MCIT1006694790 Cisco Static Routes FAQ

Static routes while manually intensive to keep up, are a very quick and effective way to route data from one subnet to different subnet. Lets start with the basics. What is a static route? - a static route is a hard coded path in the router that specifies how the router will get to a certain subnet by using a certain path. What do you mean by "hard coded"? - you or someone has typed in the network ID and the next hop to get to the network specified How do I add a static route into my Cisco router? - Pretty simple router# config t ; get into the configuration mode router(config)# ip route A.B.C.D (destination network/host) A.B.C.D (mask) A.B.C.D (next hop); this is a simple static route Are there any other ways to name the next hop except by using an IP address? - Yes, you can use the port name i.e. ethernet0, E0, S0 and so on What is "distance metric" that I can add at the end of the command? - all routes have a value that allows the router to give a priority to which type of routing is used first. In static routes, the value is 1 which means no matter what other protocol you may have running like OSPF or RIP, the static route will always be used first. This can be changed to special needs. for example, if you have a frame link with ISDN back up, you can static routes for the frame and a second set of the same static routes but with a distance matric of 255. This means while the frame is up, it goes first but when the frame goes down, the router will try to use the 2nd static which is normally ignored due to the 255 value. Why do I want to use static routes when there are neat routing protocols like OSPF? - static routes are easy, no overhead either on the link or the the CPU of the router. They also offer good security when coupled with a tight IP mask like 252 which gives only 2 hosts on a given link If static routes are so easy, why not use them all the time? - Static routes while easy can be overwhelming in a large or complicated network. Each time there is a change, someone must manually make changes to reflect the change. If a link goes down, even if there is a second path, the router would ignore it and consider the link down.

One of the most common uses of a static map is the default classless route
- ip classless - ip route 0.0.0.0 0.0.0.0 [next hop] This static map says that everything is remote and should be forwarded to the next hop( or supernet) which will take care fo the routing. Dial on demand is also a big user of static routes. Many times with dial up or ISDN, you do not have the bandwidth or you do not want to pay the connection fees for routing updates so you use static routes. Static routes allow you to set up load balancing after a fashion. Keep in mind that the IOS load balances across routes first and not interfaces. The easiest way to configure multiple routes on the same interface is to use the secondary IP command

Router 1 ! interface serial 0 ip address 192.0.0.1 255.255.255.0

ip address 192.0.0.2 255.255.255.0 secondary ! second route on same interface interface serial 1 ip address 192.1.0.1 255.255.255.0 ip address 192.1.0.2 255.255.255.0 secondary ip route 200.2.0.0 255.255.255.0 196.0.0.4; goes to serial 0 ip route 200.2.0.0 255.255.255.0 196.0.0.5; goes to serial 0 ip route 200.2.0.0 255.255.255.0 196.1.0.4; goes to serial 1 Router 2 ! interface ethernet 0 ip address 200.2.0.1 255.255.255.0 ! interface serial 0 ip address 196.0.0.4 255.255.255.0 ip address 196.0.0.5 255.255.255.0 secondary ! interface serial 1 ip address 196.1.0.4 255.255.255.0 ip address 196.1.0.5 255.255.255.0 secondary

The traffic would go out router 1 across the two IPs on serial 0 first then across 1 IP on serial 1 This gives you unequal load balancing.

: How to configure static routes on Cisco routers?

You can configure two types of routing on the router- static and dynamic to send the traffic to destination. Static route tell the network devices about exact location (hard-coded destination). Static routers can work well with small network but in large scale network dynamic routing is the best choice. Configure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.

From the global configuration mod e, configure the hostname then configure the console and enable passwords on each router.

To configure static routes, first enter global configuration mode to run the following commands.

Configure the Static Routes on Router A.

First run the command show ip route to view the IP routing table for router A before defining static routes

RouterA#configure terminal

(enter in global configuration mode)

RouterA(config)#ip route 15.0.0.0 255.0.0.0 10.1.1.2

(define static routing on Router A)

RouterA(config)#ip route 193.168.2.0 255.255.255.0 10.1.1.2

(define static routing on Router A)

RouterA(config)#ip route 193.168.3.0 255.255.255.0 20.1.1.2

(define static routing on Router A)

RouterA(config)#exit

RouterA#

Now run the command show ip route on router A to view the IP routing table (directly connected + static routes) detail. Configure the Static Routes on Router B.

First run the command show ip route to view the IP routing table for router B before defining static routes

RouterB#configure terminal

(enter in global configuration mode)

RouterB(config)#ip route 20.0.0.0 255.0.0.0 10.1.1.1

(define static routing on Router B)

RouterB(config)#ip route 193.168.1.0 255.255.255.0 10.1.1.1

(define static routing on Router B)

RouterB(config)#ip route 193.168.3.0 255.255.255.0 15.1.1.2

(define static routing on Router B)

RouterB(config)#exit

RouterB#

Now run the command show ip route on router B to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router C.

First run the command show ip route to view the IP routing table for router C before defining static routes

RouterC#configure terminal

(enter in global configuration mode)

RouterC(config)#ip route 10.0.0.0 255.0.0.0 15.1.1.1

(define static routing on Router C)

RouterC(config)#ip route 193.168.2.0 255.255.255.0 15.1.1.1

(define static routing on Router C)

RouterC(config)#ip route 193.168.1.0 255.255.255.0 20.1.1.2

(define static routing on Router C)

RouterC(config)#exit

RouterC#

Now run the command show ip route on router C to view the IP routing table (directly connected + static routes) detail. Configure the Static Routes on Router B.

First run the command show ip route to view the IP routing table for router B before defining static routes

RouterB#configure terminal

(enter in global configuration mode)

RouterB(config)#ip route 20.0.0.0 255.0.0.0 10.1.1.1

(define static routing on Router B)

RouterB(config)#ip route 193.168.1.0 255.255.255.0 10.1.1.1

(define static routing on Router B)

RouterB(config)#ip route 193.168.3.0 255.255.255.0 15.1.1.2

(define static routing on Router B)

RouterB(config)#exit

RouterB#

Now run the command show ip route on router B to view the IP routing table (directly connected + static routes) detail.

Configure the Static Routes on Router C.

First run the command show ip route to view the IP routing table for router C before defining static routes

RouterC#configure terminal

(enter in global configuration mode)

RouterC(config)#ip route 10.0.0.0 255.0.0.0 15.1.1.1

(define static routing on Router C)

RouterC(config)#ip route 193.168.2.0 255.255.255.0 15.1.1.1

(define static routing on Router C)

RouterC(config)#ip route 193.168.1.0 255.255.255.0 20.1.1.2

(define static routing on Router C)

RouterC(config)#exit

RouterC#

Now run the command show ip route on router C to view the IP routing table (directly connected + static routes) detail.

Spanning-Tree Protocol (STP) prevents loops from being formed when switches or bridges are interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE algorithm by exchanging BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is one and only one active path between two network devices. (Spanning Tree Algorithm is used to calculate a loop-free path. All switch ports are in blocking mode to begin with. It takes approx 30 seconds until packets can be forwarded.

Step 1 : Elect Root Bridge - Lowest bridge priority, if there is a tie then switch with lowest bridge ID Step 2 : Elect Root Ports - Locate redundant paths to root bridge; block all but on root. Root Path Cost is cumulative cost of path to root bridge. Ports directly connected to Root Bridge will be root ports, otherwise lowest root path cost used. Step 3 : Elect Designated Ports - Single port that sends and receives traffic from a switch to and from Root Bridge - Lowest cost path to Root Bridge. Spanning Tree Overview There can only be one Root Bridge. Root-Bridge ports are called 'Designated' and are set to send and receive traffic (forwarding state). All other redundant links to the root bridge are shutdown. Blocked ports still receive BPDUs. Convergence occurs when switches have transitioned to either forwarding or blocking states. No other data is forwarded during this time. Forward delay - Time taken for a switch to go from Listening to Learning (50 seconds default). IEEE default priority = 32,768, this is true for all devices running STP IEEE version. Port Fast Mode - Immediately brings a port from blocking to forwarding state by eliminating forward delays. Bridges can only have one spanning tree instance compared to switches which can have many. Bridge Protocol Data Units send confirmation messages using multicast frames.)

Introduction
Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network.

Prerequisites
Requirements
There are no specific requirements for this document.

Components Used

Although this document uses Cisco Catalyst 5500/5000 Switches, the spanning tree principles that the document presents are applicable to almost all devices that support STP. For the examples, this document used: A console cable that is suitable for the Supervisor Engine in the switch Six Catalyst 5509 Switches The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Theory
The configurations in this document apply to Catalyst 2926G, 2948G, 2980G, 4500/4000, 5500/5000, and 6500/6000 Switches that run Catalyst OS (CatOS). Refer to these documents for information on the configuration of STP on other switch platforms: Configuring STP and IEEE 802.1s MST (Catalyst 6500/6000 Switches that run Cisco IOS Software) Understanding and Configuring STP (Catalyst 4500/4000 Switches that run Cisco IOS Software) Configuring STP section of Configuring the System (Catalyst 2900XL/3500XL Switches) Configuring STP (Catalyst 3550 Switches) Configuring STP (Catalyst 2950 Switches)

Network Diagram
This document uses this network setup:

Concepts
STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP, but 802.1D is the most popular and widely implemented. You implement STP on bridges and switches in order to prevent loops in the network. Use STP in situations where you want redundant links, but not loops. Redundant links are as important as backups in the case of a failover in a network. A failure of your primary activates the backup links so that users can continue to use the network. Without STP on the bridges and switches, such a failure can result in a loop. If two connected switches run different flavors of STP, they require different timings to converge. When different flavors are used in the switches, it creates timing issues between Blocking and Forwarding states. Therefore, it is recommended to use the same flavors of STP. Consider this network:

In this network, a redundant link is planned between Switch A and Switch B. However, this setup creates the possibility of a bridging loop. For example, a broadcast or multicast packet that transmits from Station M and is destined for Station N simply continues to circulate between both switches. However, when STP runs on both switches, the network logically looks like this:

This information applies to the scenario in the Network Diagram: Switch 15 is the backbone switch. Switches 12, 13, 14, 16, and 17 are switches that attach to workstations and PCs. The network defines these VLANs: 1 200 201 202 203 204 The VLAN Trunk Protocol (VTP) domain name is STD-Doc.

In order to provide this desired path redundancy, as well as to avoid a loop condition, STP defines a tree that spans all the switches in an extended network. STP forces certain redundant data paths into a standby (blocked) state and leaves other paths in a forwarding state. If a link in the forwarding state becomes unavailable, STP reconfigures the network and reroutes data paths through the activation of the appropriate standby path.

Description of the Technology

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. A switched environment, which is different from a bridge environment, most likely deals with multiple VLANs. When you implement a root bridge in a switching network, you usually refer to the root bridge as the root switch. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches. Note: The selection of the root switch for a particular VLAN is very important. You can choose the root switch, or you can let the switches decide, which is risky. If you do not control the root selection process, there can be suboptimal paths in your network. All the switches exchange information for use in the root switch selection and for subsequent configuration of the network. Bridge protocol data units (BPDUs) carry this information. Each switch compares the parameters in the BPDU that the switch sends to a neighbor with the parameters in the BPDU that the switch receives from the neighbor. In the STP root selection process, less is better. If Switch A advertises a root ID that is a lower number than the root ID that Switch B advertises, the information from Switch A is better. Switch B stops the advertisement of its root ID, and accepts the root ID of Switch A. Refer to Configuring Optional STP Features for more information about some of the optional STP features, such as: PortFast Root guard Loop guard BPDU guard

STP Operation
Task
Prerequisites Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch, but choose the most centralized switch on the network. All data flow across the network is from the perspective of this switch. Also, choose the least disturbed switch in the network. The backbone switches often serve as the spanning tree root because these switches typically do not connect to end stations. Also, moves and changes within the network are less likely to affect these switches. After you decide on the root switch, set the appropriate variables to designate the switch as the root switch. The only variable that you must set is thebridge priority. If the switch has a bridge priority that is lower than all the other switches, the other switches automatically select the switch as the root switch. Clients (end stations) on Switch Ports You can also issue the set spantree portfast command, on a per-port basis. When you enable the portfast variable on a port, the port immediately switches from blocking mode to forwarding mode. Enablement of portfast helps to prevent timeouts on clients who use Novell Netware or use DHCP in order to obtain an IP address. However, do not use this command when you have switch-to-switch connection. In this case, the command can result in a loop. The 30- to 60second delay that occurs during the transition from blocking to forwarding mode prevents a temporal loop condition in the network when you connect two switches.

Leave most other STP variables at their default values. Rules of Operation This section lists rules for how STP works. When the switches first come up, they start the root switch selection process. Each switch transmits a BPDU to the directly connected switch on a per-VLAN basis. As the BPDU goes out through the network, each switch compares the BPDU that the switch sends to the BPDU that the switch receives from the neighbors. The switches then agree on which switch is the root switch. The switch with the lowest bridge ID in the network wins this election process. Note: Remember that one root switch is identified per-VLAN. After the root switch identification, the switches adhere to these rules: STP Rule 1All ports of the root switch must be in forwarding mode. Note: In some corner cases, which involve self-looped ports, there is an exception to this rule. Next, each switch determines the best path to get to the root. The switches determine this path by a comparison of the information in all the BPDUs that the switches receive on all ports. The switch uses the port with the least amount of information in the BPDU in order to get to the root switch; the port with the least amount of information in the BPDU is the root port. After a switch determines the root port, the switch proceeds to rule 2. STP Rule 2The root port must be set to forwarding mode. In addition, the switches on each LAN segment communicate with each other to determine which switch is best to use in order to move data from that segment to the root bridge. This switch is called the designated switch. STP Rule 3In a single LAN segment, the port of the designated switch that connects to that LAN segment must be placed in forwarding mode. STP Rule 4All the other ports in all the switches (VLAN-specific) must be placed in blocking mode. The rule only applies to ports that connect to other bridges or switches. STP does not affect ports that connect to workstations or PCs. These ports remain forwarded. Note: The addition or removal of VLANs when STP runs in per-VLAN spanning tree (PVST / PVST+) mode triggers spanning tree recalculation for that VLAN instance and the traffic is disrupted only for that VLAN. The other VLAN parts of a trunk link can forward traffic normally. The addition or removal of VLANs for a Multiple Spanning Tree (MST) instance that exists triggers spanning tree recalculation for that instance and traffic is disrupted for all the VLAN parts of that MST instance. Note: By default, spanning tree runs on every port. The spanning tree feature cannot be turned off in switches on a perport basis. Although it is not recommended, you can turn off STP on a per-VLAN basis, or globally on the switch. Extreme care should be taken whenever you disable spanning tree because this creates Layer 2 loops within the network.

Step-by-Step Instructions
Complete these steps: Issue the show version command in order to display the software version that the switch runs. Note: All switches run the same software version.

Switch-15> (enable)show version WS-C5505 Software, Version McpSW: 4.2(1) NmpSW: 4.2(1) Copyright (c) 1995-1998 by Cisco Systems NMP S/W compiled on Sep 8 1998, 10:30:21

MCP S/W compiled on Sep 08 1998, 10:26:29

System Bootstrap Version: 5.1(2)

Hardware Version: 1.0

Model: WS-C5505

Serial #: 066509927

Mod Port Model

Serial #

Versions

--- ---- ---------- --------- ---------------------------------------1 0 WS-X5530 008676033 Hw : 2.3

Fw : 5.1(2) Fw1: 4.4(1) Sw : 4.2(1)

In this scenario, Switch 15 is the best choice for the root switch of the network for all the VLANs because Switch 15 is the backbone switch. Issue the set spantree root vlan_id command in order to set the priority of the switch to 8192 for the VLAN or VLANs that the vlan_id specifies. Note: The default priority for switches is 32768. When you set the priority with this command, you force the selection of Switch 15 as the root switch because Switch 15 has the lowest priority.

Switch-15> (enable)set spantree root 1 VLAN 1 bridge priority set to 8192. VLAN 1 bridge max aging time set to 20. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 15. Switch is now the root switch for active VLAN 1. Switch-15> (enable)

Switch-15> (enable)set spantree root 200 VLAN 200 bridge priority set to 8192. VLAN 200 bridge max aging time set to 20. VLAN 200 bridge hello time set to 2.

VLAN 200 bridge forward delay set to 15. Switch is now the root switch for active VLAN 200. Switch-15> (enable)

Switch-15> (enable)set spantree root 201 VLAN 201 bridge priority set to 8192. VLAN 201 bridge max aging time set to 20. VLAN 201 bridge hello time set to 2. VLAN 201 bridge forward delay set to 15. Switch is now the root switch for active VLAN 201. Switch-15> (enable)

Switch-15> (enable)set spantree root 202 VLAN 202 bridge priority set to 8192. VLAN 202 bridge max aging time set to 20. VLAN 202 bridge hello time set to 2. VLAN 202 bridge forward delay set to 15. Switch is now the root switch for active VLAN 202. Switch-15>

Switch-15> (enable)set spantree root 203 VLAN 203 bridge priority set to 8192. VLAN 203 bridge max aging time set to 20. VLAN 203 bridge hello time set to 2. VLAN 203 bridge forward delay set to 15. Switch is now the root switch for active VLAN 203. Switch-15>

Switch-15> (enable)set spantree root 204 VLAN 204 bridge priority set to 8192. VLAN 204 bridge max aging time set to 20. VLAN 204 bridge hello time set to 2. VLAN 204 bridge forward delay set to 15. Switch is now the root switch for active VLAN 204. Switch-15> (enable)
The shorter version of the command has the same effect, as this example shows:

Switch-15> (enable)set spantree root 1,200-204 VLANs 1,200-204 bridge priority set to 8189. VLANs 1,200-204 bridge max aging time set to 20. VLANs 1,200-204 bridge hello time set to 2. VLANs 1,200-204 bridge forward delay set to 15. Switch is now the root switch for active VLANs 1,200-204. Switch-15> (enable)
The set spantree priority command provides a third method to specify the root switch:

Switch-15> (enable)set spantree priority 8192 1 Spantree 1 bridge priority set to 8192. Switch-15> (enable)
Note: In this scenario, all the switches started with cleared configurations. Therefore, all the switches started with a bridge priority of 32768. If you are not certain that all the switches in your network have a priority that is greater than 8192, set the priority of your desired root bridge to 1. Issue the set spantree portfast mod_num/port_num enable command in order to configure the PortFast setting on Switches 12, 13, 14, 16, and 17. Note: Only configure this setting on ports that connect to workstations or PCs. Do not enable PortFast on any port that connects to another switch. This example only configures Switch 12. You can configure other switches in the same way. Switch 12 has these port connections: Port 2/1 connects to Switch 13. Port 2/2 connects to Switch 15. Port 2/3 connects to Switch 16. Ports 3/1 through 3/24 connect to PCs.

Ports 4/1 through 4/24 connect to UNIX workstations. With this information as a basis, issue the set spantree portfast command on ports 3/1 through 3/24 and on ports 4/1 through 4/24:

Switch-12> (enable)set spantree portfast 3/1-24 enable

Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to Use with caution.

a fast start port can cause temporary spanning-tree loops.

Spantree ports 3/1-24 fast start enabled. Switch-12> (enable)

Switch-12> (enable)set spantree portfast 4/1-24 enable

Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to Use with caution.

a fast start port can cause temporary spanning-tree loops.

Spantree ports 4/1-24 fast start enabled. Switch-12> (enable)

Issue the show spantree vlan_id command in order to verify that Switch 15 is the root of all the appropriate VLANs. From the output from this command, compare the MAC address of the switch that is the root switch to the MAC address of the switch from which you issued the command. If the addresses match, the switch that you are in is the root switch of the VLAN. A root port that is 1/0 also indicates that you are at the root switch. This is the sample command output:

Switch-15> (enable)show spantree 1 VLAN 1 spanning-tree enabled spanning-tree type ieee

Designated Root

00-10-0d-b1-78-00

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority Designated Root Cost Designated Root Port Root Max Age 20 sec Hello Time 2 sec

8192 0 1/0 Forward Delay 15 sec

Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age 20 sec Hello Time 2

00-10-0d-b1-78-00 8192 sec Forward Delay 15 sec

This output shows that Switch 15 is the designated root on the spanning tree for VLAN 1. The MAC address of the designated root switch, 00-10-0d-b1-78-00, is the same as the bridge ID MAC address of Switch 15, 00-10-0d-b178-00. Another indicator that this switch is the designated root is that the designated root port is 1/0. In this output from Switch 12, the switch recognizes Switch 15 as the Designated Root for VLAN 1:

Switch-12> (enable)show spantree 1 VLAN 1 spanning-tree enabled spanning-tree type IEEEDesignated Root 00-10-0d-b1-78-00

!--- This is the MAC address of the root switch for VLAN 1.

Designated Root Priority Designated Root Cost Designated Root Port Root Max Age 20 sec Hello Time 2 sec

8192 19 2/3 Forward Delay 15 sec

Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age 20 sec Hello Time 2

00-10-0d-b2-8c-00 32768 sec Forward Delay 15 sec

Note: The output of the show spantree vlan_id command for the other switches and VLANs can also indicate that Switch 15 is the designated root for all VLANs.

Verify
This section provides information you can use to confirm that your configuration works properly. The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output. show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command. show spantree summaryProvides a summary of connected spanning tree ports by VLAN.

Troubleshoot
This section provides information you can use to troubleshoot your configuration.

STP Path Cost Automatically Changes When a Port Speed/Duplex Is Changed

STP calculates the path cost based on the media speed (bandwidth) of the links between switches and the port cost of each port forwarding frame. Spanning tree selects the root port based on the path cost. The port with the lowest path cost to the root bridge becomes the root port. The root port is always in the forwarding state. If the speed/duplex of the port is changed, spanning tree recalculates the path cost automatically. A change in the path cost can change the spanning tree topology. Refer to the Calculating and Assigning Port Costs section of Configuring Spanning Tree for more information on how to calculate the port cost.

Troubleshoot Commands
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output. Note: Refer to Important Information on Debug Commands before you use debug commands. show spantree vlan_id Shows the current state of the spanning tree for this VLAN ID, from the perspective of the switch on which you issue the command. show spantree summaryProvides a summary of connected spanning tree ports by VLAN. show spantree statisticsShows spanning tree statistical information. show spantree backbonefastDisplays whether the spanning tree BackboneFast Convergence feature is enabled. show spantree blockedportsDisplays only the blocked ports. show spantree portstateDetermines the current spanning tree state of a Token Ring port within a spanning tree. show spantree portvlancostShows the path cost for the VLANs on a port. show spantree uplinkfastShows the UplinkFast settings.

Command Summary Syntax: show version

As used in this document: Syntax: As used in this document: Syntax: As used in this document:

show version

set spantree root [vlan_id] set spantree root 1 set spantree root 1,200-204 set spantree priority [vlan_id]

set spantree priority 8192 1

Syntax:

set spantree portfast mod_num/port_num {enable | disable}

As used in this document: Syntax: As used in this document:

set spantree portfast 3/1-24 enable

show spantree [vlan_id]

show spantree 1

Introduction to Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is a routing protocol which was first defined as version 2 in RFC 2328. It is used to allow routers to dynamically learn routes from other routers and to advertise routes to

other routers. Advertisements containingroutes are referred to as Link State Advertisements (LSAs) in OSPF. OSPF router keeps track of the state of all the various network connections (links) between itself and anetwork it is trying to send data to. This makes it a link-state routing protocol. OSPF supports the use of classless IP address ranges and is very efficient. OSPF uses areas to organize a network into a hierarchal structure; it summarizes route information to reduce the number of advertised routes and thereby reduce network load and uses a designated router (elected via a process that is part of OSPF) to reduce the quantity and frequency of Link State Advertisements. OSPF does require the router have a more powerful processor and more memory than other routing protocols. OSPF selects the best routes by finding the lowest cost paths to a destination. All router interfaces (links) are given a cost. The cost of a route is equal to the sum of all the costs configured on all the outbound links between the router and the destination network, plus the cost configured on the inteface that OSPF received the Link State Advertisement on. This tutorial will focus on explaining the basic components of OSPF, the operation of OSPF, basic configuration of OSPF and finally close with troubleshooting techniques used to verify correct OSPF configuration and operation.

OSPF Router Types

In this tutorial, when speaking of an OSPF router, we are speaking of the OSPF routing process running on a given routing device. OSPF routers serve in various roles depending upon where they are located and which areas they participate in. Internal Routers An internal router connects only to one OSPF area. All of its interfaces connect to the area in which it is located and does not connect to any other area. If a router connects to more than one area, it will be one of the following types of routers. Backbone Routers Backbone routers have one or more interfaces in Area 0 (the backbone area). Area Border Router (ABR) A router that connects more than one area is called an area border router or ABR. Usually an ABR is used to connect non-backbone areas to the backbone. If OSPF virtual links are used an ABR will also be used to connect the area using the virtual link to another non-backbone area. Autonomous System Boundary Router (ASBR) If the router connects the OSPF Autonomous System to another Autonomous System, it is called an Autonomous System Boundary Router (ASBR). OSPF elects two or more routers to manage the Link State Advertisments: Designated Router (DR) Every OSPF area will have a designated router and a backup designated router. The Designated Router (DR) is the router to which all other routers within an area send their Link State Advertisements. The Designated Router will keep track of all link state updates and make sure the LSAs are flooded to the rest of the network using Reliable Multicast transport. Backup Designated Router (BDR)

The election process which determines the Designated Router will also elect a Backup Designated Router (BDR). The BDR takes over from the DR when the DR fails.

OSPF Areas
OSPF areas are used to impose a hierarchial structure to the flow of data over the network. A network using OSPF will always have at least one area and if there is more than one area, one of the two areas must be the backbone area. Areas are used to group routers into manageable groups that exchange routing information locally, but summarize that routing information when advertising the routes externally. A standard OSPF network looks something like a big bubble (the backbone area) with a lot of smaller bubbles (stub areas) attached directly to it. Area Border Routers (ABR) are used to connect the areas. Each area will elect a designated router (DR) and a backup designated router (BDR) to assist in flooding Link State Advertisements (LSAs)throughout the area.

Backbone (Area 0)
The backbone is the first area you should always build in any network using OSPF and the backbone is always Area 0 (zero). All areas are connected directly to the OSPF backbone area. When designing an OSPF backbone area, you should make sure there is little or no possibility of the backbone area being split into two or more parts by a router or link failure. If the OSPF backbone is split due to hardware failures or access lists, sizeable areas of the network will become unreachable.

Totally Stub Area

A totally stubby area is only connected to the backbone area. A totally stubby / totally stub area does not advertise the routes it knows. It does not send any Link State Advertisements. The only route a totally stub area receives is the default route from an external area, which must be the backbone area. This default route allows the totally stub area to communicate with the rest of the network.

Stub Area
Stub areas are connected only to the backbone area. Stub areas do not receive routes from outside the autonomous system, but do receive the routes from within the autonomous system, even if the route comes from another area.

Not-So-Stubby (NSSA)
Frequently, it is advisable to use a separate network to connect the internal enterprise network to the Internet. OSPF makes provisions for placing an Autonomous System Boundary Router (ASBR) within a non-backbone area. In this case, the stub area must learn routes from outside the OSPF autonomous system. Thus, a new type of LSA was required--the Type 7 LSA. Type 7 LSA's are created by the Autonomous System Boundary Router and forwarded via the stub area's border router (ABR) to the backbone. This allows the other areas to learn routes that are external to the OSPF routing domain.

Virtual Links
Virtual links are used when you have a network that must be connected to an existing OSPF system, but cannot be physically connected directly to the routers in the OSPF backbone area. You can configure an OSPF virtual link from the area to a backbone router, creating a virtual direct connection to the backbone area. This virtual link acts as a tunnel which forwards LSAs to the backbone via a second intermediate area.

Operation
STILL UNDER DEVELOPMENT

OSPF Startup and Operation

STILL UNDER DEVELOPMENT

Neighbor Discovery
STILL UNDER DEVELOPMENT Forming Adjacencies Link State Advertisements (LSAs) LSA Types (by type code) 1 - Router LSA 2 - Network LSA 3 - Network summary LSA 4 - ASBR Summary LSA 5 - AS External LSA 6 - Group Membership LSA 7 - NSSA External LSA 8 - External Attributes LSA 9 - Opaque LSA (link-local scope) 10 - Opaque LSA (area-local scope) 11 - Opaque LSA (AS scope) Flooding Reliable Transport Shortest Path First Calculations Configuration Troubleshooting

OSPF Components
Areas Routers Link State Advertisements Processes

OSPF Areas

OSPF organizes a network into areas. An area is a set of routers that will share routing information about one or more networks. Routers are used by OSPF to maintain routing informatioin within an area and to send Link State Advertisements to other areas.

Backbone Area (Area 0)

The first area that will always exist in any network using OSPF for routing is Area 0 (zero). Area 0 is always the backbone area. All other areas are connected to the backbone either directly, or using virtual links that 'tunnel' through other areas. Because areas must be directly connected to the backbone, you cannot chain areas together. All routing information beetween areas is sent through the backbone area (Area 0). Each area is designated by an area number. All other areas are described as having 'stubbiness': Not So Stubby Area Stubby Area Totally Stubby Area (Cisco proprietary)

Access Control Lists (ACLs)

Access Control List (ACL) are filters that enable you to control which routing updates or packets are permitted or denied in or out of a network. They are specifically used by network administrators to filter traffic and to provide extra security for their networks. This can be applied on routers (Cisco). ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple as permitting or denying network hosts or addresses. You can configure ACLs for all routed network protocols. The most important reason to configure ACLs is to provide security for your network. However, ACLs can also be configured to control network traffic based on the TCP port being used.

How ACLs work

A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs. To simplify how ACL or a router uses packet filtering work, imagine a guard stationed at a locked door. The guard's instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.

When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.

Why use ACLs

* Limits network traffic to increase network performance.

* ACLs provides traffic flow control by restricting the delivery of routing updates. * It can be used as additional security. * Controls which type of traffic are forwarded or blocked by the router. * Ability to control which areas a client access.

Types of Access Control Lists

Standard access-list Standard access lists create filters based on source addresses and are used for server based filtering. Address based access lists distinguish routes on a network you want to control by using network address number (IP). Address-based access lists consist of a list of addresses or address ranges and a statement as to whether access to or from that address is permitted or denied.

Example of the command syntax for configuring a standard numbered IP ACL: R1(config)# access-list {1-99} {permit | deny} source-addr [source-wildcard]

i. ii.

The first value {1-99} specifies the standard ACL number range.

The second value specifies whether to permit or deny the configured source IP address traffic. iii. The third value is the source IP address that must be matched.

iv.

The fourth value is the wildcard mask to be applied to the previously configured IP address to indicate the range.

Extended access lists Extended access lists create filters based on source addresses, destination addresses, protocol, port number and other features and are used for packet based filtering for packets that traverse the network. Example of the command syntax for configuring an extended numbered IP ACL:
Router(config)# access-list {100-199} {permit | deny} protocol source-addr [source-wildcard] [operator operand] destination-addr [destination-wildcard] [operator operand] [established]

i. Like the standard ACLs, the first value {100-199 or 2000 - 2699} specifies the ACL number range. ii. The next value specifies whether to permit or deny according to the criteria that follows. iii. The third value specifies protocol type ( IP, TCP, UDP, or other specific IP sub-protocols). The source IP address and wildcard mask determine traffic source. The destination IP address and its wildcard mask are used to indicate the final destination of the network traffic. When the destination IP address and mask are configured, the port number must be specified to match, either by number or by a well-known port name, otherwise all traffic to that destination will be dropped.

Standard and Extended access lists can be applied base on the use of ip access-list command. Access lists use the deny or permit statement to define which packet is allowed or denied entry into a server or network.

Masks
Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255 and have the large values on the left side, for example, IP address 172.16.2.14 with a 255.255.255.0 mask. Masks for IP ACLs are the reverse, for example, mask 0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask is a "no". Note these ACL equivalents. The source/source-wildcard of 0.0.0.0/255.255.255.255 means "any". The source/wildcard of 10.1.1.2/0.0.0.0 is the same as "host 10.1.1.2". If you subtract 255.255.255.0 (normal mask) from 255.255.255.255, it yields 0.0.0.255. Read about Wildcards The command below defines an ACL that permits this network 192.168.1.0 0.0.0.255. access-list acl_permit permit ip 192.168.1.0 0.0.0.255 Inbound traffic to the router is compared to access lists entries based on the order that the entries occur in the router. The router looks through the entries until it has a match. If the router found no match when it reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. Single-entry access lists with only one deny entry has the effect of denying all traffic. You must have at least one permit statement in an ACL or all traffic is blocked. Access lists implicitly deny all access that is not expressly permitted. The following line is auto-appended to all access-lists: deny ip any any If it is desirable to over-ride this implicit denial statement, enter a permit ip any any statement as the last entry in the access-list.

Ip Addresing and Subnetting

AddressThe unique number ID assigned to one host or interface in a network.

SubnetA portion of a network sharing a particular subnet address. Subnet maskA 32-bit combination used to describe which portion of an address refers to the subnet and which part refers to the host. InterfaceA network connection. If you have already received your legitimate address(es) from the Internet Network Information Center (InterNIC), you are ready to begin. If you do not plan to connect to the Internet, Cisco strongly suggests that you use reserved addresses from RFC

1918

Conventions
Refer to Cisco

Technical Tips Conventions for more information on document conventions.

Understanding IP Addresses
An IP address is an address used in order to uniquely identify a device on an IP network. The address is made up of 32 binary bits, which can be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is said to be expressed in dotted decimal format (for example, 172.16.81.100). The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary. Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 21. This continues until the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255 as shown here:

1 1 1 11111 128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.

0 1000001 0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)
And this is sample shows an IP address represented in both binary and decimal.

10.

1.

23.

19 (decimal)

00001010.00000001.00010111.00010011 (binary)
These octets are broken down to provide an addressing scheme that can accommodate large and small networks. There are five different classes of networks, A to E. This document focuses on addressing classes A to C, since classes D and E are reserved and discussion of them is beyond the scope of this document. Note: Also note that the terms "Class A, Class B" and so on are used in this document to help facilitate the understanding of IP addressing and subnetting. These terms are rarely used in the industry anymore because of the introduction of classless

interdomain routing (CIDR).

Given an IP address, its class can be determined from the three high-order bits. Figure 1 shows the significance in the three high order bits and the range of addresses that fall into each class. For informational purposes, Class D and Class E addresses are also shown. Figure 1

In a Class A address, the first octet is the network portion, so the Class A example in Figure 1 has a major network address of 1.0.0.0 - 127.255.255.255. Octets 2, 3, and 4 (the next 24 bits) are for the network manager to divide into subnets and hosts as he/she sees fit. Class A addresses are used for networks that have more than 65,536 hosts (actually, up to 16777214 hosts!). In a Class B address, the first two octets are the network portion, so the Class B example in Figure 1 has a major network address of 128.0.0.0 - 191.255.255.255. Octets 3 and 4 (16 bits) are for local subnets and hosts. Class B addresses are used for networks that have between 256 and 65534 hosts. In a Class C address, the first three octets are the network portion. The Class C example in Figure 1 has a major network address of 192.0.0.0 - 233.255.255.255. Octet 4 (8 bits) is for local subnets and hosts - perfect for networks with less than 254 hosts.

Network Masks
A network mask helps you know which portion of the address identifies the network and which portion of the address identifies the node. Class A, B, and C networks have default masks, also known as natural masks, as shown here:

Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0

An IP address on a Class A network that has not been subnetted would have an address/mask pair similar to: 8.20.15.1 255.0.0.0. To see how the mask helps you identify the network and node parts of the address, convert the address and mask to binary numbers.

8.20.15.1 = 00001000.00010100.00001111.00000001 255.0.0.0 = 11111111.00000000.00000000.00000000

Once you have the address and the mask represented in binary, then identifying the network and host ID is easier. Any address bits which have corresponding mask bits set to 1 represent the network ID. Any address bits that have corresponding mask bits set to 0 represent the node ID.

8.20.15.1 = 00001000.00010100.00001111.00000001 255.0.0.0 = 11111111.00000000.00000000.00000000 ----------------------------------net id | host id

netid = 00001000 = 8 hostid = 00010100.00001111.00000001 = 20.15.1

Understanding Subnetting
Subnetting allows you to create multiple logical networks that exist within a single Class A, B, or C network. If you do not subnet, you are only able to use one network from your Class A, B, or C network, which is unrealistic. Each data link on a network must have a unique network ID, with every node on that link being a member of the same network. If you break a major network (Class A, B, or C) into smaller subnetworks, it allows you to create a network of interconnecting subnetworks. Each data link on this network would then have a unique network/subnetwork ID. Any device, or gateway, connecting n networks/subnetworks has n distinct IP addresses, one for each network / subnetwork that it interconnects. In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of the address to create a subnetwork ID. For example, given a Class C network of 204.17.5.0 which has a natural mask of 255.255.255.0, you can create subnets in this manner:

204.17.5.0 -

11001100.00010001.00000101.00000000

255.255.255.224 - 11111111.11111111.11111111.11100000 --------------------------|sub|---By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub") from the original host portion of the address and used them to make subnets. With these three bits, it is possible to create eight subnets. With the remaining five host ID bits, each subnet can have up to 32 host addresses, 30 of which can actually be assigned to a device since host ids of all zeros or all ones are not allowed (it is very important to remember this). So, with this in mind, these subnets have been created.

204.17.5.0 255.255.255.224 204.17.5.32 255.255.255.224 204.17.5.64 255.255.255.224 204.17.5.96 255.255.255.224 204.17.5.128 255.255.255.224 204.17.5.160 255.255.255.224 204.17.5.192 255.255.255.224 204.17.5.224 255.255.255.224

host address range 1 to 30 host address range 33 to 62 host address range 65 to 94 host address range 97 to 126 host address range 129 to 158 host address range 161 to 190 host address range 193 to 222 host address range 225 to 254

Note: There are two ways to denote these masks. First, since you are using three bits more than the "natural" Class C mask, you can denote these addresses as having a 3-bit subnet mask. Or, secondly, the mask of 255.255.255.224 can also be denoted as /27 as there are 27 bits that are set in the mask. This second method is used with CIDR. With this method, one of these networks can be described with the notation prefix/length. For example, 204.17.5.32/27 denotes the network 204.17.5.32 255.255.255.224. When appropriate the prefix/length notation is used to denote the mask throughout the rest of this document.

The network subnetting scheme in this section allows for eight subnets, and the network might appear as: Figure 2

Notice that each of the routers in Figure 2 is attached to four subnetworks, one subnetwork is common to both routers. Also, each router has an IP address for each subnetwork to which it is attached. Each subnetwork could potentially support up to 30 host addresses. This brings up an interesting point. The more host bits you use for a subnet mask, the more subnets you have available. However, the more subnets available, the less host addresses available per subnet. For example, a Class C network of 204.17.5.0 and a mask of 255.255.255.224 (/27) allows you to have eight subnets, each with 32 host addresses (30 of which could be assigned to devices). If you use a mask of 255.255.255.240 (/28), the break down is:

204.17.5.0 -

11001100.00010001.00000101.00000000

255.255.255.240 - 11111111.11111111.11111111.11110000 --------------------------|sub |--Since you now have four bits to make subnets with, you only have four bits left for host addresses. So in this case you can have up to 16 subnets, each of which can have up to 16 host addresses (14 of which can be assigned to devices). Take a look at how a Class B network might be subnetted. If you have network 172.16.0.0 ,then you know that its natural mask is 255.255.0.0 or 172.16.0.0/16. Extending the mask to anything beyond 255.255.0.0 means you are subnetting. You can quickly see that you have the ability to create a lot more subnets than with the Class C network. If you use a mask of 255.255.248.0 (/21), how many subnets and hosts per subnet does this allow for?

172.16.0.0 -

10101100.00010000.00000000.00000000

255.255.248.0 - 11111111.11111111.11111000.00000000 -----------------| sub |----------You are using five bits from the original host bits for subnets. This allows you to have 32 subnets (25). After using the five bits for subnetting, you are left with 11 bits for host addresses. This allows each subnet so have 2048 host addresses (211), 2046 of which could be assigned to devices. Note: In the past, there were limitations to the use of a subnet 0 (all subnet bits are set to zero) and all ones subnet (all subnet bits set to one). Some devices would not allow the use of these subnets. Cisco Systems devices allow the use of these subnets when theip subnet zero command is configured.

Examples
Sample Exercise 1
Now that you have an understanding of subnetting, put this knowledge to use. In this example, you are given two address / mask combinations, written with the prefix/length notation, which have been assigned to two devices. Your task is to determine if these devices are on the same subnet or different subnets. You can do this by using the address and mask of each device to determine to which subnet each address belongs.

DeviceA: 172.16.17.30/20 DeviceB: 172.16.28.15/20

Determining the Subnet for DeviceA:

172.16.17.30 255.255.240.0 -

10101100.00010000.00010001.00011110 11111111.11111111.11110000.00000000 -----------------| sub|------------

subnet =

10101100.00010000.00010000.00000000 = 172.16.16.0

Looking at the address bits that have a corresponding mask bit set to one, and setting all the other address bits to zero (this is equivalent to performing a logical "AND" between the mask and address), shows you to which subnet this address belongs. In this case, DeviceA belongs to subnet 172.16.16.0. Determining the Subnet for DeviceB:

172.16.28.15 255.255.240.0 -

10101100.00010000.00011100.00001111 11111111.11111111.11110000.00000000 -----------------| sub|------------

subnet =

10101100.00010000.00010000.00000000 = 172.16.16.0

From these determinations, DeviceA and DeviceB have addresses that are part of the same subnet.

Sample Exercise 2
Given the Class C network of 204.15.5.0/24, subnet the network in order to create the network in Figure shown. Figure 3

3 with the host requirements

Looking at the network shown in Figure 3, you can see that you are required to create five subnets. The largest subnet must support 28 host addresses. Is this possible with a Class C network? and if so, then how? You can start by looking at the subnet requirement. In order to create the five needed subnets you would need to use three bits from the Class C host bits. Two bits would only allow you four subnets (22). Since you need three subnet bits, that leaves you with five bits for the host portion of the address. How many hosts does this support? 25 = 32 (30 usable). This meets the requirement. Therefore you have determined that it is possible to create this network with a Class C network. An example of how you might assign the subnetworks is:

netA: 204.15.5.0/27

host address range 1 to 30

netB: 204.15.5.32/27 netC: 204.15.5.64/27 netD: 204.15.5.96/27 netE: 204.15.5.128/27

host address range 33 to 62 host address range 65 to 94 host address range 97 to 126 host address range 129 to 158

VLSM Example
In all of the previous examples of subnetting, notice that the same subnet mask was applied for all the subnets. This means that each subnet has the same number of available host addresses. You can need this in some cases, but, in most cases, having the same subnet mask for all subnets ends up wasting address space. For example, in the Sample Exercise 2 section, a class C network was split into eight equal-size subnets; however, each subnet did not utilize all available host addresses, which results in wasted address space. Figure

4 illustrates this wasted address space.

Figure 4

Figure 4 illustrates that of the subnets that are being used, NetA, NetC, and NetD have a lot of unused host address space. It is possible that this was a deliberate design accounting for future growth, but in many cases this is just wasted address space due to the fact that the same subnet mask is being used for all the subnets.
Variable Length Subnet Masks (VLSM) allows you to use different masks for each subnet, thereby using address space efficiently.

VLSM Example
Given the same network and requirements as in Sample

Exercise 2 develop a subnetting scheme with the use of VLSM, given:

netA: must support 14 hosts netB: must support 28 hosts netC: must support 2 hosts netD: must support 7 hosts netE: must support 28 host
Determine what mask allows the required number of hosts.

netA: requires a /28 (255.255.255.240) mask to support 14 hosts netB: requires a /27 (255.255.255.224) mask to support 28 hosts netC: requires a /30 (255.255.255.252) mask to support 2 hosts netD*: requires a /28 (255.255.255.240) mask to support 7 hosts netE: requires a /27 (255.255.255.224) mask to support 28 hosts

* a /29 (255.255.255.248) would only allow 6 usable host addresses therefore netD requires a /28 mask.
The easiest way to assign the subnets is to assign the largest first. For example, you can assign in this manner:

netB: 204.15.5.0/27 host address range 1 to 30 netE: 204.15.5.32/27 host address range 33 to 62 netA: 204.15.5.64/28 host address range 65 to 78 netD: 204.15.5.80/28 host address range 81 to 94 netC: 204.15.5.96/30 host address range 97 to 98
This can be graphically represented as shown in Figure 5: Figure 5

Figure 5 illustrates how using VLSM helped save more than half of the address space.

CIDR
Classless Interdomain Routing (CIDR) was introduced to improve both address space utilization and routing scalability in the Internet. It was needed because of the rapid growth of the Internet and growth of the IP routing tables held in the Internet routers. CIDR moves way from the traditional IP classes (Class A, Class B, Class C, and so on). In CIDR , an IP network is represented by a prefix, which is an IP address and some indication of the length of the mask. Length means the number of left-most contiguous mask bits that are set to one. So network 172.16.0.0 255.255.0.0 can be represented as 172.16.0.0/16. CIDR also depicts a more hierarchical Internet architecture, where each domain takes its IP addresses from a higher level. This allows for the summarization of the domains to be done at the higher level. For example, if an ISP owns network 172.16.0.0/16, then the ISP can offer 172.16.1.0/24, 172.16.2.0/24, and so on to customers. Yet, when advertising to other providers, the ISP only needs to advertise 172.16.0.0/16. For more information on CIDR, see RFC

1518

and RFC

1519

Appendix
Sample Config
Routers A and B are connected via serial interface.

Router A
hostname routera ! ip routing !

int e 0 ip address 172.16.50.1 255.255.255.0 !(subnet 50) int e 1 ip address 172.16.55.1 255.255.255.0 !(subnet 55) int t 0 ip address 172.16.60.1 255.255.255.0 !(subnet 60) int s 0 ip address 172.16.65.1 255.255.255.0 (subnet 65) !S 0 connects to router B router rip network 172.16.0.0

Router B
hostname routerb ! ip routing ! int e 0 ip address 192.1.10.200 255.255.255.240 !(subnet 192) int e 1 ip address 192.1.10.66 255.255.255.240 !(subnet 64) int s 0 ip address 172.16.65.2 (same subnet as router A's s 0) !Int s 0 connects to router A router rip network 192.1.10.0 network 172.16.0.0

Host/Subnet Quantities Table

Class B # bits Mask

Effective Effective Subnets Hosts

------- --------------- --------- --------1 2 3 4 5 6 7 8 9 10 11 12 13 14 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 2 4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384 32766 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2

Class C # bits Mask

Effective Effective Subnets Hosts

------- --------------- --------- --------1 2 3 4 5 6 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 2 4 8 16 32 64 126 62 30 14 6 2

*Subnet all zeroes and all ones included. These might not be supported on some legacy systems. *Host all zeroes and all ones excluded.

Classes of IP
Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126, inclusive. Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191, inclusive. Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet. The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and 223, inclusive.