Interview

QOS
static routing / Dynamic Routing .. - Okay
eigrp bgp, vrf, spanning tree, trunking
port sharing
VLAN
Port Channel --> On going - LACP
Port Mapping
Port Security
VRF
Stacking -
Subnets
VLAN Concepts
BGP
Static routes
Eigrp
STP
STP multipath
1. Cisco switch Stack 3750 stack.
2. Port-channel.
3. Vlan & VTP modes.
4. STP.
Routing - Static routes. ,BGP on MPLS.,EIGRP.,MPLS-VRF.,Sub netting.
Firewall- Nat & types of Nat.,Basic idea on ACL.

Port Mirroring – Port Mirroring is used on a network switch to send a copy of network packet seen
one switch port to a network monitoring connection on another switch port. Generally referred as the
SPAN ( Switch port Analyzer)
Layer 3 Switch – High Performance devices. Layer 3 switch very little differ from routers. A layer 3
switch support the routing protocols Both inspect the incoming & outgoing packet and dest
Layer 2 switch, frames are based on the MAC address information, Layer 3 switch frames are based
on the network-layer information.
Layer 2 switching does not look inside a packet for network-layer information. Layer 2 switching is
performed by looking at destination MAC address within a frame. Layer 2 switch maintain the MAC
address table.
Layer 2 switch broadcast the frames and received the information.
Layer 3 switching operates at the network layer. It examines packet information and forward packets
based on their network- layer destination address.
VRF :
1. Virtual Routing and forwarding is used on the MPLS network.
2. VRF is maintain the multiple routing table on the single router.
3. Virtual routing and forwarding is a technology included in IP ( Internet Protocol) network routers
that allow multiple instances of the routing table to exist in a router and work simultaneously.
4. Increases functionally by allowing network paths to be segmented without using multiple devices.
5. VRF acts like a Logical router , but while a logical router may include many routing tables.
6. Virtual routing and forwarding is a technology implemented in the IP network routers that allow
multiple instances of a routing table to exist on the same router in the same time
7. Multi protocol Label Switching ( MPLS) VPN technology.
8. Virtual Network enable administrator to split a physical link into multiple virtual link completely
isolated one from the others. Virtual Link will be dedicated to traffic from a specific application or
customer.
MPLS functionally based on P ( Provider) router, PE ( Provider Edge) router and CE ( Customer
edge) router.
One PE router can hold and manage multiple virtual routing. If you are running in a private
environment , you can use MPLS VPN to separate services.
The Route distinguisher (RD ) is a number which help identify a VPN in a provider network and
allow for overlapping IP space.
The Route target (RT) indicates the VPN membership of a route and allow VPN routes to be imported
or exported into or out of your VRF
Spanning Tree
1. STP is the link layer network protocols that ensure a loop free topology.
2. Basic functionally of the STP is prevent bridge loop and ensuring broadcast radiation.
a. Select Root Bridge – We need to select the root bridge with the smallest bridge ID,
Each bridge has a unique identifier and configure the selected ID . Based on the
priority value the bridge
b. Determine the least cost paths to the root bridge-
c. Bridge Protocol Data Unit ( BPDU ) – BPDU frame using the Bridge ID and MAC
address of the port itself and Source and Destination address.
i. BPDU exchange regularly and enable switch keep track of network changes
and start and stop forwarding at ports as required.
ii. BPDU are exchanged regularly ( every 2 sec)
3, Blocking ,Listening – Switch process BPDU and awaiting new possible information.,
Learning ,Forwarding ,Disabled
Spanning tree protocol is a link management protocol that provide path redundancy while prevening
undesirable loops in the network.
Multiple active paths between stations cause loops in the network. If the loop exists in the network
topology, the potential exists for duplication of message.
Election of the Root Switch
1. The election of a unique root switch for the table
2. The election of a designated switch for every switched LAN segment.
3. The removal of loops in the switched network
BPDU –
1. The Unique switch identifier ( MAC address) associated with each switch.
2. The path cost to the root
3. The port identifier with each switch.

BPDU
One switch is elected as the root switch. The shortest destination to the root switch calculated
for each switch.
Blocking, Listening, Learning, Forwarding, Disabled.
VTP
VTP ( VLAN Trunking Protocol) – Cisco proprietary Layer 2 messaging protocol that manage the
addition, deletion and renaming of VLAN on a network wide basis. VTP reduce the administration in
a switch network.
VLAN information distributed to all switches by VTP domain.
VTP Operation on three mode
1. Server – In the VTP mode , create, modify the VLANS
2. Client – VTP client is works like Server, but not able to create , delete…
3. Transparent – The switch does not participate in VTP, A VTP transparent switch will not
advertise its VLAN configuration and does not synchronize.
VTP sends message between trunked switches to maintain VLAN on these switch
Port Security –
1. Port security can do based on the MAC address
1. MAC blocking 2. MAC learning
Stacking …
The term “ Stack “ refers to the group of switch that have been set up in the way.
1. Stackable switch is always single management interface
2. Switch stack has up to nine stack members connected through their stackwise port. A switch
stack always has one stack master.
3. The stack member number (1 to 9 ) identifies each member in the switch stack.
4. Collectively use the Cisco switches.
A switch stack is a set of up to nine Catalyst 3750 switches connected through their
StackWise ports. One of the switches controls the operation of the stack and is called the
stack master.
The stack master and the other switches in the stack are stack members.
A switch member are eligible stack masters. If the stack master becomes unavailable, the
remaining stack members participate in electing a new stack master from among themselves.
The switch with the high priority value become the stack master.
Switch running the cryptographic version of the SMI or EMI (Standard multiplayer image) or
EMI software.
Manage the switch stack through a single IP address.
Port Channel
Port channel support 2 , max 8 interfaces. The best way to use 2, 4 or 8. The load balancing is
based on layer 2/3 or 4.
Port channelling is make a communication between router & Switch.
Etherchannel – EtherCannel is a port trunking technology used primarily on cisco switches. It allow
grouping several physical Ethernet link to create one logical Ethernet link for the fault-tolerance and
high-speed link between switchs, router and servers.
A limitation of Etherchannel is that all the physical ports in the aggregation group must reside on the
same switch.
Firewall –
A firewall is a program or hardware device that filters the inbound and outbound traffic.
Three method of controlling the traffic.
1. Packet Filtering - Packets are analyszed against a set of filters. Packets that make it through
the filters are sent to the requesting systems and all others are discarded.
2. Proxy Service – Information from the internet is retrieved by the firewall and then sent to the
requesting system and vice versa.
3. State full Inspection – It does not examine the content of each packet but instead compares
certain key parts of the packet to a database of trusted information. Inbound and outbound are
monitored for specific characteristic, then incoming information is compared to these
characteristic. If the comparison yeald the reasonable match, the traffic allowed thought,
otherwise its discarded
Security Level.
PIX have very simple mechanisms to control traffic between interface.
The ASA allow traffic pass from trusted to untrusted , but not the reverse. The traffic can pass from
interface with high security levels to interfaces with lower security levels. ASA block the lower level
to high level.
• Security level 100—The highest possible level, it is used by the inside interface by default.
Using the trusted-untrusted terminology, this level is considered the most trusted.
• Security level 0—The lowest possible level, it's used by the outside interface by default,
making it the most untrusted interface. Traffic can pass from this interface to other interfaces only
if manually configured to do so.
• Security levels 1–99— Can be assigned to any other interface on the PIX. On a three-
pronged PIX firewall, the inside is typically 100, the outside is 0, and the third interface could be
50. Traffic from interfaces between 1 and 99 can pass through to the outside (0), but it is
prevented from passing to the inside (100). This is because the interface has a lower security level
setting than the inside.
Cisco 6500 Super Wiser Engineer 32
Static Routing Vs Dynamic Routing….
Static routing is not really a protocol, simply the process of manually entering routes into the routing
table via a configuration file that is loaded when the routing devices starts up.
Static route is a route that is created manually by the network adminstrator.
Dynamic route are created by routing protocol.
http://www.trainsignaltraining.com/free-video-training/free-ccna-training-videos-static-routing-and-
rip/
Static routing administrative distance is one.
IGRP default administrative distance is 100
Static routing is manually entering the route based on the best path consideration.
Dynamic routing is
Dynamic routing protocols are software application that dynamically discover network. A router will
learn “ routes” to all directly connected network. It will learn routes from other routers that run the
same routing protocols. The router will then sort through its list of routes and select the best path.
EIGRP ( Enhanced Interior Gateway Routing Protocol)…
1. It is link state routing protocol.
2. Cisco Preparatory routing protocol & Distance vector routing protocol.
3. Routing optimisation is based on the Diffusing update algaritham (DUAL)

4. Distance Vector Routing Protocol – Bellman Ford algorithm to find shortest paths. The
exchange a vector of distance to all destination. No future topology information exchange.
5. Link state routing protocols – Based on the algorithm find the shortest path. They work by
exchanging a description of each node and its exact connections to its neighbours.
6. EIGRP allows for equal cost load balancing, incremental routing updates and formal
neighbour relationship
7. EIGRP reduces bandwidth usage. Its updates only when topology changes occur.
8. Support of Variable Length subnet Masks (VLSM)
9. Using Hello messages, EIGRP sessions establish and maintain neighbor relationships with
neighboring routers.
10.EIGRP format packet ( hello / ACk, Updates, Queries, Replies, Request )
11.EIGRP administrative distance is 120
12.EIGRP only send the updated information if any network changes.
13.EIGRP Default hop count is 224
14.IGRP default hop count s 111
15.EIGRP use reduce the bandwidth
16.EIGRP will learn the successor and feasible successor.
17.EIGRP maintain three database – Neigbor DB, toptoplogy DB, IP routing table
18.EIGRP default hold time is three times of Hello packets.
19.RTP ( Reliable Transport Protocol) is responsible for guarabteed
20.Default hello interval is 5 second.
21.Update, query & replay packet , replay – Acknowledgement oriented.
22.Hello, ACK are – NON Acknowledgment oriented.
23.EIGRP DUAL
a. Tracks all routs advertised by neighbour.
b. Select the loop free successor and select the feasible successor.
c. If successor is fails , select the feasible successor.
24.DUEL is used to select the best path
OSPF
1. Its is link state routing protocol. – Generate routing update when any network
changes.
1. Response quickly as the network changes.
2. Send triggered update when network changes occurs
3. Send periodic update, link-state refresh, and such every 30 min
2. Neighbour Table, Topology table, Routing table – Link state data structure.
3. Digistra algoritham calculate the all possible routes.
4. OSPF Area - Characteristics
2. Minimizes routing table entry.
3. Localization impact of any topology changes.
4. Details LSA flooding stop at the area boundry.
5. Require hierarchical network design.
6. Area border router (ABR)
7. OSPF select the DR ( Designated Router) and BDR ( Backup Designated router)
8. OSPF protocol that builds three tables : Neigbour table, LS topology table and routing table.
9. OSPF protocol have five type of packet, hello, database description, Link state
Request( LSR), Link State Update (LSU) and ACK.
1. Hello – Builds adjucent between neighbours.
2. Database Description ( DBD) – check for database syncronization between router.
1.
IGRP..
It is distance vector routing protocol. Its use metric as a bandwith
Cisco switch Stack 3750 stack.
Catayst 3750 switch that run cisco IOS software relase 12.2
Ling Aggregation Control Protocol ( LACP ) and Port Aggregation Protocol ( PAgP) is a Cisco
proprietary protocols that run on Cisco Switch.
PAGP cannot be enabled on cross-Stack ether channels.

LACP is supported on cross stack etherchannels from Cisco IOS. LACP packets only with partnet
interfaces with the active or passive mode configuration. We can configure up to 16 ports form a
channel. Eight of the port are in active mode and other eight are in standby mode.
New method for collectively utilizing the capabilities of a stack of switch. Switch intelligently join to
create a single switch unit with a 32 gbic
Switch can be added to and deleted from a working stack without affecting performance.
Switch are united into a single logical units using special stack interconnected cables that create
bidirectinoal closed –loop path.
Layer 2 and Layer 3 forwarding – layer 2 forwarding is done with a distribution layer. Layer 3 is
done in a centralized manner.
Cisco Catalyst 3750 series switch has a single IP address and is managed as a single object. The
single IP management applies to active fault detection, VLAN creation , Modification and deletion ,
Security and QoS controls.
Cisco stackwise technology units up to nine individual cisco 3750 switch into a single logical units.
This single stack will allow share the same network topology, MAC address and routing information.
Bi-directional flow – To efficiently load balanced the traffic.
On line stack adds and remove.
Physical sequential linkages – A break of the any one cable will result in the stack bandwidth being
reduced to half of its full capability.
Subsecond Failover – within microsecond of a brakage of one part of the path
Single Management IP address –
Master Switch Election
1. User Priority – network manager can select the which switch as a master.
2. H/w and S/W priority –
3. Default configuration.
4. Uptime
5. MAC address
Shared network Topology information - The master switch is responsible for collecting and
maintaiing correct routing information. It send periodic update to all subordinate switchs. The master
switch is responsible for routing control and processing.
Subordinate switch activity –
Switching Mode …
Fast forwards – Fast forwards offers the lowest level of latency by immediately forwarding a packet
after receiving the destination address. In Fastforward mode, latency is measured first bit received to
first bit transmitted (FIFO)
Fragment Free – Fregment free switching filters out collision fragments, the majority of packet
errors before forwarding begins.
Store – and – Forward. - Complete packet are stored and checked for error prior to transmission. In
Sore and forward mode, Latency is measured last bit received to first bit tranmitted or LIFO ( Last in
Fast out)
What is administrative distance ?
Adminsitrative distance is the feature that routers use in order to select the best path when there are
two or more different routes to the same distinaiton from two different routing protocol.
AD define the reliability of a routing protocol.
AD distance is the first criterion that a router used to determine which routing protocol to use if two
protocols provide route information for the same destination.
The smallest administrative distance value is more reliable protocol.
Administrative distance is used to select the best path when there are two or more different routes to
the same distance from two different routing protocols.
Default Distance
Route Source
Values
Connected interface 0
Static route 1
Enhanced Interior Gateway Routing
5
Protocol (EIGRP) summary route
External Border Gateway Protocol (BGP) 20
Internal EIGRP 90
IGRP 100
OSPF 110
Intermediate System-to-Intermediate
115
System (IS-IS)
Routing Information Protocol (RIP) 120
Exterior Gateway Protocol (EGP) 140
On Demand Routing (ODR) 160
External EIGRP 170
Internal BGP 200
Unknown* 255
Clock rate – The clock rate interface command has been enhanced for the synchronous serial
port
Subnet – A subnet is a identifiable separate part of a organization network.
Class Address
Class A addresses begin with 0xxx, or 1 to 126 decimal.
Class B addresses begin with 10xx, or 128 to 191 decimal.
Class C addresses begin with 110x, or 192 to 223 decimal.
Class D addresses begin with 1110, or 224 to 239 decimal.
Class E addresses begin with 1111, or 240 to 254 decimal.
MPLS – Multiprotocol Label Switching is a mechanisam is high performance telecommunication

network which directs and carries data from one network node to the next.
MPLS is a highly scalable, Protocol agnostic,
MPLS is an efficient encapsulation mechanisam.
MPLS was originally presented as a way of improving the forwarding speed of routers but is now
emerging as a crucial standard technology that offers new capabilities for large scale IP network.
MPLS terminology, the packet handled nodes or router are called Label switched router (LSR)
Is the telecommunication network.
MPLS is the standard technology for speeding up network traffic flow and make it easy to manage
MPLS – VRF ( Virtual Routing and forwarding ) is a technology that allow multiple instances of a
routing table
VRF is the key element in the Cisco MPLS VPN technology.
ACL…
Empty ACL permit all traffic
Standard IP  1?99 ,1300 ?1999
Extended IP  100?199, 2000 ?2699
access-list acl_collector permit icmp any any

access-list acl_collector permit ip any any
Router( config) # access-list ACL# permit | deny conditions
Standard Access Control list (ACL) are Cisco IOS based commands used to filter packets on cisco
router based on the source IP address of the packet.
Extended access control list have the ability to filter packet based on source and destination IP
address.
Numbers between 1 and 99, or any number between 1300 and 1999 can be used in a Standard ACL.
CISCO PIX Firewall BASIC…
PIX Device Manager ( PDM )
PIX firewall provide wide range of security…
NAT , Content Filtering, URL filtering, IPSec VPN, DHCP Server / Client,
Static NAT
NAT – NAT is a way to map a range of global address to an inside or peimeter (DMZ) address.
1. Static NAT – One to one basis
2. Dynamci NAT – Nap a unregistered IP address to a pool of registered IP
3. Overloading – is the form of dynamic NAT but maps multiple unregistered IP address
to one single registered IP address. This is know as PAT or single address NAT.
NAT Terms..
Inside Local Address – An IP address assigned to a host inside a network.
Inside Global Address – A legitimate IP address assigned by the NIC or service provider that
represents one or more inside local IP address to the outside world.
Outside Local Address –

Outside Global Address - x
ARP and RARP Address Translation
ARP maps IP address into MAC address. And ARP maps MAC address into IP address
BGP….
BGP is a protocol for exchanging routing information between gateway hosts in a network of
autonomous systems. The routing table contains a list of known routers, the address they can reach
and a cost metric associated with the path to each router.
• Learns multiple paths via internal and external BGP speakers.

• Picks the best path and installs in the forwarding table.
• Best path is sent to external BGP neighbour.
Classless Inter Domain routing ( CIDR)
BGP Introduction
Used for carrying routing informaton between AS's

path vector Protocol
Incremental
Runs over TCP - 179
Conveys Informatoin about AS
BGP- General Operation
Learns multiple paths via internal and external BGP speakers

Picks the best path and installs in the IP forwarding table.
Policy applied by influencing the best path selection.
Load balancing - BGP does NOT load balancing traffic; it choose & installs a "Best " route
BGP Relationship with IGP
- BGP carries full internet routing table

- IGP are used to carry next hop and interior network information.
Autonomous System (AS)

- Collection of network with same routing policy.
- Single routing protocol
BGP Path Selection Algoritham

- Do not consider path if not route to next hop.
- Sortest algoritham path
VLAN Creation …
To define a VLAN on the cisco device, we need a VLAN ID, a VLAN name, Ports
Step 1 – Get the current configuration

Step 2 - Create a vlan using VLAN X , where X is the ID
Step 3 – Name the VLAN < VLAN Name>
Step 4 – Create the VLAN with the network range
Step 5 – End configuration mode by “ END”
Step 5 : save conf by “ wr mem”
1. VLANs are broadcast domains defined within switches to allow control of broadcast,
multicast, unicast and
2. VLAN are defined on the switch in an internal database know as the VTP database.
After vlan has been created, port are assigned to the VLAN
Router Configuration Tutorial
1. User EXEC
2. Privileged EXEC
3. Global Config.
4. Interface Config.
5. Set up
RIP..
RIP default behavior is send to ver 1 updateds, but to acceptable from ver 1 and 2.
Sending update every 30 seconds
Invalid after 180 Sec, Hold down 180 , flushed after 240.
Difference between RIP V1 & V2 ?
RIP V1  Classful routing protocol

RIP V2  Classless routing protocol
RIP V1  Subnet mask are NOT included in the routing update.

RIP V2  Subnet mask are included in the routing update.
Cisco 6509 – Switch Details….
Supports all Catalyst 6500 modules, including all:
• Supervisor engines
• Switch fabric modules
• Fast Ethernet modules
• Gigabit Ethernet modules
• 10 Gigabit Ethernet modules
• Voice modules
• Flex Wan Modules
• ATM modules
• Multi Gigabit services modules (content services ,firewall, intrusion detection,
IPSec/VPN, network analysis, and SSL acceleration)
The Cisco Supervisor engine 720 offer a strong set of security features. The supervisor engine 720
builds on the proven Cisco Express forwarding ( CEF) architecture, by supporting centralized
forwarding ( CEF) and distributed forwarding ( dCEF)
There are three flavore, PFC3A, PFC3B, PFC3BXL
MSFC3
The MSFC3 is an integral part of the supervisor engine 720, providing high performance multiplayer
switching and routing intelligence.
What is the difference between gateway and firewall?
A network gateway joins two network together through a combination of hardware and software.
A network firewall guards a computer network against unauthorized incoming or outgoing access.
Network firewall may be hardware devices or software programs.
What is the difference between router ACLs and Firewall ACLs?
Router are designed to route traffic, not stop
Firewall are designed to examine and accept / reject traffic. Both ACL are do the same job.
Depending upon our requirement we do our ACL configuration.
Can traceout command work across the firewall? If No then why? If Yes then why?
Firewall
A firewall filters both inbound and outbound traffic.
What different types of firewall are there ?
1. Packet filters
2. Circuit level gateways
3. Application level gateways
4. Stateful multiplayer inspection firewalls
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. A
router is a device that receives packets from one network and forwards them to another network. In a
packet filtering firewall each packet is compared to a set of criteria before it is forwarded.
Most routers support packet filtering.
http://www.vicomsoft.com/knowledge/reference/firewalls1.html#1
circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP / IP. This
is useful for hiding information about protecting networks. Circuit level gateway are relatively
inexpensive and have advantage of hiding information.
Application level gateway also called proxies are similar to circuit level gateway expect that they are
application specific. The can filter packet at the application layer of the OSI model.
Stateful multiplayer inspection firewall. They filter packets at the network layer.
What is IP Spoofing?
Many firewall examine the source IP address of packet to dertmine if they are legitimate.
IP spoofing – This is useful technique , since many system define which packet may and which
packets may not pass based on the sender IP address.
Routing Funcion
The routing function is responsible for learning the logical topology of the network and then make
decision based on the knowledge
Switching Function
It is concerned with moving data across the router. It is responsible for forwarding the datagram.
Protocol Update Timer Technology
• RIPv1 Every 30 seconds for entire routing table. Distance vector.
• RIPv2 Every 30 seconds for entire routing table. Distance vector.
• OSPF Incremental with only the network change. However, 30 minutes after the last update
was received, a compressed version of the table is propagated. Link state.
• EIGRP Incremental updates with network change only. Advanced distance vector,
sometimes called enhanced distance vector or a hybrid routing protocol.
• IGRP Updates every 90 seconds with incremental updates as needed. Distance vector.
• BGP-4 Incremental with only the network change. Path vector, sometimes referred to as a
type of distance vector routing protocol.
• IS-IS Incremental with only the network change. However, the router that originated the
LSPmust periodically refresh its LSPs to prevent the remaining lifetime on the receiving
routerfrom reaching 0. The refresh interval is 15 minutes. This means that approximately 15
minutes after the last update was received, a compressed list of all the links the router has
knowledge of is sent to all routers. Link state.
Distance Vector Routing Protocols Versus Link-State Routing Protocols
Distance Vector Link-State
• Sends its entire routing table at periodic intervals out of all interfaces (typically, this is based
in seconds). Sends triggered updates to reflect changes in the network.
• Typically involves updates sent using a broadcast address to everyone on the link.
• Uses a metric based on how distant the remote network is to the router. (IGRP does not
conform to this as a proprietary solution.)
• Has knowledge of the network based on information learned from its neighbors.
• Includes a routing table that is a database viewed from the perspective of each router.
• Uses the Bellman Ford algorithm for calculating the best path.
• Does not consume many router resources, but is heavy in the use of network resources.
• Maintains one domain in which all the routes are known.
• Has a hierarchical design of areas that allow for summarization and growth.
• For effective use, the addressing scheme should reflect the hierarchical design of the network.
Link State Routing Protocols
• Sends incremental updates when a change is detected. OSPF will send summary
information every 30 minutes, regardless of whether incremental updates have been sent in
that time.
• Typically involves updates sent to those routers participating in the routing protocol domain,
via a multicast address.
• Is capable of using a complex metric, referred to by OSPF and IS-IS as cost.
• Has knowledge of the network based on information learned from every router in the area.
• Has a topological database that is the same forevery router in the area. The routing table that
is built from this database is unique to each router.
• Uses the Dijkstra algorithm.
• Uses many router resources, but is relatively low in its demand for network resources.
• Is not restricted by addressing scheme.

• Involves slower convergence because information of changes must come from the entire
network (but indirectly). Each routing table on every intervening router must be updated
before the changes reach the remote end of the network.
RIP V1
• Is a simple protocol to design, configure, and maintain.

• Does not require a hierarchical addressing scheme.
• Does not pass the subnet mask in the routing update and therefore is not capable of classless
routing or VLSM.
• Is limited to a 15-hop diameter network.
• Does not acknowledge routing updates; just repeats them periodically (every 30 seconds).
• Has a routing table that is sent out of every interface every 30 seconds (by default).
• Can transmit information about the network in two messages: the routing update and the
triggered update.
• Uses hop count as a metric, the number of routers to process the data.
OSPF
• Is a complex protocol to design and, in some instances, to configure and maintain.

• If full benefits of the protocol are to be harnessed, should use a hierarchical IP addressing
scheme.
• Carries the mask in the update and therefore can implement VLSM, summarization, and
classless routing.
• Is unlimited in the diameter of the network, although it is suggested that an area not exceed
more than 50 networks.
• Acknowledges updates.
• Involves updates sent as required (when changes are seen) and every 30 minutes after no
change has been seen.
• Has protocols for discovering neighbors and forming adjacencies, in addition to protocols for
sending updates through the network. These protocols alone add up to nine message types.
Uses cost as a metric. Cost is not stated in the RFCs, but it has the capacity to be a complex
calculation, as seen in Cisco’s implementation.
Layer 3 Routing Versus Layer 3 Switching

It is important to understand the difference between Layer 3 routing and Layer 3 switching. Both
terms are open to some interpretation; however, the distinction between both can perhaps be best
explained by examining how an IP packet is routed. The process of routing an IP packet can be
divided into two distinct processes:
• Control plane—The control plane process is responsible for building and maintaining the IP
routing table, which defines where an IP packet should be routed to based upon the
destination address of the packet, which is defined in terms of a next hop IP address and the
egress interface that the next hop is reachable from. Layer 3 routing generally refers to control
plane operations.
• Data plane—The data plane process is responsible for actually routing an IP packet, based
upon information learned by the control plane. Whereas the control plane defines where an IP
packet should be routed to, the data plane defines exactly how an IP packet should be routed.
This information includes the underlying Layer 2 addressing required for the IP packet so that
it reaches the next hop destination, as well as other operations required on for IP routing, such
as decrementing the time-to-live (TTL) field and recomputing the IP header checksum. Layer
3 switching generally refers to data plane operations.
7200 Router
7200 enable an integrated solution for routing and security including Qos , multicast and miltiprotcol
traffic across the vpn. Utilizing the VPN acceleration module (VAM2) , the cisco 7301 and cisco
7200 series VPN routers deliver IPsec encryption scalability to 145 MBps for the most demanding
head end , site- to – site VPN.
Security feature on 7200 Router
Control Plane Policing (CPP), Committed Access Rate (CAR) ,Voice & Video Enabled IPSEC
(V2PN) , Connected Engine – Network module (NM – CE)
What is ICMP ?
ICMP is Internet Control Message Protocol, a network layer protocol of

the TCP/IP. It used the echo test / replay to test whether a destination is reached and responding. It
also handles both control and error messages.
What is a bandwidth?
Every line has a upper limit and a lower limit on the frequency of signals it can carry. This limited
range is called the bandwidth.
What is the Frame Relay?
Frame Relay is a packet switching technology. It will operate in the data link layer.
What are the 3 most common LAN architectures?
The 3 most common types of LAN architectures* are:
• Ethernet
• Token Ring
• ArcNet
How does the nomenclature "10base2" describe Ethernet cable?
An Ethernet LAN is often described in terms of three parameters: transmission rate, transmission
type, and segment distance.
"10base2" means:
• 10 - transmission rate or through put of 10Mbps

• base - transmission type is baseband rather than broadband network (i.e., the signal is placed
directly on the cable, one signal at a time)
• 2 - the maximum segment distance in meters times 100; in this case 200 meters (actually only
185 meters)
What are the key characteristics of 10Base2 Ethernet.
A 10Base2 Ethernet LAN conforms generally to the IEEE 802.3 standard. Also known as Thinnet
Ethernet, it has the following key characteristics:
• Transmits at 10 Mbps
• Uses Thinnet coaxial cable
• Supports a maximum of 30 nodes per segment
• Uses local bus topology
• Minimum distance between computers is 0.5m (not including drop cables)
• Maximum length of segment is 185m
• Up to 5 segments can be connected (but only 3 can accommodate nodes)
• Connected with BNC connectors (T-connectors)
• Used primarily for smaller workgroups or departments
What is Token Ring? What IEEE standard does it conform to?
Token ring is a relatively expensive LAN architecture that is strongly influenced by IBM. It is very
stable and can be expanded without a significant degradation in network performance.
Token ring uses the token passing media access control. Data transmission normally occurs at 4 or 16
Mbps depending on the cable.
Token ring is normally implemented in a logical ring/physical star topology with a MAU
(Multistation Access Unit) as the hub. The maximum number of stations on one ring is 260 for
shielded twisted pair and 72 for unshielded twisted pair (UTP). There can be up to 33 MAUs per ring.
Token Ring LANs normally use shielded twisted pair (STP) but may also use unshielded twisted pair
(UTP) or fiber-optic cable. The maximum distance to the MAU from the workstation depends on the
cable and varies from 45 meters for UTP to 100 meters for STP.
What is a topology?
A topology refers to the manner in which the cable is run to individual workstations on the network.
The dictionary defines topology as: the configurations formed by the connections between devices on
a local area network (LAN) or between two or more LANs
What is a HELLOW protocol used for?
The HELLO protocol used time instead of distance to determine optimal routing. It is an alternative to
the routing information protocol.
What is difference between ARP and RARP ?

The ARP is used to associated the 32 bit ip addrss with the 48 bit physical address, used by a host or a
router to find the physical address, used by a host or a router to find the physical addrss of another
host on its network by sendigna ARP query packet.
THE RARP allows a host to discover its internet address when it knows only its physical address.
What is Multicast routing ?
Sending a message to a group is called multicasting, and its routing algorithm is called multicast
routing.
What is IGP( Interior Gateway Protocl)?
It is any routing protocol used within an autonomous system
What is OSPF ?
It in an internet routing protocol that scales well,can route traffic along multiple paths, and uses k
What is Load balancing?
If the number of incoming clients requests exceeds the number of processes in a server class, the TP
Monitor may dynamically start new ones and this is called Load balancing.
What is the difference between TFTP and FTP application layer protocols?
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but
does not provide reliability or security. It uses the fundamental packet delivery services offered by
UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file
from one host to another. It uses the services offered by TCP and so is reliable and secure. It
establishes two connections (virtual circuits) between the hosts, one for data transfer and another for
control information.
What are the advantages and disadvantages of the three types of routing tables?
The three types of routing tables are fixed, dynamic, and fixed central. The fixed table must be
manually modified every time there is a change. A dynamic table changes its information based on
network traffic, reducing the amount of manual maintenance. A fixed central table lets a manager
modify only one table, which is then read by other devices. The fixed central table reduces the need to
update each machine's table, as with the fixed table. Usually a dynamic table causes the fewest
problems for a network administrator, although the table's contents can change without the
administrator being aware of the change.
What does the Mount protocol do ?
The Mount protocol returns a file handle and the name of the file system in which a requested file
resides. The message is sent to the client from the server after reception of a client's request.
What is the HELLO protocol used for?
The HELLO protocol uses time instead of distance to determine optimal routing. It is an alternative to
the Routing Information Protocol.
What is the minimum and maximum length of the header in the TCP segment and IP
datagram?
The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes.
What is Protocol Data Unit?
The data unit in the LLC level is called the protocol data unit (PDU). The PDU contains of four fields
a destination service access point (DSAP), a source service access point (SSAP), a control field and
an information field. DSAP, SSAP are addresses used by the LLC to identify the protocol stacks on
the receiving and sending machines that are generating and using the data. The control field specifies
whether the PDU frame is a information frame (I - frame) or a supervisory frame (S - frame) or a
unnumbered frame (U - frame).
What are the data units at different layers of the TCP / IP protocol suite?
The data unit created at the application layer is called a message, at the transport layer the data unit
created is called either a segment or an user datagram, at the network layer the data unit created is
called the datagram, at the data link layer the datagram is encapsulated in to a frame and finally
transmitted as signals along the transmission media.
What is difference between ARP and RARP?
The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit
physical address, used by a host or a router to find the physical address of another host on its network
by sending a ARP query packet that includes the IP address of the receiver.
The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it
knows only its physical address.
What is MAC address?
The address for a device as it is identified at the Media Access Control (MAC) layer in the network
architecture. MAC address is usually stored in ROM on the network adapter card and is unique.
What is terminal emulation, in which layer it comes?
Telnet is also called as terminal emulation. It belongs to application layer.
What are the types of Transmission media?
Signals are usually transmitted over some transmission media that are broadly classified in to two
categories:-
Guided Media:
These are those that provide a conduit from one device to another that include twisted-pair, coaxial
cable and fiber-optic cable. A signal traveling along any of these media is directed and is contained by
the physical limits of the medium. Twisted-pair and coaxial cable use metallic that accept and
transport signals in the form of electrical current. Optical fiber is a glass or plastic cable that accepts
and transports signals in the form of light.
Unguided Media:
This is the wireless media that transport electromagnetic waves without using a physical conductor.
Signals are broadcast either through air. This is done through radio communication, satellite
communication and cellular telephony.
What are major types of networks and explain?
Server-based network.
Peer-to-peer network.
Peer-to-peer network, computers can act as both servers sharing resources and as clients using the
resources.
Server-based networks provide centralized control of network resources and rely on server computers
to provide security and network administration.
What is multicast routing?
routing.
What is the difference between routable and non- routable protocols?
Routable protocols can work with a router and can be used to build large networks. Non-Routable
protocols are designed to work on small, local networks and cannot be used with a router.
What are the different type of networking / internetworking devices?
Repeater:
Also called a regenerator, it is an electronic device that operates only at physical layer. It receives the
signal in the network before it becomes weak, regenerates the original bit pattern and puts the
refreshed copy back in to the link.
Bridges:
These operate both in the physical and data link layers of LANs of same type. They divide a larger
network in to smaller segments. They contain logic that allow them to keep the traffic for each
segment separate and thus are repeaters that relay a frame only the side of the segment containing the
intended recipent and control congestion.
Routers:
They relay packets among multiple interconnected networks (i.e. LANs of different type). They
operate in the physical, data link and network layers. They contain software that enable them to
determine which of the several possible paths is the best for a particular transmission. Gateways: They
relay packets among networks that have different protocols (e.g. between a LAN and a WAN). They
accept a packet formatted for one protocol and convert it to a packet formatted for another protocol
before forwarding it. They operate in all seven layers of the OSI model.
What is redirector?
Redirector is software that intercepts file or prints I/O requests and translates them into network
requests. This comes under presentation layer.
What is packet filter?
Packet filter is a standard router equipped with some extra functionality. The extra functionality
allows every incoming or outgoing packet to be inspected. Packets meeting some criterion are
forwarded normally. Those that fail the test are dropped.
What is logical link control?
One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802
standard. This sublayer is responsible for maintaining the link between computers when they are
sending data across the physical network connection.
What is traffic shaping?
One of the main causes of congestion is that traffic is often busy. If hosts could be made to transmit at
a uniform rate, congestion would be less common. Another open loop method to help manage
congestion is forcing the packet to be transmitted at a more predictable rate. This is called traffic
shaping.
What is NETBIOS and NETBEUI?
NETBIOS is a programming interface that allows I/O requests to be sent to and received from a
remote computer and it hides the networking hardware from applications.
NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and IBM
for the use on small subnets.
Why should you care about the OSI Reference Model?
It provides a framework for discussing network operations and design.
What is Proxy ARP?
is using a router to answer ARP requests. This will be done when the originating host believes that a
destination is local, when in fact is lies beyond router.
What is EGP (Exterior Gateway Protocol)?
It is the protocol the routers in neighboring autonomous systems use to identify the set of networks
that can be reached within or via each autonomous system.
What is IGP (Interior Gateway Protocol)?
It is any routing protocol used within an autonomous system.
What is OSPF?
It is an Internet routing protocol that scales well, can route traffic along multiple paths, and uses
knowledge of an Internet's topology to make accurate routing decisions.
What Is Dynamic DNS?
A new feature is Dynamic DNS (DDNS) and as you begin to find out more about how name
resolution and service location works, it's a feature you'll be quite thankful for. The basic premise
behind DNS is that when a client starts it will register its name-to-IP address mapping with the DNS
server that it's configured with. This is a giant change from NT 4.0 when administrators had to enter
in all DNS records manually. DDNS works similarly to how WINS worked in NT 4.0 where most, if
not all, clients were registered dynamically.
What Is Switch?
Today, network designers are moving away from using bridges and hubs and are primarily using
switches and routers to build networks. Technology advances are producing faster and more
intelligent desktop computers and workstations. The combination of more powerful
computers/workstations and network-intensive applications has created a need for network capacity,
or bandwidth, that is much greater than the 10 Mbps that is available on shared Ethernet/802.3
LANS. Today's networks are experiencing an increase in the transmission of large graphics files,
images, full-motion video, and multimedia applications, as well as an increase in the number of users
on a network.
NO. NAME ENCAPS DEVICES

/ PDU
7 Application Raw Data
6 Presentation
5 Session
4 Transport Segments
3 Network Packets Router
2 Data Link Frame Bridges,

Switchs
1 Physical Bits HUB,Repeaters
What Is Virtual Private Network?
VPN connections are similar to dial-up connections in that they give remote users access to your
network. But unlike dial-up connections, VPNs let you use an existing network—the Internet, for
example—as the connection medium. VPNs wrap the Point-to-Point Protocol (PPP) packets used in
dial-up connections with additional tunneling protocol headers that let the VPN packets travel
securely over a shared network. VPN is especially beneficial in situations where users would
otherwise incur long-distance charges when dialing in to your network. To use VPN, all you need at
the client is a connection to the Internet (and with the proliferation of broadband Internet connections,
VPN users can realize significantly greater connection speeds than dial-up users). Of course, because
you're communicating over a public network, it's important that you adequately secure data
communications. How you secure data communications depends on the tunneling protocol you use.
Port Details
1. Shard Folder – 445

2. Terminal Server Access (RDP ) – 3389
3. Citrix – TCP 1494 Dyn >- 1023 and UDP 1604 and Dyn >- 1023
4. Yahoo Messanger – TCP 5100
5. Printer Service port – TCP 9100 , 515,631
6. Mail – TCP 25 SMTP
7. SQL – TCP -1433
8. DBS – 53
9. TACACS – 49
10. sftp – TCP 115
11. NTP – 123
12. NNTP - 119
13. imap 143
14. Lotus Notes - 1352 tcp
15.
Multicast addresses are in the range 224.0.0.0 to 239.255.255.255.

224.0.0.0 NO body
224.0.0.1 EveryBody
224.0.0.0.9 RIP router
Bridges
 Software-based L2 Device
 Learn MAC addresses
 Segment LANs
 Floods broadcasts
 Filters Frames
 Usually less than 16 ports
Switch
 Hardware-based L2 device
 Learns MAC addresses
 Builds a CAM Table
 Single station or LAN segment on each port
 Floods broadcasts
 Can have 100 or more ports
FCS ( Frame Check Sequence)
Uses the standard 16-bit cyclic redundancy check (CRC) for checking frames.
The FCS is the number arrived at after running the CRC and this number is placed into the field on
the end of the frame.
CRC - A mathematical computation to ensure the accuracy of frames transmitted between devices.
An L2 Frame
Layer 2 Ethernet Frame

46 -
8 6 6 2 4 4 TCP D S 4
D S D S 1500 F
Wi Po Po L7 Data Segment C
MAC MAC IP IP rt Hdr
nd rt S
L3 Info L7 Info
L2 Info L2 Info
L4 Info
Address Learning –
Bridges and Switches place the source MAC address of every frame received into a MAC address
table in the switch’s memory
Frame Forwarding/Filtering –
The destination MAC address is looked up in the table and an exit port is located
Loop Avoidance –
When multiple connections between switches are created for redundancy, network loops can occur.
Spanning-Tree Protocol is used to stop loops while allowing redundancy
Layer 2 Switching Logic
A frame is received:
• Destination – Multicast or Broadcast Flood

• Destination – Unknown Unicast Flood
• Destination – Unicast in MAC Table Forward
• Destination – Unicast – Same Port Filter
Cut-through:
 Copies only the destination address into its buffers

 Fast switching, but will pass corrupted frames
 Low latency because it begins to forward the frame as soon as it reads the
destination address
Store-and-Forward:
 Copies the entire frame into its onboard buffers and computes the cyclic
redundancy check (CRC)
 Latency varies depending on the frame length.
Fragment Free (Modified):
 Waits for the collision window (first 64 bytes) to pass before Forwarding
 Combines error checking with low latency
Address Learning: Building the CAM Table
• CAM Table is empty at ‘power-on’.

• Switch learns MAC address from Source Address field in Header.
• Source Address is placed in CAM Table, associated with its port. Can more than one MAC
can be associated with a single port?
• Subsequent frames with Destination Address found in CAM Table are directed to the proper
port.
• Later frames with DA not found in CAM Table are flooded to all ports.
• CAM entries do age out after a period of inactivity – 300 seconds (5 minutes).
CAM Table Address Types
Dynamic
 Learned by looking at the SA (source address) of every incoming frame.
 Aged out periodically – Default is 300 seconds
Permanent/Static
 Manually configured. Never aged out of CAM table until an administrator makes a
change.
 L2 Address/Port
 Switches operate primarily at L2 of the OSI Model.
Summary
 Switches move frames throughout our networks by checking the DMAC address
from the CAM Table and forwarding (or filtering if necessary) to the destination.
 The switch’s CAM Table is built by looking at the Source MAC address of every
frame that enters the switch.
 CAM Table entries are removed after 5 minutes of inactivity (by default).
Firewall
What is stateful inspection firewall
Stateful inspection technology (a.k.a. dynamic packet filtering) in firewalls refers to the ability to
track connection "state information" in addition to simple packet filtering for a more robust security.
What that means is, the firewall has the ability to base control decisions (e.g. whether to
accept/reject/authenticate/encrypt/log attempts) based on previous communication with the external
host, as well as other applications connected to it. In other words, stateful inspection allows for a
more intelligent decision-making than simple port/packet-based access blocking. A stateful
inspection firewall has the ability to retrieve and manipulate information derived from all
communication layers and from other applications.
Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet
filtering, which examines a packet based on the information in its header, stateful inspection
examines not just the header information but also the contents of the packet up through the
application layer in order to determine more about the packet than just information about its
source and destination.
Firewall Technologies
1. Packet Filtering
2. Application Layer Gateways
3. Stateful Inspection
4. Content filtering
Packet Filtering
The action a device takes to selectively control the flow of data to and from a network.
Packet filters allow or block packets, usually while routing them from one network to
another (most often from the Internet to an internal network, and vice versa ). To accomplish
packet filtering, you set up a set of rules that specify what types of packets (e.g., those to
or from a particular IP address or port) are to be allowed and what types are to be blocked.
Packet filtering may occur in a router, in a bridge, or on an individual host
A packet filtering router should be able to filter IP packets based on the following foure fields
1. Source IP address
2. Destination IP address
3. TCP / UDP source and Destinition ports
Application Level Security
Content Filtering
The Application data is handed over to a content filtering server that unpacks the dat to see
what is inside, and harmful content is then disposed of.. For Example zipped files are unzipped first to
see what is inside them, If the content contains a virus it will be discarded or disinfected.
File types are identified and undesirable types. E.g executables can be removed, according to the
security policy.
DHCP
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically
so that addresses can be reused when hosts no longer need them.
Different between broadcast domain and collision domain. or explain broadcast domain and
collision domain.
Broadcast domain is related to communicate data in another network , it is related with Network layer
(IIIrd layer of osi model) , means from single point of network u can broadcast packets to many
clients on another netwrok.
Collision domain is can be in your same network , switches are producing collision domain breakup ,
because each port of swith is capable for collision domain breakup.
Routing protocol administrative Distance
RIP --> 120
IGRP -- ? 110
ospf --> 90
CONNECTED INTERFACE --> 0
STATIC ROUTE --> 1
IS-IS --> 115

INTERNAL EIGRP --> 90
EXTERNAL EIGRP -->? 170
EXTERNAL BGP --> 20
INTERNAL BGP --> 200
• RIP V1 does not support VLSM

• EIGRP is based on distance vector algorithm. it is work based on min bw and net delay along
with possible path.
• In the EIGRP routing info will exchange when route have change. Normally HELLO packet
only exchange.
Passive Interface:
In RIP interface pasive make it will receive routing info, but not send.
IN EIGRP will not send and receive routing info.
EIGRP
• It is cisco preparatory protocol.

• You can only use it in an all-Cisco network, but EIGRP more than makes up for this
deficiency by being easy to configure, fast, and reliable.
• The EIGRP metric is based on the minimum bandwidth and net delay along each possible
path, which means that EIGRP can accommodate larger networks than RIP
• EIGRP uses a more sophisticated algorithm called Diffusing Update Algorithm (DUAL). The
DUAL algorithm ensures that every router can individually make sure that its routing table is
always free from loops.
• The EIGRP topology database on each router keeps track of higher cost candidates for the
same destinations. This helps routing tables throughout the network to reconverge quickly
after a topology change such as a link or router failure.
• EIGRP only distributes information about routes that have changed, and only when there is a
change to report .The rest of the time, routers only exchange small "Hello" packets to verify
that routing peers are still available. So EIGRP uses very little bandwidth
• Routers exchange routing information using multicast packets, which helps to limit
bandwidth usage on segments that hold many routers
• EIGRP uses multicast address 224.0.0.10, sending packets as raw IP packets using protocol
number 88.
• which is a central feature of the DUAL algorithm. Every time a router receives a new piece of
routing information from one of its neighbors, it updates the topology table. This helps to give
it a reliable and up-to-date image of all of the connections in the network that are currently in
use.
• EIGRP includes many of the features such as Classless Inter-Domain Routing (CIDR) and
Variable Length Subnet Masks (VLSM) that are needed in larger networks.
• Router1(config)#router eigrp 55
• The only restriction is that all of the routers that will be exchanging interior routing
information via EIGRP must be configured with the same process number.
• The show ip route eigrp command lists the routes that have been learned through EIGRP
• EIGRP uses an RTP that guarantees delivery.
• It is Cisco Proprietary Protocols and distace vector routing technology that incorporate the
best feature of link state routing but remains fully compatible with IGRP
• EIGRP incoporates the Diffusing Update Algorithem (DUAL) , which is the decision making
process for all route compuations.
• A router running EIGRP stores all feasible routes (MAX 6) to a destination in its topology
table. This allows it to switch quckly to an alternative route whenever there is a
networkchanges.
• If EIGRP cannot find an alternative route locally, it queries its neighbours to discover a route.
• It uses Protocol dependent Modules (PDMs) as the mechanism for providing support for
different routing protocol at the network layer.
• EIGRP periodically sending small hello packets, router can learn of other routers on their
directly attached networks
• EIGRP is a classless routing protocol that advertises a route mask for every destination
network.
• EIGRP uses multicast and unicast packets, rather than broadcasts for operational traffic
• When changes occur in a route, EIGRP sends partial routing updates rather than complet
routing table.
• EIGRP uses multicast and unicast packets, rahter than broadcast for operatonal traffic.
• EIGRP support route summarization at class full network boundaries by default.

• EIGRP supports supernetting or the aggreation of blocks of address
• It also permits route redistribution between domains at the process level
• EIGRP and IGRP use the same algorithem to calculste a routing metirc
• EIGRP allows you to create summary routes at arbitrary network boundaries.
• EIGRP is capable of load balancing traffic over routers that have different
• metric values, which enables better traffic flow distribution.
• EIGRP operates at the Transport layer of the OSI reference model . eigrp 88 tcp 6 and upd 17
• EIGRP supports multiaccess, point to point and non broadcast multiaccess (NBMA)
topologies
• EIGRP enables you to implement a hierarchical network design.
• EIGRP provides link to link protocol level security to avoid unauthorized access to routing
table
• Eigrp have Neighbor table , topology table , routing table and successor and feasible sucessor
table
• An Eigrp topology table contains all router advertised by neighboring routers.
• DUAL maintains a separate table for each configured routing protocol. It is select best route
• The best route to a destination is known as the successor to the destination.
• EIGRP support five Generic packet types
• Hellow, update, queries, replies, ack
• Smooth round trip timer (SRTT)
• The Retrasmit interval (RTO) is calculated on the basis of the SRTT value.
• EIGRP use the Reliable Tranport Protocol (RTP) to guarantee ordered delivery of packets to
all neighbors.
• Only those packets that require explicit ack - Query, replay and update packets – are
transmitted reliably using RTP.
• RTP is responsible for ensuring the a router can still communicate with its established
neighbors.
• RTP will retansmit an update query or replay packet up to 16 times in an attemnt to recive ack
for the packet. If no ack is recieved after the retry limit is reached, the neighbor relationship is
reset.
• EIGRP select a max of 6 primary (Sucessor) and backup (Feasible sucessor) routes per
destinaiton.
• EIGRP metrix calculate is based on K values
• K1 -> Bandwidth, K2 ---> load, K3 -> Delay k4 -> Reliablity and K5 -> MTU
•
• While IGRP uses 24 bit to represet the composite metrix, EIGRP uses 32 bits
• DUAL determines the lowest cost route by adding the advertised distace (AD) between the
next hope router and the destination to the cost between the local router an d the next hop
router.The total cost is called the feasible distance (FD)
• EIGRP supports multiple sucessors to the same destinaiton provided they have the same FD
use different next hop routers.
• All secussors are stored in the routing table.
Filtering Routes with EIGRP
• You can filter the routes that EIGRP receives on a particular interface (or subinterface) using
the distribute-list in command
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#access-list 34 deny 192.168.30.0
Router2(config)#access-list 34 permit any
Router2(config)#router eigrp 55
Router2(config-router)#distribute-list 34 in / OUT Serial0.1
Router2(config-router)#end
Disabling EIGRP on an Interface

Router1(config-router)#passive-interface Serial0/1
The passive-interface command in EIGRP prevents directly connected routers from establishing an
EIGRP neighbor relationship
EIGRP Route Summarization
Router1(config-subif)#ip summary-address eigrp 55 172.25.0.0 255.255.0.0

Router1(config-router)#no auto-summary
Summarization is one of the most powerful features of EIGRP, and one of the most frequently
overlooked ways to improve network efficiency.
OSPF can only summarize at the ABR.
Adjusting Timers
Router1(config-subif)#ip hello-interval eigrp 55 3

Router1(config-subif)#ip hold-time eigrp 55 9
• EIGRP, you can adjust the timers on one router on a link independently of what you have
configured on other interfaces on this router, or on other routers on this link.
• The default timer values for most interface types are 5 seconds for hellos and a 15-second
hold timer.
Enabling EIGRP Authentication
You want to authenticate your EIGRP traffic to ensure that no unauthorized equipment can affect
your routing tables.
Router1(config-if)#ip authentication mode eigrp 55 md5

Router1(config-if)#ip authentication key-chain eigrp 55 ORA
They just authenticate these packets using MD5.
Logging EIGRP Neighbor State Changes
Router1(config-router)#eigrp log-neighbor-changes
Limiting EIGRP's Bandwidth Utilization
You want to limit the fraction of an interface's bandwidth available to EIGRP for routing updates.
Router1(config)#interface Serial0.1
Router1(config-subif)#ip bandwidth-percent eigrp 55 40
EIGRP Stub Routing

You want to stabilize your network by sending smaller routing tables out to stub branches and
reducing the scope of EIGRP queries
Router1(config-router)#eigrp stub
It is most commonly used in hub-and-spoke network designs,
The eigrp stub command can take four different keywords:
Receive-only : The router becomes a receive-only neighbor. This router will not share its routing
information with its neighbors.
Connected : This router will only advertise connected networks. Note that you must configure the
appropriate network statements for these connected networks, or alternatively use the redistribute
connected command.
Static : The router will advertise static routes. Note that with this option you must also configure the
redistribute static command.
Summary : The router will advertise summary routes. This function is enabled by default. for details
on route summarization.
Principle of EIGRP
• Advanced distanced vector

• Loop free classless routing protocol
• Incremental update
• Load balancing across equal and unequal cost pathways
• It is work on auto summarizations and manual summarizations
• Rapid convergence
• Manual summarization at any point in the internet work.
• Automatically established neighbor relationship.
• It is work on Network layer
• It is use 50 % of BW by default.
• EIGRP uses the BW which are directly added in the neighbor router.
EIGRP (Transport Mechanism)
• EIGRRP transport mechanisam has window size of one. Each packet must be ack.
• Retransmission happen 16 times
• Hello time is 5 sec - LAN Environment
• Hold time 15 sec – LAN Environment
• Hello time is 60 Sec – WAN Environment.
• Hold time 180 Sec - WAN Environment.
• Hold time by default is three times the hello times
EIGRP DUAL
• Track all routing advertised by neigboures

• Loop free path using a successor and remember any feasibility successor
• DUAL is a formal that uses a discovery path of loop free calculation.
• converge
Kind of Packet in EIGRP
Hellow, Ack are unreliable
Query , update and Replay are reliable packet.
EIGRP Terminology
Neighbor : A router running EIGRP that is directly connected
Route Table : The routing table or list of available network and the best path. A path is
moved from topology table to the routing table when a feasible successor is identified.
Topology Table : A table that contains all the paths advertised by neighbours to all the know
networks. This is list of all the successor , feasible successor, the feasible distance , the
advertised distance and the outgoing interfaces.
Hello: Messages used to find and maintain neigbours in the topology table.
Update : An EIGRP packet containing changes information about the network. It is relable. It
is send only when there is changes in the network to affected router.
Query : Send from the router when it loses a path to a network. If there is no alternate route
(feasible successor) , it will send out queries to neighbors inquiring whether they have any
feasible successor. This make the route state change to active. It is relable.
Smooth round – Trip Time ( SRTT) : The time that the router waits after sending a packet
reliably to hear the acknowledge.
Retransmission Timeout (RTO) : RTO determine how long the router waits for the ACK
before retransmitting the packet.
Reliable Transport Protocol (RTP ) : Mechanism used to determine requirements that the
packets be delivered in sequence and guranteed.
Advertised distance : The cost of the path to the remote network from the neighbor.
Feasible Distance : The lowest cost distance to a remote network.
Successor : The next hop router that passes the FC. It is chosen from the FS as
having the lowest metric to the remote network.
Stuck in Active (SIA) : When a router has sent out network packets and is
Waiting for ACK from all neighbors. The router is active until all the ACK have
Have been received. If they do not appear after a certain time, the route is SIA for the
router.
Query Scoping : Network design to limit of the query range, that is , how far the
Query is allowed to propagate in search of a feasible successor. This is necessary
Prevent SIA.
Active: Router state when there is a network changes, but after examining the
Topology table, no FS is found. The route is set to active mode
Passive : An operational route is passive. If the path is lose, the router examines
The topology table to find the FS, If there is an FS, it is placed on routing table,
Other wise the route queries the neghbours and routes into active mode.
Advertised distance : The EIGRP metric for an EIGRP neighbor to reach a priticula network
RTP:
EIGRP uses both multicast and unicast addressing . Some of the packet are send relably.
Update , query and replay packets are must be ack by the receving neighbor . the packet are
retransmitted up to 16 times.
Stub Router
It is used on hub and spoke environment. The stub router is EIGRP is similar to On Demand
routing (ODR)
• No routing protocols are run on stub router.

• Stub router in EIGRP network use EIGRP to send limited info between the stub
router and the core router.
This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by Citrix services.
Information
Function Ports
ICA (Default) TCP: 1494

IMA TCP: 2512
CMC TCP: 2513
SSL TCP: 443
STA (IIS) TCP: 80
TCP Browsing UDP: 1604
XML (Default) TCP: 80
Citrix License Management Console TCP: 8082
Presentation Server Licensing TCP: 27000
ICA session w/ Session Reliability TCP: 2598
enabled
What are 10Base2, 10Base5 and 10BaseT Ethernet LANs
10Base2—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses
baseband
signaling, with a contiguous cable segment length of 100
meters and a maximum of 2 segments.
10Base5—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses
baseband
signaling, with 5 continuous segments not exceeding 100
meters per segment.
10BaseT—An Ethernet term meaning a maximum transfer rate of 10 Megabits per second that uses
baseband
signaling and twisted pair cabling.
BOOTP helps a diskless workstation boot. How does it get a message to the network looking for
its IP address and the location of its operating system boot files
BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a
server that gives it the IP address. The same message might contain the name of the machine that has
the boot files on it. If the boot image location is not specified, the workstation sends another UDP
message to query the server.
Explain a DNS resource record

A resource record is an entry in a name server's database. There are several types of resource records
used, including name-to-address resolution information. Resource records are maintained as ASCII
files.
What protocol is used by DNS name servers

DNS uses UDP for communication between servers. It is a better choice than TCP because of the
improved speed a connectionless protocol offers. Of course, transmission reliability suffers with UDP.
Explain the difference between interior and exterior neighbor gateways

Interior gateways connect LANs of one organization, whereas exterior gateways connect the
organization to the outside world.
Explain the HELLO protocol used for

The HELLO protocol uses time instead of distance to determine optimal routing. It is an alternative to
the Routing Information Protocol.
What are the advantages and disadvantages of the three types of routing tables
The three types of routing tables are fixed, dynamic, and fixed central. The fixed table must be
manually modified every time there is a change. A dynamic table changes its information based on
network traffic, reducing the amount of manual maintenance. A fixed central table lets a manager
modify only one table, which is then read by other devices. The fixed central table reduces the need to
update each machine's table, as with the fixed table. Usually a dynamic table causes the fewest
problems for a network
administrator, although the table's contents can change without the administrator being aware of the
change.
Explain source route

It is a sequence of IP addresses identifying the route a datagram must follow. A source route may
optionally be included in an IP datagram header.
Explain RIP (Routing Information Protocol)

It is a simple protocol used to exchange information between the routers.
Explain SLIP (Serial Line Interface Protocol)

It is a very simple protocol used for transmission of IP datagrams across a serial line.
Explain Proxy ARP

It is using a router to answer ARP requests. This will be done when the originating host believes that a
Explain OSPF
knowledge of an Internet's topology to make accurate routing decisions.
Explain Kerberos
It is an authentication service developed at the Massachusetts Institute of Technology. Kerberos uses
encryption to prevent intruders from discovering passwords and gaining unauthorized access to files.
Explain a Multi-homed Host

It is a host that has a multiple network interfaces and that requires multiple IP addresses is called as a
Multi-homed Host.
Explain NVT (Network Virtual Terminal)
It is a set of rules defining a very simple virtual terminal interaction. The NVT is used in the start of a
Telnet session.
Explain Gateway-to-Gateway protocol
It is a protocol formerly used to exchange routing information between Internet core routers.
Explain BGP (Border Gateway Protocol)

It is a protocol used to advertise the set of networks that can be reached with in an autonomous
system. BGP enables this information to be shared with the autonomous system. This is newer than
EGP (Exterior Gateway Protocol).
Explain autonomous system
It is a collection of routers under the control of a single administrative authority and that uses a
common Interior Gateway Protocol.
Explain EGP (Exterior Gateway Protocol)

that can be reached
within or via each autonomous system.
Explain IGP (Interior Gateway Protocol)

It is any routing protocol used within an autonomous system
Explain Mail Gateway

It is a system that performs a protocol translation between different electronic mail delivery protocols.
Explain multicast routing

routing.
Explain packet filter

Explain virtual path
Along any transmission path from a given source to a given destination, a group of virtual circuits can
be grouped together into what is called path.
Explain virtual channel
Virtual channel is normally a connection from one source to one destination, although multicast
connections are also permitted. The other name for virtual channel is virtual circuit
Explain logical link control
One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802
standard. This sublayer is responsible for maintaining the link between computers when they are
sending data across the physical network connection.
Why should you care about the OSI Reference Model
It provides a framework for discussing network operations and design.
Explain the difference between routable and non- routable protocols

protocols are designed to work on small, local networks and cannot be used with a router
Explain MAU
In token Ring , hub is called Multistation Access Unit(MAU).
Explain 5-4-3 rule

In a Ethernet network, between any two points on the network, there can be no more than five
network segments or four repeaters, and of those five segments only three of segments can be
populated.
Explain the difference between TFTP and FTP application layer protocols
UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file
from one host to another. It uses the services offered by TCP and so is reliable and secure. It
Explain the range of addresses in the classes of internet addresses

Class A 0.0.0.0 - 127.255.255.255
Class B 128.0.0.0 - 191.255.255.255
Class C 192.0.0.0 - 223.255.255.255
Class D 224.0.0.0 - 239.255.255.255
Class E 240.0.0.0 - 247.255.255.255
Explain the minimum and maximum length of the header in the TCP segment and IP datagram
The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes.
Explain difference between ARP and RARP
by sending a ARP query packet that includes the IP address of the receiver. The reverse address
resolution protocol (RARP) allows a host to discover its Internet address when it knows only its
physical address.
Explain ICMP
ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by
hosts and gateways to send notification of datagram problems back to the sender. It uses the echo
test / reply to test whether a destination is reachable and responding. It also handles both control and
error messages
What are the data units at different layers of the TCP / IP protocol suite
called the datagram, at the data link layer the datagram is encapsulated in to a frame and
finally transmitted as signals along the transmission media.
Explain Project 802

It is a project started by IEEE to set standards that enable intercommunication between equipment
from a variety of manufacturers. It is a way for specifying functions of the physical layer, the data link
layer and to some extent the network layer to allow for interconnectivity of major LAN protocols.
It consists of the following:
802.1 is an internetworking standard for compatibility of different LANs and MANs across protocols.
802.2 Logical link control (LLC) is the upper sublayer of the data link layer which is non-
architecture-specific, that is remains the same for all IEEE-defined LANs.
Media access control (MAC) is the lower sublayer of the data link layer that contains some distinct
modules each carrying proprietary information specific to the LAN product being used. The modules
are Ethernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).
802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.
Explain Bandwidth
Every line has an upper limit and a lower limit on the frequency of signals it can carry. This limited
range is called the bandwidth.
Difference between bit rate and baud rate.
Bit rate is the number of bits transmitted during one second whereas baud rate refers to the number of
signal units per second that are required to represent those bits. baud rate = bit rate / N where N is no-
of-bits represented by each signal shift.
Explain MAC address
The address for a device as it is identified at the Media Access Control (MAC) layer in the network
architecture. MAC address is usually stored in ROM on the network adapter card and is unique.
Explain attenuation
The degeneration of a signal over distance on a network cable is called attenuation.
Explain cladding
A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.
Explain RAID
A method for providing fault tolerance by using multiple hard disk drives.
Explain NETBIOS and NETBEUI

remote computer and it hides the networking hardware from applications. NETBEUI is NetBIOS
extended user interface. A transport protocol designed by microsoft and IBM for the use on small
subnets.
Explain redirector
Redirector is software that intercepts file or prints I/O requests and translates them into network
requests. This comes under presentation layer
Explain Beaconing
The process that allows a network to self-repair networks problems. The stations on the network
notify the other stations on the ring when they are not receiving the transmissions. Beaconing is used
in Token ring and FDDI networks.
Explain terminal emulation, in which layer it comes
Explain frame relay, in which layer it comes

Frame relay is a packet switching technology. It will operate in the data link layer.
What do you meant by "triple X" in Networks

The function of PAD (Packet Assembler Disassembler) is described in a document known as X.3. The
standard protocol has been defined between the terminal and the PAD, called X.28; another standard
protocol exists between hte PAD and the network, called X.29. Together, these three
recommendations are often called "triple X"
Explain SAP
Series of interface points that allow other computers to communicate with the other layers of network
protocol stack.
Explain subnet
A generic term for section of a large networks usually separated by a bridge or router.
Explain Brouter
Hybrid devices that combine the features of both bridges and routers.
How Gateway is different from Routers
A gateway operates at the upper levels of the OSI model and translates information between two
completely different network architectures or data formats.
What are the different type of networking / internetworking devices

Repeater: Also called a regenerator, it is an electronic device that operates only at physical layer. It
receives the signal in the network before it becomes weak, regenerates the original bit pattern and puts
the refreshed copy back in to the link.
Bridges: These operate both in the physical and data link layers of LANs of same type. They divide a
larger network in to smaller segments. They contain logic that allow them to keep the traffic for each
segment separate and thus are repeaters that relay a frame only the side of the segment containing the
intended recipent and control congestion.
Routers: They relay packets among multiple interconnected networks (i.e. LANs of different type).
They operate in the physical, data link and network layers. They contain software that enable them to
determine which of the several possible paths is the best for a particular transmission.
Gateways:
They relay packets among networks that have different protocols (e.g. between a LAN and a WAN).
They accept a packet formatted for one protocol and convert it to a packet formatted for another
protocol before forwarding it. They operate in all seven layers of the OSI model.
Explain mesh network
A network in which there are multiple network links between computers to provide multiple paths for
data to travel
Explain passive topology

When the computers on the network simply listen and receive the signal, they are referred to as
passive because they don’t amplify the signal in any way. Example for passive topology - linear bus.
What are the important topologies for networks

BUS topology:
In this each computer is directly connected to primary network cable in a single line.
Advantages:
Inexpensive, easy to install, simple to understand, easy to extend.
STAR topology:
In this all computers are connected using a central hub.
Advantages:
Can be inexpensive, easy to install and reconfigure and easy to trouble shoot physical problems.
RING topology:
In this all computers are connected in loop.
Advantages:
All computers have equal access to network media, installation can be simple, and signal does not
degrade as much as
in other topologies because each computer
regenerates it.
What are major types of networks and explain

Server-based network
Peer-to-peer network
Peer-to-peer network, computers can act as both servers sharing resources and as clients using the
resources.
Server-based networks provide centralized control of network resources and rely on server computers
to provide security and network administration
Explain difference between baseband and broadband transmission

In a baseband transmission, the entire bandwidth of the cable is consumed by a single signal. In
broadband transmission, signals are sent on multiple frequencies, allowing multiple signals to be sent
simultaneously.
What are the possible ways of data exchange
(i) Simplex (ii) Half-duplex (iii) Full-duplex.
What are the types of Transmission media

Signals are usually transmitted over some transmission media that are broadly classified in to two
categories.
Guided Media:
These are those that provide a conduit from one device to another that include twisted-pair, coaxial
cable and fiber-optic cable. A signal traveling along any of these media is directed and is contained by
the physical limits of the medium. Twisted-pair and coaxial cable use metallic that accept
and transport signals in the form of electrical current. Optical fiber is a glass or plastic cable that
accepts and transports signals in the form of light.
Unguided Media:
This is the wireless media that transport electromagnetic waves without using a physical conductor.
Signals are broadcast either through air. This is done through radio communication, satellite
communication and cellular telephony.
Explain point-to-point protocol
A communications protocol used to connect computers to remote networking services including
Internet service providers.
What are the two types of transmission technology available

(i) Broadcast and (ii) point-to-point
Difference between the communication and transmission.
Transmission is a physical movement of information and concern issues like bit polarity,
synchronization, clock etc. Communication means the meaning full exchange of information between
two communication media
Cisco Switch
VLAN Trunking Protocol
• VLAN Trunking Protocol (VTP) is a Cisco Layer 2 messaging protocol that manages the
addition, deletion, and renaming of VLANs on a network-wide basis.
• Virtual Local Area Network (VLAN) Trunk Protocol (VTP) reduces administration in a
switched network.
• When you configure a new VLAN on one VTP server, the VLAN is distributed through all
switches in the domain. This reduces the need to configure the same VLAN everywhere.
VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst Family
products.
• VTP ensures that all switches in the VTP domain are aware of all VLANs.
• All Cisco Catalyst switches are configured to be VTP servers.
Modes of Operation
Server
In VTP server mode, you can create, modify, and delete VLANs and specify other configuration
parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise
their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN
configuration with other switches based on advertisements received over trunk links. VTP server is
the default mode.
Transparent
VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its
VLAN configuration and does not synchronize its VLAN configuration based on received
advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that
they receive out their trunk ports.
Client
VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on
a VTP client.
Upon receipt of an advertisement request, a VTP device sends a summary advertisement, followed by
one or more subset advertisements.
What is bandwidth aggregation?
The use of multiple modems to achieve aggregate bandwidth equivalent to broadband solutions is
both available and affordable to most users today.
The amount of time it takes to download web pages or other information from the Internet depends on
a number of factors including Internet access bandwidth limitations, ISP performance restrictions,
general Internet congestion and remote host response time. Often, the weakest link in this chain is the
bandwidth between your computer and the Internet, also known as Internet access bandwidth. To
many Internet users, increasing this bandwidth involves getting a broader bandwidth connection,
sometimes at considerable expense. If no low cost broadband alternative is available in your area, the
only way forward from a 56Kbps modem is ISDN or leased line. Both of these alternatives can be
very costly.
It is possible however to have more than one connection between your computer and the Internet, and
to combine them to accumulate bandwidth. Techniques that accomplish this task are collectively
referred to in this document as "bandwidth aggregation". Although bandwidth aggregation may occur
in many different contexts, the scope of this document is limited to the aggregation of Internet access
bandwidth. Two techniques will be examined in detail, Multilink and Connection Teaming.
What is bonding?
Data is broken up into manageable packets for Internet delivery.
Multiple bonded connections behave like a single connection. Suppose for example that a web server
sends an image to a web browser. This image would be broken up into several packets by the server
operating system because a single packet would be much too large for routers and network
components to handle.
a) Web server sends image to web browser.

b) TCP stack on web server computer breaks data into packets for delivery.
c) Packets are delivered to web browser over bonded link.
d) TCP stack on web browser computer reassembles packets into image.
e) Web browser displays image.
If part of the route between the server and the browser were composed of bonded multiple links, the
packets that made up the image could alternately travel over one or the other of the component links.
Neither the web server nor the web browser would be aware of this. From a functional point of view
there is only one link. The component links are said to be bonded.
3. What is PPP Multilink?
PPP Multilink can give you aggregate bandwidth equal to the sum of the individual physical
connections.
The PPP Multilink Protocol (MP) is an extended version of PPP (Point to Point Protocol). It has the
ability to bond two or more simultaneous parallel connections. The resulting virtual connection has
bandwidth equal to the sum of the separate connections.
PPP Packets contain information used to recombine and sequence them.

MP may fragment the packets if needed to meet the MTU (Maximum Transmit Unit) value, or
alternatively send whole packets over the available links. MP transmits each individual packet or
fragment along the first available link, along with extra information to enable the receiving end to
recombine the fragments into a single packet for onward routing.
How does PPP Multilink work?
PPP Multilink splits a single PPP connection into two separate physical links, then recombines them
in the correct sequence. To accomplish this it is necessary to have an MP compliant hardware device
or software program at either end of the link. The functions performed by MP are as follows:
• originating MP receives packets

• optionally fragments them
• determines which is the next available link
• adds a PPP Multilink header containing sequencing and other information
• forwards packet or packet fragments over available links
• receiving MP receives packets or packet fragment
• removes MP header
• reconstitutes fragments into whole packets
• forwards packets to IP address
The result is a smooth distribution of traffic over available links even when they vary considerably in
capacity or when available bandwidth fluctuates greatly.
What are the limitations of PPP Multilink?
Because PPP Multilink uses bonding, all the bonded links must originate and terminate on the same
pair of endpoints so that they can split and recombine the data streams. Both the endpoints must use
PPP Multilink.
In plain terms, this means that to use Mulitilink PPP, your ISP must have hardware or software that
supports Multilink for the type of connection you are using and must offer this service to their
subscribers. Not all connection types are supported. You may be using MP over a particular type of
modem but your ISP may not have the corresponding hardware. Most ISDN enabled ISPs offer MP to
bond the two B channels. Many offer bonding of V.90 modems as well. If you wish to bond any other
connection type such as DSL, this can be done with very expensive hardware routing solutions, but
these are not within the reach of most end users, and few ISPs support them.
To the best of our knowledge at the time of this writing, the majority of ISPs do not have any support
for PPP Multilink with any type of connection other than ISDN.
What are the advantages of PPP Multilink?
The major advantage of PPP Multilink is that it is a public standard, and therefore offers
interoperability among vendors, in theory at least. It also has the benefit that even a single TCP/IP
connection, for example an FTP download, can take advantage of multiple links. If you download a
file over a PPP Multilink connection with two identical bonded links, the file will download twice as
fast. Neither the FTP client nor the server will be aware that there is a Multilink connection in the
middle. Similarly, any protocol that requires a single connection between host and client, such as
terminal emulation, will benefit from bandwidth aggregation offered by Multilink because of this
transparency.
What is Connection Teaming? Unlike PPP Multilink, Connection Teaming links are not terminated
on pairs of end points.
Connection Teaming is a form of bandwidth aggregation that does not bond links. It sets up and
maintains individual TCP/IP sessions along multiple links using standard protocols. A Connection
Teaming server between the LAN and the Internet receives requests from LAN clients and forwards
them along the next available connection. LAN browsers and other clients do not need to know which
connection is used to forward their requests to the Internet. Unlike bonded links, however, individual
requests are not split across multiple links then recombined again. Each request must follow one of
the available data paths.
How does Connection Teaming work?
A Connection Teaming server is situated on the user's LAN, as part of the routing software between
the user and the Internet. When a TCP session is opened, the server uses the link with the lowest
amount of traffic. The many HTTP, FTP or other TCP sessions that are opened by LAN computers
are distributed to all of the available connections this way. The result is a relatively even distribution
of Internet traffic across the available links, and a significant increase in effective throughput.
What are the limitations of Connection Teaming?
The primary limitation of Connection Teaming comes from the fact that it does not split up individual
requests. A single user downloading a large file will not experience any improvement with
Connection Teaming. Some teaming solutions do allow FTP delivery over multiple links. This would
not apply however, to a single large graphic delivered via HTTP.
What is a firewall?
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It may be a hardware device running
on a secure host computer. In either case, it must have at least two network interfaces, one for the
network it is intended to protect, and one for the network it is exposed to. A firewall sits at the
junction point or gateway between the two networks, usually a private network and a public network
such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact
that by segmenting a network into different physical subnetworks, they limited the damage that could
spread from one subnet to another just like firedoors or firewalls.
What does a firewall do?

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it
does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and
outbound traffic. It can also manage public access to private networked resources such as host
applications. It can be used to log all attempts to enter the private network and trigger alarms when
hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address filtering. Firewalls can also filter
specific types of network traffic. This is also known as protocol filtering because the decision to
forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet.
Firewalls can also filter traffic by packet attribute or state.
What can't a firewall do?
A firewall cannot prevent individual users with modems from dialling into or out of the network,
bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by
firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly
enforced. These are management issues that should be raised during the planning of any security
policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were
accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc.,
GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech
methods such as IP spoofing (see question 10). They used a combination of social engineering and
dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People
are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests,
is just plain old looking through company trash. Firewalls cannot be effective against either of these
techniques.
Who needs a firewall?
Anyone who is responsible for a private network that is connected to a public network needs firewall
protection. Furthermore, anyone who connects so much as a single computer to the Internet via
modem should have personal firewall software. Many dial-up Internet users believe that anonymity
will protect them. They feel that no malicious intruder would be motivated to break into their
computer. Dial up users who have been victims of malicious attacks and who have lost entire days of
work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible
pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity
presents itself.
How does a firewall work?

There are two access denial methodologies used by firewalls. A firewall may allow all traffic through
unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria . The type of
criteria used to determine whether traffic should be allowed through varies from one type of firewall
to another. Firewalls may be concerned with the type of traffic, or with source or destination
addresses and ports. They may also use complex rule bases that analyse the application data to
determine if the traffic should be allowed through. How a firewall determines what traffic to let
through depends on which network layer it operates at. A discussion on network layers and
architecture follows.
What different types of firewalls are there?
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level
gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They
are usually part of a router. A router is a device that receives packets from one network and forwards
them to another network. In a packet filtering firewall each packet is compared to a set of criteria
before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet,
forward it or send a message to the originator. Rules can include source and destination IP address,
source and destination port number and protocol used. The advantage of packet filtering firewalls is
their low cost and low impact on network performance. Most routers support packet filtering. Even if
other firewalls are used, implementing packet filtering at the router level affords an initial degree of
security at a low network layer. This type of firewall only works at the network layer however and
does not support sophisticated rule based models . Network Address Translation (NAT) routers offer
the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the
firewall, and offer a level of circuit-based filtering.
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They
monitor TCP handshaking between packets to determine whether a requested session is legitimate.
Information passed to remote computer through a circuit level gateway appears to have originated
from the gateway. This is useful for hiding information about protected networks. Circuit level
gateways are relatively inexpensive and have the advantage of hiding information about the private
network they protect. On the other hand, they do not filter individual packets.
Application level gateways, also called proxies, are similar to circuit-level gateways except that they
are application specific. They can filter packets at the application layer of the OSI model. Incoming or
outgoing packets cannot access services for which there is no proxy. In plain terms, an application
level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other
traffic through. Because they examine packets at application layer, they can filter application specific
commands such as http:post and get, etc. This cannot be accomplished with either packet filtering
firewalls or circuit level neither of which know anything about the application level information.
Application level gateways can also be used to log user activity and logins. They offer a high level of
security, but have a significant impact on network performance. This is because of context switches
that slow down network access dramatically. They are not transparent to end users and require manual
configuration of each client computer.
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They
filter packets at the network layer, determine whether session packets are legitimate and evaluate
contents of packets at the application layer. They allow direct connection between client and host,
alleviating the problem caused by the lack of transparency of application level gateways. They rely on
algorithms to recognize and process application layer data instead of running application specific
proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and
transparency to end users. They are expensive however, and due to their complexity are potentially
less secure than simpler types of firewalls if not administered by highly competent personnel.
What is IP spoofing?
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A
firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious
cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the
firewall. If the firewall thought that the packets originated from a trusted host, it may let them through
unless other criteria failed to be met. Of course the cracker would need to know a good deal about the
firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology
alone will not solve all security problems. Responsible management of information is essential. One
of Courtney's laws sums it up: "There are management solutions to technical problems, but no
technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such
as IPSec. This methodology involves encryption of the data in the packet as well as the source
address. The VPN software or firmware decrypts the packet and the source address and performs a
checksum. If either the data or the source address have been tampered with, the packet will be
dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the
firewall.
Firewall related problems
Firewalls introduce problems of their own. Information security involves constraints, and users don't
like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain
services. The vendors of information technology are constantly telling us "anything, anywhere, any
time", and we believe them naively. Of course they forget to tell us we need to log in and out, to
memorize our 27 different passwords, not to write them down on a sticky note on our computer screen
and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating
the single point of failure phenomenon. The alternatives however are either no Internet access, or no
security, neither of which are acceptable in most organizations.
What Is NAT?
The Internet is expanding at an exponential rate. As the amount of information and resources
increases, it is becoming a requirement for even the smallest businesses and homes to connect to the
Internet. Network Address Translation (NAT) is a method of connecting multiple computers to the
Internet (or any other IP network) using one IP address. This allows home users and small businesses
to connect their network to the Internet cheaply and efficiently.
The impetus towards increasing use of NAT comes from a number of factors:
• A world shortage of IP addresses

• Security needs
• Ease and flexibility of network administration
IP Addresses
In an IP network, each computer is allocated a unique IP address. In the current version of IP

protocol, IP version 4, an IP address is 4 bytes. The addresses are usually written as x1.x2.x3.x4, with
x1, x2, x3 and x4 each describing one byte of the address. For example, address 16843009 (hex
1010101) is written as 1.1.1.1, since each byte of this address has a value of 1.
Since an address is 4 bytes, the total number of available addresses is 2 to the power of 32 =
4,294,967,296. This represents the TOTAL theoretical number of computers that can be directly
connected to the Internet. In practice, the real limit is much smaller for several reasons.
Each physical network has to have a unique Network Number, comprising some of the bits of the IP
address. The rest of the bits are used as a Host Number to uniquely identify each computer on that
network. The number of unique Network Numbers that can be assigned in the Internet is therefore
much smaller than 4 billion, and it is very unlikely that all of the possible Host Numbers in each
Network Number are fully assigned.
An address is divided into two parts: a network number and a host number. The idea is that all
computers on one physical network will have the same network number - a bit like the street name,
the rest of the address defines an individual computer - a bit like house numbers within a street. The
size of the network and host parts depends on the class of the address, and is determined by address'
network mask. The network mask is a binary mask with 1s in the network part of the address, and 0 in
the host part.
Most class A and B addresses have already been allocated, leaving only class C available. This means
that total number of available addresses on the Internet is 2,147,483,774. Each major world region has
an authority which is given a share of the addresses and is responsible for allocating them to Internet
Service Providers (ISPs) and other large customers. Because of routing requirements, a whole class C
network (256 addresses) has to be assigned to a client at a time; the clients (e.g.. ISPs) are then
responsible for distributing these addresses to their customers.
While the number of available addresses seems large, the Internet is growing at such a pace that it will
soon be exhausted. While the next generation IP protocol, IP version 6, allows for larger addresses, it
will take years before the existing network infrastructure migrates to the new protocol.
Because IP addresses are a scarce resource, most Internet Service Providers (ISPs) will only allocate
one address to a single customer. In majority of cases this address is assigned dynamically, so every
time a client connects to the ISP a different address will be provided. Big companies can buy more
addresses, but for small businesses and home users the cost of doing so is prohibitive. Because such
users are given only one IP address, they can have only one computer connected to the Internet at one
time. With an NAT gateway running on this single computer, it is possible to share that single address
between multiple local computers and connect them all at the same time. The outside world is
unaware of this division and thinks that only one computer is connected.
Security Considerations Many people view the Internet as a "one-way street"; they forget that while
their computer is connected to the Internet, the Internet is also connected to their computer. That
means that anybody with Net access can potentially access resources on their computers (such as files,
email, company network etc). Most personal computer operating systems are not designed with
security in mind, leaving them wide open to attacks from the Net. To make matters worse, many new
software technologies such as Java or Active X have actually reduced security since it is now possible
for a Java applet or Active X control to take control of a computer it is running on. Many times it is
not even possible to detect that such applets are running; it is only necessary to go to a Web site and
the browser will automatically load and run any applets specified on that page.
The security implications of this are very serious. For home users, this means that sensitive personal
information, such as emails, correspondence or financial details (such as credit card or cheque
numbers) can be stolen. For business users the consequences can be disastrous; should confidential
company information such as product plans or marketing strategies be stolen, this can lead to major
financial losses or even cause the company to fold.
To combat the security problem, a number of firewall products are available. They are placed between
the user and the Internet and verify all traffic before allowing it to pass through. This means, for
example, that no unauthorised user would be allowed to access the company's file or email server. The
problem with firewall solutions is that they are expensive and difficult to set up and maintain, putting
them out of reach for home and small business users.
NAT automatically provides firewall-style protection without any special set-up. That is because it
only allows connections that are originated on the inside network. This means, for example, that an
internal client can connect to an outside FTP server, but an outside client will not be able to connect to
an internal FTP server because it would have to originate the connection, and NAT will not allow
that. It is still possible to make some internal servers available to the outside world via inbound
mapping, which maps certain well know TCP ports (e.g.. 21 for FTP) to specific internal addresses,
thus making services such as FTP or Web available in a controlled way.
Many TCP/IP stacks are susceptible to low-level protocol attacks such as the recently-publicised
"SYN flood" or "Ping of Death". These attacks do not compromise the security of the computer, but
can cause the servers to crash, resulting in potentially damaging "denials of service". Such attacks can
cause abnormal network events that can be used as a precursor or cloak for further security breaches.
NATs that do not use the host machine protocol stack but supply their own can provide protection
from such attacks:
Administrative Considerations
IP networks are more difficult to set up than local desktop LANs; each computer requires an IP
address, a subnet mask, DNS address, domain name, and a default router. This information has to be
entered on every computer on the network; if only one piece of information is wrong, the network
connection will not function and there is usually no indication of what is wrong. In bigger networks
the task of co-ordinating the distribution of addresses and dividing the network into subnets is so
complicated that it requires a dedicated network administrator.
NAT can help network administration in several ways:
• It can divide a large network into several smaller ones. The smaller parts expose only one IP
address to the outside, which means that computers can be added or removed, or their
addresses changed, without impacting external networks. With inbound mapping, it is even
possible to move services (such as Web servers) to a different computer without having to do
any changes on external clients.
• Some modern NAT gateways contain a dynamic host configuration protocol (DHCP) server.
DHCP allows client computers to be configured automatically; when a computer is switched
on, it searches for a DHCP server and obtains TCP/IP setup information. Changes to network
configuration are done centrally at the server and affect all the clients; the administrator does
not need to apply the change to every computer in the network. For example, if the DNS
server address changes, all clients will automatically start using the new address the next time
they contact the DHCP server.
• Many NAT gateways provide for a way to restrict access to the Internet.
• Another useful feature is traffic logging; since all the traffic to and from the Internet has to
pass through a NAT gateway, it can record all the traffic to a log file. This file can be used to
generate various traffic reports, such as traffic breakdown by user, by site, by network
connection etc.
• Since NAT gateways operate on IP packet-level, most of them have built-in internetwork
routing capability. The internetwork they are serving can be divided into several separate sub
networks (either using different backbones or sharing the same backbone) which further
simplifies network administration and allows more computers to be connected to the network:
To summarise, a NAT gateway can provide the following benefits:
• Firewall protection for the internal network; only servers specifically designated with
"inbound mapping" will be accessible from the Internet
• Protocol-level protection
• Automatic client computer configuration control
• Packet level filtering and routing
NAT and Proxies
A proxy is any device that acts on behalf of another. The term is most often used to denote Web
proxying. A Web proxy acts as a "half-way" Web server: network clients make requests to the proxy,
which then makes requests on their behalf to the appropriate Web server. Proxy technology is often
seen as an alternative way to provide shared access to a single Internet connection. The main benefits
of Web proxying are:
• Local caching: a proxy can store frequently-accessed pages on its local hard disk; when these
pages are requested, it can serve them from its local files instead of having to download the
data from a remote Web server. Proxies that perform caching are often called caching proxy
servers.
• Network bandwidth conservation: if more than one client requests the same page, the proxy
can make one request only to a remote server and distribute the received data to all waiting
clients.
Both these benefits only become apparent in situations where multiple clients are very likely to access
the same sites and so share the same data.
Unlike NAT, Web proxying is not a transparent operation: it must be explicitly supported by its
clients. Due to early adoption of Web proxying, most browsers, including Internet Explorer and
Netscape Communicator, have built-in support for proxies, but this must normally be configured on
each client machine, and may be changed by the naive or malicious user.
Web proxying has the following disadvantages:
• Web content is becoming more and more dynamic, with new developments such as streaming
video & audio being widely used. Most of the new data formats are not cacheable, eliminating
one of the main benefits of proxying.
• Clients have to be explicitly set to use Web proxying; whenever there is a change (e.g. proxy
is moved to a new IP address) each and every client has to be set up again.
• A proxy server operates above the TCP level and uses the machine's built-in protocol stack.
For each Web request from a client, a TCP connection has to be established between the
client and the proxy machine, and another connection between the proxy machine and the
remote Web server. This puts lot of strain on the proxy server machine; in fact, since Web
pages are becoming more and more complicated the proxy itself may become bottleneck on
the network. This contrasts with a NAT which operates on packet level and requires much
less processing for each connection.
NAT Operation
The basic purpose of NAT is to multiplex traffic from the internal network and present it to the
Internet as if it was coming from a single computer having only one IP address.
The TCP/IP protocols include a multiplexing facility so that any computer can maintain multiple
simultaneous connections with a remote computer. It is this multiplexing facility that is the key to
single address NAT.
To multiplex several connections to a single destination, client computers label all packets with
unique "port numbers". Each IP packet starts with a header containing the source and destination
addresses and port numbers:
Source address Source port Destination address Destination port
This combination of numbers completely defines a single TCP/IP connection. The addresses specify
the two machines at each end, and the two port numbers ensure that each connection between this pair
of machines can be uniquely identified.
Each separate connection is originated from a unique source port number in the client, and all reply
packets from the remote server for this connection contain the same number as their destination port,
so that the client can relate them back to its correct connection. In this way, for example, it is possible
for a web browser to ask a web server for several images at once and to know how to put all the parts
of all the responses back together.
A modern NAT gateway must change the Source address on every outgoing packet to be its single
public address. It therefore also renumbers the Source Ports to be unique, so that it can keep track of
each client connection. The NAT gateway uses a port mapping table to remember how it renumbered
the ports for each client's outgoing packets. The port mapping table relates the client's real local IP
address and source port plus its translated source port number to a destination address and port. The
NAT gateway can therefore reverse the process for returning packets and route them back to the
correct clients.
When any remote server responds to an NAT client, incoming packets arriving at the NAT gateway
will all have the same Destination address, but the destination Port number will be the unique Source
Port number that was assigned by the NAT. The NAT gateway looks in its port mapping table to
determine which "real" client address and port number a packet is destined for, and replaces these
numbers before passing the packet on to the local client.
This process is completely dynamic. When a packet is received from an internal client, NAT looks for
the matching source address and port in the port mapping table. If the entry is not found, a new one is
created, and a new mapping port allocated to the client:
• Incoming packet received on non-NAT port

• Look for source address, port in the mapping table
• If found, replace source port with previously allocated mapping port
• If not found, allocate a new mapping port
• Replace source address with NAT address, source port with mapping port
Packets received on the NAT port undergo a reverse translation process:
• Incoming packet received on NAT port

• Look up destination port number in port mapping table
• If found, replace destination address and port with entries from the mapping table
• If not found, the packet is not for us and should be rejected
Each client has an idle time-out associated with it. Whenever new traffic is received for a client, its
time-out is reset. When the time-out expires, the client is removed from the table. This ensures that
the table is kept to a reasonable size. The length of the time-out varies, but taking into account traffic
variations on the Internet should not go below 2-3 minutes. Most NAT implementations can also track
TCP clients on a per-connection basis and remove them from the table as soon as the connection is
closed. This is not possible for UDP traffic since it is not connection based.
Many higher-level TCP/IP protocols embed client addressing information in the packets. For
example, during an "active" FTP transfer the client informs the server of its IP address & port number,
and then waits for the server to open a connection to that address. NAT has to monitor these packets
and modify them on the fly to replace the client's IP address (which is on the internal network) with
the NAT address. Since this changes the length of the packet, the TCP sequence/acknowledge
numbers must be modified as well. Most protocols can be supported within the NAT; some protocols,
however, may require that the clients themselves are made aware of the NAT and that they participate
in the address translation process. [Or the NAT must be protocol-sensitive so that it can monitor or
modify the embedded address or port data]
Because the port mapping table relates complete connection information - source and destination
address and port numbers - it is possible to validate any or all of this information before passing
incoming packets back to the client. This checking helps to provide effective firewall protection
against Internet-launched attacks on the private LAN.
Each IP packet also contain checksums that are calculated by the originator. They are recalculated and
compared by the recipient to see if the packet has been corrupted in transit. The checksums depend on
the contents of the packet. Since the NAT must modify the packet addresses and port numbers, it must
also recalculate and replace the checksums. Careful design in the NAT software can ensure that this
extra processing has a minimal effect on the gateway's throughput. Before doing so it must check for,
and discard, any corrupt packets to avoid converting a bad packet into a good one.
What is DSL?
DSL refers to a class of technology used to obtain more bandwidth over existing copper telephone
cabling running between a customer's premises and a Telco's Central Office. DSL allows
simultaneous voice and high-speed data services such as super fast Internet access over a single pair
of copper telephone wires. There are several variations of 'DSL' that include:
ADSL -
Asymmetric Digital Subscriber Line
R-ADSL -
Rate-Adaptive Digital Subscriber Line
High Bit-Rate Digital Subscriber Line
HDSL -
Very High Bit-Rate Digital Subscriber Line
VDSL -
Symmetric Digital Subscriber Line
SDSL -
As the saying goes, 'there is no such thing as a free lunch' and a Telco must make compromises
between costs, distance, speeds, reliability, equipment, etc when implementing or offering 'DSL'
services. Each variation of 'DSL' reflects the different compromises made by Telco's when deciding
how far and how fast data can flow on a particular kind of subscriber line.
What is a DSL modem?
a DSL "modem" is a device that is placed at either end of the copper phone line to allow a computer
(or LAN) to be connected to the Internet through a DSL connection. Unlike a dial up connection, it
usually does not require a dedicated phone line (a POTS splitter box enables the line to be shared
simultaneously). DSL is considered to be the next generation of modem technology. Although DSL
modems resemble conventional analogue modems they provide much higher throughput.
General Networking.
 A routing protocol is a set of rules that describe how layer -3 routing device send update
between each other above the available network.
 The adminstrave distance is used to select with protocol will update the routing table.
 Classfull routing protocol do not carry the subnet or routing mask in the update.
 The stub router is configured with default route and no routing protocol running.
 Subnetmask : subnetmast extract the network portion of the address from the whole ip address
is by using AND operation.
BGP
Characterstic of BGP
 It is path vector routing protocol

 BGP support variable length subnet mask VLSM , class less interdomain routing (CIDR) and
summarization
 Full update are sent at the start of the session, triggered update send subsequently
 It use TCP – 179
 BGP works as an external routing protocol.
 BGP is connection oriented
Advantage of 7200 Router.
 Quality of service feature

 Utilztion VPN accelarton module (VAM2),
 The cisco 7301 and 7200 series vpn router deliver IP sec encryption scalability to 145
mbps for the most demanding head end , site to site vpn deployment
 It is integrated security solution ipsec , firewall and IDS
OSPF
OSPF Fundamentals
• It is using SPF algorithm, making it a link state routing protocol.
OSPF Terminology
Adjacency: Formed when two neighboring routers have exchanged information and have the
same topology table. The database are synchronized, and they both see the same networks
Area : A group of router that share the same area ID. Each router in the area has the same
topology table.
Autonomous System: Router that share the same routing protocol within the organization.
Backup Designated Router (BDR) : The backup to the designated router (DR) , in case the DR
fails.
Designated Router (DR) : Router responsible for making adjacencies with all neighbors on the
multi access network.
Dijkstra Algorithm : A complex algorithm used by routers running link- state routing protocols
to find the shortest path to the destination.
Flood : When Network information is flooded, it is send to every network device in the domain.
Fully adjacency: When the routing tables of the two neighbors are fully synchronized.
Init State : State is which hello packet has been sent from router, which is waiting for a replay to
established two way communication.
Internal Router : A router that has all its interface in the same area.
Link state Request (LSR) : When the router receives a DDP complete with a partial LSA, it
compare the summarized info against the topological database. If either the LSA is not present , it
wil reqest further info.
Neighbor: A router on the same link with whom routing information is exchanged.
Priority : A Cisco tool by which the DR can be manually elected.
Shortest Pat First (SPF) : The same as Dijkstra algorithem, which is the algorithem used to find
the shortest path.
Topology Table : The same as a link state database. The table contains every link in the wider
network.
Dynamic election of DR : The Selection is made on the basic of the highest router ID or IP
address present on the network segment.
Hello Protocol : used to find neighbors and to determine the designated and BDR.
Database Descriptor : Used to send summary info to neighbors to synchronize topology table.
LSR : Works as a reqest for more detaile info.
Fiding Neighbors with the Exchange Process.
The Down State : The new router is in a down state. This is sent out as a hello to the multicase
address 224.0.0.5
The Init State : The new router waits for a replay. This is 4 times length of the hello timer.
The two way state : The new router sees its own router ID in the list of neighbors, and a neighbor
relashonship is established.
The stage of updating the router about the OSPF network
1. Down
2. Init
3. 2way
4. Exstart
5. Exchange
6. Loading
7. Full
Page 250
OSPF
 Open standard Protocol

 It is link state routing protocol
 LSA propagate to all neighbors device using a special multicast address
 Each propagate to all neighbors device using a special multicast address
 Each router device takes a copy of the LSA, update at link database and forward LSA to all
neighbor devices.
 LSA stored on topology table, also called Link state database
Link state router keep track of following

1. There neighbors
2. All router with in same area
3. Best path towards designation
Link state data structure
1. Neigbour table
2. Topology table
3. Routing table
Switch
• Packet are forward at layer -1

• Packet are forward with security control and quality of service (QOS) using layer -3 address
info
• Layer -3 switch are design and examin and forward packet in high speed lan environment
• Layer -4 switch
• LAN Expansion Module (LEM).
WAN Connection type
• Dedicated
• on demand
Switching
1. Circuit Switching
2. Packet Switching
Date Rate
narrow Band
Broad Band
wan Connection type
Dedicated Circuit switched
on demand circuit switched
packet switched virtual circuit
broadband access
ROUTING FUNDAMENTALS...
1. Routing is the process of transporting data traffic from one device to another across a
network.
2. A router is the device that forward a traffic acrross the network
3. Routing involves learning the network topology and maintain information on it. And
Switching s the actual movement of traffic by the router
4. Administrative distance is used by routers to select the best learning mechanism.
5. Cisco IOS can configure a maximum of six equal metrix paths
IP Access Lists
1. 1.Access list can be applied to both inbound and outbound packets on an terface.The process
is called Packet filering.
2. Access list can be specified for particular protocols they can be standard or exextended
3. There are two main types of access list for ip Standard and extanded.
Standard Access list
Standard access list are used to permits or denay packets by indentifying the source ip
address of the packet
Extended Access list
Extended access list provede a higher degree of control by filtering traffic accroding to
source address, des addresss, ip protocol, port info,
IP standard Range 1 -99
IP extended range 100 -199
Layer 2 Switching
1. A table of MAC address and their associated bridges switch ports in build and
maintained
2. Broadcast and multicast frames are flooded out to all ports
3. Frame destination to unknown location are flooded out to all ports
4. Switch must forward brad cast domain to all ports ( Draw back)
5. STP can have a slow convergence time with the switch topology changes
Layer 3 Switching
1. Packet are forward between Network based on layer 3 address

2. an optimal path has been take to next router
3. An optimal path can eb chosed at any position
4. A route must examine each packet layer -3 header before make a router destination.
5. packet forward involves a table involves table lookup to the destination outward , next
hop route address and route own outbound interface
6. Route do now forward a packet , and it forward multicast packet.
Layer 3 Switching
1. Packet are forward at layer -3

2. packet are forward with security control and quality of service (Qos) using layer -3
address info
3. layer -3 switch are design and examin and forward packet in high speed LAN
environment
Layer -4 switching
1. Packet are forward using hardware baed on layer -3 addressing and layer -4 aapplicion
info.
2. Layer -4 protocol type (TCP, UDP) in packet hedder are examined
3. Lyaer -4 segment examined applion port no
4. Traffic can be prioritized according to soruce and destenaion address and QoS also
defiend in layers
5. Layer -2 and layer -3 device have forward table based on MAC address
6. Layer -4 must keep trace of application protocol.
IBM interview Question
1. Statefull inspection
2. Rules -> based >Impleset rule / Expleset Rules
2. Implsec denay rules
3. Stealth rules ->Drop packet
4. VPN -> IP sec tunnel
5. Leased line isdn
6. load sharding command
7. VPN ip sec profile -1 / Profile -2
8. IP address
9. Pix -> Impleset allows
.
NETWORKING
What are the seven layers of the OSI model?
A: The layers are physical, data link, network, transport, session, presentation, and application layers.
Q: In the TCP client-servel model, how does the three-way handshake work in opening
connection?
A: The client first sends a packet with sequence "x" to the server. When the server receives this
packet, the server will send back another packet with sequence "y", acknowledging the request of the
client. When the client receives the acknowledgement from the server, the client will then send an
acknowledge back to the server for acknowledging that sequence "y" has been received.
Q: What is the purpose of exchanging beginning sequence numbers during the connection in the
TCP client-server model?
A: To ensure that any data lost during data transfer can be retransmitted.
Q: How does Asynchronous Transfer Mode (ATM) work?

A: ATM works by transmitting all traffic in small, fixed-sized cells. These small, fixed-size cells
reduces queuing delay and can be switched quickly. ATM fits into layer 2 of the OSI model and
provides functions for framing and error correction. At the port interface, ATM switches convert cells
into frames, and vice versa. ATM provides Quality of Service and traffic shaping.
Q: Given a Class B Network with subnet mask of 255.255.248.0 and a packet addressed to
130.40.32.16, what is the subnet address?
A: Take the 2 addresses, write them in binary form, then AND them. The answer is 130.40.32.0
Question 4: What is the difference between TCP and UDP?
TCP and UDP are both transport-level protocols. TCP is designed to provide reliable communication
across a variety of reliable and unreliable networks and internets.
UDP provides a connectionless service for application-level procedures. Thus, UDP is basically an
unreliable service; delivery and duplicate protection are not guareented.
LAN & VLAN
A Local Area Network (LAN) can generally be defined as a broadcast domain.
Broadcast Domain he set of all devices that will receive broadcast frames originating from any device
within the set. Broadcast domains can be bounded by VLANs in a stand-alone environment. In an
internetworking environment, they are typically bounded by routers because routers do not forward
broadcast frames
Collision Domain In Ethernet, the network area within which frames that have collided are
propagated. Repeaters and hubs propagate collisions; LAN switches, bridges and routers do not.
VLAN
Switches using VLANs create the same division of the network into separate broadcast domains
There is an increased connection speed due to the elimination of latency from router connections
Reducing the size of collision domains
Ethernet Baseband LAN specification invented by Xerox Corporation and developed jointly by
Xerox, Intel, and Digital Equipment Corporation. Ethernet networks use CSMA/CD and run over a
variety of cable types at 10 Mbps. Ethernet is similar to the IEEE 802.3 series of standards.
CollisionIn Ethernet, the result of two nodes that transmit simultaneously. The frames from each
device impact and are damaged when they meet on the physical media.
Types of Virual LANs
• Layer-1 VLAN – Group of physical ports

• Layer-2 VLAN – Group of MAC address
• Layer-3 VLAN - IP subnet
Exp. configure VLANS
SwitchA# vlan database

SwitchA(vlan)# vlan 2 name vlan2
SwitchA(vlan)# exit
SwitchA# configure terminal
SwitchA(config)# interface fastethernet 0/1
SwitchA(config-if)# switchport mode access
SwitchA(config-if)# swichport access vlan 2
SwitchA(config-if)# end
HUB (A Collision Domain)
 A hub is a L1 (Physical Layer) multi port repeater.

 It receives a signal on one port, regenerates it, and transmits it out all ports.
 Two or more devices on a hub cannot transmit at the same time.
 Hub operate only a half duplex. Attached devices cannot transmit and receive at the same
time.
Switch (A broadcast Domain)
A switch is more than just a repeater. It is L2 (Data Link Layer) bridge.
A switch keeps tracks of which devices are connected to which ports by managing a table of the MAC
address - to – switch port mapping.
Transmission on a switch are sent only to the intended recipients, determined by the destination MAC
address
Switch can operate at full duplex ; Multiple attached devices can transmit and receive at the same
time.
IP Address
An IP addess is a 32 bit network layer address on the OSI model.
MAC Address
An MAC address is a 48 bit Data link layer address on the OSI model. It is burned in the network
interface card or equivalent, and is a combination of the manufacturer ID.
What is difference between Hub, switch and router ?
Hubs, switches and routers are all devices which let you connect one or more computers to other
computers, networked devices or to other networks. Each has two or more connectors, called ports,
into which you plug in the cables to make the connection. Varying degrees of magic happen inside the
device, and therein lies the difference. I often see the terms misused, so let's clarify what each one
really means.
A hub is typically the least expensive, least intelligent, and least complicated of the three. Its job is
very, very simple: anything that comes in one port is sent out to the others. That's it. Every computer
connected to the hub "sees" everything that every other computer on the hub sees. The hub itself is
blissfully ignorant of the data being transmitted. For years, simple hubs have been quick and easy
ways to connect computers in small networks.
A switch does essentially what a hub does, but more efficiently. By paying attention to the traffic that
comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from
machine A coming in on port 2, it now knows that machine A is connected to that port, and that traffic
to machine A needs to only be sent to that port and not any of the others. The net result of using a
switch over a hub is that most of the network traffic only goes where it needs to, rather than to every
port. On busy networks, this can make the network significantly faster.
A router is the smartest, and most complicated of the bunch. Routers come in all shapes and sizes,
from the small four-port broadband routers that are very popular right now, to the large industrial
strength devices that drive the internet itself. A simple way to think of a router is as a computer that
can be programmed to understand, possibly manipulate, and route the data its being asked to handle.
For example, broadband routers include the ability to "hide" computers behind a type of firewall,
which involves slightly modifying the packets of network traffic as they traverse the device. All
routers include some kind of user interface for configuring how the router will treat traffic. The really
large routers include the equivalent of a full-blown programming language to describe how they
should operate, as well as the ability to communicate with other routers to describe or determine the
best way to get network traffic from point A to point B.
A quick note on one other thing that you'll often see mentioned with these devices, and that's network
speed. Most devices now are capable of both 10mps (10 mega-bits, or million bits, per second) and
100mbs, and will automatically detect the speed. If the device is labeled with only one speed, then it
will only be able to communicate with devices that also support that speed. 1000mbs, or "gigabit"
devices are starting to slowly become more common as well. Similarly, many devices now also
include 802.11b or 802.11g wireless transmitters that simply act like additional ports to the device.
Port Details.
1. HTTP  80
2. HTTP (Security Socket Layer)  443
3. Layer two Tunneling Protocol  1701
4. Point to Point Tunneling Protocol  1723
5. POP3 110
6. Telnet 23
7. Terminal Services  3389
8. SMTP 25
9. SNMP161
10. DHCP server 68
11. Client /Server Communication  135
12. IIS  80
13. IMAPI  143
14. Remote Procedure Call 135
15. Wins Manager 135
What is an IP (Internet Protocol/Internet Packeting) Address?
An IP Address is akin to a phone number as far as break-out is concerned.
We know essentially that there are three components to every phone number in the North
American Numbering Plan:
• Area Code - three digits.

• Central Office Prefix - three digits.
• Station Number/Subscriber Number - four digits.
Based on the above - my phone number 423 267 6694 is in theory and hopefully in practice -
reachable by any Subscriber Station within the US numbering plan.
Obviously, there are wrinkles. Do you need to dial 1 for Long Distance or do you need to dial the
Area Code? Depends, right? 10-Digit dialing, for example, is available in several Metros.
So, we have the idea that for a telephone conversation to take place - at least a couple of things must
be present:
• Call Originator.
• Called Party.
The same logic applies to internetworking of computers - whether they be Desktops, Servers, Data
Switches and so on.
Internetworking or as it is more commonly referred to - the Internet - also requires a Call

Originator and a Called Party before any information is passed between computers.
This little miracle is achieved by using an IP Address.
Like a phone number - it contains components:
• Network Number.
• Host Number.
This numbering schema is administered by the Internet Network Information Center (InterNIC).
Here's how it works using the good old Binary Numbering System.
An IP Address contains 4 x 8 Bit numbers (Octets) for a total of 32 Bits.
The Network Number contains the first 2 Octets while the Host Number contains the last 2 Octets.
Lets look at a DNS - Domain Name System:
www.joe-smith.com
(symbolic form)
Behind this Domain is the IP Address assigned by InterNIC:
• Decimal Format: 127.3.2.9

• Binary format: 01111111 00000011 00000010 00001001
Here's how you figure it out: (A x B = C)
128 64 32 16 8 4 2 1 A #X2
0 1 1 1 1 1 1 1 B 8-Bit #
+0 +64 +32 +16 +8 +4 +2 +1 C TOTAL=127
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 0 0 1 1 B 8-Bit #
+0 +0 +0 +0 +0 +0 +2 +1 C TOTAL=3
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 0 0 1 0 B 8-Bit #
+0 +0 +0 +0 +0 +0 +2 +0 C TOTAL=2
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 1 0 0 1 B 8-Bit #
+0 +0 +0 +0 +8 +0 +0 +1 C TOTAL=9
As you might imagine - the technology requires a tremendous amount of numbers to function
properly and just as with phone numbers - are these resources are infinite?
Let's look at the Class structure of the Internet Address to see how it is broken out: (Remember that
it is a 32 Bit number.)
• Class A
o 1 Bit [0] Class Designation:
o 7 Bit Network Numbers (126 Networks)
o 24 Bit Host Numbers (16 million+ Hosts for each Network)
• Class B
o 14 Bit Network Numbers (16,282 Networks)
o 16 Bit Host Numbers (up to 65,534 Hosts for each Network)
• Class C
o 21 Bit Network Numbers (2,097,150 Networks)
o 8 Bits (up to 254 Hosts for each Network)
• Class D
Multicasting is used to address groups in a limited area.

Questions and Answers
1. Which Layer does MAC operate in the OSI model?

(Data link Layer- L2)
2. What is CSMA/CD and with which technology is it associated?

Carrier Sense Multiple Access with Collision Detection - Ethernet
3. Which ring topology provides redundancy?

(FDDI)
4. A class A Network address with /24 masks. How many IPs and which are they?
(254) (X.X.X.1-254)
5. For a class 10.0.0.0/30, how many host IPs can be allocated?

(2 valid node IPs can be configured)
6. What is the Private range of IP addresses?

(10.0.0.0/8, 172.16.0.0/16 through 172.31.0.0/16 and 192.168.0.0/24)
7. How do you set the proxy configuration in IE?

Tools- Internet Options- Connections- LAN Settings – either detect automatically or provide the
IP address and the Proxy port no.
8. What is reverse proxy?
9. Standby IP is a terminology used in which technology
HSRP
10. What are the different states in which a switch may be configured in a VTP Domain?
VTP Server, VTP client, VTP Transparent. Default is VTP Server.
11. What are the different states through which a switch port is when powered on?
Blocking, Listening, Learning and Forwarding.
12. Which protocol is used for communication between SNA to Ethernet Networks?
DLSW – Datalink Switching
13. Use of router priority 1-255 is configured to achieve what purpose and in which protocol?
It is used in OSPF to elect DR on broadcast medium. The router with highest priority gets chosen
as a DR. The default mechanism is that the router with the highest interface IP address is elected
as the DR. In order to manually force the router to be DR is done using the router ospf priority
<value>
14.Read, Write, Permanent TRAP are synonymous to which application?
SNMP
15. What command is used in Solaris to see the total file size in Kbps
df –k
16. What is an MX record?

MX – Mailing exchange record is used to configure your mail servers and IP addresses and
advertise it to the external. Preference values may also be set for usage.
17. What is DNS Zone transfer?
18. What are the types of packets exchanged in a 3 Way TCP / IP Handshake between two hosts.
Sync, Sync Ack and Ack are the three type of packets used in 3-way TCP/IP handshake.
Description on 3-way Handshake- The "three-way handshake" happens thus. The originator
(you, hopefully) sends an initial packet called a "SYN" to establish communication and
"synchronize" sequence numbers in counting bytes of data which will be exchanged. The
destination then sends a "SYN/ACK" which again "synchronizes" his byte count with the
originator and acknowledges the initial packet. The originator then returns an "ACK" which
acknowledges the packet the destination just sent him. The connection is now "OPEN" and
ongoing communication between the originator and the destination are permitted until one of
them issues a "FIN" packet, or a "RST" packet, or the connection times out. All the protocols of
the Internet which need "connections" are built on the TCP protocol. The "three way handshake"
establishes the communication.
19. What happens to a frame it is detected to have CRC errors?

(The destination system) will ensure that the source system resend the frame and the CRC
20. What is ARP protocol? Explain its functionality.

a. What mapping will be there in the table?
b. How many bits are there in MAC address? How does the MAC address split?
c. What is OUI? Who assigns OUI number?
21. What is the difference between Unicast and Broadcast?

One to one host Communication is an example of Unicast communication.
One to many host communication is an example of Broadcast communication.
22. What is SSL?

SSL – Stands for Secured Sockets Layer.
SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both
Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to
safely transmit confidential information, such as credit card numbers.
23. What is Socks?

SOCKSv5 is an IETF (Internet Engineering Task Force) approved standard (RFC 1928) generic,
proxy protocol for TCP/IP-based networking applications. The SOCKS protocol provides a
flexible framework for developing secure communications by easily integrating other security
technologies.
SOCKS include two components, the SOCKS server and the SOCKS client. The SOCKS server
is implemented at the application layer, while the SOCKS client is implemented between the
application and transport layers. The basic purpose of the protocol is to enable hosts on one side
of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, without requiring
direct IP-reachability.
When an application client needs to connect to an application server, the client connects to a
SOCKS proxy server. The proxy server connects to the application server on behalf of the client,
and relays data between the client and the application server. For the application server, the proxy
server is the client.
24. What is the Routing Algorithm used in OSPF, EIGRP, RIP?

Dijakstra Alogrithm.
Dual- EIGRP
Bellman-ford – RIP
25. What is summarization?

Summarization is process of aggregating network entries to a superset entry
26. What needs to be configured to have multiple VLAN information propagated to other
switches?
Trunk
27. What is the Bandwidth of a T1 and T3 links? How many channels are in each of these links?
T1- 1.544 Mbps
T3- 45 Mbps
28. What is the expansion for ATM

Asynchronous Transfer mode.
Asynchronous Transfer Mode (ATM) is an International Telecommunication Union-

Telecommunications Standards Section (ITU-T) standard for cell relay wherein information for
multiple service types, such as voice, video, or data, is conveyed in small, fixed-size cells. ATM
networks are connection-oriented.
29. PNNI is a terminology used in which technology?

ATM.
PNNI is the ATM routing protocol that enables switches to automatically discover the topology
and the characteristics of the links interconnecting the switches. A link-state protocol much like
OSPF, PNNI tracks things such as bandwidth on links. When a significant event occurs that
changes the characteristics of a link, PNNI announces the change to the other switches.
30. What is the size of Ethernet frame
(1518 Bytes)
31. What is Split Horizon?

Routes learnt via a particular interface are not advertised via the same interface. This is
used to prevent routing loops in routing.
32. What is the expansion PING

Packet Internet Groper
33. What is the size E1 and E3?

E1- 2.048 Mbps
E3- 34 Mbps
34. What is the difference between PAT and NAT?

PAT is one to many Translations
NAT is one to one Translation
35. How do you configure NAT for a dynamic pool of IP Addresses?

ip nat pool (start ip and endip)
ip nat inside/outside source/destination list pool name
and apply this on the interface mode
ip nat inside
ip nat outside
36. In OSPF what is a DR (Designated Router) and how is it configured?

DR is used to elect the preferred router on a broadcast medium and to avoid flooding of routing
updates on broadcast medium. BDR will assume the role of a DR in the event of failure of DR.
All BDRs accept the routing updates sent out by the DR.
37. What is NTP?

NTP is a protocol designed to synchronize the clocks of computers over a network.
38. What type of routing protocol is BGP?
BGP is a Path vector protocol. It uses attributes for path selection in the order of preference of
Route selection criteria.
39. What command is used to advertise a default route in BGP?
router BGP 100
default-information originate
redistribute static
Config# ip route null 0.0.0.0 mask 0.0.0.0
default-information originate .
network command with the route 0.0.0.0
The default-information originate command requires an explicit redistribution of the route 0.0.0.0.
The network command requires only that route 0.0.0.0 is specified in the Interior Gateway Protocol
(IGP) routing table.
40. What is synchronization in BGP?
If a route is learned via IBGP the route should also be relearned through IGP before it is added to
the routing table.
41. What are the attributes of BGP route selection?

Weight (if it is considered as attribute), AS_PATH, NEXT_HOP, LOCAL_PREF, ORIGIN,
MED
42. What command is used to see the configuration of all the interfaces in (Solaris and NT)
command?
ipconfig /all in NT and ifconfig – a
43. What is the command to send a file to TFTP server and get it back?
Copy running-config/startup-conf tftp
Copy flash tftp
Copy tftp running-config/startup-conf
Copy tftp flash

44. What is command is used in Solaris to disconnect a Telnet Daemon in a UNIX server?
Kill – process id- telnet (pls. reconfirm the answer)
45. What command is used to add a default route in NT and Solaris?

NT - route add
Solaris - route add
46. What command is used to add a permanent route in NT and Solaris?

NT- route followed with “–p”
Solaris - vi /etc/rc2.d/S76static-routes
route add net 192.168.10.0 netmask 255.255.255.0 192.168.10.1 1
47. What is the latest version of Solaris OS?
48. What command is used to list all the packages installed in Solaris.
(show rev –p)
49. What is ‘Brute Force Attack’?

50. What is DOS?
Making the service unavailable to legitimate user
51. What is Trojan Horse and what does it do?
52. What vulnerability does code red exploit?
53. What is it known as when an external untrusted user pretends to be a trusted user?
Spoofing
54. What is a DMZ?

DMZ stands for Demilitarized zone. This is used for having your server farms – network
connected to the firewall.
55. What is the difference between Firewall and IDS?

Firewall is a device used as demarcation between the untrusted and trusted networks. It is
configured to permit specific traffic across this demarcation.
56. How many bits is a DES?
56 bit.
57. How many bit is 3DES?

168 bit
58. Should NetBIOS traffic be permitted on a firewall?

No.
59. Given a choice of EIGRP and OSPF, which is to be chosen and what are the advantages?
EIGRP is a CISCO proprietary protocol and OSPF is a vendor interoperable.
60. Which algorithm facilitates its entire routing table as routing update?
Belmanford Algorithm – rip and igrp (distance vector routing protocols)
In link state routing protocols, only the changes in entries in the routing table are sent as updates
in its routing update.
61. What is the difference between TACACS and TACACS Plus?
62. What is the port number for different protocols FTP, Telnet, SMTP, DNS, HTTP, HTTPS,
SSL)
FTP – 20 & 21
TELNET – 23
SMTP – 25
DNS – 53 – TCP & UDP
HTTP – 80
HTTPS – 443
SSL – 443
ADC to DC Replication Port details
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
RPC static port for AD replication <AD-fixed-port>/TCP
RPC static port for FRS <FRS-fixed-port>/TCP
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP ping 389/udp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp, 53/udp
WINS resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp

The STP
Prevents loops, Loops cause broadcast storms
Allow redundant links
Resilent to topology changes
STA (Spanning tree algorithm) – Used to calculate loop free path
BPDU are sending and receive by switches in the network every 2 second (Default) to dermine
spanning tree topology.
Blocking  No frame forwarded, BPDU heard
Listening  No frame forwarded, listening for frames
Learning  No frame forwarded, Learning address
Forwarding  Frame forwarded, Learning address
Disabled  No frame forwarded, No BPDU heard
Spanning tree algorithm is used to calculate a loop free path
Port Fast Mode  Immediately brings a port from blocking to forwarding state by eliminating
forward delays.
BPDU  Send confirmation messages using multicast frames.
Forward delay  Time take for a switch to go from listening to learning ( 50 sec default)
Blocked ports still receive BPDU
Access Control Lists ( ACL)
Priorities traffic
Restrict or reduce updates
Provide bacic security
Block types of traffic
ACL placement
Standard ACLs  Place as close to destination as possible
Extended ACLs  Place as close to source of traffic as possible

If a packet does not match the ACL statement then it will be implicitly denied.
Once a packet matches an ACL statement no other checks as made , it is permitted.
Protocol Range
IP 1 to 99
Extended IP 100 to 199
VLAN tunking protocol…
A layer 2 messaging protocol used to maintain a vlan configuring consistency by managing the
addition , deletion and rename of vlans…VTP works on 802.2Q trunk link. This include inter switch
link (ISL) , IEEE and LAN emulation link.
Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of
the OSI reference model. Frame Relay originally was designed for use across Integrated Services
Digital Network (ISDN) interfaces.
classful routing protocols must use the same subnet mask consistently throughout a network, a result
of the fact that these protocols do not transmit subnet mask or network prefix information with
their updates.
A Variable Length Subnet Mask (VLSM) is a means of allocating IP addressing
resources to subnets according to their individual need rather than some
general network-wide rule. Of the IP routing protocols supported by Cisco,
OSPF, Dual IS-IS, BGP-4, and EIGRP support "classless" or VLSM routes.
Historically, EGP depended on the IP address class definitions, and
actually exchanged network numbers (8, 16, or 24 bit fields) rather than IP
addresses (32 bit numbers); RIP and IGRP exchanged network and subnet
numbers in 32 bit fields, the distinction between network number, subnet
number, and host number being a matter of convention and not exchanged in
the routing protocols. More recent protocols (see VLSM) carry either a
prefix length (number of contiguous bits in the address) or subnet mask

with each address, indicating what portion of the 32 bit field is the
address being routed on.
Site-Level Aggregation Identifier (SLA ID) field@The 16-bit SLA ID is used by an individual
organization to create its own local addressing hierarchy and to identify subnets.
multicast@An identifier for a set of interfaces that typically belong to different nodes. A packet sent
to a multicast address is delivered to all interfaces in the multicast group.
route summarization@The consolidation of advertised addresses in OSPF and IS-IS. In OSPF, this
causes a single summary route to be advertised to other areas by an area border router.
unicast@An identifier for a single interface. A packet sent to a unicast address is delivered to the
interface identified by that address.
VLSM (variable-length subnet masking)@The ability to specify a different subnet mask for the same
network number on different subnets. VLSM can help optimize available address space.
There are four major differences between UDP and TCP:
1. TCP can establish a Connection, UDP cannot;

2. TCP provides a stream of unlimited length, UDP sends small packets;
3. TCP guarantees that as long as you have a connection data sent will
arrive at the destination, UDP provides no guaranteed delivery;
4. UDP is faster for sending small amounts of data since no connection
setup is required, the data can be sent in less time than it takes for TCP
to establish a connection.
What is source route?

It is a sequence of IP addresses identifying the route a datagram must follow. A source route may
optionally be included in an IP datagram header.
How do you set a default route on an IOS Cisco router?

ip route 0.0.0.0 0.0.0.0 x.x.x.x [where x.x.x.x represents the destination address]
What is region?
When hierarchical routing is used, the routers are divided into what we will call regions, with each
router knowing all the details about how to route packets to destinations within its own region, but
knowing nothing about the internal structure of other regions
What is Proxy ARP?

It is using a router to answer ARP requests. This will be done when the originating host believes that a
What is a default gateway?
The exit-point from one network and entry-way into another network, often the router of the
network.
What is a data source?

A DataSource class brings another level of abstraction than directly using a connection object. Data
source can be referenced by JNDI. Data Source may point to RDBMS, file System , any DBMS etc.
What is OSPF?
knowledge of an Internet’s topology to make accurate routing decisions.
How Gateway is different from Routers?
A geteway operates at the upper levels of the OSI model and translates information between two
completely different network architectures or data formats
What is a router? What is a gateway?
Routers are machines that direct a packet through the maze of networks that stand between its source
and destination. Normally a router is used for internal networks while a gateway acts a door for the
packet to reach the ‘outside’ of the internal network
What is autonomous system?
It is a collection of routers under the control of a single administrative authority and that uses a
common Interior Gateway Protocol.
What is EGP (Exterior Gateway Protocol)?
that can be reached within or via each autonomous system.
What is BGP (Border Gateway Protocol)?
It is a protocol used to advertise the set of networks that can be reached with in an autonomous
system. BGP enables this information to be shared with the autonomous system. This is newer than
EGP (Exterior Gateway Protocol).
What is NVT (Network Virtual Terminal)?
It is a set of rules defining a very simple virtual terminal interaction. The NVT is used in the start of a
Telnet session.
What is virtual channel?
Virtual channel is normally a connection from one source to one destination, although multicast
connections are also permitted. The other name for virtual channel is virtual circuit.
What is traffic shaping?
One of the main causes of congestion is that traffic is often busy. If hosts could be made to transmit at
a uniform rate, congestion would be less common. Another open loop method to help manage
congestion is forcing the packet to be transmitted at a more predictable rate. This is called traffic
shaping.
What is OSPF?
knowledge of an Internet’s topology to make accurate routing decisions.
What is packet filter?
What is filter
An object that can transform the header or content (or both) of a request or response. Filters differ
from Web components in that they usually do not themselves create responses but rather modify or
adapt the requests for a resource, and modify or adapt responses from a resource. A filter should not
have any dependencies on a Web resource for which it is acting as a filter so that it can be composable
with more than one type of Web resource.
What is the difference between routable and non- routable protocols?

protocols are designed to work on small, local networks and cannot be used with a router
What is the difference between TFTP and FTP application layer protocols?
UDP.The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a
file from one host to another. It uses the services offer by TCP and so is reliable and secure. It
What is Project 802?
It is a project started by IEEE to set standards to enable intercommunication between equipment from
a variety of manufacturers. It is a way for specifying functions of the physical layer, the data link
layer and to some extent the network layer to allow for interconnectivity of major LAN
protocols.It consists of the following:
802.1 is an internetworking standard for compatibility of different LANs and MANs across protocols.
802.2 Logical link control (LLC) is the upper sublayer of the data link layer which is non-
architecture-specific, that is remains the same for all IEEE-defined LANs.
Media access control (MAC) is the lower sublayer of the data link layer that contains some distinct
modules each carrying proprietary information specific to the LAN product being used.
The modules are Ethernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).
802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.
What is the range of addresses in the classes of internet addresses?
Class A 0.0.0.0 - 127.255.255.255

Class B 128.0.0.0 - 191.255.255.255
Class C 192.0.0.0 - 223.255.255.255
Class D 224.0.0.0 - 239.255.255.255
Class E 240.0.0.0 - 247.255.255.255
What is difference between ARP and RARP?
by sending a ARP query packet that includes the IP address of the receiver. The reverse address
resolution protocol (RARP) allows a host to discover its Internet address when it knows only its
physical address.
What are the data units at different layers of the TCP / IP protocol suite?
called the datagram, at the data link layer the datagram is encapsulated in to a frame and finally
transmitted as signals along the transmission media.
What is ICMP?
ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by
hosts and gateways to send notification of datagram problems back to the sender. It uses the echo
test / reply to test whether a destination is reachable and responding. It also handles both control and
error messages.
What is Protocol Data Unit?

The data unit in the LLC level is called the protocol data unit (PDU). The PDU contains of four fields
a destination service access point (DSAP), a source service access point (SSAP), a control field and
an information field. DSAP, SSAP are addresses used by the LLC to identify the protocol stacks on
the receiving and sending machines that are generating and using the data. The control field specifies
whether the PDU frame is a information frame (I - frame) or a supervisory frame (S - frame) or a
unnumbered frame (U - frame).
What is NETBIOS and NETBEUI?
remote computer and it hides the networking hardware from applications.
NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and IBM
for the use on small subnets.
What is passive topology?
When the computers on the network simply listen and receive the signal, they are referred to as
passive because they don’t amplify the signal in any way. Example for passive topology - linear bus.
What is terminal emulation, in which layer it comes?
What is Remote Procedure Call (RPC)?
RPC hides the intricacies of the network by using the ordinary procedure call mechanism familiar to
every programmer. A client process calls a function on a remote server and suspends itself until it gets
back the results. Parameters are passed like in any ordinary procedure. The RPC, like an ordinary
procedure, is synchoronous. The process that issues the call waits until it gets the results.
What is anonymous FTP and why would you use it?
Anonymous FTP enables users to connect to a host without using a valid login and password. Usually,
anonymous FTP uses a login called anonymous or guest, with the password usually requesting the
user’s ID for tracking purposes only. Anonymous FTP is used to enable a large number of users to
access files on the host without having to go to the trouble of setting up logins for them all.
Anonymous FTP systems usually have strict controls over the areas an anonymous user can access.
What is a DNS resource record? A resource record is an entry in a name server’s database. There are
several types of resource records used, including name-to-address resolution information. Resource
records are maintained as ASCII files.
Explain 5-4-3 rule. In a Ethernet network, between any two points on the network, there can be no
more than five network segments or four repeaters, and of those five segments only three of segments
can be populated.
What is Brouter? Hybrid devices that combine the features of both bridges and routers.
What is source route? It is a sequence of IP addresses identifying the route a datagram must follow. A
source route may optionally be included in an IP datagram header.
What is SLIP (Serial Line Interface Protocol)? It is a very simple protocol used for transmission of IP
datagrams across a serial line.
What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous
systems use to identify the set of networks that can be reached within or via each autonomous system.
What is IGP (Interior Gateway Protocol)? It is any routing protocol used within an autonomous
system.
What is multicast routing? Sending a message to a group is called multicasting, and its routing
algorithm is called multicast routing.
What is traffic shaping? One of the main causes of congestion is that traffic is often busy. If hosts
could be made to transmit at a uniform rate, congestion would be less common. Another open loop
method to help manage congestion is forcing the packet to be transmitted at a more predictable rate.
This is called traffic shaping.
What is Bandwidth?Every line has an upper limit and a lower limit on the frequency of signals it can
carry. This limited range is called the bandwidth
Difference between bit rate and baud rate. Bit rate is the number of bits transmitted during one second
whereas baud rate refers to the number of signal units per second that are required to represent those
bits.
baud rate = bit rate / N ,where N is no-of-bits represented by each signal shift
What is subnet? A generic term for section of a large networks usually separated by a bridge or router.
What is SAP? Series of interface points that allow other computers to communicate with the other
layers of network protocol stack.
What is IP? IP is Internet Protocol. It is the network protocol which is used to send information from
one computer to another over the network over the internet in the form of packets
Forwarding of Broadcast Packets and Protocols
ip helper-address address
The ip helper-address interface subcommand tells the router to forward UDP broadcasts, including
BootP, received on this interface.
The ip forward-protocol global configuration command allows you to specify which protocols and
ports the router will forward. Its full syntax is listed next.
ip forward-protocol {udp|nd|spanning-tree} [port]

no ip forward-protocol {udp|nd|spanning-tree} [port]
Layer 3 switch is a high-performance device for network routing. Layer 3 switches actually differ
very little from routers. A Layer 3 switch can support the same routing protocols as network routers
do. Both inspect incoming packets and make dynamic routing decisions based on the source and
destination addresses inside. Both types of boxes share a similar appearance.
Layer 3 switches were conceived as a technology to improve on the performance of routers used in
large local area networks (LANs) like corporate intranets. The key difference between Layer 3
switches and routers lies in the hardware technology used to build the unit. The hardware inside
a Layer 3 switch merges that of traditional switches and routers, replacing some of a router's software
logic with hardware to offer better performance in some situations.
Layer 3 switches often cost less than traditional routers. Designed for use within local networks, a
Layer 3 switch will typically not possess the WAN ports and wide area network features a traditional
router will always have.
L3 switch provides switched LAN connections for each device in the network. Three user VLANs are
present, and a routing engine on the L3 switch enables communications between each VLAN. The L3
switch possesses specialized hardware chips called application-specific integrated circuits (ASICs)
that are preprogrammed and designed to route between Ethernet ports at high speed. A traditional
router is connected to the L3 switch and handles the routing of any traffic that needs to be sent across
the WAN. Because the L3 switch does not need the flexibility required of the router to support
different WAN protocols, it can use ASICs to route traffic at the 100-Mbps speeds expected of the
LAN network. The router in the network is designed to handle the requirements of routing at T1 (1.5
Mbps) speeds and would cause a bottleneck if it had to route between VLANs, as routing is
performed in software, not hardware. Of course, you could purchase an expensive high-performance
router with three Ethernet ports and a T1 interface; however, the cost associated with this approach is
much higher. The cost associated with adding more routed Ethernet ports to the router (e.g., if a new
VLAN was added to the network) is also high
Layer 3 Routing Versus Layer 3 Switching
• Control plane—The control plane process is responsible for building and maintaining the IP
routing table, which defines where an IP packet should be routed to based upon the
destination address of the packet, which is defined in terms of a next hop IP address and the
egress interface that the next hop is reachable from. Layer 3 routing generally refers to control
plane operations.
• Data plane—The data plane process is responsible for actually routing an IP packet, based
upon information learned by the control plane. Whereas the control plane defines where an
IP packet should be routed to, the data plane defines exactly how an IP packet should be
routed. This information includes the underlying Layer 2 addressing required for the IP
packet so that it reaches the next hop destination, as well as other operations required on for
IP routing, such as decrementing the time-to-live (TTL) field and recomputing the IP header
checksum. Layer 3 switching generally refers to data plane operations
Layer 2 Switching Methods
LAN switches are characterized by the forwarding method that they support, such as a store-and-
forward switch, cut-through switch, or fragment-free switch. In the store-and-forward switching
method, error checking is performed against the frame, and any frame with errors is discarded. With
the cut-through switching method, no error checking is performed against the frame, which makes
forwarding the frame through the switch faster than store-and-forward switches.
Store-and-Forward Switching
Store-and-forward switching means that the LAN switch copies each complete frame into the switch
memory buffers and computes a cyclic redundancy check (CRC) for errors. CRC is an error-checking
method that uses a mathematical formula, based on the number of bits (1s) in the frame, to determine
whether the received frame is errored. If a CRC error is found, the frame is discarded. If the frame is
error free, the switch forwards the frame out the appropriate interface port, as illustrated in Figure 6-7.
Figure 6-7 Store-and-Forward

Switch Discarding a Frame with a Bad CRC
An Ethernet frame is discarded if it is smaller than 64 bytes in length, a runt, or if the frame is larger
than 1518 bytes in length, a giant, as illustrated in Figure 6-8.
NOTE
Some switches can be configured to carry giant, or jumbo, frames.
If the frame does not contain any errors, and is not a runt or a giant, the LAN switch looks up the
destination address in its forwarding, or switching, table and determines the outgoing interface. It then
forwards the frame toward its intended destination.
Store-and-Forward Switching Operation
Store-and-forward switches store the entire frame in internal memory and check the frame for errors
before forwarding the frame to its destination. Store-and-forward switch operation ensures a high
level of error-free network traffic, because bad data frames are discarded rather than forwarded across
the network, as illustrated in Figure 6-9.
Figure 6-8 Runts and Giants in the Switch
Figure 6-9 Store-and-Forward Switch Examining Each Frame for Errors

Before Forwarding to Destination Network Segment
The store-and-forward switch shown in Figure 6-9 inspects each received frame for errors before
forwarding it on to the frame's destination network segment. If a frame fails this inspection, the switch
drops the frame from its buffers, and the frame is thrown in to the proverbial bit bucket.
A drawback to the store-and-forward switching method is one of performance, because the switch has
to store the entire data frame before checking for errors and forwarding. This error checking results in
high switch latency (delay). If multiple switches are connected, with the data being checked at each
switch point, total network performance can suffer as a result. Another drawback to store-and-forward
switching is that the switch requires more memory and processor (central processing unit, CPU)
cycles to perform the detailed inspection of each frame than that of cut-through or fragment-free
switching.
Cut-Through Switching
With cut-through switching, the LAN switch copies into its memory only the destination MAC
address, which is located in the first 6 bytes of the frame following the preamble. The switch looks up
the destination MAC address in its switching table, determines the outgoing interface port, and
forwards the frame on to its destination through the designated switch port. A cut-through switch
reduces delay because the switch begins to forward the frame as soon as it reads the destination MAC
address and determines the outgoing switch port, as illustrated in Figure 6-10.
The cut-through switch shown in Figure 6-10 inspects each received frame's header to determine the
destination before forwarding on to the frame's destination network segment. Frames with and without
errors are forwarded in cut-through switching operations, leaving the error detection of the frame to
the intended recipient. If the receiving switch determines the frame is errored, the frame is thrown out
to the bit bucket where the frame is subsequently discarded from the network.
Figure 6-10 Cut-Through Switch Examining Each Frame Header Before

Forwarding to Destination Network Segment
Cut-through switching was developed to reduce the delay in the switch processing frames as they
arrive at the switch and are forwarded on to the destination switch port. The switch pulls the frame
header into its port buffer. When the destination MAC address is determined by the switch, the switch
forwards the frame out the correct interface port to the frame's intended destination.
Cut-through switching reduces latency inside the switch. If the frame was corrupted in transit,
however, the switch still forwards the bad frame. The destination receives this bad frame, checks the
frame's CRC, and discards it, forcing the source to resend the frame. This process wastes bandwidth
and, if it occurs too often, network users experience a significant slowdown on the network. In
contrast, store-and-forward switching prevents errored frames from being forwarded across the
network and provides for quality of service (QoS) managing network traffic flow.
NOTE
Today's switches don't suffer the network latency that older (legacy) switches labored under. This
minimizes the effect switch latency has on your traffic. Today's switches are better suited for a store-
and-forward environment.
Cut-Through Switching Operation

Cut-through switches do not perform any error checking of the frame because the switch looks only
for the frame's destination MAC address and forwards the frame out the appropriate switch port. Cut-
through switching results in low switch latency. The drawback, however, is that bad data frames, as
well as good frames, are sent to their destinations. At first blush, this might not sound bad because
most network cards do their own frame checking by default to ensure good data is received. You
might find that if your network is broken down into workgroups, the likelihood of bad frames or
collisions might be minimized, in turn making cut-through switching a good choice for your network.
Fragment-Free Switching
Fragment-free switching is also known as runtless switching and is a hybrid of cut-through and store-
and-forward switching. Fragment-free switching was developed to solve the late-collision problem.
NOTE
Recall that when two systems' transmissions occur at the same time, the result is a collision.
Collisions are a part of Ethernet communications and do not imply any error condition. A late
collision is similar to an Ethernet collision, except that it occurs after all hosts on the network should
have been able to notice that a host was already transmitting.
A late collision indicates that another system attempted to transmit after a host has transmitted at least
the first 60 bytes of its frame. Late collisions are often caused by an Ethernet LAN being too large and
therefore needing to be segmented. Late collisions can also be caused by faulty network devices on
the segment and duplex (for example, half-duplex/full-duplex) mismatches between connected
devices.
Fragment-Free Switching Operation

Fragment-free switching works like cut-through switching with the exception that a switch in
fragment-free mode stores the first 64 bytes of the frame before forwarding. Fragment-free switching
can be viewed as a compromise between store-and-forward switching and cut-through switching. The
reason fragment-free switching stores only the first 64 bytes of the frame is that most network errors
and collisions occur during the first 64 bytes of a frame.
NOTE
Different methods work better at different points in the network. For example, cut-through switching
is best for the network core where errors are fewer, and speed is of utmost importance. Store-and-
forward is best at the network access layer where most network problems and users are located.
Layer 3 Switching
Layer 3 switching is another example of fragment-free switching. Up to now, this discussion has
concentrated on switching and bridging at the data link layer (Layer 2) of the Open System
Interconnection (OSI) model. When bridge technology was first developed, it was not practical to
build wire-speed bridges with large numbers of high-speed ports because of the manufacturing cost
involved. With improved technology, many functions previously implemented in software were
moved into the hardware, increasing performance and enabling manufacturers to build reasonably
priced wire-speed switches.
Whereas bridges and switches work at the data link layer (OSI Layer 2), routers work at the network
layer (OSI Layer 3). Routers provide functionality beyond that offered by bridges or switches. As a
result, however, routers entail greater complexity. Like early bridges, routers were often implemented
in software, running on a special-purpose processing platform, such as a personal computer (PC) with
two network interface cards (NICs) and software to route data between each NIC, as illustrated in
Figure 6-11.
Figure 6-11 PC Routing with Two NICs
The early days of routing involved a computer and two NIC cards, not unlike two people having a
conversation, but having to go through a third person to do so. The workstation would send its traffic
across the wire, and the routing computer would receive it on one NIC, determine that the traffic
would have to be sent out the other NIC, and then resend the traffic out this other NIC.
NOTE
In the same way that a Layer 2 switch is another name for a bridge, a Layer 3 switch is another name
for a router. This is not to say that a Layer 3 switch and a router operate the same way. Layer 3
switches make decisions based on the port-level Internet Protocol (IP) addresses, whereas routers
make decisions based on a map of the Layer 3 network (maintained in a routing table).
Multilayer switching is a switching technique that switches at both the data link (OSI Layer 2) and
network (OSI Layer 3) layers. To enable multilayer switching, LAN switches must use store-and-
forward techniques because the switch must receive the entire frame before it performs any protocol
layer operations, as illustrated in Figure 6-12.
Figure 6-12 Layer 3 (Multilayer) Switch Examining Each Frame for Error
Before Determining the Destination Network Segment (Based on the Network Address)
Similar to a store-and-forward switch, with multilayer switching the switch pulls the entire received
frame into its memory and calculates its CRC. It then determines whether the frame is good or bad. If
the CRC calculated on the packet matches the CRC calculated by the switch, the destination address
is read and the frame is forwarded out the correct switch port. If the CRC does not match the frame,
the frame is discarded. Because this type of switching waits for the entire frame to be received before
forwarding, port latency times can become high, which can result in some latency, or delay, of
network traffic.
Layer 3 Switching Operation
You might be asking yourself, "What's the difference between a Layer 3 switch and a router?" The
fundamental difference between a Layer 3 switch and a router is that Layer 3 switches have optimized
hardware passing data traffic as fast as Layer 2 switches. However, Layer 3 switches make decisions
regarding how to transmit traffic at Layer 3, just as a router does.
NOTE
Within the LAN environment, a Layer 3 switch is usually faster than a router because it is built on
switching hardware. Bear in mind that the Layer 3 switch is not as versatile as a router, so do not
discount the use of a router in your LAN without first examining your LAN requirements, such as the
use of network address translation (NAT).
Before going forward with this discussion, recall the following points:
• A switch is a Layer 2 (data link) device with physical ports and that the switch communicates
via frames that are placed on to the wire at Layer 1 (physical).
• A router is a Layer 3 (network) device that communicates with other routers with the use of
packets, which in turn are encapsulated inside frames.
Routers have interfaces for connection into the network medium. For a router to route data over the
Ethernet, for instance, the router requires an Ethernet interface, as illustrated in Figure 6-13.
A serial interface is required for the router connecting to a wide-area network (WAN), and a Token
Ring interface is required for the router connecting to a Token Ring network.
A simple network made up of two network segments and an internetworking device (in this case, a
router) is shown in Figure 6-14.
Figure 6-13 Router Interfaces
The router in Figure 6-14 has two Ethernet interfaces, labeled E0 and E1. The primary function of the
router is determining the best network path in a complex network. A router has three ways to learn
about networks and make the determination regarding the best path: through locally connected ports,
static route entries, and dynamic routing protocols. The router uses this learned information to make a
determination by using routing protocols. Some of the more common routing protocols used include
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Interior Gateway Routing
Protocol (IGRP), and Border Gateway Protocol (BGP).
Figure 6-14 Two-Segment Network with a Layer 3 Router
NOTE
Routing protocols are used by routers to share information about the network. Routers receive and use
the routing protocol information from other routers to learn about the state of the network. Routers
can modify information received from one router by adding their own information along with the
original information, and then forward that on to other routers. In this way, each router can share its
version of the network.
Packet Switching
Layer 3 information is carried through the network in packets, and the transport method of carrying
these packets is called packet switching, as illustrated in Figure 6-15.
Figure 6-15 Packet Switching Between Ethernet and Token Ring Network
Segments
Figure 6-15 shows how a packet is delivered across multiple networks. Host A is on an Ethernet
segment, and Host B on a Token Ring segment. Host A places an Ethernet frame, encapsulating an
Internet Protocol (IP) packet, on to the wire for transmission across the network.
The Ethernet frame contains a source data link layer MAC address and a destination data link layer
MAC address. The IP packet within the frame contains a source network layer IP address (TCP/IP
network layer address) and a destination network layer IP address. The router maintains a routing
table of network paths it has learned, and the router examines the network layer destination IP address
of the packet. When the router has determined the destination network from the destination IP
address, the router examines the routing table and determines whether a path exists to that network.
In the case illustrated in Figure 6-15, Host B is on a Token Ring network segment directly connected
to the router. The router peels off the Layer 2 Ethernet encapsulation, forwards the Layer 3 data
packet, and then re-encapsulates the packet inside a new Token Ring frame. The router sends this
frame out its Token Ring interface on to the segment where Host B will see a Token Ring frame
containing its MAC address and process it.
Note the original frame was Ethernet, and the final frame is Token Ring encapsulating an IP packet.
This is called media transition and is one of the features of a network router. When the packet arrives
on one interface and is forwarded to another, it is called Layer 3 switching or routing.
Routing Table Lookup

Routers (and Layer 3 switches) perform table lookups determining the next hop (next router or Layer
3 switch) along the route, which in turn determines the output port over which to forward the packet
or frame. The router or Layer 3 switch makes this decision based on the network portion of the
destination address in the received packet.
This lookup results in one of three actions:

• The destination network is not reachable—There is no path to the destination network and
no default network. In this case, the packet is discarded.
• The destination network is reachable by forwarding the packet to another router—
There is a match of the destination network against a known table entry, or to a default route
if a method for reaching the destination network is unknown. The first lookup tells the next
hop. Then a second lookup is performed to determine how to get to the next hop. Then a final
determination of the exit port is reached. The first lookup can return multiple paths, so the
port is not known until after the determination of how to get there is made. In either case, the
lookup returns the network (Layer 3) address of the next-hop router, and the port through
which that router can be reached.
• The destination network is known to be directly attached to the router—The port is
directly attached to the network and reachable. For directly attached networks, the next step
maps the host portion of the destination network address to the data link (MAC) address for
the next hop or end node using the ARP table (for IP). It does not map the destination network
address to the router interface. It needs to use the MAC of the final end node so that the node
picks up the frame from the medium. Also, you are assuming IP when stating that the router
uses the ARP table. Other Layer 3 protocols, such as Internetwork Packet Exchange (IPX), do
not use ARP to map their addresses to MAC addresses.
Routing table lookup in an IP router might be considered more complex than a MAC address lookup
for a bridge, because at the data link layer addresses are 48-bits in length, with fixed-length fields—
the OUI and ID. Additionally, data-link address space is flat, meaning there is no hierarchy or
dividing of addresses into smaller and distinct segments. MAC address lookup in a bridge entails
searching for an exact match on a fixed-length field, whereas address lookup in a router looks for
variable-length fields identifying the destination network.
IP addresses are 32 bits in length and are made up of two fields: the network identifier and the host
identifier, as illustrated in Figure 6-16.
Both the network and host portions of the IP address can be of a variable or fixed length, depending
on the hierarchical network address scheme used. Discussion of this hierarchical, or subnetting,
scheme is beyond the scope of this book, but suffice to say you are concerned with the fact that each
IP address has a network and host identifier.
The routing table lookup in an IP router determines the next hop by examining the network portion of
the IP address. After it determines the best match for the next hop, the router looks up the interface
port to forward the packets across, as illustrated in Figure 6-17.
Figure 6-16 IP Address Space
Figure 6-17 shows that the router receives the traffic from Serial Port 1 (S1) and performs a routing
table lookup determining from which port to forward out the traffic. Traffic destined for Network 1 is
forwarded out the Ethernet 0 (E0) port. Traffic destined for Network 2 is forwarded out the Token
Ring 0 (T0) port, and traffic destined for Network 3 is forwarded out Serial Port 0 (S0).
NOTE
In terms of the Cisco Internet Operating System (IOS) interface, port numbers begin with zero (0),
such as serial port 0 (S0). Not all vendors, including Cisco, use ports; some use slots or modules,
which might begin with zero or one.
Figure 6-17 Routing Table Lookup Operation
The host identifier portion of the network address is examined only if the network lookup indicates
that the destination is on a locally attached network. Unlike data-link addresses, the dividing line
between the network identifier and the host identifier is not in a fixed position throughout the
network. Routing table entries can exist for network identifiers of various lengths, from 0 bits in
length, specifying a default route, to 32 bits in length for host-specific routes. According to IP routing
procedures, the lookup result returned should be the one corresponding to the entry that matches the
maximum number of bits in the network identifier. Therefore, unlike a bridge, where the lookup is for
an exact match against a fixed-length field, IP routing lookups imply a search for the longest match
against a variable-length field.
For example, a network host might have both the IP address of 68.98.134.209 and a MAC address of
00-0c-41-53-40-d3. The router makes decisions based on the IP address (68.98.134.209), whereas the
switch makes decisions based on the MAC address (00-0c-41-53-40-d3). Both addresses identify the
same host on the network, but are used by different network devices when forwarding traffic to this
host.
ARP Mapping
Address Resolution Protocol (ARP) is a network layer protocol used in IP to convert IP addresses into
MAC addresses. A network device looking to learn a MAC address broadcasts an ARP request onto
the network. The host on the network that has the IP address in the request replies with its MAC
(hardware) address. This is called ARP mapping, the mapping of a Layer 3 (network) address to a
Layer 2 (data link) address.
NOTE
Some Layer 3 addresses use the MAC address as part of their addressing scheme, such as IPX.
Because the network layer address structure in IP does not provide for a simple mapping to data-link
addresses, IP addresses use 32 bits, and data-link addresses use 48 bits. It is not possible to determine
the 48-bit data-link address for a host from the host portion of the IP address. For packets destined for
a host not on a locally attached network, the router performs a lookup for the next-hop router's MAC
address. For packets destined for hosts on a locally attached network, the router performs a second
lookup operation to find the destination address to use in the data-link header of the forwarded
packet's frame, as illustrated in Figure 6-18.
After determining for which directly attached network the packet is destined, the router looks up the
destination MAC address in its ARP cache. Recall that ARP enables the router to determine the
corresponding MAC address when it knows the network (IP) address. The router then forwards the
packet across the local network in a frame with the MAC address of the local host, or next-hop router.
Figure 6-18 Router ARP Cache Lookup
NOTE
Note in Figure 6-18 that Net 3, Host: 31 is not part of the ARP cache, because during the routing table
lookup, the router determined that this packet is to be forwarded to another, remote (nonlocally
attached) network.
The result of this final lookup falls into one of the three following categories:
• The packet is destined for the router itself—The IP destination address (network and
station portion combined) corresponds to one of the IP addresses of the router. In this case,
the packet must be passed to the appropriate higher-layer entity within the router and not
forwarded to any external port.
• The packet is destined for a known host on the directly attached network—This is the
most common situation encountered by a network router. The router determines the mapping
from the ARP table and forwards the packet out the appropriate interface port to the local
network.
• The ARP mapping for the specified host is unknown—The router initiates a discovery
procedure by sending an ARP request determining the mapping of network to hardware
address. Because this discovery procedure takes time, albeit measured in milliseconds, the
router might drop the packet that resulted in the discovery procedure in the first place. Under
steady-state conditions, the router already has ARP mappings available for all communicating
hosts. The address discovery procedure is necessary when a previously unheard-from host
establishes a new communication session.
NOTE
The current version of Cisco IOS (12.0) Software drops the first packet for a destination without an
ARP entry. The IOS does this to handle denial of service (DoS) attacks against incomplete ARPs. In
other words, it drops the frame immediately instead of awaiting a reply.
Fragmentation
Each output port on a network device has an associated maximum transmission unit (MTU). Recall
from earlier in this chapter that the MTU indicates the largest frame size (measured in bytes) that can
be carried on the interface. The MTU is often a function of the networking technology in use, such as
Ethernet, Token Ring, or Point-to-Point Protocol (PPP). PPP is used with Internet connections. If the
frame being forwarded is larger than the available space, as indicated by the MTU, the frame is
fragmented into smaller pieces for transmission on the particular network.
Bridges cannot fragment frames when forwarding between LANs of differing MTU sizes because
data-link connections rarely have a mechanism for fragment reassembly at the receiver. The
mechanism is at the network layer implementation, such as with IP, which is capable of overcoming
this limitation. Network layer packets can be broken down into smaller pieces if necessary so that
these packets can travel across a link with a smaller MTU.
Fragmentation is similar to taking a picture and cutting it into pieces so that each piece will fit into
differently sized envelopes for mailing. It is up to the sender to determine the size of the largest piece
that can be sent, and it is up to the receiver to reassemble these pieces. Fragmentation is a mixed
blessing; although it provides the means of communication across different link technologies, the
processing accomplishing the fragmentation is significant and could be a burden on each device
having to fragment and reassemble the data. Further, pieces for reassembly can be received out of
order and may be dropped by the switch or router.
As a rule, it is best to avoid fragmentation in your network if at all possible. It is more efficient for
the sending station to send packets not requiring fragmentation anywhere along the path to the
destination, instead of sending large packets requiring intermediate routers to perform fragmentation.
NOTE
Hosts and routers can learn the maximum MTU available along a network path through the use of
MTU discovery. MTU discovery is a process by which each device in a network path learns the MTU
size that the network path can support.
Chapter Summary
One of three transmission methods is used to move frames from source to destination: unicast,
multicast, or broadcast. Unicast transmission occurs when there is a direct path from source to
destination, a "one-to-one" relationship. Multicast has a one-to-many relationship in which the frame
is delivered to multiple destinations that are identified as part of a multicast group. Broadcast is a one-
to-all relationship in which the frame is delivered to all the hosts on the network segment, whether or
not they want the traffic.
Frame size is measured in bytes and has a minimum and maximum length, depending on the
implemented technology, such as Ethernet, Token Ring, or with WAN technologies (such as Frame
Relay or IP VPN). The maximum frame length supported by a technology is called the maximum
transmission unit, or MTU, and is measured in bytes. A frame received by the switch that is less than
the minimum frame length for that technology is called a runt, and a frame greater than the maximum
frame length is called a giant. Giant frames must be fragmented into smaller frames, smaller than the
acceptable MTU, before these frames can be forwarded across the switch's or router's network
interface.
There are two common categories of switches: store-and-forward switches and cut-through switches.
Store-and-forward switching accepts the complete frame into the switch buffers for error checking
before forwarding on to the network. Cut-through switching reads just the destination MAC address
(the first 6 bytes of the frame following the preamble) to determine the switch port to forward the
traffic. Store-and-forward switching adds some delay to the time it takes for the frame to get from
source to destination; unlike cut-through switching, however, store-and-forward switching does not
forward a frame with errors. The delay added by store-and-forward switching is minimal and should
not be a determining factor when deciding between using cut-through and store-and-forward
switching. Store-and-forward has an advantage over cut-through switching by virtue of its error-
handling mechanisms.
A third switching category is fragment-free switching, which accepts the first 64 bytes of the frame
and checks for errors. Fragment-free switching works on the precept that if there are any errors on the
line, they are detectable within the first 64 bytes of the frame.
The fundamental difference between Layer 2 and Layer 3 switch operation is the layer at which each
forwarding decision is made. Layer 2 switches make their forwarding decisions based on tables that
store the mapping between MAC addresses and switch ports. Layer 3 switches build a table of
network addresses and switch ports, making the forwarding decisions based on the network address
information found in Layer 3, rather than just the MAC address found in Layer 2. Layer 3 switches
function like routers because of the similar Layer 3 forwarding decision handling. However, Layer 3
switches tend to have better throughput because of the hardware processing of the address tables
rather than the software.
Wireless L
ocal Area Networks (WLANs)

(WLANs) utilizes electromagnetic waves, particularly spread-spectrum technology based on
radio waves, to transfer information between devices in a limited area. There are two types of
WLANs, infrastructure WLANs and independent WLANs. Infrastructure WLANs, where the wireless
network is linked to a wired network, is more commonly deployed today. In an infrastructure WLAN,
the wireless network is connected to a wired network such as Ethernet, via access points, which
possesses both Ethernet links and antennas to send signals. These signals span microcells, or circular
coverage areas (depending on walls and other physical obstructions), in which devices can
communicate with the access points, and through these, with the wired network (see picture below).
In a wireless LAN, devices can move within and between coverage areas without experiencing
disruption in connectivity as long as they stay within range of an access point or extension point
(similar to an access point) at all.
MSFC
Key Features:
• Delivers a broad array of Cisco IOS software services

• Provides intelligent services with Cisco IOS software
• Provides hardware based layer three switching for IP, IPX and IP Multicast;
improved control plane performance; and support for large routing tables
• Provides multimedia services such as CGMP, IGMP, and PIM, security services such
as access lists and encryption, and CoS enablers such as RSVP and WFQ
• Supports redundancy when redundant MSFC2 equipped supervisors are deployed
Q. Will the standby router take over if the active router LAN interface state is "interface up line
protocol down"?
A. Yes, the standby router takes over once the holdtime expires. By default, this equals to three hello
packets from the active router having been missed. The actual convergence time depends on the
HSRP timers configured for the group and possibly on routing protocol convergence. The HSRP
hellotime timer defaults to 3 and the holdtime timer defaults to 10.
Q. Can I configure more than one standby group with the same group number?
A. Yes. However, Cisco does not recommend it on lower-end platforms such as the 4x00 series and
earlier. If the same group number is assigned to multiple standby groups, it creates a non-unique
MAC address. This is seen as the router's own MAC address and it is filtered out if more than one
router in a LAN becomes active. This behavior may change in future releases of Cisco IOS®.
Note: 4x00 series and earlier do not have the hardware required to support more than one MAC
address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple
MAC addresses on all Ethernet and Fast Ethernet interfaces.
Q. When an active router tracks serial 0 and the serial line goes down, how does the standby
router know to become active?
A. When a tracked interface's state changes to down, the active router decrements its priority. The
standby router reads this value from the hello packet priority field, and becomes active if this value is
lower than its own priority and the standby preempt is configured. You can configure by how much
the router should decrement the priority. By default, it decrements its priority by 10.
Q. If there is no priority configured for a standby group, what determines which router is
active?
A. The priority field is used to elect the active router and the standby router for the specific group. In
the case of an equal priority, the router with the highest IP address for the respective group is elected
as active. Furthermore, if there are more than two routers in the group, the second highest IP address
determines the standby router and the other router/routers are in the listen state.
Note: If no priority is configured it uses the default of 100.
Q. What are the limiting factors that determine how many standby groups can be assigned to a
router?
A. Ethernet: 256 per router. FDDI: 256 per router. Token Ring: 3 per router (uses reserved
functional address).
Note: 4x00 series and earlier do not have the hardware required to support more than one MAC
address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple
MAC addresses on all Ethernet and Fast Ethernet interfaces.
Q. Which HSRP router requires that I configure preempt?
A. An HSRP-enabled router with preempt configured attempts to assume control as the active router
when its Hot Standby priority is higher than the current active router. The standby preempt
command is needed in situations when you want an occurring state change of a tracked interface to
cause a standby router to take over from the active router. For example, an active router tracks another
interface and decrements its priority when that interface goes down. The standby router priority is
now higher and it sees the state change in the hello packet priority field. If preempt is not configured,
it cannot take over and failover does not occur.
Q. From reading the documentation it looks like I can use HSRP to achieve load-balancing
across two serial links. Is this true?
A. Yes, refer to Load Sharing with HSRP for more information.

Q. Does HSRP support DDR, and if so, how will it know to dial?
A. No, HSRP does not support Dial-on-Demand Routing (DDR) directly. However, you can
configure it to track a serial interface and swap from the active to the standby router in case of a WAN
link failure. The command used to track the state of an interface is standby <group#> track
<interface> .
Q. I am using HSRP and all hosts are using the active router to forward traffic to the rest of my
network. I have noticed that the return traffic comes back through the standby router.
Will this cause problems with HSRP or my applications?
A. No, normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a
router experiences high traffic. You can change this by configuring a more desirable cost for the link
you would like the distant router/routers to use.
Q. How does DECnet traffic fit into the HSRP scenario?
A. DECnet and XNS are compatible with HSRP and multiple HSRP (MHSRP) over Ethernet, FDDI,
and Token Ring on the Cisco 7000 and Cisco 7500 routers only. For more information, refer to Using
HSRP for Fault-Tolerant IP Routing.
Q. Can a Cisco 2500 and Cisco 7500 router on the same LAN segment use HSRP, or do I have to
replace one of the routers so the platforms are identical?
A. You can mix the platforms with HSRP, but you are not able to support multiple HSRP (MHSRP)
due to the hardware limitations of the lower-end platform.
Q. If I use a switch, what do I see on the CAM tables for the HSRP?
A. The content-addressable memory (CAM) tables provide a map for the HSRP MAC address to the
port on which the active router is located. In this way, you can determine what the switch perceives
the HSRP status to be.
Q. What is the standby use-bia command and how does it work?
A. By default, HSRP uses the preassigned HSRP virtual MAC address on Ethernet and FDDI, or the
functional address on Token Ring. To configure HSRP to use the interface's burnt-in address as its
virtual MAC address, instead of the default, use the standby use-bia command.
For example, on Token Ring, if Source Route Bridging is in use, a Routing Information Field (RIF) is
stored with the virtual MAC address in the host's RIF cache. The RIF indicates the path and final ring
used to reach the MAC address. As routers transition to the active state, they send gratuitous Address
Resolution Protocols (ARPs) in order to update the host's ARP table. However, this does not affect the
RIF cache of the hosts that are on the bridged ring. This situation can lead to packets being bridged to
the ring for the previous active router. To avoid this situation, use the standby use-bia command. The
router now uses its burnt-in MAC address as the virtual MAC address.
Note: Using the standby use-bia command has these disadvantages:
• When a router becomes active the virtual IP address is moved to a different MAC address.
The newly active router sends a gratuitous ARP response, but not all host implementations
handle the gratuitous ARP correctly.
• Proxy ARP breaks when use-bia is configured. A standby router cannot cover for the lost
proxy ARP database of the failed router.
Q. Can I run NAT and HSRP together?
A. You can configure network address translation (NAT) and HSRP on the same router. However, a
router that runs NAT holds state information for traffic that is translated through it. If this is the active
HSRP router and the HSRP standby takes over, the state information is lost.
Note: Stateful NAT (SNAT) can make use of HSRP to fail over. For more information, refer to NAT
Stateful Failover of Network Address Translation. Static NAT Mapping Support with HSRP for High
Availability is another feature which makes NAT and HSRP interact. For more information refer to
NAT—Static Mapping Support with HSRP for High Availability.
Q. What are the IP source address and destination address of HSRP hello packets?
A. The destination address of HSRP hello packets is the all routers multicast address (224.0.0.2). The
source address is the router's primary IP address assigned to the interface.
Q. Are HSRP messages TCP or UDP?
A. UDP, since HSRP runs on UDP port 1985.
Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permit HSRP
through an ACL?
A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an
ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are
permitted.
The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks, ensuring
that user traffic immediately and transparently recovers from first hop failures in network edge
devices or access circuits.
Understanding Spanning-Tree Protocol
Spanning-Tree Protocol is a link management protocol that provides path redundancy while
preventing undesirable loops in the network. For an Ethernet network to function properly, only one
active path can exist between two stations.
Multiple active paths between stations cause loops in the network. If a loop exists in the network
topology, the potential exists for duplication of messages. When loops occur, some switches see
stations appear on both sides of the switch. This condition confuses the forwarding algorithm and
allows duplicate frames to be forwarded.
To provide path redundancy, Spanning-Tree Protocol defines a tree that spans all switches in an
extended network. Spanning-Tree Protocol forces certain redundant data paths into a standby
(blocked) state. If one network segment in the Spanning-Tree Protocol becomes unreachable, or if
Spanning-Tree Protocol costs change, the spanning-tree algorithm reconfigures the spanning-tree
topology and reestablishes the link by activating the standby path.
Each port on a switch using Spanning-Tree Protocol exists in one of the following five states:
• Blocking
• Listening
• Learning
• Forwarding
• Disabled
How the Router Uses the Boot Field
The lowest four bits of the 16-bit configuration register (bits 3, 2, 1, and 0) form the boot field. The
following boot field values determine if the router loads an operating system and where it obtains the
system image:
• When the entire boot field equals 0-0-0-0 (0x0), the router does not load a system image.
Instead, it enters ROM monitor or "maintenance" mode from which you can enter ROM monitor
commands to manually load a system image. Refer to the " Manually Loading a System Image from
ROM Monitor" section for details on ROM monitor mode.
• When the entire boot field equals 0-0-0-1 (0x1), the router loads the boot helper or rxboot
image.
• When the entire boot field equals a value between 0-0-1-0 (0x2) and 1-1-1-1 (0xF), the router
loads the system image specified by boot system commands in the startup configuration file. When
the startup configuration file does not contain boot system
0 to load the system image manually using the boot command in ROM monitor mode.
• 1 to load the system image from boot ROMs. On the Cisco 7200 series and Cisco 7500 series, this
setting configures the system to automatically load the system image from bootflash.
• 2-F to load the system image from boot system commands in the startup configuration file or
from a default system image stored on a network server.
Trunk – A trunk is a point to point link between one or more Ethernet switch port and another
networking devices.

Interview

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Interview

Загружено:

Авторское право:

Доступные форматы

QOS

static routing / Dynamic Routing .. - Okay

eigrp bgp, vrf, spanning tree, trunking

Port Channel --> On going - LACP

3. Vlan & VTP modes.

Routing - Static routes. ,BGP on MPLS.,EIGRP.,MPLS-VRF.,Sub netting.

Firewall- Nat & types of Nat.,Basic idea on ACL.

Layer 2 switch broadcast the frames and received the information.

1. Virtual Routing and forwarding is used on the MPLS network.

2. VRF is maintain the multiple routing table on the single router.

7. Multi protocol Label Switching ( MPLS) VPN technology.

b. Determine the least cost paths to the root bridge-

ii. BPDU are exchanged regularly ( every 2 sec)

Election of the Root Switch

1. The election of a unique root switch for the table

2. The election of a designated switch for every switched LAN segment.

3. The removal of loops in the switched network

2. The path cost to the root

3. The port identifier with each switch.

Blocking, Listening, Learning, Forwarding, Disabled.

VLAN information distributed to all switches by VTP domain.

VTP Operation on three mode

1. Server – In the VTP mode , create, modify the VLANS

1. Port security can do based on the MAC address

1. MAC blocking 2. MAC learning

1. Stackable switch is always single management interface

4. Collectively use the Cisco switches.

Manage the switch stack through a single IP address.

Port channelling is make a communication between router & Switch.

Three method of controlling the traffic.

PIX have very simple mechanisms to control traffic between interface.

Cisco 6500 Super Wiser Engineer 32

Static Routing Vs Dynamic Routing….

Static route is a route that is created manually by the network adminstrator.

Dynamic route are created by routing protocol.

Static routing administrative distance is one.

IGRP default administrative distance is 100

EIGRP ( Enhanced Interior Gateway Routing Protocol)…

1. It is link state routing protocol.

2. Cisco Preparatory routing protocol & Distance vector routing protocol.

3. Routing optimisation is based on the Diffusing update algaritham (DUAL)

8. Support of Variable Length subnet Masks (VLSM)

10.EIGRP format packet ( hello / ACk, Updates, Queries, Replies, Request )

11.EIGRP administrative distance is 120

12.EIGRP only send the updated information if any network changes.

13.EIGRP Default hop count is 224

14.IGRP default hop count s 111

15.EIGRP use reduce the bandwidth

16.EIGRP will learn the successor and feasible successor.

18.EIGRP default hold time is three times of Hello packets.

19.RTP ( Reliable Transport Protocol) is responsible for guarabteed

20.Default hello interval is 5 second.

21.Update, query & replay packet , replay – Acknowledgement oriented.

22.Hello, ACK are – NON Acknowledgment oriented.

a. Tracks all routs advertised by neighbour.

c. If successor is fails , select the feasible successor.

24.DUEL is used to select the best path

1. Response quickly as the network changes.

2. Send triggered update when network changes occurs

3. Send periodic update, link-state refresh, and such every 30 min

3. Digistra algoritham calculate the all possible routes.

4. OSPF Area - Characteristics

2. Minimizes routing table entry.