0% found this document useful (0 votes)

3 views

Computer_Networks_1

The document outlines the fundamentals of computer networking, covering modern technologies, network components, types of networks, and their interconnections. It discusses the importance of reliable networks, security measures, and recent trends such as BYOD, online collaboration, and cloud computing. Additionally, it highlights the roles of end devices, intermediary devices, and the significance of network architecture in ensuring efficient communication.

Uploaded by

harshsingh3364

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

3 views

Computer_Networks_1

Uploaded by

harshsingh3364

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 727

COMPUTER NETWORKING 1

Chapter1:
Basic Network Connectivity and
Communications
Module 1.1: Networking Today
Module Objectives
Module Title: Networking Today

Module Objective: Explain the advances in modern technologies.

Topic Title Topic Objective

Networks Affect our Lives Explain how networks affect our daily lives.
Network Components Explain how host and network devices are used.
Network Representations and Topologies Explain network representations and how they are used in network topologies.
Common Types of Networks Compare the characteristics of common types of networks.
Internet Connections Explain how LANs and WANs interconnect to the internet.
Reliable Networks Describe the four basic requirements of a reliable network.

Network Trends Explain how trends such as BYOD, online collaboration, video, and cloud computing
are changing the way we interact.
Network Security Identify some basic security threats and solution for all networks.

The IT Professional Explain employment opportunities in the networking field.

Communication is almost as important to us as our reliance on air, water, food, and

shelter. In today’s world, through the use of networks, we are connected like never
before.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Networking Today
No Boundaries
• World without boundaries

• Global communities

• Human network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Network Components
Host Roles
Every computer on a network is
called a host or end device.
Servers are computers that provide
information to end devices:
• email servers
• web servers Server Description
Type
• file server
Email Email server runs email server software.
Clients are computers that send Clients use client software to access email.
requests to the servers to retrieve
Web Web server runs web server software.
information: Clients use browser software to access web pages.
• web page from a web server
• email from an email server File File server stores corporate and user files.
The client devices access these files.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Network Components
Peer-to-Peer
It is possible to have a device be a client and a server in a Peer-to-Peer Network. This type of
network design is only recommended for very small networks.

Advantages Disadvantages
Easy to set up No centralized administration
Less complex Not as secure
Lower cost Not scalable

Used for simple tasks: transferring files and sharing Slower performance
printers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Network Components
End Devices
An end device is where a message originates from or where it is received. Data originates with an
end device, flows through the network, and arrives at an end device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Network Components
Intermediary Network Devices
An intermediary device interconnects end devices. Examples include switches, wireless
access points, routers, and firewalls.
Management of data as it flows through a network is also the role of an intermediary
device, including:
• Regenerate and retransmit data signals.
• Maintain information about what pathways exist in the network.
• Notify other devices of errors and communication failures.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Network Components
Network Media
Communication across a network is carried through a medium which allows a message to
travel from source to destination.

Media Types Description

Metal wires within cables Uses electrical impulses

Glass or plastic fibers Uses pulses of light.

within cables (fiber-optic
cable)

Wireless transmission Uses modulation of

specific frequencies of
electromagnetic waves.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Network Representations and Topologies
Network Representations

Network diagrams, often called topology

diagrams, use symbols to represent
devices within the network.
Important terms to know include:
• Network Interface Card (NIC)
• Physical Port
• Interface

Note: Often, the terms port and

interface are used interchangeably

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Network Representations and Topologies
Topology Diagrams
Physical topology diagrams illustrate the Logical topology diagrams illustrate devices,
physical location of intermediary devices ports, and the addressing scheme of the
and cable installation. network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Common Types of Networks
Networks of Many Sizes
• Small Home Networks – connect a few
computers to each other and the Internet
• Small Office/Home Office – enables
computer within a home or remote office
to connect to a corporate network
Small Home SOHO • Medium to Large Networks – many
locations with hundreds or thousands of
interconnected computers
• World Wide Networks – connects
hundreds of millions of computers world-
wide – such as the internet

Medium/Large World Wide

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Common Types of Networks
LANs and WANs
Network infrastructures vary greatly in
terms of:
• Size of the area covered
• Number of users connected
• Number and types of services
available
• Area of responsibility

Two most common types of networks:

• Local Area Network (LAN)
• Wide Area Network (WAN).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Common Types of Networks
LANs and WANs (cont.)
A LAN is a network infrastructure that spans A WAN is a network infrastructure that spans
a small geographical area. a wide geographical area.

LAN WAN
Interconnect end devices in a limited area. Interconnect LANs over wide geographical areas.
Administered by a single organization or Typically administered by one or more service
individual. providers.
Provide high-speed bandwidth to internal Typically provide slower speed links between LANs.
devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Common Types of Networks
The Internet
The internet is a worldwide collection of
interconnected LANs and WANs.
• LANs are connected to each other using
WANs.
• WANs may use copper wires, fiber optic
cables, and wireless transmissions.
The internet is not owned by any individual
or group. The following groups were
developed to help maintain structure on
the internet:
• IETF
• ICANN
• IAB
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Common Types of Networks
Intranets and Extranets

An intranet is a private collection of LANs

and WANs internal to an organization that
is meant to be accessible only to the
organizations members or others with
authorization.
An organization might use an extranet to
provide secure access to their network for
individuals who work for a different
organization that need access to their
data on their network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Internet Connections
Internet Access Technologies There are many ways to connect users
and organizations to the internet:
• Popular services for home users
and small offices include
broadband cable, broadband digital
subscriber line (DSL), wireless
WANs, and mobile services.
• Organizations need faster
connections to support IP phones,
video conferencing and data center
storage.
• Business-class interconnections
are usually provided by service
providers (SP) and may include:
business DSL, leased lines, and
Metro Ethernet.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Internet Connections
Home and Small Office Internet Connections
Connection Description

Cable high bandwidth, always on, internet

offered by cable television service
providers.

DSL high bandwidth, always on, internet

connection that runs over a
telephone line.
Cellular uses a cell phone network to connect
to the internet.

Satellite major benefit to rural areas without

Internet Service Providers.
Dial-up an inexpensive, low bandwidth
telephone option using a modem.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Internet Connections
Businesses Internet Connections
Corporate business connections may Type of Description
require: Connection
Dedicated These are reserved circuits within
• higher bandwidth Leased Line the service provider’s network that
• dedicated connections connect distant offices with private
voice and/or data networking.
• managed services
Ethernet This extends LAN access technology
WAN into the WAN.

DSL Business DSL is available in various

formats including Symmetric Digital
Subscriber Lines (SDSL).

Satellite This can provide a connection when

a wired solution is not available.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Internet Connections
The Converging Network

Before converged networks, an

organization would have been
separately cabled for telephone, video,
and data. Each of these networks
would use different technologies to
carry the signal.
Each of these technologies would use a
different set of rules and standards.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Internet Connections
The Converging Network (Cont.)
Converged data networks carry
multiple services on one link including:
• data
• voice
• video
Converged networks can deliver data,
voice, and video over the same
network infrastructure. The network
infrastructure uses the same set of
rules and standards.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Internet Connections
Video – Download and Install Packet Tracer
This video will demonstrate the download and install process of Packet Tracer.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Internet Connections
Video – Getting Started in Cisco Packet Tracer
This video will cover the following:
• Navigate the Packet Tracer interface
• Customize the Packet Tracer Interface

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Internet Connections
Packet Tracer – Network Representation
In this Packet tracer you will do the following:
• The network model in this activity incorporates many of the technologies that you will
master in your CCNA studies.

Note: It is not important that you understand everything you see and do in this activity.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Reliable Network
Network Architecture
Network Architecture refers to the
technologies that support the infrastructure
that moves data across the network.
There are four basic characteristics that the
underlying architectures need to address to
meet user expectations:
• Fault Tolerance
• Scalability
• Quality of Service (QoS)
• Security

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Reliable Network
Fault Tolerance
A fault tolerant network limits the impact of
a failure by limiting the number of affected
devices. Multiple paths are required for
fault tolerance.
Reliable networks provide redundancy by
implementing a packet switched network:
• Packet switching splits traffic into
packets that are routed over a network.
• Each packet could theoretically take a
different path to the destination.
This is not possible with circuit-switched
networks which establish dedicated
circuits.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Reliable Network
Quality of Service
Voice and live video transmissions
require higher expectations for those
services being delivered.

Have you ever watched a live video with

constant breaks and pauses? This is
caused when there is a higher demand
for bandwidth than available – and QoS
isn’t configured.

• Quality of Service (QoS) is the primary

mechanism used to ensure reliable
delivery of content for all users.

• With a QoS policy in place, the router

can more easily manage the flow of
data and voice traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Reliable Network There are two main types of network
Network Security security that must be addressed:
• Network infrastructure security
• Physical security of network devices
• Preventing unauthorized access to
the devices
• Information Security
• Protection of the information or data
transmitted over the network
Three goals of network security:
• Confidentiality – only intended
recipients can read the data
• Integrity – assurance that the data has
not be altered with during transmission
• Availability – assurance of timely and
reliable access to data for authorized
users
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Network Trends
Recent Trends
The role of the network must adjust
and continually transform in order to
be able to keep up with new
technologies and end user devices as
they constantly come to the market.
Several new networking trends that
effect organizations and consumers:
• Bring Your Own Device (BYOD)
• Online collaboration
• Video communications
• Cloud computing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Network Trends
Bring Your Own Device (BYOD)
Bring Your Own Device allows users to use their own devices
giving them more opportunities and
greater flexibility.

BYOD allows end users to have the

freedom to use personal tools to
access information and communicate
using their:
• Laptops
• Netbooks
• Tablets
• Smartphones
• E-readers
BYOD means any device, with any
ownership, used anywhere.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Network Trends
Online Collaboration
 Collaborate and work with others
over the network on joint projects.

 Collaboration tools including Cisco

WebEx (shown in the figure) gives
users a way to instantly connect and
interact.

 Collaboration is a very high priority

for businesses and in education.

 Cisco Webex Teams is a

multifunctional collaboration tool.
• send instant messages
• post images
• post videos and links

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Network Trends
Video Communication
• Video calls are made to anyone, regardless of where they are located.

• Video conferencing is a powerful tool for communicating with others.

• Video is becoming a critical requirement for effective collaboration.

• Cisco TelePresence powers is one way of working where everyone,

everywhere.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Network Trends
Video – Cisco WebEx for Huddles

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Network Trends
Cloud Computing
Cloud computing allows us to store personal files or backup our data on servers over the internet.
• Applications can also be accessed using the Cloud.
• Allows businesses to deliver to any device anywhere in the world.

Cloud computing is made possible by data centers.

• Smaller companies that can’t afford their own data centers, lease server and storage services from larger
data center organizations in the Cloud.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Network Trends
Cloud Computing (Cont.)
Four types of Clouds:
• Public Clouds
• Available to the general public through a pay-per-use model or for free.
• Private Clouds
• Intended for a specific organization or entity such as the government.
• Hybrid Clouds
• Made up of two or more Cloud types – for example, part custom and part public.
• Each part remains a distinctive object but both are connected using the same architecture.
• Custom Clouds
• Built to meet the needs of a specific industry, such as healthcare or media.
• Can be private or public.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Network Trends
Technology Trends in the Home
• Smart home technology is a
growing trend that allows
technology to be integrated into
every-day appliances which
allows them to interconnect with
other devices.
• Ovens might know what time to
cook a meal for you by
communicating with your calendar
on what time you are scheduled
to be home.
• Smart home technology is
currently being developed for all
rooms within a house.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Network Trends • Powerline networking can
Powerline Networking allow devices to connect to a
LAN where data network
cables or wireless
communications are not a
viable option.
• Using a standard powerline
adapter, devices can connect
to the LAN wherever there is
an electrical outlet by
sending data on certain
frequencies.
• Powerline networking is
especially useful when
wireless access points
cannot reach all the devices
in the home.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Network Trends
Wireless Broadband
In addition to DSL and cable, wireless is
another option used to connect homes
and small businesses to the internet.
• More commonly found in rural
environments, a Wireless Internet Service
Provider (WISP) is an ISP that connects
subscribers to designated access points or
hotspots.
• Wireless broadband is another solution for
the home and small businesses.
• Uses the same cellular technology used by a
smart phone.
• An antenna is installed outside the house
providing wireless or wired connectivity for
devices in the home.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Network Security
Security Threats • Network security is an integral
part of networking regardless of
the size of the network.
• The network security that is
implemented must take into
account the environment while
securing the data, but still
allowing for quality of service that
is expected of the network.
• Securing a network involves
many protocols, technologies,
devices, tools, and techniques in
order to secure data and mitigate
threats.
• Threat vectors might be external
or internal.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Network Security
External Threats:
Security Threats (Cont.)
• Viruses, worms, and Trojan
horses
• Spyware and adware
• Zero-day attacks
• Threat Actor attacks
• Denial of service attacks
• Data interception and theft
• Identity theft

Internal Threats:
• lost or stolen devices
• accidental misuse by employees
• malicious employees
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Network Security
Security Solutions
Security must be implemented in multiple
layers using more than one security solution.
Network security components for home or
small office network:
• Antivirus and antispyware software
should be installed on end devices.
• Firewall filtering used to block
unauthorized access to the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Network Security
Security Solutions (Cont.)

Larger networks have additional security

requirements:
• Dedicated firewall system
• Access control lists (ACL)
• Intrusion prevention systems (IPS)
• Virtual private networks (VPN)
The study of network security starts with a clear
understanding of the underlying switching and
routing infrastructure.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
The IT Professional
The Cisco Certified Network Associate
CCNA (CCNA) certification:
• demonstrates that you have a knowledge of
foundational technologies
• ensures you stay relevant with skills needed
for the adoption of next-generation
technologies.
The new CCNA focus:
• IP foundation and security topics
• Wireless, virtualization, automation, and
network programmability.
New DevNet certifications at the
associate, specialist and professional
levels, to validate your software
development skills.
Specialist certification validate your skills
in line with your job role and interests.

At www.netacad.com you can click the

Careers menu and then select Employment
opportunities.
• Find employment opportunities by
using the Talent Bridge Matching
Engine.
• Search for jobs with Cisco, Cisco
partners and distributors seeking
Cisco Networking Academy students
and alumni.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
The IT Professional
Lab – Researching IT and Networking Job Opportunities

In this lab, you will complete the following objectives:

• Research Job Opportunities
• Reflect on Research

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Module 1.2: CISCO IOS Access
& IOS Navigation
Cisco IOS Access
Operating Systems
• Shell - The user interface that allows
users to request specific tasks from
the computer. These requests can be
made either through the CLI or GUI
interfaces.
• Kernel - Communicates between the
hardware and software of a computer
and manages how hardware
resources are used to meet software
requirements.
• Hardware - The physical part of a
computer including underlying
electronics.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Cisco IOS Access
GUI
• A GUI allows the user to interact with the
system using an environment of
graphical icons, menus, and windows.

• A GUI is more user-friendly and requires

less knowledge of the underlying
command structure that controls the
system.

• Examples of these are: Windows,

macOS, Linux KDE, Apple iOS and
Android.
• GUIs can fail, crash, or simply not
operate as specified. For these reasons,
network devices are typically accessed
through a CLI.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Cisco IOS Access
Purpose of an OS
PC operating system enables a user to do CLI-based network operating system enables a
the following: network technician to do the following:
• Use a mouse to make selections • Use a keyboard to run CLI-based
and run programs network programs
• Enter text and text-based • Use a keyboard to enter text and
commands text-based commands
• View output on a monitor
• View output on a monitor

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Cisco IOS Access
Access Methods
• Console – A physical management port
used to access a device in order to
provide maintenance, such as
performing the initial configurations.
• Secure Shell (SSH) – Establishes a
secure remote CLI connection to a
device, through a virtual interface, over a
network. (Note: This is the recommended
method for remotely connecting to a
device.)

• Telnet – Establishes an insecure remote

CLI connection to a device over the
network. (Note: User authentication,
passwords and commands are sent over the
network in plaintext.)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Cisco IOS Access
Terminal Emulation Programs
• Terminal emulation programs are used to connect to a network device by either a console
port or by an SSH/Telnet connection.
• There are several terminal emulation programs to chose from such as PuTTY, Tera Term
and SecureCRT.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
IOS Navigation
Primary Command Modes
User EXEC Mode:
• Allows access to only a limited
number of basic monitoring
commands
• Identified by the CLI prompt
that ends with the > symbol

Privileged EXEC Mode:

• Allows access to all
commands and features
• Identified by the CLI prompt
that ends with the # symbol

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
IOS Navigation
Configuration Mode and Subconfiguration Modes

Global Configuration Mode:

• Used to access
configuration options on the
device

Line Configuration Mode:

• Used to configure console,
SSH, Telnet or AUX access

Interface Configuration Mode:

• Used to configure a switch
port or router interface
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
IOS Navigation
Video – IOS CLI Primary Command Modes

This video will cover the following:

• User EXEC mode
• Privilege EXEC mode
• Global Config mode

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
IOS Navigation
Navigation Between IOS Modes
 Privileged EXEC Mode:
• To move from user EXEC mode to privilege
EXEC mode, use the enabled command.
 Global Configuration Mode:
• To move in and out of global configuration
mode, use the configure terminal
command. To return to privilege EXEC
mode, use the exit command.
 Line Configuration Mode:
• To move in and out of line configuration
mode, use the line command followed by
the management line type. To return to
global configuration mode, use the exit
command.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
IOS Navigation
Navigation Between IOS Modes (Cont.)
Subconfiguration Modes:
• To move out of any subconfiguration mode to
get back to global configuration mode, use
the exit command. To return to privilege
EXEC mode, use the end command or key
combination Ctrl +Z.

• To move directly from one subconfiguration

mode to another, type in the desired
subconfiguration mode command. In the
example, the command prompt changes from
(config-line)# to (config-if)#.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
IOS Navigation
Video – Navigation Between IOS Modes

This video will cover the following:

• enable
• disable
• configure terminal
• exit
• end
• Control + Z on keyboard
• Other commands to enter sub configuration modes

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
The Command Structure
Basic IOS Command Structure

• Keyword – This is a specific parameter defined in the operating system (in the figure, ip
protocols).

• Argument - This is not predefined; it is a value or variable defined by the user (in the
figure, 192.168.10.5).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
The Command Structure
IOS Command Syntax Check
A command might require one or more arguments. To determine the keywords
and arguments required for a command, refer to the command syntax.
• Boldface text indicates commands and keywords that are entered as shown.
• Italic text indicates an argument for which the user provides the value.

Convention Description
Boldface text indicates commands and keywords that you enter literally as
boldface
shown.
italics Italic text indicates arguments for which you supply values.

[x] Square brackets indicate an optional element (keyword or argument).

{x} Braces indicate a required element (keyword or argument).

Braces and vertical lines within square brackets indicate a required choice
[x {y | z }] within an optional element. Spaces are used to clearly delineate parts of the
command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
The Command Structure
IOS Command Syntax Check (Cont.)
 The command syntax provides the pattern, or format, that must be used when
entering a command.

 The command is ping and the user-defined

argument is the ip-address of the
destination device. For example, ping
10.10.10.5.
 The command is traceroute and the
user-defined argument is the ip-
address of the destination device. For
example, traceroute 192.168.254.254.

 If a command is complex with multiple arguments, you may see it represented like this:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
The Command Structure
IOS Help Features
The IOS has two forms of help available: context-sensitive help and command
syntax check.
• Context-sensitive help enables you to • Command syntax check verifies that
quickly find answers to these questions: a valid command was entered by
• Which commands are available in each command the user.
mode? • If the interpreter cannot understand the
• Which commands start with specific characters or command being entered, it will provide
group of characters? feedback describing what is wrong with
the command.
• Which arguments and keywords are available to
particular commands?

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
The Command Structure
Video – Context Sensitive Help and Command Syntax Checker

This video will cover the following:

• Use the help command in user EXEC, privileged EXEC, and global config mode
• Finish commands and arguments with the help command
• Use the command syntax checker to fix syntax errors and incomplete commands

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
The Command Structure
Hot Keys and Shortcuts
• The IOS CLI provides hot keys and shortcuts that make configuring, monitoring, and
troubleshooting easier.
• Commands and keywords can be shortened to the minimum number of characters
that identify a unique selection. For example, the configure command can be
shortened to conf because configure is the only command that begins with conf.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
The Command Structure
Hot Keys and Shortcuts (Cont.)
 The table below is a brief list of keystrokes to enhance command line editing.

Keystroke Description

Tab Completes a partial command name entry.

Backspace Erases the character to the left of the cursor.

Left Arrow or Ctrl+B Moves the cursor one character to the left.

Right Arrow or Ctrl+F Moves the cursor one character to the right.

Recalls the commands in the history buffer, beginning with

Up Arrow or Ctrl+P
the most recent commands.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
The Command Structure
Hot Keys and Shortcuts (Cont.)
• When a command output produces more text
than can be displayed in a terminal window, • The table below lists commands that can
the IOS will display a “--More--” prompt. The be used to exit out of an operation.
table below describes the keystrokes that can
be used when this prompt is displayed.

Keystroke Description Keystroke Description

When in any configuration mode, ends the
Enter Key Displays the next line. Ctrl-C configuration mode and returns to privileged EXEC
mode.
When in any configuration mode, ends the
Space Bar Displays the next screen. Ctrl-Z configuration mode and returns to privileged EXEC
mode.
Ends the display string, returning to All-purpose break sequence used to abort DNS
Any other key Ctrl-Shift-6
privileged EXEC mode. lookups, traceroutes, pings, etc.

Note: To see more hot keys and shortcuts refer to 2.3.5.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
The Command Structure
Video – Hot Keys and Shortcuts

This video will cover the following:

• Tab key (tab completion)
• Command shortening
• Up and down arrow key
• CTRL + C
• CTRL + Z
• CTRL + Shift + 6
• CTRL + R

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
The Command Structure
Packet Tracer – Navigate the IOS

In this Packet Tracer, you will do the following:

• Establish Basic Connections, Access the CLI, and Explore Help

• Explore EXEC Modes

• Set the Clock

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
The Command Structure
Lab – Navigate the IOS by Using Tera Term for Console
Connectivity
In this lab, you complete the following objectives:

• Access a Cisco Switch through the Serial Console Port

• Display and Configure Basic Device Settings

• (Optional) Access a Cisco Router Using a Mini-USB Console Cable

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
Module 1.3: Basic Device Configuration
Basic Device Configuration
Device Names
• The first configuration command on any device should be to
give it a unique hostname.
• By default, all devices are assigned a factory default name.
For example, a Cisco IOS switch is "Switch.”

• Guideline for naming devices:

• Start with a letter
• Contain no spaces
• End with a letter or digit
Note: To return the switch to the default
• Use only letters, digits, and dashes
prompt, use the no hostname global
• Be less than 64 characters in length config command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
Basic Device Configuration
Password Guidelines
• The use of weak or easily guessed passwords are a security concern.
• All networking devices should limit administrative access by securing privileged EXEC,
user EXEC, and remote Telnet access with passwords. In addition, all passwords should
be encrypted and legal notifications provided.

• Password Guidelines:
• Use passwords that are more than eight
characters in length.
• Use a combination of upper and lowercase
letters, numbers, special characters, and/or
numeric sequences. Note: Most of the labs in this course use simple
passwords such as cisco or class. These
• Avoid using the same password for all devices. passwords are considered weak and easily
• Do not use common words because they are guessable and should be avoided in production
easily guessed. environments.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Basic Device Configuration
Configure Passwords
Securing user EXEC mode access:
• First enter line console configuration mode
using the line console 0 command in global
configuration mode.
• Next, specify the user EXEC mode password
using the password password command.
• Finally, enable user EXEC access using
the login command.

Securing privileged EXEC mode access:

• First enter global configuration mode.
• Next, use the enable secret password command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
Basic Device Configuration
Configure Passwords (Cont.)
Securing VTY line access:
• First enter line VTY configuration mode
using the line vty 0 15 command in
global configuration mode.
• Next, specify the VTY password using
the password password command.
• Finally, enable VTY access using
the login command.

 Note: VTY lines enable remote access using Telnet or SSH to the device. Many Cisco
switches support up to 16 VTY lines that are numbered 0 to 15.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
Basic Device Configuration
Encrypt Passwords
 The startup-config and running-config files  Use the show running-config command
display most passwords in plaintext. to verify that the passwords on the device
are now encrypted.
 To encrypt all plaintext passwords, use
the service password-encryption global config
command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
Basic Device Configuration
Banner Messages
 A banner message is important to warn
unauthorized personnel from attempting
to access the device.
 To create a banner message of the day
on a network device, use the banner The banner will be displayed on attempts to access the device.
motd # the message of the day # global
config command.

Note: The “#” in the command syntax is called

the delimiting character. It is entered before
and after the message.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
Basic Device Configuration
Video – Secure Administrative Access to a Switch

This video will cover the following:

• Access the command line to secure the switch
• Secure access to the console port
• Secure virtual terminal access for remote access
• Encrypt passwords on the switch
• Configure the banner message
• Verify security changes

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
Save Configurations
Configuration Files
 There are two system files that store the device configuration:
• startup-config - This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be
used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
• running-config - This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a
running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its
content when the device is powered off or restarted.
• To save changes made to the running configuration to the startup configuration file, use the copy running-config
startup-config privileged EXEC mode command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
Save Configurations
Alter the Running Configurations
If changes made to the running config do not
have the desired effect and the running-config
has not yet been saved, you can restore the
device to its previous configuration. To do this
you can:
• Remove the changed commands individually.
• Reload the device using the reload command
in privilege EXEC mode. Note: This will cause
the device to briefly go offline, leading to
network downtime.
If the undesired changes were saved to the
startup-config, it may be necessary to clear all
the configurations using the erase startup-
config command in privilege EXEC mode.
• After erasing the startup-config, reload the
device to clear the running-config file from
RAM.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
Save Configurations
Video – Alter the Running Configuration

This video will cover the following:

• Copy the running-config file to the startup-config file
• Show the files in the flash or NVRAM directory
• Use command shortening
• Erase the startup-config file
• Copy the start-config file to the running-config file

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
Save Configurations
Capture Configuration to a Text File
Configuration files can also be saved and
archived to a text document.
• Step 1. Open terminal emulation software,
such as PuTTY or Tera Term, that is already
connected to a switch.
• Step 2. Enable logging in to the terminal
software and assign a name and file location to
save the log file. The figure displays that All
session output will be captured to the file
specified (i.e., MySwitchLogs).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
Save Configurations
Capture Configuration to a Text File (Cont.)
• Step 3. Execute the show running-
config or show startup-config command at
the privileged EXEC prompt. Text displayed in
the terminal window will be placed into the
chosen file.
• Step 4. Disable logging in the terminal
software. The figure shows how to disable
logging by choosing the None session logging
option

Note: The text file created can be used as a record of

how the device is currently implemented. The file could
require editing before being used to restore a saved
configuration to a device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
Save Configurations
Packet Tracer – Configure Initial Switch Settings

In this Packet Tracer, you will do the following:

• Verify the Default Switch Configuration

• Configure a Basic Switch Configuration

• Configure a MOTD Banner

• Save Configuration Files to NVRAM

• Configure a second Switch

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
Ports and Addresses
IP Addresses
• The use of IP addresses is the primary means of
enabling devices to locate one another and
establish end-to-end communication on the
internet.
• The structure of an IPv4 address is called dotted
decimal notation and is represented by four
decimal numbers between 0 and 255.
• An IPv4 subnet mask is a 32-bit value that
differentiates the network portion of the address
from the host portion. Coupled with the IPv4
address, the subnet mask determines to which
subnet the device is a member.
• The default gateway address is the IP address of
the router that the host will use to access remote
networks, including the internet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
Ports and Addresses
IP Addresses (Cont.)
• IPv6 addresses are 128 bits in length and
written as a string of hexadecimal values.
Every four bits is represented by a single
hexadecimal digit; for a total of 32
hexadecimal values. Groups of four
hexadecimal digits are separated by a colon
“:”.
• IPv6 addresses are not case-sensitive and
can be written in either lowercase or
uppercase.

Note: IP in this course refers to both the IPv4 and IPv6

protocols. IPv6 is the most recent version of IP and is
replacing the more common IPv4.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
Ports and Addresses
Interfaces and Ports
• Network communications depend on end
user device interfaces, networking device
interfaces, and the cables that connect
them.
• Types of network media include twisted-
pair copper cables, fiber-optic cables,
coaxial cables, or wireless.
• Different types of network media have
different features and benefits. Some of
the differences between various types of
media include:
• Distance the media can successfully carry a signal
• Environment in which the media is to be installed
• Amount of data and the speed at which it must be
transmitted
• Cost of the media and installation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
Module 1.4: Configure IP Addressing
Configure IP Addressing
Manual IP Address Configuration for End Devices
• End devices on the network need an IP address in
order to communicate with other devices on the
network.
• IPv4 address information can be entered into end
devices manually, or automatically using Dynamic
Host Configuration Protocol (DHCP).
• To manually configure an IPv4 address on a Windows
PC, open the Control Panel > Network Sharing
Center > Change adapter settings and choose the
adapter. Next right-click and select Properties to
display the Local Area Connection Properties.
• Next, click Properties to open the Internet Protocol
Version 4 (TCP/IPv4) Properties window. Then
configure the IPv4 address and subnet mask
information, and default gateway. Note: IPv6 addressing and
configuration options are similar to
IPv4.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
Configure IP Addressing
Automatic IP Address Configuration for End Devices
• DHCP enables automatic IPv4 address
configuration for every end device that is
DHCP-enabled.
• End devices are typically by default
using DHCP for automatic IPv4 address
configuration.
• To configure DHCP on a Windows PC, open
the Control Panel > Network Sharing
Center > Change adapter settings and
choose the adapter. Next right-click and
select Properties to display the Local Area
Connection Properties.
• Next, click Properties to open the Internet
Protocol Version 4 (TCP/IPv4)
Properties window, then select Obtain an Note: IPv6 uses DHCPv6 and SLAAC (Stateless
IP address automatically and Obtain DNS Address Autoconfiguration) for dynamic address
server address automatically. allocation.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
Configure IP Addressing
Switch Virtual Interface Configuration
To access the switch remotely, an IP address and a subnet mask must be configured on
the SVI.
To configure an SVI on a switch:
• Enter the interface vlan 1 command in global configuration mode.
• Next assign an IPv4 address using the ip address ip-address subnet-mask command.
• Finally, enable the virtual interface using the no shutdown command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
Configure IP Addressing
Packet Tracer – Implement Basic Connectivity

In this Packet Tracer, you will do the following:

 Perform a Basic Configuration on two switches

 Configure the PCs

 Configure the Switch Management Interface

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
Module 1.5: Protocols and Models
The Rules
Video – Devices in a Bubble

This video will explain the protocols that devices use to see their place in the
network and communicate with other devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
The Rules
Communications Fundamentals
Networks can vary in size and complexity. It is not enough to have a connection,
devices must agree on “how” to communicate.
There are three elements to any communication:
• There will be a source (sender).
• There will be a destination (receiver).
• There will be a channel (media) that provides for the path of communications to
occur.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96
The Rules
Communications Protocols
• All communications are governed by protocols.

• Protocols are the rules that communications will follow.

• These rules will vary depending on the protocol.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
The Rules
Rule Establishment
• Individuals must use established rules or agreements to govern the conversation.

• The first message is difficult to read because it is not formatted properly. The second shows
the message properly formatted

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
The Rules
Rule Establishment (Cont.)
Protocols must account for the following requirements:
• An identified sender and receiver
• Common language and grammar
• Speed and timing of delivery
• Confirmation or acknowledgment requirements

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99
The Rules
Network Protocol Requirements
Common computer protocols must be in agreement and include the following
requirements:
• Message encoding
• Message formatting and encapsulation
• Message size
• Message timing
• Message delivery options

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100
The Rules
Message Encoding
• Encoding is the process of converting information into another acceptable form for
transmission.
• Decoding reverses this process to interpret the information.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 101
The Rules
Message Formatting and Encapsulation
• When a message is sent, it must use a specific format or structure.

• Message formats depend on the type of message and the channel that is used to
deliver the message.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
The Rules
Message Size
Encoding between hosts must be in an appropriate format for the medium.
• Messages sent across the network are converted to bits
• The bits are encoded into a pattern of light, sound, or electrical impulses.
• The destination host must decode the signals to interpret the message.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 103
The Rules
Message Timing
Message timing includes the following:
Flow Control – Manages the rate of data transmission and defines how much information
can be sent and the speed at which it can be delivered.
Response Timeout – Manages how long a device waits when it does not hear a reply from
the destination.
Access method - Determines when someone can send a message.
• There may be various rules governing issues like “collisions”. This is when more than one
device sends traffic at the same time and the messages become corrupt.
• Some protocols are proactive and attempt to prevent collisions; other protocols are
reactive and establish a recovery method after the collision occurs.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 104
The Rules
Message Delivery Options
Message delivery may one of the following methods:
• Unicast – one to one communication
• Multicast – one to many, typically not all
• Broadcast – one to all

Note: Broadcasts are used in IPv4 networks, but are not an option for IPv6. Later we will also
see “Anycast” as an additional delivery option for IPv6.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 105
The Rules
A Note About the Node Icon
• Documents may use the node icon , typically a circle, to represent all devices.

• The figure illustrates the use of the node icon for delivery options.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 106
Protocols
Network Protocol Overview
Network protocols define a
Protocol Type Description
common set of rules.
• Can be implemented on
devices in: Network enable two or more devices to communicate over
Communications one or more networks
• Software
• Hardware Network Security secure data to provide authentication, data
integrity, and data encryption
• Both
• Protocols have their own: Routing enable routers to exchange route information,
compare path information, and select best path
• Function
• Format Service used for the automatic detection of devices or
• Rules Discovery services

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 107
Protocols
Network Protocol Functions
• Devices use agreed-upon protocols
to communicate .
• Protocols may have may have one
or functions.

Function Description
Addressing Identifies sender and receiver
Reliability Provides guaranteed delivery
Flow Control Ensures data flows at an efficient rate
Sequencing Uniquely labels each transmitted segment of data
Error Detection Determines if data became corrupted during transmission
Application Interface Process-to-process communications between network applications
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 108
Protocols
Protocol Interaction
• Networks require the use of several
protocols.
• Each protocol has its own function and format.

Protocol Function
Hypertext Transfer  Governs the way a web server and a web client interact
Protocol (HTTP)  Defines content and format
Transmission Control  Manages the individual conversations
Protocol (TCP)  Provides guaranteed delivery
 Manages flow control
Internet Protocol (IP) Delivers messages globally from the sender to the receiver
Ethernet Delivers messages from one NIC to another NIC on the same Ethernet Local
Area Network (LAN)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 109
Protocol Suites
Network Protocol Suites
Protocols must be able to work with other
protocols.
Protocol suite:
• A group of inter-related protocols
necessary to perform a communication
function
• Sets of rules that work together to help
solve a problem
The protocols are viewed in terms of layers:
• Higher Layers
• Lower Layers- concerned with moving
data and provide services to upper
layers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 110
Protocol Suites
Evolution of Protocol Suites
There are several protocol suites.
• Internet Protocol Suite or TCP/IP- The
most common protocol suite and maintained
by the Internet Engineering Task Force
(IETF)

• Open Systems Interconnection (OSI)

protocols- Developed by the International
Organization for Standardization (ISO) and
the International Telecommunications Union
(ITU)

• AppleTalk- Proprietary suite release by

Apple Inc.

• Novell NetWare- Proprietary suite

developed by Novell Inc.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 111
Protocol Suites
TCP/IP Protocol Example
• TCP/IP protocols operate at the
application, transport, and
internet layers.
• The most common network
access layer LAN protocols are
Ethernet and WLAN (wireless
LAN).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 112
Protocol Suites
TCP/IP Protocol Suite
• TCP/IP is the protocol suite used by
the internet and includes many
protocols.

• TCP/IP is:

• An open standard protocol suite

that is freely available to the public
and can be used by any vendor
• A standards-based protocol suite
that is endorsed by the networking
industry and approved by a
standards organization to ensure
interoperability

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 113
Protocol Suites
TCP/IP Communication Process
• A web server encapsulating and sending a • A client de-encapsulating the web page for
web page to a client. the web browser

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 114
Standards Organizations
Open Standards
Open standards encourage:
• interoperability

• competition

• innovation

Standards organizations are:

• vendor-neutral

• non-profit organizations

• established to develop and promote the

concept of open standards.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 115
Standards Organizations
• Internet Society (ISOC) - Promotes
Internet Standards the open development and evolution of
internet
• Internet Architecture Board (IAB) -
Responsible for management and
development of internet standards
• Internet Engineering Task Force
(IETF) - Develops, updates, and
maintains internet and TCP/IP
technologies
• Internet Research Task Force
(IRTF) - Focused on long-term
research related to internet and
TCP/IP protocols
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 116
Standards Organizations
Internet Standards (Cont.)
Standards organizations involved with the
development and support of TCP/IP
• Internet Corporation for Assigned
Names and Numbers (ICANN) -
Coordinates IP address allocation, the
management of domain names, and
assignment of other information
• Internet Assigned Numbers Authority
(IANA) - Oversees and manages IP
address allocation, domain name
management, and protocol identifiers
for ICANN

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 117
Standards Organizations
Electronic and Communications Standards
• Institute of Electrical and Electronics Engineers (IEEE, pronounced “I-triple-E”)
- dedicated to creating standards in power and energy, healthcare,
telecommunications, and networking
• Electronic Industries Alliance (EIA) - develops standards relating to electrical
wiring, connectors, and the 19-inch racks used to mount networking equipment
• Telecommunications Industry Association (TIA) - develops communication
standards in radio equipment, cellular towers, Voice over IP (VoIP) devices,
satellite communications, and more
• International Telecommunications Union-Telecommunication
Standardization Sector (ITU-T) - defines standards for video compression,
Internet Protocol Television (IPTV), and broadband communications, such as a
digital subscriber line (DSL)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 118
Standards Organizations
Lab – Researching Networking Standards
In this lab, you will do the following:
• Part 1: Research Networking Standards Organizations
• Part 2: Reflect on Internet and Computer Networking Experience

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 119
Reference Models
The Benefits of Using a Layered Model
Complex concepts such as how a
network operates can be difficult to
explain and understand. For this
reason, a layered model is used.
Two layered models describe network
operations:
• Open System Interconnection (OSI)
Reference Model
• TCP/IP Reference Model

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 120
Reference Models
The Benefits of Using a Layered Model (Cont.)
These are the benefits of using a layered model:
• Assist in protocol design because protocols that operate at a specific layer have
defined information that they act upon and a defined interface to the layers above
and below
• Foster competition because products from different vendors can work together

• Prevent technology or capability changes in one layer from affecting other layers
above and below
• Provide a common language to describe networking functions and capabilities

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 121
Reference Models
The OSI Reference Model
OSI Model Layer Description
7 - Application Contains protocols used for process-to-process communications.
Provides for common representation of the data transferred between application
6 - Presentation
layer services.

5 - Session Provides services to the presentation layer and to manage data exchange.

Defines services to segment, transfer, and reassemble the data for individual
4 - Transport
communications.

3 - Network Provides services to exchange the individual pieces of data over the network.

2 - Data Link Describes methods for exchanging data frames over a common media.

1 - Physical Describes the means to activate, maintain, and de-activate physical connections.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 122
Reference Models
The TCP/IP Reference Model
TCP/IP Model
Description
Layer
Application Represents data to the user, plus encoding and dialog control.

Transport Supports communication between various devices across diverse networks.

Internet Determines the best path through the network.

Network Access Controls the hardware devices and media that make up the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 123
Reference Models
OSI and TCP/IP Model Comparison

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 124
Reference Models
Packet Tracer – Investigate the TCP/IP and OSI Models in Action
This simulation activity is intended to provide a foundation for understanding the
TCP/IP protocol suite and the relationship to the OSI model. Simulation mode
allows you to view the data contents being sent across the network at each layer.
In this Packet Tracer, you will:
• Part 1: Examine HTTP Web Traffic
• Part 2: Display Elements of the TCP/IP Protocol Suite

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 125
Data Encapsulation
Segmenting Messages Segmenting is the process of breaking up
messages into smaller units. Multiplexing is
the processes of taking multiple streams of
segmented data and interleaving them
together.
Segmenting messages has two primary
benefits:
• Increases speed - Large amounts of
data can be sent over the network
without tying up a communications link.
• Increases efficiency - Only segments
which fail to reach the destination need to
be retransmitted, not the entire data
stream.

Sequencing messages is the process of

numbering the segments so that the
message may be reassembled at the
destination.
TCP is responsible for sequencing the
individual segments.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 127
Data Encapsulation
Encapsulation is the process where protocols
Protocol Data Units add their information to the data.
• At each stage of the process, a PDU has a
different name to reflect its new functions.
• There is no universal naming convention for
PDUs, in this course, the PDUs are named
according to the protocols of the TCP/IP
suite.
• PDUs passing down the stack are as
follows:
1. Data (Data Stream)
2. Segment
3. Packet
4. Frame
5. Bits (Bit Stream)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 128
Data Encapsulation
Encapsulation Example
• Encapsulation is a top down
process.
• The level above does its
process and then passes it
down to the next level of the
model. This process is
repeated by each layer until
it is sent out as a bit stream.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 129
Data Encapsulation
De-encapsulation Example
• Data is de-encapsulated as it moves up
the stack.
• When a layer completes its process,
that layer strips off its header and
passes it up to the next level to be
processed. This is repeated at each
layer until it is a data stream that the
application can process.
1. Received as Bits (Bit Stream)
2. Frame
3. Packet
4. Segment
5. Data (Data Stream)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 130
Data Access
Addresses
Both the data link and network layers use addressing to deliver data from source to
destination.
Network layer source and destination addresses - Responsible for delivering the IP
packet from original source to the final destination.
Data link layer source and destination addresses – Responsible for delivering the data
link frame from one network interface card (NIC) to another NIC on the same network.

The IP packet contains two IP

addresses:
• Source IP address - The IP
address of the sending device,
original source of the packet.
• Destination IP address - The IP
address of the receiving device,
final destination of the packet.
These addresses may be on the same
link or remote.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 132
Data Access
Layer 3 Logical Address (Cont.)
An IP address contains two parts:
• Network portion (IPv4) or Prefix (IPv6)
• The left-most part of the address indicates
the network group which the IP address is
a member.
• Each LAN or WAN will have the same
network portion.
• Host portion (IPv4) or Interface ID
(IPv6)
• The remaining part of the address identifies
a specific device within the group.
• This portion is unique for each device on
the network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
Data Access
Devices on the Same Network

When devices are on the same

network the source and destination will
have the same number in network
portion of the address.
• PC1 – 192.168.1.110
• FTP Server – 192.168.1.9

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 134
Data Access
Role of the Data Link Layer Addresses: Same IP Network
When devices are on the same Ethernet
network the data link frame will use the
actual MAC address of the destination
NIC.
MAC addresses are physically embedded
into the Ethernet NIC and are local
addressing.
• The Source MAC address will be that of
the originator on the link.
• The Destination MAC address will
always be on the same link as the
source, even if the ultimate destination
is remote.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 135
Data Access
Devices on a Remote Network
• What happens when the actual
(ultimate) destination is not on the
same LAN and is remote?
• What happens when PC1 tries to
reach the Web Server?
• Does this impact the network and data
link layers?

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 136
Data Access
Role of the Network Layer Addresses
When the source and destination have
a different network portion, this means
they are on different networks.
• PC1 – 192.168.1
• Web Server – 172.16.1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 137
Data Access
Role of the Data Link Layer Addresses: Different IP Networks
When the final destination is remote, Layer
3 will provide Layer 2 with the local default
gateway IP address, also known as the
router address.
• The default gateway (DGW) is the router
interface IP address that is part of this
LAN and will be the “door” or “gateway” to
all other remote locations.

• All devices on the LAN must be told about

this address or their traffic will be confined
to the LAN only.
• Once Layer 2 on PC1 forwards to the
default gateway (Router), the router then
can start the routing process of getting the
information to actual destination.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 138
Data Access
Role of the Data Link Layer Addresses: Different IP Networks
(Cont.)
• The data link addressing is local
addressing so it will have a source and
destination for each link.
• The MAC addressing for the first
segment is :
• Source – AA-AA-AA-AA-AA-AA
(PC1) Sends the frame.
• Destination – 11-11-11-11-11-11 (R1-
Default Gateway MAC) Receives
the frame.
Note: While the L2 local addressing will
change from link to link or hop to hop, the
L3 addressing remains the same.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 139
Data Access
Data Link Addresses
• Since data link addressing is local addressing, it will have a source and destination for
each segment or hop of the journey to the destination.
• The MAC addressing for the first segment is:
• Source – (PC1 NIC) sends frame
• Destination – (First Router- DGW interface) receives frame

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 140
Data Access
Data Link Addresses (Cont.)
The MAC addressing for the second hop is:
• Source – (First Router- exit interface) sends frame
• Destination – (Second Router) receives frame

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 141
Data Access
Data Link Addresses (Cont.)
The MAC addressing for the last segment is:
• Source – (Second Router- exit interface) sends frame
• Destination – (Web Server NIC) receives frame

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 142
Data Access
Data Link Addresses (Cont.)
• Notice that the packet is not modified, but the frame is changed, therefore the L3 IP
addressing does not change from segment to segment like the L2 MAC addressing.
• The L3 addressing remains the same since it is global and the ultimate destination is still
the Web Server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 143
Chapter2:
Physical Layer
Module 2.1:
Physical Layer Characteristics
Physical Layer Characteristics
Physical Layer Standards

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Physical Layer Characteristics
Physical Components
Physical Layer Standards address three functional areas:
• Physical Components
• Encoding
• Signaling

The Physical Components are the hardware devices, media, and other
connectors that transmit the signals that represent the bits.
• Hardware components like NICs, interfaces and connectors, cable materials, and cable designs
are all specified in standards associated with the physical layer.

• Encoding converts the stream of

bits into a format recognizable by
the next device in the network
path.
• This ‘coding’ provides predictable
patterns that can be recognized by
the next device.
• Examples of encoding methods
include Manchester (shown in the
figure), 4B/5B, and 8B/10B.

• The signaling method is how the bit Light Pulses Over Fiber-Optic Cable
values, “1” and “0” are represented on
the physical medium.
• The method of signaling will vary based
on the type of medium being used.

Electrical Signals Over Copper Cable

Microwave Signals Over Wireless

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Physical Layer Characteristics
Bandwidth
• Bandwidth is the capacity at which a medium can carry data.
• Digital bandwidth measures the amount of data that can flow from one place to
another in a given amount of time; how many bits can be transmitted in a second.
• Physical media properties, current technologies, and the laws of physics play a role
in determining available bandwidth.

Unit of Bandwidth Abbreviation Equivalence

Bits per second bps 1 bps = fundamental unit of bandwidth

Kilobits per second Kbps 1 Kbps = 1,000 bps = 103 bps

Megabits per second Mbps 1 Mbps = 1,000,000 bps = 106 bps

Gigabits per second Gbps 1 Gbps – 1,000,000,000 bps = 109 bps

Terabits per second Tbps 1 Tbps = 1,000,000,000,000 bps = 1012 bps

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Physical Layer Characteristics
Bandwidth Terminology
Latency
• Amount of time, including delays, for data to travel from one given point to another
Throughput
• The measure of the transfer of bits across the media over a given period of time
Goodput
• The measure of usable data transferred over a given period of time
• Goodput = Throughput - traffic overhead

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Module 2.2: Copper Cabling
Copper Cabling
Characteristics of Copper Cabling
Copper cabling is the most common type of cabling used in networks today. It is
inexpensive, easy to install, and has low resistance to electrical current flow.
Limitations:
• Attenuation – the longer the electrical signals have to travel, the weaker they get.
• The electrical signal is susceptible to interference from two sources, which can distort and corrupt
the data signals (Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI) and
Crosstalk).
Mitigation:
• Strict adherence to cable length limits will mitigate attenuation.
• Some kinds of copper cable mitigate EMI and RFI by using metallic shielding and grounding.
• Some kinds of copper cable mitigate crosstalk by twisting opposing circuit pair wires together.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Copper Cabling
Unshielded Twisted Pair (UTP)
• UTP is the most common networking
media.
• Terminated with RJ-45 connectors
• Interconnects hosts with intermediary
network devices.

Key Characteristics of UTP

1. The outer jacket protects the copper
wires from physical damage.
2. Twisted pairs protect the signal from
interference.
3. Color-coded plastic insulation
electrically isolates the wires from
each other and identifies each pair.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Copper Cabling
Shielded Twisted Pair (STP) • Better noise protection than UTP
• More expensive than UTP
• Harder to install than UTP
• Terminated with RJ-45 connectors
• Interconnects hosts with intermediary
network devices

Key Characteristics of STP

1. The outer jacket protects the copper
wires from physical damage
2. Braided or foil shield provides
EMI/RFI protection
3. Foil shield for each pair of wires
provides EMI/RFI protection
4. Color-coded plastic insulation
electrically isolates the wires from
each other and identifies each pair
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Copper Cabling
Coaxial Cable
Consists of the following:
1. Outer cable jacket to prevent minor physical
damage
2. A woven copper braid, or metallic foil, acts as the
second wire in the circuit and as a shield for the
inner conductor.
3. A layer of flexible plastic insulation
4. A copper conductor is used to transmit the
electronic signals.

There are different types of connectors used with coax

cable.

Commonly used in the following situations:

• Wireless installations - attach antennas to wireless
devices
• Cable internet installations - customer premises
wiring
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Module 2.3: UTP Cabling
UTP Cabling
Properties of UTP Cabling

UTP has four pairs of color-coded copper wires

twisted together and encased in a flexible plastic
sheath. No shielding is used. UTP relies on the
following properties to limit crosstalk:
• Cancellation - Each wire in a pair of wires uses
opposite polarity. One wire is negative, the other
wire is positive. They are twisted together and the
magnetic fields effectively cancel each other and
outside EMI/RFI.
• Variation in twists per foot in each wire - Each wire
is twisted a different amount, which helps prevent
crosstalk amongst the wires in the cable.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
UTP Cabling
UTP Cabling Standards and Connectors
Standards for UTP are established by the TIA/EIA. TIA/EIA-
568 standardizes elements like:
• Cable Types
• Cable Lengths
• Connectors
• Cable Termination
• Testing Methods

Electrical standards for copper cabling are established by the

IEEE, which rates cable according to its performance.
Examples include:
• Category 3
• Category 5 and 5e
• Category 6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
UTP Cabling
UTP Cabling Standards and Connectors (Cont.)

RJ-45 Connector Poorly terminated UTP cable

Properly terminated UTP cable

RJ-45 Socket
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
UTP Cabling
Straight-through and Crossover UTP Cables

Cable Type Standard Application

Ethernet Straight-through Both ends T568A or T568B Host to Network Device

Ethernet Crossover * One end T568A, other end Host-to-Host, Switch-to-Switch,

T568B Router-to-Router
* Considered Legacy due to most NICs using Auto-MDIX to sense cable type and complete connection
Rollover Cisco Proprietary Host serial port to Router or Switch
Console Port, using an adapter
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Module 2.4: Fiber-Optic Cabling
Fiber-Optic Cabling
Properties of Fiber-Optic Cabling
• Not as common as UTP because of the expense involved
• Ideal for some networking scenarios
• Transmits data over longer distances at higher bandwidth than any other
networking media
• Less susceptible to attenuation, and completely immune to EMI/RFI
• Made of flexible, extremely thin strands of very pure glass
• Uses a laser or LED to encode bits as pulses of light
• The fiber-optic cable acts as a wave guide to transmit light between the two
ends with minimal signal loss

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Fiber-Optic Cabling
Types of Fiber Media
Single-Mode Fiber Multimode Fiber

• Larger core
• Very small core
• Uses less expensive LEDs
• Uses expensive lasers
• LEDs transmit at different angles
• Long-distance applications
• Up to 10 Gbps over 550 meters

Dispersion refers to the spreading out of a light pulse over time. Increased dispersion means
increased loss of signal strength. MMF has greater dispersion than SMF, with a the maximum cable
distance for MMF is 550 meters.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Fiber-Optic Cabling
Fiber-Optic Cabling Usage

Fiber-optic cabling is now being used in four types of industry:

1. Enterprise Networks - Used for backbone cabling applications and interconnecting

infrastructure devices
2. Fiber-to-the-Home (FTTH) - Used to provide always-on broadband services to
homes and small businesses
3. Long-Haul Networks - Used by service providers to connect countries and cities
4. Submarine Cable Networks - Used to provide reliable high-speed, high-capacity
solutions capable of surviving in harsh undersea environments at up to transoceanic
distances.

Our focus in this course is the use of fiber within the enterprise.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Fiber-Optic Cabling
Fiber-Optic Connectors

Lucent Connector (LC) Simplex Connectors

Straight-Tip (ST) Connectors

Subscriber Connector (SC) Connectors Duplex Multimode LC Connectors

SC-SC MM Patch Cord LC-LC SM Patch Cord ST-LC MM Patch Cord ST-SC SM Patch Cord

A yellow jacket is for single-mode fiber cables and orange (or aqua) for multimode fiber
cables.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Fiber-Optic Cabling
Fiber versus Copper
Optical fiber is primarily used as backbone cabling for high-traffic, point-to-point
connections between data distribution facilities and for the interconnection of buildings
in multi-building campuses.
Implementation Issues UTP Cabling Fiber-Optic Cabling

Bandwidth supported 10 Mb/s - 10 Gb/s 10 Mb/s - 100 Gb/s

Distance Relatively short (1 - 100 meters) Relatively long ( 1 - 100,000 meters)

Immunity to EMI and RFI Low High (Completely immune)

Immunity to electrical hazards Low High (Completely immune)

Media and connector costs Lowest Highest

Installation skills required Lowest Highest

Safety precautions Lowest Highest

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Module 2.5: Wireless Media
Wireless Media
Properties of Wireless Media
It carries electromagnetic signals representing binary digits using radio or
microwave frequencies. This provides the greatest mobility option. Wireless
connection numbers continue to increase.

Some of the limitations of wireless:

• Coverage area - Effective coverage can be significantly impacted by the physical
characteristics of the deployment location.
• Interference - Wireless is susceptible to interference and can be disrupted by many
common devices.
• Security - Wireless communication coverage requires no access to a physical strand
of media, so anyone can gain access to the transmission.
• Shared medium - WLANs operate in half-duplex, which means only one device can
send or receive at a time. Many users accessing the WLAN simultaneously results in
reduced bandwidth for each user.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Wireless Media
Types of Wireless Media
The IEEE and telecommunications industry standards for wireless data communications
cover both the data link and physical layers. In each of these standards, physical layer
specifications dictate:
• Data to radio signal encoding methods
• Frequency and power of transmission
• Signal reception and decoding requirements
• Antenna design and construction

Wireless Standards:
• Wi-Fi (IEEE 802.11) - Wireless LAN (WLAN) technology
• Bluetooth (IEEE 802.15) - Wireless Personal Area network (WPAN) standard
• WiMAX (IEEE 802.16) - Uses a point-to-multipoint topology to provide broadband wireless
access
• Zigbee (IEEE 802.15.4) - Low data-rate, low power-consumption communications, primarily
for Internet of Things (IoT) applications
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Wireless Media
Wireless LAN
In general, a Wireless LAN (WLAN) requires the following devices:
• Wireless Access Point (AP) - Concentrate wireless signals from users and
connect to the existing copper-based network infrastructure
• Wireless NIC Adapters - Provide wireless communications capability to
network hosts

There are a number of WLAN standards. When purchasing WLAN equipment,

ensure compatibility, and interoperability.

Network Administrators must develop and apply stringent security policies and
processes to protect WLANs from unauthorized access and damage.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Wireless Media
Packet Tracer – Connect a Wired and Wireless LAN
In this Packet Tracer, you will do the following:

• Connect to the Cloud

• Connect a Router
• Connect Remaining Devices
• Verify Connections
• Examine the Physical Topology

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Wireless Media
Lab – View Wired and Wireless NIC Information
In this lab, you will complete the following objectives:

• Identify and Work with PC NICs

• Identify and Use the System Tray Network Icons

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Chapter3:
Number Systems
Module 3.1: Binary Number System
Binary Number System
Binary and IPv4 Addresses
• Binary numbering system consists of 1s and 0s, called bits
• Decimal numbering system consists of digits 0 through 9
• Hosts, servers, and network equipment using binary addressing to identify each other.
• Each address is made up of a string of 32 bits, divided into four sections called octets.
• Each octet contains 8 bits (or 1 byte) separated by a dot.
• For ease of use by people, this dotted notation is converted to dotted decimal.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Binary Number System
Video – Convert Between Binary and Decimal Numbering
Systems

This video will cover the following:

• Positional notation review

• Powers of 10 review
• Decimal – base 10 numbering review
• Binary – base 2 numbering review
• Convert an P address in binary to decimal numbering

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Binary Number System
Binary Positional Notation
• Positional notation means that a digit represents different values depending on the
“position” the digit occupies in the sequence of numbers.
• The decimal positional notation system operates as shown in the tables below.

Thousands Hundreds Tens Ones

Radix 10 10 10 10
Positional Value 1000 100 10 1
Position in Number 3 2 1 0 Decimal Number (1234) 1 2 3 4

Calculate (103) (102) (101) (100) Calculate 1 x 1000 2 x 100 3 x 10 4x1

Position Value 1000 100 10 1 Add them up… 1000 + 200 + 30 +4

Result 1,234

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Binary Number System
Binary Positional Notation (Cont.)
The binary positional notation system operates as shown in the tables below.
Radix 2 2 2 2 2 2 2 2

Position in Number 7 6 5 4 3 2 1 0

Calculate (27) (26) (25) (24) (23) (22) (21) (20)

Position Value 128 64 32 16 8 4 2 1

Positional Value 128 64 32 16 8 4 2 1

Binary Number (11000000) 1 1 0 0 0 0 0 0

Calculate 1x128 1x64 0x32 0x16 0x8 0x4 0x2 0x1

Add Them Up… 128 + 64 +0 +0 +0 +0 +0 +0

Result 192

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Binary Number System
Convert Binary to Decimal
Convert 11000000.10101000.00001011.00001010 to decimal.
Positional Value 128 64 32 16 8 4 2 1

Binary Number (11000000) 1 1 0 0 0 0 0 0

Calculate 1x128 1x64 0x32 0x16 0x8 0x4 0x2 0x1

Add Them Up… 128 + 64 +0 +0 +0 +0 +0 +0 192

Binary Number (10101000) 1 0 1 0 1 0 0 0

Calculate 1x128 0x64 1x32 0x16 1x8 0x4 0x2 0x1

Add Them Up… 128 +0 + 32 +0 +8 +0 +0 +0

168
Binary Number (00001011) 0 0 0 0 1 0 1 1
192.168.11.10
Calculate 0x128 0x64 0x32 0x16 1x8 0x4 1x2 1x1

Add Them Up… 0 +0 +0 +0 +8 +0 +2 +1 11

Binary Number (00001010) 0 0 0 0 1 0 1 0

Calculate 0x128 0x64 0x32 0x16 1x8 0x4 1x2 0x1

Add Them Up… 0 +0 +0 +0 +8 +0 +2 +0 10

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Binary Number System
Decimal to Binary Conversion
The binary positional value table is useful in converting a dotted decimal IPv4 address to
binary.

• Start in the 128 position (the most

significant bit). Is the decimal number of
the octet (n) equal to or greater than
128?
• If no, record a binary 0 in the 128
positional value and move to the 64
positional value.
• If yes, record a binary 1 in the 128
positional value, subtract 128 from the
decimal number, and move to the 64
positional value.
• Repeat these steps through the 1
positional value.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Binary Number System
Decimal to Binary Conversion Example
• Convert decimal 168 to binary
Is 168 > 128?
- Yes, enter 1 in 128 position and subtract 128 (168-128=40)
Is 40 > 64?
- No, enter 0 in 64 position and move on
Is 40 > 32?
- Yes, enter 1 in 32 position and subtract 32 (40-32=8)
Is 8 > 16?
- No, enter 0 in 16 position and move on
Is 8 > 8?
- Equal. Enter 1 in 8 position and subtract 8 (8-8=0)
No values left. Enter 0 in remaining binary positions
128 64 32 16 8 4 2 1

1 0 1 0 1 0 0 0

Decimal 168 is written as 10101000 in binary

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Binary Number System
IPv4 Addresses
• Routers and computers only understand binary, while humans work in
decimal. It is important for you to gain a thorough understanding of these
two numbering systems and how they are used in networking.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Module 3.2:
Hexadecimal Number System
Hexadecimal Number System
Hexadecimal and IPv6 Addresses
• To understand IPv6 addresses,
you must be able to convert
hexadecimal to decimal and
vice versa.
• Hexadecimal is a base sixteen
numbering system, using the
digits 0 through 9 and letters A
to F.
• It is easier to express a value
as a single hexadecimal digit
than as four binary bit.
• Hexadecimal is used to
represent IPv6 addresses and
MAC addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Hexadecimal Number System
Hexadecimal and IPv6 Addresses (Cont.)
• IPv6 addresses are 128 bits in
length. Every 4 bits is
represented by a single
hexadecimal digit. That makes
the IPv6 address a total of 32
hexadecimal values.
• The figure shows the preferred
method of writing out an IPv6
address, with each X
representing four hexadecimal
values.
• Each four hexadecimal
character group is referred to
as a hextet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Hexadecimal Number System
Video – Converting Between Hexadecimal and Decimal
Numbering Systems

This video will cover the following:

• Characteristics of the Hexadecimal System

• Convert from Hexadecimal to Decimal
• Convert from Decimal to Hexadecimal

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Hexadecimal Number System
Decimal to Hexadecimal Conversions
Follow the steps listed to convert decimal numbers to hexadecimal values:
• Convert the decimal number to 8-bit binary strings.
• Divide the binary strings in groups of four starting from the rightmost position.
• Convert each four binary numbers into their equivalent hexadecimal digit.

For example, 168 converted into hex using the three-step process.
• 168 in binary is 10101000.
• 10101000 in two groups of four binary digits is 1010 and 1000.
• 1010 is hex A and 1000 is hex 8, so 168 is A8 in hexadecimal.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Hexadecimal Number System
Hexadecimal to Decimal Conversions
Follow the steps listed to convert hexadecimal numbers to decimal values:
• Convert the hexadecimal number to 4-bit binary strings.
• Create 8-bit binary grouping starting from the rightmost position.
• Convert each 8-bit binary grouping into their equivalent decimal digit.

For example, D2 converted into decimal using the three-step process:

• D2 in 4-bit binary strings is 1110 and 0010.
• 1110 and 0010 is 11100010 in an 8-bit grouping.
• 11100010 in binary is equivalent to 210 in decimal, so D2 is 210 is decimal

Data Link Layer

4.1 Purpose of the Data Link
Layer

Introduction to Networks v7.0

(ITN)
Purpose of the Data Link Layer
The Data Link Layer
• The Data Link layer is responsible for
communications between end-device
network interface cards.
• It allows upper layer protocols to access
the physical layer media and
encapsulates Layer 3 packets (IPv4
and IPv6) into Layer 2 Frames.
• It also performs error detection and
rejects corrupts frames.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Purpose of the Data Link Layer
IEEE 802 LAN/MAN Data Link Sublayers
IEEE 802 LAN/MAN standards are specific to
the type of network (Ethernet, WLAN, WPAN,
etc).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Purpose of the Data Link Layer
Providing Access to Media
Packets exchanged between nodes may experience numerous data
link layers and media transitions.

At each hop along the path, a router performs four basic Layer 2
functions:
• Accepts a frame from the network medium.
• De-encapsulates the frame to expose the encapsulated packet.
• Re-encapsulates the packet into a new frame.
• Forwards the new frame on the medium of the next network segment.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Purpose of the Data Link Layer
Data Link Layer Standards
Data link layer protocols are
defined by engineering
organizations:
• Institute for Electrical and
Electronic Engineers (IEEE).
• International Telecommunications
Union (ITU).
• International Organizations for
Standardization (ISO).
• American National Standards
Institute (ANSI).

The topology of a network is the arrangement and relationship of the network

devices and the interconnections between them.

There are two types of topologies used when describing networks:

• Physical topology – shows physical connections and how devices are
interconnected.
• Logical topology – identifies the virtual connections between devices
using device interfaces and IP addressing schemes.

There are three common physical WAN topologies:

• Point-to-point – the simplest and most common WAN topology. Consists of
a permanent link between two endpoints.
• Hub and spoke – similar to a star topology where a central site
interconnects branch sites through point-to-point links.
• Mesh – provides high availability but requires every end system to be
connected to every other end system.

• Physical point-to-point topologies directly connect two nodes.

• The nodes may not share the media with other hosts.
• Because all frames on the media can only travel to or from the two
nodes, Point-to-Point WAN protocols can be very simple.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Topologies
LAN Topologies
End devices on LANs are typically
interconnected using a star or extended
star topology. Star and extended star
topologies are easy to install, very scalable
and easy to troubleshoot.

Early Ethernet and Legacy Token Ring

technologies provide two additional
topologies:
• Bus – All end systems chained
together and terminated on each end.
• Ring – Each end system is connected
to its respective neighbors to form a
ring.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Topologies
Half and Full Duplex Communication

Half-duplex communication
• Only allows one device to send or receive at a time on a shared medium.
• Used on WLANs and legacy bus topologies with Ethernet hubs.

Full-duplex communication
• Allows both devices to simultaneously transmit and receive on a shared medium.
• Ethernet switches operate in full-duplex mode.

Contention-based access
All nodes operating in half-duplex, competing for use of the medium. Examples are:
• Carrier sense multiple access with collision detection (CSMA/CD) as used on legacy
bus-topology Ethernet.
• Carrier sense multiple access with collision avoidance (CSMA/CA) as used on
Wireless LANs.

Controlled access
• Deterministic access where each node has its own time on the medium.
• Used on legacy networks such as Token Ring and ARCNET.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Topologies
Contention-Based Access – CSMA/CD

CSMA/CD
• Used by legacy Ethernet LANs.
• Operates in half-duplex mode where only one device sends or receives at a time.
• Uses a collision detection process to govern when a device can send and what
happens if multiple devices send at the same time.

CSMA/CD collision detection process:

• Devices transmitting simultaneously will result in a signal collision on the shared
media.
• Devices detect the collision.
• Devices wait a random period of time and retransmit data.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Topologies
Contention-Based Access – CSMA/CA

CSMA/CA
• Used by IEEE 802.11 WLANs.
• Operates in half-duplex mode where only one device sends or receives at a time.
• Uses a collision avoidance process to govern when a device can send and what
happens if multiple devices send at the same time.

CSMA/CA collision avoidance process:

• When transmitting, devices also include the time duration needed for the
transmission.
• Other devices on the shared medium receive the time duration information and know
how long the medium will be unavailable.

Introduction to Networks v7.0

(ITN)
Data Link Frame
The Frame
Data is encapsulated by the data link layer with a header and a trailer to form a frame.
A data link frame has three parts:
• Header
• Data
• Trailer
The fields of the header and trailer vary according to data link layer protocol.

The amount of control information carried with in the frame varies according to access
control information and logical topology.

Field Description
Frame Start and Stop Identifies beginning and end of frame
Addressing Indicates source and destination nodes
Type Identifies encapsulated Layer 3 protocol
Control Identifies flow control services
Data Contains the frame payload
Error Detection Used for determine transmission errors

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Data Link Frame
Layer 2 Addresses
• Also referred to as a physical address.
• Contained in the frame header.
• Used only for local delivery of a frame on the link.
• Updated by each device that forwards the frame.

The logical topology and physical media determine the data link
protocol used:
• Ethernet
• 802.11 Wireless
• Point-to-Point (PPP)
• High-Level Data Link Control (HDLC)
• Frame-Relay

Each protocol performs media access control for specified logical

topologies.

Introduction to Networks v7.0

(ITN)
Ethernet MAC Addresses
MAC Address and Hexadecimal

• An Ethernet MAC address consists of a 48-bit binary value, expressed using 12

hexadecimal values.
• Given that 8 bits (one byte) is a common binary grouping, binary 00000000 to
11111111 can be represented in hexadecimal as the range 00 to FF,
• When using hexadecimal, leading zeroes are always displayed to complete the 8-bit
representation. For example the binary value 0000 1010 is represented in hexadecimal
as 0A.
• Hexadecimal numbers are often represented by the value preceded by 0x (e.g., 0x73)
to distinguish between decimal and hexadecimal values in documentation.
• Hexadecimal may also be represented by a subscript 16, or the hex number followed
by an H (e.g., 73H).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Ethernet MAC Addresses
Ethernet MAC Address
• In an Ethernet LAN, every network device is connected to the same, shared media. MAC
addressing provides a method for device identification at the data link layer of the OSI
model.
• An Ethernet MAC address is a 48-bit address expressed using 12 hexadecimal digits.
Because a byte equals 8 bits, we can also say that a MAC address is 6 bytes in length.
• All MAC addresses must be unique to the Ethernet device or Ethernet interface. To ensure
this, all vendors that sell Ethernet devices must register with the IEEE to obtain a unique 6
hexadecimal (i.e., 24-bit or 3-byte) code called the organizationally unique identifier (OUI).
• An Ethernet MAC address consists of a 6 hexadecimal vendor OUI code followed by a 6
hexadecimal vendor-assigned value.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Ethernet MAC Addresses
Frame Processing
• When a device is forwarding a message to an Ethernet
network, the Ethernet header include a Source MAC
address and a Destination MAC address.
• When a NIC receives an Ethernet frame, it examines the
destination MAC address to see if it matches the physical
MAC address that is stored in RAM. If there is no match, the
device discards the frame. If there is a match, it passes the
frame up the OSI layers, where the de-encapsulation
process takes place.
Note: Ethernet NICs will also accept frames if the destination MAC
address is a broadcast or a multicast group of which the host is a
member.
• Any device that is the source or destination of an Ethernet
frame, will have an Ethernet NIC and therefore, a MAC
address. This includes workstations, servers, printers,
mobile devices, and routers.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Ethernet MAC Addresses
Unicast MAC Address
In Ethernet, different MAC addresses are
used for Layer 2 unicast, broadcast, and
multicast communications.
• A unicast MAC address is the unique
address that is used when a frame is sent
from a single transmitting device to a
single destination device.
• The process that a source host uses to
determine the destination MAC address
associated with an IPv4 address is known
as Address Resolution Protocol (ARP).
The process that a source host uses to
determine the destination MAC address
associated with an IPv6 address is known
as Neighbor Discovery (ND).
Note: The source MAC address must always
be a unicast.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Ethernet MAC Addresses
Broadcast MAC Address
An Ethernet broadcast frame is received and
processed by every device on the Ethernet LAN.
The features of an Ethernet broadcast are as
follows:
• It has a destination MAC address of FF-FF-FF-
FF-FF-FF in hexadecimal (48 ones in binary).
• It is flooded out all Ethernet switch ports except
the incoming port. It is not forwarded by a
router.
• If the encapsulated data is an IPv4 broadcast
packet, this means the packet contains a
destination IPv4 address that has all ones (1s)
in the host portion. This numbering in the
address means that all hosts on that local
network (broadcast domain) will receive and
process the packet.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Ethernet MAC Addresses
Multicast MAC Address
An Ethernet multicast frame is received and processed by a group of
devices that belong to the same multicast group.
• There is a destination MAC address of 01-00-5E when the
encapsulated data is an IPv4 multicast packet and a
destination MAC address of 33-33 when the encapsulated
data is an IPv6 multicast packet.
• There are other reserved multicast destination MAC
addresses for when the encapsulated data is not IP, such as
Spanning Tree Protocol (STP).
• It is flooded out all Ethernet switch ports except the incoming
port, unless the switch is configured for multicast snooping. It
is not forwarded by a router, unless the router is configured to
route multicast packets.
• Because multicast addresses represent a group of addresses
(sometimes called a host group), they can only be used as the
destination of a packet. The source will always be a unicast
address.
• As with the unicast and broadcast addresses, the multicast IP
address requires a corresponding multicast MAC address.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Ethernet MAC Addresses
Lab – View Network Device MAC Addresses
In this lab, you will complete the following objectives:
• Part 1: Set Up the Topology and Initialize Devices
• Part 2: Configure Devices and Verify Connectivity
• Part 3: Display, Describe, and Analyze Ethernet MAC Addresses

Introduction to Networks v7.0

(ITN)
The MAC Address Table
Switch Fundamentals
• A Layer 2 Ethernet switch uses Layer 2 MAC addresses to make forwarding
decisions. It is completely unaware of the data (protocol) being carried in the data
portion of the frame, such as an IPv4 packet, an ARP message, or an IPv6 ND
packet. The switch makes its forwarding decisions based solely on the Layer 2
Ethernet MAC addresses.
• An Ethernet switch examines its MAC address table to make a forwarding decision for
each frame, unlike legacy Ethernet hubs that repeat bits out all ports except the
incoming port.
• When a switch is turned on, the MAC address table is empty

Note: The MAC address table is sometimes referred to as a content addressable memory
(CAM) table.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
The MAC Address Table
Switch Learning and Forwarding
Examine the Source MAC Address (Learn)
Every frame that enters a switch is checked for new information to learn. It does this by
examining the source MAC address of the frame and the port number where the frame
entered the switch. If the source MAC address does not exist, it is added to the table
along with the incoming port number. If the source MAC address does exist, the switch
updates the refresh timer for that entry. By default, most Ethernet switches keep an entry
in the table for 5 minutes.

Note: If the source MAC address does exist in the table but on a different port, the switch
treats this as a new entry. The entry is replaced using the same MAC address but with the
more current port number.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
The MAC Address Table
Switch Learning and Forwarding (Contd.)
Find the Destination MAC Address (Forward)
If the destination MAC address is a unicast address, the switch will look for a match
between the destination MAC address of the frame and an entry in its MAC address table.
If the destination MAC address is in the table, it will forward the frame out the specified
port. If the destination MAC address is not in the table, the switch will forward the frame
out all ports except the incoming port. This is called an unknown unicast.

Note: If the destination MAC address is a broadcast or a multicast, the frame is also
flooded out all ports except the incoming port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
The MAC Address Table
Filtering Frames
As a switch receives frames from different devices, it is able to populate its MAC address
table by examining the source MAC address of every frame. When the MAC address
table of the switch contains the destination MAC address, it is able to filter the frame and
forward out a single port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
The MAC Address Table
Video – MAC Address Tables on Connected Switches

This video will cover the following:

• How switches build MAC address tables
• How switches forward frames base on the content of their MAC
address tables

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
The MAC Address Table
Video – Sending the Frame to the Default Gateway

This video will cover the following:

• What a switch does when the destination AMC address is not listed
in the switch’s MAC address table.
• What a switch does when the source AMC address is not listed in
the switch’s MAC address table

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
The MAC Address Table
Lab – View the Switch MAC Address Table

In this lab, you will complete the following objectives:

• Part 1: Build and Configure the Network
• Part 2: Examine the Switch MAC Address Table

Introduction to Networks v7.0

(ITN)
Switch Speeds and Forwarding Methods
Frame Forwarding Methods on Cisco Switches
Switches use one of the following forwarding methods for switching data between network ports:
• Store-and-forward switching - This frame forwarding method receives the entire frame and
computes the CRC. If the CRC is valid, the switch looks up the destination address, which
determines the outgoing interface. Then the frame is forwarded out of the correct port.
• Cut-through switching - This frame forwarding method forwards the frame before it is entirely
received. At a minimum, the destination address of the frame must be read before the frame can
be forwarded.

• A big advantage of store-and-forward switching is that it determines if a frame has errors before
propagating the frame. When an error is detected in a frame, the switch discards the frame.
Discarding frames with errors reduces the amount of bandwidth consumed by corrupt data.
• Store-and-forward switching is required for quality of service (QoS) analysis on converged
networks where frame classification for traffic prioritization is necessary. For example, voice over
IP (VoIP) data streams need to have priority over web-browsing traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Switch Speeds and Forwarding Methods
Cut-Through Switching
In cut-through switching, the switch acts upon the data as soon as it is received, even if
the transmission is not complete. The switch buffers just enough of the frame to read the
destination MAC address so that it can determine to which port it should forward out the
data. The switch does not perform any error checking on the frame.
There are two variants of cut-through switching:
• Fast-forward switching - Offers the lowest level of latency by immediately forwarding a
packet after reading the destination address. Because fast-forward switching starts
forwarding before the entire packet has been received, there may be times when packets
are relayed with errors. The destination NIC discards the faulty packet upon receipt. Fast-
forward switching is the typical cut-through method of switching.
• Fragment-free switching - A compromise between the high latency and high integrity of
store-and-forward switching and the low latency and reduced integrity of fast-forward
switching, the switch stores and performs an error check on the first 64 bytes of the frame
before forwarding. Because most network errors and collisions occur during the first 64
bytes, this ensures that a collision has not occurred before forwarding the frame.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Switch Speeds and Forwarding Methods
Memory Buffering on Switches
An Ethernet switch may use a buffering technique to store frames before forwarding them or when the
destination port is busy because of congestion.
Method Description

•Frames are stored in queues that are linked to specific incoming and outgoing ports.
•A frame is transmitted to the outgoing port only when all the frames ahead in the queue
have been successfully transmitted.
Port-based memory
•It is possible for a single frame to delay the transmission of all the frames in memory
because of a busy destination port.
•This delay occurs even if the other frames could be transmitted to open destination ports.
•Deposits all frames into a common memory buffer shared by all switch ports and the
amount of buffer memory required by a port is dynamically allocated.
Shared memory •The frames in the buffer are dynamically linked to the destination port enabling a packet
to be received on one port and then transmitted on another port, without moving it to a
different queue.

• Shared memory buffering also results in larger frames that can be transmitted with fewer dropped
frames. This is important with asymmetric switching which allows for different data rates on different
ports. Therefore, more bandwidth can be dedicated to certain ports (e.g., server port).
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Switch Speeds and Forwarding Methods
Duplex and Speed Settings
Two of the most basic settings on a switch are the bandwidth (“speed”) and duplex
settings for each individual switch port. It is critical that the duplex and bandwidth settings
match between the switch port and the connected devices.

There are two types of duplex settings used for communications on an Ethernet network:
• Full-duplex - Both ends of the connection can send and receive simultaneously.
• Half-duplex - Only one end of the connection can send at a time.

Autonegotiation is an optional function found on most Ethernet switches and NICs. It

enables two devices to automatically negotiate the best speed and duplex capabilities.

Note: Gigabit Ethernet ports only operate in full-duplex.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Switch Speeds and Forwarding Methods
Duplex and Speed Settings
• Duplex mismatch is one of the most common causes of performance issues on
10/100 Mbps Ethernet links. It occurs when one port on the link operates at half-
duplex while the other port operates at full-duplex.
• This can occur when one or both ports on a link are reset, and the autonegotiation
process does not result in both link partners having the same configuration.
• It also can occur when users reconfigure one side of a link and forget to reconfigure
the other. Both sides of a link should have autonegotiation on, or both sides should
have it off. Best practice is to configure both Ethernet switch ports as full-duplex.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Switch Speeds and Forwarding Methods
Auto-MDIX
Connections between devices once required the use of either a crossover or straight-
through cable. The type of cable required depended on the type of interconnecting
devices.
Note: A direct connection between a router and a host requires a cross-over connection.

• Most switch devices now support the automatic medium-dependent interface

crossover (auto-MDIX) feature. When enabled, the switch automatically detects the
type of cable attached to the port and configures the interfaces accordingly.
• The auto-MDIX feature is enabled by default on switches running Cisco IOS Release
12.2(18)SE or later. However, the feature could be disabled. For this reason, you
should always use the correct cable type and not rely on the auto-MDIX feature.
• Auto-MDIX can be re-enabled using the mdix auto interface configuration command.

Communicating Between
Networks
5.1 Network Layer
Characteristics
Network Layer Characteristics
The Network Layer
• Provides services to allow end devices to exchange
data
• IP version 4 (IPv4) and IP version 6 (IPv6) are the
principle network layer communication protocols.
• The network layer performs four basic operations:
• Addressing end devices
• Encapsulation
• Routing
• De-encapsulation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Network Layer Characteristics
IP Encapsulation
• IP encapsulates the transport layer
segment.
• IP can use either an IPv4 or IPv6
packet and not impact the layer 4
segment.
• IP packet will be examined by all
layer 3 devices as it traverses the
network.
• The IP addressing does not change
from source to destination.
Note: NAT will change addressing,
but will be discussed in a later
module.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Network Layer Characteristics
Characteristics of IP
IP is meant to have low overhead and may be described as:
• Connectionless
• Best Effort
• Media Independent

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Network Layer Characteristics
Connectionless
IP is Connectionless
• IP does not establish a connection with the destination before sending the packet.

• There is no control information needed (synchronizations, acknowledgments, etc.).

• The destination will receive the packet when it arrives, but no pre-notifications are sent by IP.

• If there is a need for connection-oriented traffic, then another protocol will handle this
(typically TCP at the transport layer).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Network Layer Characteristics
Best Effort
IP is Best Effort
• IP will not guarantee delivery of the
packet.
• IP has reduced overhead since there
is no mechanism to resend data that
is not received.
• IP does not expect
acknowledgments.
• IP does not know if the other device
is operational or if it received the
packet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Network Layer Characteristics
Media Independent
IP is unreliable:
• It cannot manage or fix undelivered or
corrupt packets.
• IP cannot retransmit after an error.
• IP cannot realign out of sequence
packets.
• IP must rely on other protocols for these
functions.
IP is media Independent:
• IP does not concern itself with the type
of frame required at the data link layer
or the media type at the physical layer.
• IP can be sent over any media type:
copper, fiber, or wireless.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Network Layer Characteristics
Media Independent (Contd.)
The network layer will establish the
Maximum Transmission Unit (MTU).
• Network layer receives this from
control information sent by the data
link layer.
• The network then establishes the
MTU size.
Fragmentation is when Layer 3 splits the
IPv4 packet into smaller units.
• Fragmenting causes latency.
• IPv6 does not fragment packets.
• Example: Router goes from Ethernet
to a slow WAN with a smaller MTU
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
5.2 IPv4 Packet
IPv4 Packet
IPv4 Packet Header
IPv4 is the primary communication protocol for the network layer.
The network header has many purposes:
• It ensures the packet is sent in the correct direction (to the destination).
• It contains information for network layer processing in various fields.
• The information in the header is used by all layer 3 devices that handle the packet

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
IPv4 Packet
IPv4 Packet Header Fields
The IPv4 network header characteristics:
• It is in binary.
• Contains several fields of information
• Diagram is read from left to right, 4 bytes per
line
• The two most important fields are the source
and destination.

Protocols may have may have one or more

functions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
IPv4 Packet
IPv4 Packet Header Fields
Significant fields in the IPv4 header:

Function Description
Version This will be for v4, as opposed to v6, a 4 bit field= 0100

Differentiated Services Used for QoS: DiffServ – DS field or the older IntServ – ToS or Type of Service

Header Checksum Detect corruption in the IPv4 header

Time to Live (TTL) Layer 3 hop count. When it becomes zero the router will discard the packet.
Protocol I.D.s next level protocol: ICMP, TCP, UDP, etc.

Source IPv4 Address 32 bit source address

Destination IPV4 Address 32 bit destination address

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
IPv4 Packet
Video – Sample IPv4 Headers in Wireshark
This video will cover the following:
• IPv4 Ethernet packets in Wireshark

• The control information

• The difference between packets

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
5.2 IPv6 Packets
IPv6 Packets
Limitations of IPv4
IPv4 has three major limitations:
• IPv4 address depletion – We have basically run out of IPv4 addressing.
• Lack of end-to-end connectivity – To make IPv4 survive this long, private addressing and
NAT were created. This ended direct communications with public addressing.
• Increased network complexity – NAT was meant as temporary solution and creates
issues on the network as a side effect of manipulating the network headers addressing.
NAT causes latency and troubleshooting issues.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
IPv6 Packets
IPv6 Overview
• IPv6 was developed by Internet
Engineering Task Force (IETF).
• IPv6 overcomes the limitations of IPv4.

• Improvements that IPv6 provides:

• Increased address space – based on
128 bit address, not 32 bits
• Improved packet handling –
simplified header with fewer fields
• Eliminates the need for NAT – since
there is a huge amount of addressing,
there is no need to use private
addressing internally and be mapped to
a shared public address

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
IPv6 Packets
IPv4 Packet Header Fields in the IPv6 Packet Header
• The IPv6 header is simplified,
but not smaller.
• The header is fixed at 40 Bytes
or octets long.
• Several IPv4 fields were
removed to improve
performance.
• Some IPv4 fields were removed
to improve performance:
• Flag
• Fragment Offset
• Header Checksum
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
IPv6 Packets
IPv6 Packet Header
Significant fields in the IPv4 header:

Function Description
Version This will be for v6, as opposed to v4, a 4 bit field= 0110

Traffic Class Used for QoS: Equivalent to DiffServ – DS field

Flow Label Informs device to handle identical flow labels the same way, 20 bit field

Payload Length This 16-bit field indicates the length of the data portion or payload of the IPv6
packet
Next Header I.D.s next level protocol: ICMP, TCP, UDP, etc.

Hop Limit Replaces TTL field Layer 3 hop count

Source IPv4 Address 128 bit source address

Destination IPV4 Address 128 bit destination address
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
IPv6 Packets
IPv6 Packet Header (Cont.)
IPv6 packet may also contain extension headers (EH).
EH headers characteristics:
• provide optional network layer information

• are optional

• are placed between IPv6 header and the payload

• may be used for fragmentation, security, mobility support, etc.

Note: Unlike IPv4, routers do not fragment IPv6 packets.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
IPv6 Packets
Video – Sample IPv6 Headers in Wireshark
This video will cover the following:
• IPv6 Ethernet packets in Wireshark

• The control information

• The difference between packets

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
5.3 Introduction to Routing
How a Host Routes
Host Forwarding Decision
• Packets are always created at the source.

• Each host devices creates their own routing table.

• A host can send packets to the following:

• Itself – 127.0.0.1 (IPv4), ::1 (IPv6)
• Local Hosts – destination is on the same LAN
• Remote Hosts – devices are not on the same LAN

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
How a Host Routes
Host Forwarding Decision (Cont.)
• The Source device determines whether the destination is local or remote

• Method of determination:
• IPv4 – Source uses its own IP address and Subnet mask, along with the destination IP
address
• IPv6 – Source uses the network address and prefix advertised by the local router
• Local traffic is dumped out the host interface to be handled by an intermediary device.

• Remote traffic is forwarded directly to the default gateway on the LAN.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
How a Host Routes
Default Gateway
A router or layer 3 switch can be a default-gateway.
Features of a default gateway (DGW):
• It must have an IP address in the same range as the rest of the LAN.
• It can accept data from the LAN and is capable of forwarding traffic off of the LAN.
• It can route to other networks.
If a device has no default gateway or a bad default gateway, its traffic will not be
able to leave the LAN.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
How a Host Routes
A Host Routes to the Default Gateway
• The host will know the default
gateway (DGW) either statically or
through DHCP in IPv4.
• IPv6 sends the DGW through a
router solicitation (RS) or can be
configured manually.
• A DGW is static route which will be
a last resort route in the routing
table.
• All device on the LAN will need the
DGW of the router if they intend to
send traffic remotely.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
How a Host Routes
Host Routing Tables
• On Windows, route print
or netstat -r to display
the PC routing table
• Three sections
displayed by these two
commands:
• Interface List – all
potential interfaces and
MAC addressing
• IPv4 Routing Table
• IPv6 Routing Table

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Introduction to Routing
Router Packet Forwarding Decision
What happens when the router receives the frame from the host device?

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Introduction to Routing
IP Router Routing Table
There three types of routes in a router’s routing table:
• Directly Connected – These routes are automatically added by the router, provided the interface is
active and has addressing.
• Remote – These are the routes the router does not have a direct connection and may be learned:
• Manually – with a static route
• Dynamically – by using a routing protocol to have the routers share their information with each other
• Default Route – this forwards all traffic to a specific direction when there is not a match in the
routing table

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Introduction to Routing
Static Routing
Static Route Characteristics:
• Must be configured manually

• Must be adjusted manually by the

administrator when there is a change
in the topology
• Good for small non-redundant
networks
• Often used in conjunction with a
dynamic routing protocol for
configuring a default route

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Introduction to Routing
Dynamic Routing
Dynamic Routes Automatically:
• Discover remote networks

• Maintain up-to-date information

• Choose the best path to the

destination
• Find new best paths when there is a
topology change
Dynamic routing can also share static
default routes with the other routers.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Introduction to Routing
Video – IPv4 Router Routing Tables

This video will explain the information in the IPv4 router routing table.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Introduction to Routing
Introduction to an IPv4 Routing Table
The show ip route command shows the
following route sources:
• L - Directly connected local interface IP
address
• C – Directly connected network
• S – Static route was manually configured
by an administrator
• O – OSPF
• D – EIGRP
This command shows types of routes:
• Directly Connected – C and L
• Remote Routes – O, D, etc.
• Default Routes – S*

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
5.4 Introduction to ARP
ARP
ARP Overview
A device uses ARP to determine the
destination MAC address of a local
device when it knows its IPv4 address.

ARP provides two basic functions:

• Resolving IPv4 addresses to MAC
addresses
• Maintaining an ARP table of IPv4
to MAC address mappings

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
ARP
ARP Functions
To send a frame, a device will search its ARP table for a destination IPv4 address and a
corresponding MAC address.
• If the packet’s destination IPv4 address is on the same network, the device will
search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network, the device will search the
ARP table for the IPv4 address of the default gateway.
• If the device locates the IPv4 address, its corresponding MAC address is used as the
destination MAC address in the frame.
• If there is no ARP table entry is found, then the device sends an ARP request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
ARP
Video - ARP Request
This video will cover an ARP request for a MAC address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
ARP
Video – ARP Operation - ARP Reply
This video will cover an ARP reply in response to an ARP request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
ARP
Video - ARP Role in Remote Communications
This video will cover how an ARP request will provide a host the MAC address
of the default gateway.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
ARP
Removing Entries from an ARP Table
• Entries in the ARP table are not permanent and are removed when an ARP cache
timer expires after a specified period of time.
• The duration of the ARP cache timer differs depending on the operating system.
• ARP table entries can also be removed manually by the administrator.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
ARP
ARP Tables on Networking Devices
• The show ip arp command displays the ARP table on a Cisco router.
• The arp –a command displays the ARP table on a Windows 10 PC.

R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.1 - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0

C:\Users\PC> arp -a

Interface: 192.168.1.124 --- 0x10

Internet Address Physical Address Type
192.168.1.1 c8-d7-19-cc-a0-86 dynamic
192.168.1.101 08-3e-0c-f5-f7-77 dynamic

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
ARP
ARP Issues – ARP Broadcasting and ARP Spoofing
• ARP requests are received and processed by every device on the local network.
• Excessive ARP broadcasts can cause some reduction in performance.
• ARP replies can be spoofed by a threat actor to perform an ARP poisoning attack.
• Enterprise level switches include mitigation techniques to protect against ARP attacks.

In this Packet Tracer, you will complete the following objectives:

• Examine an ARP Request
• Examine a Switch MAC Address Table
• Examine the ARP Process in Remote Communications

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
5.5 MAC and IP
MAC and IP
Destination on Same Network
There are two primary addresses assigned to a device on an Ethernet LAN:
• Layer 2 physical address (the MAC address) – Used for NIC to NIC communications
on the same Ethernet network.
• Layer 3 logical address (the IP address) – Used to send the packet from the source
device to the destination device.
Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same
network. If a destination IP address is on the same network, the destination MAC address
will be that of the destination device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
MAC and IP
Destination on Remote Network
When the destination IP address is on a remote network, the destination MAC address is
that of the default gateway.
• ARP is used by IPv4 to associate the IPv4 address of a device with the MAC address
of the device NIC.
• ICMPv6 is used by IPv6 to associate the IPv6 address of a device with the MAC
address of the device NIC.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
MAC and IP
Packet Tracer – Identify MAC and IP Addresses

In this Packet Tracer, you will complete the following objectives:

• Gather PDU Information for Local Network Communication
• Gather PDU Information for Remote Network Communication

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
5.6 IPv6 Neighbor Discovery
IPv6 Neighbor Discovery
Video – IPv6 Neighbor Discovery
This video will explain the process of how IPv6 performs address resolution using
ICMPv6 neighbor solicitation and neighbor advertisement messages.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery Messages
IPv6 Neighbor Discovery (ND) protocol provides:
• Address resolution
• Router discovery
• Redirection services
• ICMPv6 Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages are used for device-to-device messaging such as address
resolution.
• ICMTPv6 Router Solicitation (RS) and Router Advertisement (RA) messages
are used for messaging between devices and routers for router discovery.
• ICMPv6 redirect messages are used by routers for better next-hop selection.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery – Address Resolution
• IPv6 devices use ND to resolve
the MAC address of a known
IPv6 address.
• ICMPv6 Neighbor Solicitation
messages are sent using
special Ethernet and IPv6
multicast addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
IPv6 Neighbor Discovery
Packet Tracer – IPv6 Neighbor Discovery
In this Packet Tracer, you will complete the following objectives:
• Part 1: IPv6 Neighbor Discovery Local Network
• Part 2: IPv6 Neighbor discovery Remote Network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
5.7 Configure Initial Router
Settings
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname

• Secure privileged EXEC Router(config)# enable secret password

mode. Router(config)# line console 0
Router(config-line)# password password
• Secure user EXEC mode. Router(config-line)# login

• Secure remote Telnet / SSH Router(config)# line vty 0 4

access. Router(config-line)# password password
Router(config-line)# login
• Encrypt all plaintext Router(config-line)# transport input {ssh | telnet}
passwords.
Router(config)# service password encryption
• Provide legal notification and
Router(config)# banner motd # message #
save the configuration. Router(config)# end
Router# copy running-config startup-config

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Configure Initial Router Settings
Packet Tracer – Configure Initial Router Settings
In this Packet Tracer, you will do the following:
• Verify the default router configuration.
• Configure and verify the initial router configuration.
• Save the running configuration file.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
5.8 Configure Interfaces
Configure Interfaces
Configure Router Interfaces
Configuring a router interface includes issuing the following commands:

Router(config)# interface type-and-number

Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

• It is a good practice to use the description command to add

information about the network connected to the interface.
• The no shutdown command activates the interface.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Configure Interfaces
Configure Router Interfaces Example
The commands to configure interface G0/0/0 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/0

R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Configure Interfaces
Configure Router Interfaces Example (Cont.)
The commands to configure interface G0/0/1 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/1

R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,
changed state to up

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Configure Interfaces
Verify Interface Configuration
To verify interface configuration use the show ip interface brief and
show ipv6 interface brief commands shown here:

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Configure Interfaces
Configure Verification Commands

The table summarizes show commands used to verify interface configuration .

Commands Description

show ip interface brief Displays all interfaces, their IP addresses, and their current
show ipv6 interface brief status.
show ip route Displays the contents of the IP routing tables stored in
show ipv6 route RAM.
show interfaces Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.

show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
Configure Interfaces
Configure Verification Commands (Cont.)
View status of all interfaces with the show ip interface brief and show ipv6 interface
brief commands, shown here:

R1# show ip interface brief

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
Configure Interfaces
Configure Verification Commands (Cont.)
Display the contents of the IP routing tables with the show ip route and show ipv6
route commands as shown here:
R1# show ip route
< output omitted>
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1
L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1
R1#

R1# show ipv6 route

<output omitted>
C 2001:DB8:ACAD:10::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:10::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:FEED:224::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:FEED:224::1/128 [0/0]
via GigabitEthernet0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show interfaces gig0/0/0
Display statistics for all GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
interfaces with the show Description: Link to LAN
interfaces command, as Internet address is 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
shown here: reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1180 packets input, 109486 bytes, 0 no buffer
Received 84 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles

R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ip interface g0/0/0
Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
show ip interface Address determined by setup command
command, as shown here: MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled

R1#
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ipv6 interface g0/0/0
Display IPv6 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the IPv6 is enabled, link-local address is
FE80::868A:8DFF:FE44:49B0
show ipv6 interface No Virtual link-local address(es):
command shown here: Description: Link to LAN
Global unicast address(es):
2001:DB8:ACAD:10::1, subnet is 2001:DB8:ACAD:10::/64
Joined group address(es):
FF02::1
FF02::1:FF00:1
FF02::1:FF44:49B0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds

R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
5.9 Configure the Default
Gateway
Configure the Default Gateway
Default Gateway on a Host
• The default gateway is used
when a host sends a packet to a
device on another network.
• The default gateway address is
generally the router interface
address attached to the local
network of the host.
• To reach PC3, PC1 addresses a
packet with the IPv4 address of
PC3, but forwards the packet to
its default gateway, the G0/0/0
interface of R1.
Note: The IP address of the host and the
router interface must be in the same network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
Configure the Default Gateway
Default Gateway on a Switch
MEDIA IS WORKING ON A
• A switch must have a
CORRECTED VERSION OF THE
default gateway address
GRAPHIC FROM 10.3.2.
configured to remotely
IT IS WRONG ON AR, AND ON THE
manage the switch from
GLOBAL BUG LIST
another network.
• To configure an IPv4
default gateway on a
switch, use the ip default-
gateway ip-address STOP
global configuration
command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Configure Initial Router Settings
Packet Tracer – Connect a Router to a LAN
In this Packet Tracer, you will do the following:
• Display the router information.
• Configure router interfaces.
• Verify the configuration.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
Configure Initial Router Settings
Packet Tracer – Troubleshoot Default Gateway Issues
In this Packet Tracer, you will do the following:
• Verify the network documentation and use tests to isolate problems.
• Determine an appropriate solution for a given problem.
• Implement the solution.
• Test to verify the problem is resolved.
• Document the solution.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
Chapter 6:
IPv4 Addressing
Trainees Materials

Introduction to Networks v7.0

(ITN)
6.1 IPv4 Address Structure

Introduction to Networks v7.0

(ITN)
IPv4 Address Structure
Network and Host Portions
• An IPv4 address is a 32-bit hierarchical address that is made up of a network portion
and a host portion.

• When determining the network portion versus the host portion, you must look at the
32-bit stream.
• A subnet mask is used to determine the network and host portions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
IPv4 Address Structure
The Subnet Mask
• To identify the network and host portions of an IPv4 address, the subnet mask is
compared to the IPv4 address bit for bit, from left to right.

• The actual process used to

identify the network and
host portions is called
ANDing.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
IPv4 Address Structure
The Prefix Length
• A prefix length is a less cumbersome method used to identify a subnet mask address.

Prefix
• The prefix length is the number Subnet Mask 32-bit Address
Length
of bits set to 1 in the subnet 255.0.0.0 11111111.00000000.00000000.00000000 /8
mask.
255.255.0.0 11111111.11111111.00000000.00000000 /16

255.255.255.0 11111111.11111111.11111111.00000000 /24

• It is written in “slash notation”
therefore, count the number of 255.255.255.128 11111111.11111111.11111111.10000000 /25

bits in the subnet mask and 255.255.255.192 11111111.11111111.11111111.11000000 /26

prepend it with a slash.
255.255.255.224 11111111.11111111.11111111.11100000 /27

255.255.255.240 11111111.11111111.11111111.11110000 /28

255.255.255.248 11111111.11111111.11111111.11111000 /29

255.255.255.252 11111111.11111111.11111111.11111100 /30

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
IPv4 Address Structure
Determining the Network: Logical AND
• A logical AND Boolean operation is used in determining the network address.
• Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other
combination results in a 0.
• 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0
• 1 = True and 0 = False

• To identify the network address, the

host IPv4 address is logically
ANDed, bit by bit, with the subnet
mask to identify the network
address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
IPv4 Address Structure
Video – Network, Host and Broadcast Addresses
This video will cover the following:
• Network address
• Broadcast Address
• First usable host
• Last usable host

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
IPv4 Address Structure
Network, Host, and Broadcast Addresses
• Within each network are three types of IP addresses:
• Network address
• Host addresses
• Broadcast address

Host
Network Portion Host Bits
Portion
Subnet mask 255 255 255 0
255.255.255.0 or /24 11111111 11111111 11111111 00000000
Network address 192 168 10 0
All 0s
192.168.10.0 or /24 11000000 10100000 00001010 00000000
First address 192 168 10 1
All 0s and a 1
192.168.10.1 or /24 11000000 10100000 00001010 00000001
Last address 192 168 10 254
All 1s and a 0
192.168.10.254 or /24 11000000 10100000 00001010 11111110
Broadcast address 192 168 10 255
All 1s
192.168.10.255 or /24 11000000 10100000 00001010 11111111

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
IPv4 Unicast, Broadcast, and Multicast
Unicast
• Unicast transmission is sending a packet to one destination IP address.

• For example, the PC at 172.16.4.1 sends a unicast packet to the printer at

172.16.4.253.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
IPv4 Unicast, Broadcast, and Multicast
Broadcast
• Broadcast transmission is sending a packet to all other destination IP addresses.

• For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
IPv4 Unicast, Broadcast, and Multicast
Multicast
• Multicast transmission is sending a packet to a multicast address group.

• For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group
address 224.10.10.5.

Introduction to Networks v7.0

(ITN)
Types of IPv4 Addresses
Public and Private IPv4 Addresses
• As defined in in RFC 1918, public IPv4 addresses are globally routed between
internet service provider (ISP) routers.

• Private addresses are common blocks of Network Address

RFC 1918 Private Address Range
addresses used by most organizations to and Prefix
assign IPv4 addresses to internal hosts. 10.0.0.0/8 10.0.0.0 - 10.255.255.255

172.16.0.0/12 172.16.0.0 - 172.31.255.255

• Private IPv4 addresses are not unique
and can be used internally within any 192.168.0.0/16 192.168.0.0 - 192.168.255.255

network.

• However, private addresses are not globally routable.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Types of IPv4 Addresses
Routing to the Internet
• Network Address Translation (NAT) translates private IPv4 addresses to public IPv4
addresses.

• NAT is typically enabled

on the edge router
connecting to the internet.

• It translates the internal

private address to a public
global IP address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Types of IPv4 Addresses
Special Use IPv4 Addresses
Loopback addresses
• 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254)
• Commonly identified as only 127.0.0.1
• Used on a host to test if TCP/IP is operational.

Link-Local addresses
• 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254)
• Commonly known as the Automatic Private IP Addressing (APIPA) addresses or self-
assigned addresses.
• Used by Windows DHCP clients to self-configure when no DHCP servers are
available.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Types of IPv4 Addresses
Legacy Classful Addressing
RFC 790 (1981) allocated IPv4 addresses
in classes
• Class A (0.0.0.0/8 to 127.0.0.0/8)
• Class B (128.0.0.0 /16 – 191.255.0.0 /16)
• Class C (192.0.0.0 /24 – 223.255.255.0 /24)
• Class D (224.0.0.0 to 239.0.0.0)
• Class E (240.0.0.0 – 255.0.0.0)

• Classful addressing wasted many IPv4

addresses.

Classful address allocation was replaced with

classless addressing which ignores the rules of
classes (A, B, C).
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Types of IPv4 Addresses
Assignment of IP Addresses
• The Internet Assigned Numbers Authority (IANA) manages and allocates blocks of
IPv4 and IPv6 addresses to five Regional Internet Registries (RIRs).

• RIRs are responsible for

allocating IP addresses to ISPs
who provide IPv4 address
blocks to smaller ISPs and
organizations.

Introduction to Networks v7.0

(ITN)
Subnet an IPv4 Network
Subnet on an Octet Boundary
• Networks are most easily subnetted at the octet boundary of /8, /16, and /24.

• Notice that using longer prefix lengths decreases the number of hosts per subnet.

Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of hosts

nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
/8 255.0.0.0 16,777,214
11111111.00000000.00000000.00000000
nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
/16 255.255.0.0 65,534
11111111.11111111.00000000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 254
11111111.11111111.11111111.00000000

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Subnet an IPv4 Network
Subnet on an Octet Boundary (Cont.)
• In the first table 10.0.0.0/8 is subnetted using /16 and in the second table, a /24 mask.
Subnet Address Host Range Subnet Address
Host Range
(256 Possible (65,534 possible hosts per Broadcast (65,536 Possible Broadcast
(254 possible hosts per subnet)
Subnets) subnet) Subnets)

10.0.0.0/16 10.0.0.1 - 10.0.255.254 10.0.255.255 10.0.0.0/24 10.0.0.1 - 10.0.0.254 10.0.0.255

10.0.1.0/24 10.0.1.1 - 10.0.1.254 10.0.1.255
10.1.0.0/16 10.1.0.1 - 10.1.255.254 10.1.255.255
10.0.2.0/24 10.0.2.1 - 10.0.2.254 10.0.2.255
10.2.0.0/16 10.2.0.1 - 10.2.255.254 10.2.255.255
… … …
10.3.0.0/16 10.3.0.1 - 10.3.255.254 10.3.255.255
10.0.255.0/24 10.0.255.1 - 10.0.255.254 10.0.255.255
10.4.0.0/16 10.4.0.1 - 10.4.255.254 10.4.255.255 10.1.0.0/24 10.1.0.1 - 10.1.0.254 10.1.0.255

10.5.0.0/16 10.5.0.1 - 10.5.255.254 10.5.255.255 10.1.1.0/24 10.1.1.1 - 10.1.1.254 10.1.1.255

10.1.2.0/24 10.1.2.1 - 10.1.2.254 10.1.2.255
10.6.0.0/16 10.6.0.1 - 10.6.255.254 10.6.255.255
… … …
10.7.0.0/16 10.7.0.1 - 10.7.255.254 10.7.255.255
10.100.0.0/24 10.100.0.1 - 10.100.0.254 10.100.0.255
... ... ...
... ... ...
10.255.0.0/16 10.255.0.1 - 10.255.255.254 10.255.255.255 10.255.255.0/24 10.255.255.1 - 10.2255.255.254 10.255.255.255
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Subnet an IPv4 Network
Subnet within an Octet Boundary
• Refer to the table to see six ways to subnet a /24 network.

Subnet Mask in Binary # of

Prefix Length Subnet Mask # of hosts
(n = network, h = host) subnets
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 2 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 4 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 8 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 16 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 32 6
11111111.11111111.11111111.11111000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 64 2
11111111.11111111.11111111.11111100

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Subnet an IPv4 Network
Packet Tracer – Subnet an IPv4 Network
In this Packet Tracer, you will do the following:

• Design an IPv4 Network Subnetting Scheme

• Configure the Devices
• Test and Troubleshoot the Network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Subnet a Slash 16 and a Slash 8 Prefix
Create Subnets with a Slash 16 prefix
Prefix Length Subnet Mask Network Address (n = network, h = host) # of subnets # of hosts
nnnnnnnn.nnnnnnnn.nhhhhhhh.hhhhhhhh
•
/17 255.255.128.0 2 32766
The table highlights all 11111111.11111111.10000000.00000000
nnnnnnnn.nnnnnnnn.nnhhhhhh.hhhhhhhh
the possible scenarios for /18 255.255.192.0
11111111.11111111.11000000.00000000
4 16382

subnetting a /16 prefix. /19 255.255.224.0

nnnnnnnn.nnnnnnnn.nnnhhhhh.hhhhhhhh
11111111.11111111.11100000.00000000
8 8190

nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
/20 255.255.240.0 16 4094
11111111.11111111.11110000.00000000
nnnnnnnn.nnnnnnnn.nnnnnhhh.hhhhhhhh
/21 255.255.248.0 32 2046
11111111.11111111.11111000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh
/22 255.255.252.0 64 1022
11111111.11111111.11111100.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnh.hhhhhhhh
/23 255.255.254.0 128 510
11111111.11111111.11111110.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 256 254
11111111.11111111.11111111.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 512 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 1024 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 2048 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 4096 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 8192 6
11111111.11111111.11111111.11111000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 16384 2
11111111.11111111.11111111.11111100
Subnet a Slash 16 and a Slash 8 Prefix
Create 100 Subnets with a Slash 16 prefix
Consider a large enterprise that requires at least 100
subnets and has chosen the private address
172.16.0.0/16 as its internal network address.

• The figure displays the number of subnets that can be

created when borrowing bits from the third octet and
the fourth octet.
• Notice there are now up to 14 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).

To satisfy the requirement of 100 subnets for the

enterprise, 7 bits (i.e., 27 = 128 subnets) would need to be
borrowed (for a total of 128 subnets).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Subnet a Slash 16 and a Slash 8 Prefix
Create 1000 Subnets with a Slash 8 prefix
Consider a small ISP that requires 1000 subnets for
its clients using network address 10.0.0.0/8 which
means there are 8 bits in the network portion and
24 host bits available to borrow toward subnetting.
• The figure displays the number of subnets that can be
created when borrowing bits from the second and third.
• Notice there are now up to 22 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).

To satisfy the requirement of 1000 subnets for the

enterprise, 10 bits (i.e., 210=1024 subnets) would
need to be borrowed (for a total of 128 subnets)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Subnet to Meet Requirements
Subnet Private versus Public IPv4 Address Space
Enterprise networks will have an:
• Intranet - A company’s internal network typically
using private IPv4 addresses.
• DMZ – A companies internet facing servers.
Devices in the DMZ use public IPv4 addresses.

• A company could use the 10.0.0.0/8 and subnet

on the /16 or /24 network boundary.

• The DMZ devices would have to be configured

with public IP addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Subnet to Meet Requirements
Minimize Unused Host IPv4 Addresses and Maximize Subnets

There are two considerations when planning subnets:

• The number of host addresses required for each network
• The number of individual subnets needed

Subnet Mask in Binary # of

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Subnet to Meet Requirements
Example: Efficient IPv4 Subnetting
• In this example, corporate headquarters has
been allocated a public network address of
172.16.0.0/22 (10 host bits) by its ISP
providing 1,022 host addresses.

• There are five sites and therefore five internet

connections which means the organization
requires 10 subnets with the largest subnet
requires 40 addresses.

• It allocated 10 subnets with a /26 (i.e.,

255.255.255.192) subnet mask.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Subnet to Meet Requirements
Packet Tracer – Subnetting Scenario
In this Packet Tracer, you will do the following:

• Design an IP Addressing Scheme

• Assign IP Addresses to Network Devices and Verify Connectivity

Introduction to Networks v7.0

(ITN)
VLSM
IPv4 Address Conservation
Given the topology, 7 subnets are required (i.e, four LANs and three WAN links) and the
largest number of host is in Building D with 28 hosts.

• A /27 mask would provide 8 subnets of 30 host IP addresses and therefore support
this topology.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
VLSM
IPv4 Address Conservation (Cont.)
However, the point-to-point WAN links only require two addresses
and therefore waste 28 addresses each for a total of 84 unused
addresses.

• Applying a traditional subnetting scheme to this scenario is not very efficient and is
wasteful.

• VLSM was developed to avoid wasting addresses by enabling us to subnet a subnet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
VLSM
VLSM
• The left side displays the traditional subnetting scheme
(i.e., the same subnet mask) while the right side
illustrates how VLSM can be used to subnet a subnet
and divided the last subnet into eight /30 subnets.

• When using VLSM, always begin by satisfying the host

requirements of the largest subnet and continue
subnetting until the host requirements of the smallest
subnet are satisfied.

• The resulting topology with VLSM applied.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
VLSM
VLSM Topology Address Assignment
• Using VLSM subnets, the LAN and inter-router networks can be addressed without
unnecessary waste as shown in the logical topology diagram.

Introduction to Networks v7.0

(ITN)
IPv6 Address Representation
IPv6 Addressing Formats
• IPv6 addresses are 128 bits in length and written in hexadecimal.
• IPv6 addresses are not case-sensitive and can be written in either lowercase or
uppercase.
• The preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x”
consisting of four hexadecimal values.
• In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or four
hexadecimal values.
• Examples of IPv6 addresses in the preferred format:
2001:0db8:0000:1111:0000:0000:0000:0200
2001:0db8:0000:00a3:abcd:0000:0000:1234

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
IPv6 Address Representation
Rule 1 – Omit Leading Zero
The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s
(zeros).
Examples:
• 01ab can be represented as 1ab
• 09f0 can be represented as 9f0
• 0a00 can be represented as a00
• 00ab can be represented as ab

Note: This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address
would be ambiguous.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
No leading zeros 2001 : db8 : 0 : 1111 : 0 : 0 : 0 : 200

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
IPv6 Address Representation
Rule 2 – Double Colon
A double colon (::) can replace any single, contiguous string of one or more
16-bit hextets consisting of all zeros.
Example:
• 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1

Note: The double colon (::) can only be used once within an address, otherwise there would be
more than one possible resulting address.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
Compressed 2001:db8:0:1111::200

Introduction to Networks v7.0

(ITN)
IPv6 Address Types
Unicast, Multicast, Anycast

There are three broad categories of IPv6 addresses:

• Unicast – Unicast uniquely identifies an interface on an IPv6-enabled device.
• Multicast – Multicast is used to send a single IPv6 packet to multiple destinations.
• Anycast – This is any IPv6 unicast address that can be assigned to multiple devices.
A packet sent to an anycast address is routed to the nearest device having that
address.

Note: Unlike IPv4, IPv6 does not have a broadcast address. However, there is an IPv6
all-nodes multicast address that essentially gives the same result.

Prefix length is represented in slash notation and is used to indicate the network portion of
an IPv6 address.
The IPv6 prefix length can range from 0 to 128. The recommended IPv6 prefix length for
LANs and most other types of networks is /64.

Note: It is strongly recommended to use a 64-bit Interface ID for most networks. This is because
stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes
subnetting easier to create and manage.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
IPv6 Address Types
Types of IPv6 Unicast Addresses

Unlike IPv4 devices that have only a single

address, IPv6 addresses typically have two
unicast addresses:

• Global Unicast Address (GUA) – This is

similar to a public IPv4 address. These are
globally unique, internet-routable addresses.
• Link-local Address (LLA) - Required for
every IPv6-enabled device and used to
communicate with other devices on the same
local link. LLAs are not routable and are
confined to a single link.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
IPv6 Address Types
A Note About the Unique Local Address
The IPv6 unique local addresses (range fc00::/7 to fdff::/7) have some
similarity to RFC 1918 private addresses for IPv4, but there are significant
differences:
• Unique local addresses are used for local addressing within a site or between a
limited number of sites.
• Unique local addresses can be used for devices that will never need to access
another network.
• Unique local addresses are not globally routed or translated to a global IPv6
address.

Note: Many sites use the private nature of RFC 1918 addresses to attempt to
secure or hide their network from potential security risks. This was never the
intended use of ULAs.

IPv6 global unicast addresses (GUAs) are globally unique and routable on the IPv6
internet.
• Currently, only GUAs with the first three bits of 001 or 2000::/3 are being assigned.

• Currently available GUAs begins with a decimal 2 or a 3 (This is only 1/8th of the total
available IPv6 address space).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
IPv6 Address Types
IPv6 GUA Structure
Global Routing Prefix:
• The global routing prefix is the prefix, or network, portion of the address that is
assigned by the provider, such as an ISP, to a customer or site. The global routing
prefix will vary depending on ISP policies.
Subnet ID:
• The Subnet ID field is the area between the Global Routing Prefix and the
Interface ID. The Subnet ID is used by an organization to identify subnets within
its site.
Interface ID:
• The IPv6 interface ID is equivalent to the host portion of an IPv4 address. It is
strongly recommended that in most cases /64 subnets should be used, which
creates a 64-bit interface ID.
Note: IPv6 allows the all-0s and all-1s host addresses can be assigned to a device. The all-0s address is
reserved as a Subnet-Router anycast address, and should be assigned only to routers.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
IPv6 Address Types
IPv6 LLA
An IPv6 link-local address (LLA) enables a device to communicate with other IPv6-
enabled devices on the same link and only on that link (subnet).
• Packets with a source or destination LLA cannot be routed.

• Every IPv6-enabled network interface must have an LLA.

• If an LLA is not configured manually on an interface, the device will automatically create one.

• IPv6 LLAs are in the fe80::/10 range.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
GUA and LLA Static Configuration
Static GUA Configuration on a Router

Most IPv6 configuration and verification commands in the Cisco IOS are similar to their
IPv4 counterparts. In many cases, the only difference is the use of ipv6 in place of ip
within the commands.
• The command to configure an IPv6 GUA on an interface is: ipv6 address ipv6-
address/prefix-length.
• The example shows commands to configure a GUA on the G0/0/0 interface on R1:

R1(config)# interface gigabitethernet 0/0/0

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
GUA and LLA Static Configuration
Static GUA Configuration on a Windows Host

• Manually configuring the IPv6

address on a host is similar to
configuring an IPv4 address.
• The GUA or LLA of the router
interface can be used as the
default gateway. Best practice is
to use the LLA.

Note: When DHCPv6 or SLAAC is used,

the LLA of the router will automatically be
specified as the default gateway address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
GUA and LLA Static Configuration
Static GUA Configuration of a Link-Local Unicast Address

Configuring the LLA manually lets you create an address that is recognizable and
easier to remember.
• LLAs can be configured manually using the ipv6 address ipv6-link-local-address
link-local command.
• The example shows commands to configure a LLA on the G0/0/0 interface on R1

R1(config)# interface gigabitethernet 0/0/0

R1(config-if)# ipv6 address fe80::1:1 link-local
R1(config-if)# no shutdown
R1(config-if)# exit

Note: The same LLA can be configured on each link as long as it is unique on that
link. Common practice is to create a different LLA on each interface of the router to
make it easy to identify the router and the specific interface.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Dynamic Addressing for IPv6 GUAs
RS and RA Messages
Devices obtain GUA addresses dynamically through Internet Control Message Protocol
version 6 (ICMPv6) messages.
• Router Solicitation (RS) messages are sent by host devices to discover IPv6 routers
• Router Advertisement (RA) messages are sent by routers to inform hosts on how to
obtain an IPv6 GUA and provide useful network information such as:
• Network prefix and prefix length
• Default gateway address
• DNS addresses and domain name
• The RA can provide three methods for configuring an IPv6 GUA :
• SLAAC
• SLAAC with stateless DHCPv6 server
• Stateful DHCPv6 (no SLAAC)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Dynamic Addressing for IPv6 GUAs
Method 1: SLAAC

• SLAAC allows a device to configure a GUA without the services of DHCPv6.

• Devices obtain the necessary information to configure a GUA from the ICMPv6 RA
messages of the local router.
• The prefix is provided by the RA and the device uses either the EUI-64 or random
generation method to create an interface ID.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Dynamic Addressing for IPv6 GUAs
Method 2: SLAAC and Stateless DHCP

An RA can instruct a device to use both SLAAC and stateless DHCPv6.

The RA message suggests devices use the following:
• SLAAC to create its own IPv6 GUA

• The router LLA, which is the RA source IPv6 address, as the default gateway
address
• A stateless DHCPv6 server to obtain other information such as a DNS server
address and a domain name

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Dynamic Addressing for IPv6 GUAs
Method 3: Stateful DHCPv6
An RA can instruct a device to use stateful DHCPv6 only.
Stateful DHCPv6 is similar to DHCP for IPv4. A device can automatically receive a GUA,
prefix length, and the addresses of DNS servers from a stateful DHCPv6 server.
The RA message suggests devices use the following:
• The router LLA, which is the RA source IPv6 address, for the default gateway
address.
• A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and
other necessary information.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Dynamic Addressing for IPv6 GUAs
EUI-64 Process vs. Randomly Generated

• When the RA message is either

SLAAC or SLAAC with stateless
DHCPv6, the client must
generate its own interface ID.
• The interface ID can be created
using the EUI-64 process or a
randomly generated 64-bit
number.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Dynamic Addressing for IPv6 GUAs
EUI-64 Process

The IEEE defined the Extended Unique Identifier (EUI) or modified EUI-64 process
which performs the following:
• A 16 bit value of fffe (in hexadecimal) is inserted into the middle of the 48-bit
Ethernet MAC address of the client.
• The 7th bit of the client MAC address is reversed from binary 0 to 1.
• Example:

48-bit MAC fc:99:47:75:ce:e0

EUI-64 Interface ID fe:99:47:ff:fe:75:ce:e0

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Dynamic Addressing for IPv6 GUAs
Randomly Generated Interface IDs
Depending upon the operating system, a device may use a randomly generated
interface ID instead of using the MAC address and the EUI-64 process.
Beginning with Windows Vista, Windows uses a randomly generated interface ID
instead of one created with EUI-64.
C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:50a5:8a35:a5bb:66e1
Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1
Default Gateway . . . . . . . . . : fe80::1
C:\>

Note: To ensure the uniqueness of any IPv6 unicast address, the client may use a
process known as Duplicate Address Detection (DAD). This is similar to an ARP
request for its own address. If there is no reply, then the address is unique.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs

• All IPv6 interfaces must have an IPv6 LLA.

• Like IPv6 GUAs, LLAs can be configured dynamically.
• The figure shows the LLA is dynamically created using the fe80::/10 prefix and the
interface ID using the EUI-64 process, or a randomly generated 64-bit number.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs on Windows
Operating systems, such as Windows, will typically use the same method for both a
SLAAC-created GUA and a dynamically assigned LLA.
EUI-64 Generated Interface ID:
C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:fc99:47ff:fe75:cee0
Link-local IPv6 Address . . . . . : fe80::fc99:47ff:fe75:cee0
Default Gateway . . . . . . . . . : fe80::1
C:\>

Random 64-bit Generated Interface ID:

C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:50a5:8a35:a5bb:66e1
Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1
Default Gateway . . . . . . . . . : fe80::1
C:\>
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
Dynamic Addressing for IPv6 LLAs
Dynamic LLAs on Cisco Routers

Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the
interface. By default, Cisco IOS routers use EUI-64 to generate the interface ID for all
LLAs on IPv6 interfaces.
Here is an example of a LLA dynamically configured on the G0/0/0 interface of R1:

R1# show interface gigabitEthernet 0/0/0

GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4221-2x1GE, address is 7079.b392.3640 (bia 7079.b392.3640)
(Output omitted)
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::7279:B3FF:FE92:3640
2001:DB8:ACAD:1::1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
Dynamic Addressing for IPv6 LLAs
Verify IPv6 Address Configuration
Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the
interface. By default, Cisco IOS routers use EUI-64 to generate the interface ID for all
LLAs on IPv6 interfaces.
Here is an example of a LLA dynamically configured on the G0/0/0 interface of R1:

R1# show interface gigabitEthernet 0/0/0

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
Module Practice and Quiz
Packet Tracer – Configure IPv6 Addressing

In this Packet Tracer, you will do the following:

 Configure IPv6 Addressing on the router

 Configure IPv6 Addressing on the servers

 Configure IPv6 Addressing on the clients

 Test and verify network connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
IPv6 Multicast Addresses
Assigned IPv6 Multicast Addresses

IPv6 multicast addresses have the prefix ff00::/8. There are two types of IPv6
multicast addresses:
• Well-Known multicast addresses
• Solicited node multicast addresses

Note: Multicast addresses can only be destination addresses and not source addresses .

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
IPv6 Multicast Addresses
Well-Known IPv6 Multicast Addresses

Well-known IPv6 multicast addresses are assigned and are reserved for predefined
groups of devices.
There are two common IPv6 Assigned multicast groups:
• ff02::1 All-nodes multicast group - This is a multicast group that all IPv6-enabled devices
join. A packet sent to this group is received and processed by all IPv6 interfaces on the link or
network.
• ff02::2 All-routers multicast group - This is a multicast group that all IPv6 routers join. A
router becomes a member of this group when it is enabled as an IPv6 router with the ipv6
unicast-routing global configuration command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
IPv6 Multicast Addresses
Solicited-Node IPv6 Multicast

• A solicited-node multicast address

is similar to the all-nodes multicast
address.
• A solicited-node multicast address
is mapped to a special Ethernet
multicast address.
• The Ethernet NIC can filter the
frame by examining the destination
MAC address without sending it to
the IPv6 process to see if the
device is the intended target of the
IPv6 packet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
Module Practice and Quiz
Lab – Identify IPv6 Addresses

In this lab, you complete the following objectives:

• Identify the Different Types of IPv6 Addresses

• Examine a Host IPv6 Network Interface and Address

• Practice IPv6 Address Abbreviation

Introduction to Networks v7.0

(ITN)
Subnet an IPv6 Network
Subnet Using the Subnet ID

IPv6 was designed with subnetting in mind.

• A separate subnet ID field in the IPv6 GUA is used to create subnets.
• The subnet ID field is the area between the Global Routing Prefix and the interface
ID.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
Subnet an IPv6 Network
IPv6 Subnetting Example

Given the 2001:db8:acad::/48 global

routing prefix with a 16 bit subnet ID.
• Allows 65,536 /64 subnets
• The global routing prefix is the
same for all subnets.
• Only the subnet ID hextet is incremented
in hexadecimal for each subnet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
Subnet an IPv6 Network
IPv6 Subnet Allocation

The example topology requires five subnets, one for each LAN as well as for the serial link
between R1 and R2.

The five IPv6 subnets were allocated, with the subnet ID field 0001 through 0005. Each /64
subnet will provide more addresses than will ever be needed.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
Subnet an IPv6 Network
Router Configured with IPv6 Subnets

The example shows that each of the router interfaces on R1 has been
configured to be on a different IPv6 subnet.

R1(config)# interface gigabitethernet 0/0/0

R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface serial 0/1/0
R1(config-if)# ipv6 address 2001:db8:acad:3::1/64
R1(config-if)# no shutdown

Introduction of Networks v7.0

(ITN)
ICMP Messages
ICMPv4 and ICMPv6 Messages
• Internet Control Message Protocol (ICMP) provides feedback about issues related to the
processing of IP packets under certain conditions.
• ICMPv4 is the messaging protocol for IPv4. ICMPv6 is the messaging protocol for IPv6 and
includes additional functionality.
• The ICMP messages common to both ICMPv4 and ICMPv6 include:
• Host reachability
• Destination or Service Unreachable
• Time exceeded

Note: ICMPv4 messages are not required and are often not allowed within a network for
security reasons.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
ICMP Messages
Host Reachability
ICMP Echo Message can be used to
test the reachability of a host on an IP
network.
In the example:
• The local host sends an ICMP Echo
Request to a host.
• If the host is available, the
destination host responds with an
Echo Reply.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
ICMP Messages
Destination or Service Unreachable
• An ICMP Destination Unreachable message can be used to notify the source that a
destination or service is unreachable.
• The ICMP message will include a code indicating why the packet could not be delivered.

A few Destination Unreachable A few Destination Unreachable codes for

codes for ICMPv4 are as follows: ICMPv6 are as follows:
• 0 - Net unreachable • 0 - No route to destination
• 1 - Host unreachable • 1 - Communication with the destination is
administratively prohibited (e.g., firewall)
• 2 - Protocol unreachable
• 2 – Beyond scope of the source address
• 3 - Port unreachable
• 3 - Address unreachable
• 4 - Port unreachable

Note: ICMPv6 has similar but slightly different codes for Destination Unreachable messages.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
ICMP Messages
Time Exceeded
• When the Time to Live (TTL) field in a packet is decremented to 0, an ICMPv4 Time
Exceeded message will be sent to the source host.
• ICMPv6 also sends a Time Exceeded message. Instead of the IPv4 TTL field, ICMPv6 uses
the IPv6 Hop Limit field to determine if the packet has expired.

Note: Time Exceeded messages are used by the traceroute tool.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
ICMP Messages
ICMPv6 Messages
ICMPv6 has new features and improved functionality not found in ICMPv4, including four new
protocols as part of the Neighbor Discovery Protocol (ND or NDP).

Messaging between an IPv6 router and an Messaging between IPv6 devices, including
IPv6 device, including dynamic address duplicate address detection and address
allocation are as follows: resolution are as follows:
• Router Solicitation (RS) message • Neighbor Solicitation (NS) message
• Router Advertisement (RA) message • Neighbor Advertisement (NA) message

Note: ICMPv6 ND also includes the redirect message, which has a similar function to the redirect
message used in ICMPv4.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
ICMP Messages
ICMPv6 Messages (Cont.)
• RA messages are sent by IPv6-enabled
routers every 200 seconds to provide
addressing information to IPv6-enabled
hosts.
• RA message can include addressing
information for the host such as the prefix,
prefix length, DNS address, and domain
name.

• A host using Stateless Address

Autoconfiguration (SLAAC) will set its
default gateway to the link-local address of
the router that sent the RA.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
ICMP Messages
ICMPv6 Messages (Cont.)
• An IPv6-enabled router will also send out
an RA message in response to an RS
message.
• In the figure, PC1 sends a RS message to
determine how to receive its IPv6 address
information dynamically.
• R1 replies to the RS with an RA message.
• PC1 sends an RS message, “Hi, I just booted up.
Is there an IPv6 router on the network? I need to
know how to get my IPv6 address information
dynamically.”
• R1 replies with an RA message. “Hi all IPv6-
enabled devices. I’m R1 and you can use SLAAC
to create an IPv6 global unicast address. The
prefix is 2001:db8:acad:1::/64. By the way, use my
link-local address fe80::1 as your default gateway."

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
ICMP Messages
ICMPv6 Messages (Cont.)
• A device assigned a global IPv6 unicast or
link-local unicast address, may perform
duplicate address detection (DAD) to
ensure that the IPv6 address is unique.
• To check the uniqueness of an address, the
device will send an NS message with its
own IPv6 address as the targeted IPv6
address.

• If another device on the network has this

address, it will respond with an NA
message notifying to the sending device Note: DAD is not required, but RFC 4861
that the address is in use. recommends that DAD is performed on
unicast addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
ICMP Messages
ICMPv6 Messages (Cont.)
• To determine the MAC address for the
destination, the device will send an NS
message to the solicited node address.
• The message will include the known
(targeted) IPv6 address. The device that
has the targeted IPv6 address will
respond with an NA message containing
its Ethernet MAC address.
• In the figure, R1 sends a NS message to
2001:db8:acad:1::10 asking for its MAC
address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
6.9 Ping and Traceroute Tests
Introduction of Networks v7.0
(ITN)
Ping and Traceroute Tests
Ping – Test Connectivity
• The ping command is an IPv4 and IPv6 testing
utility that uses ICMP echo request and echo
reply messages to test connectivity between
hosts and provides a summary that includes the
success rate and average round-trip time to the
destination.

• If a reply is not received within the timeout, ping

provides a message indicating that a response
was not received.

• It is common for the first ping to timeout if address

resolution (ARP or ND) needs to be performed
before sending the ICMP Echo Request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
Ping and Traceroute Tests
Ping the Loopback
Ping can be used to test the internal
configuration of IPv4 or IPv6 on the local
host. To do this, ping the local loopback
address of 127.0.0.1 for IPv4 (::1 for
IPv6).
• A response from 127.0.0.1 for IPv4, or
::1 for IPv6, indicates that IP is properly
installed on the host.
• An error message indicates that TCP/IP
is not operational on the host.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
Ping and Traceroute Tests
Ping the Default Gateway
The ping command can be used to test the
ability of a host to communicate on the local
network.

The default gateway address is most often used

because the router is normally always
operational.
• A successful ping to the default gateway
indicates that the host and the router
interface serving as the default gateway
are both operational on the local network.
• If the default gateway address does not
respond, a ping can be sent to the IP
address of another host on the local
network that is known to be operational.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 89
Ping and Traceroute Tests
Ping a Remote Host
Ping can also be used to test the ability of a
local host to communicate across an
internetwork.
A local host can ping a host on a remote
network. A successful ping across the
internetwork confirms communication on
the local network.

Note: Many network administrators limit or

prohibit the entry of ICMP messages therefore,
the lack of a ping response could be due to
security restrictions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
Ping and Traceroute Tests
Traceroute – Test the Path
• Traceroute (tracert) is a utility that is used
to test the path between two hosts and
provide a list of hops that were
successfully reached along that path.
• Traceroute provides round-trip time for
each hop along the path and indicates if a
hop fails to respond. An asterisk (*) is
used to indicate a lost or unreplied
packet. Note: Traceroute makes use of a function of the
• This information can be used to locate a TTL field in IPv4 and the Hop Limit field in IPv6
problematic router in the path or may in the Layer 3 headers, along with the ICMP
indicate that the router is configured not to Time Exceeded message.
reply.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
Ping and Traceroute Tests
Traceroute – Test the Path (Cont.)
• The first message sent from traceroute will
have a TTL field value of 1. This causes the
TTL to time out at the first router. This router
then responds with a ICMPv4 Time
Exceeded message.
• Traceroute then progressively increments
the TTL field (2, 3, 4...) for each sequence
of messages. This provides the trace with
the address of each hop as the packets time
out further down the path.
• The TTL field continues to be increased until
the destination is reached, or it is
incremented to a predefined maximum.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
Ping and Traceroute Tests
Packet Tracer – Verify IPv4 and IPv6 Addressing
In this Packet Tracer, you will do the following:
• Complete the Addressing Table Documentation

• Test Connectivity Using Ping

• Discover the Path by Tracing the Route

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
Ping and Traceroute Tests
Packet Tracer – Use Ping and Traceroute to Test Network
Connectivity
In this Packet Tracer, you will do the following:
• Test and Restore IPv4 Connectivity

• Test and Restore IPv6 Connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
Chapter7:
Network Application
Communications
Trainees Materials

Introduction to Networks v7.0

(ITN)
Module 7.1:
Transport Layer Protocol
Introduction to Networks v7.0
(ITN)
Transportation of Data
Role of the Transport Layer
The transport layer is:
• responsible for logical
communications between
applications running on
different hosts.
• The link between the
application layer and the lower
layers that are responsible for
network transmission.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Transportation of Data
Transport Layer Responsibilities
The transport layer has the following
responsibilities:
• Tracking individual conversations
• Segmenting data and reassembling
segments
• Adds header information
• Identify, separate, and manage
multiple conversations
• Uses segmentation and multiplexing
to enable different communication
conversations to be interleaved on
the same network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Transportation of Data
Transport Layer Protocols
• IP does not specify how the
delivery or transportation of the
packets takes place.
• Transport layer protocols
specify how to transfer
messages between hosts, and
are responsible for managing
reliability requirements of a
conversation.
• The transport layer includes the
TCP and UDP protocols.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Transportation of Data
Transmission Control Protocol
TCP provides reliability and flow
control. TCP basic operations:
• Number and track data segments
transmitted to a specific host from
a specific application
• Acknowledge received data
• Retransmit any unacknowledged
data after a certain amount of time
• Sequence data that might arrive in
wrong order
• Send data at an efficient rate that
is acceptable by the receiver

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Transportation of Data
User Datagram Protocol (UDP)

UDP provides the basic functions

for delivering datagrams between
the appropriate applications, with
very little overhead and data
checking.
• UDP is a connectionless
protocol.
• UDP is known as a best-effort
delivery protocol because
there is no acknowledgment
that the data is received at the
destination.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Transportation of Data
The Right Transport Layer Protocol for the Right Application
UDP is also used by request-and-
reply applications where the data is
minimal, and retransmission can be
done quickly.

If it is important that all the data

arrives and that it can be processed in
its proper sequence, TCP is used as
the transport protocol.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Module 7.2:
TCP & UDP Overview
Introduction to Networks v7.0
(ITN)
TCP Overview
TCP Features
§ Establishes a Session - TCP is a connection-oriented protocol that negotiates and
establishes a permanent connection (or session) between source and destination devices
prior to forwarding any traffic.
§ Ensures Reliable Delivery - For many reasons, it is possible for a segment to become
corrupted or lost completely, as it is transmitted over the network. TCP ensures that each
segment that is sent by the source arrives at the destination.
§ Provides Same-Order Delivery - Because networks may provide multiple routes that can
have different transmission rates, data can arrive in the wrong order.
§ Supports Flow Control - Network hosts have limited resources (i.e., memory and processing
power). When TCP is aware that these resources are overtaxed, it can request that the
sending application reduce the rate of data flow.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
TCP Overview
TCP Header
TCP is a stateful protocol which
means it keeps track of the state
of the communication session.

TCP records which information it

has sent, and which information
has been acknowledged.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
TCP Overview
TCP Header Fields
TCP Header Field Description
Source Port A 16-bit field used to identify the source application by port number.
Destination Port A 16-bit field used to identify the destination application by port number.
Sequence Number A 32-bit field used for data reassembly purposes.
A 32-bit field used to indicate that data has been received and the next byte expected from
Acknowledgment Number
the source.

Header Length A 4-bit field known as ʺdata offsetʺ that indicates the length of the TCP segment header.

Reserved A 6-bit field that is reserved for future use.

A 6-bit field used that includes bit codes, or flags, which indicate the purpose and function
Control bits
of the TCP segment.
Window size A 16-bit field used to indicate the number of bytes that can be accepted at one time.
Checksum A 16-bit field used for error checking of the segment header and data.
Urgent A 16-bit field used to indicate if the contained data is urgent.

TCP handles all tasks associated

with dividing the data stream into
segments, providing reliability,
controlling data flow, and reordering
segments.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
UDP Overview
UDP Features
UDP features include the following:
• Data is reconstructed in the order that it is received.
• Any segments that are lost are not resent.
• There is no session establishment.
• The sending is not informed about resource availability.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
UDP Overview
UDP Header
The UDP header is far simpler than the TCP header because it only has
four fields and requires 8 bytes (i.e. 64 bits).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
UDP Overview
UDP Header Fields
The table identifies and describes the four fields in a UDP header.

UDP Header Field Description

Source Port A 16-bit field used to identify the source application by port number.

Destination Port A 16-bit field used to identify the destination application by port number.

Length A 16-bit field that indicates the length of the UDP datagram header.

Checksum A 16-bit field used for error checking of the datagram header and data.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
UDP Overview
Applications that use UDP
§ Live video and multimedia applications - These
applications can tolerate some data loss but
require little or no delay. Examples include VoIP
and live streaming video.
§ Simple request and reply applications -
Applications with simple transactions where a
host sends a request and may or may not receive
a reply. Examples include DNS and DHCP.
§ Applications that handle reliability themselves -
Unidirectional communications where flow
control, error detection, acknowledgments, and
error recovery is not required, or can be handled
by the application. Examples include SNMP and
TFTP.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Module 7.3:
Port Numbers
Introduction to Networks v7.0
(ITN)
Port Numbers
Multiple Separate Communications
TCP and UDP transport layer protocols use port numbers to manage multiple, simultaneous
conversations.

The source port number is associated with the originating application on the local host
whereas the destination port number is associated with the destination application on the
remote host.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Port numbers
Socket Pairs
• The source and destination ports are
placed within the segment.
• The segments are then encapsulated
within an IP packet.
• The combination of the source IP
address and source port number, or the
destination IP address and destination
port number is known as a socket.
• Sockets enable multiple processes,
running on a client, to distinguish
themselves from each other, and multiple
connections to a server process to be
distinguished from each other.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Port Numbers
Port Number Groups
Port Group Number Range Description

•These port numbers are reserved for common or popular services and
Well-known applications such as web browsers, email clients, and remote access clients.
0 to 1,023
Ports •Defined well-known ports for common server applications enables clients to
easily identify the associated service required.
•These port numbers are assigned by IANA to a requesting entity to use
with specific processes or applications.
•These processes are primarily individual applications that a user has
Registered
1,024 to 49,151 chosen to install, rather than common applications that would receive a well
Ports
-known port number.
•For example, Cisco has registered port 1812 for its RADIUS server
authentication process.
•These ports are also known as ephemeral ports.
Private and/or •The client’s OS usually assign port numbers dynamically when a
Dynamic 49,152 to 65,535 connection to a service is initiated.
Ports •The dynamic port is then used to identify the client application during
communication.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Port Numbers
Port Number Groups (Cont.)
Well-Known Port Numbers
Port Number Protocol Application
20 TCP File Transfer Protocol (FTP) - Data
21 TCP File Transfer Protocol (FTP) - Control
22 TCP Secure Shell (SSH)
23 TCP Telnet
25 TCP Simple Mail Transfer Protocol (SMTP)
53 UDP, TCP Domain Name Service (DNS)
67 UDP Dynamic Host Configuration Protocol (DHCP) - Server
68 UDP Dynamic Host Configuration Protocol - Client
69 UDP Trivial File Transfer Protocol (TFTP)
80 TCP Hypertext Transfer Protocol (HTTP)
110 TCP Post Office Protocol version 3 (POP3)
143 TCP Internet Message Access Protocol (IMAP)
161 UDP Simple Network Management Protocol (SNMP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
443 TCP Hypertext Transfer Protocol Secure (HTTPS)
Port Numbers
The netstat Command
Unexplained TCP connections can pose a major security threat. Netstat is
an important tool to verify connections.

C:\> netstat
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.124:3126 192.168.0.2:netbios-ssn ESTABLISHED
TCP 192.168.1.124:3158 207.138.126.152:http ESTABLISHED
TCP 192.168.1.124:3159 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3160 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3161 sc.msn.com:http ESTABLISHED
TCP 192.168.1.124:3166 www.cisco.com:http ESTABLISHED

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Module 7.4:
TCP & UDP Communication
Introduction to Networks v7.0
(ITN)
TCP Communication Process
TCP Server Processes
Each application process running on a server is
configured to use a port number.
• An individual server cannot have two
services assigned to the same port number
within the same transport layer services.
• An active server application assigned to a
specific port is considered open, which
means that the transport layer accepts, and
processes segments addressed to that port.
• Any incoming client request addressed to
the correct socket is accepted, and the data
is passed to the server application.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
TCP Communication Process
TCP Connection Establishment
Step 1: The initiating client requests a client-
to-server communication session with the
server.

Step 2: The server acknowledges the client-

to-server communication session and
requests a server-to-client communication
session.

Step 3: The initiating client acknowledges the

server-to-client communication session.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
TCP Communication Process
Session Termination

Step 1: When the client has no more data to

send in the stream, it sends a segment with
the FIN flag set.
Step 2: The server sends an ACK to
acknowledge the receipt of the FIN to
terminate the session from client to server.
Step 3: The server sends a FIN to the client
to terminate the server-to-client session.
Step 4: The client responds with an ACK to
acknowledge the FIN from the server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
TCP Communication Process
TCP Three-Way Handshake Analysis
Functions of the Three-Way Handshake:
• It establishes that the destination device is present on the network.
• It verifies that the destination device has an active service and is accepting requests on the destination
port number that the initiating client intends to use.
• It informs the destination device that the source client intends to establish a communication session on
that port number.
After the communication is completed the sessions are closed, and the connection is terminated. The
connection and session mechanisms enable TCP reliability function.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
TCP Communication Process
TCP Three-Way Handshake Analysis (Cont.)
The six control bit flags are as follows:
• URG - Urgent pointer field significant
• ACK - Acknowledgment flag used in
connection establishment and session
termination
• PSH - Push function
• RST - Reset the connection when an
error or timeout occurs
• SYN - Synchronize sequence
numbers used in connection
establishment
• FIN - No more data from sender and
used in session termination

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
TCP Communication Process
Video TCP 3-Way Handshake
The video covers the following:
• TCP 3-Way Handshake
• Termination of a TCP conversation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
UDP Communication
UDP Low Overhead versus Reliability
UDP does not establish a connection. UDP provides low overhead data transport because
it has a small datagram header and no network management traffic.

• UDP does not track

sequence numbers the way
TCP does.
• UDP has no way to reorder
the datagrams into their
transmission order.
• UDP simply reassembles the
data in the order that it was
received and forwards it to
the application.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
UDP Communication
UDP Server Processes and Requests

UDP-based server applications

are assigned well-known or
registered port numbers.

UDP receives a datagram

destined for one of these ports, it
forwards the application data to
the appropriate application based
on its port number.

• The UDP client process

dynamically selects a port number
from the range of port numbers
and uses this as the source port for
the conversation.
• The destination port is usually the
well-known or registered port
number assigned to the server
process.
• After a client has selected the
source and destination ports, the
same pair of ports are used in the
header of all datagrams in the
transaction.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Module 7.5:
Application, Presentation, and
Session Layer

Introduction to Networks v7.0

(ITN)
Application, Presentation, and Session
Application Layer
• The upper three layers of the OSI model
(application, presentation, and session)
define functions of the TCP/IP application
layer.

• The application layer provides the

interface between the applications used
to communicate, and the underlying
network over which messages are
transmitted.

• Some of the most widely known

application layer protocols include HTTP,
FTP, TFTP, IMAP and DNS.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Application, Presentation, and Session
Presentation and Session Layer
The presentation layer has three primary functions:
• Formatting, or presenting, data at the source
device into a compatible format for receipt by
the destination device
• Compressing data in a way that can be
decompressed by the destination device
• Encrypting data for transmission and
decrypting data upon receipt
The session layer functions:
• It creates and maintains dialogs between
source and destination applications.
• It handles the exchange of information to
initiate dialogs, keep them active, and to
restart sessions that are disrupted or idle for
a long period of time.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Application, Presentation, and Session
TCP/IP Application Layer Protocols
• The TCP/IP application protocols specify the format and control information necessary for many
common internet communication functions.
• Application layer protocols are used by both the source and destination devices during a
communication session.
• For the communications to be successful, the application layer protocols that are implemented
on the source and destination host must be compatible.

Name System Host Config Web

DNS - Domain Name System DHCP - Dynamic Host HTTP - Hypertext Transfer
(or Service) Configuration Protocol Protocol
• TCP, UDP client 53 • UDP client 68, server 67 • TCP 80, 8080
• Translates domain names, • Dynamically assigns IP • A set of rules for exchanging
such as cisco.com, into IP addresses to be re-used text, graphic images, sound,
addresses. when no longer needed video, and other multimedia
files on the World Wide Web
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Peer-to-Peer
Client-Server Model
• Client and server processes are considered to be in the application layer.

• In the client/server model, the device requesting the information is called a client and the
device responding to the request is called a server.

• Application layer protocols describe the format of the requests and responses between
clients and servers.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Peer-to-Peer
Peer-to-Peer Networks
• In a peer-to-peer (P2P) network, two or more computers are connected via a network and can
share resources (such as printers and files) without having a dedicated server.
• Every connected end device (known as a peer) can function as both a server and a client.
• One computer might assume the role of server for one transaction while simultaneously
serving as a client for another. The roles of client and server are set on a per request basis.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Peer-to-Peer
Peer-to-Peer Applications
• A P2P application allows a device to act as both a client and a server within the same
communication.

• Some P2P applications use a hybrid system where each peer accesses an index server to get
the location of a resource stored on another peer.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Peer-to-Peer
Common P2P Applications
With P2P applications, each computer in
the network that is running the application
can act as a client or a server for the other
computers in the network that are also
running the application.
Common P2P networks include the
following:
• BitTorrent
• Direct Connect
• eDonkey
• Freenet

Introduction to Networks v7.0

(ITN)
Web and Email Protocols
Hypertext Transfer Protocol and Hypertext Markup Language
When a web address or Uniform Resource Locator (URL) is typed into a web browser, the web
browser establishes a connection to the web service. The web service is running on the server
that is using the HTTP protocol.

To better understand how the web browser and web server interact, examine how a web page
is opened in a browser.

Step 1
The browser interprets the three parts
of the URL:
• http (the protocol or scheme)
• www.cisco.com (the server name)
• index.html (the specific filename
requested)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Web and Email Protocols
Hypertext Transfer Protocol and Hypertext Markup Language (Cont.)
Step 2 Step 3
The browser then checks with a name In response to the request, the server sends
server to convert www.cisco.com into the HTML code for this web page to the
a numeric IP address, which it uses to browser.
connect to the server.

The client initiates an HTTP request

to a server by sending a GET request
to the server and asks for the
index.html file.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Web and Email Protocols
Hypertext Transfer Protocol and Hypertext Markup Language (Cont.)
Step 4
The browser deciphers the HTML code and formats the page for the browser window.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Web and Email Protocols
HTTP and HTTPS
HTTP is a request/response protocol
that specifies the message types used
for that communication.
The three common message types are
GET, POST, and PUT:
• GET - This is a client request for
data. A client (web browser) sends
the GET message to the web
server to request HTML pages.
• POST - This uploads data files to
the web server, such as form data.
• PUT - This uploads resources or Note: HTTP is not a secure protocol.
content to the web server, such as For secure communications sent across
the internet, HTTPS should be used.
an image.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Web and Email Protocols
Email Protocols
Email is a store-and-forward method of
sending, storing, and retrieving electronic
messages across a network. Email
messages are stored in databases on mail
servers. Email clients communicate with
mail servers to send and receive email.
The email protocols used for operation are:
• Simple Mail Transfer Protocol (SMTP)
– used to send mail.
• Post Office Protocol (POP) & IMAP –
used for clients to receive mail.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Web and Email Protocols
SMTP, POP and IMAP
• When a client sends email, the client
SMTP process connects with a server
SMTP process on well-known port 25.

• After the connection is made, the client

attempts to send the email to the server
across the connection.

• When the server receives the message, it

either places the message in a local
account, if the recipient is local, or
forwards the message to another mail
server for delivery.

• The destination email server may not be Note: SMTP message formats require a message
header (recipient email address & sender email
online or may be busy. If so, SMTP spools
address) and a message body.
messages to be sent at a later time.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Web and Email Protocols
SMTP, POP and IMAP (Cont.)
POP is used by an application to retrieve mail from a mail server. When mail is
downloaded from the server to the client using POP the messages are then deleted on
the server.
• The server starts the POP service by
passively listening on TCP port 110 for
client connection requests.
• When a client wants to make use of the
service, it sends a request to establish
a TCP connection with the server.
• When the connection is established, the
POP server sends a greeting.
• The client and POP server then
exchange commands and responses Note: Since POP does not store messages, it is not
until the connection is closed or aborted. recommended for small businesses that need a centralized
backup solution.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Web and Email Protocols
SMTP, POP and IMAP (Cont.)
IMAP is another protocol that
describes a method to retrieve email
messages.
• Unlike POP, when a user connects to
an IMAP server, copies of the
messages are downloaded to the
client application. The original
messages are kept on the server
until manually deleted.
• When a user decides to delete a
message, the server synchronizes
that action and deletes the message
from the server.

Introduction to Networks v7.0

(ITN)
File Sharing Services
File Transfer Protocol
FTP was developed to allow for data transfers between a client and a server. An FTP client is
an application which runs on a computer that is being used to push and pull data from an FTP
server.
Step 1 - The client establishes the first connection
to the server for control traffic using TCP port 21.
The traffic consists of client commands and server
replies.
Step 2 - The client establishes the second
connection to the server for the actual data transfer
using TCP port 20. This connection is created
every time there is data to be transferred.
Step 3 - The data transfer can happen in either
direction. The client can download (pull) data from
the server, or the client can upload (push) data to
the server.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
File Sharing Services
Server Message Block
The Server Message Block (SMB) is a
client/server, request-response file sharing
protocol. Servers can make their own resources
available to clients on the network.
Three functions of SMB messages:
• Start, authenticate, and terminate sessions
• Control file and printer access
• Allow an application to send or receive
messages to or from another device
Unlike the file sharing supported by FTP, clients
establish a long-term connection to servers. After
the connection is established, the user of the
client can access the resources on the server as
though the resource is local to the client host.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Chapter8:
Building and Securing a
Small Network
Trainees Materials

Introduction to Networks v7.0

(ITN)
Module 8.1:
Security Threats and
Vulnerabilities
Introduction to Networks v7.0
(ITN)
Security Threats and Vulnerabilities
Types of Threats
Attacks on a network can be devastating and can result in a loss of time and money due
to damage, or theft of important information or assets. Intruders can gain access to a
network through software vulnerabilities, hardware attacks, or through guessing
someone's username and password. Intruders who gain access by modifying software or
exploiting software vulnerabilities are called threat actors.

After the threat actor gains access to the network, four types of threats may arise:
• Information Theft
• Data Loss and manipulation
• Identity Theft
• Disruption of Service

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Security Threats and Vulnerabilities
Types of Vulnerabilities
Vulnerability is the degree of weakness in a network or a device. Some degree of vulnerability
is inherent in routers, switches, desktops, servers, and even security devices. Typically, the
network devices under attack are the endpoints, such as servers and desktop computers.
There are three primary vulnerabilities or weaknesses:
• Technological Vulnerabilities might include TCP/IP Protocol weaknesses, Operating
System Weaknesses, and Network Equipment weaknesses.
• Configuration Vulnerabilities might include unsecured user accounts, system accounts
with easily guessed passwords, misconfigured internet services, unsecure default
settings, and misconfigured network equipment.
• Security Policy Vulnerabilities might include lack of a written security policy, politics, lack
of authentication continuity, logical access controls not applied, software and hardware
installation and changes not following policy, and a nonexistent disaster recovery plan.
All three of these sources of vulnerabilities can leave a network or device open to various
attacks, including malicious code attacks and network attacks.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Security Threats and Vulnerabilities
Physical Security
If network resources can be physically compromised, a threat actor can deny the use of
network resources. The four classes of physical threats are as follows:
• Hardware threats - This includes physical damage to servers, routers, switches,
cabling plant, and workstations.
• Environmental threats - This includes temperature extremes (too hot or too cold) or
humidity extremes (too wet or too dry).
• Electrical threats - This includes voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss.
• Maintenance threats - This includes poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

A good plan for physical security must be created and implemented to address these
issues.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Module 8.2:
Network Attacks and Mitigations
Introduction to Networks v7.0
(ITN)
Network Attacks
Types of Malware
Malware is short for malicious software. It is code or software specifically designed to
damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. The
following are types of malware:
• Viruses - A computer virus is a type of malware that propagates by inserting a copy of
itself into, and becoming part of, another program. It spreads from one computer to
another, leaving infections as it travels.
• Worms - Computer worms are similar to viruses in that they replicate functional copies
of themselves and can cause the same type of damage. In contrast to viruses, which
require the spreading of an infected host file, worms are standalone software and do
not require a host program or human help to propagate.
• Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses
and worms, Trojan horses do not reproduce by infecting other files. They self-replicate.
Trojan horses must spread through user interaction such as opening an email
attachment or downloading and running a file from the internet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Network Attacks
Reconnaissance Attacks
In addition to malicious code attacks, it is also possible for networks to fall prey to various
network attacks. Network attacks can be classified into three major categories:
• Reconnaissance attacks - The discovery and mapping of systems, services, or vulnerabilities.
• Access attacks - The unauthorized manipulation of data, system access, or user privileges.
• Denial of service - The disabling or corruption of networks, systems, or services.

For reconnaissance attacks, external threat actors can use internet tools, such as
the nslookup and whois utilities, to easily determine the IP address space assigned to a
given corporation or entity. After the IP address space is determined, a threat actor can
then ping the publicly available IP addresses to identify the addresses that are active.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Network Attacks
Access Attacks
Access attacks exploit known vulnerabilities in authentication services, FTP services, and
web services to gain entry to web accounts, confidential databases, and other sensitive
information.

Access attacks can be classified into four types:

• Password attacks - Implemented using brute force, trojan horse, and packet sniffers
• Trust exploitation - A threat actor uses unauthorized privileges to gain access to a
system, possibly compromising the target.
• Port redirection: - A threat actor uses a compromised system as a base for attacks
against other targets. For example, a threat actor using SSH (port 22) to connect to a
compromised host A. Host A is trusted by host B and, therefore, the threat actor can
use Telnet (port 23) to access it.
• Man-in-the middle - The threat actor is positioned in between two legitimate entities
in order to read or modify the data that passes between the two parties.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Network Attacks
Denial of Service Attacks
Denial of service (DoS) attacks are the most publicized form of attack and among the
most difficult to eliminate. However, because of their ease of implementation and
potentially significant damage, DoS attacks deserve special attention from security
administrators.
• DoS attacks take many forms. Ultimately, they prevent authorized people from using a
service by consuming system resources. To help prevent DoS attacks it is important
to stay up to date with the latest security updates for operating systems and
applications.
• DoS attacks are a major risk because they interrupt communication and cause
significant loss of time and money. These attacks are relatively simple to conduct,
even by an unskilled threat actor.
• A DDoS is similar to a DoS attack, but it originates from multiple, coordinated sources.
For example, a threat actor builds a network of infected hosts, known as zombies. A
network of zombies is called a botnet. The threat actor uses a command and control
(CnC) program to instruct the botnet of zombies to carry out a DDoS attack.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Network Attacks
Lab – Research Network Security Threats
In this lab, you will complete the following objectives:
• Part 1: Explore the SANS Website
• Part 2: Identify Recent Network Security Threats
• Part 3: Detail a Specific Network Security Threat

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Network Attack Mitigations
The Defense-in-Depth Approach
To mitigate network attacks, you must first
secure devices including routers, switches,
servers, and hosts. Most organizations employ
a defense-in-depth approach (also known as a
layered approach) to security. This requires a
combination of networking devices and services
working in tandem.

Several security devices and services are

implemented to protect an organization’s users
and assets against TCP/IP threats:
• VPN
• ASA Firewall
• IPS
• ESA/WSA
• AAA Server
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Network Attack Mitigations
Keep Backups
Backing up device configurations and data is one of the most effective ways of protecting
against data loss. Backups should be performed on a regular basis as identified in the
security policy. Data backups are usually stored offsite to protect the backup media if anything
happens to the main facility.
The table shows backup considerations and their descriptions.
Consideration Description

•Perform backups on a regular basis as identified in the security policy.

Frequency •Full backups can be time-consuming, therefore perform monthly or weekly backups with
frequent partial backups of changed files.
•Always validate backups to ensure the integrity of the data and validate the file restoration
Storage
procedures.
•Backups should be transported to an approved offsite storage location on a daily, weekly,
Security
or monthly rotation, as required by the security policy.
•Backups should be protected using strong passwords. The password is required to restore
Validation
the data.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Network Attack Mitigations
Upgrade, Update, and Patch
As new malware is released, enterprises
need to keep current with the latest
versions of antivirus software.
• The most effective way to mitigate a
worm attack is to download security
updates from the operating system
vendor and patch all vulnerable systems.
• One solution to the management of
critical security patches is to make sure
all end systems automatically download
updates.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Network Attack Mitigations
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting
(AAA, or “triple A”) network security services
provide the primary framework to set up
access control on network devices.
• AAA is a way to control who is permitted
to access a network (authenticate), what
actions they perform while accessing the
network (authorize), and making a record
of what was done while they are there
(accounting).
• The concept of AAA is similar to the use
of a credit card. The credit card identifies
who can use it, how much that user can
spend, and keeps account of what items
the user spent money on.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Network Attack Mitigations
Firewalls

Network firewalls reside between two or more

networks, control the traffic between them, and
help prevent unauthorized access.

A firewall could allow outside users controlled

access to specific services. For example,
servers accessible to outside users are usually
located on a special network referred to as the
demilitarized zone (DMZ). The DMZ enables a
network administrator to apply specific policies
for hosts connected to that network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Network Attack Mitigations
Types of Firewalls
Firewall products come packaged in various forms. These products use different
techniques for determining what will be permitted or denied access to a network. They
include the following:
• Packet filtering - Prevents or allows access based on IP or MAC addresses
• Application filtering - Prevents or allows access by specific application types based
on port numbers
• URL filtering - Prevents or allows access to websites based on specific URLs or
keywords
• Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to
requests from internal hosts. Unsolicited packets are blocked unless permitted
specifically. SPI can also include the capability to recognize and filter out specific
types of attacks, such as denial of service (DoS).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Network Attack Mitigations
Endpoint Security
An endpoint, or host, is an individual computer system or device that acts as a network
client. Common endpoints are laptops, desktops, servers, smartphones, and tablets.

Securing endpoint devices is one of the most challenging jobs of a network administrator
because it involves human nature. A company must have well-documented policies in
place and employees must be aware of these rules.

Employees need to be trained on proper use of the network. Policies often include the use
of antivirus software and host intrusion prevention. More comprehensive endpoint security
solutions rely on network access control.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Module 8.3: Device Security
Introduction to Networks v7.0
(ITN)
Device Security
Cisco AutoSecure
The security settings are set to the default values when a new operating system is
installed on a device. In most cases, this level of security is inadequate. For Cisco routers,
the Cisco AutoSecure feature can be used to assist securing the system.

In addition, there are some simple steps that should be taken that apply to most operating
systems:
• Default usernames and passwords should be changed immediately.
• Access to system resources should be restricted to only the individuals that are
authorized to use those resources.
• Any unnecessary services and applications should be turned off and uninstalled
when possible.
• Often, devices shipped from the manufacturer have been sitting in a warehouse for a
period of time and do not have the most up-to-date patches installed. It is important to
update any software and install any security patches prior to implementation.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Device Security
Passwords
To protect network devices, it is important to use strong passwords. Here are standard guidelines to
follow:
• Use a password length of at least eight characters, preferably 10 or more characters.
• Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols,
and spaces, if allowed.
• Avoid passwords based on repetition, common dictionary words, letter or number sequences,
usernames, relative or pet names, biographical information, such as birthdates, ID numbers,
ancestor names, or other easily identifiable pieces of information.
• Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty.
• Change passwords often. If a password is unknowingly compromised, the window of opportunity for
the threat actor to use the password is limited.
• Do not write passwords down and leave them in obvious places such as on the desk or monitor.
On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not.
Therefore, one method to create a strong password is to use the space bar and create a phrase made
of many words. This is called a passphrase. A passphrase is often easier to remember than a simple
password. It is also longer and harder to guess.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Device Security
Additional Password Security
There are several steps that can be taken to
help ensure that passwords remain secret on
a Cisco router and switch including these:
• Encrypt all plaintext passwords with the
service password-encryption command.
• Set a minimum acceptable password
length with the security passwords min-
length command.
• Deter brute-force password guessing
attacks with the login block-
for # attempts # within # command.
• Disable an inactive privileged EXEC
mode access after a specified amount of
time with the exec-timeout command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Device Security
Enable SSH
It is possible to configure a Cisco device to support SSH using the following steps:
1. Configure a unique device hostname. A device must have a unique hostname other than the default.
2. Configure the IP domain name. Configure the IP domain name of the network by using the global
configuration mode command ip-domain name.
3. Generate a key to encrypt SSH traffic. SSH encrypts traffic between source and destination. However,
to do so, a unique authentication key must be generated by using the global configuration
command crypto key generate rsa general-keys modulus bits. The modulus bits determines the size of
the key and can be configured from 360 bits to 2048 bits. The larger the bit value, the more secure the key.
However, larger bit values also take longer to encrypt and decrypt information. The minimum
recommended modulus length is 1024 bits.
4. Verify or create a local database entry. Create a local database username entry using
the username global configuration command.
5. Authenticate against the local database. Use the login local line configuration command to
authenticate the vty line against the local database.
6. Enable vty inbound SSH sessions. By default, no input session is allowed on vty lines. You can specify
multiple input protocols including Telnet and SSH using the transport input [ssh | telnet] command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Device Security
Disable Unused Services
Cisco routers and switches start with a list of active services that may or may not
be required in your network. Disable any unused services to preserve system
resources, such as CPU cycles and RAM, and prevent threat actors from exploiting
these services.
• The type of services that are on by default will vary depending on the IOS
version. For example, IOS-XE typically will have only HTTPS and DHCP ports
open. You can verify this with the show ip ports all command.
• IOS versions prior to IOS-XE use the show control-plane host open-
ports command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Device Security
Packet Tracer – Configure Secure Passwords and SSH
In this Packet Tracer, you will configure passwords and SSH:
• The network administrator has asked you to prepare RTA and SW1
for deployment. Before they can be connected to the network,
security measures must be enabled.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Device Security
Lab – Configure Network Devices with SSH
In this lab, you will complete the following objectives:
• Part 1: Configure Basic Device Settings
• Part 2: Configure the Router for SSH Access
• Part 3: Configure the Switch for SSH Access
• Part 4: SSH from the CLI on the Switch

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Module 8.4:
Devices in a Small Network
Introduction to Networks v7.0
(ITN)
Devices in a Small Network
Small Network Topologies
• The majority of businesses are small most of the business networks are also
small.
• A small network design is usually simple.
• Small networks typically have a single WAN connection provided by DSL,
cable, or an Ethernet connection.
• Large networks require an IT department to maintain, secure, and
troubleshoot network devices and to protect organizational data. Small
networks are managed by a local IT technician or by a contracted
professional.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Devices in a Small Network
Device Selection for a Small Network
Like large networks, small networks require planning and design to meet user
requirements. Planning ensures that all requirements, cost factors, and deployment
options are given due consideration. One of the first design considerations is the type of
intermediary devices to use to support the network.

Factors that must be considered when selecting network devices include:

• cost
• speed and types of ports/interfaces
• expandability
• operating system features and services

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Devices in a Small Network
IP Addressing for a Small Network
When implementing a network, create an IP addressing scheme and use it. All hosts and
devices within an internetwork must have a unique address. Devices that will factor into
the IP addressing scheme include the following:
• End user devices - The number and type of connections (i.e., wired, wireless, remote
access)
• Servers and peripherals devices (e.g., printers and security cameras)
• Intermediary devices including switches and access points

It is recommended that you plan, document, and maintain an IP addressing scheme

based on device type. The use of a planned IP addressing scheme makes it easier to
identify a type of device and to troubleshoot problems.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Devices in a Small Network
Redundancy in a Small Network
In order to maintain a high degree of
reliability, redundancy is required in the
network design. Redundancy helps to
eliminate single points of failure.

Redundancy can be accomplished by

installing duplicate equipment. It can
also be accomplished by supplying
duplicate network links for critical
areas.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Devices in a Small Network
Traffic Management
• The goal for a good network design is to
enhance the productivity of the employees
and minimize network downtime.
• The routers and switches in a small network
should be configured to support real-time
traffic, such as voice and video, in an
appropriate manner relative to other data
traffic. A good network design will implement
quality of service (QoS).
• Priority queuing has four queues. The high-
priority queue is always emptied first.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Verify Connectivity
Verify Connectivity with Ping
Whether your network is small and new, or you are scaling an existing network, you will
always want to be able to verify that your components are properly connected to each other
and to the internet.
• The ping command, available on most operating systems, is the most effective way to
quickly test Layer 3 connectivity between a source and destination IP address.
• The ping command uses the Internet Control Message Protocol (ICMP) echo (ICMP Type
8) and echo reply (ICMP Type 0) messages.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Verify Connectivity
Verify Connectivity with Ping (Cont.)
On a Windows 10 host, the ping command sends four consecutive ICMP echo messages
and expects four consecutive ICMP echo replies from the destination. The IOS ping sends
five ICMP echo messages and displays an indicator for each ICMP echo reply received.

IOS Ping Indicators are as follows:

Element Description
•Exclamation mark indicates successful receipt of an echo reply message.
!
•It validates a Layer 3 connection between source and destination.
•A period means that time expired waiting for an echo reply message.
.
•This indicates a connectivity problem occurred somewhere along the path.
•Uppercase U indicates a router along the path responded with an ICMP Type 3 “destination unreachable”
error message.
U
•Possible reasons include the router does not know the direction to the destination network or it could not
find the host on the destination network.

Note: Other possible ping replies include Q, M, ?, or &. However, the meaning of these are out of scope for this module.

Extended ping is entered in privileged

EXEC mode by typing ping without a
destination IP address. You will then be
given several prompts to customize the
extended ping.

Note: Pressing Enter accepts the

indicated default values. The ping
ipv6 command is used for IPv6 extended
pings.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Verify Connectivity
Verify Connectivity with Traceroute
The ping command is useful to quickly determine if there is a Layer 3 connectivity problem.
However, it does not identify where the problem is located along the path.
• Traceroute can help locate Layer 3 problem areas in a network. A trace returns a list of
hops as a packet is routed through a network.
• The syntax of the trace command varies between operating systems.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Verify Connectivity
Verify Connectivity with Traceroute (Cont.)
• The following is a sample output of tracert command on a Windows 10 host.
Note: Use Ctrl-C to interrupt a tracert in Windows.
• The only successful response was from the gateway on R1. Trace requests to the
next hop timed out as indicated by the asterisk (*), meaning that the next hop router
did not respond or there is a failure in the network path. In this example there appears
to be a problem between R1 and R2.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Verify Connectivity
Verify Connectivity with Traceroute (Cont.)
The following are sample outputs of traceroute command from R1:

• On the left, the trace validated that it could successfully reach PC B.

• On the right, the 10.1.1.10 host was not available, and the output shows asterisks
where replies timed out. Timeouts indicate a potential network problem.
• Use Ctrl-Shift-6 to interrupt a traceroute in Cisco IOS.

Note: Windows implementation of traceroute (tracert) sends ICMP Echo Requests. Cisco IOS and
Linux use UDP with an invalid port number. The final destination will return an ICMP port
unreachable message.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Verify Connectivity
Extended Traceroute
Like the extended ping command, there is also an extended traceroute command. It
allows the administrator to adjust parameters related to the command operation.

The Windows tracert command allows the input of several parameters through options in
the command line. However, it is not guided like the extended traceroute IOS command.
The following output displays the available options for the Windows tracert command:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Verify Connectivity
Extended Traceroute (Cont.)
• The Cisco IOS extended traceroute option enables
the user to create a special type of trace by
adjusting parameters related to the command
operation.
• Extended traceroute is entered in privileged EXEC
mode by typing traceroute without a destination IP
address. IOS will guide you through the command
options by presenting a number of prompts related
to the setting of all the different parameters.

• Note: Pressing Enter accepts the indicated default

values.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Verify Connectivity
Network Baseline
• One of the most effective tools for monitoring and troubleshooting network performance
is to establish a network baseline.
• One method for starting a baseline is to copy and paste the results from an executed
ping, trace, or other relevant commands into a text file. These text files can be time
stamped with the date and saved into an archive for later retrieval and comparison.
• Among items to consider are error messages and the response times from host to host.
• Corporate networks should have extensive baselines; more extensive than we can
describe in this course. Professional-grade software tools are available for storing and
maintaining baseline information.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Verify Connectivity
Lab – Test Network Latency with Ping and Traceroute
In this lab, you will complete the following objectives:
• Part 1: Use Ping to Document Network Latency
• Part 2: Use Traceroute to Document Network Latency

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Module 8.5:
Host and IOS Commands
Introduction to Networks v7.0
(ITN)
Host and IOS Commands
IP Configuration on a Windows Host
In Windows 10, you can access the IP address details from the Network and Sharing Center to
quickly view the four important settings: address, mask, router, and DNS. Or you can issue
the ipconfig command at the command line of a Windows computer.
• Use the ipconfig /all command to view the MAC address, as well as a number of details
regarding the Layer 3 addressing of the device.
• If a host is configured as a DHCP client, the IP address configuration can be renewed using
the ipconfig /release and ipconfig /renew commands.
• The DNS Client service on Windows PCs also optimizes the performance of DNS name
resolution by storing previously resolved names in memory. The ipconfig
/displaydns command displays all of the cached DNS entries on a Windows computer system.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Host and IOS Commands
IP Configuration on a Linux Host
• Verifying IP settings using the GUI on a Linux
machine will differ depending on the Linux
distribution and desktop interface.
• On the command line, use
the ifconfig command to display the status of
the currently active interfaces and their IP
configuration.
• The Linux ip address command is used to
display addresses and their properties. It can
also be used to add or delete IP addresses.

Note: The output displayed may vary depending

on the Linux distribution.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Host and IOS Commands
IP Configuration on a macOS Host
• In the GUI of a Mac host, open Network
Preferences > Advanced to get the IP
addressing information.
• The ifconfig command can also be used
to verify the interface IP configuration at
the command line.
• Other useful macOS commands to verify
the host IP settings include networksetup
-listallnetworkservices and
the networksetup -getinfo <network
service>.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Host and IOS Commands
The arp Command
The arp command is executed from the Windows, Linux, or Mac command prompt. The
command lists all devices currently in the ARP cache of the host.
• The arp -a command displays the known IP address and MAC address binding. The
ARP cache only displays information from devices that have been recently accessed.
• To ensure that the ARP cache is populated, ping a device so that it will have an entry
in the ARP table.
• The cache can be cleared by using the netsh interface ip delete arpcache command
in the event the network administrator wants to repopulate the cache with updated
information.

Note: You may need administrator access on the host to be able to use the netsh
interface ip delete arpcache command.

Command Description

show running-config Verifies the current configuration and settings

show interfaces Verifies the interface status and displays any error messages

show ip interface Verifies the Layer 3 information of an interface

show arp Verifies the list of known hosts on the local Ethernet LANs

show ip route Verifies the Layer 3 routing information

show protocols Verifies which protocols are operational

show version Verifies the memory, interfaces, and licenses of the device

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Host and IOS Commands
The show cdp neighbors Command
CDP provides the following information about each CDP neighbor device:
• Device identifiers - The configured host name of a switch, router, or other device
• Address list - Up to one network layer address for each protocol supported
• Port identifier - The name of the local and remote port in the form of an ASCII character
string, such as FastEthernet 0/0
• Capabilities list - Whether a specific device is a Layer 2 switch or a Layer 3 switch
• Platform - The hardware platform of the device.
The show cdp neighbors detail command reveals the IP address of a neighboring device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Host and IOS Commands
The show ip interface brief Command
One of the most frequently used commands is the show ip interface brief command.
This command provides a more abbreviated output than the show ip interface command.
It provides a summary of the key information for all the network interfaces on a router.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Host and IOS Commands
Video – The show version Command
This video will demonstrate using the show version command to view information about
the router.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Host and IOS Commands
Packet Tracer – Interpret show Command Output
This activity is designed to reinforce the use of router show commands. You are not
required to configure, but rather analyze the output of several show commands.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Chapter9:
Switching Concepts
Trainees Materials
Switching, Routing and
Wireless Essentials v7.0
(SRWE)
Module 9.1: Configure a Switch
with Initial Settings
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Configure a Switch with Initial Settings
Switch Boot Sequence
After a Cisco switch is powered on, it goes through the following five-step boot
sequence:
Step 1: First, the switch loads a power-on self-test (POST) program stored in ROM.
POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash
device that makes up the flash file system.
Step 2: Next, the switch loads the boot loader software. The boot loader is a small
program stored in ROM that is run immediately after POST successfully completes.
Step 3: The boot loader performs low-level CPU initialization. It initializes the CPU
registers, which control where physical memory is mapped, the quantity of memory, and
its speed.
Step 4: The boot loader initializes the flash file system on the system board.
Step 5: Finally, the boot loader locates and loads a default IOS operating system
software image into memory and gives control of the switch over to the IOS.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Configure a Switch with Initial Settings
The boot system Command
• The switch attempts to automatically boot by using information in the BOOT environment
variable. If this variable is not set, the switch attempts to load and execute the first executable
file it can find.
• The IOS operating system then initializes the interfaces using the Cisco IOS commands found in
the startup-config file. The startup-config file is called config.text and is located in flash.
• In the example, the BOOT environment variable is set using the boot system global
configuration mode command. Notice that the IOS is located in a distinct folder and the folder
path is specified. Use the command show boot to see what the current IOS boot file is set to.

Command Definition

boot system The main command

flash: The storage device

c2960-lanbasek9-mz.150-2.SE/ The path to the file system

c2960-lanbasek9-mz.150-2.SE.bin The IOS file name © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Configure a Switch with Initial Settings
Switch LED Indicators
System LED (SYST): Shows whether the system is receiving power and
functioning properly.
Redundant Power Supply LED (RPS): Shows the RPS status.
Port Status LED (STAT): When green, indicates port status mode is
selected, which is the default. Port status can then be understood by the
light associated with each port.
Port Duplex LED (DUPLX): When green, indicates port duplex mode is
selected. Port duplex can then be understood by the light associated with
each port.
Port Speed LED (SPEED): When green, indicates port speed mode is
selected. Port speed can then be understood by the light associated with
each port.
Power over Ethernet LED (PoE): Present if the switch supports PoE.
Indicates the PoE status of ports on the switch.

The Mode button is used to move between the different modes – STAT,
DUPLX, SPEED, and PoE © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Configure a Switch with Initial Settings
Switch LED Indicators (Cont.)
Off Green Blinking Green Amber Blinking Amber Alternating
Green/Amber

RPS Off/No RPS RPS ready RPS up but not RPS standby or Internal PS failed, N/A
available fault RPS providing
power

PoE Not Selected N/A N/A Not selected, port N/A

selected, issues present
no issues

When the named mode is selected, the light associated with each physical port indicates:

STAT No link or Link Up Activity Port blocked Port blocked Link fault
shutdown preventing loop preventing loop

DUPLEX Half-duplex Full-duplex N/A N/A N/A N/A

SPEED 10Mbps 100Mbps 1000Mbps N/A N/A N/A

Configure a Switch with Initial Settings
Recovering from a System Crash
The boot loader provides access into the switch if the operating system cannot be used because of
missing or damaged system files. The boot loader has a command line that provides access to the
files stored in flash memory. The boot loader can be accessed through a console connection
following these steps:
Step 1. Connect a PC by console cable to the switch console port. Configure terminal emulation
software to connect to the switch.
Step 2. Unplug the switch power cord.
Step 3. Reconnect the power cord to the switch and, within 15 seconds, press and hold down
the Mode button while the System LED is still flashing green.
Step 4. Continue pressing the Mode button until the System LED turns briefly amber and then
solid green; then release the Mode button.
Step 5. The boot loader switch: prompt appears in the terminal emulation software on the PC.
The boot loader command line supports commands to format the flash file system, reinstall the
operating system software, and recover a lost or forgotten password. For example,
the dir command can be used to view a list of files within a specified directory.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Configure a Switch with Initial Settings
Switch Management Access
To prepare a switch for remote
management access, the switch must be
configured with an IP address and a
subnet mask.
• To manage the switch from a remote
network, the switch must be configured
with a default gateway. This is very
similar to configuring the IP address
information on host devices.
• In the figure, the switch virtual interface
(SVI) on S1 should be assigned an IP
address. The SVI is a virtual interface,
not a physical port on the switch. A
console cable is used to connect to a
PC so that the switch can be initially
configured.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Configure a Switch with Initial Settings
Switch SVI Configuration Example
By default, the switch is configured to have its management controlled through VLAN 1. All
ports are assigned to VLAN 1 by default. For security purposes, it is considered a best
practice to use a VLAN other than VLAN 1 for the management VLAN,
Step 1: Configure the Management Interface: From VLAN interface configuration mode,
an IPv4 address and subnet mask is applied to the management SVI of the switch.

Note: The SVI for VLAN 99 will not appear as “up/up” until VLAN 99 is created and there is
a device connected to a switch port associated with VLAN 99.

Note: The switch may need to be configured for IPv6. For example, before you can
configure IPv6 addressing on a Cisco Catalyst 2960 running IOS version 15.0, you will need
to enter the global configuration command sdm prefer dual-ipv4-and-ipv6 default and
then reload the switch.

Task IOS Commands

Enter global configuration mode. S1# configure terminal

Enter interface configuration

S1(config)# interface vlan 99
mode for the SVI.

Configure the management S1(config-if)# ip address 172.17.99.11

interface IPv4 address. 255.255.255.0

Configure the management S1(config-if)# ipv6 address

interface IPv6 address 2001:db8:acad:99::1/64
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Configure a Switch with Initial Settings
Switch SVI Configuration Example (Cont.)
Step 2: Configure the Default Gateway
• The switch should be configured with a default gateway if it will be managed remotely
from networks that are not directly connected.
• Note: Because, it will receive its default gateway information from a router advertisement (RA)
message, the switch does not require an IPv6 default gateway.

Task IOS Commands

Enter global configuration mode. S1# configure terminal

Configure the default gateway for S1(config)# ip default-gateway

the switch. 172.17.99.1

Return to the privileged EXEC

S1(config-if)# end
mode. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Configure a Switch with Initial Settings
Switch SVI Configuration Example (Cont.)
Step 3: Verify Configuration
• The show ip interface brief and show ipv6 interface brief commands are useful for
determining the status of both physical and virtual interfaces. The output shown
confirms that interface VLAN 99 has been configured with an IPv4 and IPv6 address.
Note: An IP address applied to the SVI is only for remote management access to the
switch; this does not allow the switch to route Layer 3 packets.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Configure a Switch with Initial Settings
Lab – Basic Switch Configuration
In this lab, you will complete the following objectives:
• Part 1: Cable the Network and Verify the Default Switch Configuration
• Part 2: Configure Basic Network Device Settings
• Part 3: Verify and Test Network Connectivity
• Part 4: Manage the MAC Address Table

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Module 9.2:
Configure Switch/Router Ports
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Configure Switch Ports
Duplex Communication
• Full-duplex communication increases bandwidth efficiency by allowing both ends of a
connection to transmit and receive data simultaneously. This is also known as
bidirectional communication and it requires microsegmentation.
• A microsegmented LAN is created when a switch port has only one device connected
and is operating in full-duplex mode. There is no collision domain associated with a
switch port operating in full-duplex mode.
• Unlike full-duplex communication, half-duplex communication is unidirectional. Half-
duplex communication creates performance issues because data can flow in only one
direction at a time, often resulting in collisions.
• Gigabit Ethernet and 10 Gb NICs require full-duplex connections to operate. In full-
duplex mode, the collision detection circuit on the NIC is disabled. Full-duplex offers
100 percent efficiency in both directions (transmitting and receiving). This results in a
doubling of the potential use of the stated bandwidth.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Configure Switch Ports
Configure Switch Ports at the Physical Layer
• Switch ports can be manually configured with specific duplex and speed settings. The respective
interface configuration commands are duplex and speed.
• The default setting for both duplex and speed for switch ports on Cisco Catalyst 2960 and 3560
switches is auto. The 10/100/1000 ports operate in either half- or full-duplex mode when they are
set to 10 or 100 Mbps and operate only in full-duplex mode when it is set to 1000 Mbps (1 Gbps).
• Autonegotiation is useful when the speed and duplex settings of the device connecting to the port
are unknown or may change. When connecting to known devices such as servers, dedicated
workstations, or network devices, a best practice is to manually set the speed and duplex
settings.
• When troubleshooting switch port issues, it is important that the duplex and speed settings are
checked.
Note: Mismatched settings for the duplex mode and speed of switch ports can cause connectivity
issues. Autonegotiation failure creates mismatched settings.

All fiber-optic ports, such as 1000BASE-SX ports, operate only at one preset speed and are always
full-duplex
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Configure Switch Ports
Configure Switch Ports at the Physical Layer (Cont.)

Task IOS Commands

Enter global configuration mode. S1# configure terminal

Enter interface configuration mode. S1(config)# interface FastEthernet 0/1

Configure the interface duplex. S1(config-if)# duplex full

Configure the interface speed. S1(config-if)# speed 100

Return to the privileged EXEC mode. S1(config-if)# end

Save the running config to the startup config. S1# copy running-config startup-config
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Configure Switch Ports
Auto-MDIX
• When automatic medium-dependent interface crossover (auto-MDIX) is enabled, the switch
interface automatically detects the required cable connection type (straight-through or
crossover) and configures the connection appropriately.
• When connecting to switches without the auto-MDIX feature, straight-through cables must
be used to connect to devices such as servers, workstations, or routers. Crossover cables
must be used to connect to other switches or repeaters.
• With auto-MDIX enabled, either type of cable can be used to connect to other devices, and
the interface automatically adjusts to communicate successfully.
• On newer Cisco switches, the mdix auto interface configuration mode command enables
the feature. When using auto-MDIX on an interface, the interface speed and duplex must be
set to auto so that the feature operates correctly.
Note: The auto-MDIX feature is enabled by default on Catalyst 2960 and Catalyst 3560
switches but is not available on the older Catalyst 2950 and Catalyst 3550 switches.
To examine the auto-MDIX setting for a specific interface, use the show controllers ethernet-
controller command with the phy keyword. To limit the output to lines referencing auto-MDIX,
use the include Auto-MDIX filter.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Configure Switch Ports
Switch Verification Commands
Task IOS Commands

Display interface status and configuration. S1# show interfaces [interface-id]

Display current startup configuration. S1# show startup-config

Display current running configuration. S1# show running-config

Display information about flash file system. S1# show flash

Display system hardware and software status. S1# show version

Display history of command entered. S1# show history

S1# show ip interface [interface-id]

Display IP information about an interface. OR
S1# show ipv6 interface [interface-id]
S1# show mac-address-table
Display the MAC address table. OR © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

S1# show mac address-table

Configure Switch Ports
Verify Switch Port Configuration
The show running-config command can be used to verify that the switch has been correctly
configured. From the sample abbreviated output on S1, some important information is shown
in the figure:
• Fast Ethernet 0/18 interface configured with the management VLAN 99
• VLAN 99 configured with an IPv4 address of 172.17.99.11 255.255.255.0
• Default gateway set to 172.17.99.1

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Configure Switch Ports
Verify Switch Port Configuration (Cont.)
The show interfaces command is another commonly used command, which displays status and
statistics information on the network interfaces of the switch. The show interfaces command is
frequently used when configuring and monitoring network devices.

The first line of the output for the show interfaces fastEthernet 0/18 command indicates that the
FastEthernet 0/18 interface is up/up, meaning that it is operational. Further down, the output shows
that the duplex is full and the speed is 100 Mbps.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Configure Switch Ports
Network Access Layer Issues
The output from the show interfaces command is useful for detecting common media issues. One of
the most important parts of this output is the display of the line and data link protocol status, as shown
in the example.
The first parameter (FastEthernet0/18 is up) refers to the hardware layer and indicates whether the
interface is receiving a carrier detect signal. The second parameter (line protocol is up) refers to the
data link layer and indicates whether the data link layer protocol keepalives are being received.
Based on the output of the show interfaces command, possible problems can be fixed as follows:
• If the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the
interface on the other end could be error-disabled, or there could be a hardware problem.
• If the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For
example, in a back-to-back connection, the other end of the connection may be administratively down.
• If the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the
active configuration.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Configure Switch Ports
Network Access Layer Issues (Cont.)
The show
interfaces command output
displays counters and
statistics for the
FastEthernet0/18 interface,
as shown here:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Configure Switch Ports
Network Access Layer Issues (Cont.)
Some media errors are not severe enough to cause the circuit to fail but do cause network
performance issues. The table explains some of these common errors which can be
detected using the show interfaces command.
Error Type Description

Input Errors Total number of errors. It includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts.

Packets that are discarded because they are smaller than the minimum packet size for the medium.
Runts
For instance, any Ethernet packet that is less than 64 bytes is considered a runt.

Packets that are discarded because they exceed the maximum packet size for the medium. For
Giants
example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.

CRC CRC errors are generated when the calculated checksum is not the same as the checksum received.

Sum of all errors that prevented the final transmission of datagrams out of the interface that is being
Output Errors
examined.

Collisions Number of messages retransmitted because of an Ethernet collision.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Configure Switch Ports
Interface Input and Output Errors
“Input errors” is the sum of all errors in datagrams that were received on the interface
being examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored
counts. The reported input errors from the show interfaces command include the
following:
• Runt Frames - Ethernet frames that are shorter than the 64-byte minimum allowed
length are called runts. Malfunctioning NICs are the usual cause of excessive runt
frames, but they can also be caused by collisions.
• Giants - Ethernet frames that are larger than the maximum allowed size are called
giants.
• CRC errors - On Ethernet and serial interfaces, CRC errors usually indicate a media
or cable error. Common causes include electrical interference, loose or damaged
connections, or incorrect cabling. If you see many CRC errors, there is too much
noise on the link and you should inspect the cable. You should also search for and
eliminate noise sources.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Configure Switch Ports
Interface Input and Output Errors (Cont.)
“Output errors” is the sum of all errors that prevented the final transmission of datagrams
out the interface that is being examined. The reported output errors from the show
interfaces command include the following:
• Collisions - Collisions in half-duplex operations are normal. However, you should
never see collisions on an interface configured for full-duplex communication.
• Late collisions - A late collision refers to a collision that occurs after 512 bits of the
frame have been transmitted. Excessive cable lengths are the most common cause of
late collisions. Another common cause is duplex misconfiguration.

To troubleshoot
scenarios involving no
connection, or a bad
connection, between a
switch and another
device, follow the
general process
shown in the figure.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Secure Remote Access
SSH Operation
Secure Shell (SSH) is a secure protocol that uses
TCP port 22. It provides a secure (encrypted)
management connection to a remote device.
SSH should replace Telnet for management
connections. SSH provides security for remote
connections by providing strong encryption when
a device is authenticated (username and
password) and also for the transmitted data
between the communicating devices.

The figure shows a Wireshark capture of an SSH

session. The threat actor can track the session
using the IP address of the administrator device.
However, unlike Telnet, with SSH the username
and password are encrypted.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Secure Remote Access
Verify the Switch Supports SSH
To enable SSH on a Catalyst 2960 switch, the switch must be using a version of the IOS
software including cryptographic (encrypted) features and capabilities. Use the show
version command on the switch to see which IOS the switch is currently running. An IOS
filename that includes the combination “k9” supports cryptographic (encrypted) features
and capabilities.

The example shows the output of the show version command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Secure Remote Access
Configure SSH
Before configuring SSH, the switch must be minimally configured with a unique hostname and the correct
network connectivity settings.
Step 1: Verify SSH support - Use the show ip ssh command to verify that the switch supports SSH. If the switch is not
running an IOS that supports cryptographic features, this command is unrecognized.
Step 2: Configure the IP domain - Configure the IP domain name of the network using the ip domain-name domain-
name global configuration mode command.
Step 3: Generate RSA key pairs - Generating an RSA key pair automatically enables SSH. Use the crypto key generate
rsa global configuration mode command to enable the SSH server on the switch and generate an RSA key pair.
Note: To delete the RSA key pair, use the crypto key zeroize rsa global configuration mode command. After the RSA key
pair is deleted, the SSH server is automatically disabled.
Step 4: Configure user authentication - The SSH server can authenticate users locally or using an authentication server. To
use the local authentication method, create a username and password pair using
the username username secret password global configuration mode command.
Step 5: Configure the vty lines - Enable the SSH protocol on the vty lines by using the transport input ssh line configuration
mode command. Use the line vty global configuration mode command and then the login local line configuration mode
command to require local authentication for SSH connections from the local username database.
Step 6: Enable SSH version 2 - By default, SSH supports both versions 1 and 2. When supporting both versions, this is
shown in the show ip ssh output as supporting version 2. Enable SSH version using the ip ssh version 2 global
configuration command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Secure Remote Access
Verify SSH is Operational
On a PC, an SSH client such as PuTTY, is used to connect to an SSH server. For example, assume the
following is configured:
• SSH is enabled on switch S1
• Interface VLAN 99 (SVI) with IPv4 address 172.17.99.11 on switch S1
• PC1 with IPv4 address 172.17.99.21
Using a terminal emulator, initiate an SSH connection to the SVI VLAN IPv4 address of S1 from PC1.
When connected, the user is prompted for a username and password as shown in the example. Using the
configuration from the previous example, the username admin and password ccna are entered. After
entering the correct combination, the user is connected via SSH to the command line interface (CLI) on the
Catalyst 2960 switch.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Secure Remote Access
Verify SSH is Operational (Cont.)
To display the version and configuration data for SSH on the device that you configured as an SSH
server, use the show ip ssh command. In the example, SSH version 2 is enabled.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Secure Remote Access
Packet Tracer – Configure SSH
In this Packet Tracer, you will do the following:
• Secure passwords
• Encrypt communications
• Verify SSH implementation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Basic Router Configuration
Configure Basic Router Settings
Cisco routers and Cisco switches have many similarities. They support a similar modal operating
system, similar command structures, and many of the same commands. In addition, both devices have
similar initial configuration steps. For example, the following configuration tasks should always be
performed. Name the device to distinguish it from other routers and configure passwords, as shown in
the example.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Basic Router Configuration
Configure Basic Router Settings (Cont.)
Configure a banner to provide legal notification of unauthorized access, as shown in the
example.

Save the changes on a router, as shown in the example.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Basic Router Configuration
Dual Stack Topology
One distinguishing feature between switches and routers is the type of interfaces
supported by each. For example, Layer 2 switches support LANs; therefore, they have
multiple FastEthernet or Gigabit Ethernet ports. The dual stack topology in the figure is
used to demonstrate the configuration of router IPv4 and IPv6 interfaces.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Basic Router Configuration
Configure Router Interfaces
Routers support LANs and WANs and can interconnect different types of networks; therefore, they
support many types of interfaces. For example, G2 ISRs have one or two integrated Gigabit
Ethernet interfaces and High-Speed WAN Interface Card (HWIC) slots to accommodate other types
of network interfaces, including serial, DSL, and cable interfaces.

To be available, an interface must be:

• Configured with at least one IP address - Use the ip address ip-address subnet-mask and
the ipv6 address ipv6-address/prefix interface configuration commands.
• Activated - By default, LAN and WAN interfaces are not activated (shutdown). To enable an
interface, it must be activated using the no shutdown command. (This is similar to powering
on the interface.) The interface must also be connected to another device (a hub, a switch, or
another router) for the physical layer to be active.
• Description - Optionally, the interface could also be configured with a short description of up to
240 characters. It is good practice to configure a description on each interface. On production
networks, the benefits of interface descriptions are quickly realized as they are helpful in
troubleshooting and in identifying a third-party connection and contact information.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Basic Router Configuration
Configure Router Interfaces (Cont.)
The example shows the configure for the interfaces on R1:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Basic Router Configuration
IPv4 Loopback Interfaces
Another common configuration of Cisco IOS routers is enabling a loopback interface.
• The loopback interface is a logical interface that is internal to the router. It is not assigned to a
physical port and can never be connected to any other device. It is considered a software interface
that is automatically placed in an “up” state, as long as the router is functioning.
• The loopback interface is useful in testing and managing a Cisco IOS device because it ensures
that at least one interface will always be available. For example, it can be used for testing
purposes, such as testing internal routing processes, by emulating networks behind the router.
• Loopback interfaces are also commonly used in lab environments to create additional interfaces.
For example, you can create multiple loopback interfaces on a router to simulate more networks for
configuration practice and testing purposes. The IPv4 address for each loopback interface must be
unique and unused by any other interface. In this curriculum, we often use a loopback interface to
simulate a link to the internet.
• Enabling and assigning a loopback address is simple:

Router(config)# interface loopback number

Router(config-if)# ip address ip-address subnet-mask

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Basic Router Configuration
Packet Tracer – Configure Router Interfaces
In this Packet Tracer activity, you will do the following:
• Configure IPv4 addressing and verify connectivity
• Configure IPv6 addressing and verify connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Module 9.3:
Frame Forwarding
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Frame Forwarding
Switching in Networking
Two terms are associated with frames entering or
leaving an interface:
• Ingress – entering the interface
• Egress – exiting the interface
A switch forwards based on the ingress interface
and the destination MAC address.
A switch uses its MAC address table to make
forwarding decisions.

Note: A switch will never allow traffic to be

forwarded out the interface it received the traffic.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Frame Forwarding
The Switch MAC Address Table
A switch will use the destination MAC address to determine the egress interface.
Before a switch can make this decision it must learn what interface the destination is
located.
A switch builds a MAC address table, also known as a Content Addressable Memory
(CAM) table, by recording the source MAC address into the table along with the port
it was received.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Frame Forwarding
The Switch Learn and Forward Method
The switch uses a two step process:
Step 1. Learn – Examines Source Address
• Adds the source MAC if not in table
• Resets the time out setting back to 5 minutes if source is in the table
Step 2. Forward – Examines Destination Address
• If the destination MAC is in the MAC address table it is forwarded out the specified port.
• If a destination MAC is not in the table, it is flooded out all interfaces except the one it was
received.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Frame Forwarding
Video – MAC Address Tables on Connected Switches
This video will cover the following:
• How switches build MAC address tables

• How switches forward frames based on the content of their MAC address tables

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Frame Forwarding
Switch Forwarding Methods
Switches use software on application-specific-integrated circuits (ASICs) to make
very quick decisions.
A switch will use one of two methods to make forwarding decisions after it receives a
frame:
• Store-and-forward switching - Receives the entire frame and ensures the frame
is valid. Store-and-forward switching is Cisco’s preferred switching method.
• Cut-through switching – Forwards the frame immediately after determining the
destination MAC address of an incoming frame and the egress port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Frame Forwarding
Store-and-Forward Switching
Store-and-forward has two primary characteristics:
• Error Checking – The switch will check the Frame Check Sequence (FCS) for CRC errors.
Bad frames will be discarded.
• Buffering – The ingress interface will buffer the frame while it checks the FCS. This also
allows the switch to adjust to a potential difference in speeds between the ingress and
egress ports.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Frame Forwarding
Cut-Through Switching • Cut-through forwards the frame immediately
after determining the destination MAC.
• Fragment (Frag) Free method will check the
destination and ensure that the frame is at
least 64 Bytes. This will eliminate runts.
Concepts of Cut-Through switching:
• Is appropriate for switches needing latency
to be under 10 microseconds
• Does not check the FCS, so it can
propagate errors
• May lead to bandwidth issues if the switch
propagates too many errors
• Cannot support ports with differing speeds
going from ingress to egress
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Module 9.3:
Switching Domains
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Switching Domains
Collision Domains
Switches eliminate collision domains and
reduce congestion.
• When there is full duplex on the link the
collision domains are eliminated.
• When there is one or more devices in
half-duplex there will now be a collision
domain.
• There will now be contention for the
bandwidth.
• Collisions are now possible.
• Most devices, including Cisco and
Microsoft use auto-negotiation as the
default setting for duplex and speed.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Switching Domains
Broadcast Domains
• A broadcast domain extends across all Layer 1
or Layer 2 devices on a LAN.
• Only a layer 3 device (router) will break the
broadcast domain, also called a MAC
broadcast domain.
• The broadcast domain consists of all devices
on the LAN that receive the broadcast traffic.
• When the layer 2 switch receives the broadcast
it will flood it out all interfaces except for the
ingress interface.
• Too many broadcasts may cause congestion
and poor network performance.
• Increasing devices at Layer 1 or layer 2 will
cause the broadcast domain to expand.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Switching Domains
Alleviated Network Congestion
Switches use the MAC address table and full-duplex to eliminate collisions and avoid
congestion.
Features of the switch that alleviate congestion are as follows:

Protocol Function
Fast Port Speeds Depending on the model, switches may have up to 100Gbps port speeds.
Fast Internal Switching This uses fast internal bus or shared memory to improve performance.
Large Frame Buffers This allows for temporary storage while processing large quantities of
frames.
High Port Density This provides many ports for devices to be connected to LAN with less cost.
This also provides for more local traffic with less congestion.

Switching, Routing, and

Wireless Essentials v7.0
(SRWE)
Module 10.1:
Overview of VLANs
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Overview of VLANs
VLAN Definitions
VLANs are logical connections with other similar
devices.
Placing devices into various VLANs have the
following characteristics:
• Provides segmentation of the various groups
of devices on the same switches
• Provide organization that is more
manageable
• Broadcasts, multicasts and unicasts are
isolated in the individual VLAN
• Each VLAN will have its own unique range
of IP addressing
• Smaller broadcast domains

Benefits of using VLANs are as

follows:
Benefits Description
Smaller Broadcast Dividing the LAN reduces the number of broadcast domains
Domains
Improved Security Only users in the same VLAN can communicate together
Improved IT Efficiency VLANs can group devices with similar requirements, e.g. faculty vs.
students
Reduced Cost One switch can support multiple groups or VLANs
Better Performance Small broadcast domains reduce traffic, improving bandwidth
Simpler Management Similar groups will need similar applications and other network resources
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Overview of VLANs
Types of VLANs
Default VLAN
VLAN 1 is the following:
• The default VLAN
• The default Native VLAN
• The default Management
VLAN
• Cannot be deleted or
renamed

Note: While we cannot delete

VLAN1 Cisco will recommend
that we assign these default
features to other VLANs
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Overview of VLANs
Types of VLANs (Cont.)
Data VLAN
• Dedicated to user-generated traffic (email and web traffic).

• VLAN 1 is the default data VLAN because all interfaces are assigned to this VLAN.

Native VLAN
• This is used for trunk links only.

• All frames are tagged on an 802.1Q trunk link except for those on the native VLAN.

Management VLAN
• This is used for SSH/Telnet VTY traffic and should not be carried with end user traffic.

• Typically, the VLAN that is the SVI for the Layer 2 switch.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Overview of VLANs
Types of VLANs (Cont.)
Voice VLAN
• A separate VLAN is required because Voice
traffic requires:
• Assured bandwidth
• High QoS priority
• Ability to avoid congestion
• Delay less that 150 ms from source to
destination
• The entire network must be designed to
support voice.

• Observe Broadcast Traffic in a VLAN Implementation

• Complete Review Questions

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Module 10.2:
VLAN Configuration
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
VLAN Configuration
VLAN Ranges on Catalyst Switches

Catalyst switches 2960 and 3650 support over

4000 VLANs.

Normal Range VLAN 1 – 1005 Extended Range VLAN 1006 - 4095

Used in Small to Medium sized businesses Used by Service Providers

1002 – 1005 are reserved for legacy VLANs Are in Running-Config
1, 1002 – 1005 are auto created and cannot Supports fewer VLAN features
be deleted
Stored in the vlan.dat file in flash Requires VTP configurations
VTP can synchronize between switches
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
VLAN Configuration
VLAN Creation Commands
VLAN details are stored in the vlan.dat file. You create VLANs in the global
configuration mode.

Task IOS Command

Enter global configuration mode. Switch# configure terminal
Create a VLAN with a valid ID number. Switch(config)# vlan vlan-id
Specify a unique name to identify the
Switch(config-vlan)# name vlan-name
VLAN.
Return to the privileged EXEC mode. Switch(config-vlan)# end
Enter global configuration mode. Switch# configure terminal

• If the Student PC is going to be in

VLAN 20, we will create the VLAN first
and then name it.
• If you do not name it, the Cisco IOS
will give it a default name of vlan and Prompt Command
the four digit number of the VLAN. E.g. S1# Configure terminal
vlan0020 for VLAN 20.
S1(config)# vlan 20
S1(config-vlan)# name student
S1(config-vlan)# end

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
VLAN Configuration
VLAN Port Assignment Commands
Once the VLAN is created, we can then assign it to the correct interfaces.

Task Command
Enter global configuration mode. Switch# configure terminal

Enter interface configuration mode. Switch(config)# interface interface-id

Set the port to access mode. Switch(config-if)# switchport mode access

Assign the port to a VLAN. Switch(config-if)# switchport access vlan vlan-id

Return to the privileged EXEC mode. Switch(config-if)# end

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
VLAN Configuration
VLAN Port Assignment Example
We can assign the VLAN to the port
interface.
• Once the device is assigned the
VLAN, then the end device will need
the IP address information for that
VLAN
Prompt Command
• Here, Student PC receives S1# Configure terminal
172.17.20.22
S1(config)# Interface fa0/18
S1(config-if)# Switchport mode access
S1(config-if)# Switchport access vlan 20
S1(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
VLAN Configuration
Data and Voice VLANs
An access port may only be
assigned to one data VLAN.
However it may also be assigned to
one Voice VLAN for when a phone
and an end device are off of the
same switchport.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
VLAN Configuration
Data and Voice VLAN Example
• We will want to create and name both Voice
and Data VLANs.
• In addition to assigning the data VLAN, we
will also assign the Voice VLAN and turn on
QoS for the voice traffic to the interface.
• The newer catalyst switch will automatically
create the VLAN, if it does not already exist,
when it is assigned to an interface.
Note: QoS is beyond the scope of this course.
Here we do show the use of the mls qos trust
[cos | device cisco-phone | dscp | ip-
precedence] command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
VLAN Configuration
Verify VLAN Information
Use the show vlan command. The
complete syntax is:
show vlan [brief | id vlan-id | name
vlan-name | summary]

Task Command Option

Display VLAN name, status, and its ports one VLAN per line. brief
Display information about the identified VLAN ID number. id vlan-id
Display information about the identified VLAN name. The vlan-name
name vlan-name
is an ASCII string from 1 to 32 characters.
Display VLAN summary information. summary
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
VLAN Configuration
Change VLAN Port Membership

There are a number of ways to change VLAN

membership:
• re-enter switchport access vlan vlan-id
command
• use the no switchport access vlan to
place interface back in VLAN 1
Use the show vlan brief or the show
interface fa0/18 switchport commands to
verify the correct VLAN association.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
VLAN Configuration
Delete VLANs
Delete VLANs with the no vlan vlan-id command.
Caution: Before deleting a VLAN, reassign all member ports to a different VLAN.
• Delete all VLANs with the delete flash:vlan.dat or delete vlan.dat commands.

• Reload the switch when deleting all VLANs.

Note: To restore to factory default – unplug all data cables, erase the startup-configuration
and delete the vlan.dat file, then reload the device.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
VLAN Configuration
Packet Tracer – VLAN Configuration
In this Packet Tracer activity, you will perform the following:
• Verify the Default VLAN Configuration
• Configure VLANs
• Assign VLANs to Ports

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Module 10.4:
VLAN Trunks
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
VLAN Trunks
Trunk Configuration Commands
Configure and verify VLAN trunks. Trunks are layer 2 and carry traffic for all VLANs.

Task IOS Command

Enter global configuration mode. Switch# configure terminal
Enter interface configuration mode. Switch(config)# interface interface-id
Set the port to permanent trunking mode. Switch(config-if)# switchport mode trunk
Sets the native VLAN to something other Switch(config-if)# switchport trunk native vlan
than VLAN 1. vlan-id
Specify the list of VLANs to be allowed on Switch(config-if)# switchport trunk allowed
the trunk link. vlan vlan-list
Return to the privileged EXEC mode. Switch(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
VLAN Trunks
Trunk Configuration Example
The subnets associated with each VLAN are:
• VLAN 10 - Faculty/Staff - 172.17.10.0/24
• VLAN 20 - Students - 172.17.20.0/24
• VLAN 30 - Guests - 172.17.30.0/24
• VLAN 99 - Native - 172.17.99.0/24

F0/1 port on S1 is configured as Prompt Command

a trunk port.
S1(config)# Interface fa0/1
Note: This assumes a 2960 S1(config-if)# Switchport mode trunk
switch using 802.1q tagging.
S1(config-if)# Switchport trunk native vlan 99
Layer 3 switches require the
encapsulation to be configured S1(config-if)# Switchport trunk allowed vlan 10,20,30,99
before the trunk mode.
S1(config-if)# end
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
VLAN Trunks
Verify Trunk Configuration
Set the trunk mode and native vlan.
Notice sh int fa0/1 switchport command:
• Is set to trunk administratively

• Is set as trunk operationally (functioning)

• Encapsulation is dot1q

• Native VLAN set to VLAN 99

• All VLANs created on the switch will pass

traffic on this trunk

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
VLAN Trunks
Reset the Trunk to the Default State
• Reset the default trunk settings with
the no command.
• All VLANs allowed to pass traffic
• Native VLAN = VLAN 1
• Verify the default settings with a
sh int fa0/1 switchport command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
VLAN Trunks
Reset the Trunk to the Default State (Cont.)
Reset the trunk to an access mode with the
switchport mode access command:
• Is set to an access interface administratively
• Is set as an access interface operationally
(functioning)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
VLAN Trunks
Packet Tracer – Configure Trunks
In this Packet Tracer activity, you will perform the following:
• Verify VLANs
• Configure Trunks

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
VLAN Trunks
Lab – Configure VLANs and Trunks
In this lab, you will perform the following:
• Build the Network and Configure Basic Device Settings
• Create VLANs and Assign Switch Ports
• Maintain VLAN Port Assignments and the VLAN Database
• Configure an 802.1Q Trunk between the Switches
• Delete the VLAN Database

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Module 10.3:
DTP
(Dynamic Trunking Protocol)
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Dynamic Trunking Protocol
Introduction to DTP
Dynamic Trunking Protocol (DTP) is a proprietary Cisco protocol.
DTP characteristics are as follows:
• On by default on Catalyst 2960 and 2950 switches
• Dynamic-auto is default on the 2960 and 2950 switches
• May be turned off with the nonegotiate command
• May be turned back on by setting the interface to dynamic-auto
• Setting a switch to a static trunk or static access will avoid negotiation issues with the
switchport mode trunk or the switchport mode access commands.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Dynamic Trunking Protocol
Negotiated Interface Modes
The switchport mode command has additional options.
Use the switchport nonegotiate interface configuration command to stop DTP negotiation.

Option Description

Permanent access mode and negotiates to convert the neighboring link

access
into an access link
Will becomes a trunk interface if the neighboring interface is set to trunk
dynamic auto
or desirable mode
Actively seeks to become a trunk by negotiating with other auto or
dynamic desirable
desirable interfaces
Permanent trunking mode and negotiates to convert the neighboring link
trunk
into a trunk link

DTP configuration options are as follows:

Dynamic
Dynamic Auto Trunk Access
Desirable
Dynamic Auto Access Trunk Trunk Access
Dynamic
Trunk Trunk Trunk Access
Desirable
Limited
Trunk Trunk Trunk Trunk
connectivity
Limited
Access Access Access Access
connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Dynamic Trunking Protocol
Verify DTP Mode
The default DTP configuration is
dependent on the Cisco IOS version and
platform.
 Use the show dtp interface command
to determine the current DTP mode.
 Best practice recommends that the
interfaces be set to access or trunk and
to turnoff DTP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Dynamic Trunking Protocol
Packet Tracer – Configure DTP
In this Packet Tracer activity, you will perform the following:
• Configure static trunking

• Configure and verify DTP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Module 10.5:
Router-on-a-Stick Inter-
VLAN Routing
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Router-on-a-Stick Inter-VLAN Routing
Router-on-a-Stick Scenario
• In the figure, the R1 GigabitEthernet 0/0/1 interface is
connected to the S1 FastEthernet 0/5 port. The S1
FastEthernet 0/1 port is connected to the S2 FastEthernet
0/1 port. These are trunk links that are required to forward
traffic within and between VLANs.
• To route between VLANs, the R1 GigabitEthernet 0/0/1
interface is logically divided into three subinterfaces, as
shown in the table. The table also shows the three VLANs
that will be configured on the switches.
• Assume that R1, S1, and S2 have initial basic
configurations. Currently, PC1 and PC2 cannot ping each
other because they are on separate networks. Only S1 and
S2 can ping each other, but they but are unreachable by Subinterface VLAN IP Address
PC1 or PC2 because they are also on different networks.
G0/0/1.10 10 192.168.10.1/24
• To enable devices to ping each other, the switches must be
configured with VLANs and trunking, and the router must be G0/0/1.20 20 192.168.20.1/24
configured for inter-VLAN routing.
G0/0/1.30 99 192.168.99.1/24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Router-on-a-Stick Inter-VLAN Routing
S1 VLAN and Trunking Configuration
Complete the following steps to configure S1 with VLANs and trunking:
• Step 1. Create and name the VLANs.
• Step 2. Create the management interface.
• Step 3. Configure access ports.
• Step 4. Configure trunking ports.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Router-on-a-Stick Inter-VLAN Routing
R1 Subinterface Configuration
The router-on-a-stick method requires you to create a subinterface for each VLAN to be routed.
A subinterface is created using the interface interface_id subinterface_id global configuration
mode command. The subinterface syntax is the physical interface followed by a period and a
subinterface number. Although not required, it is customary to match the subinterface number
with the VLAN number.
Each subinterface is then configured with the following two commands:
• encapsulation dot1q vlan_id [native] - This command configures the subinterface to
respond to 802.1Q encapsulated traffic from the specified vlan-id. The native keyword
option is only appended to set the native VLAN to something other than VLAN 1.
• ip address ip-address subnet-mask - This command configures the IPv4 address of the
subinterface. This address typically serves as the default gateway for the identified VLAN.
Repeat the process for each VLAN to be routed. Each router subinterface must be assigned an
IP address on a unique subnet for routing to occur. When all subinterfaces have been created,
enable the physical interface using the no shutdown interface configuration command. If the
physical interface is disabled, all subinterfaces are disabled.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Router-on-a-Stick Inter-VLAN Routing
R1 Subinterface Configuration (Cont.)
In the configuration, the R1
G0/0/1 subinterfaces are
configured for VLANs 10, 20,
and 99.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Router-on-a-Stick Inter-VLAN Routing
Verify Connectivity Between PC1 and PC2
The router-on-a-stick configuration is complete
after the switch trunk and the router
subinterfaces have been configured. The
configuration can be verified from the hosts,
router, and switch.

From a host, verify connectivity to a host in

another VLAN using the ping command. It is a
good idea to first verify the current host IP
configuration using the ipconfig Windows host
command.

Next, use ping to verify connectivity with PC2

and S1, as shown in the figure.
The ping output successfully confirms inter-
VLAN routing is operating.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Router-on-a-Stick Inter-VLAN Routing
Router-on-a-Stick Inter-VLAN Routing Verification
In addition to using ping between devices, the following show commands can
be used to verify and troubleshoot the router-on-a-stick configuration.
• show ip route
• show ip interface brief
• show interfaces
• show interfaces trunk

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Router-on-a-Stick Inter-VLAN Routing
Packet Tracer– Configure Router-on-a-Stick Inter-VLAN
Routing
In this Packet Tracer, you will complete the following objectives:
• Part 1: Add VLANs to a Switch
• Part 2: Configure Subinterfaces
• Part 3: Test connectivity with Inter-VLAN Routing

In this lab, you will complete the following objectives:

• Part 1: Build the Network and Configure Basic Device Settings
• Part 2: Configure Switches with VLANs and Trunking
• Part 3: Configure Trunk-Based Inter-VLAN Routing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Module 10.6:
Inter-VLAN Routing using
Layer 3 Switches
Switching, Routing, and
Wireless Essentials v7.0
(SRWE)
Inter-VLAN Routing using Layer 3 Switches
Layer 3 Switch Inter-VLAN Routing
Inter-VLAN routing using the router-on-a-stick method is simple to implement for a small to
medium-sized organization. However, a large enterprise requires a faster, much more scalable
method to provide inter-VLAN routing.

Enterprise campus LANs use Layer 3 switches to provide inter-VLAN routing. Layer 3 switches
use hardware-based switching to achieve higher-packet processing rates than routers. Layer 3
switches are also commonly implemented in enterprise distribution layer wiring closets.

Capabilities of a Layer 3 switch include the ability to do the following:

• Route from one VLAN to another using multiple switched virtual interfaces (SVIs).
• Convert a Layer 2 switchport to a Layer 3 interface (i.e., a routed port). A routed port is
similar to a physical interface on a Cisco IOS router.
• To provide inter-VLAN routing, Layer 3 switches use SVIs. SVIs are configured using the
same interface vlan vlan-id command used to create the management SVI on a Layer 2
switch. A Layer 3 SVI must be created for each of the routable VLANs.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Inter-VLAN Routing using Layer 3 Switches
Layer 3 Switch Scenario

In the figure, the Layer 3

switch, D1, is connected to
two hosts on different VLANs.
PC1 is in VLAN 10 and PC2
is in VLAN 20, as shown. The
Layer 3 switch will provide
inter-VLAN routing services
to the two hosts.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Inter-VLAN Routing using Layer 3 Switches
Layer 3 Switch Configuration
Complete the following steps to configure S1 with VLANs and
trunking:
• Step 1. Create the VLANs. In the example, VLANs 10
and 20 are used.
• Step 2. Create the SVI VLAN interfaces. The IP address
configured will serve as the default gateway for hosts in
the respective VLAN.
• Step 3. Configure access ports. Assign the appropriate
port to the required VLAN.
• Step 4. Enable IP routing. Issue the ip routing global
configuration command to allow traffic to be exchanged
between VLANs 10 and 20. This command must be
configured to enable inter-VAN routing on a Layer 3
switch for IPv4.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Inter-VLAN Routing using Layer 3 Switches
Layer 3 Switch Inter-VLAN Routing Verification
Inter-VLAN routing using a Layer 3 switch is simpler to configure than the router-on-a-
stick method. After the configuration is complete, the configuration can be verified by
testing connectivity between the hosts.
• From a host, verify connectivity to a host in another VLAN using the ping command. It
is a good idea to first verify the current host IP configuration using
the ipconfig Windows host command.
• Next, verify connectivity with PC2 using the ping Windows host command.
The successful ping output confirms inter-VLAN routing is operating.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Inter-VLAN Routing using Layer 3 Switches
Routing on a Layer 3 Switch
If VLANs are to be reachable by other Layer 3 devices, then they must be advertised
using static or dynamic routing. To enable routing on a Layer 3 switch, a routed port must
be configured.

A routed port is created on a Layer 3 switch by disabling the switchport feature on a Layer
2 port that is connected to another Layer 3 device. Specifically, configuring the no
switchport interface configuration command on a Layer 2 port converts it into a Layer 3
interface. Then the interface can be configured with an IPv4 configuration to connect to a
router or another Layer 3 switch.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Inter-VLAN Routing using Layer 3 Switches
Routing Scenario on a Layer 3 Switch
In the figure, the previously configured D1 Layer
3 switch is now connected to R1. R1 and D1 are
both in an Open Shortest Path First (OSPF)
routing protocol domain. Assume inter-VLAN has
been successfully implemented on D1. The
G0/0/1 interface of R1 has also been configured
and enabled. Additionally, R1 is using OSPF to
advertise its two networks, 10.10.10.0/24 and
10.20.20.0/24.

Note: OSPF routing configuration is covered in

another course. In this module, OSPF
configuration commands will be given to you in all
activities and assessments. It is not required that
you understand the configuration in order to
enable OSPF routing on the Layer 3 switch.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Inter-VLAN Routing using Layer 3 Switches
Routing Configuration on a Layer 3 Switch
Complete the following steps to configure D1 to route with R1:
• Step 1. Configure the routed port. Use the no switchport command to convert the port to a routed
port, then assign an IP address and subnet mask. Enable the port.
• Step 2. Enable routing. Use the ip routing global configuration command to enable routing.
• Step 3. Configure routing. Use an appropriate routing method. In this example, Single-Area
OSPFv2 is configured
• Step 4. Verify routing. Use the show ip route command.
• Step 5. Verify connectivity. Use the ping command to verify reachability.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Inter-VLAN Routing using Layer 3 Switches
Packet Tracer – Configure Layer 3 Switching and inter-
VLAN Routing
In this Packet Tracer, you will complete the following objectives:
• Part 1: Configure Layer 3 Switching
• Part 2: Configure Inter-VLAN Routing
• Part 3: Configure IPv6 Inter-VLAN Routing

Switching, Routing and Wireless

Essentials v7.0 (SRWE)
Module 11.1: Purpose of STP
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Purpose of STP
Redundancy in Layer 2 Switched Networks
• This topic covers the causes of loops in a Layer 2 network and briefly explains how spanning tree
protocol works. Redundancy is an important part of the hierarchical design for eliminating single
points of failure and preventing disruption of network services to users. Redundant networks
require the addition of physical paths, but logical redundancy must also be part of the design.
Having alternate physical paths for data to traverse the network makes it possible for users to
access network resources, despite path disruption. However, redundant paths in a switched
Ethernet network may cause both physical and logical Layer 2 loops.
• Ethernet LANs require a loop-free topology with a single path between any two devices. A loop in
an Ethernet LAN can cause continued propagation of Ethernet frames until a link is disrupted and
breaks the loop.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Purpose of STP
Spanning Tree Protocol
• Spanning Tree Protocol (STP) is
a loop-prevention network
protocol that allows for
redundancy while creating a
loop-free Layer 2 topology.
• STP logically blocks physical
loops in a Layer 2 network,
preventing frames from circling
the network forever.

STP compensates for a failure in

the network by recalculating and
opening up previously blocked
ports.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Purpose of STP
Issues with Redundant Switch Links
• Path redundancy provides multiple network services by eliminating the possibility of a single point
of failure. When multiple paths exist between two devices on an Ethernet network, and there is no
spanning tree implementation on the switches, a Layer 2 loop occurs. A Layer 2 loop can result in
MAC address table instability, link saturation, and high CPU utilization on switches and end-
devices, resulting in the network becoming unusable.
• Layer 2 Ethernet does not include a mechanism to recognize and eliminate endlessly looping
frames. Both IPv4 and IPv6 include a mechanism that limits the number of times a Layer 3
networking device can retransmit a packet. A router will decrement the TTL (Time to Live) in every
IPv4 packet, and the Hop Limit field in every IPv6 packet. When these fields are decremented to 0,
a router will drop the packet. Ethernet and Ethernet switches have no comparable mechanism for
limiting the number of times a switch retransmits a Layer 2 frame. STP was developed specifically
as a loop prevention mechanism for Layer 2 Ethernet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Purpose of STP
Layer 2 Loops
• Without STP enabled, Layer 2 loops can form, causing broadcast, multicast and unknown
unicast frames to loop endlessly. This can bring down a network quickly.
• When a loop occurs, the MAC address table on a switch will constantly change with the updates
from the broadcast frames, which results in MAC database instability. This can cause high CPU
utilization, which makes the switch unable to forward frames.
• An unknown unicast frame is when the switch does not have the destination MAC address in its
MAC address table and must forward the frame out all ports, except the ingress port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Purpose of STP
Broadcast Storm
• A broadcast storm is an abnormally high number of broadcasts overwhelming the network
during a specific amount of time. Broadcast storms can disable a network within seconds by
overwhelming switches and end devices. Broadcast storms can be caused by a hardware
problem such as a faulty NIC or from a Layer 2 loop in the network.
• Layer 2 broadcasts in a network, such as ARP Requests are very common. Layer 2
multicasts are typically forwarded the same way as a broadcast by the switch. IPv6 packets
are never forwarded as a Layer 2 broadcast, ICMPv6 Neighbor Discovery uses Layer 2
multicasts.
• A host caught in a Layer 2 loop is not accessible to other hosts on the network. Additionally,
due to the constant changes in its MAC address table, the switch does not know out of which
port to forward unicast frames.
• To prevent these issues from occurring in a redundant network, some type of spanning tree
must be enabled on the switches. Spanning tree is enabled, by default, on Cisco switches to
prevent Layer 2 loops from occurring.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Purpose of STP
The Spanning Tree Algorithm
• STP is based on an algorithm invented by Radia Perlman while working for Digital Equipment
Corporation, and published in the 1985 paper "An Algorithm for Distributed Computation of a
Spanning Tree in an Extended LAN.” Her spanning tree algorithm (STA) creates a loop-free
topology by selecting a single root bridge where all other switches determine a single least-cost
path.
• STP prevents loops from occurring by configuring a loop-free path through the network using
strategically placed "blocking-state" ports. The switches running STP are able to compensate for
failures by dynamically unblocking the previously blocked ports and permitting traffic to traverse
the alternate paths.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Purpose of STP
The Spanning Tree Algorithm (Cont.)
How does the STA create a loop-free topology?
• Selecting a Root Bridge: This bridge (switch) is the reference point for the entire network to build a
spanning tree around.
• Block Redundant Paths: STP ensures that there is only one logical path between all destinations on
the network by intentionally blocking redundant paths that could cause a loop. When a port is
blocked, user data is prevented from entering or leaving that port.
• Create a Loop-Free Topology: A blocked port has the effect of making that link a non-forwarding link
between the two switches. This creates a topology where each switch has only a single path to the
root bridge, similar to branches on a tree that connect to the root of the tree.
• Recalculate in case of Link Failure: The physical paths still exist to provide redundancy, but these
paths are disabled to prevent the loops from occurring. If the path is ever needed to compensate for
a network cable or switch failure, STP recalculates the paths and unblocks the necessary ports to
allow the redundant path to become active. STP recalculations can also occur any time a new
switch or new inter-switch link is added to the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Purpose of STP
Packet Tracer – Investigate STP Loop Prevention
In this Packet Tracer activity, you will complete the following objectives:
• Create and configure a simple three switch network with STP.
• View STP operation.
• Disable STP and view operation again.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Module 11.2: STP Operations
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
STP Operations
Steps to a Loop-Free Topology
Using the STA, STP builds a loop-free topology in a four-step process:
1. Elect the root bridge.
2. Elect the root ports.
3. Elect designated ports.
4. Elect alternate (blocked) ports.
• During STA and STP functions, switches use Bridge Protocol Data Units (BPDUs) to share
information about themselves and their connections. BPDUs are used to elect the root bridge, root
ports, designated ports, and alternate ports.
• Each BPDU contains a bridge ID (BID) that identifies which switch sent the BPDU. The BID is
involved in making many of the STA decisions including root bridge and port roles.
• The BID contains a priority value, the MAC address of the switch, and an extended system ID. The
lowest BID value is determined by the combination of these three fields.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
STP Operations
Steps to a Loop-Free Topology (Cont.)
• Bridge Priority: The default priority value for all Cisco switches is the decimal value 32768. The
range is 0 to 61440 in increments of 4096. A lower bridge priority is preferable. A bridge priority of 0
takes precedence over all other bridge priorities.
• Extended System ID: The extended system ID value is a decimal value added to the bridge
priority value in the BID to identify the VLAN for this BPDU.
• MAC address: When two switches are configured with the same priority and have the same
extended system ID, the switch having the MAC address with the lowest value, expressed in
hexadecimal, will have the lower BID.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
STP Operations
1. Elect the Root Bridge
• The STA designates a single switch as the root
bridge and uses it as the reference point for all
path calculations. Switches exchange BPDUs
to build the loop-free topology beginning with
selecting the root bridge.
• All switches in the broadcast domain
participate in the election process. After a
switch boots, it begins to send out BPDU
frames every two seconds. These BPDU
frames contain the BID of the sending switch
and the BID of the root bridge, known as the
Root ID.
• The switch with the lowest BID will become the
root bridge. At first, all switches declare
themselves as the root bridge with their own
BID set as the Root ID. Eventually, the
switches learn through the exchange of BPDUs
which switch has the lowest BID and will agree
on one root bridge.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
STP Operations
Impact of Default BIDs
• Because the default BID is 32768, it is possible for
two or more switches to have the same priority. In
this scenario, where the priorities are the same,
the switch with the lowest MAC address will
become the root bridge. The administrator should
configure the desired root bridge switch with a
lower priority.
• In the figure, all switches are configured with the
same priority of 32769. Here the MAC address
becomes the deciding factor as to which switch
becomes the root bridge. The switch with the
lowest hexadecimal MAC address value is the
preferred root bridge. In this example, S2 has the
lowest value for its MAC address and is elected
as the root bridge for that spanning tree instance.
• Note: The priority of all the switches is 32769. The
value is based on the 32768 default bridge priority
and the extended system ID (VLAN 1 assignment)
associated with each switch (32768+1).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
STP Operations
Determine the Root Path Cost
• When the root bridge has been elected for a given spanning tree instance, the STA starts determining the best paths to
the root bridge from all destinations in the broadcast domain. The path information, known as the internal root path cost,
is determined by the sum of all the individual port costs along the path from the switch to the root bridge.
• When a switch receives the BPDU, it adds the ingress port cost of the segment to determine its internal root path cost.
• The default port costs are defined by the speed at which the port operates. The table shows the default port costs
suggested by IEEE. Cisco switches by default use the values as defined by the IEEE 802.1D standard, also known as
the short path cost, for both STP and RSTP.
• Although switch ports have a default port cost associated with them, the port cost is configurable. The ability to
configure individual port costs gives the administrator the flexibility to manually control the spanning tree paths to the
root bridge.

STP Cost: IEEE RSTP Cost: IEEE

Link Speed
802.1D-1998 802.1w-2004
10 Gbps 2 2,000
1 Gbps 4 20,000
100 Mbps 19 200,000
10 Mbps 100 2,000,000

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
STP Operations
2. Elect the Root Ports
• After the root bridge has been determined, the
STA algorithm is used to select the root port.
Every non-root switch will select one root port.
The root port is the port closest to the root bridge
in terms of overall cost to the root bridge. This
overall cost is known as the internal root path
cost.
• The internal root path cost is equal to the sum of
all the port costs along the path to the root
bridge, as shown in the figure. Paths with the
lowest cost become preferred, and all other
redundant paths are blocked. In the example, the
internal root path cost from S2 to the root bridge
S1 over path 1 is 19 while the internal root path
cost over path 2 is 38. Because path 1 has a
lower overall path cost to the root bridge, it is the
preferred path and F0/1 becomes the root port
on S2.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
STP Operations
3. Elect Designated Ports
• Every segment between two switches will have one
designated port. The designated port is a port on the
segment that has the internal root path cost to the
root bridge. In other words, the designated port has
the best path to receive traffic leading to the root
bridge.
• What is not a root port or a designated port becomes
an alternate or blocked port.
• All ports on the root bridge are designated ports.
• If one end of a segment is a root port, the other end
is a designated port.
• All ports attached to end devices are designated
ports.
• On segments between two switches where neither of
the switches is the root bridge, the port on the switch
with the least-cost path to the root bridge is a
designated port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
STP Operations
4. Elect Alternate (Blocked) Ports
If a port is not a root port or a
designated port, then it becomes an
alternate (or backup) port. Alternate
ports are in discarding or blocking
state to prevent loops. In the figure,
the STA has configured port F0/2 on
S3 in the alternate role. Port F0/2 on
S3 is in the blocking state and will
not forward Ethernet frames. All
other inter-switch ports are in
forwarding state. This is the loop-
prevention part of STP.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
STP Operations
Elect a Root Port from Multiple Equal-Cost Paths
When a switch has multiple equal-cost paths to the root bridge, the switch will determine a port using
the following criteria:
• Lowest sender BID
• Lowest sender port priority
• Lowest sender port ID

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
STP Operations
Elect a Root Port from Multiple Equal-Cost Paths (Cont.)
Lowest Sender BID: This topology has four switches with switch S1 as the root bridge. Port F0/1 on switch S3 and
port F0/3 on switch S4 have been selected as root ports because they have the root path cost to the root bridge for
their respective switches. S2 has two ports, F0/1 and F0/2 with equal cost paths to the root bridge. The bridge IDs of
S3 and S4, will be used to break the tie. This is known as the sender’s BID. S3 has a BID of 32769.5555.5555.5555
and S4 has a BID of 32769.1111.1111.1111. Because S4 has a lower BID, the F0/1 port of S2, which is the port
connected to S4, will be the root port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
STP Operations
Elect a Root Port from Multiple Equal-Cost Paths (Cont.)
Lowest Sender Port Priority: This topology has two switches which are connected with two equal-
cost paths between them. S1 is the root bridge, so both of its ports are designated ports.
• S4 has two ports with equal-cost paths to the root bridge. Because both ports are connected to
the same switch, the sender’s BID (S1) is equal. So the first step is a tie.
• Next, is the sender’s (S1) port priority. The default port priority is 128, so both ports on S1 have
the same port priority. This is also a tie. However, if either port on S1 was configured with a lower
port priority, S4 would put its adjacent port in forwarding state. The other port on S4 would be a
blocking state.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
STP Operations
Elect a Root Port from Multiple Equal-Cost Paths (Cont.)
• Lowest Sender Port ID: The last tie-breaker is the lowest sender’s port ID. Switch S4 has
received BPDUs from port F0/1 and port F0/2 on S1. The decision is based on the sender’s port
ID, not the receiver’s port ID. Because the port ID of F0/1 on S1 is lower than port F0/2, the port
F0/6 on switch S4 will be the root port. This is the port on S4 that is connected to the F0/1 port on
S1.
• Port F0/5 on S4 will become an alternate port and placed in the blocking state.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
STP Operations
STP Timers and Port States
STP convergence requires three timers, as follows:
• Hello Timer -The hello time is the interval between BPDUs. The default is 2 seconds but can be
modified to between 1 and 10 seconds.
• Forward Delay Timer -The forward delay is the time that is spent in the listening and learning
state. The default is 15 seconds but can be modified to between 4 and 30 seconds.
• Max Age Timer -The max age is the maximum length of time that a switch waits before attempting
to change the STP topology. The default is 20 seconds but can be modified to between 6 and 40
seconds.
Note: The default times can be changed on the root bridge, which dictates the value of these timers for
the STP domain.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
STP Operations
STP Timers and Port States (Cont.)
STP facilitates the logical loop-free path throughout the broadcast domain. The spanning tree is determined through the
information learned by the exchange of the BPDU frames between the interconnected switches. If a switch port
transitions directly from the blocking state to the forwarding state without information about the full topology during the
transition, the port can temporarily create a data loop. For this reason, STP has five ports states, four of which are
operational port states as shown in the figure. The disabled state is considered non-operational.

The table summarizes the operational details of each port state

Forwarding Data
Port State BPDU MAC Address Table
Frames
Blocking Receive only No update No

Listening Receive and send No update No

Learning Receive and send Updating table No

Forwarding Receive and send Updating table Yes

Disabled None sent or received No update No

STP can be configured to operate in an environment with multiple VLANs. In Per-VLAN Spanning Tree
(PVST) versions of STP, there is a root bridge elected for each spanning tree instance. This makes it
possible to have different root bridges for different sets of VLANs. STP operates a separate instance of
STP for each individual VLAN. If all ports on all switches are members of VLAN 1, then there is only
one spanning tree instance.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Module 11.3:
EtherChannel Operation
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
EtherChannel Operation
Link Aggregation
• There are scenarios in which more bandwidth or redundancy between devices is
needed than what can be provided by a single link. Multiple links could be connected
between devices to increase bandwidth. However, Spanning Tree Protocol (STP),
which is enabled on Layer 2 devices like Cisco switches by default, will block
redundant links to prevent switching loops.
• A link aggregation technology is needed that allows redundant links between devices
that will not be blocked by STP. That technology is known as EtherChannel.
• EtherChannel is a link aggregation technology that groups multiple physical Ethernet
links together into one single logical link. It is used to provide fault-tolerance, load
sharing, increased bandwidth, and redundancy between switches, routers, and
servers.
• EtherChannel technology makes it possible to combine the number of physical links
between the switches to increase the overall speed of switch-to-switch
communication.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
EtherChannel Operation
EtherChannel
EtherChannel technology was
originally developed by Cisco as a
LAN switch-to-switch technique of
grouping several Fast Ethernet or
Gigabit Ethernet ports into one
logical channel.

When an EtherChannel is
configured, the resulting virtual
interface is called a port channel.
The physical interfaces are
bundled together into a port
channel interface, as shown in the
figure.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
EtherChannel Operation
Advantages of EtherChannel
EtherChannel technology has many advantages, including the following:
• Most configuration tasks can be done on the EtherChannel interface instead of on each
individual port, ensuring configuration consistency throughout the links.
• EtherChannel relies on existing switch ports. There is no need to upgrade the link to a faster
and more expensive connection to have more bandwidth.
• Load balancing takes place between links that are part of the same EtherChannel.
• EtherChannel creates an aggregation that is seen as one logical link. When several
EtherChannel bundles exist between two switches, STP may block one of the bundles to
prevent switching loops. When STP blocks one of the redundant links, it blocks the entire
EtherChannel. This blocks all the ports belonging to that EtherChannel link. Where there is only
one EtherChannel link, all physical links in the EtherChannel are active because STP sees only
one (logical) link.
• EtherChannel provides redundancy because the overall link is seen as one logical connection.
Additionally, the loss of one physical link within the channel does not create a change in the
topology.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
EtherChannel Operation
Implementation Restrictions
EtherChannel has certain implementation restrictions, including the following:
• Interface types cannot be mixed. For example, Fast Ethernet and Gigabit Ethernet
cannot be mixed within a single EtherChannel.
• Currently each EtherChannel can consist of up to eight compatibly-configured
Ethernet ports. EtherChannel provides full-duplex bandwidth up to 800 Mbps (Fast
EtherChannel) or 8 Gbps (Gigabit EtherChannel) between one switch and another
switch or host.
• The Cisco Catalyst 2960 Layer 2 switch currently supports up to six EtherChannels.
• The individual EtherChannel group member port configuration must be consistent on
both devices. If the physical ports of one side are configured as trunks, the physical
ports of the other side must also be configured as trunks within the same native
VLAN. Additionally, all ports in each EtherChannel link must be configured as Layer 2
ports.
• Each EtherChannel has a logical port channel interface. A configuration applied to the
port channel interface affects all physical interfaces that are assigned to that interface.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
EtherChannel Operation
AutoNegotiation Protocols
EtherChannels can be formed through negotiation using one of two protocols, Port
Aggregation Protocol (PAgP) or Link Aggregation Control Protocol (LACP). These
protocols allow ports with similar characteristics to form a channel through dynamic
negotiation with adjoining switches.

Note: It is also possible to configure a static or unconditional EtherChannel without PAgP

or LACP.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
EtherChannel Operation
PAgP Operation
PAgP (pronounced “Pag - P”) is a Cisco-proprietary protocol that aids in the automatic creation of
EtherChannel links. When an EtherChannel link is configured using PAgP, PAgP packets are sent
between EtherChannel-capable ports to negotiate the forming of a channel. When PAgP identifies
matched Ethernet links, it groups the links into an EtherChannel. The EtherChannel is then added to
the spanning tree as a single port.

When enabled, PAgP also manages the EtherChannel. PAgP packets are sent every 30 seconds.
PAgP checks for configuration consistency and manages link additions and failures between two
switches. It ensures that when an EtherChannel is created, all ports have the same type of
configuration.

Note: In EtherChannel, it is mandatory that all ports have the same speed, duplex setting, and VLAN
information. Any port modification after the creation of the channel also changes all other channel ports.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
EtherChannel Operation
PAgP Operation (Cont.)
PAgP helps create the EtherChannel link by detecting the configuration of each side and ensuring that links
are compatible so that the EtherChannel link can be enabled when needed. The modes for PAgP as follows:
• On - This mode forces the interface to channel without PAgP. Interfaces configured in the on mode do
not exchange PAgP packets.
• PAgP desirable - This PAgP mode places an interface in an active negotiating state in which the
interface initiates negotiations with other interfaces by sending PAgP packets.
• PAgP auto - This PAgP mode places an interface in a passive negotiating state in which the interface
responds to the PAgP packets that it receives but does not initiate PAgP negotiation.
The modes must be compatible on each side. If one side is configured to be in auto mode, it is placed in a
passive state, waiting for the other side to initiate the EtherChannel negotiation. If the other side is also set
to auto, the negotiation never starts and the EtherChannel does not form. If all modes are disabled by using
the no command, or if no mode is configured, then the EtherChannel is disabled. The on mode manually
places the interface in an EtherChannel, without any negotiation. It works only if the other side is also set to
on. If the other side is set to negotiate parameters through PAgP, no EtherChannel forms, because the side
that is set to on mode does not negotiate. No negotiation between the two switches means there is no
checking to make sure that all the links in the EtherChannel are terminating on the other side, or that there
is PAgP compatibility on the other switch.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
EtherChannel Operation
PAgP Mode Settings Example

The table shows the various combination of PAgP modes on S1 and S2 and the resulting channel establishment
outcome.
S1 S2 Channel Establishment

On On Yes

On Desirable/Auto No

Desirable Desirable Yes

Desirable Auto Yes

Auto Desirable Yes

Auto Auto No
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
EtherChannel Operation
LACP Operation
LACP is part of an IEEE specification (802.3ad) that allows several physical ports to be bundled to form
a single logical channel. LACP allows a switch to negotiate an automatic bundle by sending LACP
packets to the other switch. It performs a function similar to PAgP with Cisco EtherChannel. Because
LACP is an IEEE standard, it can be used to facilitate EtherChannels in multivendor environments. On
Cisco devices, both protocols are supported.

LACP provides the same negotiation benefits as PAgP. LACP helps create the EtherChannel link by
detecting the configuration of each side and making sure that they are compatible so that the
EtherChannel link can be enabled when needed. The modes for LACP are as follows:
• On - This mode forces the interface to channel without LACP. Interfaces configured in the on
mode do not exchange LACP packets.
• LACP active - This LACP mode places a port in an active negotiating state. In this state, the port
initiates negotiations with other ports by sending LACP packets.
• LACP passive - This LACP mode places a port in a passive negotiating state. In this state, the
port responds to the LACP packets that it receives but does not initiate LACP packet negotiation.

The table shows the various combination of LACP modes on S1 and S2 and the resulting channel establishment outcome.
S1 S2 Channel Establishment
On On Yes
On Active/Passive No
Active Active Yes
Active Passive Yes
Passive Active Yes
Passive Passive No
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Module 11.4:
Configure EtherChannel
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Configure EtherChannel
Configuration Guidelines
The following guidelines and restrictions are useful for configuring EtherChannel:
• EtherChannel support - All Ethernet interfaces must support EtherChannel with no
requirement that interfaces be physically contiguous.
• Speed and duplex - Configure all interfaces in an EtherChannel to operate at the
same speed and in the same duplex mode.
• VLAN match - All interfaces in the EtherChannel bundle must be assigned to the
same VLAN or be configured as a trunk (shown in the figure).
• Range of VLANs - An EtherChannel supports the same allowed range of VLANs on
all the interfaces in a trunking EtherChannel. If the allowed range of VLANs is not the
same, the interfaces do not form an EtherChannel, even when they are set
to auto or desirable mode.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Configure EtherChannel
Configuration Guidelines (Cont.)
• The figure shows a configuration that would allow an EtherChannel to form between S1 and
S2.
• If these settings must be changed, configure them in port channel interface configuration
mode. Any configuration that is applied to the port channel interface also affects individual
interfaces. However, configurations that are applied to the individual interfaces do not affect
the port channel interface. Therefore, making configuration changes to an interface that is
part of an EtherChannel link may cause interface compatibility issues.
• The port channel can be configured in access mode, trunk mode (most common), or on a
routed port.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Configure EtherChannel
LACP Configuration Example
Configuring EtherChannel with LACP requires the following three steps:
• Step 1. Specify the interfaces that compose the EtherChannel group using the interface
range interface global configuration mode command. The range keyword allows you to select several
interfaces and configure them all together.
• Step 2. Create the port channel interface with the channel-group identifier mode active command in
interface range configuration mode. The identifier specifies a channel group number. The mode
active keywords identify this as an LACP EtherChannel configuration.
• Step3. To change Layer 2 settings on the port channel interface, enter port channel interface configuration
mode using the interface port-channel command, followed by the interface identifier. In the example, S1 is
configured with an LACP EtherChannel. The port channel is configured as a trunk interface with the allowed
VLANs specified.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Configure EtherChannel
Packet Tracer – Configure EtherChannel
In this Packet Tracer, you will complete the following objectives:
• Configure Basic Switch Settings
• Configure an EtherChannel with Cisco PAgP
• Configure and 802.3ad EtherChannel
• Configure a Redundant EtherChannel Link

Switching, Routing and Wireless

Essentials v7.0 (SRWE)
Module 12.1:
DHCPv4 Concepts
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
DHCPv4 Concepts
DHCPv4 Server and Client
• Dynamic Host Configuration Protocol v4 (DHCPv4) assigns IPv4 addresses and other
network configuration information dynamically. Because desktop clients typically make up the
bulk of network nodes, DHCPv4 is an extremely useful and timesaving tool for network
administrators.
• A dedicated DHCPv4 server is scalable and relatively easy to manage. However, in a small
branch or SOHO location, a Cisco router can be configured to provide DHCPv4 services
without the need for a dedicated server. Cisco IOS software supports an optional, full-
featured DHCPv4 server.
• The DHCPv4 server dynamically assigns, or leases, an IPv4 address from a pool of
addresses for a limited period of time chosen by the server, or until the client no longer
needs the address.
• Clients lease the information from the server for an administratively defined period.
Administrators configure DHCPv4 servers to set the leases to time out at different intervals.
The lease is typically anywhere from 24 hours to a week or more. When the lease expires,
the client must ask for another address, although the client is typically reassigned the same
address.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
DHCPv4 Concepts
DHCPv4 Operation
DHCPv4 works in a client/server mode. When a client communicates with a DHCPv4
server, the server assigns or leases an IPv4 address to that client.
• The client connects to the network with that leased IPv4 address until the lease
expires. The client must contact the DHCP server periodically to extend the lease.
• This lease mechanism ensures that clients that move or power off do not keep
addresses that they no longer need.
• When a lease expires, the DHCP server returns the address to the pool where it can
be reallocated as necessary.

When the client boots (or

otherwise wants to join a
network), it begins a four-step
process to obtain a lease:
1. DHCP Discover
(DHCPDISCOVER)
2. DHCP Offer (DHCPOFFER)
3. DHCP Request
(DHCPREQUEST)
4. DHCP Acknowledgment
(DHCPACK)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
DHCPv4 Concepts
Steps to Renew a Lease
Prior to lease expiration, the client begins a two-
step process to renew the lease with the DHCPv4
server, as shown in the figure:

1. DHCP Request (DHCPREQUEST)

Before the lease expires, the client sends a
DHCPREQUEST message directly to the
DHCPv4 server that originally offered the IPv4
address. If a DHCPACK is not received within a
specified amount of time, the client broadcasts
another DHCPREQUEST so that one of the other
DHCPv4 servers can extend the lease. Note: These messages (primarily the DHCPOFFER and
DHCPACK) can be sent as unicast or broadcast according
2. DHCP Acknowledgment (DHCPACK) to IETF RFC 2131.
On receiving the DHCPREQUEST message, the
server verifies the lease information by returning a
DHCPACK.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Module 12.1:
Configure a Cisco IOS DHCPv4
Server and Client
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Configure a Cisco IOS DHCPv4 Server
Cisco IOS DHCPv4 Server
Now you have a basic understanding of how DHCPv4 works and how it can make your
job a bit easier. A Cisco router running Cisco IOS software can be configured to act as a
DHCPv4 server. The Cisco IOS DHCPv4 server assigns and manages IPv4 addresses
from specified address pools within the router to DHCPv4 clients.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Configure a Cisco IOS DHCPv4 Server
Steps to Configure a Cisco IOS DHCPv4 Server
Use the following steps to configure a Cisco IOS DHCPv4 server:
• Step 1. Exclude IPv4 addresses. A single address or a range of addresses can be
excluded by specifying the low-address and high-address of the range. Excluded
addresses should be those addresses that are assigned to routers, servers, printers,
and other devices that have been, or will be, manually configured. You can also enter
the command multiple times. The command is ip dhcp excluded-address low-
address [high-address]
• Step 2. Define a DHCPv4 pool name. The ip dhcp pool pool-name command creates
a pool with the specified name and puts the router in DHCPv4 configuration mode,
which is identified by the prompt Router(dhcp-config)#.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Configure a Cisco IOS DHCPv4 Server
Steps to Configure a Cisco IOS DHCPv4 Server (Cont.)
• Step 3. Configure the DHCPv4 pool. The address pool and default gateway router must be
configured. Use the network statement to define the range of available addresses. Use
the default-router command to define the default gateway router. These commands and
other optional commands are shown in the table.

Task IOS Command

Define the address pool. network network-number [mask | / prefix-length]

Define the default router or gateway. default-router address [ address2….address8]

Define a DNS server. dns-server address [ address2…address8]

Define the domain name. domain-name domain

Define the duration of the DHCP lease. lease {days [hours [ minutes]] | infinite}

Define the NetBIOS WINS server. netbios-name-server address [ address2…address8]

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Configure a Cisco IOS DHCPv4 Server
DHCPv4 Verification
Use the commands in the table to verify that the Cisco IOS DHCPv4 server is operational .

Command Description

show running-config | section dhcp Displays the DHCPv4 commands configured on the router.

Displays a list of all IPv4 address to MAC address bindings provided by the
show ip dhcp binding
DHCPv4 service.

Displays count information regarding the number of DHCPv4 messages

show ip dhcp server statistics
that have been sent and received

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Configure a Cisco IOS DHCPv4 Server
Verify DHCPv4 is Operational
Verify the DHCPv4 Configuration: As shown in the example, the show running-config
| section dhcp command output displays the DHCPv4 commands configured on R1.
The | section parameter displays only the commands associated with DHCPv4
configuration.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Configure a Cisco IOS DHCPv4 Server
Verify DHCPv4 is Operational (Cont.)
Verify DHCPv4 Bindings: As shown in the example, the operation of DHCPv4 can be
verified using the show ip dhcp binding command. This command displays a list of all
IPv4 address to MAC address bindings that have been provided by the DHCPv4 service.

Verify DHCPv4 Statistics: The output

of the show ip dhcp server
statistics is used to verify that
messages are being received or sent by
the router. This command displays count
information regarding the number of
DHCPv4 messages that have been sent
and received.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Configure a Cisco IOS DHCPv4 Server
Verify DHCPv4 is Operational (Cont.)
Verify DHCPv4 Client Received IPv4
Addressing: The ipconfig
/all command, when issued on PC1,
displays the TCP/IP parameters, as
shown in the example. Because PC1
was connected to the network
segment 192.168.10.0/24, it
automatically received a DNS suffix,
IPv4 address, subnet mask, default
gateway, and DNS server address
from that pool. No DHCP-specific
router interface configuration is
required. If a PC is connected to a
network segment that has a DHCPv4
pool available, the PC can obtain an
IPv4 address from the appropriate
pool automatically.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Configure a Cisco IOS DHCPv4 Server
Disable the Cisco IOS DHCPv4 Server
The DHCPv4 service is enabled by
default. To disable the service, use
the no service dhcp global
configuration mode command. Use
the service dhcp global
configuration mode command to re-
enable the DHCPv4 server process,
as shown in the example. Enabling
the service has no effect if the
parameters are not configured.
Note: Clearing the DHCP bindings
or stopping and restarting the DHCP
service may result in duplicate IP
addresses being temporarily
assigned on the network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Configure a Cisco IOS DHCPv4 Server
DHCPv4 Relay
• In a complex hierarchical network, enterprise servers are usually located centrally. These servers may
provide DHCP, DNS, TFTP, and FTP services for the network. Network clients are not typically on the
same subnet as those servers. In order to locate the servers and receive services, clients often use
broadcast messages.
• In the figure, PC1 is attempting to acquire an IPv4 address from a DHCPv4 server using a broadcast
message. In this scenario, R1 is not configured as a DHCPv4 server and does not forward the
broadcast. Because the DHCPv4 server is located on a different network, PC1 cannot receive an IP
address using DHCP. R1 must be configured to relay DHCPv4 messages to the DHCPv4 server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Configure a Cisco IOS DHCPv4 Server
DHCPv4 Relay (Cont.)
• Configure R1 with the ip helper-address address interface configuration command.
This will cause R1 to relay DHCPv4 broadcasts to the DHCPv4 server. As shown in
the example, the interface on R1 receiving the broadcast from PC1 is configured to
relay DHCPv4 address to the DHCPv4 server at 192.168.11.6.
• When R1 has been configured as a DHCPv4 relay agent, it accepts broadcast
requests for the DHCPv4 service and then forwards those requests as a unicast to the
IPv4 address 192.168.11.6. The network administrator can use the show ip
interface command to verify the configuration.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Configure a Cisco IOS DHCPv4 Server
Other Service Broadcasts Relayed
DHCPv4 is not the only service that the router can be configured to relay. By default,
the ip helper-address command forwards the following eight UDP services:
• Port 37: Time
• Port 49: TACACS
• Port 53: DNS
• Port 67: DHCP/BOOTP server
• Port 68: DHCP/BOOTP client
• Port 69: TFTP
• Port 137: NetBIOS name service
• Port 138: NetBIOS datagram service

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Configure a Cisco IOS DHCPv4 Server
Packet Tracer – Configure DHCPv4
In this Packet Tracer Activity, you will complete the following objectives:
• Part 1: Configure a Router as a DHCP Server
• Part 2: Configure DHCP Relay
• Part 3: Configure a Router as a DHCP Client
• Part 4: Verify DHCP and Connectivity

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Configure a DHCPv4 Client
Cisco Router as a DHCPv4 Client
There are scenarios where you might have access to a DHCP server through your ISP. In these
instances, you can configure a Cisco IOS router as a DHCPv4 client.
• Sometimes, Cisco routers in a small office or home office (SOHO) and branch sites have to be
configured as DHCPv4 clients in a similar manner to client computers. The method used depends
on the ISP. However, in its simplest configuration, the Ethernet interface is used to connect to a
cable or DSL modem.
• To configure an Ethernet interface as a DHCP client, use the ip address dhcp
interface configuration mode command.
• In the figure, assume that an ISP has been configured to provide select customers with IP
addresses from the 209.165.201.0/27 network range after the G0/0/1 interface is configured with
the ip address dhcp command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Configure a DHCPv4 Client
Configuration Example
• To configure an Ethernet interface as a DHCP client, use the ip address dhcp interface configuration
mode command, as shown in the example. This configuration assumes that the ISP has been configured to
provide select customers with IPv4 addressing information.
• The show ip interface g0/1 command confirms that the interface is up and that the address was allocated
by a DHCPv4 server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Configure a DHCPv4 Client
Home Router as a DHCPv4 Client
Home routers are typically already set to receive IPv4 addressing information automatically from the
ISP. This is so that customers can easily set up the router and connect to the internet.
• For example, the figure shows the default WAN setup page for a Packet Tracer wireless router.
Notice that the internet connection type is set to Automatic Configuration - DHCP. This
selection is used when the router is connected to a DSL or cable modem and acts as a DHCPv4
client, requesting an IPv4 address from the ISP.
• Various manufacturers of home routers will have a similar setup.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Module 12.4: SLAAC
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
SLAAC
SLAAC Overview
Not every network has access to a DHCPv6 server but every device in an IPv6 network
needs a GUA. The SLAAC method enables hosts to create their own unique IPv6 global
unicast address without the services of a DHCPv6 server.
• SLAAC is a stateless service which means there is no server that maintains network
address information to know which IPv6 addresses are being used and which ones
are available.
• SLAAC sends periodic ICMPv6 RA messages (i.e., every 200 seconds) providing
addressing and other configuration information for hosts to autoconfigure their IPv6
address based on the information in the RA.
• A host can also send a Router Solicitation (RS) message requesting an RA.
• SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6.

The R1 G0/0/01 IPv6 addresses include:

• Link-local IPv6 address - fe80::1
• GUA / subnet - 2001:db8:acad:1::1,
2001:db8:acad:1::/64
• IPv6 all-nodes group - ff02::1

R1 is configured to join the all IPv6 multicast group and

start sending RA messages containing address
configuration information to hosts using SLAAC.

• The show ipv6 interface command verifies

that R1 has joined the IPv6 all-routers group
(i.e., ff02::2).

• R1 will now begin to send RA messages

every 200 seconds to the IPv6 all-nodes
multicast address ff02::1.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
SLAAC
SLAAC Only Method
RA messages from R1 have the following flags set:
• A = 1 – Informs the client to use the IPv6 GUA prefix in
the RA and dynamically create its own Interface ID.
• O = 0 and M = 0 – Informs the client to also use the
additional information in the RA message (i.e., DNS
server, MTU, and default gateway information).

• The ipconfig Windows command confirms that

PC1 has generated an IPv6 GUS using the R1 RA.
• The default gateway address is LLA of the R1
G0/0/1 interface.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
SLAAC
ICMPv6 RS Messages
A router sends RA messages every 200 seconds or when it receives an RS message
from a host.
• IPv6 enabled hosts wishing to obtain IPv6 addressing information send an RS
message to the IPv6 all-routers multicast address of ff02::2.

The figure illustrates how a host initiates the SLAAC method.

1. PC1 has just booted and sends an RS message to
the IPv6 all-routers multicast address of ff02::2
requesting an RA.
2. R1 generates an RA and then sends the RA
message to the IPv6 all-nodes multicast address of
ff02::1. PC1 uses this information to create a unique
IPv6 GUA.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
SLAAC
Host Process to Generate Interface ID
Using SLAAC, a host acquires its 64-bit IPv6 subnet information from the router RA and
must generate the remainder 64-bit interface identifier (ID) using either:
• Randomly generated - The 64-bit interface ID is randomly generated by the client
operating system. This is the method now used by Windows 10 hosts.
• EUI-64 - The host creates an interface ID using its 48-bit MAC address and inserts
the hex value of fffe in the middle of the address. Some operating systems default to
the randomly generated interface ID instead of the EUI-64 method, due to privacy
concerns. This is because the Ethernet MAC address of the host is used by EUI-64
to create the interface ID.

Note: Windows, Linux, and Mac OS allow for the user to modify the generation of the
interface ID to be either randomly generated or to use EUI-64.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
SLAAC
Duplicate Address Detection
A SLAAC host may use the following Duplicate Address Detection (DAD) process to
ensure that the IPv6 GUA is unique.
• The host sends an ICMPv6 Neighbor Solicitation (NS) message with a specially
constructed solicited-node multicast address containing the last 24 bits of IPv6
address of the host.
• If no other devices respond with a Neighbor Advertisement (NA) message, then the
address is virtually guaranteed to be unique and can be used by the host.
• If an NA is received by the host, then the address is not unique, and the host must
generate a new interface ID to use.

Note: DAD is really not required because a 64-bit interface ID provides 18 quintillion
possibilities. Therefore, the chance of a duplicate address is remote. However, the
Internet Engineering Task Force (IETF) recommends that DAD is used. Therefore, most
operating systems perform DAD on all IPv6 unicast addresses, regardless of how the
address is configured.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Module 12.5: DHCPv6
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
DHCPv6
DHCPv6 Operation Steps
Stateful DHCPv6 does not require SLAAC while stateless
DHCPv6 does.

Regardless, when an RA indicates to use DHCPv6 or stateful

DHCPv6:
1. The host sends an RS message.
2. The router responds with an RA message.
3. The host sends a DHCPv6 SOLICIT message.
4. The DHCPv6 server responds with an ADVERTISE message.
5. The host responds to the DHCPv6 server.
6. The DHCPv6 server sends a REPLY message.

Note: Server to client DHCPv6 messages use UDP destination

port 546 while client to server DHCPv6 messages use UDP
destination port 547.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
DHCPv6
Stateless DHCPv6 Operation
If an RA indicates the stateless DHCPv6 method, the host uses the information in the RA
message for addressing and contacts a DHCPv6 server for additional information.
Note: The DHCPv6 server only provides configuration parameters for clients and does
not maintain a list of IPv6 address bindings (i.e. stateless).
For example, PC1 receives a stateless RA message
containing:
• The IPv6 GUA network prefix and prefix length.
• A flag set to 1 informing the host to use SLAAC.
• O flag set to 1 informing the host to seek that additional
configuration information from a DHCPv6 server.
• M flag set to the default value 0.

• PC1 sends a DHCPv6 SOLICIT message seeking

additional information from a stateless DHCPv6
server.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
DHCPv6
Enable Stateless DHCPv6 on an Interface
Stateless DHCPv6 is enabled using the ipv6 nd other-config-flag interface configuration
command setting the O flag to 1.

The highlighted output confirms the RA will

tell receiving hosts to use stateless
autoconfigure (A flag = 1) and contact a
DHCPv6 server to obtain another
configuration information (O flag = 1).

Note: You can use the no ipv6 nd other-

config-flag to reset the interface to the
default SLAAC only option (O flag = 0).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
DHCPv6
Stateful DHCPv6 Operation
If an RA indicates the stateful DHCPv6 method, the host contacts a DHCPv6 server for all
configuration information.
• Note: The DHCPv6 server is stateful and maintains a list of IPv6 address bindings.

For example, PC1 receives a stateful RA message

containing:
• The IPv6 GUA network prefix and prefix length.
• A flag set to 0 informing the host to contact a DHCPv6 server.
• O flag set to 0 informing the host to contact a DHCPv6 server.
• M flag set to the value 1.

• PC1 sends a DHCPv6 SOLICIT message seeking

additional information from a stateful DHCPv6 server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
DHCPv6
Enable Stateful DHCPv6 on an Interface
Stateful DHCPv6 is enabled using the ipv6 nd managed-config-flag interface
configuration command setting the M flag to 1.

The highlighted output in the example

confirms that the RA will tell the host to obtain
all IPv6 configuration information from a
DHCPv6 server (M flag = 1).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Module 12.6:
Configure DHCPv6 Server
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
Configure DHCPv6 Server
DHCPv6 Router Roles
Cisco IOS routers are powerful devices. In smaller networks, you do not have to have
separate devices to have a DHCPv6 server, client, or relay agent. A Cisco IOS router can
be configured to provide DHCPv6 server services.

Specifically, it can be configured to be one of the following:

• DHCPv6 Server - Router provides stateless or stateful DHCPv6 services.
• DHCPv6 Client - Router interface acquires an IPv6 IP configuration from a DHCPv6
server.
• DHCPv6 Relay Agent - Router provides DHCPv6 forwarding services when the
client and the server are located on different networks.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Configure DHCPv6 Server
Configure a Stateless DHCPv6 Server
The stateless DHCPv6 server option requires that the router advertise the IPv6 network
addressing information in RA messages.

There are five steps to configure and verify a router as a stateless DHCPv6 server:
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
3. Configure the DHCPv6 pool with options. Common options include dns-server X:X:X:X:X:X:X:X
and domain-name name.
4. Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command.
• Manually change the O flag from 0 to 1 using the ipv6 nd other-config-flag interface command. RA messages
sent on this interface indicate that additional information is available from a stateless DHCPv6 server. The A flag
is 1 by default, telling clients to use SLAAC to create their own GUA.
5. Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Configure DHCPv6 Server
Configure a Stateless DHCPv6 Client
A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6
server, such as a router functioning as a DHCPv6 server.
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Configure the client router to create an LLA. An IPv6 link-local address is created on a
router interface when a global unicast address is configured, or without a GUA using
the ipv6 enable interface configuration command. Cisco IOS uses EUI-64 to create
the Interface ID.
3. Configure the client router to use SLAAC using the ipv6 address
autoconfig command.
4. Verify that the client router is assigned a GUA using the show ipv6 interface
brief command.
5. Verify that the client router received other necessary DHCPv6 information. The show
ipv6 dhcp interface g0/0/1 command confirms DHCP option information, such as
DNS server and domain name, have been received by the client.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Configure DHCPv6 Server
Configure a Stateful DHCPv6 Server
The stateful DHCP server option requires that the IPv6 enabled router tells the host to
contact a DHCPv6 server to obtain all necessary IPv6 network addressing information.

There are five steps to configure and verify a router as a stateful DHCPv6 server:
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Define a DHCPv6 pool name using the ipv6 dhcp pool POOL-NAME global config command.
3. Configure the DHCPv6 pool with options. Common options include the address prefix command,
domain name, DHS server IP address, and more.
4. Bind the interface to the pool using the ipv6 dhcp server POOL-NAME interface config command.
• Manually change the M flag from 0 to 1 using the interface command ipv6 nd managed-config-flag.
• Manually change the A flag from 1 to 0 using the ipv6 nd prefix default no-autoconfig interface command to inform the
client to not to use SLAAC to create a GUA. The router will now respond to stateful DHCPv6 requests with the information
contained in the pool.
5. Verify that the hosts have received IPv6 addressing information using the ipconfig /all command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Configure DHCPv6 Server
Configure a Stateful DHCPv6 Client
A router can also be a DHCPv6 client. The client router needs to have ipv6 unicast-
routing enabled and an IPv6 link-local address to send and receive IPv6 messages.

There are five steps to configure and verify a router as a stateless DHCPv6 client.
1. Enable IPv6 routing using the ipv6 unicast-routing command.
2. Configure the client router to create an LLA. An IPv6 link-local address is created on a router
interface when a global unicast address is configured, or without a GUA using the ipv6
enable interface configuration command. Cisco IOS uses EUI-64 to create an Interface ID.
3. Configure the client router to use DHCPv6 using the ipv6 address dhcp interface config
command.
4. Verify that the client router is assigned a GUA using the show ipv6 interface brief command.
5. Verify that the client router received other necessary DHCPv6 information using the show ipv6
dhcp interface g0/0/1 command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Configure DHCPv6 Server
DHCPv6 Server Verification Commands
The show ipv6 dhcp pool command verifies the name of the DHCPv6 pool and its
parameters. The command also identifies the number of active clients.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Configure DHCPv6 Server
DHCPv6 Server Verification Commands (Cont.)
Use the show ipv6 dhcp
binding command output to display
the IPv6 link-local address of the client
and the global unicast address
assigned by the server.
• This information is maintained by a
stateful DHCPv6 server.
• A stateless DHCPv6 server would
not maintain this information.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Configure DHCPv6 Server
Configure a DHCPv6 Relay Agent
If the DHCPv6 server is located on a different network than the client, then the IPv6 router
can be configured as a DHCPv6 relay agent.
• The configuration of a DHCPv6 relay agent is similar to the configuration of an IPv4 router as a
DHCPv4 relay.
• This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6
server address and egress interface to reach the server, as shown in the output. The egress
interface is only required when the next-hop address is an LLA.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Configure DHCPv6 Server
Verify the DHCPv6 Relay Agent
Verify that the DHCPv6 relay agent is operational with the show ipv6 dhcp
interface and show ipv6 dhcp binding commands.

Verify Windows hosts received IPv6 addressing information with the ipconfig
/all command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Module 12.7:
FHRP Concepts
Switching, Routing and Wireless
Essentials v7.0 (SRWE)
First Hop Redundancy Protocols
Default Gateway Limitations
End devices are typically configured with a single
default gateway IPv4 address.
• If the default gateway router interface fails, LAN
hosts lose outside LAN connectivity.
• This occurs even if a redundant router or Layer 3
switch that could serve as a default gateway
exists.

First hop redundancy protocols (FHRPs) are

mechanisms that provide alternate default gateways
in switched networks where two or more routers are
connected to the same VLANs.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
First Hop Redundancy Protocols
Router Redundancy
One way to prevent a single point of failure at the default gateway is to implement a virtual router. To
implement this type of router redundancy, multiple routers are configured to work together to present
the illusion of a single router to the hosts on the LAN. By sharing an IP address and a MAC address,
two or more routers can act as a single virtual router.
• The IPv4 address of the virtual router is configured as the default gateway for the workstations on
a specific IPv4 segment.
• When frames are sent from host devices to the default gateway, the hosts use ARP to resolve the
MAC address that is associated with the IPv4 address of the default gateway. The ARP resolution
returns the MAC address of the virtual router. Frames that are sent to the MAC address of the
virtual router can then be physically processed by the currently active router within the virtual
router group.
• A protocol is used to identify two or more routers as the devices that are responsible for processing
frames that are sent to the MAC or IP address of a single virtual router. Host devices send traffic to
the address of the virtual router. The physical router that forwards this traffic is transparent to the
host devices.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
First Hop Redundancy Protocols
Router Redundancy (Cont.)
• A redundancy protocol provides the mechanism for determining which router should
take the active role in forwarding traffic. It also determines when the forwarding role
must be taken over by a standby router. The transition from one forwarding router to
another is transparent to the end devices.
• The ability of a network to dynamically recover from the failure of a device acting as a
default gateway is known as first-hop redundancy.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
First Hop Redundancy Protocols
Steps for Router Failover
When the active router fails, the
redundancy protocol transitions the
standby router to the new active router
role, as shown in the figure. These are
the steps that take place when the active
router fails:
1. The standby router stops seeing
Hello messages from the forwarding
router.
2. The standby router assumes the
role of the forwarding router.
3. Because the new forwarding router
assumes both the IPv4 and MAC
addresses of the virtual router, the
host devices see no disruption in
service.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
First Hop Redundancy Protocols
FHRP Options
FHRP Options Description
HRSP is a Cisco-proprietary FHRP that is designed to allow for transparent failover of a first-hop IPv4 device. HSRP is used in
Hot Standby Router
a group of routers for selecting an active device and a standby device. The active device is the device that is used for routing
Protocol (HSRP)
packets; the standby device is the device that takes over when the active device fails, or when pre-set conditions are met.
This is a Cisco-proprietary FHRP that provides the same functionality of HSRP, but in an IPv6 environment. An HSRP IPv6
group has a virtual MAC address derived from the HSRP group number and a virtual IPv6 link-local address derived from the
HSRP for IPv6
HSRP virtual MAC address. Periodic router advertisements (RAs) are sent for the HSRP virtual IPv6 link-local address when the
HSRP group is active. When the group becomes inactive, these RAs stop after a final RA is sent.
This is a non-proprietary election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP
Virtual Router
routers on an IPv4 LAN. This allows several routers on a multiaccess link to use the same virtual IPv4 address. In a VRRP
Redundancy Protocol
configuration, one router is elected as the virtual router master, with the other routers acting as backups, in case the virtual
version 2 (VRRPv2)
router master fails.
This provides the capability to support IPv4 and IPv6 addresses. VRRPv3 works in multi-vendor environments and is more
VRRPv3
scalable than VRRPv2.
Gateway Load
This is a Cisco-proprietary FHRP that protects data traffic from a failed router or circuit, like HSRP and VRRP, while also
Balancing Protocol
allowing load balancing (also called load sharing) between a group of redundant routers.
(GLBP)
This is a Cisco-proprietary FHRP that provides the same functionality of GLBP, but in an IPv6 environment. GLBP for IPv6
GLBP for IPv6 provides automatic router backup for IPv6 hosts configured with a single default gateway on a LAN. Multiple first-hop routers on
the LAN combine to offer a single virtual first-hop IPv6 router while sharing the IPv6 packet forwarding load.
ICMP Router
Specified in RFC 1256, IRDP is a legacy FHRP solution. IRDP allows IPv4 hosts to locate routers that provide IPv4 connectivity
Discovery Protocol
to other (nonlocal) IP networks.
(IRDP) © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
HSRP
HSRP Overview
Cisco provides HSRP and HSRP for IPv6 as a way to avoid losing outside network access if your
default router fails. HSRP is a Cisco-proprietary FHRP that is designed to allow for transparent failover
of a first-hop IP device.

HSRP ensures high network availability by providing first-hop routing redundancy for IP hosts on
networks configured with an IP default gateway address. HSRP is used in a group of routers for
selecting an active device and a standby device. In a group of device interfaces, the active device is
the device that is used for routing packets; the standby device is the device that takes over when the
active device fails, or when pre-set conditions are met. The function of the HSRP standby router is to
monitor the operational status of the HSRP group and to quickly assume packet-forwarding
responsibility if the active router fails.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
HSRP
HSRP Priority and Preemption
The role of the active and standby routers is determined
during the HSRP election process. By default, the router
with the numerically highest IPv4 address is elected as the
active router. However, it is always better to control how
your network will operate under normal conditions rather
than leaving it to chance.
• HSRP priority can be used to determine the active
router.
• The router with the highest HSRP priority will become
the active router.
• By default, the HSRP priority is 100.
• If the priorities are equal, the router with the
numerically highest IPv4 address is elected as the
active router.
• To configure a router to be the active router, use
the standby priority interface command. The range
of the HSRP priority is 0 to 255.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
HSRP
HSRP Priority and Preemption (Cont.)
By default, after a router becomes the active router, it will
remain the active router even if another router comes online
with a higher HSRP priority.
• To force a new HSRP election process to take place
when a higher priority router comes online, preemption
must be enabled using the standby preempt interface
command. Preemption is the ability of an HSRP router
to trigger the re-election process. With preemption
enabled, a router that comes online with a higher
HSRP priority will assume the role of the active router.
• Preemption only allows a router to become the active
router if it has a higher priority. A router enabled for
preemption, with equal priority but a higher IPv4
address will not preempt an active router. Refer to the
topology in the figure.
Note: With preemption disabled, the router that boots up first will
become the active router if there are no other routers online during
the election process.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
HSRP
HSRP States and Times
HSRP State Description

Initial This state is entered through a configuration change or when an interface first becomes available.

The router has not determined the virtual IP address and has not yet seen a hello message from the
Learn
active router. In this state, the router waits to hear from the active router.
The router knows the virtual IP address, but the router is neither the active router nor the standby
Listen
router. It listens for hello messages from those routers.
The router sends periodic hello messages and actively participates in the election of the active and/or
Speak
standby router.

Standby The router is a candidate to become the next active router and sends periodic hello messages.

The active and standby HSRP routers send hello packets to the HSRP group multicast address
every 3 seconds by default. The standby router will become active if it does not receive a hello
message from the active router after 10 seconds. You can lower these timer settings to speed
up the failover or preemption. However, to avoid increased CPU usage and unnecessary
standby state changes, do not set the hello timer below 1 second or the hold timer below 4
seconds.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58

Hourglass Workout Program by Luisagiuliet 2
76% (21)
Hourglass Workout Program by Luisagiuliet 2
51 pages
12 Week Program: Summer Body Starts Now
87% (46)
12 Week Program: Summer Body Starts Now
70 pages
Read People Like A Book by Patrick King-Edited
58% (78)
Read People Like A Book by Patrick King-Edited
12 pages
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
77% (13)
Livingood, Blake - Livingood Daily Your 21-Day Guide To Experience Real Health
260 pages
Cheat Code To The Universe
94% (79)
Cheat Code To The Universe
34 pages
Facial Gains Guide (001 081)
91% (45)
Facial Gains Guide (001 081)
81 pages
Curse of Strahd
95% (467)
Curse of Strahd
258 pages
The Psychiatric Interview - Daniel Carlat
91% (34)
The Psychiatric Interview - Daniel Carlat
473 pages
The Borax Conspiracy
91% (57)
The Borax Conspiracy
14 pages
Shortcut To Shred Ebook Revised 9-9-2015 PDF
88% (8)
Shortcut To Shred Ebook Revised 9-9-2015 PDF
15 pages
The Secret Language of Attraction
86% (107)
The Secret Language of Attraction
278 pages
How To Develop and Write A Grant Proposal
83% (542)
How To Develop and Write A Grant Proposal
17 pages
Workbook For The Body Keeps The Score
88% (52)
Workbook For The Body Keeps The Score
111 pages
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
83% (1016)
Donald Trump & Jeffrey Epstein Rape Lawsuit and Affidavits
13 pages
KamaSutra Positions
78% (69)
KamaSutra Positions
55 pages
7 Hermetic Principles
93% (30)
7 Hermetic Principles
3 pages
27 Feedback Mechanisms Pogil Key
77% (13)
27 Feedback Mechanisms Pogil Key
6 pages
Frank Hammond - List of Demons
92% (92)
Frank Hammond - List of Demons
3 pages
36 Questions That Lead To Love
91% (35)
36 Questions That Lead To Love
3 pages
How 2 Setup Trust
97% (307)
How 2 Setup Trust
3 pages
100 Questions To Ask Your Partner
80% (35)
100 Questions To Ask Your Partner
2 pages
The 36 Questions That Lead To Love - The New York Times
94% (34)
The 36 Questions That Lead To Love - The New York Times
3 pages
Satanic Calendar
25% (56)
Satanic Calendar
4 pages
The 36 Questions That Lead To Love - The New York Times
95% (21)
The 36 Questions That Lead To Love - The New York Times
3 pages
Jeffrey Epstein39s Little Black Book Unredacted PDF
75% (12)
Jeffrey Epstein39s Little Black Book Unredacted PDF
95 pages
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
100% (7)
14 Easiest & Hardest Muscles To Build (Ranked With Solutions)
27 pages
ALCHEMIST
64% (14)
ALCHEMIST
4 pages
1001 Songs
70% (71)
1001 Songs
1,798 pages
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
23% (954)
The 4 Hour Workweek, Expanded and Updated by Timothy Ferriss - Excerpt
38 pages
Zodiac Sign & Their Most Common Addictions
63% (30)
Zodiac Sign & Their Most Common Addictions
9 pages
Module 1: Networking Today: Introduction To Networks v7.0 (ITN)
No ratings yet
Module 1: Networking Today: Introduction To Networks v7.0 (ITN)
56 pages
ITN Module 1
No ratings yet
ITN Module 1
61 pages
Module 1: Networking Today: Instructor Materials
No ratings yet
Module 1: Networking Today: Instructor Materials
61 pages
Networking_Topic_1
No ratings yet
Networking_Topic_1
49 pages
ITN Module 1
No ratings yet
ITN Module 1
47 pages
Chapter 1 - Introduction To Networking
No ratings yet
Chapter 1 - Introduction To Networking
57 pages
ITN - Module - 1 - Ok
No ratings yet
ITN - Module - 1 - Ok
35 pages
Module 1 Networking Today
No ratings yet
Module 1 Networking Today
52 pages
1_Networking Today
No ratings yet
1_Networking Today
53 pages
ITN Module 1
No ratings yet
ITN Module 1
52 pages
Chapter 1
No ratings yet
Chapter 1
52 pages
Networking
No ratings yet
Networking
116 pages
Merged Lesson 1 7
No ratings yet
Merged Lesson 1 7
272 pages
Networking Today
No ratings yet
Networking Today
60 pages
ITN Module 1
No ratings yet
ITN Module 1
60 pages
Chapter 1 - Introduction To Networking
No ratings yet
Chapter 1 - Introduction To Networking
37 pages
ITN Module 1
No ratings yet
ITN Module 1
57 pages
ITN Module 1
No ratings yet
ITN Module 1
56 pages
Module_1
No ratings yet
Module_1
53 pages
Chapter 1 - Introduction To Networking-VE
No ratings yet
Chapter 1 - Introduction To Networking-VE
57 pages
ITN - Module - 01 Networking Today
No ratings yet
ITN - Module - 01 Networking Today
51 pages
Topic 1 Networking Today, Basic Switch and End Device Configuration
No ratings yet
Topic 1 Networking Today, Basic Switch and End Device Configuration
96 pages
ITN_Module_1
No ratings yet
ITN_Module_1
48 pages
Chapter 1
No ratings yet
Chapter 1
50 pages
Lecure#1 - Fundamentals
No ratings yet
Lecure#1 - Fundamentals
43 pages
1 Introduction
No ratings yet
1 Introduction
36 pages
1 Introduction
No ratings yet
1 Introduction
36 pages
Cisco Certified Network Associate (200-301 CCNA)
No ratings yet
Cisco Certified Network Associate (200-301 CCNA)
111 pages
ITN Module 1
No ratings yet
ITN Module 1
74 pages
Lecture 3 - Networking Today Network 1
No ratings yet
Lecture 3 - Networking Today Network 1
52 pages
Module 1 Networking Today
No ratings yet
Module 1 Networking Today
46 pages
WINSEM2022-23 CSE3502 ETH VL2022230503110 2022-12-12 Reference-Material-I
No ratings yet
WINSEM2022-23 CSE3502 ETH VL2022230503110 2022-12-12 Reference-Material-I
24 pages
ITN Module 1
No ratings yet
ITN Module 1
60 pages
ITN Module 1
No ratings yet
ITN Module 1
61 pages
Principles of Networking
No ratings yet
Principles of Networking
57 pages
ITN Module 1-Networking Today
No ratings yet
ITN Module 1-Networking Today
61 pages
Module_1_NetworkingToday
No ratings yet
Module_1_NetworkingToday
42 pages
CCNA_ITN_Chp1_101152_053421
No ratings yet
CCNA_ITN_Chp1_101152_053421
47 pages
lesson 1
No ratings yet
lesson 1
68 pages
Lesson 1 Introduction To Computer Network
No ratings yet
Lesson 1 Introduction To Computer Network
27 pages
Lecture 01
No ratings yet
Lecture 01
61 pages
U1 Sistemas de Comunicación (1)
No ratings yet
U1 Sistemas de Comunicación (1)
156 pages
Chp1 Explore the network
No ratings yet
Chp1 Explore the network
44 pages
Chapter 1 - Exploring The Network
No ratings yet
Chapter 1 - Exploring The Network
60 pages
Chapter 1 - Exploring The Network PDF
No ratings yet
Chapter 1 - Exploring The Network PDF
60 pages
Day 01 - Network Fundamentals
No ratings yet
Day 01 - Network Fundamentals
137 pages
CCNA Routing and Switching Introduction To Networks v6.0
No ratings yet
CCNA Routing and Switching Introduction To Networks v6.0
58 pages
UNIT 1
No ratings yet
UNIT 1
60 pages
Chp01 CISCO
No ratings yet
Chp01 CISCO
59 pages
Chapter 1 - Explore The Network Ver 7
No ratings yet
Chapter 1 - Explore The Network Ver 7
69 pages
Ccna Itn Chp1
No ratings yet
Ccna Itn Chp1
65 pages
hj,hmgnfdfvbfznb
No ratings yet
hj,hmgnfdfvbfznb
274 pages
Chapter 1: Explore The Network: Instructor Materials
100% (1)
Chapter 1: Explore The Network: Instructor Materials
65 pages
T1L1 introduction
No ratings yet
T1L1 introduction
30 pages
ITN - Module - 1 - Networking Today
No ratings yet
ITN - Module - 1 - Networking Today
62 pages
CCNA1-CH1-Networking Today
No ratings yet
CCNA1-CH1-Networking Today
65 pages
Itn Module 1fol
No ratings yet
Itn Module 1fol
47 pages
Mastering Networking Basics From Novice To Pro
From Everand
Mastering Networking Basics From Novice To Pro
Book Wave Publications
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Cloud Infrastructure and Data Center
From Everand
Cloud Infrastructure and Data Center
Duong Tran
No ratings yet
Philips+32PFL3007D-78+TPM9 1L+LA+LCD
100% (1)
Philips+32PFL3007D-78+TPM9 1L+LA+LCD
105 pages
Iqor Policy
No ratings yet
Iqor Policy
6 pages
EMD Tools1
No ratings yet
EMD Tools1
55 pages
W H Hayt J e Kemmerly S M Durbin Engineering Circuit Analysis
No ratings yet
W H Hayt J e Kemmerly S M Durbin Engineering Circuit Analysis
10 pages
Turtil
100% (1)
Turtil
3 pages
Mangalayatan University, Beswan, Aligarh: Malay Pratap Singh
No ratings yet
Mangalayatan University, Beswan, Aligarh: Malay Pratap Singh
102 pages
Supplement - 746026 Rev AC
100% (1)
Supplement - 746026 Rev AC
38 pages
Module 4 Q1 Evaluation Tool For Content Philippine Poliltics and Governance
No ratings yet
Module 4 Q1 Evaluation Tool For Content Philippine Poliltics and Governance
4 pages
Buffertank Flow
No ratings yet
Buffertank Flow
20 pages
Banding Decision Letter
No ratings yet
Banding Decision Letter
2 pages
Coal Mill Part
No ratings yet
Coal Mill Part
19 pages
Chapter 2 - Introduction To Data Science
No ratings yet
Chapter 2 - Introduction To Data Science
56 pages
CE Refresher Nov 2022 - Tuzon - Set 7 F2F
No ratings yet
CE Refresher Nov 2022 - Tuzon - Set 7 F2F
2 pages
Mobile Based Computer Aided Instruction in Teaching Chemistry For G12 Stem
No ratings yet
Mobile Based Computer Aided Instruction in Teaching Chemistry For G12 Stem
24 pages
ACMV Course Flyer 2023
No ratings yet
ACMV Course Flyer 2023
5 pages
Network Analysis
No ratings yet
Network Analysis
3 pages
Booking Com
No ratings yet
Booking Com
27 pages
Sanchit Maths 1
No ratings yet
Sanchit Maths 1
7 pages
Analysys Mason Generative AI Telecoms Application Vendors Dec2023 Rma14
No ratings yet
Analysys Mason Generative AI Telecoms Application Vendors Dec2023 Rma14
17 pages
Uart2bus Verification Plan
No ratings yet
Uart2bus Verification Plan
22 pages
Injection Guide Isplen PP
No ratings yet
Injection Guide Isplen PP
1 page
Repair of Concrete Pavement Using High Pressure Injection
No ratings yet
Repair of Concrete Pavement Using High Pressure Injection
3 pages
Plate Finned Tube Heat Exchanger
No ratings yet
Plate Finned Tube Heat Exchanger
4 pages
Teaching Aptitude - Study Notes On Teaching-Learning Concept
No ratings yet
Teaching Aptitude - Study Notes On Teaching-Learning Concept
5 pages
Chapter 15 - Electronic Marketing Channels
No ratings yet
Chapter 15 - Electronic Marketing Channels
24 pages
Its 17 Jan 07
100% (2)
Its 17 Jan 07
20 pages
[10]IOTPAPER
No ratings yet
[10]IOTPAPER
19 pages
Flutter Tutorial: Step-By-Step Guide To Kick Off Your First Flutter Project
No ratings yet
Flutter Tutorial: Step-By-Step Guide To Kick Off Your First Flutter Project
18 pages
Prediction of english premier league soccer matches
No ratings yet
Prediction of english premier league soccer matches
60 pages
All Form Pdk-fmd-000 Jadwal FMD 2023xlsb-1
No ratings yet
All Form Pdk-fmd-000 Jadwal FMD 2023xlsb-1
4 pages

Computer_Networks_1

Uploaded by

Computer_Networks_1

Uploaded by

COMPUTER NETWORKING 1

Module Objective: Explain the advances in modern technologies.

Topic Title Topic Objective

The IT Professional Explain employment opportunities in the networking field.

Communication is almost as important to us as our reliance on air, water, food, and

Media Types Description

Metal wires within cables Uses electrical impulses

Glass or plastic fibers Uses pulses of light.

Wireless transmission Uses modulation of

Network diagrams, often called topology

Note: Often, the terms port and

Medium/Large World Wide

Two most common types of networks:

An intranet is a private collection of LANs

Cable high bandwidth, always on, internet

DSL high bandwidth, always on, internet

Satellite major benefit to rural areas without

DSL Business DSL is available in various

Satellite This can provide a connection when

Before converged networks, an

A scalable network can expand

Have you ever watched a live video with

• Quality of Service (QoS) is the primary

• With a QoS policy in place, the router

BYOD allows end users to have the

 Collaboration tools including Cisco

 Collaboration is a very high priority

 Cisco Webex Teams is a

• Video conferencing is a powerful tool for communicating with others.

• Video is becoming a critical requirement for effective collaboration.

• Cisco TelePresence powers is one way of working where everyone,

Cloud computing is made possible by data centers.

Larger networks have additional security

At www.netacad.com you can click the

In this lab, you will complete the following objectives:

• A GUI is more user-friendly and requires

• Examples of these are: Windows,

• Telnet – Establishes an insecure remote

Privileged EXEC Mode:

Global Configuration Mode:

Line Configuration Mode:

Interface Configuration Mode:

This video will cover the following:

• To move directly from one subconfiguration

This video will cover the following:

[x] Square brackets indicate an optional element (keyword or argument).

{x} Braces indicate a required element (keyword or argument).

 The command is ping and the user-defined

This video will cover the following:

Tab Completes a partial command name entry.

Backspace Erases the character to the left of the cursor.

Recalls the commands in the history buffer, beginning with

Keystroke Description Keystroke Description

Note: To see more hot keys and shortcuts refer to 2.3.5.

This video will cover the following:

In this Packet Tracer, you will do the following:

• Establish Basic Connections, Access the CLI, and Explore Help

• Explore EXEC Modes

• Set the Clock

• Access a Cisco Switch through the Serial Console Port

• Display and Configure Basic Device Settings

• (Optional) Access a Cisco Router Using a Mini-USB Console Cable

• Guideline for naming devices:

Securing privileged EXEC mode access:

Note: The “#” in the command syntax is called

This video will cover the following:

This video will cover the following:

Note: The text file created can be used as a record of

In this Packet Tracer, you will do the following:

• Verify the Default Switch Configuration

• Configure a Basic Switch Configuration

• Configure a MOTD Banner

• Save Configuration Files to NVRAM

• Configure a second Switch

Note: IP in this course refers to both the IPv4 and IPv6

In this Packet Tracer, you will do the following: