Вы находитесь на странице: 1из 31



Dynamically Populating a Switch MAC Address Table
The following steps describe the process of building the MAC address table:
1. The switch receives a frame from PC 1 on Port 1 (Figure 1).
2. The switch examines the source MAC address and compares it to MAC
address table. If the address is not in the MAC address table, it
associates the source MAC address of PC 1 with the ingress port (Port
1) in the MAC address table (Figure 2). If the MAC address table
already has an entry for that source address, it resets the aging
timer. An entry for a MAC address is typically kept for five minutes.
3. After the switch has recorded the source address information, the
switch examines the destination MAC address. If the destination
address is not in the MAC table or if its a broadcast MAC address, as
indicated by all Fs, the switch floods the frame to all ports, except
the ingress port (Figure 3).
4. The destination device (PC 3) replies to the frame with a unicast
frame addressed to PC 1 (Figure 4).
5. The switch enters the source MAC address of PC 3 and the port number
of the ingress port into the address table. The destination address of
the frame and its associated egress port is found in the MAC address
table (Figure 5).
6. The switch can now forward frames between these source and destination
devices without flooding, because it has entries in the address table
that identify the associated ports (Figure 6).

Switch Boot Sequence

1. Power-on self test (POST).

2. Run boot loader software.
3. Boot loader performs low-level CPU initialization.
4. Boot loader initializes the flash file system
5. Boot loader locates and loads a default IOS operating system software
image into memory and passes control of the switch over to the IOS.

To find a suitable Cisco IOS image, the switch

goes through the following steps:
Step 1. It attempts to automatically boot by using information in the BOOT
environment variable.
Step 2. If this variable is not set, the switch performs a top-to-bottom
search through the flash file system. It loads and executes the first
executable file, if it can.
Step 3. The IOS software then initializes the interfaces using the Cisco IOS
commands found in the configuration file and startup configuration, which is
stored in NVRAM.
Note: The boot system command can be used to set the BOOT environment

Switch Security

1. MAC Address Flooding - an attacker can send frames with fake,

randomly-generated source and destination MAC addresses to the switch.
The switch updates the MAC address table with the information in the
fake frames. When the MAC address table is full of fake MAC addresses,
the switch enters into what is known as fail-open mode. In this mode,
the switch broadcasts all frames to all machines on the network. As a
result, the attacker can see all of the frames.
2. DHCP Attacks -
a) DHCP Starvation Attacks - an attacker floods the DHCP server with
DHCP requests to use up all the available IP addresses that the
DHCP server can issue. After these IP addresses are issued, the
server cannot issue any more addresses, and this situation produces
a denial-of-service (DoS) attack as new clients cannot obtain
network access.
b) DHCP Spoofing Attacks - In DHCP spoofing attacks, an attacker
configures a fake DHCP server on the network to issue DHCP
addresses to clients. The normal reason for this attack is to force
the clients to use false Domain Name System (DNS) servers.
3. Leveraging CDP - CDP contains information about the device, such as
the IP address, software version, platform, capabilities, and the
native VLAN. This information can be used by an attacker to find ways
to attack the network, typically in the form of a denial-of-service
(DoS) attack.
4. Brute Force Password Attacks - the attacker uses a program that
creates sequential character combinations in an attempt to guess the
5. Telnet DoS Attacks - Telnet can also be used to launch a DoS attack.
In a Telnet DoS attack, the attacker exploits a flaw in the Telnet
server software running on the switch that renders the Telnet service
unavailable. This sort of attack prevents an administrator from
remotely accessing switch management functions.

A DoS attack is any attack that is used to overload specific devices

and network services with illegitimate traffic, thereby preventing
legitimate traffic from reaching those resources.

The Cisco Discovery Protocol (CDP) is a proprietary protocol

that all Cisco devices can be configured to use. CDP discovers other Cisco
devices that are directly connected, which allows the devices to auto-
configure their connection.

DHCP (Dynamic Host Configuration Protocol) is the

protocol that automatically assigns a host a valid IP address out of a DHCP

10 Best Practices Switch Security

1. Develop a written security policy for the organization.

2. Shut down unused services and ports.
3. Use strong passwords and change them often.
4. Control physical access to devices.
5. Avoid using standard insecure HTTP websites, especially for login
screens; instead use the more secure HTTPS.
6. Perform backups and test the backed up files on a regular basis.
7. Educate employees about social engineering attacks, and develop
policies to validate identities over the phone, via email, and in
8. Encrypt and password-protect sensitive data.
9. Implement security hardware and software, such as firewalls.
10. Keep software up-to-date by installing security patches weekly or
daily, if possible.

Network Time Protocol (NTP) is a protocol that is used to

synchronize the clocks of computer systems over packet-switched, variable-
latency data networks. NTP allows network devices to synchronize their time
settings with an NTP server.

VLAN Definition

A VLAN is a logical partition of a Layer 2 network.

Multiple partitions can be created, allowing for multiple VLANs to co-

Each VLAN is a broadcast domain, usually with its own IP network.

VLANs are mutually isolated and packets can only pass between them via
a router.
The partitioning of the Layer 2 network takes place inside a Layer 2
device, usually via a switch.
The hosts grouped within a VLAN are unaware of the VLANs existence.

VLAN Benefits

1. Security - Groups that have sensitive data are separated from the rest
of the network, decreasing the chances of confidential information
2. Cost Reduction - Cost savings result from reduced need for expensive
network upgrades and more efficient use of existing bandwidth and
3. Better Performance - Dividing flat Layer 2 networks into multiple
logical workgroups (broadcast domains) reduces unnecessary traffic on
the network and boosts performance.
4. Shrink Broadcast Domains - Dividing a network into VLANs reduces the
number of devices in the broadcast domain.
5. Improved IT Staff Efficiency - VLANs make it easier to manage the
network because users with similar network requirements share the same
VLAN. When a new switch is provisioned, all the policies and
procedures already configured for the particular VLAN are implemented
when the ports are assigned. It is also easy for the IT staff to
identify the function of a VLAN by giving it an appropriate name.
6. Simpler Project and Application Management - VLANs aggregate users and
network devices to support business or geographic requirements.

Different Types of VLAN

1. Data VLAN - A data VLAN is a VLAN that is configured to carry user-

generated traffic.
2. Default VLAN - All switch ports become a part of the default VLAN
after the initial boot up of a switch loading the default
configuration. Switch ports that participate in the default VLAN are
part of the same broadcast domain.
3. Native VLAN - A native VLAN is assigned to an 802.1Q trunk port. Trunk
ports are the links between switches that support the transmission of
traffic associated with more than one VLAN. An 802.1Q trunk port
supports traffic coming from many VLANs (tagged traffic), as well as
traffic that does not come from a VLAN (untagged traffic).
4. Management VLAN - A management VLAN is any VLAN configured to access
the management capabilities of a switch.

VLAN Trunks

1. A VLAN trunk carries more than one VLAN.

2. A VLAN trunk is usually established between switches so same-VLAN
devices can communicate, even if physically connected to different
3. A VLAN trunk is not associated to any VLANs; neither is the trunk
ports used to establish the trunk link.
4. Cisco IOS supports IEEE802.1q, a popular VLAN trunk protocol.

An interface can be set to trunking or nontrunking, or to negotiate

trunking with the neighbor interface. Trunk negotiation is managed by the
Dynamic Trunking Protocol (DTP), which operates on a point-
to-point basis only, between network devices. DTP is a Cisco proprietary
protocol that is automatically enabled on Catalyst 2960 and Catalyst 3560
Series switches.

VLAN Security Attacks (Check out the PPT you made fucker)

VLAN Design Guidelines

1. Move all ports from VLAN 1 and assign them to a not-in-use VLAN
2. Shut down all unused switch ports.
3. Separate management and user data traffic.
4. Change the management VLAN to a VLAN other than VLAN 1. (The same goes
to the native VLAN.)
5. Ensure that only devices in the management VLAN can connect to the
6. The switch should only accept SSH connections.
7. Disable autonegotiation on trunk ports.
8. Do not use the auto or desirable switch port modes.

Routing Concepts

Ethernet switches function at the data link layer, Layer 2, and are used to
forward Ethernet frames between devices within the same network. However,
when the source IP and destination IP addresses are on different networks,
the Ethernet frame must be sent to a router. A router connects one network
to another network. The router is responsible for the delivery of packets
across different networks. The router uses its routing table to determine
the best path to use to forward a packet. It is the responsibility of the
routers to deliver those packets in a timely manner.

The router uses its routing table to determine the best path to use to
forward a packet. It is the responsibility of the routers to deliver those
packets in a timely manner.

Router Memory
A router connects multiple networks, which means that it has multiple
interfaces that each belong to a different IP network. When a router
receives an IP packet on one interface, it determines which interface to use
to forward the packet to the destination. The interface that the router uses
to forward the packet may be the final destination, or it may be a network
connected to another router that is used to reach the destination network.

The primary functions of a router are to:

1. Determine the best path to send packets
2. Forward packets toward their destination

Routers support three packet-forwarding


Process switching - An older packet forwarding mechanism still available for

Cisco routers. When a packet arrives on an interface, it is forwarded to the
control plane where the CPU matches the destination address with an entry in
its routing table, and then determines the exit interface and forwards the
packet. It is important to understand that the router does this for every
packet, even if the destination is the same for a stream of packets. This
process-switching mechanism is very slow and rarely implemented in modern
Fast switching - This is a common packet forwarding mechanism which uses a
fast-switching cache to store next-hop information. When a packet arrives on
an interface, it is forwarded to the control plane where the CPU searches
for a match in the fast-switching cache. If it is not there, it is process-
switched and forwarded to the exit interface. The flow information for the
packet is also stored in the fast-switching cache. If another packet going
to the same destination arrives on an interface, the next-hop information in
the cache is re-used without CPU intervention.

Forwarding (CEF) - CEF is the most recent and preferred Cisco IOS packet-
forwarding mechanism. Like fast switching, CEF builds a Forwarding
Information Base (FIB), and an adjacency table. However, the table entries
are not packet-triggered like fast switching but change-triggered such as
when something changes in the network topology. Therefore, when a network
has converged, the FIB and adjacency tables contain all the information a
router would have to consider when forwarding a packet. The FIB contains
pre-computed reverse lookups, next hop information for routes including the
interface and Layer 2 information. Cisco Express Forwarding is the fastest
forwarding mechanism and the preferred choice on Cisco routers.
To enable network access, devices must be configured with IP address
information to identify the appropriate:
IP address - Identifies a unique host on a local network.

Subnet mask - Identifies with which network subnet the host can
Default gateway - Identifies the router to send a packet to when the
destination is not on the same local network subnet.

When a host sends a packet to a device that is on the same IP

network, the packet is simply forwarded out of the host interface to the
destination device.

When a host sends a packet to a device on a different IP network,

then the packet is forwarded to the default gateway, because a host device
cannot communicate directly with devices outside of the local network. The
default gateway is the destination that routes traffic from the local
network to devices on remote networks. It is often used to connect a local
network to the Internet.
A host can be assigned IP address information either:
Statically - The host is manually assigned the correct IP address,
subnet mask, and default gateway. The DNS server IP address can also
be configured.
Dynamically - IP address information is provided by a server using the
Dynamic Host Configuration Protocol (DHCP). The DHCP server provides a
valid IP address, subnet mask, and default gateway for end devices.
Other information may be provided by the server

Loopback address - The loopback interface is a logical interface internal to

the router. It is not assigned to a physical port and can therefore never be
connected to any other device. It is considered a software interface that is
automatically placed in an UP state, as long as the router is functioning.

Router Switching Function

A primary function of a router is to forward packets toward their

destination. This is accomplished by using a switching function, which is
the process used by a router to accept a packet on one interface and forward
it out of another interface.
The router performs the following three major steps when a packet is
received from one network and destined for another network:
Step 1. De-encapsulates the Layer 3 packet by removing the Layer 2 frame
header and trailer.
Step 2. Examines the destination IP address of the IP packet to find the
best path in the routing table.
Step 3. If the router finds a path to the destination, it encapsulates the
Layer 3 packet into a new Layer 2 frame and forwards the frame out the exit

The routing table search results in one of three

path determinations:

1. Directly connected network - If the destination IP address of the

packet belongs to a device on a network that is directly connected to
one of the interfaces of the router, that packet is forwarded directly
to the destination device. This means that the destination IP address
of the packet is a host address on the same network as the interface
of the router.
2. Remote network - If the destination IP address of the packet belongs
to a remote network, then the packet is forwarded to another router.
Remote networks can only be reached by forwarding packets to another
3. No route determined - If the destination IP address of the packet does
not belong to either a connected or remote network, the router
determines if there is a Gateway of Last Resort available. A Gateway
of Last Resort is set when a default route is configured on a router.
If there is a default route, the packet is forwarded to the Gateway of
Last Resort. If the router does not have a default route, then the
packet is discarded. If the packet is discarded, the router sends an
ICMP unreachable message to the source IP address of the packet.

The following lists some dynamic protocols and the metrics they use:
Routing Information Protocol (RIP) - Hop count

Open Shortest Path First (OSPF) - Ciscos cost based on cumulative

bandwidth from source to destination
Enhanced Interior Gateway Routing Protocol (EIGRP) - Bandwidth, delay,
load, reliability

Load Balancing

When a router has two or more paths to a destination with equal cost
metrics, then the router forwards the packets using both paths equally. This
is called equal cost load balancing. The routing table contains
the single destination network, but has multiple exit interfaces, one for
each equal cost path. The router forwards packets using the multiple exit
interfaces listed in the routing table. Note: Only EIGRP supports unequal
cost load balancing.

Administrative Distance

It is possible for a router to be configured with multiple routing protocols

and static routes. If this occurs, the routing table may have more than one
route source for the same destination network. Cisco IOS uses what is known
as the administrative distance (AD) to determine the route to
install into the IP routing table. The AD represents the "trustworthiness"
the lower the AD, the more trustworthy
of the route;
the route source. For example, a static route has an AD of 1,
whereas an EIGRP-discovered route has an AD of 90.

The routing table of a router stores information


Remote routes - These are remote networks connected to other routers.

Routes to these networks can either be statically configured or
dynamically configured using dynamic routing protocols.
Directly connected routes - These routes come from the active router
interfaces. Routers add a directly connected route when an interface
is configured with an IP address and is activated.

The entry in a Routing Table identifies the

following information:

1. Route source - Identifies how the route was learned.

2. Destination network - Identifies the address of the remote network.
3. Administrative distance - Identifies the trustworthiness of the route
source. Lower values indicate preferred route source.
4. Metric - Identifies the value assigned to reach the remote network.
Lower values indicate preferred routes.
5. Next-hop - Identifies the IPv4 address of the next router to forward
the packet to.
6. Route timestamp - Identifies how much time has passed since the route
was learned.
7. Outgoing interface - Identifies the exit interface to use to forward a
packet toward the final destination.
Static Routes

Static routes are manually configured. They define an explicit path between
two networking devices. Unlike a dynamic routing protocol, static routes are
not automatically updated and must be manually reconfigured if the network
topology changes. The benefits of using static routes include improved
security and resource efficiency.
There are two common types of static routes in the routing table:
Static route to a specific network - A static route can be configured
to reach a specific remote network. IPv4 static routes are configured
using the ip route network mask {next-hop-ip | exit-intf} global
configuration command. A static route is identified in the routing
table with the code S.
Default static route - A default static route is similar to a default
gateway on a host. The default static route specifies the exit point
to use when the routing table does not contain a path for the
destination network.

Dynamic Routing

Dynamic routing protocols are used by routers to share

information about the reachability and status of remote networks. Dynamic
routing protocols perform several activities, including network discovery
and maintaining routing tables.

Network discovery is the ability of a routing protocol to share

information about the networks that it knows about with other routers that
are also using the same routing protocol.

IPv4 routing protocols -

1. EIGRP - Enhanced Interior Gateway Routing Protocol
2. OSPF - Open Shortest Path First
3. IS-IS - Intermediate System-to-Intermediate System
4. RIP - Routing Information Protocol
IPv6 routing protocols -
1. RIPng (RIP next generation)
2. OSPFv3
3. EIGRP for Ipv6

The process of forwarding network traffic from one VLAN to another VLAN
using routing is known as inter-VLAN routing.

Legacy Inter-VLAN Routing

In this legacy approach, inter-VLAN routing is performed by connecting
different physical router interfaces to different physical switch ports. The
switch ports connected to the router are placed in access mode and each
physical interface is assigned to a different VLAN. Each router interface
can then accept traffic from the VLAN associated with the switch interface
that it is connected to, and traffic can be routed to the other VLANs
connected to the other interfaces.

Router-on-a-stick Inter-VLAN Routing

Router-on-a-stick is a type of router configuration in which a single
physical interface routes traffic between multiple VLANs on a network. The
router interface is configured to operate as a trunk link and is connected
to a switch port that is configured in trunk mode. The router performs
inter-VLAN routing by accepting VLAN-tagged traffic on the trunk interface
coming from the adjacent switch, and then internally routing between the
VLANs using subinterfaces. The router then forwards the routed traffic,
VLAN-tagged for the destination VLAN, out the same physical interface as it
used to receive the traffic.

Multilayer Switch Inter-VLAN Routing

Multilayer switches can perform Layer 2 and Layer 3 functions, replacing the
need for dedicated routers to perform basic routing on a network. Multilayer
switches support dynamic routing and inter-VLAN routing. With a multilayer
switch, traffic is routed internal to the switch device, which means packets
are not filtered down a single trunk line to obtain new VLAN-tagging
All Catalyst multilayer switches support the following types of Layer 3
Routed port - A pure Layer 3 interface similar to a physical interface
on a Cisco IOS router.
Switch virtual interface (SVI) - A virtual VLAN interface for inter-
VLAN routing. In other words, SVIs are the virtual-routed VLAN

Static Routing

Advantages -
1. Static routes are not advertised over the network, resulting in better
2. Static routes use less bandwidth than dynamic routing protocols, no
CPU cycles are used to calculate and communicate routes.
3. The path a static route uses to send data is known.
Disadvantages -
1. Initial configuration and maintenance is time-consuming.
2. Configuration is error-prone, especially in large networks.
3. Administrator intervention is required to maintain changing route
4. Does not scale well with growing networks; maintenance becomes
5. Requires complete knowledge of the whole network for proper
Types of Static Routes

1. Standard Static Route - Static routes are useful when connecting to a

specific remote network.
2. Default Static Route - A default static route is a route that matches
all packets. A default route identifies the gateway IP address to
which the router sends all IP packets that it does not have a learned
or static route. Configuring a default static route creates a Gateway
of Last Resort.
3. Summary Static Route - To reduce the number of routing table entries,
multiple static routes can be summarized into a single static route
if: The destination networks are contiguous and can be summarized into
a single network address. The multiple static routes all use the same
exit interface or next-hop IP address.
4. Floating Static Route - Floating static routes are static routes that
are used to provide a backup path to a primary static or dynamic
route, in the event of a link failure. The floating static route is
only used when the primary route is not available.

Classful Network Addressing

1. Class A addresses begin with 0 - Intended for large organizations;

includes all addresses from (00000000) to
(01111111). The address is reserved for default routing and
the address is reserved for loopback testing.
2. Class B addresses begin with 10 - Intended for medium-to-large
organizations; includes all addresses from (10000000) to (10111111).
3. Class C addresses begin with 110 - Intended for small-to-medium
organizations; includes all addresses from (11000000) to (11011111).
4. Class D Multicast addresses begin with 1110 - Multicast addresses are
used to identify a group of hosts that are part of a multicast group.
This helps reduce the amount of packet processing that is done by
hosts, particularly on broadcast media (i.e., Ethernet LANs). Routing
protocols, such as RIPv2, EIGRP, and OSPF use designated multicast
addresses (RIP =, EIGRP =, OSPF, and
5. Class E Reserved IP addresses begin with 1111 - These addresses were
reserved for experimental and future use.

Classful Subnet Masks

Classless Inter-Domain Routing (CIDR)

CIDR replaced the classful network assignments and address classes (A, B,
and C) became obsolete. Using CIDR, the network address is no longer
determined by the value of the first octet. Instead, the network portion of
the address is determined by the subnet mask, also known as the network
prefix, or prefix length (i.e., /8, /19, etc.).
CIDR also reduces the size of routing tables and manages the IPv4 address
space more efficiently using:
Route summarization - Also known as prefix aggregation, routes are
summarized into a single route to help reduce the size of routing
tables. For instance, one summary static route can replace several
specific static route statements.
Supernetting - Occurs when the route summarization mask is a smaller
value than the default traditional classful mask.

Determining the summary route and subnet mask for a group of networks can be
done in the following three steps:
Step 1. List the networks in binary format.
Step 2. Count the number of far left matching bits. This identifies the
prefix length or subnet mask for the summarized route.
Step 3. Copy the matching bits and then add zero bits to the rest of the
address to determine the summarized network address.
The summarized network address and subnet mask can now be used as the
summary route for this group of networks.

Fixed-Length Subnet Masking (FLSM)

With fixed-length subnet masking (FLSM), the same number of addresses is

allocated for each subnet. If all the subnets have the same requirements for
the number of hosts, these fixed size address blocks would be sufficient.
However, most often that is not the case. Although this traditional
subnetting meets the needs of the largest LAN and divides the address space
into an adequate number of subnets, it results in significant waste of
unused addresses.

Variable-Length Subnet Masking (VLSM)

VLSM subnetting is similar to traditional subnetting in that bits are

borrowed to create subnets. The formulas to calculate the number of hosts
per subnet and the number of subnets created still apply. The difference is
that subnetting is not a single pass activity. With VLSM, the network is
first subnetted, and then the subnets are subnetted again. This process can
be repeated multiple times to create subnets of various sizes.
Dynamic Routing Protocol

Advanced Research Projects Agency Network (ARPANET)

Routing Protocols -
1. Routing Information Protocol (RIP)
2. Open Shortest Path First (OSPF)
3. Intermediate System-to-Intermediate System (IS-IS)
4. Interior Gateway Routing Protocol (IGRP)
5. Enhanced IGRP (EIGRP)

The purpose of dynamic routing protocols includes:

1. Discovery of remote networks

2. Maintaining up-to-date routing information
3. Choosing the best path to destination networks
4. Ability to find a new best path if the current path is no longer

The main components of dynamic routing protocols


1. Data structures - Routing protocols typically use tables or databases

for its operations. This information is kept in RAM.
2. Routing protocol messages - Routing protocols use various types of
messages to discover neighboring routers, exchange routing
information, and other tasks to learn and maintain accurate
information about the network.
3. Algorithm - An algorithm is a finite list of steps used to accomplish
a task. Routing protocols use algorithms for facilitating routing
information and for best path determination.

The operations of a dynamic routing protocol can

be described as follows:
1. Cold Start - The router sends and receives routing messages on its
interfaces. When a router powers up, it knows nothing about the
network topology. It does not even know that there are devices on the
other end of its links. The only information that a router has is from
its own saved configuration file stored in NVRAM. After a router boots
successfully, it applies the saved configuration. If the IP addressing
is configured correctly, then the router initially discovers its own
directly connected networks.
2. Network Discovery - The router shares routing messages and routing
information with other routers that are using the same routing
3. Exchanging the Routing Information - Routers exchange routing
information to learn about remote networks. At this point the routers
have knowledge about their own directly connected networks and about
the connected networks of their immediate neighbors. Continuing the
journey toward convergence, the routers exchange the next round of
periodic updates. Each router again checks the updates for new
4. Achieving Convergence - The network has converged when all routers
have complete and accurate information about the entire network.
Convergence time is the time it takes routers to share information,
calculate best paths, and update their routing tables. A network is
not completely operable until the network has converged.
Distance Vector Routing Protocols

Distance vector means that routes are advertised by providing two

Distance - Identifies how far it is to the destination network and is
based on a metric such as the hop count, cost, bandwidth, delay, and
Vector - Specifies the direction of the next-hop router or exit
interface to reach the destination.

Link-State Routing Protocols

In contrast to distance vector routing protocol operation, a router

configured with a link-state routing protocol can create a complete view or
topology of the network by gathering information from all of the other
Link-state protocols work best in situations where:
1. The network design is hierarchical, usually occurring in large
2. Fast convergence of the network is crucial
3. The administrators have good knowledge of the implemented link-state
routing protocol

The biggest distinction between classful and classless routing protocols is

that classful routing protocols do not send subnet mask
information in their routing updates. Classless routing
protocols include subnet mask information in the routing updates.

RIPv2 introduced the following improvements:

Classless routing protocol - It supports VLSM and CIDR, because it

includes the subnet mask in the routing updates.
Increased efficiency - It forwards updates to multicast address, instead of the broadcast address
Reduced routing entries - It supports manual route summarization on
any interface.
Secure - It supports an authentication mechanism to secure routing
table updates between neighbors.

EIGRP also introduced:

1. Bounded triggered updates - It does not send periodic updates. Only

routing table changes are propagated, whenever a change occurs. This
reduces the amount of load the routing protocol places on the network.
Bounded triggered updates means that EIGRP only sends to the neighbors
that need it. It uses less bandwidth, especially in large networks
with many routes.
2. Hello keepalive mechanism - A small Hello message is periodically
exchanged to maintain adjacencies with neighboring routers. This means
a very low usage of network resources during normal operation, instead
of the periodic updates.
3. Maintains a topology table - Maintains all the routes received from
neighbors (not only the best paths) in a topology table. DUAL can
insert backup routes into the EIGRP topology table.
4. Rapid convergence - In most cases, it is the fastest IGP to converge
because it maintains alternate routes, enabling almost instantaneous
convergence. If a primary route fails, the router can use the
alternate route identified. The switchover to the alternate route is
immediate and does not involve interaction with other routers.
5. Multiple network layer protocol support - EIGRP uses Protocol
Dependent Modules (PDM), which means that it is the only protocol to
include support for protocols other than IPv4 and IPv6, such as legacy
IPX and AppleTalk.
Open Shortest Path First (OSPF)

1. Classless - It is classless by design; therefore, it supports VLSM and
2. Efficient - Routing changes trigger routing updates (no periodic
updates). It uses the SPF algorithm to choose the best path.
3. Fast convergence - It quickly propagates network changes.
4. Scalable - It works well in small and large network sizes. Routers can
be grouped into areas to support a hierarchical system.
5. Secure - It supports Message Digest 5 (MD5) authentication. When
enabled, OSPF routers only accept encrypted routing updates from peers
with the same pre-shared password.

The three main components of the OSPF routing

protocol include:

Data Structures
OSPF creates and maintains three databases:
Adjacency database - Creates the neighbor table

Link-state database (LSDB) - Creates the topology table

Forwarding database - Creates the routing table

These tables contain a list of neighboring routers to exchange routing
information with and are kept and maintained in RAM.

Routing Protocol Messages

OSPF exchanges messages to convey routing information using five types of
packets. These packets, as shown in Figure 2, are:

Hello packet

Database description packet

Link-state request packet

Link-state update packet

Link-state acknowledgment packet

These packets are used to discover neighboring routers and also to exchange
routing information to maintain accurate information about the network.

The CPU processes the neighbor and topology tables using Dijkstras SPF
algorithm. The SPF algorithm is based on the cumulative cost to reach a
The SPF algorithm creates an SPF tree by placing each router at the root of
the tree and calculating the shortest path to each node. The SPF tree is
then used to calculate the best routes. OSPF places the best routes into the
forwarding database, which is used to make the routing table.

Dynamic Host Configuration Protocols

DHCPv4 includes three different address allocation mechanisms to provide

flexibility when assigning IP addresses:
1. Manual Allocation - The administrator assigns a pre-allocated IPv4
address to the client, and DHCPv4 communicates only the IPv4 address
to the device.
2. Automatic Allocation - DHCPv4 automatically assigns a static IPv4
address permanently to a device, selecting it from a pool of available
addresses. There is no lease and the address is permanently assigned
to the device.
3. Dynamic Allocation - DHCPv4 dynamically assigns, or leases, an IPv4
address from a pool of addresses for a limited period of time chosen
by the server, or until the client no longer needs the address.

Access Control List

An ACL is a series of IOS commands that control whether a router forwards or

drops packets based on information found in the packet header. ACLs are
among the most commonly used features of Cisco IOS software.
When configured, ACLs perform the following tasks:
1. Limit network traffic to increase network performance. For example, if
corporate policy does not allow video traffic on the network, ACLs
that block video traffic could be configured and applied. This would
greatly reduce the network load and increase network performance.
2. Provide traffic flow control. ACLs can restrict the delivery of
routing updates. If updates are not required because of network
conditions, bandwidth is preserved.
3. Provide a basic level of security for network access. ACLs can allow
one host to access a part of the network and prevent another host from
accessing the same area. For example, access to the Human Resources
network can be restricted to authorized users.
4. Filter traffic based on traffic type. For example, an ACL can permit
email traffic, but block all Telnet traffic.
5. Screen hosts to permit or deny access to network services. ACLs can
permit or deny a user to access file types, such as FTP or HTTP.

Network Address Translation (NAT)

NAT has many uses, but its primary use is to conserve public IPv4 addresses.
It does this by allowing networks to use private IPv4 addresses internally
and providing translation to a public address only when needed. NAT has an
added benefit of adding a degree of privacy and security to a network,
because it hides internal IPv4 addresses from outside networks.
NAT-enabled routers can be configured with one or more valid public IPv4
addresses. These public addresses are known as the NAT pool. When an
internal device sends traffic out of the network, the NAT-enabled router
translates the internal IPv4 address of the device to a public address from
the NAT pool. To outside devices, all traffic entering and exiting the
network appears to have a public IPv4 address from the provided pool of
A NAT router typically operates at the border of a stub network.
Terminology -

Inside address - The address of the device which is being translated

by NAT.

Outside address - The address of the destination device.

Local address - A local address is any address that appears on the
inside portion of the network.

Global address - A global address is any address that appears on the

outside portion of the network.