries for directly connected network
68
Configure IPv4 Static Routes
Next-Hop Options (Cont.)
69
Configure IPv4 Static Routes
Configure a Next-Hop Static Route
In this example, only the next-
hop IP address is specified
Before packet is forwarded the
router must determine the exit
interface to use (route
resolvability)
70
Configure IPv4 Static Routes
Configure a Next-Hop Static Route (Cont.)
In example, when a packet is
destined for 192.168.2.0/24
network, R1:
• Looks for match (#1) and needs to
forward packets to 172.16.2.2
• R1 must determine how to reach
172.16.2.2 first
• Searches a second time for
172.16.2.0/24 (#2) and matches to exit
interface s0/0/0
• Takes two routing table lookups,
process referred to as recursive lookup
• If the exit interface is “down” or
“administratively down” then the static
route configured with next-hop will not
be installed in routing table
71
Configure IPv4 Static Routes
Configure a Directly Connected Static Route
Use the exit interface to specify
next-hop so no other lookups are
required
Administrative distance of static
route is 1
72
Configure IPv4 Static Routes
Configure a Directly Connected Static Route (Cont.)
Cisco Express Forwarding (CEF)
• default behavior on IOS 12.0 or later
• provides optimized lookup
• uses a Forwarding Information Base (FIB) which is a copy of the routing table and an
adjacency table that includes Layer 2 addresses
• no recursive lookup needed for next-hop IP address lookups
73
Configure IPv4 Static Routes
Configure a Fully Specified Static Route
Both the exit interface and the next-hop IP address are
specified
74
Configure IPv4 Static Routes
Verify a Static Route
75
Configure IPv4 Default Routes
Default Static Route
Default static routes are commonly used when connecting:
• An edge router to a service provider network
• A stub router (a router with only one upstream neighbor router)
Default route is used when no other routes in the routing table match the destination IP
76
Configure IPv4 Default Routes
Configure a Default Static Route
Any packets not
matching route
entries are
forwarded to
172.16.2.2
77
Configure IPv4 Default Routes
Verify a Default Static Route
show ip route static
displays just the static
routes
• S indicates static route
• candidate default route
indicated by *
• /0 mask in route entry
indicates none of the bits
are required to match
78
Configure Floating Static Routes
Floating Static Routes
Floating static routes have an administrative
distance greater than the dynamic routing
protocol or other static route
Used as backup routes
Administrative distance of common routing protocols
• EIGRP = 90
• IGRP = 100
• OSPF = 110
• IS-IS = 115
• RIP = 120
By default, AD of static route = 1
79
Configure Floating Static Routes
Configure a Floating Static Route
80
Configure Floating Static Routes
Test the IPv4 Floating Static Route
81
Configure Floating Static Routes
Test the IPv4 Floating Static Route (Cont.)
82
2.3 Troubleshoot Static and Default
Routes
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
2 - Static Routing
2.3 – Troubleshoot Static and Default Routes
83
Packet Processing with Static Routes
Static Routes and Packet Forwarding
PC1 sending packet R1 has no
to PC3 - Packet specific route to
arrives on G0/0 192.168.2.0 so
uses default
route
R1 encapsulates Frame
packet in new forwarded out
frame S0/0/0
84
Packet Processing with Static Routes
Static Routes and Packet Forwarding (Cont.)
R2 de-
Packet encapsulates the
arrives on frame and looks
S0/0/0 for a route to the
interface on R2 has a static R2 encapsulates
destination route to the packet in a
R2
192.168.2.0/24 new frame and
out the Serial forwards out
0/0/1 interface S0/0/1
85
Packet Processing with Static Routes
Static Routes and Packet Forwarding (Cont.)
• R3 encapsulates the
R3 de-encapsulates R3 looks up the ARP
packet in a new frame
the frame and sees table entry for
with the MAC address of
a connected route 192.168.2.10 to find
the G0/0 interface as
to 192.168.2.0/24 the Layer 2 MAC
the source Layer 2
out G0/0 address for PC3 (ARP
address and the MAC
used if needed for PC3
address of PC3 as the
MAC)
destination MAC
address
• Frame is forwarded out
of G0/0 interface and
packet arrives on the
NIC interface of PC3
R3 recherche l'entrée de table ARP pour 192.168.2.10 pour trouver l'adresse MAC de
couche 2 pour PC3 (ARP utilisé si nécessaire pour PC3 MAC)
R3 encapsule le paquet dans une nouvelle trame avec l'adresse MAC de l'interface G0 /
0 comme adresse de couche 2 source et l'adresse MAC de PC3 comme adresse MAC de
destination
La trame est transférée hors de l'interface G0 / 0 et le paquet arrive sur l'interface NIC
du PC3
86
Troubleshoot IPv4 Static and Default Route Configuration
Troubleshoot a Missing Route
Common IOS troubleshooting
commands include:
• ping
• traceroute
• show ip route
• show ip interface brief
• show cdp neighbors detail
87
Troubleshoot IPv4 Static and Default Route Configuration
Troubleshoot a Missing Route (Cont.)
88
Troubleshoot IPv4 Static and Default Route Configuration
Solve a Connectivity Problem
89
Troubleshoot IPv4 Static and Default Route Configuration
Solve a Connectivity Problem (Cont.)
90
2.4 Chapter Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
2 - Static Routing
2.4 – Summary
91
Conclusion
Chapter 2: Static Routing
Explain how static routes are implemented in a small to medium-sized
business network.
Configure static routes to enable connectivity in a small to medium-sized
business network.
Troubleshoot static and default route configurations.
2.4 – Summary
2.4.1 – Conclusion
2.4.1.2 – Chapter 2: Static Routing
Expliquer comment les routes statiques sont implémentées dans un réseau d'entreprise
de petite à moyenne taille.
Configurez les itinéraires statiques pour activer la connectivité dans un réseau
d'entreprise de petite à moyenne taille.
Résoudre les problèmes de configuration statique et par défaut des itinéraires.
92
Chapter 3: Dynamic Routing
93
Chapter 3 - Sections & Objectives
3.1 Dynamic Routing Protocols
• Explain the function of dynamic routing protocols.
• Explain the purpose of dynamic routing protocols.
• Explain the use of dynamic routing and static routing.
3.2 RIPv2
• Implement RIPv2.
• Configure the RIPv2 routing protocol.
• 3.3 The Routing Table
• Determine the route source, administrative distance, and metric for a given route.
• Explain the components of an IPv4 routing table entry for a given route.
• Explain the parent/child relationship in a dynamically built routing table.
• Determine which route will be used to forward a IPv4 packet.
• Determine which route will be used to forward a IPv6 packet.
94
3.1 Dynamic Routing Protocols
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
3 – Dynamic Routing
3.1 – Dynamic Routing Protocols
95
Dynamic Routing Protocol Overview
Dynamic Routing Protocol Overview
RIP protocol was updated to RIPv2 to accommodate growth in the network environment
• RIPv2 does not scale to current larger network implementations
Routing Protocols developed to meet the need of larger networks include:
• Open Shortest Path First (OSPF)
• Intermediate System-to-Intermediate System (IS-IS).
• Enhanced IGRP (EIGRP)
Border Gateway Protocol (BGP) is used between Internet service providers (ISPs)
.
3.1 – Dynamic Routing Protocols
3.1.1 – Dynamic Routing Protocol Overview
3.1.1.1 – Dynamic Routing Protocol Overview
Le protocole RIP a été mis à jour vers RIPv2 pour s'adapter à la croissance de
l'environnement réseau
RIPv2 ne s'adapte pas aux implémentations de réseau plus importantes en cours
Les protocoles de routage développés pour répondre aux besoins de réseaux plus
importants comprennent:
Ouvrir le chemin le plus court en premier (OSPF)
Système intermédiaire à intermédiaire (IS-IS).
IGRP amélioré (EIGRP)
Border Gateway Protocol (BGP) est utilisé entre les fournisseurs de services Internet
(FAI)
96
Dynamic Routing Protocol Overview
Dynamic Routing Protocol Components
Purpose of dynamic routing protocols includes:
• Discovery of remote networks
• Maintaining up-to-date routing information
• Choosing the best path to destination
networks
• Ability to find a new best path if the current
path is no longer available
The main components of dynamic routing protocols
include:
• Data structures - tables or databases kept in
RAM.
• Routing protocol messages - to discover
neighboring routers, exchange routing
information, and maintain accurate
97
Dynamic versus Static Routing
Static Routing Uses
Networks often use both static and
dynamic routing.
Static Routing is used as follows:
• For easy routing table maintenance
in small networks.
• Routing to and from a stub
network.
• Accessing a single default route.
98
Dynamic versus Static Routing
Static Routing Advantages and Disadvantages
99
Dynamic versus Static Routing
Dynamic Routing Protocols Uses
Dynamic routing is the best choice
for large networks
Dynamic routing protocols help the
network administrator manage the
network:
• Providing redundant paths
• Automatically implementing the
alternate path when a link goes
down.
100
Dynamic versus Static Routing
Dynamic Routing Advantages and Disadvantages
101
3.2 RIPv2
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
3 – Dynamic Routing
3.2 – RIPv2
102
Dynamic versus Static Routing
Router RIP Configuration Mode
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.1 – Router RIP Configuration Mode
Utilisez la commande router rip pour activer RIP v1
103
Configuring the RIP Protocol
Advertise Networks
The network network-address
router configuration mode
command:
• Enables RIP on all interfaces
that belong to a specific
network
• Advertises the network in RIP
routing updates sent to other
routers every 30 seconds.
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.2 – Advertise Networks
La commande de mode de configuration du routeur d'adresse réseau:
Active RIP sur toutes les interfaces appartenant à un réseau spécifique
Annonce le réseau dans les mises à jour de routage RIP envoyées aux autres routeurs
toutes les 30 secondes.
104
Configuring the RIP Protocol
Verify RIP Routing
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.3 – Verify RIP Routing
show ip protocols - affiche les protocoles de routage IPv4 configurés sur le routeur.
show ip route - affiche les routes RIP installées dans la table de routage.
105
Configuring the RIP Protocol
Enable and Verify RIPv2
Use the version 2 router
configuration mode command to
enable RIPv2
Use the show ip protocols
command to verify that RIPv2 is
configured.
Use the show ip route command to
verify the RIPv2 routes in the
routing table.
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.4 – Enable and Verify RIPv2
Utilisez la commande de mode de configuration du routeur version 2 pour activer RIPv2
Utilisez la commande show ip protocols pour vérifier que RIPv2 est configuré.
Utilisez la commande show ip route pour vérifier les routes RIPv2 dans la table de
routage.
106
Configuring the RIP Protocol
Disable Auto Summarization
RIPv2 automatically summarizes
networks at major network
boundaries.
Use the no auto-summary router
configuration mode command to
disable auto summarization.
Use the show ip protocols
command to verify that auto
summarization is off.
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.5 – Disable Auto Summarization
RIPv2 résume automatiquement les réseaux aux grandes limites du réseau.
Utilisez la commande no auto-summary router configuration mode pour désactiver le
résumé automatique.
Utilisez la commande show ip protocols pour vérifier que la synthèse automatique est
désactivée.
107
Configuring the RIP Protocol
Configure Passive Interfaces
RIP updates:
• Are forwarded out all RIP-enabled
interfaces by default.
• Only need to be sent out interfaces
that are connected to other RIP-
enabled routers.
Sending RIP updates to LANs wastes
bandwidth, wastes resources, and
is a security risk.
Use the passive-interface router
configuration command to stop routing
updates out the interface. Still allows that
network to be advertised to other routers.
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.6 – Configure Passive Interfaces
Mises à jour RIP:
Sont transmises par défaut toutes les interfaces compatibles RIP.
Il suffit d'envoyer des interfaces connectées à d'autres routeurs compatibles RIP.
L'envoi de mises à jour RIP aux réseaux locaux gaspille de la bande passante, gaspille des
ressources et représente un risque de sécurité.
Utilisez la commande de configuration de routeur passive-interface pour arrêter le
routage des mises à jour hors de l'interface. Permet toujours à ce réseau d'être annoncé
à d'autres routeurs.
108
Configuring the RIP Protocol
Propagate a Default Route
In the diagram a default static route to
the Internet is configured on R1.
The default-information originate
router configuration command
instructs R1 to send the default static
route information in the RIP updates.
3.2 – RIPv2
3.2.1 – Configuring the RIP Protocol
3.2.1.7 – Propagate a Default Route
Dans le diagramme, une route statique par défaut vers Internet est configurée sur R1.
La commande default originate router configuration configuration demande à R1
d'envoyer les informations de route statique par défaut dans les mises à jour RIP.
109
3.3 The Routing Table
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 110
3 – Dynamic Routing
3.3 – The Routing Table
110
Parts of an IPv4 Route Entry
Routing Table Entries
111
Parts of an IPv4 Route Entry
Directly Connected Entries Directly Connected Networks (C) are
automatically added to the routing table when
the interface is configured and activated.
Entries contain the following information:
• Route source - how the route was
learned.
• Destination network – remote network.
• Outgoing Interface – exit interface used
to forward packets to destination.
Other route source entries include:
• S –Static Route
• D – EIGRP routing protocol
• O – OSPF routing protocol
• R - RIP routing protocol
112
Parts of an IPv4 Route Entry
Remote Network Entries
Routes to remote networks contain the
following information:
• Route source – how route was learned
• Destination network
• Administrative distance (AD) -
trustworthiness of the route.
• Metric – value assigned to reach the
remote network. Lower is better.
• Next hop – IPv4 address of the next
router that the packet should be
forwarded to.
• Route timestamp – time since the
route was updated.
• Outgoing interface - the exit interface
to use to forward the packet
113
Dynamically Learned IPv4 Routes
Routing Table Terms
The routing table is a hierarchical structure
that is used to speed up the lookup process
when locating routes and forwarding
packets.
114
Dynamically Learned IPv4 Routes
Ultimate Route
An ultimate route is a routing table
entry that contains either a next-hop
IPv4 address or an exit interface.
Directly connected, dynamically
learned, and local routes are ultimate
routes.
115
Dynamically Learned IPv4 Routes
Level 1 Route
A level 1 route can be a:
• Network route - a network route that
has a subnet mask equal to that of the
classful mask.
• Supernet route - a network address with
a mask less than the classful mask, for
example, a summary address.
• Default route - a static route with the
address 0.0.0.0/0
116
Dynamically Learned IPv4 Routes
Level 1 Parent Route
A parent route is a level 1 network
route that is subnetted.
In the routing table, it basically provides a
heading for the specific subnets it contains.
117
Dynamically Learned IPv4 Routes
Level 2 Child Route
A level 2 child route is a route that is a
subnet of a classful network address.
Level 1 parent routes contain level 2
child routes.
Level 2 child routes are also ultimate
routes.
118
The IPv4 Route Lookup Process
Route Lookup Process Router lookup process:
• If the best match is a level 1 ultimate route,
then this route is used to forward the
packet.
• If the best match is a level 1 parent route,
the router then examines child routes (the
subnet routes).
• If there is a match with a level 2 child route,
that is used to forward the packet.
• If there is no match with level 2 child
routes, the router searches level 1 supernet
or default routes. If there is a match, that
route is used.
• If there is no match found in the routing
table the packet is dropped.
119
The IPv4 Route Lookup Process
Best Route = Longest Match
The best match is the route in the routing
table that has the most number of far left
matching bits with the destination IPv4
address of the packet.
The route with the greatest number of
equivalent far left bits, or the longest
match, is always the preferred route.
120
3.4 Chapter Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 121
3 – Dynamic Routing
3.4 – Summary
121
Conclusion
Chapter 3: Dynamic Routing
Explain the function of dynamic routing protocols.
Implement RIPv2.
Determine the route source, administrative distance, and metric for
a given route.
3.4 – Summary
3.4.1 – Conclusion
3.4.1.2 – Chapter 3: Dynamic Routing
Expliquer la fonction des protocoles de routage dynamique.
Implémentez RIPv2.
Déterminez la source de l'itinéraire, la distance administrative et la mesure pour un
itinéraire donné.
122
Chapter 4: Switched Networks
123
Chapter 4 - Sections & Objectives
4.1 LAN Design
• Explain how switched networks support small to medium-sized businesses.
• Explain how data, voice, and video are converged in a switched network.
• Describe a switched network in a small to medium-sized business.
124
4.1 LAN Design
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 125
4 – Switched Networks
4.1 – LAN Design
125
Converged Networks
Growing Complexity of Networks
Next-generation networks need to be
secure, reliable, and highly available.
They must support a globalized
workforce.
They must be able to integrate legacy
devices.
126
Converged Networks
Elements of a Converged Network
Converged network solutions integrate
voice systems, IP phones, voice
gateways, video support, and video
conferencing.
Primary benefit of the converged
network - just one physical network to
install and manage.
127
Converged Networks
Cisco Borderless Networks
The Cisco Borderless Network has the
following features:
• Allows organizations to connect anyone,
anywhere, anytime, on any device;
securely, reliably, and seamlessly.
• Provides the framework to unify wired and
wireless access, including policy, access
control, and performance management
across many different device types.
• Provides network services, and user and
endpoint services that are all managed by
an integrated management solution.
128
Converged Networks
Hierarchy in the Borderless Switched Network
Borderless switched network design
guidelines are based on the following
principles:
• Hierarchical - Facilitates understanding the
role of each device at every tier.
• Modularity - Allows seamless network
expansion and integrated services.
• Resiliency – Provides an always available
network.
• Flexibility - Allows intelligent traffic load
sharing.
The three tiers of the hierarchical model are
Access, Distribution and Core layers.
129
Converged Networks
Access, Distribution, and Core Layers
Access Layer – provides network access to the
user.
Distribution Layer - interfaces between the
access layer and the core layer. Provides
functions such as:
• aggregating Layer 2 broadcast domains
and Layer 3 routing boundaries.
• providing intelligent switching, routing,
and network access policy functions to
access the rest of the network.
Core Layer - is the network
backbone. It provides fault isolation
and high-speed backbone Smaller networks that do not need a separate distribution and
connectivity. core layer often use a two-tier campus or collapsed core
network design.
130
Switched Networks
Role of Switched Networks
A hierarchical switched LAN allows more
flexibility, traffic management, and additional
features:
• Quality of service
• Additional security
• Support for wireless networking and
connectivity
• Support for new technologies.
131
Switched Networks
Form Factors
Stackable Configuration
Fixed Configuration Considerations when selecting switches:
• Cost
• Port Density
• Power
• Reliability
• Port Speed
• Frame buffers
• Scalability
Modular Configuration
132
4.2 The Switched Environment
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
4 – Switched Networks
4.2 – The Switched Environment
133
Frame Forwarding
Switching as a General Concept in Networking and Telecommunications
A LAN switch makes decisions based on two
criteria:
• Ingress port - where a frame enters the device
• Destination address
A LAN switch maintains a table that it uses to
determine how to forward traffic.
In the diagram, If a message enters switch port 1
with a destination address of EA, then the switch
forwards the traffic out port 4.
Layer 2 Ethernet switches forward frames based
on the destination MAC address.
134
Frame Forwarding
Video Demonstration - MAC Address Tables on Connected Switches
The video explains how a switch builds its
MAC address table by recording the MAC
address of each device connected to each of
its ports.
135
Frame Forwarding
Switch Forwarding Methods
136
Frame Forwarding
Store-and-Forward Switching
Features of Store-and-Forward
Switching:
• Error Checking– After receiving the
entire frame, the switch compares the
frame-check-sequence (FCS) value in the
last field against its own FCS calculations.
Only error-free frames are forwarded
• Automatic Buffering– ingress port
buffering provides the flexibility to
support any mix of Ethernet speeds.
Store-and-Forward is Cisco’s primary
LAN switching method.
137
Frame Forwarding
Cut-Through Switching
Rapid Frame Forwarding - The switch can
make a forwarding decision as soon as it
has looked up the destination MAC
address.
• Frames with errors are forwarded.
Fragment Free - modified form of cut-
through switching. The switch waits for
the collision window (64 bytes) to pass
before forwarding the frame.
• Provides better error checking than cut-
through, with practically no increase in
latency.
138
Switching Domains
Collision Domains
In hub-based Ethernet segments, network
devices compete for the medium,
therefore collisions will occur.
Ethernet switch ports operating in full
duplex eliminate collisions.
Ethernet switch ports will autonegotiate
full-duplex if connected to full-duplex
device.
If connected to a half-duplex device then
the switch port will operate in half duplex
and be part of a collision domain.
139
Switching Domains
Broadcast Domains One switch or multiple interconnected
switches form a single broadcast domain.
When a switch receives a broadcast frame,
it forwards the frame out each of its ports,
except the ingress port where the
broadcast frame was received.
When two switches or more switches are
connected together, the broadcast domain
is increased because the broadcast is
propagated from switch to switch.
Too many broadcasts can cause network
congestion.
140
Switching Domains
Alleviating Network Congestion
The following characteristics of switches
help alleviate congestion:
• Establishing full-duplex links, therefore
eliminating collisions.
• High port density
• Large frame buffers
• Port speed
• Fast internal switching
• Low per-port cost
141
4.3 Chapter Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 142
4 – Switched Networks
4.3– Summary
142
Conclusion
Chapter 4: Switched Networks
Explain how switched networks support small to medium-sized businesses.
Explain how Layer 2 switches forward data in a small to medium-sized LAN.
4.3 – Summary
4.3.1 – Conclusion
4.3.1.3 – Chapter 4: Switched Networks
Expliquer comment les réseaux commutés soutiennent les petites et moyennes
entreprises.
Expliquez comment la couche 2 bascule les données dans un réseau local de taille petite
à moyenne.
143
Chapter 5: Switch Configuration
144
Chapter 5 - Sections & Objectives
5.1 Basic Switch Configuration
• Configure basic switch settings to meet network requirements.
• Configure initial settings on a Cisco switch.
• Configure switch ports to meet network requirements.
5.2 Basic Device Configuration
• Configure a switch using security best practices in a small to medium-sized business network.
• Configure the management virtual interface on a switch.
• Configure the port security feature to restrict network access.
145
5.1 Configure a Switch with
Initial Settings
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 146
5 – Switch Configuration
5.1 – Configure a Switch with Initial Settings
146
Configure a Switch with Initial Settings
Switch Boot Sequence
When a switch is powered on, the boot sequence occurs.
• Power-on self-test (POST), a program stored in ROM, executes and checks hardware like
CPU and RAM.
• The boot loader, also stored in ROM, runs and initializes parts within the CPU, initializes
the flash file system, and then locates and loads an IOS image.
• The IOS image can be defined within the BOOT environment variable.
• If the variable is not set, the switch scours through the flash file system searching for an executable
image file, loading it into RAM, and launching it if found.
• If an executable image file is not found, the switch shows the prompt switch: where a few
commands are allowed in order to provide access to operating system files found in flash memory
and files used to load or reload an operating system.
• If an IOS operating system loads, the switch interfaces are initialized and any commands
stored in the startup-config file load.
147
Configure a Switch with Initial Settings
Switch Boot Sequence (Cont.)
The boot system command is use to set the BOOT environment variable.
148
Configure a Switch with Initial Settings
Recovering From a System Crash
The boot loader prompt can be accessed through a console connection to the
switch:
1. Cable the PC to the switch console port.
2. Configure the terminal emulation software on the PC.
3. Unplug the switch power cord.
4. Reconnect the power cord and at the same time or within 15 seconds, press and hold the
Mode button on the front of the switch until the System LED turns an amber color briefly
and then turns a solid green.
The boot loader command prompt is switch: (instead of Switch>).
• The commands available through the boot loader command prompt are limited.
• Use the help command to display the available commands.
149
Configure a Switch with Initial Settings
Switch LED Indicators
System LED shows if the switch has
power applied.
Port LED states:
• Off – no link or shut down
• Green – link is present
• Blinking green – data activity
• Alternating green and amber – link
fault
150
Configure a Switch with Initial Settings
Preparing for Basic Switch Management
To configure a switch for remote
access, the switch must be configured
with an IP address, subnet mask, and
default gateway.
One particular switch virtual interface
(SVI) is used to manage the switch:
• A switch IP address is assigned to an SVI.
• By default the management SVI is
controlled and configured through VLAN
1.
• The management SVI is commonly called
the management VLAN. Remember that the switch console port is on the back of the switch.
151
Configure a Switch with Initial Settings
Configuring Basic Switch Management Access with IPv4
exit
Important Concept
152
Configure Switch Ports
Duplex Communication
Gigabit Ethernet and 10Gb Ethernet NICs require full-duplex connections to
operate.
Bidirectional
communication
Unidirectional
communication
153
Configure Switch Ports
Configure Switch Ports at the Physical Layer
Some switches have the default setting of auto for both duplex and speed.
Mismatched duplex and/or speed settings can cause connectivity issues.
Always check duplex and speed settings using the show interface interface_id
command.
All fiber ports operate at one speed and are always full-duplex.
154
Configure Switch Ports
Auto-MDIX
Some switches have the automatic medium-dependent interface crossover
(auto-MDIX) feature that allows an interface to detect the required cable
connection type (straight-through or crossover) and configure the connection
appropriately.
155
Configure Switch Ports
Auto-MDIX (Cont.)
Use the show controllers Ethernet-controller command to verify auto-MDIX
settings.
156
Configure Switch Ports
Verifying Switch Port Configuration
157
Configure Switch Ports
Verifying Switch Port Configuration (Cont.)
158
Configure Switch Ports
Verifying Switch Port Configuration (Cont.)
Layer 1 OK Layer 2 OK
159
Configure Switch Ports
Network Access Layer Issues
Use the show interfaces command to detect common media issues.
The first parameter refers to Layer 1, the physical layer, and indicates if the
interface is receiving a carrier detect signal.
The second parameter (protocol status) refers to the data link layer and
indicates whether the data link layer protocol has been configured correctly
and keepalives are being received.
160
Configure Switch Ports
Network Access Layer Issues (Cont.)
161
Configure Switch Ports
Troubleshooting Network Access Layer Issues
162
5.2 Switch Security
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 163
5 - Switch Configuration
5.2 – Switch Security
163
Secure Remote Access
SSH Operation
Secure Shell (SSH)
• An alternative protocol to Telnet. Telnet uses unsecure plaintext of the
username and password as well as the data transmitted.
• SSH isWireshark
more secure because it provides an encrypted management
Capture of Telnet
connection.
Wireshark Capture of SSH
164
Secure Remote Access
SSH Operation (Cont.)
A switch must have an IOS version (k9 at the end of the IOS file name)
that includes cryptographic capabilities in order to configure and use
SSH.
• Use the show version command to see the IOS version.
165
Secure Remote Access
Commonly forgotten
Configuring SSH command that is used in key
generation
1. Verify SSH support.
2. Configure the IP domain name.
3. Generate RSA key pairs.
4. Configure user authentication.
5. Configure the vty lines.
6. Enable SSH version 2. Default is to accept both Telnet and
The login local command SSH (transport input all)
166
Secure Remote Access
Verifying SSH
On the PC, connect to the switch using SSH.
167
Switch Port Security
Secure Unused Ports
168
Switch Port Security
Port Security: Operation
Port security limits the number of valid MAC addresses allowed to transmit data
through a switch port.
• If a port has port security enabled and an unknown MAC address sends data, the switch
presents a security violation.
• Default number of secure MAC addresses allowed is 1.
Methods use to configure MAC addresses within port security:
• Static secure MAC addresses – manually configure
switchport port-security mac-address mac-address
• Dynamic secure MAC addresses – dynamically learned and removed if the switch restarts
• Sticky secure MAC addresses – dynamically learned and added to the running configuration
(which can later be saved to the startup-config to permanently retain the MAC addresses)
switchport port-security mac-address sticky mac-address
Note: Disabling sticky learning converts sticky MAC addresses to dynamic secure addresses and
removes them from the running-config.
169
Switch Port Security
Port Security: Violation Modes
Protect – data from unknown source MAC addresses are dropped; a security notification IS NOT presented by the
switch
Restrict - data from unknown source MAC addresses are dropped; a security notification IS presented by the switch
and the violation counter increments.
Shutdown – (default mode) interface becomes error-disabled and port LED turns off. The violation counter
increments. Issues the shutdown and then the no shutdown command on the interface to bring it out of the error-
disabled state.
170
Switch Port Security
Port Security: Configuring
171
Switch Port Security
Port Security: Configuring (Cont.)
Before configuring port-security features, place the port in access mode and
use the switchport port-security interface configuration command to enable
port security on an interface.
172
Switch Port Security
Port Security: Configuring (Cont.)
173
Switch Port Security
Port Security: Verifying
Use the show port-security interface command to verify the maximum
number of MAC addresses allowed on a particular port and how many of
those addressesDynamic
were learned dynamically using sticky.
Sticky
174
Switch Port Security
Port Security: Verifying (Cont.)
Use the show running-config command to see learned MAC addresses added
to the configuration.
The show port-security address command shows how MAC addresses were
learned on a particular port.
Utilisez la commande show running-config pour voir les adresses MAC apprises ajoutées
à la configuration.
La commande show port-security address indique comment les adresses MAC ont été
apprises sur un port particulier.
175
Switch Port Security
Ports in Error Disabled State
Switch console messages display when a port security violation occurs. Notice
the port link status changes to down.
176
Switch Port Security
Ports in Error Disabled State (Cont.)
Ne réactivez pas un port tant que la menace de sécurité n'a pas été examinée et
éliminée.
Notez que vous devez d'abord fermer le port puis émettre la commande no shutdown
afin d'utiliser à nouveau le port en question après une violation de sécurité.
177
5.3 Chapter Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 178
5 - Switch Configuration
5.3 – Summary
178
Conclusion
Chapter 5: Switch Configuration
Configure basic switch settings to meet network requirements.
Configure a switch using security best practices in a small to medium-sized
business network.
5.3 – Summary
5.3.1 – Conclusion
5.3.1.3 – Switch Configuration
Configurez les paramètres de commutation de base pour répondre aux exigences du
réseau.
Configurez un commutateur à l'aide des meilleures pratiques en matière de sécurité
dans un réseau d'entreprise de taille petite à moyenne.
179
Chapter 6: VLANs
180
Chapter 6 - Sections & Objectives
6.1 VLAN Segmentation
• Explain the purpose of VLANs in a switched network.
• Explain how a switch forwards frames based on VLAN configuration in a multi-switch
environment.
6.2 VLAN Implementations
• Configure a switch port to be assigned to a VLAN based on requirements.
• Configure a trunk port on a LAN switch.
• Troubleshoot VLAN and trunk configurations in a switched network.
6.3 Inter-VLAN Routing Using Routers
• Describe the two options for configuring Inter-VLAN routing.
• Configure legacy Inter-VLAN Routing.
• Configure Router-on-a-Stick Inter-VLAN Routing
181
6.1 VLAN Segmentation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 182
6 - VLANs
6.1 – VLAN Segmentation
182
Overview of VLANs
VLAN Definitions
VLANs can segment LAN devices without regard for the
physical location of the user or device.
• In the figure, IT users on the first, second, and third floors
are all on the same LAN segment. The same is true for HR
and Sales users.
A VLAN is a logical partition of a Layer 2 network.
• Multiple partitions can be created and multiple VLANs can
co-exist.
• The partitioning of the Layer 2 network takes place inside a
Layer 2 device, usually via a switch.
• Each VLAN is a broadcast domain that can span multiple
physical LAN segments. VLANs are mutually isolated and packets can only
• Hosts on the same VLAN are unaware of the VLAN’s pass between VLANs via a router.
existence.
183
Overview of VLANs
Benefits of VLANs
184
Overview of VLANs
Types of VLANs
Common types of VLANs:
Default VLAN Assignment
• Default VLAN – Also known as VLAN 1. All
switch ports are members of VLAN 1 by
default.
• Data VLAN – Data VLANs are commonly
created for specific groups of users or
devices. They carry user generated traffic.
• Native VLAN – This is the VLAN that carries all
untagged traffic. This is traffic that does not
originate from a VLAN port (e.g., STP BPDU
traffic exchanged between STP enabled
switches). The native VLAN is VLAN 1 by Initially, all switch ports are members of VLAN 1.
default.
• Management VLAN – This is a VLAN that is
created to carry network management traffic
including SSH, SNMP, Syslog, and more. VLAN
1 is the default VLAN used for network
management.
185
Overview of VLANs
Voice VLANs
To support time-sensitive voice traffic, Cisco switches
support a voice VLAN that requires:
• Assured bandwidth
• Delay of less than 150 ms across the network to ensure voice
quality
• Transmission priority over other types of network traffic
• Ability to be routed around congested areas on the network.
The voice VLAN feature enables access ports to carry user and IP voice traffic.
• In the figure, the S3 F0/18 interface has been configured to tag student traffic on VLAN 20 and voice traffic on
VLAN 150.
Pour prendre en charge le trafic vocal sensible au temps, les commutateurs Cisco
prennent en charge un VLAN voix qui nécessite:
Bande passante assurée
Retard de moins de 150 ms sur le réseau pour assurer la qualité de la voix
Priorité de transmission sur les autres types de trafic réseau
Possibilité d'être acheminé autour des zones congestionnées sur le réseau.
La fonction VLAN voix permet aux ports d'accès d'acheminer le trafic voix utilisateur et
IP.
Sur la figure, l'interface S3 F0 / 18 a été configurée pour marquer le trafic étudiant sur le
VLAN 20 et le trafic vocal sur le VLAN 150.
186
VLANs in a Multi-Switched Environment
VLAN Trunks
A VLAN trunk is a point-to-
point link that carries more
than one VLAN.
• Usually established between
switches to support intra VLAN
communication.
• A VLAN trunk or trunk ports are
not associated to any VLANs.
Cisco IOS supports IEEE The links between switches S1 and S2, and S1 and S3 are
configured to transmit traffic coming from VLANs 10, 20, 30, and
802.1q, a popular VLAN trunk 99 across the network.
protocol.
187
VLANs in a Multi-Switched Environment
Controlling Broadcast Domains with VLANs
If a switch port receives a broadcast frame, it forwards it out all ports except the originating port.
• Eventually the entire network receives the broadcast because the network is one broadcast domain.
VLANs can be used to limit the reach of broadcast frames because each VLAN is a broadcast
domain.
• VLANs help control the reach of broadcast frames and their impact in the network.
188
VLANs in a Multi-Switched Environment
Tagging Ethernet Frames for VLAN Identification
Before a frame is forwarded across a trunk link, it must be tagged with its VLAN
information.
• Frame tagging is the process of adding a VLAN identification header to the frame.
• It is used to properly transmit multiple VLAN frames through a trunk link.
IEEE 802.1Q is a vey popular VLAN trunking protocol that defines the structure
of the tagging header added to the frame.
• Switches add VLAN tagging information after the Source
MAC address field.
• The fields in the 802.1Q VLAN tag includes VLAN ID (VID).
• Trunk links add the tag information before sending the frame
and then remove the tags before forwarding frames through
non-trunk ports.
189
VLANs in a Multi-Switched Environment
Native VLANs and 802.1Q Tagging
Control traffic sent on the native VLAN should not
be tagged.
Frames received untagged, remain untagged and are
placed in the native VLAN when forwarded.
If there are no ports associated to the native VLAN
and no other trunk links, an untagged frame is
dropped.
When configuring a switch port on a Cisco switch,
configure devices so that they do not send tagged
frames on the native VLAN.
In Cisco switches, the native VLAN is VLAN 1, by
default.
190
VLANs in a Multi-Switched Environment
Voice VLAN Tagging
An access port connecting a Cisco IP
phone can be configured to use two
separate VLANs:
• A VLAN for voice traffic
• A VLAN for data traffic from a device
attached to the phone.
191
6.2 VLAN Implementation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 192
6 - VLANs
6.2 – VLAN Implementation
192
VLAN Assignment
VLAN Ranges on Catalyst Switches
VLANs are split into two categories:
• Normal range VLANs
• VLAN numbers from 1 to 1,005 Cisco Catalyst 2960 and 3560 Series
• Configurations stored in the vlan.dat (in the flash memory)
switches support over 4,000 VLANs.
• IDs 1002 through 1005 are reserved for legacy Token Ring
and Fiber Distributed Data Interface (FDDI) VLANs,
automatically created and cannot be removed.
193
VLAN Assignment
Creating a VLAN
194
VLAN Assignment
Assigning Ports to VLANs
Example 1 Example 2
195
VLAN Assignment
Changing VLAN Port Membership
Remove VLAN Assignment
196
VLAN Assignment
Deleting VLANs
Use the no vlan vlan-id global configuration mode command to remove VLAN.
To delete the entire vlan.dat file, use the delete flash:vlan.dat privileged EXEC mode
command.
• delete vlan.dat can be used if the vlan.dat file has not been moved from its default location.
197
VLAN Assignment
Verifying VLAN Information
VLAN configurations can be validated using the Cisco IOS show vlan and show interfaces
command options.
198
VLAN Trunks
Configuring IEEE 802.1q Trunk Links
Native VLAN
VLAN 99
172.17.99.0/24
199
VLAN Trunks
Resetting the Trunk to Default State
F0/1 is
configured
as an access
port which
removes
the trunk
feature.
200
VLAN Trunks
Verifying Trunk Configuration
201
Troubleshoot VLANs and Trunks
IP Addressing Issues with VLANs
Common practice to associate a VLAN
with an IP network.
• Different IP networks must communicate
through a router.
• All devices within a VLAN must be part of
the same IP network to communicate.
202
Troubleshoot VLANs and Trunks
Missing VLANs
If all the IP address mismatches have been solved, but the device still cannot
connect, check if the VLAN exists in the switch.
If the VLAN to which the port belongs is deleted,
the port becomes inactive and is unable to
communicate with the rest of the network.
• It is not functional until the missing VLAN is created
or the VLAN is removed from the port.
203
Troubleshoot VLANs and Trunks
Introduction to Troubleshooting Trunks
204
Troubleshoot VLANs and Trunks
Common Problems with Trunks
Trunking issues are usually associated with incorrect configurations.
Lorsqu'un problème de ligne est suspecté, il est recommandé de dépanner dans l'ordre
indiqué ci-dessus.
205
Troubleshoot VLANs and Trunks
Incorrect Port Mode
In this example, PC4 cannot reach the Web
server.
• The trunk links on S1 and S3 are verified and reveal
that the S3 trunk port has been configured as an
access port.
206
Troubleshoot VLANs and Trunks
Incorrect VLAN List
In this example, PC5 cannot reach the Student Email server.
• The output of the switchport trunk allowed vlan command reveals S1 is not allowing
VLAN 20.
207
6.3 Inter-VLAN Routing Using Routers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 208
6 - VLANs
6.3 – Inter-VLAN Routing Using Routers
208
Inter-VLAN Routing Operation
What is Inter-VLAN Routing?
Layer 2 switches cannot forward traffic between VLANs without the assistance
of a router.
Inter-VLAN routing is a process for forwarding network traffic from one VLAN
to another, using a router.
209
Inter-VLAN Routing Operation
Legacy Inter-VLAN Routing
In the past: In this example, the router was configured with two separate physical
• Router interfaces were used to route interfaces to interact with the different VLANs and perform the routing.
between VLANs.
• Each VLAN was connected to a
different physical router interface.
• Packets would arrive on the router
through one interface, be routed and
leave through another.
• Because the router interfaces were
connected to VLANs and had IP
addresses from that specific VLAN,
routing between VLANs was achieved.
• Large networks with large number of
VLANs required many router
interfaces.
Dans cet exemple, le routeur a été configuré avec deux interfaces physiques distinctes
pour interagir avec les différents VLAN et effectuer le routage.
210
Inter-VLAN Routing Operation
Router-on-a-Stick Inter-VLAN Routing
The router-on-a-stick approach In this example, the R1 interface is configured as a trunk link and connects
uses only one of the router’s to the trunk F0/4 port on S1.
• Router accepts VLAN-tagged traffic on the trunk interface
physical interface. • Router internally routes between the VLANs using subinterfaces.
• Router then forwards the routed traffic as VLAN-tagged for the
• One of the router’s physical interfaces destination VLAN out the trunk link.
is configured as a 802.1Q trunk port
so it can understand VLAN tags.
• Logical subinterfaces are created; one
subinterface per VLAN.
• Each subinterface is configured with
an IP address from the VLAN it
represents.
• VLAN members (hosts) are configured
to use the subinterface address as a
default gateway.
211
Configure Legacy Inter-VLAN Routing
Configure Legacy Inter-VLAN Routing: Preparation
Legacy inter-VLAN routing requires routers
to have multiple physical interfaces.
Each one of the router’s physical interfaces
is connected to a unique VLAN.
Each interface is also configured with an IP
address for the subnet associated with the
particular VLAN.
Network devices use the router as a
gateway to access the devices connected to
the other VLANs.
212
Configure Legacy Inter-VLAN Routing
Configure Legacy Inter-VLAN Routing: Switch Configuration
213
Configure Legacy Inter-VLAN Routing
Configure Legacy Inter-VLAN Routing: Router Interface Configuration
214
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Preparation
An alternative to legacy inter-VLAN routing is
to use VLAN trunking and subinterfaces.
VLAN trunking allows a single physical router
interface to route traffic for multiple VLANs.
The physical interface of the router must be
connected to a trunk link on the adjacent
switch.
On the router, subinterfaces are created for
each unique VLAN.
Each subinterface is assigned an IP address
specific to its subnet or VLAN and is also
configured to tag frames for that VLAN.
215
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Switch Configuration
216
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Router Subinterface Configuration
The router-on-a-stick method requires
subinterfaces to be configured for each
routable VLAN.
• The subinterfaces must be configured to
support VLANs using the encapsulation
dot1Q VLAN-ID interface configuration
command.
217
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Verifying Subinterfaces
By default, Cisco routers are configured to route traffic between local
subinterfaces.
• As a result, routing does not specifically need to be enabled.
Use the show vlan and show ip route commands to verify the subinterface
configurations.
The show vlan command displays information about the Cisco The show ip route command displays the routing table containing the
IOS VLAN subinterfaces. networks associated with outgoing subinterfaces.
218
Configure Router-on-a-Stick Inter-VLAN Routing
Configure Router-on-a Stick: Verifying Routing
Remote VLAN device connectivity can
be tested using the ping command.
• The command sends an ICMP echo
request and when a host receives an ICMP
echo request, it responds with an ICMP
echo reply.
219
6.4 Chapter Summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 220
6 - VLANs
6.4 – Summary
220
Conclusion
Chapter 6: VLANs
Explain how VLANs segment broadcast domains in a small to medium-sized
business network.
Implement VLANs to segment a small to medium-sized business network..
Configure routing between VLANs in a small to medium-sized business
network.
6.4 – Summary
6.4.1 – Conclusion
6.4.1.3 – Chapter 6: VLANs
Expliquer comment les VLAN segmentent les domaines de diffusion dans un réseau
d'entreprise de taille petite à moyenne.
Implémenter des VLAN pour segmenter un réseau d'entreprise de petite à moyenne
taille.
Configurez le routage entre les VLAN dans un réseau d'entreprise de petite à moyenne
taille.
221
Chapter 7: Access Control Lists
222
Chapter 8: DHCP
223
Chapter 9: NAT for IPv4
224
225