Академический Документы
Профессиональный Документы
Культура Документы
port sharing
VLAN
Port Mapping
Port Security
VRF
Stacking -
Subnets
VLAN Concepts
BGP
Static routes
Eigrp
STP
STP multipath
1. Cisco switch Stack 3750 stack.
2. Port-channel.
4. STP.
Layer 3 Switch – High Performance devices. Layer 3 switch very little differ from routers. A layer 3
switch support the routing protocols Both inspect the incoming & outgoing packet and dest
Layer 2 switch, frames are based on the MAC address information, Layer 3 switch frames are based
on the network-layer information.
Layer 2 switching does not look inside a packet for network-layer information. Layer 2 switching is
performed by looking at destination MAC address within a frame. Layer 2 switch maintain the MAC
address table.
Layer 3 switching operates at the network layer. It examines packet information and forward packets
based on their network- layer destination address.
VRF :
3. Virtual routing and forwarding is a technology included in IP ( Internet Protocol) network routers
that allow multiple instances of the routing table to exist in a router and work simultaneously.
4. Increases functionally by allowing network paths to be segmented without using multiple devices.
5. VRF acts like a Logical router , but while a logical router may include many routing tables.
6. Virtual routing and forwarding is a technology implemented in the IP network routers that allow
multiple instances of a routing table to exist on the same router in the same time
8. Virtual Network enable administrator to split a physical link into multiple virtual link completely
isolated one from the others. Virtual Link will be dedicated to traffic from a specific application or
customer.
MPLS functionally based on P ( Provider) router, PE ( Provider Edge) router and CE ( Customer
edge) router.
One PE router can hold and manage multiple virtual routing. If you are running in a private
environment , you can use MPLS VPN to separate services.
The Route distinguisher (RD ) is a number which help identify a VPN in a provider network and
allow for overlapping IP space.
The Route target (RT) indicates the VPN membership of a route and allow VPN routes to be imported
or exported into or out of your VRF
Spanning Tree
1. STP is the link layer network protocols that ensure a loop free topology.
2. Basic functionally of the STP is prevent bridge loop and ensuring broadcast radiation.
a. Select Root Bridge – We need to select the root bridge with the smallest bridge ID,
Each bridge has a unique identifier and configure the selected ID . Based on the
priority value the bridge
c. Bridge Protocol Data Unit ( BPDU ) – BPDU frame using the Bridge ID and MAC
address of the port itself and Source and Destination address.
i. BPDU exchange regularly and enable switch keep track of network changes
and start and stop forwarding at ports as required.
3, Blocking ,Listening – Switch process BPDU and awaiting new possible information.,
Learning ,Forwarding ,Disabled
Spanning tree protocol is a link management protocol that provide path redundancy while prevening
undesirable loops in the network.
Multiple active paths between stations cause loops in the network. If the loop exists in the network
topology, the potential exists for duplication of message.
BPDU –
1. The Unique switch identifier ( MAC address) associated with each switch.
One switch is elected as the root switch. The shortest destination to the root switch calculated
for each switch.
VTP
VTP ( VLAN Trunking Protocol) – Cisco proprietary Layer 2 messaging protocol that manage the
addition, deletion and renaming of VLAN on a network wide basis. VTP reduce the administration in
a switch network.
2. Client – VTP client is works like Server, but not able to create , delete…
3. Transparent – The switch does not participate in VTP, A VTP transparent switch will not
advertise its VLAN configuration and does not synchronize.
VTP sends message between trunked switches to maintain VLAN on these switch
Port Security –
Stacking …
The term “ Stack “ refers to the group of switch that have been set up in the way.
2. Switch stack has up to nine stack members connected through their stackwise port. A switch
stack always has one stack master.
3. The stack member number (1 to 9 ) identifies each member in the switch stack.
A switch stack is a set of up to nine Catalyst 3750 switches connected through their
StackWise ports. One of the switches controls the operation of the stack and is called the
stack master.
The stack master and the other switches in the stack are stack members.
A switch member are eligible stack masters. If the stack master becomes unavailable, the
remaining stack members participate in electing a new stack master from among themselves.
The switch with the high priority value become the stack master.
Switch running the cryptographic version of the SMI or EMI (Standard multiplayer image) or
EMI software.
Port Channel
Port channel support 2 , max 8 interfaces. The best way to use 2, 4 or 8. The load balancing is
based on layer 2/3 or 4.
Etherchannel – EtherCannel is a port trunking technology used primarily on cisco switches. It allow
grouping several physical Ethernet link to create one logical Ethernet link for the fault-tolerance and
high-speed link between switchs, router and servers.
A limitation of Etherchannel is that all the physical ports in the aggregation group must reside on the
same switch.
Firewall –
A firewall is a program or hardware device that filters the inbound and outbound traffic.
1. Packet Filtering - Packets are analyszed against a set of filters. Packets that make it through
the filters are sent to the requesting systems and all others are discarded.
2. Proxy Service – Information from the internet is retrieved by the firewall and then sent to the
requesting system and vice versa.
3. State full Inspection – It does not examine the content of each packet but instead compares
certain key parts of the packet to a database of trusted information. Inbound and outbound are
monitored for specific characteristic, then incoming information is compared to these
characteristic. If the comparison yeald the reasonable match, the traffic allowed thought,
otherwise its discarded
Security Level.
The ASA allow traffic pass from trusted to untrusted , but not the reverse. The traffic can pass from
interface with high security levels to interfaces with lower security levels. ASA block the lower level
to high level.
• Security level 100—The highest possible level, it is used by the inside interface by default.
Using the trusted-untrusted terminology, this level is considered the most trusted.
• Security level 0—The lowest possible level, it's used by the outside interface by default,
making it the most untrusted interface. Traffic can pass from this interface to other interfaces only
if manually configured to do so.
• Security levels 1–99— Can be assigned to any other interface on the PIX. On a three-
pronged PIX firewall, the inside is typically 100, the outside is 0, and the third interface could be
50. Traffic from interfaces between 1 and 99 can pass through to the outside (0), but it is
prevented from passing to the inside (100). This is because the interface has a lower security level
setting than the inside.
Static routing is not really a protocol, simply the process of manually entering routes into the routing
table via a configuration file that is loaded when the routing devices starts up.
http://www.trainsignaltraining.com/free-video-training/free-ccna-training-videos-static-routing-and-
rip/
Static routing is manually entering the route based on the best path consideration.
Dynamic routing is
Dynamic routing protocols are software application that dynamically discover network. A router will
learn “ routes” to all directly connected network. It will learn routes from other routers that run the
same routing protocols. The router will then sort through its list of routes and select the best path.
5. Link state routing protocols – Based on the algorithm find the shortest path. They work by
exchanging a description of each node and its exact connections to its neighbours.
6. EIGRP allows for equal cost load balancing, incremental routing updates and formal
neighbour relationship
7. EIGRP reduces bandwidth usage. Its updates only when topology changes occur.
9. Using Hello messages, EIGRP sessions establish and maintain neighbor relationships with
neighboring routers.
17.EIGRP maintain three database – Neigbor DB, toptoplogy DB, IP routing table
23.EIGRP DUAL
b. Select the loop free successor and select the feasible successor.
OSPF
1. Its is link state routing protocol. – Generate routing update when any network
changes.
2. Neighbour Table, Topology table, Routing table – Link state data structure.
7. OSPF select the DR ( Designated Router) and BDR ( Backup Designated router)
8. OSPF protocol that builds three tables : Neigbour table, LS topology table and routing table.
9. OSPF protocol have five type of packet, hello, database description, Link state
Request( LSR), Link State Update (LSU) and ACK.
1.
IGRP..
Catayst 3750 switch that run cisco IOS software relase 12.2
Ling Aggregation Control Protocol ( LACP ) and Port Aggregation Protocol ( PAgP) is a Cisco
proprietary protocols that run on Cisco Switch.
New method for collectively utilizing the capabilities of a stack of switch. Switch intelligently join to
create a single switch unit with a 32 gbic
Switch can be added to and deleted from a working stack without affecting performance.
Switch are united into a single logical units using special stack interconnected cables that create
bidirectinoal closed –loop path.
Layer 2 and Layer 3 forwarding – layer 2 forwarding is done with a distribution layer. Layer 3 is
done in a centralized manner.
Cisco Catalyst 3750 series switch has a single IP address and is managed as a single object. The
single IP management applies to active fault detection, VLAN creation , Modification and deletion ,
Security and QoS controls.
Cisco stackwise technology units up to nine individual cisco 3750 switch into a single logical units.
This single stack will allow share the same network topology, MAC address and routing information.
Physical sequential linkages – A break of the any one cable will result in the stack bandwidth being
reduced to half of its full capability.
1. User Priority – network manager can select the which switch as a master.
3. Default configuration.
4. Uptime
5. MAC address
Shared network Topology information - The master switch is responsible for collecting and
maintaiing correct routing information. It send periodic update to all subordinate switchs. The master
switch is responsible for routing control and processing.
Subordinate switch activity –
Switching Mode …
Fast forwards – Fast forwards offers the lowest level of latency by immediately forwarding a packet
after receiving the destination address. In Fastforward mode, latency is measured first bit received to
first bit transmitted (FIFO)
Fragment Free – Fregment free switching filters out collision fragments, the majority of packet
errors before forwarding begins.
Store – and – Forward. - Complete packet are stored and checked for error prior to transmission. In
Sore and forward mode, Latency is measured last bit received to first bit tranmitted or LIFO ( Last in
Fast out)
Adminsitrative distance is the feature that routers use in order to select the best path when there are
two or more different routes to the same distinaiton from two different routing protocol.
AD distance is the first criterion that a router used to determine which routing protocol to use if two
protocols provide route information for the same destination.
Administrative distance is used to select the best path when there are two or more different routes to
the same distance from two different routing protocols.
Default Distance
Route Source
Values
Connected interface 0
Static route 1
Enhanced Interior Gateway Routing
5
Protocol (EIGRP) summary route
External Border Gateway Protocol (BGP) 20
Internal EIGRP 90
IGRP 100
OSPF 110
Intermediate System-to-Intermediate
115
System (IS-IS)
Routing Information Protocol (RIP) 120
Exterior Gateway Protocol (EGP) 140
On Demand Routing (ODR) 160
External EIGRP 170
Internal BGP 200
Unknown* 255
Clock rate – The clock rate interface command has been enhanced for the synchronous serial
port
Class Address
MPLS was originally presented as a way of improving the forwarding speed of routers but is now
emerging as a crucial standard technology that offers new capabilities for large scale IP network.
MPLS terminology, the packet handled nodes or router are called Label switched router (LSR)
MPLS is the standard technology for speeding up network traffic flow and make it easy to manage
MPLS – VRF ( Virtual Routing and forwarding ) is a technology that allow multiple instances of a
routing table
ACL…
Empty ACL permit all traffic
Standard Access Control list (ACL) are Cisco IOS based commands used to filter packets on cisco
router based on the source IP address of the packet.
Extended access control list have the ability to filter packet based on source and destination IP
address.
Numbers between 1 and 99, or any number between 1300 and 1999 can be used in a Standard ACL.
NAT , Content Filtering, URL filtering, IPSec VPN, DHCP Server / Client,
Static NAT
NAT – NAT is a way to map a range of global address to an inside or peimeter (DMZ) address.
3. Overloading – is the form of dynamic NAT but maps multiple unregistered IP address
to one single registered IP address. This is know as PAT or single address NAT.
NAT Terms..
Inside Global Address – A legitimate IP address assigned by the NIC or service provider that
represents one or more inside local IP address to the outside world.
ARP maps IP address into MAC address. And ARP maps MAC address into IP address
BGP….
BGP is a protocol for exchanging routing information between gateway hosts in a network of
autonomous systems. The routing table contains a list of known routers, the address they can reach
and a cost metric associated with the path to each router.
Load balancing - BGP does NOT load balancing traffic; it choose & installs a "Best " route
VLAN Creation …
To define a VLAN on the cisco device, we need a VLAN ID, a VLAN name, Ports
• Supervisor engines
• Switch fabric modules
• Fast Ethernet modules
• Gigabit Ethernet modules
• 10 Gigabit Ethernet modules
• Voice modules
• Flex Wan Modules
• ATM modules
• Multi Gigabit services modules (content services ,firewall, intrusion detection,
IPSec/VPN, network analysis, and SSL acceleration)
The Cisco Supervisor engine 720 offer a strong set of security features. The supervisor engine 720
builds on the proven Cisco Express forwarding ( CEF) architecture, by supporting centralized
forwarding ( CEF) and distributed forwarding ( dCEF)
MSFC3
The MSFC3 is an integral part of the supervisor engine 720, providing high performance multiplayer
switching and routing intelligence.
What is the difference between gateway and firewall?
A network gateway joins two network together through a combination of hardware and software.
A network firewall guards a computer network against unauthorized incoming or outgoing access.
Firewall are designed to examine and accept / reject traffic. Both ACL are do the same job.
Depending upon our requirement we do our ACL configuration.
Can traceout command work across the firewall? If No then why? If Yes then why?
Firewall
1. Packet filters
2. Circuit level gateways
3. Application level gateways
4. Stateful multiplayer inspection firewalls
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. A
router is a device that receives packets from one network and forwards them to another network. In a
packet filtering firewall each packet is compared to a set of criteria before it is forwarded.
http://www.vicomsoft.com/knowledge/reference/firewalls1.html#1
circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP / IP. This
is useful for hiding information about protecting networks. Circuit level gateway are relatively
inexpensive and have advantage of hiding information.
Application level gateway also called proxies are similar to circuit level gateway expect that they are
application specific. The can filter packet at the application layer of the OSI model.
Stateful multiplayer inspection firewall. They filter packets at the network layer.
What is IP Spoofing?
Many firewall examine the source IP address of packet to dertmine if they are legitimate.
IP spoofing – This is useful technique , since many system define which packet may and which
packets may not pass based on the sender IP address.
Routing Funcion
The routing function is responsible for learning the logical topology of the network and then make
decision based on the knowledge
Switching Function
It is concerned with moving data across the router. It is responsible for forwarding the datagram.
• OSPF Incremental with only the network change. However, 30 minutes after the last update
was received, a compressed version of the table is propagated. Link state.
• EIGRP Incremental updates with network change only. Advanced distance vector,
sometimes called enhanced distance vector or a hybrid routing protocol.
• IGRP Updates every 90 seconds with incremental updates as needed. Distance vector.
• BGP-4 Incremental with only the network change. Path vector, sometimes referred to as a
type of distance vector routing protocol.
• IS-IS Incremental with only the network change. However, the router that originated the
LSPmust periodically refresh its LSPs to prevent the remaining lifetime on the receiving
routerfrom reaching 0. The refresh interval is 15 minutes. This means that approximately 15
minutes after the last update was received, a compressed list of all the links the router has
knowledge of is sent to all routers. Link state.
Distance Vector Routing Protocols Versus Link-State Routing Protocols
• Sends its entire routing table at periodic intervals out of all interfaces (typically, this is based
in seconds). Sends triggered updates to reflect changes in the network.
• Typically involves updates sent using a broadcast address to everyone on the link.
• Uses a metric based on how distant the remote network is to the router. (IGRP does not
conform to this as a proprietary solution.)
• Has knowledge of the network based on information learned from its neighbors.
• Includes a routing table that is a database viewed from the perspective of each router.
• Uses the Bellman Ford algorithm for calculating the best path.
• Does not consume many router resources, but is heavy in the use of network resources.
• Maintains one domain in which all the routes are known.
• Has a hierarchical design of areas that allow for summarization and growth.
• For effective use, the addressing scheme should reflect the hierarchical design of the network.
• Sends incremental updates when a change is detected. OSPF will send summary
information every 30 minutes, regardless of whether incremental updates have been sent in
that time.
• Typically involves updates sent to those routers participating in the routing protocol domain,
via a multicast address.
• Has knowledge of the network based on information learned from every router in the area.
• Has a topological database that is the same forevery router in the area. The routing table that
is built from this database is unique to each router.
• Uses many router resources, but is relatively low in its demand for network resources.
RIP V1
OSPF
• Control plane—The control plane process is responsible for building and maintaining the IP
routing table, which defines where an IP packet should be routed to based upon the
destination address of the packet, which is defined in terms of a next hop IP address and the
egress interface that the next hop is reachable from. Layer 3 routing generally refers to control
plane operations.
• Data plane—The data plane process is responsible for actually routing an IP packet, based
upon information learned by the control plane. Whereas the control plane defines where an IP
packet should be routed to, the data plane defines exactly how an IP packet should be routed.
This information includes the underlying Layer 2 addressing required for the IP packet so that
it reaches the next hop destination, as well as other operations required on for IP routing, such
as decrementing the time-to-live (TTL) field and recomputing the IP header checksum. Layer
3 switching generally refers to data plane operations.
7200 Router
7200 enable an integrated solution for routing and security including Qos , multicast and miltiprotcol
traffic across the vpn. Utilizing the VPN acceleration module (VAM2) , the cisco 7301 and cisco
7200 series VPN routers deliver IPsec encryption scalability to 145 MBps for the most demanding
head end , site- to – site VPN.
Control Plane Policing (CPP), Committed Access Rate (CAR) ,Voice & Video Enabled IPSEC
(V2PN) , Connected Engine – Network module (NM – CE)
What is ICMP ?
What is a bandwidth?
Every line has a upper limit and a lower limit on the frequency of signals it can carry. This limited
range is called the bandwidth.
Frame Relay is a packet switching technology. It will operate in the data link layer.
• Ethernet
• Token Ring
• ArcNet
An Ethernet LAN is often described in terms of three parameters: transmission rate, transmission
type, and segment distance.
"10base2" means:
A 10Base2 Ethernet LAN conforms generally to the IEEE 802.3 standard. Also known as Thinnet
Ethernet, it has the following key characteristics:
• Transmits at 10 Mbps
• Uses Thinnet coaxial cable
• Supports a maximum of 30 nodes per segment
• Uses local bus topology
• Minimum distance between computers is 0.5m (not including drop cables)
• Maximum length of segment is 185m
• Up to 5 segments can be connected (but only 3 can accommodate nodes)
• Connected with BNC connectors (T-connectors)
• Used primarily for smaller workgroups or departments
Token ring is a relatively expensive LAN architecture that is strongly influenced by IBM. It is very
stable and can be expanded without a significant degradation in network performance.
Token ring uses the token passing media access control. Data transmission normally occurs at 4 or 16
Mbps depending on the cable.
Token ring is normally implemented in a logical ring/physical star topology with a MAU
(Multistation Access Unit) as the hub. The maximum number of stations on one ring is 260 for
shielded twisted pair and 72 for unshielded twisted pair (UTP). There can be up to 33 MAUs per ring.
Token Ring LANs normally use shielded twisted pair (STP) but may also use unshielded twisted pair
(UTP) or fiber-optic cable. The maximum distance to the MAU from the workstation depends on the
cable and varies from 45 meters for UTP to 100 meters for STP.
What is a topology?
A topology refers to the manner in which the cable is run to individual workstations on the network.
The dictionary defines topology as: the configurations formed by the connections between devices on
a local area network (LAN) or between two or more LANs
The HELLO protocol used time instead of distance to determine optimal routing. It is an alternative to
the routing information protocol.
THE RARP allows a host to discover its internet address when it knows only its physical address.
Sending a message to a group is called multicasting, and its routing algorithm is called multicast
routing.
What is OSPF ?
It in an internet routing protocol that scales well,can route traffic along multiple paths, and uses k
If the number of incoming clients requests exceeds the number of processes in a server class, the TP
Monitor may dynamically start new ones and this is called Load balancing.
What is the difference between TFTP and FTP application layer protocols?
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but
does not provide reliability or security. It uses the fundamental packet delivery services offered by
UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file
from one host to another. It uses the services offered by TCP and so is reliable and secure. It
establishes two connections (virtual circuits) between the hosts, one for data transfer and another for
control information.
What are the advantages and disadvantages of the three types of routing tables?
The three types of routing tables are fixed, dynamic, and fixed central. The fixed table must be
manually modified every time there is a change. A dynamic table changes its information based on
network traffic, reducing the amount of manual maintenance. A fixed central table lets a manager
modify only one table, which is then read by other devices. The fixed central table reduces the need to
update each machine's table, as with the fixed table. Usually a dynamic table causes the fewest
problems for a network administrator, although the table's contents can change without the
administrator being aware of the change.
The Mount protocol returns a file handle and the name of the file system in which a requested file
resides. The message is sent to the client from the server after reception of a client's request.
What is the HELLO protocol used for?
The HELLO protocol uses time instead of distance to determine optimal routing. It is an alternative to
the Routing Information Protocol.
What is the minimum and maximum length of the header in the TCP segment and IP
datagram?
The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes.
The data unit in the LLC level is called the protocol data unit (PDU). The PDU contains of four fields
a destination service access point (DSAP), a source service access point (SSAP), a control field and
an information field. DSAP, SSAP are addresses used by the LLC to identify the protocol stacks on
the receiving and sending machines that are generating and using the data. The control field specifies
whether the PDU frame is a information frame (I - frame) or a supervisory frame (S - frame) or a
unnumbered frame (U - frame).
What are the data units at different layers of the TCP / IP protocol suite?
The data unit created at the application layer is called a message, at the transport layer the data unit
created is called either a segment or an user datagram, at the network layer the data unit created is
called the datagram, at the data link layer the datagram is encapsulated in to a frame and finally
transmitted as signals along the transmission media.
The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit
physical address, used by a host or a router to find the physical address of another host on its network
by sending a ARP query packet that includes the IP address of the receiver.
The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it
knows only its physical address.
The address for a device as it is identified at the Media Access Control (MAC) layer in the network
architecture. MAC address is usually stored in ROM on the network adapter card and is unique.
Signals are usually transmitted over some transmission media that are broadly classified in to two
categories:-
Guided Media:
These are those that provide a conduit from one device to another that include twisted-pair, coaxial
cable and fiber-optic cable. A signal traveling along any of these media is directed and is contained by
the physical limits of the medium. Twisted-pair and coaxial cable use metallic that accept and
transport signals in the form of electrical current. Optical fiber is a glass or plastic cable that accepts
and transports signals in the form of light.
Unguided Media:
This is the wireless media that transport electromagnetic waves without using a physical conductor.
Signals are broadcast either through air. This is done through radio communication, satellite
communication and cellular telephony.
Server-based network.
Peer-to-peer network.
Peer-to-peer network, computers can act as both servers sharing resources and as clients using the
resources.
Server-based networks provide centralized control of network resources and rely on server computers
to provide security and network administration.
Sending a message to a group is called multicasting, and its routing algorithm is called multicast
routing.
Routable protocols can work with a router and can be used to build large networks. Non-Routable
protocols are designed to work on small, local networks and cannot be used with a router.
Repeater:
Also called a regenerator, it is an electronic device that operates only at physical layer. It receives the
signal in the network before it becomes weak, regenerates the original bit pattern and puts the
refreshed copy back in to the link.
Bridges:
These operate both in the physical and data link layers of LANs of same type. They divide a larger
network in to smaller segments. They contain logic that allow them to keep the traffic for each
segment separate and thus are repeaters that relay a frame only the side of the segment containing the
intended recipent and control congestion.
Routers:
They relay packets among multiple interconnected networks (i.e. LANs of different type). They
operate in the physical, data link and network layers. They contain software that enable them to
determine which of the several possible paths is the best for a particular transmission. Gateways: They
relay packets among networks that have different protocols (e.g. between a LAN and a WAN). They
accept a packet formatted for one protocol and convert it to a packet formatted for another protocol
before forwarding it. They operate in all seven layers of the OSI model.
What is redirector?
Redirector is software that intercepts file or prints I/O requests and translates them into network
requests. This comes under presentation layer.
Packet filter is a standard router equipped with some extra functionality. The extra functionality
allows every incoming or outgoing packet to be inspected. Packets meeting some criterion are
forwarded normally. Those that fail the test are dropped.
One of two sublayers of the data link layer of OSI reference model, as defined by the IEEE 802
standard. This sublayer is responsible for maintaining the link between computers when they are
sending data across the physical network connection.
One of the main causes of congestion is that traffic is often busy. If hosts could be made to transmit at
a uniform rate, congestion would be less common. Another open loop method to help manage
congestion is forcing the packet to be transmitted at a more predictable rate. This is called traffic
shaping.
NETBIOS is a programming interface that allows I/O requests to be sent to and received from a
remote computer and it hides the networking hardware from applications.
NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and IBM
for the use on small subnets.
is using a router to answer ARP requests. This will be done when the originating host believes that a
destination is local, when in fact is lies beyond router.
It is the protocol the routers in neighboring autonomous systems use to identify the set of networks
that can be reached within or via each autonomous system.
What is IGP (Interior Gateway Protocol)?
What is OSPF?
It is an Internet routing protocol that scales well, can route traffic along multiple paths, and uses
knowledge of an Internet's topology to make accurate routing decisions.
A new feature is Dynamic DNS (DDNS) and as you begin to find out more about how name
resolution and service location works, it's a feature you'll be quite thankful for. The basic premise
behind DNS is that when a client starts it will register its name-to-IP address mapping with the DNS
server that it's configured with. This is a giant change from NT 4.0 when administrators had to enter
in all DNS records manually. DDNS works similarly to how WINS worked in NT 4.0 where most, if
not all, clients were registered dynamically.
What Is Switch?
Today, network designers are moving away from using bridges and hubs and are primarily using
switches and routers to build networks. Technology advances are producing faster and more
intelligent desktop computers and workstations. The combination of more powerful
computers/workstations and network-intensive applications has created a need for network capacity,
or bandwidth, that is much greater than the 10 Mbps that is available on shared Ethernet/802.3
LANS. Today's networks are experiencing an increase in the transmission of large graphics files,
images, full-motion video, and multimedia applications, as well as an increase in the number of users
on a network.
6 Presentation
5 Session
4 Transport Segments
3 Network Packets Router
VPN connections are similar to dial-up connections in that they give remote users access to your
network. But unlike dial-up connections, VPNs let you use an existing network—the Internet, for
example—as the connection medium. VPNs wrap the Point-to-Point Protocol (PPP) packets used in
dial-up connections with additional tunneling protocol headers that let the VPN packets travel
securely over a shared network. VPN is especially beneficial in situations where users would
otherwise incur long-distance charges when dialing in to your network. To use VPN, all you need at
the client is a connection to the Internet (and with the proliferation of broadband Internet connections,
VPN users can realize significantly greater connection speeds than dial-up users). Of course, because
you're communicating over a public network, it's important that you adequately secure data
communications. How you secure data communications depends on the tunneling protocol you use.
Port Details
224.0.0.1 EveryBody
Bridges
Software-based L2 Device
Learn MAC addresses
Segment LANs
Floods broadcasts
Filters Frames
Usually less than 16 ports
Switch
Hardware-based L2 device
Learns MAC addresses
Builds a CAM Table
Single station or LAN segment on each port
Floods broadcasts
Can have 100 or more ports
Uses the standard 16-bit cyclic redundancy check (CRC) for checking frames.
The FCS is the number arrived at after running the CRC and this number is placed into the field on
the end of the frame.
CRC - A mathematical computation to ensure the accuracy of frames transmitted between devices.
An L2 Frame
L3 Info L7 Info
L2 Info L2 Info
L4 Info
Address Learning –
Bridges and Switches place the source MAC address of every frame received into a MAC address
table in the switch’s memory
Frame Forwarding/Filtering –
The destination MAC address is looked up in the table and an exit port is located
Loop Avoidance –
When multiple connections between switches are created for redundancy, network loops can occur.
A frame is received:
Cut-through:
Store-and-Forward:
Copies the entire frame into its onboard buffers and computes the cyclic
redundancy check (CRC)
Latency varies depending on the frame length.
Waits for the collision window (first 64 bytes) to pass before Forwarding
Combines error checking with low latency
Dynamic
Permanent/Static
Manually configured. Never aged out of CAM table until an administrator makes a
change.
L2 Address/Port
Switches operate primarily at L2 of the OSI Model.
Summary
Switches move frames throughout our networks by checking the DMAC address
from the CAM Table and forwarding (or filtering if necessary) to the destination.
The switch’s CAM Table is built by looking at the Source MAC address of every
frame that enters the switch.
CAM Table entries are removed after 5 minutes of inactivity (by default).
Firewall
Stateful inspection technology (a.k.a. dynamic packet filtering) in firewalls refers to the ability to
track connection "state information" in addition to simple packet filtering for a more robust security.
What that means is, the firewall has the ability to base control decisions (e.g. whether to
accept/reject/authenticate/encrypt/log attempts) based on previous communication with the external
host, as well as other applications connected to it. In other words, stateful inspection allows for a
more intelligent decision-making than simple port/packet-based access blocking. A stateful
inspection firewall has the ability to retrieve and manipulate information derived from all
communication layers and from other applications.
Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet
filtering, which examines a packet based on the information in its header, stateful inspection
examines not just the header information but also the contents of the packet up through the
application layer in order to determine more about the packet than just information about its
source and destination.
Firewall Technologies
1. Packet Filtering
2. Application Layer Gateways
3. Stateful Inspection
4. Content filtering
Packet Filtering
The action a device takes to selectively control the flow of data to and from a network.
Packet filters allow or block packets, usually while routing them from one network to
another (most often from the Internet to an internal network, and vice versa ). To accomplish
packet filtering, you set up a set of rules that specify what types of packets (e.g., those to
or from a particular IP address or port) are to be allowed and what types are to be blocked.
Packet filtering may occur in a router, in a bridge, or on an individual host
A packet filtering router should be able to filter IP packets based on the following foure fields
1. Source IP address
2. Destination IP address
3. TCP / UDP source and Destinition ports
Content Filtering
The Application data is handed over to a content filtering server that unpacks the dat to see
what is inside, and harmful content is then disposed of.. For Example zipped files are unzipped first to
see what is inside them, If the content contains a virus it will be discarded or disinfected.
File types are identified and undesirable types. E.g executables can be removed, according to the
security policy.
DHCP
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses dynamically
so that addresses can be reused when hosts no longer need them.
Different between broadcast domain and collision domain. or explain broadcast domain and
collision domain.
Broadcast domain is related to communicate data in another network , it is related with Network layer
(IIIrd layer of osi model) , means from single point of network u can broadcast packets to many
clients on another netwrok.
Collision domain is can be in your same network , switches are producing collision domain breakup ,
because each port of swith is capable for collision domain breakup.
IGRP -- ? 110
ospf --> 90
Passive Interface:
In RIP interface pasive make it will receive routing info, but not send.
EIGRP
• It is Cisco Proprietary Protocols and distace vector routing technology that incorporate the
best feature of link state routing but remains fully compatible with IGRP
• EIGRP incoporates the Diffusing Update Algorithem (DUAL) , which is the decision making
process for all route compuations.
• A router running EIGRP stores all feasible routes (MAX 6) to a destination in its topology
table. This allows it to switch quckly to an alternative route whenever there is a
networkchanges.
• If EIGRP cannot find an alternative route locally, it queries its neighbours to discover a route.
• It uses Protocol dependent Modules (PDMs) as the mechanism for providing support for
different routing protocol at the network layer.
• EIGRP periodically sending small hello packets, router can learn of other routers on their
directly attached networks
• EIGRP is a classless routing protocol that advertises a route mask for every destination
network.
• EIGRP uses multicast and unicast packets, rather than broadcasts for operational traffic
• When changes occur in a route, EIGRP sends partial routing updates rather than complet
routing table.
• EIGRP uses multicast and unicast packets, rahter than broadcast for operatonal traffic.
• EIGRP operates at the Transport layer of the OSI reference model . eigrp 88 tcp 6 and upd 17
• EIGRP supports multiaccess, point to point and non broadcast multiaccess (NBMA)
topologies
• EIGRP enables you to implement a hierarchical network design.
• EIGRP provides link to link protocol level security to avoid unauthorized access to routing
table
• Eigrp have Neighbor table , topology table , routing table and successor and feasible sucessor
table
• An Eigrp topology table contains all router advertised by neighboring routers.
• DUAL maintains a separate table for each configured routing protocol. It is select best route
• The best route to a destination is known as the successor to the destination.
• EIGRP support five Generic packet types
• Hellow, update, queries, replies, ack
• Smooth round trip timer (SRTT)
• The Retrasmit interval (RTO) is calculated on the basis of the SRTT value.
• EIGRP use the Reliable Tranport Protocol (RTP) to guarantee ordered delivery of packets to
all neighbors.
• Only those packets that require explicit ack - Query, replay and update packets – are
transmitted reliably using RTP.
• RTP is responsible for ensuring the a router can still communicate with its established
neighbors.
• RTP will retansmit an update query or replay packet up to 16 times in an attemnt to recive ack
for the packet. If no ack is recieved after the retry limit is reached, the neighbor relationship is
reset.
• EIGRP select a max of 6 primary (Sucessor) and backup (Feasible sucessor) routes per
destinaiton.
• EIGRP metrix calculate is based on K values
• K1 -> Bandwidth, K2 ---> load, K3 -> Delay k4 -> Reliablity and K5 -> MTU
•
• While IGRP uses 24 bit to represet the composite metrix, EIGRP uses 32 bits
• DUAL determines the lowest cost route by adding the advertised distace (AD) between the
next hope router and the destination to the cost between the local router an d the next hop
router.The total cost is called the feasible distance (FD)
• EIGRP supports multiple sucessors to the same destinaiton provided they have the same FD
use different next hop routers.
• All secussors are stored in the routing table.
• You can filter the routes that EIGRP receives on a particular interface (or subinterface) using
the distribute-list in command
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#access-list 34 deny 192.168.30.0
Router2(config)#access-list 34 permit any
Router2(config)#router eigrp 55
Router2(config-router)#distribute-list 34 in / OUT Serial0.1
Router2(config-router)#end
The passive-interface command in EIGRP prevents directly connected routers from establishing an
EIGRP neighbor relationship
Summarization is one of the most powerful features of EIGRP, and one of the most frequently
overlooked ways to improve network efficiency.
Adjusting Timers
• EIGRP, you can adjust the timers on one router on a link independently of what you have
configured on other interfaces on this router, or on other routers on this link.
• The default timer values for most interface types are 5 seconds for hellos and a 15-second
hold timer.
You want to authenticate your EIGRP traffic to ensure that no unauthorized equipment can affect
your routing tables.
Router1(config)#router eigrp 55
Router1(config-router)#eigrp log-neighbor-changes
You want to limit the fraction of an interface's bandwidth available to EIGRP for routing updates.
Router1(config)#interface Serial0.1
Router1(config-subif)#ip bandwidth-percent eigrp 55 40
Router1(config)#router eigrp 55
Router1(config-router)#eigrp stub
Receive-only : The router becomes a receive-only neighbor. This router will not share its routing
information with its neighbors.
Connected : This router will only advertise connected networks. Note that you must configure the
appropriate network statements for these connected networks, or alternatively use the redistribute
connected command.
Static : The router will advertise static routes. Note that with this option you must also configure the
redistribute static command.
Summary : The router will advertise summary routes. This function is enabled by default. for details
on route summarization.
Principle of EIGRP
• EIGRRP transport mechanisam has window size of one. Each packet must be ack.
• Retransmission happen 16 times
• Hello time is 5 sec - LAN Environment
• Hold time 15 sec – LAN Environment
• Hello time is 60 Sec – WAN Environment.
• Hold time 180 Sec - WAN Environment.
• Hold time by default is three times the hello times
EIGRP DUAL
EIGRP Terminology
Route Table : The routing table or list of available network and the best path. A path is
moved from topology table to the routing table when a feasible successor is identified.
Topology Table : A table that contains all the paths advertised by neighbours to all the know
networks. This is list of all the successor , feasible successor, the feasible distance , the
advertised distance and the outgoing interfaces.
Hello: Messages used to find and maintain neigbours in the topology table.
Update : An EIGRP packet containing changes information about the network. It is relable. It
is send only when there is changes in the network to affected router.
Query : Send from the router when it loses a path to a network. If there is no alternate route
(feasible successor) , it will send out queries to neighbors inquiring whether they have any
feasible successor. This make the route state change to active. It is relable.
Smooth round – Trip Time ( SRTT) : The time that the router waits after sending a packet
reliably to hear the acknowledge.
Retransmission Timeout (RTO) : RTO determine how long the router waits for the ACK
before retransmitting the packet.
Reliable Transport Protocol (RTP ) : Mechanism used to determine requirements that the
packets be delivered in sequence and guranteed.
Advertised distance : The cost of the path to the remote network from the neighbor.
Successor : The next hop router that passes the FC. It is chosen from the FS as
Stuck in Active (SIA) : When a router has sent out network packets and is
Waiting for ACK from all neighbors. The router is active until all the ACK have
Have been received. If they do not appear after a certain time, the route is SIA for the
router.
Query Scoping : Network design to limit of the query range, that is , how far the
Prevent SIA.
Active: Router state when there is a network changes, but after examining the
Passive : An operational route is passive. If the path is lose, the router examines
The topology table to find the FS, If there is an FS, it is placed on routing table,
Other wise the route queries the neghbours and routes into active mode.
Advertised distance : The EIGRP metric for an EIGRP neighbor to reach a priticula network
RTP:
EIGRP uses both multicast and unicast addressing . Some of the packet are send relably.
Update , query and replay packets are must be ack by the receving neighbor . the packet are
retransmitted up to 16 times.
Stub Router
It is used on hub and spoke environment. The stub router is EIGRP is similar to On Demand
routing (ODR)
This article discusses the known TCP/IP ports (TCP and/or UDP) that are used by Citrix services.
Information
Function Ports
BOOTP helps a diskless workstation boot. How does it get a message to the network looking for
its IP address and the location of its operating system boot files
BOOTP sends a UDP message with a subnetwork broadcast address and waits for a reply from a
server that gives it the IP address. The same message might contain the name of the machine that has
the boot files on it. If the boot image location is not specified, the workstation sends another UDP
message to query the server.
Explain OSPF
It is an Internet routing protocol that scales well, can route traffic along multiple paths, and uses
knowledge of an Internet's topology to make accurate routing decisions.
Explain Kerberos
It is an authentication service developed at the Massachusetts Institute of Technology. Kerberos uses
encryption to prevent intruders from discovering passwords and gaining unauthorized access to files.
Explain the difference between TFTP and FTP application layer protocols
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but
does not provide reliability or security. It uses the fundamental packet delivery services offered by
UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file
from one host to another. It uses the services offered by TCP and so is reliable and secure. It
establishes two connections (virtual circuits) between the hosts, one for data transfer and another for
control information.
Explain the minimum and maximum length of the header in the TCP segment and IP datagram
The header should have a minimum length of 20 bytes and can have a maximum length of 60 bytes.
Explain difference between ARP and RARP
The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit
physical address, used by a host or a router to find the physical address of another host on its network
by sending a ARP query packet that includes the IP address of the receiver. The reverse address
resolution protocol (RARP) allows a host to discover its Internet address when it knows only its
physical address.
Explain ICMP
ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by
hosts and gateways to send notification of datagram problems back to the sender. It uses the echo
test / reply to test whether a destination is reachable and responding. It also handles both control and
error messages
What are the data units at different layers of the TCP / IP protocol suite
The data unit created at the application layer is called a message, at the transport layer the data unit
created is called either a segment or an user datagram, at the network layer the data unit created is
called the datagram, at the data link layer the datagram is encapsulated in to a frame and
finally transmitted as signals along the transmission media.
Explain attenuation
The degeneration of a signal over distance on a network cable is called attenuation.
Explain cladding
A layer of a glass surrounding the center fiber of glass inside a fiber-optic cable.
Explain RAID
A method for providing fault tolerance by using multiple hard disk drives.
Explain redirector
Redirector is software that intercepts file or prints I/O requests and translates them into network
requests. This comes under presentation layer
Explain Beaconing
The process that allows a network to self-repair networks problems. The stations on the network
notify the other stations on the ring when they are not receiving the transmissions. Beaconing is used
in Token ring and FDDI networks.
Explain terminal emulation, in which layer it comes
Telnet is also called as terminal emulation. It belongs to application layer.
Explain subnet
A generic term for section of a large networks usually separated by a bridge or router.
Explain Brouter
Hybrid devices that combine the features of both bridges and routers.
How Gateway is different from Routers
A gateway operates at the upper levels of the OSI model and translates information between two
completely different network architectures or data formats.
• VLAN Trunking Protocol (VTP) is a Cisco Layer 2 messaging protocol that manages the
addition, deletion, and renaming of VLANs on a network-wide basis.
• Virtual Local Area Network (VLAN) Trunk Protocol (VTP) reduces administration in a
switched network.
• When you configure a new VLAN on one VTP server, the VLAN is distributed through all
switches in the domain. This reduces the need to configure the same VLAN everywhere.
VTP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst Family
products.
• VTP ensures that all switches in the VTP domain are aware of all VLANs.
• All Cisco Catalyst switches are configured to be VTP servers.
Modes of Operation
Server
In VTP server mode, you can create, modify, and delete VLANs and specify other configuration
parameters (such as VTP version and VTP pruning) for the entire VTP domain. VTP servers advertise
their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN
configuration with other switches based on advertisements received over trunk links. VTP server is
the default mode.
Transparent
VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its
VLAN configuration and does not synchronize its VLAN configuration based on received
advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that
they receive out their trunk ports.
Client
VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on
a VTP client.
Upon receipt of an advertisement request, a VTP device sends a summary advertisement, followed by
one or more subset advertisements.
What is bandwidth aggregation?
The use of multiple modems to achieve aggregate bandwidth equivalent to broadband solutions is
both available and affordable to most users today.
The amount of time it takes to download web pages or other information from the Internet depends on
a number of factors including Internet access bandwidth limitations, ISP performance restrictions,
general Internet congestion and remote host response time. Often, the weakest link in this chain is the
bandwidth between your computer and the Internet, also known as Internet access bandwidth. To
many Internet users, increasing this bandwidth involves getting a broader bandwidth connection,
sometimes at considerable expense. If no low cost broadband alternative is available in your area, the
only way forward from a 56Kbps modem is ISDN or leased line. Both of these alternatives can be
very costly.
It is possible however to have more than one connection between your computer and the Internet, and
to combine them to accumulate bandwidth. Techniques that accomplish this task are collectively
referred to in this document as "bandwidth aggregation". Although bandwidth aggregation may occur
in many different contexts, the scope of this document is limited to the aggregation of Internet access
bandwidth. Two techniques will be examined in detail, Multilink and Connection Teaming.
What is bonding?
Multiple bonded connections behave like a single connection. Suppose for example that a web server
sends an image to a web browser. This image would be broken up into several packets by the server
operating system because a single packet would be much too large for routers and network
components to handle.
If part of the route between the server and the browser were composed of bonded multiple links, the
packets that made up the image could alternately travel over one or the other of the component links.
Neither the web server nor the web browser would be aware of this. From a functional point of view
there is only one link. The component links are said to be bonded.
PPP Multilink can give you aggregate bandwidth equal to the sum of the individual physical
connections.
The PPP Multilink Protocol (MP) is an extended version of PPP (Point to Point Protocol). It has the
ability to bond two or more simultaneous parallel connections. The resulting virtual connection has
bandwidth equal to the sum of the separate connections.
PPP Multilink splits a single PPP connection into two separate physical links, then recombines them
in the correct sequence. To accomplish this it is necessary to have an MP compliant hardware device
or software program at either end of the link. The functions performed by MP are as follows:
The result is a smooth distribution of traffic over available links even when they vary considerably in
capacity or when available bandwidth fluctuates greatly.
Because PPP Multilink uses bonding, all the bonded links must originate and terminate on the same
pair of endpoints so that they can split and recombine the data streams. Both the endpoints must use
PPP Multilink.
In plain terms, this means that to use Mulitilink PPP, your ISP must have hardware or software that
supports Multilink for the type of connection you are using and must offer this service to their
subscribers. Not all connection types are supported. You may be using MP over a particular type of
modem but your ISP may not have the corresponding hardware. Most ISDN enabled ISPs offer MP to
bond the two B channels. Many offer bonding of V.90 modems as well. If you wish to bond any other
connection type such as DSL, this can be done with very expensive hardware routing solutions, but
these are not within the reach of most end users, and few ISPs support them.
To the best of our knowledge at the time of this writing, the majority of ISPs do not have any support
for PPP Multilink with any type of connection other than ISDN.
The major advantage of PPP Multilink is that it is a public standard, and therefore offers
interoperability among vendors, in theory at least. It also has the benefit that even a single TCP/IP
connection, for example an FTP download, can take advantage of multiple links. If you download a
file over a PPP Multilink connection with two identical bonded links, the file will download twice as
fast. Neither the FTP client nor the server will be aware that there is a Multilink connection in the
middle. Similarly, any protocol that requires a single connection between host and client, such as
terminal emulation, will benefit from bandwidth aggregation offered by Multilink because of this
transparency.
What is Connection Teaming? Unlike PPP Multilink, Connection Teaming links are not terminated
on pairs of end points.
Connection Teaming is a form of bandwidth aggregation that does not bond links. It sets up and
maintains individual TCP/IP sessions along multiple links using standard protocols. A Connection
Teaming server between the LAN and the Internet receives requests from LAN clients and forwards
them along the next available connection. LAN browsers and other clients do not need to know which
connection is used to forward their requests to the Internet. Unlike bonded links, however, individual
requests are not split across multiple links then recombined again. Each request must follow one of
the available data paths.
A Connection Teaming server is situated on the user's LAN, as part of the routing software between
the user and the Internet. When a TCP session is opened, the server uses the link with the lowest
amount of traffic. The many HTTP, FTP or other TCP sessions that are opened by LAN computers
are distributed to all of the available connections this way. The result is a relatively even distribution
of Internet traffic across the available links, and a significant increase in effective throughput.
The primary limitation of Connection Teaming comes from the fact that it does not split up individual
requests. A single user downloading a large file will not experience any improvement with
Connection Teaming. Some teaming solutions do allow FTP delivery over multiple links. This would
not apply however, to a single large graphic delivered via HTTP.
What is a firewall?
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It may be a hardware device running
on a secure host computer. In either case, it must have at least two network interfaces, one for the
network it is intended to protect, and one for the network it is exposed to. A firewall sits at the
junction point or gateway between the two networks, usually a private network and a public network
such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact
that by segmenting a network into different physical subnetworks, they limited the damage that could
spread from one subnet to another just like firedoors or firewalls.
A firewall cannot prevent individual users with modems from dialling into or out of the network,
bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by
firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly
enforced. These are management issues that should be raised during the planning of any security
policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were
accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc.,
GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech
methods such as IP spoofing (see question 10). They used a combination of social engineering and
dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People
are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests,
is just plain old looking through company trash. Firewalls cannot be effective against either of these
techniques.
Anyone who is responsible for a private network that is connected to a public network needs firewall
protection. Furthermore, anyone who connects so much as a single computer to the Internet via
modem should have personal firewall software. Many dial-up Internet users believe that anonymity
will protect them. They feel that no malicious intruder would be motivated to break into their
computer. Dial up users who have been victims of malicious attacks and who have lost entire days of
work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible
pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity
presents itself.
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level
gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They
are usually part of a router. A router is a device that receives packets from one network and forwards
them to another network. In a packet filtering firewall each packet is compared to a set of criteria
before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet,
forward it or send a message to the originator. Rules can include source and destination IP address,
source and destination port number and protocol used. The advantage of packet filtering firewalls is
their low cost and low impact on network performance. Most routers support packet filtering. Even if
other firewalls are used, implementing packet filtering at the router level affords an initial degree of
security at a low network layer. This type of firewall only works at the network layer however and
does not support sophisticated rule based models . Network Address Translation (NAT) routers offer
the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the
firewall, and offer a level of circuit-based filtering.
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They
monitor TCP handshaking between packets to determine whether a requested session is legitimate.
Information passed to remote computer through a circuit level gateway appears to have originated
from the gateway. This is useful for hiding information about protected networks. Circuit level
gateways are relatively inexpensive and have the advantage of hiding information about the private
network they protect. On the other hand, they do not filter individual packets.
Application level gateways, also called proxies, are similar to circuit-level gateways except that they
are application specific. They can filter packets at the application layer of the OSI model. Incoming or
outgoing packets cannot access services for which there is no proxy. In plain terms, an application
level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other
traffic through. Because they examine packets at application layer, they can filter application specific
commands such as http:post and get, etc. This cannot be accomplished with either packet filtering
firewalls or circuit level neither of which know anything about the application level information.
Application level gateways can also be used to log user activity and logins. They offer a high level of
security, but have a significant impact on network performance. This is because of context switches
that slow down network access dramatically. They are not transparent to end users and require manual
configuration of each client computer.
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They
filter packets at the network layer, determine whether session packets are legitimate and evaluate
contents of packets at the application layer. They allow direct connection between client and host,
alleviating the problem caused by the lack of transparency of application level gateways. They rely on
algorithms to recognize and process application layer data instead of running application specific
proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and
transparency to end users. They are expensive however, and due to their complexity are potentially
less secure than simpler types of firewalls if not administered by highly competent personnel.
What is IP spoofing?
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A
firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious
cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the
firewall. If the firewall thought that the packets originated from a trusted host, it may let them through
unless other criteria failed to be met. Of course the cracker would need to know a good deal about the
firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology
alone will not solve all security problems. Responsible management of information is essential. One
of Courtney's laws sums it up: "There are management solutions to technical problems, but no
technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such
as IPSec. This methodology involves encryption of the data in the packet as well as the source
address. The VPN software or firmware decrypts the packet and the source address and performs a
checksum. If either the data or the source address have been tampered with, the packet will be
dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the
firewall.
Firewalls introduce problems of their own. Information security involves constraints, and users don't
like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain
services. The vendors of information technology are constantly telling us "anything, anywhere, any
time", and we believe them naively. Of course they forget to tell us we need to log in and out, to
memorize our 27 different passwords, not to write them down on a sticky note on our computer screen
and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating
the single point of failure phenomenon. The alternatives however are either no Internet access, or no
security, neither of which are acceptable in most organizations.
What Is NAT?
The Internet is expanding at an exponential rate. As the amount of information and resources
increases, it is becoming a requirement for even the smallest businesses and homes to connect to the
Internet. Network Address Translation (NAT) is a method of connecting multiple computers to the
Internet (or any other IP network) using one IP address. This allows home users and small businesses
to connect their network to the Internet cheaply and efficiently.
The impetus towards increasing use of NAT comes from a number of factors:
IP Addresses
Since an address is 4 bytes, the total number of available addresses is 2 to the power of 32 =
4,294,967,296. This represents the TOTAL theoretical number of computers that can be directly
connected to the Internet. In practice, the real limit is much smaller for several reasons.
Each physical network has to have a unique Network Number, comprising some of the bits of the IP
address. The rest of the bits are used as a Host Number to uniquely identify each computer on that
network. The number of unique Network Numbers that can be assigned in the Internet is therefore
much smaller than 4 billion, and it is very unlikely that all of the possible Host Numbers in each
Network Number are fully assigned.
An address is divided into two parts: a network number and a host number. The idea is that all
computers on one physical network will have the same network number - a bit like the street name,
the rest of the address defines an individual computer - a bit like house numbers within a street. The
size of the network and host parts depends on the class of the address, and is determined by address'
network mask. The network mask is a binary mask with 1s in the network part of the address, and 0 in
the host part.
Most class A and B addresses have already been allocated, leaving only class C available. This means
that total number of available addresses on the Internet is 2,147,483,774. Each major world region has
an authority which is given a share of the addresses and is responsible for allocating them to Internet
Service Providers (ISPs) and other large customers. Because of routing requirements, a whole class C
network (256 addresses) has to be assigned to a client at a time; the clients (e.g.. ISPs) are then
responsible for distributing these addresses to their customers.
While the number of available addresses seems large, the Internet is growing at such a pace that it will
soon be exhausted. While the next generation IP protocol, IP version 6, allows for larger addresses, it
will take years before the existing network infrastructure migrates to the new protocol.
Because IP addresses are a scarce resource, most Internet Service Providers (ISPs) will only allocate
one address to a single customer. In majority of cases this address is assigned dynamically, so every
time a client connects to the ISP a different address will be provided. Big companies can buy more
addresses, but for small businesses and home users the cost of doing so is prohibitive. Because such
users are given only one IP address, they can have only one computer connected to the Internet at one
time. With an NAT gateway running on this single computer, it is possible to share that single address
between multiple local computers and connect them all at the same time. The outside world is
unaware of this division and thinks that only one computer is connected.
Security Considerations Many people view the Internet as a "one-way street"; they forget that while
their computer is connected to the Internet, the Internet is also connected to their computer. That
means that anybody with Net access can potentially access resources on their computers (such as files,
email, company network etc). Most personal computer operating systems are not designed with
security in mind, leaving them wide open to attacks from the Net. To make matters worse, many new
software technologies such as Java or Active X have actually reduced security since it is now possible
for a Java applet or Active X control to take control of a computer it is running on. Many times it is
not even possible to detect that such applets are running; it is only necessary to go to a Web site and
the browser will automatically load and run any applets specified on that page.
The security implications of this are very serious. For home users, this means that sensitive personal
information, such as emails, correspondence or financial details (such as credit card or cheque
numbers) can be stolen. For business users the consequences can be disastrous; should confidential
company information such as product plans or marketing strategies be stolen, this can lead to major
financial losses or even cause the company to fold.
To combat the security problem, a number of firewall products are available. They are placed between
the user and the Internet and verify all traffic before allowing it to pass through. This means, for
example, that no unauthorised user would be allowed to access the company's file or email server. The
problem with firewall solutions is that they are expensive and difficult to set up and maintain, putting
them out of reach for home and small business users.
NAT automatically provides firewall-style protection without any special set-up. That is because it
only allows connections that are originated on the inside network. This means, for example, that an
internal client can connect to an outside FTP server, but an outside client will not be able to connect to
an internal FTP server because it would have to originate the connection, and NAT will not allow
that. It is still possible to make some internal servers available to the outside world via inbound
mapping, which maps certain well know TCP ports (e.g.. 21 for FTP) to specific internal addresses,
thus making services such as FTP or Web available in a controlled way.
Many TCP/IP stacks are susceptible to low-level protocol attacks such as the recently-publicised
"SYN flood" or "Ping of Death". These attacks do not compromise the security of the computer, but
can cause the servers to crash, resulting in potentially damaging "denials of service". Such attacks can
cause abnormal network events that can be used as a precursor or cloak for further security breaches.
NATs that do not use the host machine protocol stack but supply their own can provide protection
from such attacks:
Administrative Considerations
IP networks are more difficult to set up than local desktop LANs; each computer requires an IP
address, a subnet mask, DNS address, domain name, and a default router. This information has to be
entered on every computer on the network; if only one piece of information is wrong, the network
connection will not function and there is usually no indication of what is wrong. In bigger networks
the task of co-ordinating the distribution of addresses and dividing the network into subnets is so
complicated that it requires a dedicated network administrator.
• It can divide a large network into several smaller ones. The smaller parts expose only one IP
address to the outside, which means that computers can be added or removed, or their
addresses changed, without impacting external networks. With inbound mapping, it is even
possible to move services (such as Web servers) to a different computer without having to do
any changes on external clients.
• Some modern NAT gateways contain a dynamic host configuration protocol (DHCP) server.
DHCP allows client computers to be configured automatically; when a computer is switched
on, it searches for a DHCP server and obtains TCP/IP setup information. Changes to network
configuration are done centrally at the server and affect all the clients; the administrator does
not need to apply the change to every computer in the network. For example, if the DNS
server address changes, all clients will automatically start using the new address the next time
they contact the DHCP server.
• Many NAT gateways provide for a way to restrict access to the Internet.
• Another useful feature is traffic logging; since all the traffic to and from the Internet has to
pass through a NAT gateway, it can record all the traffic to a log file. This file can be used to
generate various traffic reports, such as traffic breakdown by user, by site, by network
connection etc.
• Since NAT gateways operate on IP packet-level, most of them have built-in internetwork
routing capability. The internetwork they are serving can be divided into several separate sub
networks (either using different backbones or sharing the same backbone) which further
simplifies network administration and allows more computers to be connected to the network:
• Firewall protection for the internal network; only servers specifically designated with
"inbound mapping" will be accessible from the Internet
• Protocol-level protection
• Automatic client computer configuration control
• Packet level filtering and routing
A proxy is any device that acts on behalf of another. The term is most often used to denote Web
proxying. A Web proxy acts as a "half-way" Web server: network clients make requests to the proxy,
which then makes requests on their behalf to the appropriate Web server. Proxy technology is often
seen as an alternative way to provide shared access to a single Internet connection. The main benefits
of Web proxying are:
• Local caching: a proxy can store frequently-accessed pages on its local hard disk; when these
pages are requested, it can serve them from its local files instead of having to download the
data from a remote Web server. Proxies that perform caching are often called caching proxy
servers.
• Network bandwidth conservation: if more than one client requests the same page, the proxy
can make one request only to a remote server and distribute the received data to all waiting
clients.
Both these benefits only become apparent in situations where multiple clients are very likely to access
the same sites and so share the same data.
Unlike NAT, Web proxying is not a transparent operation: it must be explicitly supported by its
clients. Due to early adoption of Web proxying, most browsers, including Internet Explorer and
Netscape Communicator, have built-in support for proxies, but this must normally be configured on
each client machine, and may be changed by the naive or malicious user.
• Web content is becoming more and more dynamic, with new developments such as streaming
video & audio being widely used. Most of the new data formats are not cacheable, eliminating
one of the main benefits of proxying.
• Clients have to be explicitly set to use Web proxying; whenever there is a change (e.g. proxy
is moved to a new IP address) each and every client has to be set up again.
• A proxy server operates above the TCP level and uses the machine's built-in protocol stack.
For each Web request from a client, a TCP connection has to be established between the
client and the proxy machine, and another connection between the proxy machine and the
remote Web server. This puts lot of strain on the proxy server machine; in fact, since Web
pages are becoming more and more complicated the proxy itself may become bottleneck on
the network. This contrasts with a NAT which operates on packet level and requires much
less processing for each connection.
NAT Operation
The basic purpose of NAT is to multiplex traffic from the internal network and present it to the
Internet as if it was coming from a single computer having only one IP address.
The TCP/IP protocols include a multiplexing facility so that any computer can maintain multiple
simultaneous connections with a remote computer. It is this multiplexing facility that is the key to
single address NAT.
To multiplex several connections to a single destination, client computers label all packets with
unique "port numbers". Each IP packet starts with a header containing the source and destination
addresses and port numbers:
This combination of numbers completely defines a single TCP/IP connection. The addresses specify
the two machines at each end, and the two port numbers ensure that each connection between this pair
of machines can be uniquely identified.
Each separate connection is originated from a unique source port number in the client, and all reply
packets from the remote server for this connection contain the same number as their destination port,
so that the client can relate them back to its correct connection. In this way, for example, it is possible
for a web browser to ask a web server for several images at once and to know how to put all the parts
of all the responses back together.
A modern NAT gateway must change the Source address on every outgoing packet to be its single
public address. It therefore also renumbers the Source Ports to be unique, so that it can keep track of
each client connection. The NAT gateway uses a port mapping table to remember how it renumbered
the ports for each client's outgoing packets. The port mapping table relates the client's real local IP
address and source port plus its translated source port number to a destination address and port. The
NAT gateway can therefore reverse the process for returning packets and route them back to the
correct clients.
When any remote server responds to an NAT client, incoming packets arriving at the NAT gateway
will all have the same Destination address, but the destination Port number will be the unique Source
Port number that was assigned by the NAT. The NAT gateway looks in its port mapping table to
determine which "real" client address and port number a packet is destined for, and replaces these
numbers before passing the packet on to the local client.
This process is completely dynamic. When a packet is received from an internal client, NAT looks for
the matching source address and port in the port mapping table. If the entry is not found, a new one is
created, and a new mapping port allocated to the client:
Each client has an idle time-out associated with it. Whenever new traffic is received for a client, its
time-out is reset. When the time-out expires, the client is removed from the table. This ensures that
the table is kept to a reasonable size. The length of the time-out varies, but taking into account traffic
variations on the Internet should not go below 2-3 minutes. Most NAT implementations can also track
TCP clients on a per-connection basis and remove them from the table as soon as the connection is
closed. This is not possible for UDP traffic since it is not connection based.
Many higher-level TCP/IP protocols embed client addressing information in the packets. For
example, during an "active" FTP transfer the client informs the server of its IP address & port number,
and then waits for the server to open a connection to that address. NAT has to monitor these packets
and modify them on the fly to replace the client's IP address (which is on the internal network) with
the NAT address. Since this changes the length of the packet, the TCP sequence/acknowledge
numbers must be modified as well. Most protocols can be supported within the NAT; some protocols,
however, may require that the clients themselves are made aware of the NAT and that they participate
in the address translation process. [Or the NAT must be protocol-sensitive so that it can monitor or
modify the embedded address or port data]
Because the port mapping table relates complete connection information - source and destination
address and port numbers - it is possible to validate any or all of this information before passing
incoming packets back to the client. This checking helps to provide effective firewall protection
against Internet-launched attacks on the private LAN.
Each IP packet also contain checksums that are calculated by the originator. They are recalculated and
compared by the recipient to see if the packet has been corrupted in transit. The checksums depend on
the contents of the packet. Since the NAT must modify the packet addresses and port numbers, it must
also recalculate and replace the checksums. Careful design in the NAT software can ensure that this
extra processing has a minimal effect on the gateway's throughput. Before doing so it must check for,
and discard, any corrupt packets to avoid converting a bad packet into a good one.
What is DSL?
DSL refers to a class of technology used to obtain more bandwidth over existing copper telephone
cabling running between a customer's premises and a Telco's Central Office. DSL allows
simultaneous voice and high-speed data services such as super fast Internet access over a single pair
of copper telephone wires. There are several variations of 'DSL' that include:
ADSL -
Asymmetric Digital Subscriber Line
R-ADSL -
Rate-Adaptive Digital Subscriber Line
High Bit-Rate Digital Subscriber Line
HDSL -
Very High Bit-Rate Digital Subscriber Line
VDSL -
Symmetric Digital Subscriber Line
SDSL -
As the saying goes, 'there is no such thing as a free lunch' and a Telco must make compromises
between costs, distance, speeds, reliability, equipment, etc when implementing or offering 'DSL'
services. Each variation of 'DSL' reflects the different compromises made by Telco's when deciding
how far and how fast data can flow on a particular kind of subscriber line.
a DSL "modem" is a device that is placed at either end of the copper phone line to allow a computer
(or LAN) to be connected to the Internet through a DSL connection. Unlike a dial up connection, it
usually does not require a dedicated phone line (a POTS splitter box enables the line to be shared
simultaneously). DSL is considered to be the next generation of modem technology. Although DSL
modems resemble conventional analogue modems they provide much higher throughput.
General Networking.
A routing protocol is a set of rules that describe how layer -3 routing device send update
between each other above the available network.
The adminstrave distance is used to select with protocol will update the routing table.
Classfull routing protocol do not carry the subnet or routing mask in the update.
The stub router is configured with default route and no routing protocol running.
Subnetmask : subnetmast extract the network portion of the address from the whole ip address
is by using AND operation.
BGP
Characterstic of BGP
OSPF Fundamentals
OSPF Terminology
Adjacency: Formed when two neighboring routers have exchanged information and have the
same topology table. The database are synchronized, and they both see the same networks
Area : A group of router that share the same area ID. Each router in the area has the same
topology table.
Autonomous System: Router that share the same routing protocol within the organization.
Backup Designated Router (BDR) : The backup to the designated router (DR) , in case the DR
fails.
Designated Router (DR) : Router responsible for making adjacencies with all neighbors on the
multi access network.
Dijkstra Algorithm : A complex algorithm used by routers running link- state routing protocols
to find the shortest path to the destination.
Flood : When Network information is flooded, it is send to every network device in the domain.
Fully adjacency: When the routing tables of the two neighbors are fully synchronized.
Init State : State is which hello packet has been sent from router, which is waiting for a replay to
established two way communication.
Internal Router : A router that has all its interface in the same area.
Link state Request (LSR) : When the router receives a DDP complete with a partial LSA, it
compare the summarized info against the topological database. If either the LSA is not present , it
wil reqest further info.
Neighbor: A router on the same link with whom routing information is exchanged.
Shortest Pat First (SPF) : The same as Dijkstra algorithem, which is the algorithem used to find
the shortest path.
Topology Table : The same as a link state database. The table contains every link in the wider
network.
Dynamic election of DR : The Selection is made on the basic of the highest router ID or IP
address present on the network segment.
Hello Protocol : used to find neighbors and to determine the designated and BDR.
Database Descriptor : Used to send summary info to neighbors to synchronize topology table.
The Down State : The new router is in a down state. This is sent out as a hello to the multicase
address 224.0.0.5
The Init State : The new router waits for a replay. This is 4 times length of the hello timer.
The two way state : The new router sees its own router ID in the list of neighbors, and a neighbor
relashonship is established.
1. Down
2. Init
3. 2way
4. Exstart
5. Exchange
6. Loading
7. Full
Page 250
OSPF
1. Neigbour table
2. Topology table
3. Routing table
Switch
• Dedicated
• on demand
Switching
1. Circuit Switching
2. Packet Switching
Date Rate
narrow Band
Broad Band
broadband access
ROUTING FUNDAMENTALS...
1. Routing is the process of transporting data traffic from one device to another across a
network.
2. A router is the device that forward a traffic acrross the network
3. Routing involves learning the network topology and maintain information on it. And
Switching s the actual movement of traffic by the router
4. Administrative distance is used by routers to select the best learning mechanism.
5. Cisco IOS can configure a maximum of six equal metrix paths
IP Access Lists
1. 1.Access list can be applied to both inbound and outbound packets on an terface.The process
is called Packet filering.
2. Access list can be specified for particular protocols they can be standard or exextended
3. There are two main types of access list for ip Standard and extanded.
Standard access list are used to permits or denay packets by indentifying the source ip
Extended access list provede a higher degree of control by filtering traffic accroding to
Layer 2 Switching
1. A table of MAC address and their associated bridges switch ports in build and
maintained
2. Broadcast and multicast frames are flooded out to all ports
3. Frame destination to unknown location are flooded out to all ports
4. Switch must forward brad cast domain to all ports ( Draw back)
5. STP can have a slow convergence time with the switch topology changes
Layer 3 Switching
Layer 3 Switching
Layer -4 switching
1. Packet are forward using hardware baed on layer -3 addressing and layer -4 aapplicion
info.
2. Layer -4 protocol type (TCP, UDP) in packet hedder are examined
3. Lyaer -4 segment examined applion port no
4. Traffic can be prioritized according to soruce and destenaion address and QoS also
defiend in layers
5. Layer -2 and layer -3 device have forward table based on MAC address
6. Layer -4 must keep trace of application protocol.
1. Statefull inspection
2. Rules -> based >Impleset rule / Expleset Rules
2. Implsec denay rules
3. Stealth rules ->Drop packet
4. VPN -> IP sec tunnel
5. Leased line isdn
6. load sharding command
7. VPN ip sec profile -1 / Profile -2
8. IP address
9. Pix -> Impleset allows
.
NETWORKING
A: The layers are physical, data link, network, transport, session, presentation, and application layers.
Q: In the TCP client-servel model, how does the three-way handshake work in opening
connection?
A: The client first sends a packet with sequence "x" to the server. When the server receives this
packet, the server will send back another packet with sequence "y", acknowledging the request of the
client. When the client receives the acknowledgement from the server, the client will then send an
acknowledge back to the server for acknowledging that sequence "y" has been received.
Q: What is the purpose of exchanging beginning sequence numbers during the connection in the
TCP client-server model?
A: To ensure that any data lost during data transfer can be retransmitted.
Q: Given a Class B Network with subnet mask of 255.255.248.0 and a packet addressed to
130.40.32.16, what is the subnet address?
A: Take the 2 addresses, write them in binary form, then AND them. The answer is 130.40.32.0
TCP and UDP are both transport-level protocols. TCP is designed to provide reliable communication
across a variety of reliable and unreliable networks and internets.
UDP provides a connectionless service for application-level procedures. Thus, UDP is basically an
unreliable service; delivery and duplicate protection are not guareented.
Broadcast Domain he set of all devices that will receive broadcast frames originating from any device
within the set. Broadcast domains can be bounded by VLANs in a stand-alone environment. In an
internetworking environment, they are typically bounded by routers because routers do not forward
broadcast frames
Collision Domain In Ethernet, the network area within which frames that have collided are
propagated. Repeaters and hubs propagate collisions; LAN switches, bridges and routers do not.
VLAN
Switches using VLANs create the same division of the network into separate broadcast domains
There is an increased connection speed due to the elimination of latency from router connections
Reducing the size of collision domains
Ethernet Baseband LAN specification invented by Xerox Corporation and developed jointly by
Xerox, Intel, and Digital Equipment Corporation. Ethernet networks use CSMA/CD and run over a
variety of cable types at 10 Mbps. Ethernet is similar to the IEEE 802.3 series of standards.
CollisionIn Ethernet, the result of two nodes that transmit simultaneously. The frames from each
device impact and are damaged when they meet on the physical media.
Types of Virual LANs
A switch keeps tracks of which devices are connected to which ports by managing a table of the MAC
address - to – switch port mapping.
Transmission on a switch are sent only to the intended recipients, determined by the destination MAC
address
Switch can operate at full duplex ; Multiple attached devices can transmit and receive at the same
time.
IP Address
An IP addess is a 32 bit network layer address on the OSI model.
MAC Address
An MAC address is a 48 bit Data link layer address on the OSI model. It is burned in the network
interface card or equivalent, and is a combination of the manufacturer ID.
Hubs, switches and routers are all devices which let you connect one or more computers to other
computers, networked devices or to other networks. Each has two or more connectors, called ports,
into which you plug in the cables to make the connection. Varying degrees of magic happen inside the
device, and therein lies the difference. I often see the terms misused, so let's clarify what each one
really means.
A hub is typically the least expensive, least intelligent, and least complicated of the three. Its job is
very, very simple: anything that comes in one port is sent out to the others. That's it. Every computer
connected to the hub "sees" everything that every other computer on the hub sees. The hub itself is
blissfully ignorant of the data being transmitted. For years, simple hubs have been quick and easy
ways to connect computers in small networks.
A switch does essentially what a hub does, but more efficiently. By paying attention to the traffic that
comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from
machine A coming in on port 2, it now knows that machine A is connected to that port, and that traffic
to machine A needs to only be sent to that port and not any of the others. The net result of using a
switch over a hub is that most of the network traffic only goes where it needs to, rather than to every
port. On busy networks, this can make the network significantly faster.
A router is the smartest, and most complicated of the bunch. Routers come in all shapes and sizes,
from the small four-port broadband routers that are very popular right now, to the large industrial
strength devices that drive the internet itself. A simple way to think of a router is as a computer that
can be programmed to understand, possibly manipulate, and route the data its being asked to handle.
For example, broadband routers include the ability to "hide" computers behind a type of firewall,
which involves slightly modifying the packets of network traffic as they traverse the device. All
routers include some kind of user interface for configuring how the router will treat traffic. The really
large routers include the equivalent of a full-blown programming language to describe how they
should operate, as well as the ability to communicate with other routers to describe or determine the
best way to get network traffic from point A to point B.
A quick note on one other thing that you'll often see mentioned with these devices, and that's network
speed. Most devices now are capable of both 10mps (10 mega-bits, or million bits, per second) and
100mbs, and will automatically detect the speed. If the device is labeled with only one speed, then it
will only be able to communicate with devices that also support that speed. 1000mbs, or "gigabit"
devices are starting to slowly become more common as well. Similarly, many devices now also
include 802.11b or 802.11g wireless transmitters that simply act like additional ports to the device.
Port Details.
1. HTTP 80
2. HTTP (Security Socket Layer) 443
3. Layer two Tunneling Protocol 1701
4. Point to Point Tunneling Protocol 1723
5. POP3 110
6. Telnet 23
7. Terminal Services 3389
8. SMTP 25
9. SNMP161
10. DHCP server 68
11. Client /Server Communication 135
12. IIS 80
13. IMAPI 143
14. Remote Procedure Call 135
15. Wins Manager 135
What is an IP (Internet Protocol/Internet Packeting) Address?
We know essentially that there are three components to every phone number in the North
American Numbering Plan:
Based on the above - my phone number 423 267 6694 is in theory and hopefully in practice -
reachable by any Subscriber Station within the US numbering plan.
Obviously, there are wrinkles. Do you need to dial 1 for Long Distance or do you need to dial the
Area Code? Depends, right? 10-Digit dialing, for example, is available in several Metros.
So, we have the idea that for a telephone conversation to take place - at least a couple of things must
be present:
• Call Originator.
• Called Party.
The same logic applies to internetworking of computers - whether they be Desktops, Servers, Data
Switches and so on.
• Network Number.
• Host Number.
This numbering schema is administered by the Internet Network Information Center (InterNIC).
Here's how it works using the good old Binary Numbering System.
The Network Number contains the first 2 Octets while the Host Number contains the last 2 Octets.
www.joe-smith.com
(symbolic form)
128 64 32 16 8 4 2 1 A #X2
0 1 1 1 1 1 1 1 B 8-Bit #
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 0 0 1 1 B 8-Bit #
+0 +0 +0 +0 +0 +0 +2 +1 C TOTAL=3
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 0 0 1 0 B 8-Bit #
+0 +0 +0 +0 +0 +0 +2 +0 C TOTAL=2
128 64 32 16 8 4 2 1 A #X2
0 0 0 0 1 0 0 1 B 8-Bit #
+0 +0 +0 +0 +8 +0 +0 +1 C TOTAL=9
As you might imagine - the technology requires a tremendous amount of numbers to function
properly and just as with phone numbers - are these resources are infinite?
Let's look at the Class structure of the Internet Address to see how it is broken out: (Remember that
it is a 32 Bit number.)
• Class A
o 1 Bit [0] Class Designation:
o 7 Bit Network Numbers (126 Networks)
o 24 Bit Host Numbers (16 million+ Hosts for each Network)
• Class B
o 2 Bit [10] Class Designation:
o 14 Bit Network Numbers (16,282 Networks)
o 16 Bit Host Numbers (up to 65,534 Hosts for each Network)
• Class C
o 3 Bit [110] Class Designation:
o 21 Bit Network Numbers (2,097,150 Networks)
o 8 Bits (up to 254 Hosts for each Network)
• Class D
o 4 Bit [1110] Class Designation:
4. A class A Network address with /24 masks. How many IPs and which are they?
(254) (X.X.X.1-254)
10. What are the different states in which a switch may be configured in a VTP Domain?
VTP Server, VTP client, VTP Transparent. Default is VTP Server.
11. What are the different states through which a switch port is when powered on?
Blocking, Listening, Learning and Forwarding.
12. Which protocol is used for communication between SNA to Ethernet Networks?
DLSW – Datalink Switching
13. Use of router priority 1-255 is configured to achieve what purpose and in which protocol?
It is used in OSPF to elect DR on broadcast medium. The router with highest priority gets chosen
as a DR. The default mechanism is that the router with the highest interface IP address is elected
as the DR. In order to manually force the router to be DR is done using the router ospf priority
<value>
SNMP
15. What command is used in Solaris to see the total file size in Kbps
df –k
18. What are the types of packets exchanged in a 3 Way TCP / IP Handshake between two hosts.
Sync, Sync Ack and Ack are the three type of packets used in 3-way TCP/IP handshake.
Description on 3-way Handshake- The "three-way handshake" happens thus. The originator
(you, hopefully) sends an initial packet called a "SYN" to establish communication and
"synchronize" sequence numbers in counting bytes of data which will be exchanged. The
destination then sends a "SYN/ACK" which again "synchronizes" his byte count with the
originator and acknowledges the initial packet. The originator then returns an "ACK" which
acknowledges the packet the destination just sent him. The connection is now "OPEN" and
ongoing communication between the originator and the destination are permitted until one of
them issues a "FIN" packet, or a "RST" packet, or the connection times out. All the protocols of
the Internet which need "connections" are built on the TCP protocol. The "three way handshake"
establishes the communication.
SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both
Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to
safely transmit confidential information, such as credit card numbers.
SOCKS include two components, the SOCKS server and the SOCKS client. The SOCKS server
is implemented at the application layer, while the SOCKS client is implemented between the
application and transport layers. The basic purpose of the protocol is to enable hosts on one side
of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, without requiring
direct IP-reachability.
When an application client needs to connect to an application server, the client connects to a
SOCKS proxy server. The proxy server connects to the application server on behalf of the client,
and relays data between the client and the application server. For the application server, the proxy
server is the client.
Dual- EIGRP
Bellman-ford – RIP
26. What needs to be configured to have multiple VLAN information propagated to other
switches?
Trunk
27. What is the Bandwidth of a T1 and T3 links? How many channels are in each of these links?
T1- 1.544 Mbps
T3- 45 Mbps
PNNI is the ATM routing protocol that enables switches to automatically discover the topology
and the characteristics of the links interconnecting the switches. A link-state protocol much like
OSPF, PNNI tracks things such as bandwidth on links. When a significant event occurs that
changes the characteristics of a link, PNNI announces the change to the other switches.
30. What is the size of Ethernet frame
(1518 Bytes)
E3- 34 Mbps
ip nat inside
ip nat outside
BGP is a Path vector protocol. It uses attributes for path selection in the order of preference of
Route selection criteria.
39. What command is used to advertise a default route in BGP?
default-information originate
redistribute static
default-information originate .
The default-information originate command requires an explicit redistribution of the route 0.0.0.0.
The network command requires only that route 0.0.0.0 is specified in the Interior Gateway Protocol
(IGP) routing table.
If a route is learned via IBGP the route should also be relearned through IGP before it is added to
the routing table.
42. What command is used to see the configuration of all the interfaces in (Solaris and NT)
command?
ipconfig /all in NT and ifconfig – a
43. What is the command to send a file to TFTP server and get it back?
Solaris - vi /etc/rc2.d/S76static-routes
route add net 192.168.10.0 netmask 255.255.255.0 192.168.10.1 1
48. What command is used to list all the packages installed in Solaris.
(show rev –p)
53. What is it known as when an external untrusted user pretends to be a trusted user?
Spoofing
59. Given a choice of EIGRP and OSPF, which is to be chosen and what are the advantages?
EIGRP is a CISCO proprietary protocol and OSPF is a vendor interoperable.
60. Which algorithm facilitates its entire routing table as routing update?
Belmanford Algorithm – rip and igrp (distance vector routing protocols)
In link state routing protocols, only the changes in entries in the routing table are sent as updates
in its routing update.
62. What is the port number for different protocols FTP, Telnet, SMTP, DNS, HTTP, HTTPS,
SSL)
FTP – 20 & 21
TELNET – 23
SMTP – 25
HTTP – 80
HTTPS – 443
SSL – 443
ADC to DC Replication Port details
LDAP 389/tcp
BPDU are sending and receive by switches in the network every 2 second (Default) to dermine
spanning tree topology.
Port Fast Mode Immediately brings a port from blocking to forwarding state by eliminating
forward delays.
Forward delay Time take for a switch to go from listening to learning ( 50 sec default)
Priorities traffic
ACL placement
Protocol Range
IP 1 to 99
A layer 2 messaging protocol used to maintain a vlan configuring consistency by managing the
addition , deletion and rename of vlans…VTP works on 802.2Q trunk link. This include inter switch
link (ISL) , IEEE and LAN emulation link.
Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of
the OSI reference model. Frame Relay originally was designed for use across Integrated Services
Digital Network (ISDN) interfaces.
classful routing protocols must use the same subnet mask consistently throughout a network, a result
of the fact that these protocols do not transmit subnet mask or network prefix information with
their updates.
OSPF, Dual IS-IS, BGP-4, and EIGRP support "classless" or VLSM routes.
actually exchanged network numbers (8, 16, or 24 bit fields) rather than IP
addresses (32 bit numbers); RIP and IGRP exchanged network and subnet
number, and host number being a matter of convention and not exchanged in
the routing protocols. More recent protocols (see VLSM) carry either a
Site-Level Aggregation Identifier (SLA ID) field@The 16-bit SLA ID is used by an individual
organization to create its own local addressing hierarchy and to identify subnets.
multicast@An identifier for a set of interfaces that typically belong to different nodes. A packet sent
to a multicast address is delivered to all interfaces in the multicast group.
route summarization@The consolidation of advertised addresses in OSPF and IS-IS. In OSPF, this
causes a single summary route to be advertised to other areas by an area border router.
unicast@An identifier for a single interface. A packet sent to a unicast address is delivered to the
interface identified by that address.
VLSM (variable-length subnet masking)@The ability to specify a different subnet mask for the same
network number on different subnets. VLSM can help optimize available address space.
There are four major differences between UDP and TCP:
What is region?
When hierarchical routing is used, the routers are divided into what we will call regions, with each
router knowing all the details about how to route packets to destinations within its own region, but
knowing nothing about the internal structure of other regions
What is the difference between TFTP and FTP application layer protocols?
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from a remote host but
does not provide reliability or security. It uses the fundamental packet delivery services offered by
UDP.The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a
file from one host to another. It uses the services offer by TCP and so is reliable and secure. It
establishes two connections (virtual circuits) between the hosts, one for data transfer and another for
control information.
What is Project 802?
It is a project started by IEEE to set standards to enable intercommunication between equipment from
a variety of manufacturers. It is a way for specifying functions of the physical layer, the data link
layer and to some extent the network layer to allow for interconnectivity of major LAN
protocols.It consists of the following:
802.1 is an internetworking standard for compatibility of different LANs and MANs across protocols.
802.2 Logical link control (LLC) is the upper sublayer of the data link layer which is non-
architecture-specific, that is remains the same for all IEEE-defined LANs.
Media access control (MAC) is the lower sublayer of the data link layer that contains some distinct
modules each carrying proprietary information specific to the LAN product being used.
The modules are Ethernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).
802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.
The address resolution protocol (ARP) is used to associate the 32 bit IP address with the 48 bit
physical address, used by a host or a router to find the physical address of another host on its network
by sending a ARP query packet that includes the IP address of the receiver. The reverse address
resolution protocol (RARP) allows a host to discover its Internet address when it knows only its
physical address.
What are the data units at different layers of the TCP / IP protocol suite?
The data unit created at the application layer is called a message, at the transport layer the data unit
created is called either a segment or an user datagram, at the network layer the data unit created is
called the datagram, at the data link layer the datagram is encapsulated in to a frame and finally
transmitted as signals along the transmission media.
What is ICMP?
ICMP is Internet Control Message Protocol, a network layer protocol of the TCP/IP suite used by
hosts and gateways to send notification of datagram problems back to the sender. It uses the echo
test / reply to test whether a destination is reachable and responding. It also handles both control and
error messages.
NETBIOS is a programming interface that allows I/O requests to be sent to and received from a
remote computer and it hides the networking hardware from applications.
NETBEUI is NetBIOS extended user interface. A transport protocol designed by microsoft and IBM
for the use on small subnets.
When the computers on the network simply listen and receive the signal, they are referred to as
passive because they don’t amplify the signal in any way. Example for passive topology - linear bus.
RPC hides the intricacies of the network by using the ordinary procedure call mechanism familiar to
every programmer. A client process calls a function on a remote server and suspends itself until it gets
back the results. Parameters are passed like in any ordinary procedure. The RPC, like an ordinary
procedure, is synchoronous. The process that issues the call waits until it gets the results.
Anonymous FTP enables users to connect to a host without using a valid login and password. Usually,
anonymous FTP uses a login called anonymous or guest, with the password usually requesting the
user’s ID for tracking purposes only. Anonymous FTP is used to enable a large number of users to
access files on the host without having to go to the trouble of setting up logins for them all.
Anonymous FTP systems usually have strict controls over the areas an anonymous user can access.
What is a DNS resource record? A resource record is an entry in a name server’s database. There are
several types of resource records used, including name-to-address resolution information. Resource
records are maintained as ASCII files.
Explain 5-4-3 rule. In a Ethernet network, between any two points on the network, there can be no
more than five network segments or four repeaters, and of those five segments only three of segments
can be populated.
What is Brouter? Hybrid devices that combine the features of both bridges and routers.
What is source route? It is a sequence of IP addresses identifying the route a datagram must follow. A
source route may optionally be included in an IP datagram header.
What is SLIP (Serial Line Interface Protocol)? It is a very simple protocol used for transmission of IP
datagrams across a serial line.
What is EGP (Exterior Gateway Protocol)? It is the protocol the routers in neighboring autonomous
systems use to identify the set of networks that can be reached within or via each autonomous system.
What is IGP (Interior Gateway Protocol)? It is any routing protocol used within an autonomous
system.
What is multicast routing? Sending a message to a group is called multicasting, and its routing
algorithm is called multicast routing.
What is traffic shaping? One of the main causes of congestion is that traffic is often busy. If hosts
could be made to transmit at a uniform rate, congestion would be less common. Another open loop
method to help manage congestion is forcing the packet to be transmitted at a more predictable rate.
This is called traffic shaping.
What is Bandwidth?Every line has an upper limit and a lower limit on the frequency of signals it can
carry. This limited range is called the bandwidth
Difference between bit rate and baud rate. Bit rate is the number of bits transmitted during one second
whereas baud rate refers to the number of signal units per second that are required to represent those
bits.
baud rate = bit rate / N ,where N is no-of-bits represented by each signal shift
What is subnet? A generic term for section of a large networks usually separated by a bridge or router.
What is SAP? Series of interface points that allow other computers to communicate with the other
layers of network protocol stack.
What is IP? IP is Internet Protocol. It is the network protocol which is used to send information from
one computer to another over the network over the internet in the form of packets
ip helper-address address
The ip helper-address interface subcommand tells the router to forward UDP broadcasts, including
BootP, received on this interface.
The ip forward-protocol global configuration command allows you to specify which protocols and
ports the router will forward. Its full syntax is listed next.
Layer 3 switch is a high-performance device for network routing. Layer 3 switches actually differ
very little from routers. A Layer 3 switch can support the same routing protocols as network routers
do. Both inspect incoming packets and make dynamic routing decisions based on the source and
destination addresses inside. Both types of boxes share a similar appearance.
Layer 3 switches were conceived as a technology to improve on the performance of routers used in
large local area networks (LANs) like corporate intranets. The key difference between Layer 3
switches and routers lies in the hardware technology used to build the unit. The hardware inside
a Layer 3 switch merges that of traditional switches and routers, replacing some of a router's software
logic with hardware to offer better performance in some situations.
Layer 3 switches often cost less than traditional routers. Designed for use within local networks, a
Layer 3 switch will typically not possess the WAN ports and wide area network features a traditional
router will always have.
L3 switch provides switched LAN connections for each device in the network. Three user VLANs are
present, and a routing engine on the L3 switch enables communications between each VLAN. The L3
switch possesses specialized hardware chips called application-specific integrated circuits (ASICs)
that are preprogrammed and designed to route between Ethernet ports at high speed. A traditional
router is connected to the L3 switch and handles the routing of any traffic that needs to be sent across
the WAN. Because the L3 switch does not need the flexibility required of the router to support
different WAN protocols, it can use ASICs to route traffic at the 100-Mbps speeds expected of the
LAN network. The router in the network is designed to handle the requirements of routing at T1 (1.5
Mbps) speeds and would cause a bottleneck if it had to route between VLANs, as routing is
performed in software, not hardware. Of course, you could purchase an expensive high-performance
router with three Ethernet ports and a T1 interface; however, the cost associated with this approach is
much higher. The cost associated with adding more routed Ethernet ports to the router (e.g., if a new
VLAN was added to the network) is also high
• Control plane—The control plane process is responsible for building and maintaining the IP
routing table, which defines where an IP packet should be routed to based upon the
destination address of the packet, which is defined in terms of a next hop IP address and the
egress interface that the next hop is reachable from. Layer 3 routing generally refers to control
plane operations.
• Data plane—The data plane process is responsible for actually routing an IP packet, based
upon information learned by the control plane. Whereas the control plane defines where an
IP packet should be routed to, the data plane defines exactly how an IP packet should be
routed. This information includes the underlying Layer 2 addressing required for the IP
packet so that it reaches the next hop destination, as well as other operations required on for
IP routing, such as decrementing the time-to-live (TTL) field and recomputing the IP header
checksum. Layer 3 switching generally refers to data plane operations
LAN switches are characterized by the forwarding method that they support, such as a store-and-
forward switch, cut-through switch, or fragment-free switch. In the store-and-forward switching
method, error checking is performed against the frame, and any frame with errors is discarded. With
the cut-through switching method, no error checking is performed against the frame, which makes
forwarding the frame through the switch faster than store-and-forward switches.
Store-and-Forward Switching
Store-and-forward switching means that the LAN switch copies each complete frame into the switch
memory buffers and computes a cyclic redundancy check (CRC) for errors. CRC is an error-checking
method that uses a mathematical formula, based on the number of bits (1s) in the frame, to determine
whether the received frame is errored. If a CRC error is found, the frame is discarded. If the frame is
error free, the switch forwards the frame out the appropriate interface port, as illustrated in Figure 6-7.
An Ethernet frame is discarded if it is smaller than 64 bytes in length, a runt, or if the frame is larger
than 1518 bytes in length, a giant, as illustrated in Figure 6-8.
NOTE
If the frame does not contain any errors, and is not a runt or a giant, the LAN switch looks up the
destination address in its forwarding, or switching, table and determines the outgoing interface. It then
forwards the frame toward its intended destination.
Store-and-Forward Switching Operation
Store-and-forward switches store the entire frame in internal memory and check the frame for errors
before forwarding the frame to its destination. Store-and-forward switch operation ensures a high
level of error-free network traffic, because bad data frames are discarded rather than forwarded across
the network, as illustrated in Figure 6-9.
The store-and-forward switch shown in Figure 6-9 inspects each received frame for errors before
forwarding it on to the frame's destination network segment. If a frame fails this inspection, the switch
drops the frame from its buffers, and the frame is thrown in to the proverbial bit bucket.
A drawback to the store-and-forward switching method is one of performance, because the switch has
to store the entire data frame before checking for errors and forwarding. This error checking results in
high switch latency (delay). If multiple switches are connected, with the data being checked at each
switch point, total network performance can suffer as a result. Another drawback to store-and-forward
switching is that the switch requires more memory and processor (central processing unit, CPU)
cycles to perform the detailed inspection of each frame than that of cut-through or fragment-free
switching.
Cut-Through Switching
With cut-through switching, the LAN switch copies into its memory only the destination MAC
address, which is located in the first 6 bytes of the frame following the preamble. The switch looks up
the destination MAC address in its switching table, determines the outgoing interface port, and
forwards the frame on to its destination through the designated switch port. A cut-through switch
reduces delay because the switch begins to forward the frame as soon as it reads the destination MAC
address and determines the outgoing switch port, as illustrated in Figure 6-10.
The cut-through switch shown in Figure 6-10 inspects each received frame's header to determine the
destination before forwarding on to the frame's destination network segment. Frames with and without
errors are forwarded in cut-through switching operations, leaving the error detection of the frame to
the intended recipient. If the receiving switch determines the frame is errored, the frame is thrown out
to the bit bucket where the frame is subsequently discarded from the network.
Cut-through switching was developed to reduce the delay in the switch processing frames as they
arrive at the switch and are forwarded on to the destination switch port. The switch pulls the frame
header into its port buffer. When the destination MAC address is determined by the switch, the switch
forwards the frame out the correct interface port to the frame's intended destination.
Cut-through switching reduces latency inside the switch. If the frame was corrupted in transit,
however, the switch still forwards the bad frame. The destination receives this bad frame, checks the
frame's CRC, and discards it, forcing the source to resend the frame. This process wastes bandwidth
and, if it occurs too often, network users experience a significant slowdown on the network. In
contrast, store-and-forward switching prevents errored frames from being forwarded across the
network and provides for quality of service (QoS) managing network traffic flow.
NOTE
Today's switches don't suffer the network latency that older (legacy) switches labored under. This
minimizes the effect switch latency has on your traffic. Today's switches are better suited for a store-
and-forward environment.
Fragment-Free Switching
Fragment-free switching is also known as runtless switching and is a hybrid of cut-through and store-
and-forward switching. Fragment-free switching was developed to solve the late-collision problem.
NOTE
Recall that when two systems' transmissions occur at the same time, the result is a collision.
Collisions are a part of Ethernet communications and do not imply any error condition. A late
collision is similar to an Ethernet collision, except that it occurs after all hosts on the network should
have been able to notice that a host was already transmitting.
A late collision indicates that another system attempted to transmit after a host has transmitted at least
the first 60 bytes of its frame. Late collisions are often caused by an Ethernet LAN being too large and
therefore needing to be segmented. Late collisions can also be caused by faulty network devices on
the segment and duplex (for example, half-duplex/full-duplex) mismatches between connected
devices.
NOTE
Different methods work better at different points in the network. For example, cut-through switching
is best for the network core where errors are fewer, and speed is of utmost importance. Store-and-
forward is best at the network access layer where most network problems and users are located.
Layer 3 Switching
Layer 3 switching is another example of fragment-free switching. Up to now, this discussion has
concentrated on switching and bridging at the data link layer (Layer 2) of the Open System
Interconnection (OSI) model. When bridge technology was first developed, it was not practical to
build wire-speed bridges with large numbers of high-speed ports because of the manufacturing cost
involved. With improved technology, many functions previously implemented in software were
moved into the hardware, increasing performance and enabling manufacturers to build reasonably
priced wire-speed switches.
Whereas bridges and switches work at the data link layer (OSI Layer 2), routers work at the network
layer (OSI Layer 3). Routers provide functionality beyond that offered by bridges or switches. As a
result, however, routers entail greater complexity. Like early bridges, routers were often implemented
in software, running on a special-purpose processing platform, such as a personal computer (PC) with
two network interface cards (NICs) and software to route data between each NIC, as illustrated in
Figure 6-11.
Figure 6-11 PC Routing with Two NICs
The early days of routing involved a computer and two NIC cards, not unlike two people having a
conversation, but having to go through a third person to do so. The workstation would send its traffic
across the wire, and the routing computer would receive it on one NIC, determine that the traffic
would have to be sent out the other NIC, and then resend the traffic out this other NIC.
NOTE
In the same way that a Layer 2 switch is another name for a bridge, a Layer 3 switch is another name
for a router. This is not to say that a Layer 3 switch and a router operate the same way. Layer 3
switches make decisions based on the port-level Internet Protocol (IP) addresses, whereas routers
make decisions based on a map of the Layer 3 network (maintained in a routing table).
Multilayer switching is a switching technique that switches at both the data link (OSI Layer 2) and
network (OSI Layer 3) layers. To enable multilayer switching, LAN switches must use store-and-
forward techniques because the switch must receive the entire frame before it performs any protocol
layer operations, as illustrated in Figure 6-12.
Figure 6-12 Layer 3 (Multilayer) Switch Examining Each Frame for Error
Before Determining the Destination Network Segment (Based on the Network Address)
Similar to a store-and-forward switch, with multilayer switching the switch pulls the entire received
frame into its memory and calculates its CRC. It then determines whether the frame is good or bad. If
the CRC calculated on the packet matches the CRC calculated by the switch, the destination address
is read and the frame is forwarded out the correct switch port. If the CRC does not match the frame,
the frame is discarded. Because this type of switching waits for the entire frame to be received before
forwarding, port latency times can become high, which can result in some latency, or delay, of
network traffic.
You might be asking yourself, "What's the difference between a Layer 3 switch and a router?" The
fundamental difference between a Layer 3 switch and a router is that Layer 3 switches have optimized
hardware passing data traffic as fast as Layer 2 switches. However, Layer 3 switches make decisions
regarding how to transmit traffic at Layer 3, just as a router does.
NOTE
Within the LAN environment, a Layer 3 switch is usually faster than a router because it is built on
switching hardware. Bear in mind that the Layer 3 switch is not as versatile as a router, so do not
discount the use of a router in your LAN without first examining your LAN requirements, such as the
use of network address translation (NAT).
Before going forward with this discussion, recall the following points:
• A switch is a Layer 2 (data link) device with physical ports and that the switch communicates
via frames that are placed on to the wire at Layer 1 (physical).
• A router is a Layer 3 (network) device that communicates with other routers with the use of
packets, which in turn are encapsulated inside frames.
Routers have interfaces for connection into the network medium. For a router to route data over the
Ethernet, for instance, the router requires an Ethernet interface, as illustrated in Figure 6-13.
A serial interface is required for the router connecting to a wide-area network (WAN), and a Token
Ring interface is required for the router connecting to a Token Ring network.
A simple network made up of two network segments and an internetworking device (in this case, a
router) is shown in Figure 6-14.
The router in Figure 6-14 has two Ethernet interfaces, labeled E0 and E1. The primary function of the
router is determining the best network path in a complex network. A router has three ways to learn
about networks and make the determination regarding the best path: through locally connected ports,
static route entries, and dynamic routing protocols. The router uses this learned information to make a
determination by using routing protocols. Some of the more common routing protocols used include
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Interior Gateway Routing
Protocol (IGRP), and Border Gateway Protocol (BGP).
NOTE
Routing protocols are used by routers to share information about the network. Routers receive and use
the routing protocol information from other routers to learn about the state of the network. Routers
can modify information received from one router by adding their own information along with the
original information, and then forward that on to other routers. In this way, each router can share its
version of the network.
Packet Switching
Layer 3 information is carried through the network in packets, and the transport method of carrying
these packets is called packet switching, as illustrated in Figure 6-15.
Figure 6-15 Packet Switching Between Ethernet and Token Ring Network
Segments
Figure 6-15 shows how a packet is delivered across multiple networks. Host A is on an Ethernet
segment, and Host B on a Token Ring segment. Host A places an Ethernet frame, encapsulating an
Internet Protocol (IP) packet, on to the wire for transmission across the network.
The Ethernet frame contains a source data link layer MAC address and a destination data link layer
MAC address. The IP packet within the frame contains a source network layer IP address (TCP/IP
network layer address) and a destination network layer IP address. The router maintains a routing
table of network paths it has learned, and the router examines the network layer destination IP address
of the packet. When the router has determined the destination network from the destination IP
address, the router examines the routing table and determines whether a path exists to that network.
In the case illustrated in Figure 6-15, Host B is on a Token Ring network segment directly connected
to the router. The router peels off the Layer 2 Ethernet encapsulation, forwards the Layer 3 data
packet, and then re-encapsulates the packet inside a new Token Ring frame. The router sends this
frame out its Token Ring interface on to the segment where Host B will see a Token Ring frame
containing its MAC address and process it.
Note the original frame was Ethernet, and the final frame is Token Ring encapsulating an IP packet.
This is called media transition and is one of the features of a network router. When the packet arrives
on one interface and is forwarded to another, it is called Layer 3 switching or routing.
Routing table lookup in an IP router might be considered more complex than a MAC address lookup
for a bridge, because at the data link layer addresses are 48-bits in length, with fixed-length fields—
the OUI and ID. Additionally, data-link address space is flat, meaning there is no hierarchy or
dividing of addresses into smaller and distinct segments. MAC address lookup in a bridge entails
searching for an exact match on a fixed-length field, whereas address lookup in a router looks for
variable-length fields identifying the destination network.
IP addresses are 32 bits in length and are made up of two fields: the network identifier and the host
identifier, as illustrated in Figure 6-16.
Both the network and host portions of the IP address can be of a variable or fixed length, depending
on the hierarchical network address scheme used. Discussion of this hierarchical, or subnetting,
scheme is beyond the scope of this book, but suffice to say you are concerned with the fact that each
IP address has a network and host identifier.
The routing table lookup in an IP router determines the next hop by examining the network portion of
the IP address. After it determines the best match for the next hop, the router looks up the interface
port to forward the packets across, as illustrated in Figure 6-17.
Figure 6-17 shows that the router receives the traffic from Serial Port 1 (S1) and performs a routing
table lookup determining from which port to forward out the traffic. Traffic destined for Network 1 is
forwarded out the Ethernet 0 (E0) port. Traffic destined for Network 2 is forwarded out the Token
Ring 0 (T0) port, and traffic destined for Network 3 is forwarded out Serial Port 0 (S0).
NOTE
In terms of the Cisco Internet Operating System (IOS) interface, port numbers begin with zero (0),
such as serial port 0 (S0). Not all vendors, including Cisco, use ports; some use slots or modules,
which might begin with zero or one.
The host identifier portion of the network address is examined only if the network lookup indicates
that the destination is on a locally attached network. Unlike data-link addresses, the dividing line
between the network identifier and the host identifier is not in a fixed position throughout the
network. Routing table entries can exist for network identifiers of various lengths, from 0 bits in
length, specifying a default route, to 32 bits in length for host-specific routes. According to IP routing
procedures, the lookup result returned should be the one corresponding to the entry that matches the
maximum number of bits in the network identifier. Therefore, unlike a bridge, where the lookup is for
an exact match against a fixed-length field, IP routing lookups imply a search for the longest match
against a variable-length field.
For example, a network host might have both the IP address of 68.98.134.209 and a MAC address of
00-0c-41-53-40-d3. The router makes decisions based on the IP address (68.98.134.209), whereas the
switch makes decisions based on the MAC address (00-0c-41-53-40-d3). Both addresses identify the
same host on the network, but are used by different network devices when forwarding traffic to this
host.
ARP Mapping
Address Resolution Protocol (ARP) is a network layer protocol used in IP to convert IP addresses into
MAC addresses. A network device looking to learn a MAC address broadcasts an ARP request onto
the network. The host on the network that has the IP address in the request replies with its MAC
(hardware) address. This is called ARP mapping, the mapping of a Layer 3 (network) address to a
Layer 2 (data link) address.
NOTE
Some Layer 3 addresses use the MAC address as part of their addressing scheme, such as IPX.
Because the network layer address structure in IP does not provide for a simple mapping to data-link
addresses, IP addresses use 32 bits, and data-link addresses use 48 bits. It is not possible to determine
the 48-bit data-link address for a host from the host portion of the IP address. For packets destined for
a host not on a locally attached network, the router performs a lookup for the next-hop router's MAC
address. For packets destined for hosts on a locally attached network, the router performs a second
lookup operation to find the destination address to use in the data-link header of the forwarded
packet's frame, as illustrated in Figure 6-18.
After determining for which directly attached network the packet is destined, the router looks up the
destination MAC address in its ARP cache. Recall that ARP enables the router to determine the
corresponding MAC address when it knows the network (IP) address. The router then forwards the
packet across the local network in a frame with the MAC address of the local host, or next-hop router.
NOTE
Note in Figure 6-18 that Net 3, Host: 31 is not part of the ARP cache, because during the routing table
lookup, the router determined that this packet is to be forwarded to another, remote (nonlocally
attached) network.
The result of this final lookup falls into one of the three following categories:
• The packet is destined for the router itself—The IP destination address (network and
station portion combined) corresponds to one of the IP addresses of the router. In this case,
the packet must be passed to the appropriate higher-layer entity within the router and not
forwarded to any external port.
• The packet is destined for a known host on the directly attached network—This is the
most common situation encountered by a network router. The router determines the mapping
from the ARP table and forwards the packet out the appropriate interface port to the local
network.
• The ARP mapping for the specified host is unknown—The router initiates a discovery
procedure by sending an ARP request determining the mapping of network to hardware
address. Because this discovery procedure takes time, albeit measured in milliseconds, the
router might drop the packet that resulted in the discovery procedure in the first place. Under
steady-state conditions, the router already has ARP mappings available for all communicating
hosts. The address discovery procedure is necessary when a previously unheard-from host
establishes a new communication session.
NOTE
The current version of Cisco IOS (12.0) Software drops the first packet for a destination without an
ARP entry. The IOS does this to handle denial of service (DoS) attacks against incomplete ARPs. In
other words, it drops the frame immediately instead of awaiting a reply.
Fragmentation
Each output port on a network device has an associated maximum transmission unit (MTU). Recall
from earlier in this chapter that the MTU indicates the largest frame size (measured in bytes) that can
be carried on the interface. The MTU is often a function of the networking technology in use, such as
Ethernet, Token Ring, or Point-to-Point Protocol (PPP). PPP is used with Internet connections. If the
frame being forwarded is larger than the available space, as indicated by the MTU, the frame is
fragmented into smaller pieces for transmission on the particular network.
Bridges cannot fragment frames when forwarding between LANs of differing MTU sizes because
data-link connections rarely have a mechanism for fragment reassembly at the receiver. The
mechanism is at the network layer implementation, such as with IP, which is capable of overcoming
this limitation. Network layer packets can be broken down into smaller pieces if necessary so that
these packets can travel across a link with a smaller MTU.
Fragmentation is similar to taking a picture and cutting it into pieces so that each piece will fit into
differently sized envelopes for mailing. It is up to the sender to determine the size of the largest piece
that can be sent, and it is up to the receiver to reassemble these pieces. Fragmentation is a mixed
blessing; although it provides the means of communication across different link technologies, the
processing accomplishing the fragmentation is significant and could be a burden on each device
having to fragment and reassemble the data. Further, pieces for reassembly can be received out of
order and may be dropped by the switch or router.
As a rule, it is best to avoid fragmentation in your network if at all possible. It is more efficient for
the sending station to send packets not requiring fragmentation anywhere along the path to the
destination, instead of sending large packets requiring intermediate routers to perform fragmentation.
NOTE
Hosts and routers can learn the maximum MTU available along a network path through the use of
MTU discovery. MTU discovery is a process by which each device in a network path learns the MTU
size that the network path can support.
Chapter Summary
One of three transmission methods is used to move frames from source to destination: unicast,
multicast, or broadcast. Unicast transmission occurs when there is a direct path from source to
destination, a "one-to-one" relationship. Multicast has a one-to-many relationship in which the frame
is delivered to multiple destinations that are identified as part of a multicast group. Broadcast is a one-
to-all relationship in which the frame is delivered to all the hosts on the network segment, whether or
not they want the traffic.
Frame size is measured in bytes and has a minimum and maximum length, depending on the
implemented technology, such as Ethernet, Token Ring, or with WAN technologies (such as Frame
Relay or IP VPN). The maximum frame length supported by a technology is called the maximum
transmission unit, or MTU, and is measured in bytes. A frame received by the switch that is less than
the minimum frame length for that technology is called a runt, and a frame greater than the maximum
frame length is called a giant. Giant frames must be fragmented into smaller frames, smaller than the
acceptable MTU, before these frames can be forwarded across the switch's or router's network
interface.
There are two common categories of switches: store-and-forward switches and cut-through switches.
Store-and-forward switching accepts the complete frame into the switch buffers for error checking
before forwarding on to the network. Cut-through switching reads just the destination MAC address
(the first 6 bytes of the frame following the preamble) to determine the switch port to forward the
traffic. Store-and-forward switching adds some delay to the time it takes for the frame to get from
source to destination; unlike cut-through switching, however, store-and-forward switching does not
forward a frame with errors. The delay added by store-and-forward switching is minimal and should
not be a determining factor when deciding between using cut-through and store-and-forward
switching. Store-and-forward has an advantage over cut-through switching by virtue of its error-
handling mechanisms.
A third switching category is fragment-free switching, which accepts the first 64 bytes of the frame
and checks for errors. Fragment-free switching works on the precept that if there are any errors on the
line, they are detectable within the first 64 bytes of the frame.
The fundamental difference between Layer 2 and Layer 3 switch operation is the layer at which each
forwarding decision is made. Layer 2 switches make their forwarding decisions based on tables that
store the mapping between MAC addresses and switch ports. Layer 3 switches build a table of
network addresses and switch ports, making the forwarding decisions based on the network address
information found in Layer 3, rather than just the MAC address found in Layer 2. Layer 3 switches
function like routers because of the similar Layer 3 forwarding decision handling. However, Layer 3
switches tend to have better throughput because of the hardware processing of the address tables
rather than the software.
Wireless L
MSFC
Key Features:
Q. Will the standby router take over if the active router LAN interface state is "interface up line
protocol down"?
A. Yes, the standby router takes over once the holdtime expires. By default, this equals to three hello
packets from the active router having been missed. The actual convergence time depends on the
HSRP timers configured for the group and possibly on routing protocol convergence. The HSRP
hellotime timer defaults to 3 and the holdtime timer defaults to 10.
Q. Can I configure more than one standby group with the same group number?
A. Yes. However, Cisco does not recommend it on lower-end platforms such as the 4x00 series and
earlier. If the same group number is assigned to multiple standby groups, it creates a non-unique
MAC address. This is seen as the router's own MAC address and it is filtered out if more than one
router in a LAN becomes active. This behavior may change in future releases of Cisco IOS®.
Note: 4x00 series and earlier do not have the hardware required to support more than one MAC
address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple
MAC addresses on all Ethernet and Fast Ethernet interfaces.
Q. When an active router tracks serial 0 and the serial line goes down, how does the standby
router know to become active?
A. When a tracked interface's state changes to down, the active router decrements its priority. The
standby router reads this value from the hello packet priority field, and becomes active if this value is
lower than its own priority and the standby preempt is configured. You can configure by how much
the router should decrement the priority. By default, it decrements its priority by 10.
Q. If there is no priority configured for a standby group, what determines which router is
active?
A. The priority field is used to elect the active router and the standby router for the specific group. In
the case of an equal priority, the router with the highest IP address for the respective group is elected
as active. Furthermore, if there are more than two routers in the group, the second highest IP address
determines the standby router and the other router/routers are in the listen state.
Q. What are the limiting factors that determine how many standby groups can be assigned to a
router?
A. Ethernet: 256 per router. FDDI: 256 per router. Token Ring: 3 per router (uses reserved
functional address).
Note: 4x00 series and earlier do not have the hardware required to support more than one MAC
address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple
MAC addresses on all Ethernet and Fast Ethernet interfaces.
A. An HSRP-enabled router with preempt configured attempts to assume control as the active router
when its Hot Standby priority is higher than the current active router. The standby preempt
command is needed in situations when you want an occurring state change of a tracked interface to
cause a standby router to take over from the active router. For example, an active router tracks another
interface and decrements its priority when that interface goes down. The standby router priority is
now higher and it sees the state change in the hello packet priority field. If preempt is not configured,
it cannot take over and failover does not occur.
Q. From reading the documentation it looks like I can use HSRP to achieve load-balancing
across two serial links. Is this true?
A. No, HSRP does not support Dial-on-Demand Routing (DDR) directly. However, you can
configure it to track a serial interface and swap from the active to the standby router in case of a WAN
link failure. The command used to track the state of an interface is standby <group#> track
<interface> .
Q. I am using HSRP and all hosts are using the active router to forward traffic to the rest of my
network. I have noticed that the return traffic comes back through the standby router.
Will this cause problems with HSRP or my applications?
A. No, normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a
router experiences high traffic. You can change this by configuring a more desirable cost for the link
you would like the distant router/routers to use.
A. DECnet and XNS are compatible with HSRP and multiple HSRP (MHSRP) over Ethernet, FDDI,
and Token Ring on the Cisco 7000 and Cisco 7500 routers only. For more information, refer to Using
HSRP for Fault-Tolerant IP Routing.
Q. Can a Cisco 2500 and Cisco 7500 router on the same LAN segment use HSRP, or do I have to
replace one of the routers so the platforms are identical?
A. You can mix the platforms with HSRP, but you are not able to support multiple HSRP (MHSRP)
due to the hardware limitations of the lower-end platform.
Q. If I use a switch, what do I see on the CAM tables for the HSRP?
A. The content-addressable memory (CAM) tables provide a map for the HSRP MAC address to the
port on which the active router is located. In this way, you can determine what the switch perceives
the HSRP status to be.
A. By default, HSRP uses the preassigned HSRP virtual MAC address on Ethernet and FDDI, or the
functional address on Token Ring. To configure HSRP to use the interface's burnt-in address as its
virtual MAC address, instead of the default, use the standby use-bia command.
For example, on Token Ring, if Source Route Bridging is in use, a Routing Information Field (RIF) is
stored with the virtual MAC address in the host's RIF cache. The RIF indicates the path and final ring
used to reach the MAC address. As routers transition to the active state, they send gratuitous Address
Resolution Protocols (ARPs) in order to update the host's ARP table. However, this does not affect the
RIF cache of the hosts that are on the bridged ring. This situation can lead to packets being bridged to
the ring for the previous active router. To avoid this situation, use the standby use-bia command. The
router now uses its burnt-in MAC address as the virtual MAC address.
Note: Using the standby use-bia command has these disadvantages:
• When a router becomes active the virtual IP address is moved to a different MAC address.
The newly active router sends a gratuitous ARP response, but not all host implementations
handle the gratuitous ARP correctly.
• Proxy ARP breaks when use-bia is configured. A standby router cannot cover for the lost
proxy ARP database of the failed router.
A. You can configure network address translation (NAT) and HSRP on the same router. However, a
router that runs NAT holds state information for traffic that is translated through it. If this is the active
HSRP router and the HSRP standby takes over, the state information is lost.
Note: Stateful NAT (SNAT) can make use of HSRP to fail over. For more information, refer to NAT
Stateful Failover of Network Address Translation. Static NAT Mapping Support with HSRP for High
Availability is another feature which makes NAT and HSRP interact. For more information refer to
NAT—Static Mapping Support with HSRP for High Availability.
Q. What are the IP source address and destination address of HSRP hello packets?
A. The destination address of HSRP hello packets is the all routers multicast address (224.0.0.2). The
source address is the router's primary IP address assigned to the interface.
Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permit HSRP
through an ACL?
A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an
ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are
permitted.
The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks, ensuring
that user traffic immediately and transparently recovers from first hop failures in network edge
devices or access circuits.
Spanning-Tree Protocol is a link management protocol that provides path redundancy while
preventing undesirable loops in the network. For an Ethernet network to function properly, only one
active path can exist between two stations.
Multiple active paths between stations cause loops in the network. If a loop exists in the network
topology, the potential exists for duplication of messages. When loops occur, some switches see
stations appear on both sides of the switch. This condition confuses the forwarding algorithm and
allows duplicate frames to be forwarded.
To provide path redundancy, Spanning-Tree Protocol defines a tree that spans all switches in an
extended network. Spanning-Tree Protocol forces certain redundant data paths into a standby
(blocked) state. If one network segment in the Spanning-Tree Protocol becomes unreachable, or if
Spanning-Tree Protocol costs change, the spanning-tree algorithm reconfigures the spanning-tree
topology and reestablishes the link by activating the standby path.
Each port on a switch using Spanning-Tree Protocol exists in one of the following five states:
• Blocking
• Listening
• Learning
• Forwarding
• Disabled
The lowest four bits of the 16-bit configuration register (bits 3, 2, 1, and 0) form the boot field. The
following boot field values determine if the router loads an operating system and where it obtains the
system image:
• When the entire boot field equals 0-0-0-0 (0x0), the router does not load a system image.
Instead, it enters ROM monitor or "maintenance" mode from which you can enter ROM monitor
commands to manually load a system image. Refer to the " Manually Loading a System Image from
ROM Monitor" section for details on ROM monitor mode.
• When the entire boot field equals 0-0-0-1 (0x1), the router loads the boot helper or rxboot
image.
• When the entire boot field equals a value between 0-0-1-0 (0x2) and 1-1-1-1 (0xF), the router
loads the system image specified by boot system commands in the startup configuration file. When
the startup configuration file does not contain boot system
0 to load the system image manually using the boot command in ROM monitor mode.
• 1 to load the system image from boot ROMs. On the Cisco 7200 series and Cisco 7500 series, this
setting configures the system to automatically load the system image from bootflash.
• 2-F to load the system image from boot system commands in the startup configuration file or
from a default system image stored on a network server.
Trunk – A trunk is a point to point link between one or more Ethernet switch port and another
networking devices.