ROUTE

Cisco Certification tracks

CCIE

CCNP

CCNA

CCENT

CCNP Routing and Switching(Enterprise Network Core Technologies)350-401

validates the ability to plan, implement, verify and troubleshoot local and wide-area enterprise
networks
IP Addressing

• Two Versions of Addressing Scheme

• IP version 4 – 32 bit addressing

• IP version 6 – 128 bit addressing

IPv4

• Total IPv4 Addressing Scheme is divided

into 5 Classes

• CLASS A

• CLASS B LAN and WAN – Unicast

• CLASS C

• CLASS D Multicasting

• CLASS E Research and Development

IPv4

Octet Subnet
Class Range Cisco / Notation
Format Mask

0.0.0.0 to
Class A N.H.H.H 255.0.0.0 /8
127.255.255.255

128.0.0.0 to 255.255.0.0
Class B N.N.H.H /16
191.255.255.255

192.0.0.0 to
Class C N.N.N.H 255.255.255.0 /24
223.255.255.255

224.0.0.0 to
Class D N/A N/A N/A
239.255.255.255

240.0.0.0 to
Class E N/A N/A N/A
255.255.255.255
What is a Router ?

• A Router is a internetworking Device.

• It routes the packet from one logical network to another logical network
• It has two main functions.
– Determination of best path towards destination.
– Switching packet from inbound interface to outbound interface.
Routing

• Forwarding the packet from one network to other network.

• Routing is enabled by default

To
Toenable
enableor
ordisable
disableIP
IPRouting
Routing
Router(config)#
Router(config)#[no]
[no]ip
iprouting
routing

E0 E1

192.168.0.0/24 192.168.1.0/24
Types of Routing

• Static Routing
• Dynamic Routing
Static Routing

• Manually configured by Administrator

• Administrative distance is 1
• Destination network should be known
• Routing based on next hop IP address or exit interface
• Secure and fast
Static Routing Configuration

S1
S0
R1 10.0.1.1/30 10.0.1.2/30 R2
E0 E0

192.168.0.0/24 192.168.1.128/26
Static Default Route

• Static default route will be used for unknown destinations

• It may be used for accessing the Internet.
• It is least preferred route in the routing table.
• The router uses this route only when it cannot find a more suitable match in the
routing table.
Default route configuration.

S1
Internet
ISP
B01 201.1.51.42/29 201.1.51.41/29
E0

192.168.0.0/24
Static and Default routing Example
Static and Default Route configuration

B.0 S0 ISP
Internet
E0
S1
192.168.1.0/24 S0
HQ1 HQ2
E0 E0
192.168.2.1/24 192.168.2.2/24
Dynamic Routing Protocol

• Dynamic routing protocols, exchange routing information with the neighbors and build
the routing table automatically
• Administrator need to advertise only the directly connected networks
• Any changes in the network topology are automatically updated
Dynamic Routing Protocol
Dynamic Routing protocol

Interior Gateway protocol (IGP) Exterior Gateway protocol (EGP)

Distance Vector Routing Link-State Routing Protocol Path Vector Routing Protocol
Protocol

RIPv1 IGRP

RIPv2 EIGRP OSPF IS-IS BGP

Types of Dynamic Routing Protocols

• Distance Vector Routing Protocol

(RIP,IGRP)
• Link State Routing Protocol
(OSPF,IS-IS)
• Advanced Distance Vector Routing Protocol
(EIGRP)
• Path Vector Protocol
(BGP)
Summarization

• Combining the contiguous address into one and advertising to neighbor Router
• Advantages
• Minimizing the routing table entries
• Less use of resources like memory, processor, bandwidth
• Less number of updates
• There are two type of Summarization
• Auto summary
• Manual summary
Auto Summary

• Subnet at major network boundary will be summarized into class full updates
• A Class full routing protocol does auto summary by default and it cannot be turned off
• Routing protocols like RIPv2, EIGRP, BGPv4 support auto summary
• Link state routing protocol i.e. OSPF and ISIS do not support auto summary
Auto Summary

10.10.0.0/16 192.168.20.0/24 172.16.1.0/24

10.20.0.0/16 S0 172.16.0.0/16
10.0.0.0/8 S0 172.16.0.0/16
10.0.0.0/8 S0 172.16.1.0/24
10.10.0.0/16 S1192.168.20.0/24
192.168.20.0/24 192.168.20.0/24
192.168.20.0/24 172.16.2.0/24
A B S1 C S1 D

10.20.0.0/16 172.16.2.0/24

Routing table of A Routing table of B Routing table of C Routing table of D

Networks
Networks Int
Int Networks Int Networks Int Networks Int

10.20.0.0/16
10.20.0.0/16 E0
E0 192.168.20.0/24 S0 172.16.1.0/24 S0 172.16.2.0/24 E0

10.10.0.0/16
10.10.0.0/16 S0
S0 10.10.0.0/16 S1 192.168.20.0/24 S1 172.16.1.0/24 S1

192.168.20.0/24 S0 10.20.0.0/16 S1 10.0.0.0/8 S1 10.0.0.0/8 S1

172.16.0.0/16 S0 172.16.0.0/16 S0 172.16.2.0/24 S0 192.168.20.0/24 S1

Manual summary

• Administrator manually configures Summarization

• Summary address contains networks in 2n subnets (FLSM)
• It is supported by all classless routing protocols
Routing Protocol Selection
Enhanced Interior Gateway
Routing Protocol
EIGRP Features

• Open Standard
• Advanced distance-vector routing protocol
• Diffusing update algorithm (DUAL)
• Administrative distance is 90-internal, 170-external
• Classless
• Support FLSM, VLSM, CIDR, Auto and Manual summary
• Metric = composite metric (32 bits)
• - Bandwidth, load, delay, reliability
• Updates are sent as multicast(224.0.0.10) or unicast
EIGRP Features

• Incremental / triggered update

• Very fast convergence
• Max hops = 255 (default is 100 hops)
• Load balancing on 4 equal cost paths (Default)
• Max 16 paths (equal or unequal cost paths)
• It supports multiple routed protocols
• (IP, IPX, Apple Talk)
• EIGRP uses protocol no 88
Key Technologies of EIGRP

• Neighbor discovery

• DUAL Algorithm

• Protocol Dependent Modules (PDM)

EIGRP Tables

• Neighbor table
List of directly connected routers running EIGRP in same autonomous system
• Topology Table
List of all routes learned from its directly connected neighbors
• Routing table
List of best paths towards each destination
Components of EIGRP

• Link Local Distance -- Distance from Router to Neighbor Router

• Advertised Distance – Distance from Neighbor Router to Destination

• Feasible Distance -- Link Local Distance + Advertised Distance

• Successor -- Best Path to reach destination

• Feasible Successor -- Second Best Path to reach destination

EIGRP Tables

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
C 1500 2500
S1

Routing Table of Router A 1000 1500

Network Next Hop FD
C
10.0.0.0/8 B 2000
EIGRP metric calculation

• EIGRP Metric
• = [K1 * BW + ((K2 * BW) / (256 – load)) + K3 * delay]

K1 K2 K3 K4 K5

• Formula with default K values

(K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0)
• EIGRP Metric
• BW = (107/lowest Bandwidth in kbps)*256
• Delay = (sum of total delay/10)*256
EIGRP Metrics Calculation Example

Delay = 20000 µs Delay = 20000 µs

BW = 2000 K BW = 256 K
S1 S1
S0 S0
A B C
E0 Delay = 1000 µs
BW = 10000 K

192.168.2.0/24

• Delay is the sum of all the delays of the links along the paths:
Delay = [delay in tens of microseconds] x 256
• Bandwidth is the lowest bandwidth of the links along the paths:
Bandwidth = [10,000,000 / (bandwidth in kbps)] x 256

A  192.168.2.0 Least bandwidth 256 kbps Total delay 41,000

Composite Metric = [[10000000/256] x 256] + [[41000/10] x 256]

= 10000000 + 1049600 = 11049600
EIGRP Packets

Hello Functions
• Neighbor Discovery
• Neighbor Formation
• Keep Alive
Update
• To exchange routing information with neighbor
Query
• Query message is generated when successor is down & Feasible Successor not available
Reply
• Reply Message is sent in response to query message
ACK
• For every Update, Query and Reply router will generate ACK message
Initial Route Discovery
Diffusing Update Algorithm - DUAL

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
FS
C 1500 2500
S1

Routing Table of Router A 1000 1500

Network Next Hop FD
C
10.0.0.0/8 B 2000

Feasibility Condition = Second best AD < FD of Successor

DUAL

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
C 1500 2500 FS
S
S1

Routing Table of Router A 1000 1500

Network Next Hop FD
C
10.0.0.0/8 B
C 2000
2500
DUAL

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
–
2000
C 3000 4500
S1

Routing Table of Router A 1500

Network Next Hop FD
C
10.0.0.0/8 B 2000

Feasible Successor = Second best AD < FD of Successor

DUAL

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
RQeu
2000
C 3000 4500 S
S1 pelr
yy

Routing Table of Router A 1500

Network Next Hop FD
C
10.0.0.0/8 B
C 2000
4500
DUAL

Neighbor Table of Router A

Neighbor Interface

B S0

C S1 1000 B
1000
Topology Table of Router A
S0
Network NH AD FD
10.0.0.0/8
B 1000 2000 S A
10.0.0.0/8
Qu
2000
C 3000 4500
S1 er
y

Routing Table of Router A 1500

Network Next Hop FD
C
10.0.0.0/8 B 2000
Configuring EIGRP

To
Toenable
enableEIGRP
EIGRPas
asthe
theIP
IProuting
routingprotocol.
protocol.
Router(config)#
Router(config)#router
routereigrp
eigrp<AS
<ASNo.>
No.>

Identify
Identifyattached
attachednetworks
networksparticipating
participatingin
inEIGRP.
EIGRP.
Router(config-router)#
Router(config-router)#network
networknetwork-id
network-id [wildcard-mask]
[wildcard-mask]

Defining
Definingthe
theinterface’s
interface’sbandwidth
bandwidthfor
forthe
thepurposes
purposesof
ofMetric
Metriccalculation
calculation
Router(config-if)#
Router(config-if)#bandwidth
bandwidth<kilobits>
<kilobits>
Summarization

• Auto summary
• EIGRP does auto summary at major logical network boundary
• Manual summary
• EIGRP supports manual summary on a per interface basis
• Summary will be continued till the last specific route goes down
• Summary metric will be the best metric from specific route
• Router of the summary route will create a summary route pointing to null interface
Configuring EIGRP Route Summarization

Turns
Turnsoff
offautomatic
automaticsummarization
summarizationfor
forthe
theEIGRP
EIGRPprocess
process
Router(config-router)#
Router(config-router)#no
no auto-summary
auto-summary

Creates
Createsaasummary
summaryaddress
addressthat
thatthis
thisinterface
interfacewill
willgenerate.
generate.
Router(config-if)#
Router(config-if)#ip
ipsummary-address
summary-addresseigrp
eigrp<as-number>
<as-number>
<address>
<address><subnet
<subnetmask>
mask>
Router Authentication

• Many routing protocols support authentication

• Router authenticates the source of each routing update
• Simple password authentication is supported by:
• IS-IS
• OSPF
• RIPv2
• MD5 authentication is supported by:
• OSPF
• BGP
• EIGRP
MD-5 Authentication

• MD-5 authentication uses key-chains to perform routing protocol authentication.

• Each and every Key Chain contains 1 or more keys .
• Each and Every key identified using Key number and key-string.
• Key number and key-string need to match on both the routers.
MD-5 Authentication Configuration

• Step1: Create key Chain on the router

• Router(config)# key chain cisco
• Router(config-keychain)#key 1
• Router(config-keychain-key)#key-string ccnp
• Router(config-keychain-key)#exit

• Step 2: Apply Key Chain on the Interface that is connected to neighbor

• R1(config)#Interface serial 0/0
• R1(config-if)# ip authentication key-chain eigrp 1 cisco
• R1(config-if)# ip authentication mode eigrp 1 md5
Open Shortest Path First
(OSPF)
OSPF Features

• Open standard (IETF)

• SPF or Dijkstra algorithm
• Link-state routing protocol
• Classless
• Supports FLSM, VLSM, CIDR and Manual summary
• Incremental / triggered updates
• Updates are sent as multicast (224.0.0.5 and 224.0.0.6)
• Metric = Cost (cost = 108/bandwidth in bps)
• Administrative distance = 110
• Load balancing via 4 equal cost paths by default (unequal cost load balancing not
supported)
Link-state Routing Protocol

• Auto Neighbor discovery

• Hierarchical network design
• Sends periodic updates, known as link-state refresh, every 30 minutes
• Maintains similar database on all the routers within an area
• Router ID is used to identify each router
Router ID

• Highest IP address on Active Physical Interface

• Highest IP address on Logical Interface (if configured)
• Highest preference is for Router ID command

Configuring
ConfiguringRouter
RouterID
ID
Router(config-router)#
Router(config-router)#router-id
router-id <ip
<ipaddress>
address>

L0
192.168.1.1/8
S0 S1
172.16.0.1/16 202.15.32.2/24

E0
10.0.0.1/8
Link-State Data Structure :Network Hierarchy

• Link-state routing has a hierachical network

• This two-level hierarchy consists of the following:
• Transit area (backbone or area 0)
• Regular areas (nonbackbone areas)
OSPF Multi Area

BR

Area 0
ABR ABR

IR IR IR IR IR IR
Area 2 Area 12
Types of Routers in ospf

• Backbone router- The router which belongs to backbone area is called as Backbone
router
• Internal Router- The router which belongs to regular area is called Internal Router
• ABR-The router which shares two different areas is called Area Border Router
• ASBR- The router which is connected to different protocol is called Autonomous system
boundary router.
Link-State Data Structures

• Neighbor Table
• Also known as the adjacency database
• Contains list of recognized neighbors
• Database Table
• Typically referred to as LSDB
• Contains information about all routers and their attached links in the area or
networks
• Routing Table
• Commonly named as forwarding database
• Contains list of best paths to each destination
OSPF Database

Neighbor Table of Router A

Neighbor Interface

B S0

C S1

10 B
Link State Data base of Router A 1 20
Router Links
S0 20.0.0.0/8
A 5

B 5
A D
C 5
1 S1 1
D 5
10.0.0.0/8 40.0.0.0/8
Routing Table of Router A 15 10
Network Next Hop Cost
C
20.0.0.0/8 B 11
1
30.0.0.0/8 C 16
30.0.0.0/8
40.0.0.0/8 C 26
OSPF Metric calculation

• OSPF metric is not defined in standards

• Every vendor uses a different formula to calculate metric
• OSPF Metric in Cisco = Cost = 108 / Bandwidth in bps
• Ex:
• Serial link 64 Kbps cost =1562
• 1544 Kbps cost = 64
• 2000 Kbps cost = 48
• Ethernet 10 Mbps cost = 10
• FastEthernet 100 Mbps cost = 1
• Gigabit Ethernet 1000 Mbps cost = 1
OSPF Cost calculation

• How much does it cost to reach 40.0.0.0/8 from Router A

10 Mbps B
100 Mbps

S0 20.0.0.0/8

A D
S1 1
10.0.0.0/8 40.0.0.0/8
10 Mbps 1 Gbps

30.0.0.0/8
OSPF Packet Types

1 Hello

2 Database Description

3 Link – State Request

4 Link – State Update

5 Link – State Ack

OSPF Packet Header Format
OSPF Neighbor relationship

Hello
A B C

Hello Hello
HELLO
Router ID
Hello and Dead Intervals *

D E Neighbors
Area ID *
Router Priority

DR/BDR IP Address

Authentication Password *
Stub Area Flag *
* Entry must match on
neighboring routers
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establiashing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Establishing bidirectional Communication
Link State Updates

LSAck

LSU
Link State Updates

LSU
Link State Updates

LSAck

LSU
LSAck
LS Data Structures: LSA Operation

LS Update Packet
LSU
Is Entry in Is
LSA link state sequence no. Ignore LSA
database ? Yes the same ? Yes

No No

A Add to database
Is Go
sequence no. to
Send LSAck higher ? Yes A

Flood LSA
Send LSU
with newer
Run SPF to calculate information
new routing table to source

End End
OSPF Network Types
Adjacency Behavior for a Point-to-Point Link

• A point-to-point link is a single pair of routers.

• Serial line configured with PPP or HDLC protocol.
• No DR or BDR election is required
• OSPF detects this type of link automatically.
Broadcast Multi Access

• Topology like Ethernet and Token Ring is BMA.

• DR and BDR Election is required.
• OSPF detects this type of link automatically
BMA

Neighbor
A

LSU Neighbor Neighbor Neighbor

X X, B, C,D, E A, C, D, E A, B, D, E

A B C

D E
Neighbor Neighbor
A, B, C, E A, B, C, D
BMA

Neighbor
A

Neighbor Neighbor Neighbor

X X, B, C,D, E A, C, D, E A, B, D, E

LSU
A B C

LSU LSU LSU

D E
Neighbor Neighbor
A, B, C, E A, B, C, D
BMA

Neighbor
A

Neighbor Neighbor Neighbor

X X, B, C,D, E A, C, D, E A, B, D, E

LSU LSU
A B C

LSU LSU LSU

D E
Neighbor Neighbor
A, B, C, E A, B, C, D
BMA

Neighbor
A

DR
A B C
P=1 P = 10 P=0

P=1 P=5

BDR
D E
Designated Router and Backup Designated Router

• The router with the highest priority is DR

• The router with second-highest priority is BDR
• The default priority value is 1
• In the case of a tie, the router with highest router ID becomes DR , the second highest
router ID becomes the BDR
• If router priority is 0 it cannot become the DR or BDR
• Router which is not a DR or BDR is called as DROTHER
• DR and BDR election is not preemptive
• We can manually set the priority to force a router to become the DR.
DR/BDR Elections

• Neighbors
• DR/BDR  DROTHER  Full
• DROTHER  DR/BDR  Full
• DROTHER  DROTHER  2 Way
• Updates
• DROTHER  DR/BDR  224.0.0.6
• DR  DROTHER  224.0.0.5
BMA

Neighbor
A

Neighbor Neighbor Neighbor

LSU X, B, E  FULL A, C, D, E  FULL B, E  FULL
X C, D  2WAY A, D  2WAY

LSU DR
A B C
P=1 P = 10 P=0

P=1 P=5

BDR
D E
Neighbor Neighbor
B, E  FULL A, B, C, D  FULL
A, C  2WAY
BMA

Neighbor
A

Neighbor Neighbor Neighbor

X, B, E  FULL A, C, D, E  FULL B, E  FULL
X C, D  2WAY A, D  2WAY

LSU DR
A B C
P=1 P = 10 P=0

LSU LSU
P=1 P=5

BDR
D E
Neighbor Neighbor
B, E  FULL A, B, C, D  FULL
A, C  2WAY
NBMA

• Links like Frame relay, ATM and X.25.

• OSPF considers NBMA as other broadcast media.
• NBMA is not always full-mesh
• DR BDR election depends on type of connection.
NBMA Types

OSPF Mode Adjacency Configured Hello Timer RFC or Cisco

Broadcast DR/BDR Automatic 10 sec Cisco

Nonbroadcast (NBMA) DR/BDR Manual 30 sec RFC

Point-to-Multipoint No DR/BDR Automatic 30 sec RFC

Point-to-Multipoint
No DR/BDR Manual 30 sec Cisco
Nonbroadcast

Point-to-Point No DR/BDR Automatic 10 sec Cisco

Open Shortest Path First (OSPF II)
Why Multiarea OSPF?

• Single-area OSPF is useful in smaller networks. If an area becomes too big, the
following issues must be addressed:

• Large routing table

• Large link-state database (LSDB)
• Frequent SPF algorithm calculations
 Multi Area OSPF

Multiarea OSPF requires a hierarchical network design and the main area is called the backbone area, or
area 0, and all other areas must connect to the backbone area.
Type of OSPF Routers

Area 10 Area 0 Area 300

INT ABR BR ABR INT

ASBR

Other AS
OSPF Summarization
Benefits Of Route Summarization

• Minimizes number of routing table entries

• Localizes the impact of a topology change
• Reduces LSA 3 and 5 flooding and saves CPU resources
 Before Route Summarization

Routing Area 0
Update
10.10.20.0/24
10.10.21.0/24
10.10.22.0/24

Area 2

Routing Routing Routing

Update Update Update
10.10.20.0/24 10.10.21.0/24 10.10.22.0/24

Area 12
10.10.20.0/24 10.10.21.0/24 10.10.22.0/24
 After Route Summarization

Routing Area 0
Summarization Update
10.10.20.0/22

Area 2

Routing Routing Routing

Update Update Update
10.10.20.0/24 10.10.21.0/24 10.10.22.0/24

Area 12
10.10.20.0/24 10.10.21.0/24 10.10.22.0/24
Types Of LSA

LS Types Name

1 Router LSAs

2 Network LSAs

3 Summary LSAs

4 ASBR Summary

5 Autonomous System External LSAs

6 Multicast OSPF LSA

7 Defined for not-so-stubby areas

LSA Type 1: Router LSA

• One Router LSA (type 1) for every router in an area

• Includes list of directly attached links
• Each link identified by IP prefix and link type
• Identified by the router ID of the originating router
• Floods within its area only; does not cross the ABR
LSA Type 1: Router LSA

Area 10
Area 0
LSA1
Router ID - A
11.0.0.0/8
A B C D
11.0.0.1/8
LSA Type 2: Network LSA

• One Network (type 2) LSA for each transit broadcast or NBMA network in an area
• Includes Network ID, subnet mask and list of attached routers on that transit link
• Advertised by the DR of the transit network
• Floods within its area only; does not cross ABR
LSA Type 2: Network LSA

Area 10

B D
Area 0

A
LSA2 DR
Router ID - E
E
11.0.0.0/8 C
LSA Type 3: Summary LSA

• Type 3 LSAs are used to flood network information to areas outside the originating area
(inter-area)
• contains network ID and subnet mask
• Advertised by the ABR of originating area
• Regenerated by subsequent ABRs to flood throughout the autonomous system.
• By default, routes are not summarized and there is one type 3 LSA for every subnet
 LSA Type 3: Summary LSA

Area 10 Area 0 Area 300

LSA1 LSA3 LSA3
Router ID - A Router ID - B Router ID - D
A
11.0.0.0/8 B
11.0.0.0/8 C D
11.0.0.0/8 E
11.0.0.1/8
LSA Type 4: ASBR Summary LSA

• ASBR Summary (type 4) LSAs are used to advertise Router ID of ASBR to all routers in
other areas present in autonomous system
• They are generated by the ABR of the originating area
• They are regenerated by all subsequent ABRs to flood throughout the autonomous
system
• Type 4 LSAs contain only the router ID of the ASBR
LSA Type 4: Summary LSA

Other AS

Area 10 Area 0 Area 300

LSA4 LSA4
Router ID - B Router ID - D
A ASBR - B
A C ASBRD -A E
LSA Type 5: External LSA

• External (type 5) LSAs are used to advertise networks learned from other autonomous
systems
• Type 5 LSAs are advertised and owned by the originating ASBR
• Type 5 LSAs flood throughout the autonomous system
• The advertising router ID (ASBR) is unchanged throughout the autonomous system
• Type 4 LSA is needed to identify ASBR
• By default, routes are not summarized by ASBR
 LSA Type 5: External LSA

Other AS
10.0.0.0/8

Area 10 Area 0 Area 300

LSA5
Router ID – A
A
10.0.0.0/8 B C D E
Types of Routes

Router Designator Description

O LSA 1 Networks from within the area of the router

OSPF interarea Networks from outside the area of the router,

O IA
(summary LSA) but within the OSPF autonomous system

O E1 E1 external routes
Networks outside of the autonomous system of

O E2 E2 external routes
the router
Cost for External Updates

RIP OSPF
Routing Table Routing Table Routing Table Routing Table
RIP OSPF 64 OSPF 64
R
Update
10.10.0.0 Hop=9 O E1 Update
10.10.0.0 Cost=100 O E1 E1 Update
10.10.0.0 Cost=164 O E1 10.10.0.0 Cost=228

A
R 10.11.0.0 Hop=6 B
O 10.11.0.0 Cost=100 C
O E1 10.11.0.0 Cost=164 D
O E1 10.11.0.0 Cost=228

10.10.0.0
10.11.0.0

RIP OSPF
Routing Table Routing Table Routing Table Routing Table
RIP OSPF 64 OSPF 64
Update
R 10.10.0.0 Hop=9 O E2 Update
10.10.0.0 Cost=100 O E2 E2 Update
10.10.0.0 Cost=100 O E2 10.10.0.0 Cost=100

A
R 10.11.0.0 Hop=6 B
O 10.11.0.0 Cost=100 C
O E2 10.11.0.0 Cost=100 D
O E2 10.11.0.0 Cost=100

10.10.0.0
10.11.0.0
Default Routes in OSPF

• OSPF can send Default Route in update

• A default route is sent as an external LSA type (O*E2)
• Static Default Route needs to be defined in Originating router

Router(config)#ip
Router(config)#iproute
route0.0.0.0
0.0.0.00.0.0.0
0.0.0.0<Exit
<ExitInt/next-hop-IP>
Int/next-hop-IP>
Router(config-router)#
Router(config-router)#default-information
default-informationoriginate
originate
Default Routes in OSPF

Area 10
Static Default Route
default-information
A Internet
originate

B C D
OSPF Virtual Link
Defining Virtual Links

• Virtual links are used to connect a discontiguous area to area 0

• A logical connection is built between routers
• Virtual links are recommended for backup or temporary connections
Virtual Links

Area 10 Area 300 Area 0

A B C D E
Virtual Link

F
Configuring Virtual Links

Configuring
ConfiguringVirtual
VirtualLink
Link
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> virtual-link
virtual-link
<router-id>
<router-id>
OSPF Special Area
Stub and Totally Stubby Area Rules

• There should not be an ASBR in the area

• The area should not be Area 0
• No virtual links must pass through the area
• There should be a single ABR (recommended)
Using Stub Areas

• External LSAs are stopped

• Default route is advertised into stub area by the ABR
• All routers in stub area must be configured as stub
Stub Area

Area 10 Area 0 Area 300

LSA3 LSA3 LSA1
Router
Default -B
Route Router ID - D Router ID - E
A B C D E
ABR ABR
STUB AREA

LSA5
Router ID – F
F
ASBR

Other AS
Stub Area Configuration

Configuring
ConfiguringStub
Stubcommand
commandon
onall
allrouter
routerin
inthe
thearea
area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> stub
stub
Using Totally Stubby Areas

• External LSAs are stopped

• Summary LSAs are stopped
• Routing table is reduced to a minimum
• All routers in stub area must be configured as stub
• ABR of stub area must be configured as totally stubby
• This is a Cisco proprietary feature
Totally Stubby Area

Area 10 Area 0 Area 300

LSA3 LSA1
Default Route Router ID - D Router ID - E
A B C D E
TOTALLY ABR ABR
STUBBY AREA

LSA5
Router ID – F
F
ASBR

Other AS
Totally Stubby Configuration

Configuring
Configuringall
allrouters
routersof
ofTotally
TotallyStubby
StubbyArea
Area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> stub
stub

Configuring
ConfiguringArea
AreaBorder
BorderRouter
Routerof
ofTotally
TotallyStubby
StubbyArea
Area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> stub
stub no-summary
no-summary
Not-So-Stubby Areas

• NSSA breaks stub area rules

• ASBR is allowed in NSSA
• Special LSA type 7 defined, sent by ASBR
• ABR converts LSA type 7 to LSA type 5
• ABR does not send default route into NSSA by default
• NSSA is an RFC addendum
NSSA Area

Area 10 Area 0 Area 300

LSA7 LSA5
LSA3 LSA3 LSA1
Router ID – A Router ID-–BB
Router Router ID - D Router ID - E
A B C D E
ABR ABR
NSSA AREA

LSA5
Router ID – F
F
ASBR

Other AS Other AS
NSSA Area Configuration

Configuring
ConfiguringNSSA
NSSAcommand
commandon onall
allrouter
routerin
inthe
thearea
area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> nssa
nssa
Totally Not-So-Stubby Areas

• Totally NSSA Does not accepts summary and external LSAs

• By default, Default Route is advertised by ABR of Totally NSSA
 Totally NSSA Area

Area 10 Area 0 Area 300

LSA7 LSA5 LSA3 LSA1
Router ID – A Router Route
Default ID – B Router ID - D Router ID - E
A B C D E
TOTALLY ABR ABR
NSSA AREA

LSA5
Router ID – F
F
ASBR

Other AS Other AS
Totally NSSA Area Configuration

Configuring
ConfiguringNSSA
NSSAcommand
commandononall
allrouters
routersin
inthe
thearea
area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> nssa
nssa

Configuring
ConfiguringNSSA
NSSAcommand
commandononABR
ABRrouter
routerin
inthe
thearea
area
Router(config-router)#
Router(config-router)#area
area <area-id>
<area-id> nssa
nssa no-summary
no-summary
OSPF Authentication

OSPF supports two types of routing protocol authentication methods

1) Clear Text or Plain Text

2) MD-5 Authentication

Routers will accept the routing information from other routers that have been configured with the same
password or authentication information.
OSPF Authentication

1) Clear Text or Plain Text

Router(conf-if)#ip ospf authentication
Router(conf-if)# ip ospf authentication-key ccnp

2) MD-5 Authentication
Router(conf-if)#ip ospf authentication message-digest
Router(conf-if)# ip ospf message-digest-key key-id md5 ccnp
Route Optimization
Reasons for using Multiple Routing protocols

• Application-specific protocols
• Mismatch between devices (Vendors)
 Redistribution

• This process of exchanging routing information between routing protocols is called

Route Redistribution

Redistribute

OSPF 5 EIGRP 10
Routing Table Routing Table Routing Table

10.10.0.0
OSPF
O 10.10.0.0 DEIGRP
OSPF
192.168.0.0 192.168.0.0
D EIGRP
192.168.0.0

10.11.0.0
Update
O 10.11.0.0
Update 192.168.1.0
Update
D 192.168.1.0
10.12.0.0 BR
D 192.168.1.0
192.168.2.0
O 10.12.0.0 D 192.168.2.0 D 192.168.2.0

O E1 192.168.0.0 O 10.10.0.0 . D Ex 10.10.0.0

O E1 192.168.1.0 O 10.11.0.0 . D Ex 10.11.0.0

O E1 192.168.2.0 O 10.12.0.0 . D Ex 10.12.0.0

Seed Metric

Protocols Metric

RIP Infinite

OSPF 20

IGRP and EIGRP Infinite

IS – IS 0

BGP From IGP

Redistributing into RIP

Redistributing
into RIP
with Hop 6

Protocol RIP
X Routing Table

10.10.0.0 192.168.0.0
R 192.168.0.0 [2]
Routing RIP
10.11.0.0
Update Update
192.168.1.0
R 192.168.1.0 [1]
10.12.0.0 BR 192.168.2.0
R 192.168.2.0 [2]

R 10.10.0.0 [6]

R 10.11.0.0 [6]

R 10.12.0.0 [6]

Configuring
ConfiguringRedistribution
Redistributioninto
intoRIP
RIP
BR(config)#
BR(config)#router
router rip
rip
BR(config-router)#
BR(config-router)#redistribute
redistribute <protocol>
<protocol>
metric
metric <value>
<value>
Redistributing into OSPF

Redistributing
into OSPF 5
with Cost 100
and Subnets
Protocol OSFP 5
X Routing Table

10.10.0.0 192.168.0.0
O 192.168.0.0 [128]
Routing OSPF
10.11.0.0
Update Update
192.168.1.0
O 192.168.1.0 [64]
10.12.0.0 BR 192.168.2.0
O 192.168.2.0 [128]

O E2 10.10.0.0 [100]

O E2 10.11.0.0 [100]

O E2 10.12.0.0 [100]

Configuring
ConfiguringRedistribution
Redistributioninto
intoOSPF
OSPF
BR(config)#
BR(config)#router
router ospf
ospf 55
BR(config-router)#
BR(config-router)#redistribute
redistribute<protocol>
<protocol>
[metric
[metric<value>]
<value>][metric-type
[metric-type 1|2]
1|2]
[subnet]
[subnet]
Redistributing into EIGRP
Redistributing
into EIGRP 10
with BW 2Mbps,
Delay 2000 µs,
Reliblity 100%,
Load 50%,
Protocol MTU 1500 EIGRP 10
X Routing Table

10.10.0.0 192.168.0.0
D 192.168.0.0 [45002100]
Routing EIGRP
10.11.0.0
Update Update
192.168.1.0
D 192.168.1.0 [2100150]
10.12.0.0 BR 192.168.2.0
D 192.168.2.0 [45002100]

D Ex 10.10.0.0 [1200300]

D Ex 10.11.0.0 [1200300]

D Ex 10.12.0.0 [1200300]

Configuring
ConfiguringRedistribution
Redistributioninto
intoEIGRP
EIGRP
BR(config)#
BR(config)#router
router eigrp
eigrp10
10
BR(config-router)#
BR(config-router)#redistribute
redistribute<protocol>
<protocol>
metric
metric <BW
<BWin inKbps>
Kbps> <delay
<delayin
inµs>
µs>
<reliability>
<reliability> <load>
<load> <MTU>
<MTU>
 Passive Interface
Passive Interface is the interface which will not send hello packets on the interface

4 Internet
.10.5.0/2
10
10.10.7.0/24 E0 S0

S3
C
S1
S2

10.10.4.0/24

10
/ 24

.1
.0

0.
2
0.

6.
.1

0/
10

24
S0 S0 S0

S1 S1
A 10.10.3.0/24
B D
E0

10.10.1.0/24
Passive Interface Command

Configuring
ConfiguringPassive
PassiveInterface
Interfacein
inrouting
routingprotocol
protocol

Router(config-router)#
Router(config-router)#passive-interface
passive-interface<type>
<type><No.>
<No.>
Passive Interface

4 Internet
.10.5.0/2
10
10.10.7.0/24 E0 S0

S3
C
S1
S2

10.10.4.0/24

10
/ 24

.1
.0

0.
2
0.

6.
.1

0/
10

24
S0 S0 S0

S1 S1
A 10.10.3.0/24
B D
E0 A(config)#router rip
A(config-router)#passive-interface s 1
10.10.1.0/24 C(config)#router rip
C(config-router)#default passive-interface
C(config-router)#no passive-interface s 3
Distribute Lists

• Distribute List is a method of filtering routing updates.

• Filtering can be inbound or outbound.

• Distribute List will be applied in router mode.

Distribute List
Router B
Should no send
Any update except
192.168.2.0/24

EIGRP 100 S1 S1 EIGRP 100 S0 S0

192.168.1.0 192.168.1.0
A B D
E0 E0 E0

192.168.1.0/24 192.168.2.0/24 192.168.3.0/24

B(config-router)#distribute-list 10 out s 0
Configuring
ConfiguringDistribute-list
Distribute-list
B(config-router)#distribute-list 10 out s 1 on
onRouter
RouterBB
Router(config)#
Router(config)# Router
Routereigrp
eigrp100100
B(config)#access-list 10 permit 192.168.2.0 0.0.0.255
Router(config-router)#
Router(config-router)#distribute-list
distribute-list<ACL-No.>
<ACL-No.><in <in//out
out>
>
<int
<inttype>
type><No.>
<No.>
Distribute List

Redistributing
into OSPF 5
Excepts subnet
10.11.0.0/24
Protocol OSPF 5
X Routing Table

10.10.0.0 192.168.0.0
O 192.168.0.0 [128]
Routing OSPF
10.11.0.0
Update Update
192.168.1.0
O 192.168.1.0 [64]
10.12.0.0 BR 192.168.2.0
O 192.168.2.0 [128]

O E2 10.10.0.0 [100]

O E2 10.11.0.0 [100]

O E2 10.12.0.0 [100]

Configuring
ConfiguringDistribute-list
Distribute-liston
onRouter
RouterBB
Router(config)#
Router(config)#Router
Routerospf
ospf55
Router(config-router)#
Router(config-router)#distribute-list
distribute-list<ACL-No.>
<ACL-No.> outout
<protocol>
<protocol>
Route Map
ROUTE Maps

• Route maps work like a scripting language

• It works like a sophisticated access-list
• Top down processing
• Once a match is found , the remaining statements are no longer processed
• Route maps are configured with sequence numbers for easy editing i.e. for
adding ,removing and inserting new statements.
• Route maps are identified by names
• Route maps will follow “IF THEN ELSE” criteria
ROUTE MAPS – Usage

• Route maps are used for

• policy based routing
• BGP policy
• Redistribution
• NAT
• QoS
Configuration Of Route MAP

Configure
ConfigureRoute
RouteMap
Map

Router(config)#
Router(config)#Route-map
Route-map<name>
<name>permit/deny
permit/deny<Sequence
<SequenceNo.>
No.>

Defining
Definingthe
thecondition
conditionto
toMatch
Match

Router(config-route-map)#match
Router(config-route-map)#match<condition>
<condition>

Defining
Definingthe
thecondition
conditionto
toSet
Set

Router(config-route-map)#set
Router(config-route-map)#set<condition>
<condition>
Policy Based Routing
POLICY BASED Routing

• It is used for implementing a policy that causes the packet to take a different direction
• Routing table is destination based
• PBR allows source based routing
POLICY BASED Routing

• ADVANTAGES
• Different users can use different paths to reach the destination
• Load sharing
POLICY BASED Routing

Features
• Implemented in the incoming direction of the source interface
• If a match is found in the route map and it is permitted , the packet will be sent
according to the policy
• If a match is found in the route map and it’s not permitted , then it will be forwarded
according to the normal routing table.
• If there is no match th Route-map the packet will be forwarded according to routing
table
Before POLICY BASED ROUTING

192.168.2.0/24

11.0.0.1

K b i
2
51
S1

Internet
A
S0
20
00
Kb

Routing Table
B
S* 0.0.0.0/0 S0

S* 0.0.0.0/0 S1
192.168.1.0/24
POLICY BASED Routing

192.168.2.0/24
Policy

11.0.0.1 192.168.1.0  S0

192.168.2.0  S1
K b i
2
51
S1

Internet
A
S0
20
00
Kb

Routing Table

11.0.0.1 B
S* 0.0.0.0/0 S0

S* 0.0.0.0/0 S1
192.168.1.0/24
Defining Policies For PBR

Configure
ConfigureRoute
RouteMap
Map

Router(config)#
Router(config)#Route-map
Route-map<name>
<name>permit/deny
permit/deny<Sequence
<SequenceNo.>
No.>

Defining
Definingthe
thecondition
conditionto
toMatch
Match
Router(config-route-map)#match
Router(config-route-map)#matchip
ipaddress
address<ACL-No.>
<ACL-No.>
Or
Or
Router(config-route-map)#match
Router(config-route-map)#matchinterface
interface<type>
<type><No.>
<No.>

Defining
Definingthe
thecondition
conditionto
toSet
Set
Router(config-route-map)#set
Router(config-route-map)#setip
ipnext-hop
next-hop<next-hop
<next-hopIP>
IP>
Or
Or
Router(config-route-map)#set
Router(config-route-map)#setinterface
interface<type>
<type><No.>
<No.>
Implementing PBR

Implementation
ImplementationOf
OfPBR
PBR

Router(config-if)#
Router(config-if)#ip
ippolicy
policyroute-map
route-map<name>
<name>
Border Gateway Protocol (BGP)
Autonomous System

With in AS IGP works ex. AS

RIP, OSPF, EIGRP, ISIS

AS

Between AS
EGP works
BGP

AS

• Autonomous System is a set of routers under a single technical administration, using

an interior gateway protocol and common metrics to route packets within the AS
IANA

The IANA is responsible for allocating AS numbers through five Regional Internet Registries (RIRs).
Connection Redundancy

Connecting to One ISP Connecting to Two or more ISPs

Single-homed Multihomed

Dual-homed Dual-multihomed
When to use BGP

• BGP is more appropriate if one of the following conditions exist

• A.S. Is working as transit A.S. (Ex. ISP)
• A.S is connected to multiple A.Ss
• The traffic path for data entering or leaving the A.S. needs to manipulated
When not to use BGP

• BGP is not recommended if one or more following conditions exist

• If it is a Single-homed A.S
• Lack of resources like memory and processing power in routers
• Low bandwidth link between A.Ss
• Limited understanding about BGP route filtering and path selection processes
BGP Features

• Open Standard
• Advanced distance vector protocol
• Path vector protocol
• Classless.
• Support FLSM, VLSM, CIDR, auto and manual summary (BGP-4)
• It is an Exterior Gateway protocol
• Designed to scale up for a huge inter-network like the Internet.
• Updates are incremental and triggered.
BGP Features (continued)

• It sends updates to manually defined neighbors as unicast

• BGP is an application layer protocol, uses TCP for reliability, TCP port 179
• Metric = Attributes
• Administrative distance
• 20 External updates
• 200 Internal updates
• BGP is not designed for load balancing. Uses only one path per network
Path Vector
AS path : 200, 2007
11.0.0.0/8
12.0.0.0/8
007
: 2 /8 AS200
h
pat .0.0 /8 AS805
0 .0 AS805
AS 11. 0.0
.
12

AS 2007 AS path :
2019, 799, 2007
11.0.0.0/8 11.0.0.0/8
12.0.0.0/8 12.0.0.0/8

AS p
at
AS2019
11.0 h : 200
7
12.0 .0.0/8 AS799
.0.0
/8
9, 2007
pat h : 79 /8
AS 0.0
11.0. .0/8
0
12.0.
Path Vector
AS path : 200, 2007
11.0.0.0/8
12.0.0.0/8
07 AS805
0
: 2 /8
AS200
ath 0.0 8
S p 0. .0/
A 11. 0.0
.
12

AS 2007 AS path :
11.0.0.0/8 2019, 799, 2007
12.0.0.0/8 11.0.0.0/8
12.0.0.0/8
AS p
at
11.0 h : 200
7
12.0 .0.0/8 AS799 AS2019
.0.0
/8
AS path : 799, 2007
11.0.0.0/8
12.0.0.0/8
Path Vector

• IGPs announce networks and cost to reach those networks.

• BGP announces pathways and the networks that are reachable at the end of the pathway. BGP
uses Attribute as Metric.
• AS Path is one of the attribute of BGP. Path with less AS hop is best path.
BGP Databases

• Neighbor table
• List of BGP neighbours
• BGP forwarding table/database
• List of all networks learned from each neighbor.
• Can contain multiple pathways to destination networks
• Database contains BGP attributes for each pathway
• IP routing table
• List of best paths to destination networks
BGP Message Type

OPEN

Keep-Alive

Update

Notification
BGP Neighbors

• BGP neighbors are routers forming a TCP connection for exchanging BGP updates. Also called as
BGP Peers or BGP Speakers.
• Two type of BGP neighbor relationship.
• IBGP ( Internal BGP)
• EBGP (External BGP)
BGP Neighbors

R3 S1
S0
AS 110
S2 S2
IBGP
R2 S0 R5
S0 S1
S1
S0 S1
S1 EBGP S0
EBGP
R4
D
R1 R6
AS 5252 AS 2121
IBGP: Router Forming neighbor relationship within A.S.
IBGP neighbors doesn't need to be directly connected
EBGP: Router Forming neighbor relationship between two different A.S.
EBGP neighbors need to be directly connected – though there may be
exceptions to this
BGP Configuration

Configuring
ConfiguringBGP
BGPRouting
RoutingProtocol
Protocol
Router(config)#
Router(config)#router
router bgp
bgp <AS
<ASno.>
no.>

Configuring
ConfiguringBGP
BGPRouting
RoutingProtocol
Protocol
Router(config-router)#
Router(config-router)#network
network <network
<networkID>
ID>
[mask
[mask<subnet
<subnet mask>
mask>

• Only one instance of BGP per Router

• Same network prefix must exist in routing table
• Network may not be directly connected
• Network without subnet mask will take classful mask
BGP Configuration

Configuring
ConfiguringBGP
BGPRouting
RoutingProtocol
Protocol
Router(config-router)#
Router(config-router)#neighbor
neighbor<IP-Address>
<IP-Address>
remote-as
remote-as<AS
<ASNo.>
No.>

• Router should have a route in the normal routing table to reach neighbor
• Same command for IBGP and EBGP neighbor ,only the AS number will be different for an EBGP
neighbor.
BGP Routing Issue

OSPF S1
S0 A
AS 110
S2
IBGP Route S2 EBGP Route
11.0.0.0/8 IBGP 11.0.0.0/8
S0 B S0 C S1
S0 S1
S1 EBGP S0
EBGP D
EBGP Route
11.0.0.0/8
F E
11.0.0.0/8 AS 2121
AS 5252
BGP Routing Issue

OSPF S1
S0 A
AS 110
S2
S2 Routing Table

IBGP Pro
DATA for
Network Int
11.0.0.1
S0 B S0
B C
11.0.0.0/8 S1S0
S0 Routing Table
S1
DATA for
S1
Pro 11.0.0.1
Network Int
S0
EBGP EBGP
D route
11.0.0.0/8 ? Routing Table

Pro DATA for

Network Int

11.0.0.1
F B E
11.0.0.0/8 S0

11.0.0.0/8 AS 2121
AS 5252

Solution :
• Redistribute BGP into IGP (Not recommended)
• Run BGP on All transit routers (routers coming in path from one A.S to other)
Split Horizon in BGP

OSPF S1
S0 A
AS 110
S2
IBGP Route S2
11.0.0.0/8 IGP
S0 B S0 C S1
S0 S1
S1 EBGP S0
EBGP D
EBGP Route
11.0.0.0/8
F E
11.0.0.0/8 AS 2121
AS 5252

Split Horizon :
• Updates coming from IBGP neighbor cannot be forwarded to other IBGP neighbors
Full Mesh IBGP Neighbor

OSPF S1
S0 A
AS 110
S2
IBGP S2 IBGP
IBGP Route
Route EBGP Route
11.0.0.0/8
11.0.0.0/8 11.0.0.0/8
S0 B S0 C S1
S0 S1
S1 EBGP S0
EBGP D
EBGP Route
11.0.0.0/8
F E
11.0.0.0/8 AS 2121
AS 5252

Solution:
• Configure full mesh IBGP neighbor relationship OR
• Use Route Reflector
BGP - Star Topology

OSPF S1
S0 A
AS 110
S2
S2
S2 IBGP
IBGP Route
11.0.0.0/8
S0 S0 C S1
B S0

S1 EBGP S0
EBGP D
EBGP Route
11.0.0.0/8 EBGP
F E
11.0.0.0/8 AS 2121
AS 5252
F
Problems : AS 5251
• In Star topology same routing updates to different router need to pass through hub router
• This creates repetition of same updates
• BGP in full mesh creates (n X (n -1))/2 IBGP Neighbor relationship
Route Reflector

IBGP Route R R Server

11.0.0.0/8 S1
OSPF
S0 A
AS 110
S2
S2
IBGP Route S2 IBGP
R R Client 11.0.0.0/8 R R Client
S0 B S0 C S1
S0

S1 EBGP S0
EBGP D
EBGP Route R R Client
11.0.0.0/8 EBGP
F E
11.0.0.0/8 AS 2121
AS 5252
F
AS 5251
Route Reflector

• A Route Reflector is one method of disabling Split Horizon in BGP.

• By using Route Reflector, routers are divided into two roles

1) Route Reflector Server

2) Route Reflector Client
• Route Reflector client will update server, then server will update remaining clients.
BGP Synchronization

OSPF S1
S0 A
AS 110
S2
IBGP Route S2 IBGP
11.0.0.0/8
S0 B S0 C S1
S0 S1
S1 EBGP S0
EBGP D
EBGP Route
11.0.0.0/8
F E
11.0.0.0/8 AS 2121
AS 5252

BGP Synchronization Rule :

• If updates are received from IBGP neighbor, it cannot be used in routing table nor sent to other
EBGP neighbor till same update comes from Interior Gateway Protocol.
BGP States

Idle

Connect Active

Open Sent

Open Confirm

Establish
Border Gateway Protocol
(BGP - Day -2)
BGP Neighbor

1.81 1.94
S0 A S1
1.82
S1 AS 110 1.93
S0
IBGP
B C
1.85 1.90
In router B
S0 1.86 1.89
Interface loopback 12
S1 S0 S1 In router C
IP add 10.10.0.1/24 Interface loopback 1
Router BGP 110 IP add 10.20.0.1/24
neighbor 10.20.0.1 Router BGP 110
D neighbor 10.10.0.1

Loopback interface should be used for forming neighbor relationship.

BGP messages
Destination IP = Neighbor IP
Source IP = Primary IP of Outgoing Interface
BGP check source IP in its neighbor command, if no match Message will be discarded.
 BGP Neighbor

1.81 1.94
S0 A S1
1.82
S1 AS 110 1.93
S0
IBGP
B CC
1.85 1.90
1.86 1.89
In router B S0 1.89 S1
Interface loopback 12 S1 S0 In router C
IP add 10.10.0.1/24 S0 Interface loopback 1
Router BGP 110 IP add 10.20.0.1/24
neighbor 10.20.0.1 D Router BGP 110
neighbor 10.10.0.1
On
OnRouter
RouterBB
B(config)#router
B(config)#routerBGP
BGP110
110
B(config-router)#neighbor
B(config-router)#neighbor10.20.0.1
10.20.0.1remote-as
remote-as110
110
B(config-router)#neighbor
B(config-router)#neighbor10.20.0.1
10.20.0.1update-source
update-sourceloopback
loopback12
12
B(config)#int
B(config)#intloopback
loopback12
12
B(config-if)#ip
B(config-if)#ip add 10.10.0.1255.255.255.0
add 10.10.0.1 255.255.255.0
EBGP Neighbor

10.0.1.1/30 10.0.1.2/30
S0 S0
A S1 S1 B
10.0.2.1/30 10.0.2.2/30

AS 278 AS 523

On
OnRouter
RouterAA
A(config)#router
A(config)#routerBGP
BGP278
278
A(config-router)#neighbor
A(config-router)#neighbor10.20.0.1
10.20.0.1remote-as
remote-as523
523
A(config-router)#neighbor
A(config-router)#neighbor10.20.0.1
10.20.0.1update-source
update-sourceloopback
loopback12
12
A(config-router)#neighbor
A(config-router)#neighbor10.20.0.1
10.20.0.1ebgp-multihop
ebgp-multihop22
A(config)#int
A(config)#intloopback
loopback12
12
A(config-if)#ip
A(config-if)#ipadd
add10.10.
10.10.0.1
0.1255.255.255.0
255.255.255.0
A(config)#ip
A(config)#iproute
route10.20.
10.20.0.0
0.0255.255.255.0
255.255.255.0ss00
A(config)#ip
A(config)#iproute
route10.20.0.0
10.20.0.0255.255.255.0
255.255.255.0ss11
Next Hop in BGP

AS 5252
OSPF NH 192.168.1.1
AS 110 B 11.0.0.0/8

S2
A
2.1 IBGP NH S 1
1
.0 .1 B 192 0 , 5
.0 6 8 ,
1 1 .1 2
1 1 .1 2
. 0 .1
S0 S0
B 1 9 2 52 5

.0 6 8 52
/8
B C S1 . 0 .3
S

1.2 2.2 .0 .1
NH A

/8
3.1
S1 3.2
1.1 EBGP S0
EBGP

F E
11.0.0.0/8 AS 2121
AS 5252

BGP is an AS-by-AS routing protocol, not a router-by-router routing protocol.

next hop ≠ next router,
the Next-hop IP address used to reach the next AS.
Next Hop in BGP

OSPF AS 5252
AS 110 AS 5252,NH 1.1
NH 192.168.2.1
B 11.0.0.0/8
B 11.0.0.0/8 S2
S2 A
NH S 1
2.1 IBGP 1
B 192 0, 5
.0 .1 11 .1 2
S0 S0 S1
11 .1 52

.0 68 52
.0 .1
B C
B 192 52

.0 .3
.0 68
/8
1.2 2.2 3.1 .0 .1
S

/8
NH A

S1 3.2
1.1 EBGP S0
EBGP

F E
11.0.0.0/8 AS 2121
AS 5252

If Router C doesn't know how to reach 1.1 it cannot reach 11.0.0.0

network.
B(config-router)#neighbor 192.168.2.2 next-hop-self
BGP Troubleshooting

• Clearing BGP neighbor relationship

• On modification or implementation of new policy, BGP takes time to show results. For
instant implementation of policies, resetting BGP peers is required.
• R#clear ip bgp *| <neighbor IP>
• BGP resets connection and starts from Idle State.

• R#clear ip bgp *| <neighbor IP> soft out|in

• Clears only BGP updates, TCP connection will not be reset.

• If BGP State is Idle or Active for long time.

• Check for neighbor command in both routers.
• Check whether a route exists in routing table to reach neighbor.
BGP Summarization

• BGP Supports auto and manual summary.

• Manual summary can be done at any point in network.
• Summary can carry network belonging to multiple A.S.

R(config-Router)#aggregate-address <network> <mask> [summary-only]

BGP Authentication

• BGP supports MD-5 authentication.

• Configure a “key” (password); router generates a message digest, or hash, of the key
and the message.
• Message digest is sent; key is not sent.

Router(config-router)# neighbor <neighbor IP address> password <string>

BGP Metric
• BGP metrics are called Attributes or Rich Metrics.
• BGP attribute types:
• Well Known
• Recognized by all the vendors.
• Optional
• May not be recognized by every vendor
• Mandatory
• Must be present in all updates.
• Discretionary
• May be present or not in updates
• Transitive
• Must be sent to other neighbors.
• Non transitive
• Only for that router. Should not be passed to neighbors.
• Partial
• Proprietary
BGP Attributes

• Some BGP Attributes :

• AS Path
• Next hop
• Origin
• Local preference
• Multi Exit Discriminator
• Weight
AS Path

• AS Path : List of AS through which updates has traversed.

• Path with shortest AS path list is more desirable.
• AS Path is a well known, mandatory and transitive attribute.

AS path : 2007 AS path : 200, 2007

11.0.0.0/8 11.0.0.0/8
12.0.0.0/8 12.0.0.0/8
AS 2007
AS200
11.0.0.0/8 AS2003
12.0.0.0/8
Next Hop

• BGP is AS by AS routing Protocol

• Next hop ≠ next router
• Next hop = IP to reach next AS
• Next hop well known, mandatory and transitive attribute.

AS 110
AS 123 AS 123
NH 192.168.1.1 NH 192.168.1.1
AS 123 B 11.0.0.0/8 B 11.0.0.0/8
S2
S1 2.1 IBGP
S0 S0
11.0.0.0/8 1.1
1.2 B 2.2 C
F
Origin

• Origin informs all ASs in Internetwork how network got introduced into BGP.

• IGP (i)
• network command
• EGP (e)
• Redistributed from EGP
• Incomplete (?)
• Redistributed from IGP or static

• The origin attribute is well-known, mandatory, and transitive.

• “I” is better then “e” and “e” is better then “?”
Local Preference

• Local preference defines how data traffic should exit from an AS.
• Default value is 100
• Path with highest preference value is more desirable.
• It is advertised only to IBGP neighbor within an AS.
• Local preference is Well known, discretionary and transitive only to IBGP neighbor.
Local Preference
Local Preference

AS 21117,178
LP 100
B 11.0.0.0/8 AS 21117,178
A B 11.0.0.0/8
C AS 21117
My AS

AS 123
122 250 8
B1
LP .0.0/
0,1
1.0

25,
179

BB
AS 1 .0.0.0/8
B 11
220,1
25,17
9

AS 1220 AS 125 AS 179

11.0.0.0/8
Local Preference

A 11.0.0.1 LP 100
CC AS 21117
My
AS 123

B
LP 250

AS 1220 AS 125 AS 179

11.0.0.0/8
MED

• MED define how the data traffic should enter an AS.

• Default is value 0.
• Path with less MED is more desirable.
• MED is used to advertised to EBGP neighbor only.
• MED is optional and non transitive
MED

Metric
A B 192.1 20
5.2.0/2
4
My
AS 123
192.15.2.0/24 C
AS 12200
t ri c 500
Me .2.0/24
15
B B 192.
MED

My
AS 123
192.15.2.1
192.15.2.0/24
C
AS 12200

B
WEIGHT

11.0.0.1 Weight 300

AA
My
AS 123 Weight 500 C AS 21117

AS 1220 AS 179
11.0.0.0/8
WEIGHT

• Weight is Cisco’s attribute.

• Path with the highest weight is more desirable.
• Default weight is 32768 for local network and 0 for other.
• Weight is configured locally to each router, it is not advertised to any neighbor.
• Weight is partial attribute.
BGP Path Selection Processes

BGP Consider only (synchronized), no AS loops and a valid next hop

route for path selection processes:
• Prefer highest weight (local to router)
• Prefer highest local preference (global within AS)
• Prefer route originated by the local router (next hop = 0.0.0.0)
• Prefer shortest AS path
• Prefer lowest origin code (IGP < EGP < incomplete)
• Prefer lowest MED (from other AS)
• Prefer a path from EBGP neighbor over IBGP neighbor
• Prefer the path through the closest IGP neighbor
• Prefer oldest route for EBGP neighbor
• Prefer the path with the lowest neighbor BGP router ID
Route Map for BGP policy

13.0.0.1
11.0.0.1
12.0.0.1
14.0.0.1

A LP 100
C AS 21117
My
12.0.0.0/8
AS 123

B
LP 250

AS 1220 AS 125 AS 179

11.0.0.0/8
14.0.0.0/8 13.0.0.0/8
Route Map for BGP policy

A LP 100
C AS 21117
My
AS 123

B
Route-map BGP
Match IP add 11.0.0.0
Set Local preference 250

AS 1220 AS 125 AS 179

11.0.0.0/8
Multi-homing AS

Global
ISP X
ISP A
112.0.0.0/8
C
My
A AS 123

ISP B
B 61.0.0.0/8 Global
ISP Y
IPv6
Why Do We Need IPV6

s s!
d re
A d
v 4
e IP
o r
o M
N
Why Do We Need a Larger Address Space?

• Internet population has grown exponentially

• Millions of Mobile users

• Transportation

• Consumer devices

• No. of Websites - again exponential growth

IPV4 vs IPV6

Features IPv4 IPv6

Notation Dotted Decimal Notation Hexadecimal Notation with Colon
Example: Example: 2001:03BB:B5A1:52FF:
10.0.1.100 FEA5:4564:0112:1202

Address Size 32-bits 128-bits

Number of 232 = 2128 =
Address 4,294,967,296 Addresses 340,282,366,920,938,463,463,3
74,607,431,768,211,459
Addresses
Packet - Support broadcasting - No broadcasting, IPv6 using
Broadcast multicast.
IPv6 Advantages
IPv4 vs IPv6
IPv6 Address Representation

• IPv6 Format : x:x:x:x:x:x:x:x

• where x is 16 bits Hexadecimal
• Leading zeros in a x field are optional
• Successive x Fields of 0 can be represented as :: but only once
• Eg. 2031:0000:0000:013f:0000:0000:0000:0001
IPv6 Address Type

• Unicast
• Multicast
• Anycast
Unicast

• There are three type of unicast address

• Global Unicast
• Unique Local
• Link-Local
Unicast

Address Scope

Global
Unique-Local
Link-Local
Global Unicast

• Allows computers to communicate on the internet.

• The Internet Assigned Numbers Authority (IANA )delegates the current global address’s
prefix as 2000::/3.
Link Local
• Enables communication within local link (local physical network) only.

• Equivalent to Automatic Private IP Addressing (APIPA)

• The first 10 bits of link-local IP address is set to 1111111010, which is equals to FE80 when it is
converted to hexadecimal.

• A link-local IP address is always begins with FE80.

Unique Local
• Equivalent to private IPv4 addresses

• Packets are routed within an organization , and not outside it on the public internet.

• In IPv4, these addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.

• IPv6’s site-local addresses have set the first 10 bits to 1111111011, which equals to FC00.
Where do IP addresses come from?

Standards

Allocation

Regional Internet Registries (RIRs) Allocation

distribute IPv4, IPv6, and AS numbers
to the Internet community

Assignment USER
Multicasting

Group ID

0 Permanent
Flag =
1 Temporary

F F Flag Scope

1 Int Local

2 Link Local

3 Subnet Local

Scope = 4 Admin Local

5 Site Local

8 Organization

E Global
Multicast Scope
ANYCAST
Anycast

IP 2001:1::1(anycast IP) IP 2001:1::1(Anycast IP)

IP 2001::1/64

IP 2001::2/64
2002::1
GW 2001::1
DNS 2001:1::1
Anycast

• One to nearest one

• Two or more devices share same anycast IP
• Nearest one will be decided by router by its routing protocol
• Anycast should give same type of service
• Anycast IP is used from Unicast range
ARP
Router Discovery
IPV6 Stateless Auto Configuration

• Device will assign IP address automatically by using stateless auto configuration.

• Extended universal identifier (EUI)-64 format to do stateless auto configuration
• This format expands the 48-bit MAC address to 64 bits by inserting “FFFE” into the
middle of MAC address.
• 7th initial bit of MAC will be always “1”
EUI-64 To IPv6

00 90 27 17 FC 0F

02 90 27 FF FE 17 FC 0F

0290:27FF:FE17:FC0F
Special IPV6 Addresses
IPV6 Routing Protocols
IPv6 Routing Protocols

• Static
• RIPng
• OSPFv3
• ISIS for IPv6
• EIGRP For IPv6
• MP BGP
RIPNG
RIPng

• RIP for IPv6

• Based on RIPV2, with enhancements
• Distributes IPv6 prefixes
• RIPng sends updates on UDP port 521 using the multicast group FF02::9.
OSPF v3
OSPFv3

• OSPF for IPv6

• Based on OSPFv2, with enhancements
• Distributes IPv6 prefixes
• Runs directly over IPv6
• Ships-in-the-night with OSPFv2
OSPFv3 / OSPFv2 Similarities

• Link-State Protocol
• SPF or Dijkstra algorithm
• Basic packet types
• Mechanisms for neighbor discovery and adjacency formation
• Same Interface types
• LSA flooding and aging mechanism
• OSPFv3 still uses Router ID from IPv4 Address
OSPFv3 / OSPFv2 Differences

OSPF v2 OSPF v3

• Runs over subnet • Runs Over a Link

• One instance per link • Multiple instance per link
• Clear text or MD5 authentication • Uses standard authentication

supported by IPv6 I.E. IPSec

• Router should be on the same • Router belonging to different

subnet to form neighbors. subnet can become neighbor

• Uses Primary IP of outgoing • Uses link local address as source

interface as source of updates of updates

EIGRPV6
EIGRPV6

• EIGRP for IPv6

• Uses Multicast address FF02::A
• EIGRPV6 remains in shutdown state until no shutdown is given.
• Manually need to configure Router-ID in EIGRPV6
• EIGRPV6 also uses DUAL algoritham
IPV4 to IPV6
IPv6 – IPv4 Transition

• Transition Richness
• No Fixed day or time Due date for IPv4 to IPv6
• Smooth transition from IPv4 to IPv6
• Use Dual Stack or 6to4 tunnel
• IPv4 to IPv6 host can communicate
IPv4-IPv6 Transition and Co-Existence

• A wide range of techniques have been identified and implemented, basically falling into
three categories:
• Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and
networks
• Tunneling techniques, to avoid order dependencies when upgrading hosts, routers,
or regions
• Translation techniques, to allow IPv6-only devices to communicate with IPv4-only
devices.
DUAL Stack
• The term dual stacks means that the host or router uses both IPv4 and IPv6 at the same
time.

Dual-Stack interface Ethernet0

ip address 192.168.99.1 255.255.255.0
Router ipv6 address 2001:410:213:1::/64 eui-64
IPv6 and IPv4
Network
IPv4: 192.168.99.1
IPv6: 2001:410:213:1::/64 eui-64

• Cisco IOS is IPv6-enabled:

– If IPv4 and IPv6 are configured on one interface, the router is dual-stacked
 IPv6 over IPv4 Tunnels

Transport Header
IPv6 Header Data

IPv6 Host Dual-Stack Dual-Stack IPv6 Host

Router Router
IPv6 IPv4 IPv6
Network Network Network

Tunnel: IPv6 in IPv4 packet

Transport Header
IPv4 Header IPv6 Header Data

1. Tunneling is encapsulating the IPv6 packet in the IPv4 packet

2. Tunneling can be used by routers and hosts
NAT-PT
2001::5 <=> 172.16.0.5
2001:3:0A00:0001 <=> 10.0.0.1
IPv4-only network NAT-PT IPv6-only
network

IPv4 Host IPv6 Host

10.0.0.1 2001::5

2001:3:0A00:0001 2001::5 DATA

10.0.0.1 172.16.0.5 DATA

Virtual Private Network
Virtual Private Networking
VPN Services

• Services Offered by VPN are:

– Data Security
– Data Integrity (Data Integrity protects data from interception and modification. So integrity ensures data has not
been altered when in transmit. In the case with VPN's, data has not been intercepted and changed when traveling
from one VPN gateway to another VPN gateway

– Authentication

– Anti-Replay (is a sub-protocol of IPsec that is part of Internet Engineering Task Force (IETF). The main goal of anti-
replay is to avoid hackers injecting or making changes in packets that travel from a source to a destination)

– Tunneling
Devices Supports VPN

Routers

Firewall

VPN concentrator

Servers

Cisco VPN Client v 5

VPN Types

• Remote-access
– Client-initiated
– Network access server

• Site-to-site
– Intranet
– Extranet
Remote Access VPN

Head Office

Client Initiated VPN

IP
/
Internet

RAS

Network Access Server

Site to Site

Head Office
Intranet
Branch Office
IP
/
Internet

Business Partner
Extranet
Encryption at Several Layers
Tunneling Protocols
Generic Routing Protocol
Generic Routing Encapsulation

2.2.2.3 IP 61.0.0.5

Data 192.168.1.10
Data 192.168.1.10
192.168.2.20 /
192.168.2.20
Data 192.168.1.10 192.168.2.20

192.168.1.10 Internet 192.168.2.20

Data 192.168.1.10 192.168.2.20 2.2.2.3 61.0.0.5

Data 192.168.1.10 192.168.2.20 2.2.2.3 61.0.0.5
 IPSEC VPN
IPSEC VPN
IPSec

• IPSec is a open standard (IETF)

• Network layer protocol
• It provides Data security and tunneling services
• It is a framework consisting of many open standards providing encryption , authentication, key
exchange and data integrity.
• Scales from small to very large networks
• It can Work only for IP unicast traffic
• IPSec over GRE is used for protecting non-IP or Multicast traffic
IPSec over GRE

NO
User Data Encryption

YES

NO
GRE / L2TP IP Unicast

YES

IPSec Send
IPSec Modes

• IPSec modes:

– Tunnel Mode
– Tunnel mode creates a new additional IP header with data encryption
– Transport mode
– just encrypt data without adding new IP header
IPSEC PROTOCOLS
IPSec Protocols

• Negotiation protocol
– IKE /ISAKMP
• Security Protocol
– ESP
– AH
IPSec Protocols
• Encryption
– DES
– 3DES
– AES
• Hash
– MD5
– SHA
• Authentication
– Pre-share key
– Username/Password
– OTP
• Password Protection (Diffie-Hellman for password exchange)
– DH Group 1
– DH Group 2
– DH Group 5
IKE
Internet Key Exchange

• IKE solves the problems of manual and unsalable implementation of IPSec by automating the
Negotiation Process
– Automatic key generation, negotiation and implementation
– Negotiation of SA characteristics
– Manageable manual configuration
 IKE Negotiation

Branch X
2600 Head Office

Policy 1
Encryption: 3DES
Hash: SHA
IP 3800
Policy 1
Authentication: Pre Share
DH 2
/ Encryption: AES
Hash: SHA
Policy 2 Internet Authentication: Pre Share
DH 2
Encryption: DES
Hash: MD5 Policy 2
Authentication: Pre Share Branch Y Encryption: 3DES
DH 2 2500 Hash: SHA
Authentication: Pre Share
DH 2
Policy 1
Encryption: DES Policy 3
Hash: MD5 Encryption: DES
Authentication: Pre Share Hash: MD5
DH 2 Authentication: Pre Share
DH 2
ESP & AH
Encapsulating Security Payload

• ESP protocol ID 50
• Provides framework for encrypting, authenticating and data integrity. Optional Anti-replay

Original L2 IP Header TCP / UDP Head DATA

Transport Mode L2 IP Header ESP Head TCP / UDP Head DATA ESP Tail ESP Auth

New IP
Tunnel Mode L2 ESP Head IP Head TCP / UDP Head DATA ESP Tail ESP Auth
Header
Authentication Header

• AH protocol ID 51
• Provides framework for authenticating and data integrity. Optional Anti-
Replay

Original L2 IP Header TCP / UDP Head DATA

Transport Mode L2 IP Header AH Head TCP / UDP Head DATA

Tunnel Mode L2 New IP Header AH Head IP Head TCP / UDP Head DATA
DMVPN
• DMVPN allows a vpn tunnel to dynamically created and torn down between two remote
sites.

• DMVPN uses NHRP and multipoint GRE to perform this operation.

SWITCH
Layer 2 Switching

• Hardware-based bridging
• Wire-speed performance
• High-speed scalability
• Low latency
• Uses MAC address

Switch
Layer 3 Switching

• Hardware-based packet forwarding

• High-performance
packet switching
• Flow accounting
• Layer 3 security
• Policy deployment Layer 3 switch
Multilayer Switching

• Combines functionality of:

– Layer 2 switching
– Layer 3 switching
– Layer 4 switching
• High-speed scalability Multi layer switch
• Low latency
Types of switches
Types of switches

• Access Layer:
• Access Layer switches are used to connect end devices to the network
• Access Layer Switches used to provide Layer2 ( VLAN) connectivity between users.
• Ex: 2950,2960 switches

• Distribution Layer:
• Distribution Layer switches are used to interconnect access layer switches to core layer switches.
• Distribution Layer is a Layer 3 Boundary where routing meets the VLANs of access layer switches.
• Ex: 3550,3560,3750,4500 Switches

• Core Layer
• Core Layer provides interconnectivity between all distribution layer switches.
• Core Layer is sometimes also called as Backbone must be capable of forwarding traffic from one
distribution layer to other distribution layer switch as efficiently as possible
• Ex: 6500 Switch
Ethernet
Ethernet
Fast Ethernet

• Provides client access to the network

Fast Ethernet

• Built on Ethernet principles

• Bandwidth - 100 Mbps
• Uses same frame types, lengths, and formats
• Still CSMA/CD
• Same MAC layer, new physical layer
Gigabit Ethernet

• Enhances client/server performance across the enterprise

• Connects distribution-layer switches in each building with a central campus core
10 Gigabit Ethernet

40 Km
Metro Ethernet

• Leverages service provider network or existing, unused optical fiber (dark fiber) for
metro Ethernet connectivity
• Supports any IP application
 Getting Started with
Cisco Catalyst Switches
Cat OS and Cisco IOS (Native Mode)

•Cat OS
• Layer 2 switching functions

•Hybrid Mode
• Cat OS for Layer 2 switching
• IOS for Layer 3

•Cisco IOS (Native Mode)

• Works for both Layer 2/Layer 3 switching
• Runs on a device that can have a port that acts like a router port (Layer 3) or like a
switched port (Layer 2)
• Available on all new Catalyst switches
CAM VS TCAM

CAM Table
CAM Table is used to store layer 2 information like
• Source MAC address
• Interface where we learned the source MAC address
• Vlan information

TCAM Table
TCAM table is used to store higher information like
• Access-list
• QOS
• Routing Table
CDP Cisco Discovery Protocol

• CDP is a Layer 2 protocol used to find information about neighbor devices

• CDP Advertisements are sent as multicast frames.

• By default CDP is enabled on all Cisco devices.

• If an attacker is listening to CDP messages, it could learn important information about the
device model and the current software version

Note: Cisco recommends disabling CDP when not in use.

CDP
LLDP

• LLDP is similar to CDP but works on multi vendor networks.

• LLDP is an IEEE 802.1AB standard

• By default LLDP is disabled on Cisco devices.

• To enable LLDP on a Cisco device

Switch(conf)#lldp run
Virtual LANs - VLANs
Virtual LANs

• VLANs are used to divide one large broadcast domain into multiple smaller broadcast
domains.

• A large network can be divided into VLANs based on Project,Department or function etc.

• VLANs provide Broadcast Segmentation

• Each VLAN is a single Broadcast domain

Vlan Membership Mode

Static Dynamic

Switch Switch

Switch
5500

A A
Static VLANS

• Static Vlans are also called as port-based vlans.

• Any device connecting to the port will become a member of that Vlan.

• This is the most common method of assigning ports to VLANs

• There is a default VLAN, on Cisco switches :VLAN 1

Dynamic Vlan

• Dynamic Vlans are also called MAC based vlans.

• Vlans are automatically created by switch and assigned as per the mac address of the
connected device.

• Dynamic vlans are flexible compared to static vlans.

• VMPS is required to configure Dynamic Vlans.

Voice Vlan

• Voice Vlan allows access ports to carry voice traffic from an IP phone

• By default voice vlan feature is disabled.

• To enable, Give the following command

Switch(conf-if)# switchport voice vlan 10

 End to End Vlan

Accounts Sales Marketing Accounts Sales Marketing

10 20 30 10 20 30
192.168.10.0 192.168.20.0 192.168.30.0 192.168.10.0 192.168.20.0 192.168.30.0
 Local Vlan

Accounts Sales Marketing Accounts Sales Marketing

10 20 30 40 50 60
192.168.10.0 192.168.20.0 192.168.30.0 192.168.40.0 192.168.50.0 192.168.60.0
VLAN Ranges and Mappings

VLAN Range Range Usage

1 Normal Cisco default

2-1001 Normal For Ethernet VLANs

Cisco defaults for FDDI and Token

1002-1005 Normal
Ring

1006-4094 Extended For Ethernet VLANs

Creating a VLAN

Switch(config)#Vlan <no>

Switch(config-vlan)#name <name>
Assigning Access Ports to a VLAN

Switch(config)#interface gigabitethernet 1/1

• Enters interface configuration mode

Switch(config-if)#switchport mode access

• Configures the interface as an access port

Switch(config-if)#switchport access vlan 3

• Assigns the access port to a VLAN
Verifying VLANs – show vlan

vlan 1
default vlan 2 vlan 3
Deleting VLANs

Switch(config-if)#no switchport access vlan vlan_number

• This command will reset the interface to VLAN 1.
• VLAN 1 cannot be removed from the switch.
Implementing VLAN Trunks
Trunking Encapsulation

• VLANs are local to each switch's database, and VLAN information is not passed
between switches. Trunks carry traffic from all VLANs to and from the switch by default
but can be configured to carry only specified VLAN traffic.

• Two types of trunking encapsulation protocols

• ISL( Inter Switch Link)

• 802.1Q( Dot 1Q)

VLAN Trunk Encapsulation
ISL Encapsulation

VLAN 10
VLAN 20

VLAN 10 VLAN 10

ISL

VLAN 20 VLAN 20
ISL and Layer 2 Encapsulation
Dot1q Trunk

VLAN 10 VLAN 10

VLAN 20 Dot1q VLAN 20

802.1Q
Configuring Trunk link

Switch(config)#interface fastethernet 2/1

• Enters interface configuration mode

Switch(config-if)#switchport trunk encapsulation isl/dot1q

• Selects the encapsulation

Switch(config-if)#switchport mode trunk

• Configures the interface as a Layer 2 trunk
Verifying Trunking

Switch#show running-config interface {fastethernet | gigabitethernet}

slot/port

Switch#show interfaces [fastethernet | gigabitethernet] slot/port

[ switchport | trunk ]

Switch#show interfaces fastethernet 2/1 trunk

Port Mode Encapsulation Status Native VLAN

Fa2/1 desirable isl trunking 1

Port VLANs allowed on trunk

Fa2/1 1-1005

Port VLANs allowed and active in management domain

Fa2/1 1-2,1002-1005

Port VLANs in spanning tree forwarding state and not pruned

Fa2/1 1-2,1002-1005
Dynamic Trunking Protocol

• Dynamic Trunking protocol is a dynamic way of establishing a trunk between two switches.

• DTP works in two modes

1) Dynamic Desirable

2) Dynamic Auto
To Disable DTP

Switch(conf)#interface fastethernet 0/1

Switch(conf-if)#switchport nonegotiate
Switchport Modes
VLAN Trunk Protocol
Purpose of VTP

• You can create VLANs on a switch.

• What if you have the same VLANs on 10 linked switches? Or 100 linked switches?
• Do you have to create the VLANs on every switch and allow them on each trunk?
• VTP helps.
• But you still have to assign access ports to VLANs on each switch.
VTP
VTP Protocol Features

• VTP is a Cisco proprietary protocol.

• VTP is used to exchange vlan information between switches.

• Sends VTP advertisements on trunk ports only

• VTP reduces administration in a switched network.

• Maintains VLAN configuration consistency throughout a common administrative

domain

Note: VTP will not assign vlan’s to the ports.

VTP Modes

VTP Server
• Create Vlans
• Delete Vlans
• Modify Vlans
• Sends and Forwards Advertisements
• Synchronizes

VTP Client
• Cannot create, delete and modify Vlans
• Forward Advertisements
• Synchronizes
VTP Modes

VTP Transparent
• Create, delete and modify Vlans local to the switch
• Forward Advertisements
• Does not synchronize
Working of VTP

Network admin

Creates Vlan 10
VTP server
Vlan Database
Vlan 10 Rev.No :0

VTP Client VTP Transparent

Rev.No :0 Rev.No :0
Working of VTP

Network admin

Creates Vlan 10
VTP server
Vlan Database
Vlan 10 Rev.No :1

VTP Client VTP Transparent

Rev.No :0 Rev.No :0
Working of VTP

Network admin

Creates Vlan 10
VTP server
Vlan Database
Vlan 10 Rev.No :1

Vlan Database
Vlan 10 Vlan Database

VTP Client VTP Transparent

Rev.No :1 Rev.No :0
Configuring a VTP Server

Switch(config)#vtp mode server

• Configures VTP server mode

Switch(config)#vtp domain domain-name

• Specifies a domain name

Switch(config)#vtp password password

• Sets a VTP password

Switch(config)#vtp pruning
• Enables VTP pruning in the domain
Verifying the VTP Configuration

Switch#show vtp status

Switch#show vtp status

VTP Version : 2
Configuration Revision : 247
Maximum VLANs supported locally : 1005
Number of existing VLANs : 33
VTP Operating Mode : Client
VTP Domain Name : Lab_Network
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80
Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49
Switch#
Spanning Tree Protocol
Bridging Loops
Spanning Tree Protocol

• STP is open standard protocol(IEEE 802.1D)

• It blocks all the redundant paths and provides a loop free L2 path
• STP uses Spanning Tree Algorithm( STA) to provide loop free topology
• Enabled by default on all Cisco switches
STP Election

• Election of Root Bridge

• Lowest Bridge ID ( MAC address + Priority)

• Election of Root Port on Non Root Switch

• Lowest Path cost ( total cost to reach root switch)
• Lowest sender bridge id
• Lowest Port ID (Port Number)

• Election of Designated Port on Non Root Switch

• Lowest Path cost
• Lowest sender bridge id
• Lowest Port ID
STP Cost

Speed Cost

10 Mbps 100

100 Mbps 19

1000 Mbps 4

10000 Mbps 2
Bridge ID
STP Election

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 FA0/24
Switch A Switch C
FA0/24 FA0/23

FA0/24 FA0/22

Switch B FA0/23 FA0/23 Switch D

Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002
STP Election

I'm the Root I'm the Root

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 FA0/24
Switch A Switch C
FA0/24 FA0/23

I'm the Root I'm the Root

FA0/24 FA0/22

FA0/23 FA0/23
Switch B Switch D
Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002
STP Election

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.ABCD.ABCD

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 FA0/24
Switch A Switch C
FA0/24 FA0/23

FA0/24 FA0/22

FA0/23 FA0/23
Switch B Switch D
Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002
Root ID:32768.0A07.D75F.0CAB Root ID:32768.0107.0001.0002
STP Election

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 FA0/24
Switch A Switch C
FA0/24 FA0/23

FA0/24 FA0/22

FA0/23 FA0/23
Switch B Switch D
Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

STP Election

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 100 Mbps FA0/24

Switch A Switch C
FA0/24 FA0/23

100 Mbps 100 Mbps

FA0/24 FA0/22

FA0/23 100 Mbps FA0/23

Switch B Switch D
Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

STP Election

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

Bridge ID:32768.000C.4ABC.7FD7 Bridge ID:32768.000C.ABCD.ABCD

FA0/22 100 Mbps FA0/24

Switch A Switch C
FA0/24 FA0/20 FA0/23

100 Mbps 100 Mbps 100 Mbps

FA0/24 FA0/20 FA0/22

FA0/23 100 Mbps FA0/23

Switch B Switch D
Bridge ID:32768.0A07.D75F.0CAB Bridge ID:32768.0107.0001.0002

Root ID:32768.000C.4ABC.7FD7 Root ID:32768.000C.4ABC.7FD7

STP Election

Bridge ID:32768.000C.2BCD.ABCD

Switch C
FA0/24 FA0/23

FA0/21
FA0/22
FA0/24

Switch D FA0/24 Switch E

Bridge ID:32768.000C.4ABC.ABCD Bridge ID:32768.0000.000C.ABCD
BPDU

• STP uses BPDU’s(Bridge Protocol Data Unit) to find

redundant links that will cause loop in switched networks.

• Switches send BPDU frame on multicast address

01:80:C2:00:00:00
BPDU
BPDU exchange
STP Port States

• Disabled State:
• Layer 2 port does not participate in spanning tree and does not forward frames.

• Blocked State:
• Only receives BPDU’s
• Stays for20 sec

• Listening State:
• Receives and Sends BPDU’s
• Stays for 15 sec
STP Port States

• Learning State:
• Receives and Sends BPDU
• Learns Mac address
• Stays for 15 sec

• Forwarding State:
• Receives and Sends BPDU
• Learns Mac address
• Forwards data
STP Timers

•Hello Timer
• Determines how often root bridge sends configuration BPDUs. The default is 2
seconds.
•Max Age
• how long to keep ports in the blocking state before listening. The default is 20
seconds.
•Forward Delay
• how long to stay in the listening state before going to the learning state, and
how long to stay in the learning state before forwarding. The default is 15
seconds.
Planning Root Bridge

1900 2900
10 0 100 Mbps
100 Mbps Mb
ps

A
B 3550 1Gbps 3550

1Gbps 1Gbps

D
C 6500 1Gbps 6500
Cisco enhancements to STP
Enhancements to STP

• Portfast
• used for Access ports
• port state switched from Disable to Forwarding
• No delay, saves 50 seconds
• Uplinkfast
• configured on a switch with at least one Blocked port
• the Blocked port switches to Forwarding state without any delay, saves 30
seconds
• Backbonefast
• configured on all switches
• if indirectly connected link fails, the switch with Blocked port switches to
Forwarding state in 30 seconds, saves 20 seconds
STP Portfast

A
FA0/20
Switch C
FA0/24 FA0/23

FA0/21 B
FA0/22
FA0/24

Switch D FA0/24 Switch E FA0/7

20 blocking
After Portfast 
is configured:
15state
The port listening
switches from
15 learning
Disable  Forwarding
Forwarding state
STP Uplinkfast

Switch C
FA0/24 FA0/23

FA0/22 FA0/21
FA0/24

Switch D FA0/24 Switch E

After
Whenuplinkfast
root port is
configured:
goes down
When
15 listening
root port is down
15 learning
Block
Forwarding state
Forwarding
STP Backbonefast

Switch C
FA0/24 FA0/23

FA0/21
FA0/22
FA0/24

Switch D FA0/24 Switch E

After
Onbackbone
link failure
Fast
C–D
15 listening
20 blocking 
15 learning
15 listening  
Forwarding
15 learning
state 
Forwarding state
Per-VLAN Spanning Tree - PVST
PVST

• Cisco proprietary
• Single STP instance for each VLAN
• Separate BPDU, Roots and Blocked Port
• PVST work only on trunk link
• PVST works only ISL, PVST+ works on ISL/Dot1Q
PVST

SwitchC
Switch C
FA0/24 FA0/23

FA0/21
FA0/22
FA0/24
Switch D FA0/24 Switch E
Per VLAN Spanning Tree (Cont.)
 Advanced Spanning Tree
Rapid Spanning Tree Protocol
Rapid Spanning Protocol

• Open Standard (IEEE 802.1w)

• RSTP is enhanced version of STP
• RSTP Election Process is similar to STP
• RSTP is backward compatible with STP 802.1D
• RSTP provides faster convergence
• BPDU is send every 2 sec and hold 6 sec
• Uplinkfast and Backbonefast are enabled by default
RSTP Port States

STP RSTP
Disable
Blocked Discarding
Listening
Learning Learning
Forwarding Forwarding
RSTP Port States

Port States

• Discarding
Prevents the forwarding of data frames.

• Learning
Accepts data frames to populate the MAC table.

• Forwarding
Forwards data frames and determines the topology.
RSTP Port Type

• Link Type in RSTP are

• Edge port:
• Port configured with Portfast command
• Non Edge Port:
• Port without a Portfast command
• Non Edge port are of two type:
• Point to Point : Full Duplex links
• Shared : Half Duplex Link
Multiple Spanning Tree
(MST)
MST

• Open Standard (IEEE 802.1s)

• One STP for a group of VLAN

• Also Know as Multiple instance of Spanning tree

• Backwards compatible with STP and RSTP

MST

Switch C
FA0/24 FA0/23

FA0/21
FA0/22
FA0/24
Switch D FA0/24 Switch E
Multiple Spanning Tree
MST Regions

• MST configuration on each switch:

• Name
• Revision number
• VLAN in Each Instance
MST Backward Compatibility
Enabling Multiple Spanning Tree

Switch(config)#spanning-tree mode mst

• Enables Multiple Spanning Tree
Configuring Multiple Spanning Tree

Switch(config)#spanning-tree mst configuration

• Enters MST configuration submode

Switch(config-mst)#name name
• Sets the MST region name

Switch(config-mst)#revision rev_num
• Sets the MST configuration revision number

Switch(config-mst)#instance inst vlan range

• Maps the VLANs to an MST instance
Routing Between VLANs
Inter Vlan Routing

• By default Layer 2 switch cannot forward the traffic between two different vlans.

• A layer 3 device is required to forward the traffic between two different vlans.

• A layer 3 device can be

• Router
• Multi Layer Switch
Inter Vlan Routing Methods

• Legacy Inter Vlan Routing

• Router On a Stick

• Multilayer Switch
Legacy Inter Vlan Routing

• It is also called as traditional inter vlan routing.

• Uses Router to perform Inter Vlan Routing.

• Each vlan is connected to different physical interface of the router.

• Packets would arrive on the router through one interface, leave through another interface.

• Large networks with large number of VLANs require many router interfaces.
Legacy Inter Vlan Routing
Router On a Stick

• The router-on-a-stick approach uses a different path to route between VLANs.

• The Physical interface of the router is divided into one or more sub interfaces.

• Vlans are assigned to sub interfaces instead of physical interfaces.

• Each sub interface is configured with an IP address for the VLAN it represents.

• Only one of the router’s physical interface is used.

Router On a Stick

Trunk link
carrying all
VLANs
Multi Layer Switching

• Multi Layer Switch can perform layer 2 as well as layer 3 functions.

• Vlans are assigned to Switch Virtual Interface(SVI).

• Each SVI is configured with an IP address for the VLAN it represents.

Multi Layer Switching
Multilayer Switch

10.1.10.0/24 A
SC R
A

/30 L3
L3 1.0 10
. 1.
1
. 1. 11
.8/
10 30

L3
RB SE
10.1.11.4/30 RC

10.2.10.0/24
10.3.10.0/24
Switch Port

• The Switch port can work like Ethernet port on Router.

• By default the port works like Layer-2 port, we can enable it to work like Layer-3
port.
• To configure it
• SW(config-if)#no switchport
• Assign IP and Subnet Mask
• Router Port can be used in Routing protocols.
Supervisor Engine
Implementing Multilayer Switching
in the Network
Layer 3 Switching components

Packet Switching: Router Processing:

CEF Path Determination
ASIC(application-specific integrated circuit) Load Balancing
Layer 2 = layer 3 = layer 4 Multi Routing
Protocol Support
Packet Switching Methods

• Process Switching
• Fast Switching
• CEF – Cisco Express Forwarding
Process Switching

• Process Switching is the oldest method of performing packet switching

• Process switching requires the CPU to be personally involved with every forwarding
decision.
• The switching decision is made on a per packet basis
• Process switching is the slowest method of packet switching

To enable Process Switching

Router(conf-if)#no ip route-cache
Process Switching
Fast Switching

• Fast switching improves on process switching by making use of a cache

• The first packet to a destination is still process switched, Future packets to this destination
will be switched using information from the fast cache, thus improving on the speed of
this switching method.
To enable Fast Switching
Router(conf-if)#ip route-cache
Fast Switching
CEF – Cisco Express Forwarding

• CEF uses two components to perform packet switching

• Forward Information Base

• Adjacency Table
• Forward Information Base is similar to Routing Table, Adjacency Table is similar to ARP
Table
• To enable CEF

Router(conf-if)#ip route-cache cef

CEF
Displaying CEF Entries in the FIB

Switch#show ip cef [type/slot/port number] [detail]

Redundancy in a Multilayer
Switched Network
Single Points of Failure

• Redundancy within a device

• Catalyst Supervisors
• Power supplies
• Fans
• Hot-swappable Module
Redundant Switched Network with No Single Point of Failure
Supervisor redundancy
Redundancy in Default Gateway
 Problem using default Gateway

IP 192.168.1.100
B

A
D

IP 192.168.1.11 IP 192.168.2.1

C E
IP 192.168.1.200
IP 192.168.2.200
HSRP Hot Standby Routing Protocol
HSRP Hot Standby Routing Protocol

• Cisco proprietary
• Provides Router redundancy
• Routers are grouped together, to work as one virtual router
• Group is identified by Group ID
• Range 0 – 255 (default is 0)
• A router can be member of multiple groups
• Two roles of Router
• Active Router
• Standby Router
 HSRP
HSRP Group
47

IP 192.168.1.100
BB

IP 192.168.1.250
V

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

C E
IP 192.168.1.200
IP 192.168.2.200
 HSRP Group
HSRP Group
47

IP 192.168.1.100 Active Router

B

IP 192.168.1.250
V

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
 HSRP Active router Role
HSRP Group
47
IP 192.168.1.100
Active Router
B

V
IP 192.168.1.250
A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
 HSRP Backup Role
HSRP Group
47
IP 192.168.1.100
Active Router
BB

V
IP 192.168.1.250
A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250 V
IP 192.168.1.250
Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
HSRP ARP
HSRP Group
47
IP 192.168.1.100
Active Router
BB

1.11 A V
1.250 FF
MAC 0000.0c07.ac2f
IP 192.168.1.250
A
ARP
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250
IP MAC
1.250 0000.0c07.ac2f
Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
HSRP Elections

• HSRP is an Application Layer Protocol

• Uses UDP port 1985, multicast address 224.0.0.2 for hello message
• Hello will be sent every
• Hello = 3 sec and hold = 10
• HSRP Election priority
• Router with highest Priority
• Router with highest Physical IP
 HSRP Hello
HSRP Group
47
IP 192.168.1.100
Active Router
B

V
IP 192.168.1.250
A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
HSRP Configuration

To create and assign ip address in HSRP group

Router(config-if)#standby <Group No> ip <ip add>

Default priority is 100

Router with highest priority will win the elections
To change the Router priority

Router(config-if)#standby <group no> priority <pri>

HSRP States

• Initial

• Listen

• Speak

• Standby

• Active
 HSRP before Preempt
HSRP Group
47
IP 192.168.1.100
Active Router
B
Priority 100

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Priority 150
Standby Router
C E
IP 192.168.1.200
IP 192.168.2.200
 HSRP after Preempt
HSRP Group
47
IP 192.168.1.100
Standby Router
B
Priority 100

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250 My Priority is High I
will become Active
Priority 150 Router
Active Router
C E
IP 192.168.1.200
IP 192.168.2.200
c(config-if)#standby <Group No> preempt
 HSRP Interface Tracking

IP 192.168.1.100
Active Router
B
Priority 150 S0

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Priority 120
S1
CC Standby Router
E
IP 192.168.1.200
IP 192.168.2.200
 HSRP Interface Tracking

IP 192.168.1.100
Active Router
B
Priority 150 S0

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Priority 120
S1
CC Standby Router
E
IP 192.168.1.200
IP 192.168.2.200
 HSRP Interface Tracking
b(config-if)#standby <Group No> track s 0 31

IP 192.168.1.100
Active Router
B
Priority 150 S0

A
D

IP 192.168.1.11 IP 192.168.2.1
GW 192.168.1.250

Priority 120
S1
C Standby Router
E
IP 192.168.1.200
IP 192.168.2.200
HSRP track Command

Router(config-if)#standby <G No> track <int type> <no> <Priority>

To decrement amount of priority from HSRP

When ever interface go down
Note Preempt command is pre required on both router for this command to work
VRRP Elections

• VRRP is a Network Layer Protocol

• Uses 224.0.0.18 for hello
• Hello will be send only by master
• Hello = 1 sec and hold = 3 X hello + skew timer
• Skew = (256 – priority) / 256
• VRRP Election priority
• Router with physical IP = Virtual IP
• Router with highest Priority
• Router with highest Physical IP
Virtual Router Redundancy Protocol
VRRP

• Open Standard protocol

• Provides Router redundancy
• Routers group together to work as one virtual router
• Group is identified by Group ID
• Range 0 – 255 (default is 0)
• Group has two types of router
• Master router
• Backup Router
VRRP

• Master Router
• Only one master per group
• Actively forwards traffic coming for virtual IP

• Backup Router
• Multiple Backup routers per Group
VRRP
VRRP Configuration

Router(config-if)#vrrp <G No> ip <IP Add>

To create VRRP Group and assign IP Address

Router(config-if)#vrrp <G No> priority <Priority>

To Configure VRRP Priority for Election
 Load-Balancing With HSRP/VRRP
Int E 0
IP address 192.168.1.100 255.255.255.0
IP 192.168.1.10
Standby 10 ip 192.168.1.1
X Standby 10 priority 150
E0 B
Standby 20 ip 192.168.1.254

D
IP 192.168.2.1

Int E 0/0
Y E0/0 IP address 192.168.1.200 255.255.255.0 E
C
Standby 10 ip 192.168.1.1
IP 192.168.1.2 Standby 20 ip 192.168.1.254 IP 192.168.2.200
Standby 20 priority 150
 Load-Balancing With HSRP/VRRP in Multilayer Switch

Int VLAN 10 Int VLAN 10

IP address 10.10.0.100 255.255.255.0 IP address 10.10.0.200 255.255.255.0
Standby 10 ip 10.10.0.1 Standby 10 ip 10.10.0.1
Standby 10 priority 150 Int VLAN 20
Int VLAN 20 IP address 10.20.0.200 255.255.255.0
IP address 10.20.0.100 255.255.255.0 Standby 20 ip 10.20.0. 1
Standby 20 ip 10.20.0. 1 Standby 20 priority 150
Gateway Load Balancing protocol
GLBP

• Cisco proprietary protocol

• Provides Router redundancy with load balancing
• Routers group together to work as one virtual router
• Group is identified by Group ID
• Range 0 – 1024 (default is 0)
• Group have two type of router
• AVG
• AVF
GLBP

• AVG
• Active Virtual Gateway
• Reply for ARP coming for Virtual IP
• Divides load among AVF
• One Per group
• AVF
• Active Virtual Forwarder
• Forwards user traffic coming for Virtual MAC
• There can be up to four forwarder per group
GLBP Elections

• GLBP have two elections per Group

• Active Virtual Gateway
• Router with Highest Priority (default 100)
• Router with Highest Physical IP
• Only one AVG Per group
• Election are non-preemptive
• Active Virtual Forwarder
• Router with Highest weight (default 100)
• Router with Highest Physical IP
• Up to four AVF Per group
• Election are preemptive
 GLBP

IP 192.168.1.1 IP 192.168.1.100
GW 192.168.1.150
X B
AVG/AVF
V-IP 192.168.1.150

D
IP 192.168.2.1

AVF

Y
C E
IP 192.168.1.200
IP 192.168.1.2 IP 192.168.2.200
GW 192.168.1.150
 GLBP

IP 192.168.1.1 IP 192.168.1.100
GW 192.168.1.150
X
ARP B
AVG/AVF
V-IP 192.168.1.150
IP MAC V-MAC 0000.0c00.0001
1.150-0000.0c00.0001

D
IP 192.168.2.1

IP MAC AVF
1.150 - 0000.0c00.0002 V-MAC 0000.0c00.0002
Y
C E
ARP
IP 192.168.1.200
IP 192.168.1.2 IP 192.168.2.200
GW 192.168.1.150
 GLBP

IP 192.168.1.1 IP 192.168.1.100
GW 192.168.1.150
X B
AVG/AVF
V-IP 192.168.1.150
IP MAC V-MAC 0000.0c00.0001
1.150 – 0000.0c00.0001

D
IP 192.168.2.1

IP MAC AVF
1.150 - 0000.0c00.0002 V-MAC 0000.0c00.0002
Y
C E
IP 192.168.1.200
IP 192.168.1.2 IP 192.168.2.200
GW 192.168.1.150
 GLBP

IP 192.168.1.1 IP 192.168.1.100
GW 192.168.1.150
X BB
AVG/AVF
V-IP 192.168.1.150
IP MAC V-MAC 0000.0c00.0001
1.150 – 0000.0c00.0001

D
IP 192.168.2.1

IP MAC AVF
1.150 - 0000.0c00.0002 V-MAC 0000.0c00.0002
Y V-MAC 0000.0c00.0001
C E
IP 192.168.1.200
IP 192.168.1.2 IP 192.168.2.200
GW 192.168.1.150
VSS

• The Virtual Switching System (VSS) allows two Cisco Catalyst 6500 or 4500 to combine
together as one mega switch
• Other devices will see the VSS configured 6500 as a single device
• Two switches will be combined by using a special link called a Virtual Switch Link( VSL) .
Without VSS
With VSS
Switch Security
Recommended Switch Security

• Configure Secure Passwords

• Configure basic ACLs
• Secure physical access to the console
• Secure access to VTYs
• Configure system warning banners
• Disable unneeded services
• SSH
AAA

• Authentication
– Verifies a user’s identify
• Authorization
– Specifies the permitted tasks for the user
• Accounting
– Provides billing, auditing and monitoring
AAA in a Nutshell

• Authentication provides the method of identifying users.

The most common method of authentication is username/password.

• Authorization provides a method of controlling access to what a user can do.

Authorization is usually tied to a policy, profile or group.

• Accounting provides a method for collecting and sending security server information used for
billing, auditing, and reporting.
Accounting collects data as to what a user did once logged in.
AAA
AAA

• AAA can be implemented with the help of two protocols

• Radius

• Tacacs+
To enable AAA

• Switch(conf)#aaa new-model
• Switch(conf)#aaa authentication login default group radius
• Switch(conf)#radius-server host 192.168.0.1 key ccna123
• Switch(conf)#line vty 0 4
• Switch(conf-line)#login authentication default
Switch Attack Categories

• MAC Flooding Attack

MAC Flooding attack is a type of attack where switch port will receive large number of
Frames with Fake MAC addresses.
•VLAN Hopping Attack
VLAN hopping (virtual local area network hopping) is a method of attacking a network by
sending packets to a port that is not normally accessible from a given end system.
• Spoofing Attacks
Switch spoofing can occur when the switch port an attacker connects to is either in trunking
mode or in DTP auto-negotiation mode
MAC Flooding Attacks

Z F

Y F
C
X F

Fa0/2 Port MAC

A Fa0/1 Fa0/1 X

Switch Fa0/1 Y
Fa0/3
Fa0/1 Z
Hacker

B
Network Access Port Security

On 0/2 only MAC A is

allowed

Switch
0/2
Vlan 10

A B
Network Access Port Security

Switch
0/2
Vlan 10

Switch(c)#interface fa 0/2
Switch(c-if)#switchport port-security
Switch(c-if)#switchport port-security max 1
Switch(c-if)#switchport port-security mac-address
0000.0000.000a
A
Switch(c-if)# switchport port-security violation
<shutdown | protect | restrict>
Verification of port security

Switch#show port-security

Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
----------------------------------------------------------------------------

Fa5/1 11 11 0 Shutdown
Fa5/5 15 5 0 Restrict
Fa5/11 5 4 0 Protect
----------------------------------------------------------------------------

Total Addresses in System: 21

Max Addresses limit in System: 128
Type of ACLS
VLAN Access List

• Used to filter traffic within one Vlan

• It is configured using access-map
• It is implemented per VLAN
• It can filter the traffic base on MAC
• Extended MAC list is Required
Vlan Access-list

Creating Extended MAC ACCESS list

s(c)#mac access-list extended Keygroup
s(c-ext-macl)#permit 0000.0000.000a 0000.0000.0000 0000.0000.000b 0000.0000.0000

Creating Access-map
s(c)#vlan access-map V10 10
s(c-access-map)#match mac address cisco
s(c-access-map)#action drop|forward

Implementing
s(c)#vlan filter v10 vlan-list 10
Switchport Protected

Protected port is a feature on Cisco switches that is used to prevent interfaces are
communicating with each other.

A B
Fa0/1 Fa0/2

Protected Protected
Switch
Fa0/3

Un protected

C
Private Vlan
Private Vlan

• Private vlan = vlan inside of vlan

• Private-vlans mainly used by service provider networks.

• Private vlan is the combination of primary and secondary vlan.

• Primary vlan’s are same as normal vlans

Private Vlan

Secondary vlans will work in two modes

• Community : Ports belong to this vlan will communicate with each other

• Isolated : Ports belong to this vlan will not communicate with each other

Port assigned to Private vlan will work in two modes

• Host : belongs to one private vlan
• Promiscuous : belongs to multiple private vlan
Storm Control

• Storm control is the method to control the traffic on particular interface.

• There are 3 kinds of traffic you can manage on the interface
• Unicast
• Multicast
• Broadcast
Aggregating Switch link
Switch Path

Root

FA
0/1
1
Root
Ro
o t
Po FA
0/1
1 2
FA
0/1
1

X
FA
0/1
2
A
A
Ether Channel

• Logical aggregation of similar links

• Viewed as one logical port
• Switch-level load balancing
• Redundancy
• Can be used between switch to switch, Router, firewall and server

Note:
Only similar physical link with same configuration can be aggregated.
Max 8 similar links can be bundled (depend on Hardware)
Ether Channel

Ro
Root o t
Po
1

• Ether channel configuration can be done in two ways

• Static (always On mode)
• Dynamic (using PAgP, LACP)
Configuring EtherChannel

• EtherChannel must be supported.

• Speed and duplex must match.
• VLAN match – All interfaces are in the same VLAN.
• Range of VLAN – Same range on all interfaces.
Port and Link Aggregation

• Port Aggregation Protocol (PAgP)

• Cisco-proprietary protocol
• PAgP Have two Mode Desirable / Auto

• Link Aggregation Control Protocol (LACP)

• Defined in IEEE 802.3ad
• LACP have two mode Active / Passive
Configuring PAgP

Switch(config)#interface type <mod/num>

Switch(config-if)#channel-protocol <pagp/lacp>

Switch(config-if)#channel-group <no> mode {on | auto |

desirable | Active | passive }

• Configures the interface in a port-channel and specifies the PAgP mode

Verifying EtherChannel

Switch#show running-config interface port-channel num

• Displays port-channel information

Switch#show running-config interface interface x/y

• Displays interface information
Switch#show run interface port-channel 1
Switch#show run interface gig 0/9
Building configuration...
Current configuration:
Building configuration...
!
interface Port-channel1
Current configuration:
no ip address
!
no ip directed-broadcast
interface GigabitEthernet 0/9
end
no ip address
channel-group 1 mode desirable
end
Verifying EtherChannel (Cont.)

Switch#show etherchannel num port-channel

• Displays port-channel information after configuration
Switch#show etherchannel 1 port-channel

Port-channels in the group:

----------------------

Port-channel: Po1
------------
Age of the Port-channel = 01d:01h:31m:38s
Logical slot/port = 1/0 Number of ports = 2
GC = 0x00020001 HotStandBy port = null
Port state = Port-channel Ag-Inuse

Ports in the Port-channel:

Index Load Port EC state

------+------+------+------------
0 00 Gi0/9 desirable-sl
0 00 Gi0/10 desirable-sl

Time since last port bundled: 00d:20h:04m:38s Gi0/9

Time since last port Un-bundled: 00d:21h:17m:20s Gi0/10
Ether Channel Load balancing

• Data sent across an Ether Channel is not load-balanced equally among all interfaces.
• Ether Channel utilizes a load-balancing algorithm, which can be based on several forms
of criteria, including:
Ether Channel Load balancing

• Source IP Address (src-ip)

• Destination IP Address (dst-ip)

• Both Source and Destination IP (src-dst-ip)

• Source MAC address (src-mac)

• Destination MAC address (dst-mac)

• Both Source and Destination MAC (src-dst-mac)

• Source TCP/UDP port number (src-port)

• Destination TCP/UDP port number (dst-port)

• Both Source and Destination port number (src-dst-port)

Configuring EtherChannel Load Balancing

Switch(config)#port-channel load-balance type

• Configures EtherChannel load balancing
NETWORK SERVICES
SNMP
Simple Network Management Protocol

• SNMP is a protocol used for network management, i.e. to monitor and configure
devices on IP networks.
• SNMP works in Application Layer (Layer 7)
• SNMP uses UDP
• SNMP uses port No. 161
SNMP Components

• SNMP MANAGER
• SNMP AGENT
SNMP Functions

• Monitor Network Performance

• Audit Network Usage
• Detect Network Faults
• Detect Inappropriate access
• Configure remote devices
SNMP Manager

• SNMP Manager is a software that collects information from network devices.

• SNMP Manager is installed on a workstation or PC to manage the network. We call this
PC or Workstation as Network Management System.
• EX: PRTG, Cisco Prime , Solar Winds
SNMP Manager
SNMP Agent

• SNMP Agent is the software that is installed on network managed devices such as
Router (or) Switch (or) Server (or) PC.
• Agents collects information and then sends it to monitoring station whenever it is
asked.
• Agents are usually built into your network hardware and software. They simply need to
be enabled.
SNMP Agent
Polling

• In Polling method, SNMP Manager continuously asks a network device to report the
statistics of device.
• Example: Interface Status of Router.
• Request is sent from SNMP Manager to Agent.
TRAP

• Trap is where device reports an event to NMS, for example whenever High CPU utilization or High
Memory Utilization or Link Down is detected.
SNMP Modes

• Read – Only Mode:

• used to retrieve information from network devices.
• Read – Write Mode
• Used to retrieve the information from network devices as well as to configure the
devices.
SNMP Versions

• SNMP V1
• SNMP V2
• SNMP V3
SNMP Version 1

• It is the initial version of SNMP Protocol.

• Data is sent in the clear text format.
• It should be used in private networks only.
• They use the community string to authenticate the peers.
• Uses Get Request to retrieve the information about particular object.
SNMP Version 2

• SNMP Version 2 is the enhanced version of SNMP.

• Improved Error Handling and Error Reporting
• Get Bulk Request command is used to retrieve the information .
• It also uses community string to authenticate the peers.
SNMP Version 3

• Provides secure access using authentication and encryption.

• Consumes more CPU memory compared to other versions.
• It defines 3 Security levels.
Syslog
What is Syslog

• Syslog is a standard for message logging.

• Syslog is a network management protocol which allows network devices to report error
and notification messages either locally (or) to a remote syslog server.
• Syslog messages are sent in plain text using UDP port No. 514.
What is Syslog
Syslog Components

• Syslog Server
• A host that accepts and processes log messages from 1 or more syslog clients.
• Syslog Client
• A host that generates log messages and forwards them to a syslog server.
• Ex: Router, switch, firewall, modem
Syslog Message Format
Configure syslog

Requirement:

• Configure syslog server to store the messages in a server.

• R1(config)# logging on
• R1(config)#logging 192.168.0.50
• R1(config)#logging trap i4
• Verification:
• R1#show logging
Telnet vs SSH
Telnet vs SSH

Telnet SSH

Port No. 23 Port No. 22

Uses TCP Uses TCP

Not Secured Secured

Works in Application Layer Works in Application Layer

(Layer 7) (Layer 7)
Telnet vs SSH

Telnet SSH

 Telnet is a protocol which allows you to access any  SSH is a protocol which allows you to access any
device remotely. remote device securely
 It sends the data in Clear-Text format.  It sends the data in Encrypted format.
SSH configuration

• Requirement:

• Configure SSH on SW1.

SW1(config)#username cisco password ccna
• SW1(config)#hostname ssh
• SW1(config)#ip domain-name cisco.com
• SW1(config)#crypto key generate rsa
• SW1(config)# line vty 0 4
• SW1(config-line )# transport input ssh telnet
• SW1(config-line )#login local
• SW1(config-line )#password cisco
• SW1(config-line )#exit
• Verification:
• SW1#show ip ssh
NETWORK TIME PROTCOL
NTP

• Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) is the global
standard for time representation.
• Most of the network enabled devices have two clock sources

• Hardware clock
• Software clock
NTP

• NTP provides accurate timing services to each and every network enabled device.
• It provides automatic synchronization of device clock with one or more time
servers which provide accurate time.
• NTP uses UDP port number 123 .
Stratum

• NTP servers are described in terms of stratum

• (hierarchical levels).
• Stratum defines the accuracy of the clock. The most accurate clock is referred as
reference clock or stratum 0 clock.
• Each NTP server assigned a stratum one higher than the upstream device with which is
synchronized.
NTP Configuration

• NTP can be disabled on a particular interface

• Router(config-if)# ntp disable

• Configure NTP in Cisco Device-

• R(config)# ntp source <interface>

• R(config)# ntp authenticate
• R(config)# ntp authentication-key <number> md5 <key>
• R(config)# ntp trusted-key <key-number>
• R(config)# ntp server <ip-address> key <key-id>
IP SLA
IP SLA

• IP SLA is a technology from Cisco that actively monitors traffic to measure the
performance of the network.
• Performance of the network can be measured by using following parameters
- Jitter
- Latency
- Packet Loss
Configure SLA

• Configure SLA on Router

• R(config)# ip route 0.0.0.0 0.0.0.0 s0/0 Track1

• R(config)# ip route 0.0.0.0 0.0.0.0 s0/1 20
• R(config)# track 1 rtr 1
• R(config)# ip sla 1
• R(config)# icmp-echo 30.1.0.1 <Destination IP>
• R(config)# frequency 5
• R(config)# exit
• R(config)# ip sla schedule 1 start-time now life forever
• R(config)# end
• R# Show IP SLA Statistic
DHCP V4
DHCPV4

• DHCP is a dynamic way of assigning network configuration parameters to clients.

• DHCP uses port number 67 and 68.
• DHCP uses DORA process.
• DHCP uses broadcast packets.
Configuring a router as a DHCP server

• Requirement:

• Configure DHCP server as R1 router.

• Assign IP address on Lan interface of the R1 router.

• R1(conf)# interface fastethernet 0/0

• R1(conf-if)# ip address 192.168.5.1 255.255.255.0
• R1(conf-if)# no shutdown
• R1(config)#ip dhcp pool cisco
• R1(dhcp-config)#network 192.168.5.0 255.255.255.0
• R1(dhcp-config)#default-router 192.168.5.1
• R1(dhcp-config)#dns-server 192.168.5.1
• R1(dhcp-config)#end
• R1(config)# ip dhcp excluded-address 192.168.5.1
• R1(config)#ip dhcp pool cisco
• R1(dhcp-config)#lease 1
• Verification:
• R1#show ip dhcp binding
DHCP RELAY AGENT
DHCP Relay Agent

• DHCP Relay Agent forwards DHCP messages between DHCP clients and DHCP Servers
which reside on different IP network.
• By default router will not forward broadcasts, DHCP relay agent will convert broadcast
into unicast packets.
To Configure a router as a DHCP Relay Agent

Router(config-if)# ip helper-address <DHCP server IP address>

SPAN and RSPAN
SPAN and RSPAN

• Switched Port Analyzer (SPAN) is also called Port Monitoring; used for Network
Analysis.
• SPAN allows you to select one or more ports for analysis .
• SPAN is used to monitor devices on only one switch.
• Remote SPAN is used to monitor devices on more than one switch .
SPAN Configuration

• Switch(config)#monitor session 1 source interface fa0/2

• Switch(config)#monitor session 1 destination interface fa0/1
RSPAN Configuration

SW1(config)#vlan 100
SW1(config-vlan)#remote-span
SW2(config)#vlan 100
SW2(config-vlan)#remote-span
SW1(config)#monitor session 1 source interface fastEthernet 0/1
SW1(config)#monitor session 1 destination remote vlan 100
SW2(config)#monitor session 1 source remote vlan 100
SW2(config)#monitor session 1 destination interface fastEthernet 0/2
NETWORK MONITORING TOOL
PRTG
Agenda

•
What is Network Monitoring
•
Why Monitor Your Network..?
•
Where it use
•
How it works
•
Functions
•
About PRTG.
•
Some practical things

518
What is Network Monitoring?

• Network Monitoring means continuously monitor a networks

performance.
• Bandwidth utilization,
• Packet loss,
• Latency(Delay)
• availability and uptime
Why Need To Monitor Network.?

• Optimize network reliability

• Visualize network topology

• Stay in touch with your network

• Understand capacity utilization

• Troubleshoot device and traffic issues

• Save time in network administration

• Track trends

• Improve the bottom line

Function of network monitoring

• Administrators need to know what’s happening on their networks at all times

• Track Network performance
• Diagnose problems quickly.
• Keep Record of historical information
• Intelligent notifications (via SMS and mail)
• Save Time & Money….
About Network Monitoring Tool?

• There are so many network monitoring tools available on global platform.

• Some of them are free and some are paid.
• Free tools have some limitations, It can't give us deep performance
information about network.
Paessler Router Traffic Grapher

PRTG is network monitoring software from Paessler AG. PRTG runs on Windows and monitors
network availability and network usage using SNMP, Packet Sniffing, WMI, IP SLAs and Netflow
and various other protocols.
Installation…..
How It Works?

527
528
529
Why Network Monitoring ?
What Does Network Monitoring Do?

Measure Inform and Alert

Analyse
Optimize

530
Why Network Monitoring ?

Saves Time Saves Money Offers Security

531
• PRTG Network Monitor consists of different parts which can be divided into three main
categories:
• System parts
• Core Server
• Probe(s)

• Control interfaces

• Ajax Web Interface

• Enterprise Console
• Mobile Web GUI
• Smart Phone Apps
• Basic administration interfaces
• PRTG Server Administrator
• PRTG Probe Administrator
WIRE SHARK
Agenda

•
What is Wireshark
•
Where it use
•
How it works
•
Some practical things
• Network analysis is the process of capturing network traffic and inspecting it closely to
determine what is happening on the network.
What is Wireshark……?

• Wireshark is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.
• Previously the packet analyzing was very difficult and it required expensive hardware.

• Wireshark is one of the best open source packet analyzer available.

• A packet analyzer is also known as a sniffer, network analyzer or protocol analyzer.
Who and where is tool is use…?

• Network administrators use it to troubleshoot network problems

• Network security engineers use it to examine security problems

• Developers use it to debug protocol implementations

• People use it to learn network protocol internals

• Beside these examples Wireshark can be helpful in many other situations too.
Shark on Water
Shark on wire
How it works?

For Windows
- download
(http://www.wireshark.org/download.html)
- install
- use
Installation Process

STEP : 1
STEP 2:
STEP 3 :
STEP : 4
STEP : 5
STEP : 6
STEP : 7
STEP : 8
STEP : 9
STEP : 10
STEP :11
STEP : 12
Wireshark Graphical User Interface

When you run the Wireshark program, the Wireshark graphical user interface shown in
Figure 2 will de displayed. Initially, no data will be displayed in the various windows.

Figure 2: Wireshark Graphical User Interface

WIRESHARK COLOR CODED
TROUBLESHOOTING- FLOW
Troubleshooting Flow

Problem Problem Problem

Reporting Diagnosis Resolution
Popular Troubleshooting Methods

• Top-down method
• Bottom-up method
• Divide and Conquer method
• Following the Traffic path
• Comparing configurations
• Component swapping
Top-down method

Application

Presentation

Session

Transport

Network

Data Link

Physical
Bottom Up method

Application

Presentation

Session

Transport

Network

Data Link

Physical
Divide and Conquer

Application

Presentation

Session

Transport
Ping 10.0.0.1
Network

Data Link

Physical
Follow the Traffic path method
Component swapping
Network Maintenance

• What is Network Maintenance?

• Doing whatever is required to keep the network functioning and meeting the
business needs of an organization.
• It is a very important responsibility or duty of the Network Administrator
• It could also be a response to a reported problem
• Proactively performing regular scheduled maintenance tasks reduces problems
Basic Network maintenance toolkit

• CLI Tools
• GUI Tools
• Backup tools
• Logging Tools
• Network Time Protocol
• Network Documentation Tools
Examples of Network Maintenance

• Hardware and Software installation and configuration

• Monitoring and Tuning Network performance
• Network expansion planning
• Documentation of Network changes
• Compliance with legal regulations and corporate policies
• Securing the Network from Internal and External threats
Common Elements in Network Documentation

• Logical Topology Diagram

• Physical Topology Diagram
• Interconnections list
• Inventory of Network equipment
• IP Address Assignment
• Configuration Information
• Original Design Document
ROUTE TROUBLESHOOTING
EIGRP Troubleshooting
EIGRP Troubleshooting

• Interface is down
• Mismatched Autonomous Systems
• Incorrect Network Statement
• Mismatched K Values
• Passive Interface
• Different Subnet
• Authentication
• ACl
• Timers
OSPF Troubleshooting
OSPF Troubleshooting

• Interface is down
• Interface not running the OSPF process.
• Mismatched timers.
• Mismatched area numbers
• Mismatched area type
OSPF Troubleshooting

• Different subnets
• Passive interface
• Mismatched authentication
• ACL
• MTU mismatch
• Duplicate Router ID
• Mismatched network types
OSPF troubleshooting

• MTU mismatch :
• The maximum transmission unit of neighboring interfaces must match.
• Deliberately configure a different MTU on interfaces of two routers sharing a link
• Router(config)#int s1/0
• Router(config-if)#ip mtu 100
• Verify
• Router#Sh run interfaces s1/0
• After configuring verify by giving the neighbor command
• The state will be exstart
Redistribution
Redistribution

• Distribute list
• Route-maps
• Metric
• AS number
• Process-id
• Hop count
BGP Troubleshooting
BGP Troubleshooting

• Interface is down
• Layer 3 connectivity is broken
• Incorrect neighbor statement
• Incorrect network command
• BGP packets are sourced from wrong IP address
• Mismatched of Authentication
• Neighbor doesn’t have a route
BGP Troubleshooting

• Next hop router is not reachable

• BGP Split horizon
• BGP Synchronization
• Route Filtering
IPV6 Troubleshooting
SWITCH TROUBLESHOOTING
Troubleshooting Trunks
Troubleshooting Trunks

• Encapsulation Mismatch
• Incompatible Trunking modes
• Native Vlan Mismatch
• Allowed vlans
• VTP domain name mismatch
Troubleshooting VTP

S1

S2 S3
VTP Troubleshooting

• Domain name mismatch

• Version mismatch
• Mode mismatch
• Password mismatch
VTP domain name mismatch

• Sw_server(config) vtp domain netrich.com

• Sw_client(config) vtp domain netrich.com

Note : the domain name is only propagated in the beginning if it is null then it will join
the first domain but when it is already part of a domain then it won't update the
domain name. That has to be done manually also on the clients.
VTP Troubleshooting

• Domain name mismatch

• Version mismatch
• Mode mismatch
• Password mismatch
Troubleshooting VLANS

• Incorrect IP address
• Missing vlan
• Incorrect port Assignment
STP Troubleshooting
STP Troubleshooting

• No Trunking connectivity
• STP disabled
• Portfast
• BPDU Guard and BPDU filter
• Loop Guard
ETHERCHANNEL Troubleshooting
ETHERCHANNEL Troubleshooting

• Mismatched Port configurations

• Mismatched Etherchannel Configuration
• Mismatch of Protocol
Inter Vlan Routing Troubleshooting

R1
Fa0/0.1 Fa0/0.2
192.168.5.1 192.168.6.1

S1

VLAN 10 VLAN 20

PC A PC B
IP- 192.168.5.2 IP- 192.168.6.2
D.G- 192.168.5.1 D.G- 192.168.6.1
Inter Vlan Routing Troubleshooting
Routing Troubleshooting

S1 S1

VLAN 10 VLAN 20

PC A PC B
IP- 192.168.5.2 IP- 192.168.6.2
D.G- 192.168.5.1 D.G- 192.168.6.1
Switch Security
Switch Security Troubleshooting

• Port security configured but not enabled

• A static MAC address was not configured correctly
• The maximum number of MAC addresses has been reached ,preventing access
• Legitimate users are being blocked because of violation
• Running configuration not saved to startup configuration
Troubleshooting FHRP
FHRP Troubleshooting

• Group number
• Same virtual IP address
• Priority
• Preemption
• Interface tracking