�ࡱ�perly unencrypted at the destination. Presentation layer
implementations are not typically associated with a particular protocol stack.
Some well known standards follow: Data: ASCII, EBCDIC, Encryption Visual
Imaging: PICT, TIFF, GIF, JPEGVideo: MIDI, MPEG, QuickTime Session --- This
layer establishes, manages, and terminates communication sessions between
presentation layer entities. Communication sessions consist of service requests
and service responses that occur between applications located in different
network devices. These requests and responses are coordinated by protocols
implemented at the session layer. Some examples of session layer
implementations follow: Apple ZIP, DEC SCP, NFS, SQL, RPC, X Windows, ASP.
Transport --- This layer segments and reassembles data into a data stream. It
implements reliable internetwork data transport services that are transparent to
upper layers. Transport layer functions typically include the following: Flow
control -- Flow control manages data transmission between devices so that the
transmitting device does not send more data than the receiving device can
process. Multiplexing -- Multiplexing allows data from several applications to
be transmitted onto a single physical link. Virtual circuit management --
Virtual circuits are established, maintained, and terminated by the transport
layer. Error checking and recovery -- Error checking involves various
mechanisms for detecting transmission errors. Error recovery involves taking an
action (such as requesting that data be retransmitted) to resolve any errors
that occur. Some examples of transport layer implementations follow:
Transmission Control Protocol (TCP), Name Binding Protocol (NBP), OSI transport
protocols. Network --- This layer provides routing and related functions
that allow multiple data links to be combined into an internetwork, and
determines the best way to move to data from one place to another. (It manages
device addressing and tracks the location of devices on the network.) This is
accomplished by the logical addressing (as opposed to the physical addressing)
of devices. The network layer supports both connection-oriented and
connectionless service from higher-layer protocols. The router operates at this
layer. Data Link --- provides reliable transit of data across a physical
network link. Different data link layer specifications define different network
and protocol characteristics, including the following: Physical addressing --
Physical addressing (as opposed to network addressing) defines how devices are
addressed at the data link layer. Network topology -- Data link layer
specifications often define how devices are to be physically connected (such as
in a bus or a ring topology). Error notification -- Error notification involves
alerting upper layer protocols that a transmission error has occurred.
Sequencing of frames -- Sequencing of data frames involves the reordering of
frames that are transmitted out of sequence. Flow control -- Flow control
involves moderating the transmission of data so that the receiving device is not
overwhelmed with more traffic than it can handle at one time. The Institute of
Electrical and Electronics Engineers (IEEE) has subdivided the data link layer
into two sublayers: Logical Link Control (LLC) and Media Access Control (MAC).
The LLC sublayer (defined in the IEEE 802.2 specification) manages
communications between devices over a single link of a network. The MAC sublayer
manages protocol access to the physical network medium. Physical --- This
layer defines the electrical, mechanical, procedural, and functional
specifications for activating, maintaining, and deactivating the physical link
between communicating network systems. Physical layer specifications define such
characteristics as voltage levels, timing of voltage changes, physical data
rates, maximum transmission distances, and the physical connectors to be used.
2) Describe connection-oriented network service and connectionless network
service, and identify the key differences between them. In brief,
connection-oriented data handling involves using a specific path that is
established for the duration of a connection. Connectionless data handling
involves passing data through a permanently established connection.
Connection-oriented service involves three phases:Connection establishment --
During the connection establishment phase, a single path between the source and
destination systems is determined. Network resources are typically reserved at
this time to ensure a consistent grade of service (such as a guaranteed
throughput rate). Data transfer -- During the data transfer phase, data is
transmitted sequentially over the path that has been established. Data always
arrives at the destination system in the order in which it was sent. Connection
termination -- During the connection termination phase, an established
connection that is no longer needed is terminated.Further communication between
the source and destination systems requires that a new connection be
established. Connection-oriented service has two significant disadvantages as
compared to connectionless network service: Static path selection -- Because
all traffic must travel along the same static path, a failure anywhere along
that path causes the connection to fail. Static reservation of network
resources -- A guaranteed rate of throughput requires the commitment of
resources that cannot be shared by other network users. Unless full,
uninterrupted throughput is required for the communication, bandwidth is not
used efficiently. Connection-oriented services are useful for transmitting data
from applications that are intolerant of delays and packet re-sequencing. Voice
and video applications are typically based on connection-oriented services.
Connectionless network service does not predetermine the path from the source to
the destination system, nor are packet sequencing, data throughput, and other
network resources guaranteed. Each packet must be completely addressed because
different paths through the network might be selected for different packets,
based on a variety of influences. Each packet is transmitted independently by
the source system and is handled independently by intermediate network devices.
Connectionless service, however, offers two important advantages over
connection-oriented service: dynamic-path selection and dynamic-bandwidth
allocation. Dynamic-path selection enables traffic to be routed around
network failures because paths are selected on a packet-by-packet basis.
Dynamic-bandwidth allocation, bandwidth is used more efficiently because network
resources are not allocated a bandwidth that they will not use.
Connectionless services are useful for transmitting data from applications that
can tolerate some delay and resequencing. Data-based applications typically are
based on connectionless service. 3) Describe data link addresses and network
addresses, and identify the key differences between them. A data link layer
address uniquely identifies each physical network connection of a network
device. Data link addresses are sometimes referred to as physical or hardware
addresses. Data link addresses usually exist within a flat address space and
have a pre-established and typically fixed relationship to a specific device.
End systems typically have only one physical network connection, and thus have
only one data link address. Routers and other internetworking devices typically
have multiple physical network connections. They therefore have multiple data
link addresses. A network-layer address identifies an entity at the network
layer of the OSI layers. Network addresses usually exist within a hierarchical
address space and sometimes are called virtual or logical addresses. The
relationship between a network address and a device is logical and unfixed; it
typically is based either on physical network characteristics (the device is on
a particular network segment) or on groupings that have no physical basis (the
device is part of an AppleTalk zone). End systems require one network-layer
address for each network-layer protocol they support. (This assumes that the
device has only one physical network connection.) Routers and other
internetworking devices require one network-layer address per physical network
connection for each network-layer protocol supported.A router, for example,
with three interfaces each running AppleTalk, TCP/IP, and OSI must have three
network-layer addresses for each interface. The router therefore has nine
network-layer addresses. 4) Identify at least 3 reasons why the industry uses
a layered model. Reduces complexity --- Divide the interrelated aspects of
network operation into less complex elements. Standardizes interfaces ---
Define standard interfaces for "plug-and-play" compatibility and multivendor
integration. Facilitates module reengineering --- Enable engineers to
specialize design and development efforts on modular functions. Ensures
interoperable technology --- Promote symmetry in the different internetwork
modular functions so they interoperate. Accelerates evolution --- Prevent
changes in one area from impacting other areas, so each are can evolve more
quickly. Simplifies teaching and learning --- Divide the complexity of
internetworking into discrete, more easily learned operation subsets. 5)
Define and explain the 5 conversion steps of data encapsulation. User
information is converted to data Data --- As an user sends an email
message, the messages alphanumeric characters are converted to use the
internetwork. This is the data. Data is converted to Segments Segment ---
One change packages the message "data" for the internetwork transport subsystem.
By using segments, the transport function ensures that the message hosts at both
ends of the email system can reliably communicate. Segments are converted to
Packets Packet --- The next change prepares the data by putting the data
into a packet or datagram that contains a network header with source and
destination logical addresses. These addresses help network devices send the
packets across the network alone a chosen path. Packets are converted to Frames
Frame --- Each network devices must put the packet into a frame so it can
communicate over its interface to the network. The frame allows connection to
the net directly connected network device on the link. Each device in the chosen
network path requires framing to connect to the next device. Frames are
converted to Bits Bits --- The frame must be converted into a pattern of 1s
and 0s for transmission on the medium ( usually a wire ). Some clocking function
enables the devices to distinguish these bits as they traverse the medium. 6)
Define flow control and describe the three basic methods used in networking.
Flow control --- It's a function that prevents network congestion by ensuring
that transmitting devices do not overwhelm receiving devices with data. The
three commonly used methods for handling network congestion are buffering,
transmitting source-quench messages, and windowing. Buffering - Buffering is
used by network devices to temporarily store bursts of excess data in memory
until they can be processed. Occasional data bursts are easily handled by
buffering. However, excess data bursts can exhaust memory, forcing the device to
discard any additional datagrams that arrive. Source quench messages - Source
quench messages are used by receiving devices to help prevent their buffers from
overflowing. The receiving device sends source quench messages to request that
the source reduce its current rate of data transmission, as follows: 1. The
receiving device begins discarding received data due to overflowing buffers. 2.
The receiving device begins sending source quench messages to the transmitting
device, at the rate of one message for each packet dropped. 3. The source
device receives the source quench messages and lowers the data rate until it
stops receiving the messages. 4. The source device then gradually increases the
data rate as long as no further source quench requests are received. Windowing
- Windowing is a flow-control scheme in which the source device requires an
acknowledgement from the destination after a certain number of packets have been
transmitted. With a window size of three, the source requires an acknowledgment
after sending three packets, as follows: 1. The source device sends three
packets to the destination device. 2. After receiving the three packets, the
destination device sends an acknowledgment to the source. 3. The source
receives the acknowledgment and sends three more packets. 4. If the destination
does not receive one or more of the packets for some reason (such as overflowing
buffers), it does not receive enough packets to send an acknowledgment. The
source, not receiving an acknowledgment, retransmits the packets at a reduced
transmission rate. 7) List the key internetworking functions of the OSI
Network layer and how they are performed in a router. The network layer
provides routing and related functions that enable multiple data links to be
combined into an internetwork. It selects the best path through an internetwork,
establishes network addresses, and communicates paths. This is accomplished by
the logical addressing (as opposed to the physical addressing) of devices. The
network layer supports both connection-oriented and connectionless service from
higher-layer protocols. Network-layer protocols typically are routing protocols,
but other types of protocols are implemented at the network layer as well.
Routers use a routing protocol between routers, use a routed protocol to carry
user packets, set up and maintain routing tables, discover networks, adapt to
internetwork topology changes, use a two part address, and contains broadcasts.
WAN Protocols 8) Differentiate between the following WAN services: Frame Relay,
ISDN/LAPD, HDLC, & PPP. Frame Relay - Industry-standard, switched data link
layer protocol that handles multiple virtual circuits using HDLC encapsulation
between connected devices. Frame Relay is more efficient than X.25, the protocol
for which it is generally considered a replacement. ISDN - Integrated Services
Digital Network. Communication protocol, offered by telephone companies, that
permits telephone networks to carry data, voice, and other source traffic. HDLC
- High-Level Data Link Control. Bit-oriented synchronous data link layer
protocol developed by ISO. Derived from SDLC, HDLC specifies a data
encapsulation method on synchronous serial links using frame characters and
checksums. PPP - Point-to-Point Protocol. A successor to SLIP, PPP provides
router-to-router and host-to-network connections over synchronous and
asynchronous circuits. A point-to-point link provides a single,
preestablished WAN communications path from the customer premises through a
carrier network, such as a telephone company, to a remote network. ( HDLC, & PPP
) Circuit switching is a WAN switching method in which a dedicated physical
circuit is established, maintained, and terminated through a carrier network for
each communication session. ( ISDN/LAPD ) Packet switching is a WAN
switching method in which network devices share a single point-to-point link to
transport packets from a source to a destination across a carrier network. (
Frame Relay ) 9) Recognize key Frame Relay terms and features.Frame Relay is
a CCITT & ANSI standard for sending data over a public data network. It is a
next-generation protocol to X.25 and is a connection-oriented data-link
technology. It relies on upper-layer protocols for error correction and today's
more dependable fiber and digital networks. Frame Relay is a high-performance
WAN protocol that operates at the physical and data link layers of the OSI
reference model. Frame Relay is an example of a packet-switched technology.
Packet-switched networks enable end stations to dynamically share the network
medium and the available bandwidth. Variable-length packets are used for more
efficient and flexible transfers. The advantage of this technique is that it
accommodates more flexibility and more efficient use of bandwidth. Frame
Relay provides connection-oriented data link layer communication. (This means
that a defined communication exists between each pair of devices and that these
connections are associated with a connection identifier.) This service is
implemented by using a Frame Relay virtual circuit, which is a logical
connection created between two data terminal equipment (DTE) devices across a
Frame Relay packet-switched network (PSN). Virtual circuits provide a
bi-directional communications path from one DTE device to another and are
uniquely identified by a data-link connection identifier (DLCI). A number of
virtual circuits can be multiplexed into a single physical circuit for
transmission across the network. This capability often can reduce the equipment
and network complexity required to connect multiple DTE devices. Frame Relay
virtual circuits fall into two categories: switched virtual circuits (SVCs) and
permanent virtual circuits (PVCs). Some terms frequently when discussing
Frame Relay follow: Local access rate --- The clock speed (port speed) of
the connection (local loop) to the Frame Relay cloud. It is the rate at which
data travels into or out of the network, regardless of other settings.
Data-link connection identifier (DLCI) --- A number that identifies the logical
circuit between the CPE/DTE and the Frame Relay switch. The FR switch maps the
DLCIs between each pair of routers to create a PVC. DLCIs have local
significance in that the identifier references the point between the local
router and the Frame Relay switch to which it is connected. Local
Management Interface (LMI) --- A signaling standard between the CPE device and
the FR switch that is responsible for managing the connection and maintaining
status between the devices. LMIs include support for a keepalive mechanism,
which verifies that data is flowing; a multicast mechanism, which provides the
network server with it's local DLCI; the multicast addressing, which gives DLCIs
global rather than local significance in Frame Relay networks; and a status
mechanism, which provides an ongoing status on the DLCIs known to the switch.
The following types of LMIs are supported by Cisco routers (IOS 11.2 or later):
cisco --- LMI type define jointly bye Cisco, Northern Telecom, and DEC;
ansi --- Annex D defined by ANSI standard T1.617; q933a --- ITU-T Q.933
Annex A Committed information rate (CIR) - the average rate (bps) that the FR
switch agrees to transfer data. Committed burst - the maximum number of bits
that the switch agrees to transfer during any Committed Rate Measurement
Interval. Excess burst - the maximum number of uncommitted bits that the FR
switch will attempt to transfer beyond the CIR (typically limited to the port
speed of the local access loop). Backward explicit congestion notification
(BECN) - when a FR switch recognizes congestion in the network, It sends a BECN
packet to the source router instructing it to reduce its packet sending rate.
Forward explicit congestion notification (FECN) - when a FR switch recognizes
congestion in the network, It sends a FECN packet to the destination device
indicating that congestion has occurred. Discard eligibility (DE) indicator -
when the router detects network congestion, the FR switch will drop packets with
the DE bit set first. The DE bit is set on the oversubscribed traffic; that is
the traffic that was received after the CIR was met.10) List commands to
configure Frame Relay LMIs, maps, and subinterfaces. router(config-if)#
encapsulation frame-relay [ cisco | ietf ] (cisco is the default)
router(config-if)# frame-relay lmi-type [ ansi | cisco | q933i ] (autosensed
11.2 and up) router(config-if)# bandwidth kilobits (configur bandwidth for the
link, default is T1) router(config-if)# frame-relay inverse-arp [ protocol ] [
dlci ] (enabled by default) router(config-if)# ip bandwidth-percent eigrp
as-number percent (total bandwidth EIGRP can use) router(config-if)# keepalive
number ( increase/decrease keepalive interval, default is 10 secs.)
router(config-if)# frame-relay local-dlci number (to specify DLCI for local
interface) router(config-if)# frame-relay map protocol protocol-address dlci
[broadcast ] [ ietf | cisco ] payload-compress packet-by-packet (Cisco
compression) (broadcast - forward broadcasts to this address when multicast is
not enabled) router(config-if)# interface serial number . subinterface-number
[multipoint | point-to-point ] (multipoint - forwards broadcasts and routing
updates, for routing IP when all routers are in same subnet) (point-to-point -
no broadcasts or updates, each router is in its own subnet) router(config-if)#
ip unnumbered interface (point-to-point IP sub-interface) router(config-if)#
frame-relay interface-dlci dlci-number (local DLCI number being linked to
sub-interface)The following is a partial config example:interface Serial 0
encapsulation frame-relay frame-relay lmi-type ansi ! interface Serial 0.1
point-to-point ip address 192.168.155.1 255.255.255.252 frame-relay
interface-dlci 123 interface Serial 0 encapsulation frame-relay frame-relay
lmi-type ansi ! interface Serial 0.1 point-to-point ip address 192.168.155.2
255.255.255.252 frame-relay interface-dlci 124 11) List commands to monitor
Frame Relay operation in the router. To monitor Frame Relay connections,
perform any of the following tasks in EXEC mode: Task Command Clear
dynamically created Frame Relay maps, which are created by the use of Inverse
ARP. clear frame-relay-inarp Display information about Frame Relay DLCIs and
the LMI. show interfaces type number Display LMI statistics. show
frame-relay lmi [type number] Display the current Frame Relay map entries.
show frame-relay map Display PVC statistics. show frame-relay pvc [type number
[dlci]] Display configured static routes. show frame-relay route Display
Frame Relay traffic statistics. show frame-relay traffic Display information
about the status of LAPF. show frame-relay lapf Display all the SVCs under a
specified map list. show frame-relay svc maplist 12) Identify PPP operations
to encapsulate WAN data on Cisco routers. The Point-to-Point Protocol (PPP)
originally emerged as an encapsulation protocol for transporting IP traffic over
point-to-point links. PPP also established a standard for the assignment and
management of IP addresses, asynchronous (start/stop) and bit-oriented
synchronous encapsulation, network protocol multiplexing, link configuration,
link quality testing, error detection, and option negotiation for such
capabilities as network-layer address negotiation and data-compression
negotiation. PPP supports these functions by providing an extensible Link
Control Protocol (LCP) and a family of Network Control Protocols (NCPs) to
negotiate optional configuration parameters and facilities. In addition to IP,
PPP supports other protocols, including Novell's Internetwork Packet Exchange
(IPX) and DECnet. PPP provides a method for transmitting datagrams over
serial point-to-point links. PPP contains three main components: A method
for encapsulating datagrams over serial links --- PPP uses the High-Level Data
Link Control (HDLC) protocol as a basis for encapsulating datagrams over
point-to-point links. (See "Synchronous Data Link Control and Derivatives," for
more information on HDLC.) An extensible LCP to establish, configure, and
test the data-link connection. A family of NCPs for establishing and
configuring different network-layer protocols---PPP is designed to allow the
simultaneous use of multiple network-layer protocols. The following is a common
procedure to configure PPP in your Cisco routers:Router(config)# username name
password secret (name=host name of remote router, Secret=identical on both
routers) Router(config-if)# encapsulation ppp Router(config-if)# ppp
authentication [chap | pap ] (pap is clear text) Router(config-if)# ppp pap
sent-username username password password (for router responding to pap request,
11.1 and up) Router(config-if)# ppp chap hostname hostname (for same host name
onmultiple routers) Router(config-if)# ppp chap password secret (to send to
hosts that want to authenticate the router) 13) State a relevant use and
context for ISDN networking. The goal is o support applications requiring high
speed voice, video, and data communications.Digital service with fast connection
setup and higher bandwidth than traditional modems. Integrated Services
Digital Network (ISDN) is comprised of digital telephony and data-transport
services offered by regional telephone carriers. ISDN involves the
digitalization of the telephone network, which permits voice, data, text,
graphics, music, video, and other source material to be transmitted over
existing telephone. The emergence of ISDN represents an effort to standardize
subscriber services, user/network interfaces, and network and internetwork
capabilities. ISDN applications include high-speed image applications (such as
Group IV facsimile), additional telephone lines in homes to serve the
telecommuting industry, high-speed file transfer, and video conferencing. Voice
service is also an application for ISDN. ISDN components include terminals,
terminal adapters (TAs), network-termination devices, line-termination
equipment, and exchange-termination equipment. 14) Identify ISDN protocols,
function groups, reference points, and channels. ITU-T groups and organizes
the ISDN protocols according to general topic areas. Protocols that begin
with "E" recommend telephone network standards for ISDN. For example, The E.164
protocol describes international adressing for ISDN. Protocols that begin
with "I" Deal with concepts, terminology, and general methods. The I.100 series
includes general ISDN concepts and the structure of other I-series
recommendations; I.200 deals with service aspects of ISDN; I.300 describes
network aspects; I.400 describes how the User-Network Interface (UNI) is
provided. Protocols beginning with "Q" cover how switching and signaling
should operate. The term signaling in this context means the process of call set
used. Q.921 describes the ISDN data-link processes of LAPD, which functions like
Layer 2 processes in the ISO/OSI reference model. Q.931 specifies ISO/OSI
reference model Layer 3 functions. To access ISDN, you must provide
functions and reference points that comply with ISDN service provider standards.
By using these functions and reference points, you can improve communication
with vendors and service providers while you engineer, install, and support your
ISDN facilities: Functions --- Device types or hardware functions that
represent transition points between the reference-point interfaces.
Reference points --- CCITT has defined the ISDN local loop characterized by
different interfaces. The standards call the key reference points R, S, T, U,
and V. R--The reference point between non-ISDN equipment and a TA. S--The
reference point between user terminals and the NT2. T--The reference point
between NT1 and NT2 devices. U--The reference point between NT1 devices and
line-termination equipment in the carrier network. The U reference point is
relevant only in North America, where the NT1 function is not provided by the
carrier network.� This Figure illustrates a sample ISDN configuration and
shows three devices attached to an ISDN switch at the central office. Two of
these devices are ISDN-compatible, so they can be attached through an S
reference point to NT2 devices. The third device (a standard, non-ISDN
telephone) attaches through the reference point to a TA. Any of these devices
also could attach to an NT1/2 device, which would replace both the NT1 and the
NT2. In addition, although they are not shown, similar user stations are
attached to the far right ISDN switch. The following table defines the
basic ISDN device or hardware acronym and it's function. Acronym�Device
Name�Device Function��TA�Terminal Adapter�Conterts from EIA/TIA-232, V.35, and
other signals into BRI signals.��TE1�Terminal Endpoint 1�Designates a rotuer as
a device having a native ISDN interface.��TE2�Terminal Endpoint 2�Designates a
router as a device requiring a TA for it's BRI signals.��NT1�Network Termination
1�Converts BRI signals into a form used by the ISDN digital line.��LT�Local
Termination�Portion of the local exchange that terminates the local
loop.��ET�Exchange Termination�Portion of the exchange that communicates with
other ISDN componets.�� The ISDN Basic Rate Interface (BRI) service offers
two B channels and one D channel (2B+D). BRI B-channel service operates at 64
kbps and is meant to carry user data; BRI D-channel service operates at 16 kbps
and is meant to carry control and signaling information, although it can support
user data transmission under certain circumstances. The D channel signaling
protocol comprises Layers 1 through 3 of the OSI reference model. BRI also
provides for framing control and other overhead, bringing its total bit rate to
192 kbps. ISDN Primary Rate Interface (PRI) service offers 23 B channels
and one D channel in North America and Japan, yielding a total bit rate of 1.544
Mbps (the PRI D channel runs at 64 Kbps). ISDN PRI in Europe, Australia, and
other parts of the world provides 30 B channels plus one 64-Kbps D channel and a
total interface rate of 2.048 Mbps. ISDN physical-layer (Layer 1) frame
formats differ depending on whether the frame is outbound (from terminal to
network) or inbound (from network to terminal). The frames are 48 bits long, of
which 36 bits represent data. Layer 2 of the ISDN signaling protocol is
Link Access Procedure, D channel, also known as LAPD. LAPD is similar to
High-Level Data Link Control (HDLC) and Link Access Procedure, Balanced (LAPB).
As the expansion of the LAPD acronym indicates, it is used across the D channel
to ensure that control and signaling information flows and is received properly.
The LAPD frame format is very similar to that of HDLC and, like HDLC, LAPD uses
supervisory, information, and unnumbered frames. The LAPD protocol is formally
specified in ITU-T Q.920 and ITU-TQ.921. Two Layer 3 specifications are
used for ISDN signaling: ITU-T (formerly CCITT) I.450 (also known as ITU-T
Q.930) and ITU-T I.451 (also known as ITU-T Q.931). Together, these protocols
support user-to-user, circuit-switched, and packet-switched connections. A
variety of call establishment, call termination, information, and miscellaneous
messages are specified, including SETUP, CONNECT, RELEASE, USER INFORMATION,
CANCEL, STATUS, and DISCONNECT. These messages are functionally similar to those
provided by the X.25 protocol.15) Describe Cisco's implementation of ISDN
BRI. Two 64 Kbps B channels and one 16 Kbps D channel.Accessing ISDN with a
Cisco router means that you will need to purchase either a Network Termination 1
(NT1) or an ISDN modem. If your router has a BRI interface, you're readyto rock.
Otherwise, you can use one of your router's serial interfaces if you can get a
hold of a TA. A router with a BRI interface is call a TE1, and one that requires
a TA is called a TE2. ISDN supports virtually every upper-layer network protocol
(IP, IPX, and AppleTalk), and you can choose PPP, HDLC, or LAPD as your
encapsulation protocol. IOS 16) Log into a router in both user and
privileged modes. You can configure Cisco routers from the user interface
that runs on the router console or terminal. You can also configure Cisco
routers using remtoe access. Cisco IOS software provides a command interpreter
called EXEC. EXEC interprets the commands you type and carries out the
corresponding operations. You must log in to the router before you can enter an
EXEC command. For security purposes, the EXEC has two levels of access to
commands: user mode and privileged mode. User Mode --- Typical tasks
include those that check the router status. ( The prompt is: Router> )
Privileged mode --- Typical tasks include those that change the router
configuration. ( The prompt is: Router# ) The following is a demo
procedure: Router> Router> enable Password: Router#
Router# disable Router> Router> exit 17) Use the context-sensitive
help facility. Typing a quesion mark (?) at the user mode prompt or the
privileged mode prompt displays a handy list of commonly used commands. With the
context-sensitive help, you can do the following: Symbolic translation
Keyword completion Last command recall <Ctrl><P> Command prompting
Syntax checking and the caret symbol (^) and help response indicate and
error. It appears at the point in the command string where you have entered and
incorrect command, keyword, orargument. The error location indicator and
interactive help system allow you to find and correct syntax error easily. 18)
Use the command history and editing features. The user interface includes
and enhanced editing mode that provides a set of editing key functions.
; Automatic scrolling of long lines. <Ctrl><A> ; Move to the
beginning of the command line. <Ctrl><E> ; Move to the end of the
command line. <Esc><B> ; Move back one word. <Ctrl><F>
; Move foward one character. <Ctrl><B> ; Move back one character.
<Esc><F> ; Move forward one word. <Ctrl><P> or UP arrow
; Last (previous) command recall <Ctrl><N> or DOWN arrow ; More
recent command recall Router> show history ; Show command
buffer Router> terminal history size number-of-lines ; Set
command buffer size Router> no terminal editing
; Disable advanced editing features Router> terminal editing
; Reenable advanced editing <Tab>
; Entry completion 19) Examine router elements (RAM, ROM, CDP, show). ROM -
Read Only, Hard Wired, Boot Strap, IOS, ROM Monitor RAM - IOS & Running
Configuration (Main Memory) NVRAM - Startup Config ? Saved via battery (10 yr
Life Span) Flash - IOS (PCMCIA Cards or SIMMs) Shared RAM - Packet Buffering
(Not all platforms) The Cisco Discovery Protocol (CDP) is a media- and
protocol-independen protocol that runs on all Cisco-manufactured equipment
including routers, bridges, access servers and switches. CDP runs on all media
that supports Subnetwork Access Protocol (SNAP) including local area network,
Frame Relay and ATM media. CDP runs over the data link layer only. Specify the
frequency of transmission of CDP updates. show version --- Displays the
configuration of the system hardware, the software version, the names and
sources of configuration files, and boot images. show mem --- Shows
statistics about the router's memory, including memory free pool statistics.
show cdp [interface | neighbors | entry device-name] --- Shows CDP statistics.
show protocols --- Displays the protocols configured on the router. 20) Manage
configuration files from the privileged exec mode. show startup-config --- To
view the configuration in NVRAM (show config = pre10.3) show running-config ---
To view the current running configuration (write term = pre 10.3) show version
--- Displays the configuration of the system hardware, the software version, the
names and sources of configuration files, and the boot images. show processes
--- Displays information about the active processes. show protocols ---
Displays the configured protocols and status of any configured Layer 3 protocol.
show mem --- Shows statistics about the router's memory, including memory free
pool statistics. show ip route --- Displays the entries in the routing table.
show flash ---Shows information about the Flash memory device. show interfaces
--- Displays statistics for all interfaces configured on the router.21)
Control router passwords, identification, and banner. Cisco routers have two
levels of passwords that can be applied; user and privileged EXEC. The user EXEC
passwords are applied to the console, auxiliary and virtual terminal lines of
the Cisco router. Password authentication can be either on the line, through a
local username definition or a TACACS, extended TACACS, TACACS+ or RADIUS
server. To enter privileged EXEC mode, use the enable command. By default, the
password will be compared against the password entered with the enable secret
global command.You can secure your system by using passwords to restrict
access. Passwords can be established both on individual lines and in the
privileged EXEC mode. line console 0 --- Establishes a password on the
console terminal. line vty 0 4 --- Establishes password protection on
incoming Telnet sessions. enable password --- Restricts access to the
privileged EXEC mode. enable secret --- Restricts access to the privileged
EXEC mode, it uses a Cisco-proprietary encryption process to alter the password
string. Sets local identity or message for the accessed router or
interface. Router Name --- You can name the router in global configuration
mode. Router(config)# hostname Gotop
Gotop# Login Banner --- You can configure a message-of-the-day banner to be
displayed on all connected terminals. Gotop# banner motd #
Welcome to Gotop Systems # Interface Description --- You can set a
description for each interface for later reminds.
Gotop(config)# interface ethernet 0 Gotop(config-if)#
description Engineering LAN, Zone 3. 22) Identify the main Cisco IOS commands
for router startup. Gotop# show startup-config Gotop# show
running-config Gotop# erase startup-config Gotop# reload Gotop#
setup 23) Enter an initial configuration using the setup command. One
routine for inital configuration is the setup mode. The primary purpose of the
setup mode is to rapidly bring up a minimal-feature configuration for any router
that cannot find it's configuration form some other source. Setup Global
Parameters Setup Interface Parameters To enter the setup command facility,
enter 'setup? in privileged EXEC mode: When you enter the setup command
facility after first-time startup, an interactive dialog called the System
Configuration Dialog appears on the system console screen. The System
Configuration Dialog guides you through the configuration process. It prompts
you first for global parameters and then for interface parameters. The values
shown in brackets next to each prompt are the default values last set using
either the setup command facility or the configure command. The prompts and the
order in which they appear on the screen vary depending on the platform and the
interfaces installed in the device. You must run through the entire System
Configuration Dialog until you come to the item that you intend to change. To
accept default settings for items that you do not want to change, press the
Return key. To return to the privileged EXEC prompt without making changes and
without running through the entire System Configuration Dialog, press Ctrl-C.
When you complete your changes, the setup command facility shows you the
configuration command script that was created during the setup session. It also
asks you if you want to use this configuration. If you answer Yes, the
configuration is saved to NVRAM. If you answer No, the configuration is not
saved and the process begins again. There is no default for this prompt; you
must answer either Yes or No. Router# setup --- System Configuration Dialog
--- At any point you may enter a question mark '?' for help. Use ctrl-c to
abort configuration dialog at any prompt. Default settings are in square
brackets '[]'. Continue with configuration dialog? [yes]: First, would you
like to see the current interface summary? [yes]: Interface IP-Address OK?
Method Status Protocol Ethernet0 172.16.72.2 YES manual up up Serial0
unassigned YES not set administratively down down Serial1 172.16.72.2 YES not
set up up Configuring global parameters: Enter host name [Router]: The enable
secret is a one-way cryptographic secret used instead of the enable password
when it exists. Enter enable secret []: The enable password is used when there
is no enable secret and when using older software and some boot images. Enter
enable password [ww]: Enter virtual terminal password [ww]: Configure SNMP
Network Management? [yes]: Community string [public]: Configure IP? [yes]:
Configure IGRP routing? [yes]: Your IGRP autonomous system number [15]:
Configuring interface Ethernet0: Is this interface in use? [yes]: Configure IP
on this interface? [yes]: IP address for this interface [172.16.72.2]: Number
of bits in subnet field [8]: Class B network is 172.16.0.0, 8 subnet bits; mask
is /2424) Copy and manipulate configuration files. copy running-config
tftp --- Store the current configuation in RAM on a network TFTP server.
erase startup-config --- Erase the contents of NVRAM. copy running-config
startup-config --- Store the cunrrent configuration in RAM into NVRAM.25) List
the commands to load Cisco IOS software from: flash memory, a TFTP server, or
ROM.To configure a router to automatically boot an image in Flash memory,
perform the following tasks: Task Command Step 1 Enter configuration mode from
the terminal configure terminal Step 2 Enter the filename of an image stored in
Flash memory boot system flash [filename] boot system flash slot0:[filename]
boot system flash slot1:[filename] boot system flash bootflash:[filename] Step
3 Set the configuration register to enable loading image from Flash memory
(generally 0x2102) config-register value Step 4 Save configuration file copy
running-config startup-config To configure a router to load a system image from
a network server using TFTP, rcp or MOP: Task Command Step 1 Enter
configuration mode form the terminal configure terminal Step 2 Specify the
system image to be booted from a network server using rcp, TFTP or MOP. boot
system [rcp | tftp] filename [ip address] boot system mop filename
[mac-address] [int] Step 3 Set the configuration register to enable loading
image from a network server (generally 0x010F) config-register value Step 4
Save configuration file copy running-config startup-config To specify the use
of the ROM system image as a backup to other boot instructions in the
configuration file: Task Command Step 1 Enter configuration mode form the
terminal configure terminal Step 2 Enter the filename of an image stored in
Flash memory boot system rom Step 3 Set the configuration register to enable
loading image from ROM (generally 0x0101) config-register value Step 4 Save
configuration file copy running-config startup-configThe following is a sample
configure procedure: Router# configure terminal Router(config)# boot
system flash IOS_filename Router(config)# boot system tftp IOS_filename
tftp_address Router(config)# boot system rom [Ctrl-Z] Router#
copy running-config startup-config 26) Prepare to backup, upgrade, and load a
backup Cisco IOS software image. Check to make sure you have access to the
network backup server. Verify that the server has sufficient room to
accommodate the Cisco IOS software image. Check the filename requirements
and file space of the network server. Verify Aviliable memory in your
router, which including RAM/DRAM and Flash. Use copy flash tftp command to
backup the current Cisco IOS software image. Use copy tftp flash command to
upgrade and load a backup image in to Cisco router. ! = 1 UDP serment has
successfully transferred.27) Prepare the initial configuration of your router
and enable IP. interface Ethernet 0 no shutdown description
connected to Public_LAN ip address 202.103.35.6 255.255.255.248 ip
access-group 101 in keepalive 10 Network Protocols 28) Monitor Novell
IPX operation on the router. Once you have IPX configured and running, you
can monitor and troubleshooting it using the following commands: show ipx
interface --- IPX status and parameters. show ipx route --- Routing table
contents. show ipx servers --- IPX server list. show ipx traffic ---
Number and type of packets. debug ipx routing activity --- Information
about RIP update packets. debug ipx sap --- Information about SAP update
packets. 29) Describe the two parts of network addressing, then identify the
parts in specific protocol address examples. Novell IPX addressing uses a
two-part address, the network number and the node number: 32 bits for the
network number and 48 bits for the node number. The node number contains the MAC
address of an interface. For example, an IPX address can be written in
several formats. Most often, they're written in hex, such as
00007C80.0000.8609.33E0. The first eight hex digits (00007C80) represent the
network portion of the address; the remaining 12 hex digits (0000.8609.33E9)
represent the node portion and are the MAC address of the workstation. 30)
Create the different classes of IP addresses [and subnetting]. �IP addressing
supports five different network classes.Class�Address or
Range�Status��A�0.0.0.01.0.0.0 to 126.0.0.0127.0.0.0�ReservedAvailable
Reserved��B�128.0.0.0 to 191.254.0.0191.255.0.0�AvailableReserved��C�192.0.0.0
192.0.1.0 to 223.255.254223.255.255.0�ReservedAvailableReserved��D�224.0.0.0
to 239.255.255.255�Multicast group addresses��E�240.0.0.0 to 255.255.255.254
255.255.255.255�ReservedBroadcast�� The IP address is 32 bits in length and
has two parts: Network number, and Host number. The address format is known as
dotted decimal notation, for example, 172.16.122.159. � IP Class Range. �
With subnets, the network address use is more efficient. There is no changetto
how the outside world sees the network, but within the organization, there is
additional structure. A subnet address is created by "borrowing" bits from the
host field and designating them as the subnet field. The number of borrowed bits
varies and is specified by the subnet mask. 31) Configure IP addresses.
Use command ip address ip-address subnet-mask to configure IP address.
Router(config-if)# ip address ip-address subnet-mask (assigns address & subnet
mask, starts IP processing on an interface) Router# term ip netmask-format {
bitcount | decimal | hexadecimal } (sets format of network mask for current
session. Defaults back to bit count.) Router(config-if)# ip netmask-format {
bitcount | decimal | hexadecimal } (sets format of network mask for a specific
line)32) Verify IP addresses. Telnet - verifies application-layer software
between source and destination stations. Ping - uses ICMP to verify hardware
connection and logical address of network layer. Trace - uses TTL values to
generate messages from each router used along the path.33) List the required
IPX address and encapsulation type.Interface Type Encapsulation Type
IPX Frame Type Ethernet novell-ether (default)
Ethernet_802.3 arpa Ethernet_II sap
Ethernet_802.2 snap Ethernet_Snap Token Ring sap
(default) Token-Ring snap Token-Ring_Sna
FDDI snap (default) Fddi_Snap sap
Fddi_802.2 Novell NetWare IPX supports multiple encapsulation schemes on a
single router interface, provided that multiple network numbers are assigned.
Encapsulation is the process of packaging upper-layer protocol information and
data into a frame. NetWare supports the following four encapsulation schemes:
Novell Proprietary---Also called "802.3 raw" or Novell Ethernet_802.3, Novell
proprietary serves as the initial encapsulation scheme Novell uses. It
includes an Institute of Electrical and Electronic Engineers (IEEE) 802.3
Length field but not an IEEE 802.2 (LLC) header. The IPX header immediately
follows the 802.3 Length field. 802.3---Also called Novell_802.2, 802.3
is the standard IEEE 802.3 frame format. Ethernet Version 2---Also called
Ethernet-II or ARPA, Ethernet Version 2 includes the standard Ethernet
Version 2 header, which consists of Destination and Source Address fields
followed by an EtherType field. SNAP---Also called Ethernet_SNAP,
SNAP extends the IEEE 802.2 header by providing a type code similar to
that defined in the Ethernet Version 2 specification. 34) Enable the Novell
IPX protocol and configure interfaces. Configuration of Novell IPX as a
routing protocol involves both global and interface parameters. Global
tasks: Start the IPX routing process Enable load sharing, if
appropriate for your network. Load sharing is the division of routing tasks
evenly among multiple routers to balance the work and improve network
performace. Interface tasks: Assign unique network numbers to each
interface. Multiple network numbers can be assigned to an interface, allowing
support of different encapsulation types. Set the optional
encapsulation type, if it is different from the default. For example:
ipx routing ipx maximum-paths 2 interface ethernet 0
ipx network 9e encapsulation novell-ether ipx network 6c
encapsulation sap secondary interface ethernet 1 ipx
network 1a encapsulation sap interface serial 0 ipx network
4a 35) Identify the functions of the TCP/IP transport-layer protocols.
TCP/IP was developed by the Department of Defense (DOD) as a protocol to ensure
data intergrity and preserve it as well as maintain communications in the event
of catastrophic war. If designed and implemented correctly, a TCP/IP network can
be a very dependable and resilient one. It uses the DOD model, a four layers
model, instead of the OSI, the seven layers model. Process/Application
Layer ---> Application/Presentation/Session Host-to-Host Layer
---> Transport Internet Layer ---> Network
Network Access Layer ---> Data Link/Physical The Host-to-Host
Layer's main purpose is to shield the upper-layer applications from the
complexities of the network. The TCP provides reliable transmission of data
in an IP environment. TCP corresponds to the transport layer (Layer 4) of the
OSI reference model. Among the services TCP provides are stream data transfer,
reliability, efficient flow control, full-duplex operation, and multiplexing.
The User Datagram Protocol (UDP) is a connectionless transport-layer protocol
(Layer 4) that belongs to the Internet protocol family. UDP is basically an
interface between IP and upper-layer processes. UDP protocol ports distinguish
multiple applications running on a single device from one another. 36)
Identify the functions of the TCP/IP network-layer protocols. There are two
main reasons for the Internet Layer's exitence: routing and providing a single
network interface to the upper layers.IP provides connectionless, best-effort
delivery routing of datagrams, It is not concerned with the content of the
datagrams. Instead, it looks for a way to move the datagrams to their
destination. ICMP provides control and messaging capabilities. ARP determines
the data link layer address for known IP addressed. RARP determines network
addresses when data link layer addressed are known. 37) Identify the
functions performed by ICMP. The Internet Control Message Protocol (ICMP)
is a network-layer Internet protocol that provides message packets to report
errors and other information regarding IP packet processing back to the source.
ICMPs generate several kinds of useful messages, including Destination
Unreachable, Echo Request and Reply, Redirect, Time Exceeded, and Router
Advertisement and Router Solicitation. Destination Unreachable - The ICMP
destination unreachable message is sent by a router if it is unable to deliver a
packet to the ultimate destination. The router discards the original packet.
Destinations might be unreachable for these reasons: The source host
specified a nonexistent address. The router does not have a route to the
destination (less frequent). Destination unreachable messages include the
following: Network unreachable -- This message usually implies routing or
addressing failures. Host unreachable -- This message usually implies
delivery failures such as a wrong subnet mask. Protocol unreachable -- This
message usually implies that the destination does not support upper-layer
protocol specified in the packet. Port unreachable -- This message usually
implies that the Transmission Control Protocol (TCP) port (socket) is not
available. Echo Request and Reply - The ICMP echo request message is sent by
any host to test node reachability across an internetwork. It is generated by
the ping command. The ICMP echo reply message indicates that the node can be
successfully reached. Redirect - An ICMP redirect message is sent by the router
to the source host to stimulate more efficient routing. The router still
forwards the original packet to the destination. ICMP redirects allow host
routing tables to remain small because knowing the address of only one router is
required (even if that router does not provide the best path). Even after
receiving an ICMP redirect message, some devices might continue using the less
efficient route. Time Exceeded - An ICMP time-exceeded message is sent by the
router if an IP packet's Time-to-Live field (expressed in hops or seconds)
reaches zero. The Time-to-Live field prevents packets from continuously
circulating the internetwork if the internetwork contains a routing loop. The
router discards the original packet. Router Advertisement and Router
Solicitation - The ICMP Router Discovery Protocol (IDRP) uses router
advertisement and router solicitation messages to discover the addresses of
routers on directly attached subnets. IDRP works as follows: 1.Each router
periodically multicasts router advertisement messages from each of its
interfaces. 2.Hosts discover addresses of routers on directly attached
subnets by listening for these messages. 3.Hosts can use router
solicitation messages to request immediate advertisements, rather than waiting
for unsolicited messages. IRDP offers several advantages over other methods of
discovering addresses of neighboring routers. Primarily, it does not require
hosts to recognize routing protocols, nor does it require manual configuration
by an administrator. Router advertisement messages allow hosts to discover the
existence of neighboring routers, but not which router is best to reach a
particular destination. If a host uses a poor first-hop router to reach a
particular destination, it receives a redirect message identifying a better
choice. Undeliverable ICMP messages (for whatever reason) do not generate a
second ICMP message. Doing so could create an endless flood of ICMP messages.
38) Configure IPX access lists and SAP filters to control basic Novell traffic.
The Service Advertisement Protocol (SAP) is an IPX protocol through which
network resources, such as file servers and print servers, advertise their
addresses and the services they provide. Advertisements are sent via SAP every
60 seconds. Services are identified by a hexadecimal number, which is called a
SAP identifier (for example, 4 = file server, and 7 = print server). Using
the SAP identifier, SAP advertisements can be filtered on a router's input or
output port, or from a specific router. SAP filters conserve network bandwidth
and are especially useful in large Novell installations where hundreds of SAP
services exist. In general, the use of SAP filters is recommended for
services that are not required for a particular network. Remote sites, for
example, probably do not need to receive SAP advertising print services located
at a central site. A SAP output filter at the central site (preferred) or a SAP
input filter that uses the SAP identifier for a print server at the remote site
prevents the router from including print services in SAP updates. Access lists
can control most protocols on a Cisco router.Protocol�Type�Range
Identifier��IP�StandardExtended�1-99100-199Named (IOS 11.2 or
later)��IPX�StandardExtendedSAP Filter�800-899 900-999
1000-1099��AppleTalk��600-699�� For example: access-list 1000 deny
3c01.0000.0000.0001 access-list 1000 permit -1 interface
ethernet 0 ipx network 3c ipx input-sap-filter 1000
interface ethernet 1 ipx network 4d interface serial 0
ipx network 2b Routing 39) Add the RIP routing protocol to your
configuration. The Routing Information Protocol (RIP) is a distance-vector
protocol that uses hop count as its metric. RIP is widely used for routing
traffic in the global Internet and is an interior gateway protocol (IGP), which
means that it performs routing within a single autonomous system. RIP has
the following key characteristics: It is a distance vector routing
protocol. Hop count is used as the metirc for path selection.
The maximum allowable hop count is 15. Routing updates are broadcast
every 30 seconds by default. To configure RIP to your network, use the
following commands: Router(config)# router rip
; To select RIP as the routing protocol Router(config-router)# network
{network_number} ; To assign a NIC-based address to which the routrr is
directly connected. The routing process will associate interfaces with the
proper addresses and will begin packet processing on the specified networks.
40) Add the IGRP routing protocol to your configuration. Interior Gateway
Routing Protocol (IGRP) is a distance vector routing protocol developed by
Cisco. IGRP sends routing updates at 90-second intervals to advertise networks
for a particular autonomous system. The following are some key
characteristics of IGRP: Design emphasizes: Versatility to
automatically handle indefinite, complex topologies. Flexibility
for segments having different bandwidth and delay characteristics.
Scalability to function in very large networks. The IGRP routing protocol
uses a combination of variables to determine a composite metric.
Variables IGRP uses include: Bandwidth, Delay, Load, Reliability,
Maximum transmission unix (MTU) To configure IGRP to your network, use the
following commands: Router(config)# router igrp {autonomous_system}
; Identifies the IGRP router processes that will share routing information.
Router(config-router)# network {network_number} ; Specifies any directly
connected networks to be included, it's a NIC network number, not a subnet
number or individual address. 41) Explain the services of separate and
integrated multiprotocol routing. Separate routing --- The ships-in-the-night
approach involves the use of a different routing protocol for each network
protocol. Integrated routing --- Integrated routing involves the use of a
single routing protocol (for example, a link state protocol) that determines the
least cost path for different routed protocols.42) List problems that each
routing type encounters when dealing with topology changes and describe
techniques to reduce the number of these problems. Distance Vector protocols,
like RIP and IGRP, use the Bellman-Ford algorithm. They are slow to converge in
a large LAN. This can lead to inconsistent routing entries and cause routing
loops. Hop-Count Limit --- RIP permits a maximum hop count of 15. Any
destination greater than 15 hops away is tagged as unreachable. RIP's maximum
hop count greatly restricts its use in large internetworks, but prevents a
problem called count to infinity from causing endless network routing loops.
Hold-Downs --- Hold-downs are used to prevent regular update messages from
inappropriately reinstating a route that has gone bad. When a route goes down,
neighboring routers will detect this. These routers then calculate new routes
and send out routing update messages to inform their neighbors of the route
change. This activity begins a wave of routing updates that filter through the
network. Triggered updates do not instantly arrive at every network device. It
is therefore possible that a device that has yet to be informed of a network
failure may send a regular update message (indicating that a route that has just
gone down is still good) to a device that has just been notified of the network
failure. In this case, the latter device now contains (and potentially
advertises) incorrect routing information. Hold-downs tell routers to hold down
any changes that might affect recently removed routes for some period of time.
The hold-down period is usually calculated to be just greater than the period of
time necessary to update the entire network with a routing change. Hold-down
prevents the count-to-infinity problem. Split Horizons - Split horizons derive
from the fact that it is never useful to send information about a route back in
the direction from which it came. The split-horizon rule helps prevent two-node
routing loops. Poison Reverse Updates - Whereas split horizons should prevent
routing loops between adjacent routers, poison reverse updates are intended to
defeat larger routing loops. The idea is that increases in routing metrics
generally indicate routing loops. Poison reverse updates are then sent to remove
the route and place it in hold-down. Poison Reverse update are updates sent to
other routers with an unreachable metric. Link State Link State routing uses
the Dijkstra algorithm to compute the shortest path first to another network.
Link State routing protocols, like OSPF & NLSP, notify other routers of topology
changes with link-state updates. The router receiving these LSP's recalculate
their routing table. The 2 link-state concerns are: Processing and memory
required for link-state routing. Bandwidth consumed for initial link-state
"flood". Link state updates can arrive at different times based on bandwidth
between routers. To solve this problem: Dampen the periodic update (longer
intervals) Use time stamps Use targeted mulitcast (not flood), define
router hierarchies (i.e. partition network) 43) Describe the benefits of
network segmentation with routers. Manageability --- There are explicit
protocols operating among routers, giving the network administrator greater
control over path selection; and network routing behavior is more visible.
Functionality --- Because routers are visible to the end stations, you can
implement mechanisms to provide flow control, error and congestion control,
fragmentation and reassembly services, and explicit packet lifetime control.
Multiple active paths --- With the implementation of a router, you can use a
network topology using more than one path between stations. Operating at the
network layer, routers can examine protocol, destination service access point
(DSAP), source service access point (SSAP), and path metric information before
making forwarding or filtering decisions. Network Security44)
Configure standard and extended access lists to filter IP traffic. Access
lists are statements that specify conditions that an administrator sets so the
router will handle the traffic covered by the access list in an out-of-the
ordinary manner. Access lists give added control for processing the specific
packets in a unique way. The two main types of access lists are standard and
extended. Standard access lists for IP check the source address of packets
that could be routed. The result permis or denies output for an entire protocol
suite, based on the network/subnet/host address. Extended access lists check
for both source and destination packet addresses. The also can check for
specific protocols, port numbers, and other parameters, which allows
administrators more flexiility to describe what checking the access list will
do. Packets can be permitted or denied output based on where the packet
originated and on its destination. Protocol�Type�Range Identifier��IP�Standard
Extended�1-99100-199Named (IOS 11.2 or later)�� The table above shows the
IP protocol and number ranges of standard and extended access list types.
Step 1. Set parameters for this access list test statement (which can be one of
several statements). Router(config)# access-list access_list_number {permit
| deny} {test conditions} Step 2. Enable an interface to become part of the
group that uses the specified access list. Router(config-if)# {protocol}
access-group access_list_number { in | out } * Access lists are numbered (
for IP, numbered or named) IP access lists use wildcard masking. Wildcard
masking for IP address bits uses the number 1 and the number 0 to identify how
to treat the corresponding IP addess bits. A wildcard mask bit 0 means
"check the corresponding bit value." A wildcard mask bit 1 means "do
not check (ignore) the corresponding bit value." The following is a
partial example: Router(config)# access-list 5 deny 172.16.0.0
0.0.255.255 Router(config)# access-list 5 permit any any
Router(config)# access-list 101 deny udp any any eq 113
Router(config)# access-list 101 deny tcp any any eq finger
Router(config)# access-list 101 deny tcp any any eq 135
Router(config)# access-list 101 deny tcp any any eq 137
Router(config)# access-list 102 deny tcp any any eq finger
Router(config)# access-list 102 deny tcp host 192.168.255.1 host 192.168.255.1
Router(config)# access-list 102 permit ip any any Router(config)#
access-list 103 deny tcp host 192.168.10.1 host 192.168.10.1
Router(config)# access-list 103 permit ip any any Router(config)#
access-list 130 permit tcp host 192.168.10.2 any eq www Router(config)#
access-list 130 permit tcp host 192.168.10.2 any eq ftp
Router(config-if)# interface Ethernet0 Router(config-if)# ip address
192.168.10.1 255.255.255.224 Router(config-if)# ip access-group 5 in
Router(config-if)# ip access-group 101 out Router(config-if)# ip
accounting output-packets Router(config-if)# interface Serial1
Router(config-if)# ip address 192.168.255.1 255.255.255.252
Router(config-if)# ip access-group 102 in Router(config-if)# ip
access-group 130 out Router(config-if)# ip accounting output-packets
45) Monitor and verify selected access list operations on the router. Use
show ip access-list command to display the ip access lists running on the
router. Router#show ip access-lists Extended IP access list
101 permit tcp 192.168.0.0 0.0.0.255 any eq pop3 (493 matches)
permit tcp 192.168.0.0 0.0.0.255 any eq smtp (9 matches) permit tcp
192.168.1.0 0.0.0.255 any eq pop3 permit tcp 192.168.1.0 0.0.0.255 any
eq smtp Extended IP access list 199 permit ip host
192.168.0.127 any (5079 matches) permit ip host 192.168.0.98 any (851
matches) permit ip host 192.168.1.133 any permit ip host
192.168.0.169 any (1757 matches) Use clear access-list counter command to
clear the counters. LAN Switching 46) Describe the advantages of LAN
segmentation. The Ethernet is a shared-medium technology. The increased
utilization causes an increase in network congestion, as more users access the
same network resources. So segmenting the network is a way to divide the network
into smaller segments, it reduces the number of users per segment, thereby
increasing the bandwidth available to each user in the segment; and each segment
is a collision domain, supporting traffic between same segment nodes without
interference from nodes attached to other segments. 47) Describe LAN
segmentation using bridges. A bridge is a data link layer device used to
connect two segments. It is protocol independent and transparent to the end
user. Bridges "learn" which end stations can be reached through which port from
the source address of a packet. If the destination is on the same segment as the
source, the packet is not forwarded. Bridges introduce a latency penalty due to
processing overhead ( 20-30 % in loss of throughput for acknowledgment-oriented
protocols, and 10-20 % for sliding window protocols). Bridges forward multicast
and broadcast packets to other attached segments (these destinations do no
appear in the address tables).48) Describe LAN segmentation using routers.
Routers operate at OSI Layer 3, the network layer. They are used to extend a
network accoss multiple links, finding routes between the source and destination
stations on an internetwork. Routers typically perform functions associated with
bridging, such as making forwarding discions based on table lookup. Unlike a
bridge, the router is known to the stations using it's services, and a
well-defined protocol must be used among the stations and the router.
Router offer the following advantages in a network: Manageability --- There
are explicit protocols operating among routers, giving the network administrator
greater control over path selection, and network routing behavior is more
visible. Functionality --- Routers can implement mechanisms to provide flow
control, error and congestion control, fragmentation and reassemble services,
and explicit packet lifetime control. Multiple active paths --- Network
topologies can offer more than one path between stations. Operating at the
network layer, routers can examine protocl, destination service access point
(DSAP), source service access point (SSAP), and path metric information before
making forwarding or filtering decisions. To provide the advantages,
routers must be more complex and more software intensive than bridges. Routers
provide a lower level of performance in therms of the numbers of frames or
packets that can be processed per unit. Compared with a bridge, routers must
examine the syntax and interpret the semantices of more fields in a packet.
49) Describe LAN segmentation using switches. LAN switches enable
high-speed data exchanges. Cut-through switches forward frames by reading the
destination MAC address and forwarding the frame to the correct outgoing port.
Frames with the source and destination address on the same segment are filtered.
There are three different switching terms: Port configuration switching
--- Allows a port to be assigned to a phsical network segment under software
control. This is a very simplistic form of switching. Frame switching
--- Primarily used to increase available bandwidth on the network. Frame
switching allows multiple transmissions to occur in parallel. Cell
switching (ATM) --- Similar to frame switching. In ATM, small cells of fixed
length are switched on the network. Ethernet switching increases the
available bandwidth of a network creating dedicated network segments and
interconnecting the segments. Each segment can comprise one more nodes. As long
as the total bandwidth of the switch is not exceeded, each dedicated segment
added to the network through the switch increases the aggregate speed of the
network. An Ehternet switch works with existing 802.3-compliant Network
Interface Cards and cabling. The ability to use existing resources provides
increased netowrk performance at lower cost than other alternatives. More
effective utilization of the available medium bandwidth and greater flexibility
in the network infrastructure are additional benefits of switching. 50) Name
and describe two switching methods. There are two primary operational modes
used to handle frame switching: Store and forward --- In the
store-and-forward mode, the complete frame is received by the switch brrrre
forwarding takes place. The desination and source addresses are read, the cyclic
redundancy check (CRC) is checked, relevant filters are applied, and the frame
is forwarded. (If the CRC is bad, the frame is discarded.) Latency through the
switch varies with frame length. Cut-through --- In the cut-through mode,
the switch checks the destination address as soon as the header is received and
immediately begins forwarding the frame. Depending on the network transport
protocol being used (connectionless or connectio-oriented), there is a
significant decreas in latency from input port to output port. The delay in
cut-through switching remains constant regardless of frame size, because this
switching mode rrrrts to forward the frame as soon as the switch reads the
destination address. (In some switches just the destination addresses are read.)
Some switches continue to read the CRC and keep a count of errors. If the error
rate is too high, the switch can be set to use store-and-forward, either
manually or automatically. FragmentFree --- It is a modified form of
cut-through switching in which the switch waits for the collision windows, which
are 64 bytes long, to pass before forwarding. If a packet has an error, it
almost always occurs within the first 64 bytes. FragmentFree mode provides
better error checking than cut-through mode, which practically no increase in
latency. 51) Describe full- and half-duplex Ethernet operation.
Full-duplex --- It significantly improves netowrk performance without the
expense of installing new media. Full-duplex transimission between stations is
achieved by using point-to-point Ethernet and Fast Ethernet connections. This
arrangement is collision-free. Frames sent by the two connected end nodes cannot
collide because they are allowen to transmit simultaneously. Each full-duplex
connection uses only one port. Full-duplex Ethernet technology provides a
transmit circuit connection wired directly to the receiver circuit at the other
eoooo the connection. Because just two stations are connected in this
arrangement, a collision-free environment is created. Full-duplex Ethernet
offers 100 percent efficiency in both directions. Half-duplex --- The
ethernet physical connector provides several circuits. Each circuit is used for
a spcific purpose. The most important of the circuits are receive (RX), transmit
(TX), and collision-detection. When standard half-duplex ethernet is
implemented, the TX circuit is active at the transmitting station. When the
station is not transmitting, it's RX circuit is active (performing a
carrir-sense aspect of CSMA/CD). Logically, these circuits feed into a single
calbe, creating a situation similar to a narror one-way bridge. 52) Describe
network congestion problem in Ethernet networks. Traditional LANs had
limitations that imapcted uses. Virtually anyone who has used a network has had
to contend with other uses. The simultaneous demands on the Ethernet network
cause collisions that result in minor interruption in service for all users on
the segment. Another weakness with shared networking is the effect of broadcasts
on user. Boradcast are used by most networking protocols to provide a mechanism
of providing all interested network devices with information such as where a
specific service is and what route to take to reach that service. But too much
of broadcasts would consume the precious bandwidth. 53) Describe the benefits
of network segmentation with bridges. Segmentation provides fewer users per
segment; Bridges store, then forward all frames; Protocol independent, "plug and
play". 54) Describe the benefits of network segmentation with switches. More
effective utilization of the available medium bandwidth.Greater flexibility in
the network infrastructure. Use of existing hardware, such as NICs and cabling,
lowers cost. Advanced switching features, such as VLANs. Improves performance
without impacting addressing structure within the network.55) Describe the
features and benefits of Fast Ethernet.The IEEE 802.3u 100BaseT Fast Ethernet
standard is based on Ethernet's CSMA/CD protocol but is 10 times faster. Fast
Ethernet is well suited for bursty communication such as client/server
applications, centralized server farms or power workgroups, and backbone
implementations. The benefits of Fast Ethernet are: High performance (10
times that of 10BaseT network). Allows the use of existing cabling and
network equipment, thus reducing the overall cost of implementation and allowing
easy integration into the existing 10BaseT neetworks. Uses the same MAC and
shares common circuitry. Dual speed adapters and switch can be used for easy
migration from 10 Mbps to 100 Mbps Based on the proven CSMA/CD technology which
is well specified and exhaustively tested & verified.56) Describe the
guidelines and distance limitations of Fast Ethernet. 100BaseT networks use
the same time slots that 10BaseT networks do. Time slots require a station to
transmit all its bits before another station can transmit its packet. For
100BaseT networks to transmit in the same time slots, the distance must be
reduced. The timing in FastEthernet is shorter (10% of Ethernet). Max frame size
or "time slot" is 1518 bytes. The physical distance is reduced because both Fast
and regualr Ethernet specifications state that the round trip time must not
exceed 512 bit times. Since FastEthernet transmits faster, a signal of 512 bits
covers a shorter distance. 100BaseTX : uses Cat 5 UTP, RJ-45 connectors, and
has a distance limit of 100 meters. 100BaseFX: uses multimode fiber, SC/ST/MIC
connectors, & has a distance limit of 412 meters (half-duplex) or 2 kilometers
(full-duplex) 100BaseT4: uses 4-pair Cat 3, 4, or 5 UTP, RJ45 connectors, & can
use voice grade wire. Total length of network between end stations for
Ethernet. 1 Class I repeater (UTP Medium) 200 meters (UTP & Fiber) 261 meters
1 Class II repeater (UTP Medium) 200 meters (UTP & Fiber) 308 meters 2 Class II
repeaters (UTP Medium) 205 meters (UTP & Fiber) 216 meters UTP/Fiber
configuration assumes a UTP distance of 105 meters.57) Distinguish between
cut-through and store-and-forward LAN switching. Cut through switching will
forward the packet as soon as the destination MAC is known. Store and forward
will forward after the packet has been received and declared to be valid. Cut
through is faster, but you may pass "bad" packets.58) Describe the operation
of the Spanning Tree Protocol and its benefits. STP is a link management
protocol that provides path redundancy while preventing undesirable loops in the
network. For an Ethernet network to function properly, only one active path must
exist between two stations. STP (IEEE 802.1D bridge protocol) is used on
all Ethernet, Fast Ethernet, Gigabit Ethernet, and Token Ring port-based virtual
LANs (VLANs). A single instance of STP runs on each configured VLAN (provided
you do not manually disable STP). You can enable and disable STP on a per-VLAN
basis. When you create fault-tolerant internetworks, you must have a
loop-free path between all nodes in a network. In STP, an algorithm calculates
the best loop-free path throughout a switched network. Switches send and receive
spanning-tree packets at regular intervals. The switches do not forward the
packets, but use the packets to identify a loop-free path. The default
configuration has STP enabled for all VLANs. Multiple active paths between
stations cause loops in the network. If a loop exists in the network, you might
receive duplicate messages. When loops occur, some switches see stations on both
sides of the switch. This condition confuses the forwarding algorithm and allows
duplicate frames to be forwarded. To provide path redundancy, STP defines a
tree that spans all switches in an extended network. STP forces certain
redundant data paths into a standby (blocked) state. If one network segment in
the STP becomes unreachable, or if STP costs change, the spanning-tree algorithm
reconfigures the spanning-tree topology and reestablishes the link by activating
the standby path. STP operation is transparent to end stations, which do
not detect whether they are connected to a single LAN segment or a switched LAN
of multiple segments. 59) Describe the benefits of virtual LANs. Teeee
able to have different ports on the switch that can be part of different
subnetworks, you need to create virtual LANs within the switch. VLANs are a
logical grouping of network users and resources connected to defined ports on
the switch. A VLAN looks like and is treated like, its own subnet. By using
VLANs, your are no longer confined to physical locations. VLANs can be created
by location, function, department -- even by application or protocol used --
regardless of where the resource or users are located. The benefits of
VLANs are that they: Simplify moves, adds, and changes. Reduce
administrative costs Have better control of broadcasts Tighten
network security Microsegment with scalability Distribute
traffic load Relocate server into secured locations 60) Define and
describe the function of a MAC address. Reference Links: 1) Introduction to
LAN Protocols 2) Bridging Basics 3) Routing Basics 4) LAN Switching 5)
Ethernet Technologies 6) Cisco IOS Switching Services Overview 7) Configuring
Spanning Tree 8) Virtual LANs 9) MAC Addresses �x
�(d&�ӂXyd``YƯx%ګ�yy�mE"�t�͐]��
e�lh,&q� ^%WNu[ldAx%,_o ^}
ƫ��T1yu#<WsT5iT4䕊sp;^
]�:�%j+�W7xvq+��N{b9x�R1�7x5*&j+�W7�^]<pJxj9�f<Px5*ƫiTL^�O7۫-&T.�8핊ɫiJŌ[�Ռ�Waً3I0yb<]*hAu_e0W;}sWc�]#jh<0/P
'T*�(}iiTt
�P��^;yWs�CФ5*`�鼌m>gUV�Η)��JO&�jl胓ɾq8��
qMŇ[D�@^'tJm�?�:?qf,yGѽ�4�sǖ&lDʅ!R�Q)
Vg9AYx�!_y^��|!�LY< yD! a .
he�:I}�80~0�S}[Op$z"YY�q$�
ʽ�oD��$Md�U�ű/��Nd{sП0*Ήg$�j� тR;i\jO
(&�o&�0b;$/;bKtR tsE<Os4�h
+͑o�8W(&yfq&&ߙ![##�bt t�et0R