You are on page 1of 154



A network consists of two or more computers that are linked in

order to share resources (such as printers and CD-ROMs),
exchange files, or allow electronic communications. The
computers on a network may be linked through cables, telephone
lines, radio waves, satellites, or infrared light beams.

The three basic types of networks include:

• Local Area Network (LAN)

• Metropolitan Area Network (MAN)
• Wide Area Network (WAN)

Local Area Network

A Local Area Network (LAN) is a network that is confined to a

relatively small area. It is generally limited to a geographic area
such as a writing lab, school, or building. Rarely are LAN
computers more than a mile apart.

In a typical LAN configuration, one computer is designated as the
file server. It stores all of the software that controls the network,
as well as the software that can be shared by the computers
attached to the network. Computers connected to the file server
are called workstations. The workstations can be less powerful
than the file server, and they may have additional software on
their hard drives. On most LANs, cables are used to connect the
network interface cards in each computer. See the Topology,
Cabling, and Hardware sections of this tutorial for more
information on the configuration of a LAN.

Metropolitan Area Network

A Metropolitan Area Network (MAN) covers larger geographic

areas, such as cities or school districts. By interconnecting smaller
networks within a large geographic area, information is easily
disseminated throughout the network. Local libraries and
government agencies often use a MAN to connect to citizens and
private industries.

One example of a MAN is the MIND Network located in Pasco
County, Florida. It connects all of Pasco's media centers to a
centralized mainframe at the district office by using dedicated
phone lines, coaxial cabling, and wireless communications

Wide Area Network

Wide Area Networks (WANs) connect larger geographic areas,

such as Florida, the United States, or the world. Dedicated
transoceanic cabling or satellite uplinks may be used to connect
this type of network.

Using a WAN, schools in Florida can communicate with places like

Tokyo in a matter of minutes, without paying enormous phone
bills. A WAN is complicated. It uses multiplexers to connect local
and metropolitan networks to global communications networks
like the Internet. To users, however, a WAN will not appear to be
much different than a LAN or a MAN.


In data communication, a hub is the pivot of convergence

where data arrives from one or more directions and is forwarded
out in more or more directions. A hub usually includes a switch (in
telecommunication, a switch is a network device that selects a
path or circuit for sending a unit of data to its next destination) of
some kind. The distinction seems to be that the hub is the point
where data comes together and the switch is what determines
how and where data is forwarded from the place where data
comes together. A hub is a hardware that acts as a central
connecting point and joins lines in a star network configuration.

Types of Hubs

As you may have already guessed, hubs perform a crucial
function on networks with a star topology. There are many
different types of hubs, each offering specific features that allow
you to provide varying levels of service.

Passive Hub
Passive hubs, as the name suggests, are rather quiescent
creatures. They do not do very much to enhance the performance
of your LAN, nor do they do anything to assist you in
troubleshooting faulty hardware or finding performance
bottlenecks. They simply take all of the packets they receive on a
single port and rebroadcast them across all ports-the simplest
thing that a hub can do. Passive hubs commonly have one
10base-2 port in addition to RJ-45 connectors that connect each
LAN device.

As you have already read, 10base-5 is 10Mbps Ethernet that is run

over thick-coax. This 10base-2 connector can be used as your
network backbone. Other, more advanced passive hubs have AUI
ports that can be connected to the transceiver of your choice to
form a backbone that you may find more advantageous.

Active Hub
Active hubs actually do something other than simply
rebroadcast data. Generally, that have all of the features of
passive hubs, with the added bonus of actually watching the data
sent out. Active hubs take a larger role in Ethernet communication

by implementing a technology called store and forward where the
hubs actually look at the data they are transmitting before
sending it. This is not to say that the hub prioritizes certain
packets of data. It does, however, repair certain “damaged”
packets and will retime the distribution of other packets.

It a signal received by an active hub is weak but still

readable, the active hub restores the signal to a stronger state
before rebroadcast it. This feature allows certain devices that are
not operating within optimal parameters to still be used on your
network. If a device is not broadcasting a signal strong enough to
be seen by other devices on a network that uses passive hubs, the
signal amplification provided by an active hub may allow that
device to continue to function on you LAN. Additionally, some
active hubs will report devices on your networks that are not fully
functional. In this way, active hubs also provide certain diagnostic
capabilities for your network.

Active hubs will also retime and resynchronize certain

packets when they are being transmitted. Certain cable runs may
experience electromagnetic (EM) disturbances that prevent
packets from reaching the hub or the device at the end o the
cable run in timely fashion. In other situations, the packets may
not reach the destination at all.

Bridges :

Bridges are devices that operate at Layer 2 of the OSI

reference model. That is why they are widely referred to as
Data Link Layer devices.m They analyze incoming frames make
forwarding decisions based on information contained in the
frames and forward the frames toward the destination. l Local and
remote bridges connect LAN segments in specific areas. bridge
consists of a computer unit two or more network interface cards
connecting two types of networks.

Network Bridge example

Suppose you have a small office network with four computers

(PC1, PC2, PC3, and PC4) and one Ethernet hub. The four
computers are running Windows XP; Windows Server 2003,
Standard Edition; or Windows Server 2003, Enterprise Edition and
have the following hardware installed:

• PC1 has an adapter connecting it to the Internet, an Ethernet

network adapter, an HPNA network adapter, and a wireless

• PC2 has an Ethernet network adapter.

• PC3 has an HPNA network adapter.

• PC4 has a wireless network adapter.

The Ethernet adapters on PC1 and PC2 are connected to a

common Ethernet hub to form the first LAN segment. PC1 is
connected to PC3 with the HPNA adapter to form a second LAN
segment, and PC1 is connected to PC4 with the wireless adapter
to form a third LAN segment.

You can use Network Bridge to connect the Ethernet network
adapter, the HPNA network adapter, and the wireless network
adapter on PC1. Network Bridge can forward traffic from one LAN
segment to another and enable all of your computers to
communicate with each other.

Without Network Bridge (or additional routing configurations or

bridging hardware), only PC1 can communicate with each of the
other computers because PC1 is the only computer that has
connections to all three LAN segments. Because PC2, PC3, and
PC4 use different types of network media, they are on different
LAN segments, and they are unable to communicate with any
computer other than PC1 (without Network Bridge or additional
routing configurations or bridging hardware).

Network switch
A network switch or switching hub is a computer networking
device that connects network segments. The network switch plays
an integral part in most modern Ethernet local area networks
(LANs). Mid-to-large sized LANs contain a number of linked
managed switches. Small office/home office (SOHO) applications

typically use a single switch, or an all-purpose converged device
such as a gateway to access small office/home broadband
services such as DSL or cable internet

Configuration options

• Unmanaged switches — These switches have no

configuration interface or options. They are plug and play.
They are typically the least expensive switches, found in
home, SOHO, or small businesses. They can be desktop or
rack mounted.
• Managed switches — These switches have one or more
methods to modify the operation of the switch. Common
management methods include: a command-line interface
(CLI) accessed via serial console, telnet or Secure Shell, an
embedded Simple Network Management Protocol (SNMP)
agent allowing management from a remote console or
management station, or a web interface for management
from a web browser. Examples of configuration changes that
one can do from a managed switch include: enable features
such as Spanning Tree Protocol, set port bandwidth, create
or modify Virtual LANs (VLANs), etc.

Linksys 48-port switch

Followings are some basic commands of Cisco Catalyst 1900

switch commands:

• Show running-config: This command displays the memory
status of the Cisco Catalyst 1900 switch

• Show interfaces: This command displays the detailed

information about all the interfaces of Cisco Catalyst 1900

• Show interfaces Ethernet 0/1: This command displays the

detailed information about a specific 10baseT Ethernet
interface of the Cisco Catalyst 1900 switch

• Show interfaces Fast Ethernet 0/26: This command displays

the detailed information about a specific 100baseT Fast
Ethernet interface of the Cisco Catalyst 1900 switch

• Show ip: This command displays the ip configuration of the

Cisco Catalyst 1900 switch

• Show Mac-address-table: This command displays the Mac

addresses of the devices that are currently connected to the
Cisco Catalyst 1900 switch.

• Show Mac-address-table security: This command displays the

address table size and the addressing security of each
interface of the Cisco Catalyst 1900 switch.

• Show VLAN: This command displays the status of current

VLANs enabled on the Cisco Catalyst 1900 switch.

• Show VLAN-membership: This command displays the VLAN

membership of all the ports on the Cisco Catalyst 1900

• Show Spantree 1: This command displays the complete

information about the spanning tree protocol 1 that is by
default enabled on the Cisco Catalyst 1900 switch.

• Copy nvram tftp: //host/dst_file: This command is used to

send the configuration to a TFTP server.

• Copy tftp: //host/src_file nvram: This command is used to
download the configuration from a TFTP server.

• Delete nvram: This command is used to reset the system

configuration to factory defaults.

Show Cisco Switch Commands

Here are some show commands of Cisco switches:

• Show version: This command displays the hardware and

software status of the Cisco switch

• Show flash: This command displays the files and directories

in the flash of the Cisco switch

• Show interfaces: This command displays the detailed

information about all the interfaces of the Cisco switch

• Show interfaces fast Ethernet 0/x: This command displays

the detailed information about the specific interface of the
Cisco switch

• Show interfaces VLAN 1: This command displays the ip

address configuration of VLAN 1

• Show running-config:This command displays the status of


• Show startup-config:This command displays the status of


• Show-mac-address-table: This command displays the MAC

address of the devices that are directly connected with any
port of the switch.

• Show port-security: [interface] [address]: This command

displays the port security options on the interface

• Show history: This command displays the last ten commands

that are executed in the switch configuration

• Show line: This command is used to view the brief
information about all the lines of the Cisco switch

• Show line console 0: This command is used to view the

detailed information about the specific line of the Cisco

• Erase startup-config: This command is used to erase the

nvram of the Cisco switch

Cisco Switch Configuration Commands

• Configure terminal: This command is used to enter in the

global configuration mode of the Cisco switch

• Hostname: This command is used to assign the hostname of

the Cisco switch

• Enable password: This command is used to set the enable

password of the Cisco switch

• Enable secret: This command is used to set the encrypted

password of the Cisco switch that is used for entering in the
privileged mode

• Interface VLAN 1: This is a global configuration command

used to configure the VLAN interface of the Cisco switch

• Interface fast Ethernet 0/x: This command is used to

configure the specific interface of the Cisco switch

• IP address: This command is used to configure the ip address

of any interface of the Cisco switch

• IP default-gateway: This is an interface configuration

command to set the default gateway

• Speed: This command is used to set the speed for the

interface of the Cisco switch

• Duplex: This command is used to set the duplex setting for
the interface of the Cisco switch

• Line console 0: This command is used to enter in the specific

line configuration mode of the Cisco switch

• Password: This command is used to set the password of any

line of the Cisco switch



This cable can be used to directly connect two computers to each other
without the use of a hub or switch. The ends on a crossover cable are different from
each other, whereas a normal 'straight through' cable has identical ends. Their uses
are shown in the following diagrams.

Crossover cable use

'Straight Through' cable use

Typically the ports on a hub are MDIX ports. This allows the machine at the other
end to utilize its MDI Port (which is what typically a NIC card uses) without the
need for a crossover cable. When I say that the ports on the hub are MDIX ports,
what I mean is that one of the functions of the hub is to automatically perform the
crossover functions, which are required to properly align the cables with each
other. When no hub or switch is used, your cable itself must physically perform
these crossover functions.

To expand on this a little, when using a hub or switch, the Transmit wires on the

workstation need to be connected to the Receive wires on the hub; likewise, the
Receive wires on the hub need to be connected to the Transmit wires on the
workstation. But if you remember what we stated earlier - cables which are run
from PC to Hub are 'straight through' type cables. This is because the hub is
providing the required crossover functions internally for you. Thus, when you
connect two machines together without the use of a hub or switch, a crossover
cable is required - because both 'ends' are essentially the same - a NIC Card. The
crossover function must take place somewhere, and since there is no hub or switch
Now that we know what a crossover cable is for, let's talk for a few about types of
cabling. The two most common unshielded twisted-pair (UTP) network standards
are the 10 Mbit (10BASE-T Ethernet) and the 100Mbit (100BASE-TX Fast
Ethernet). In order for a cable to properly support 100 Mbit transfers, it must be
rated Category 5 (or CAT 5). This type of low loss extended frequency cable will
support 10 Base T, 100 Base-T and the newer 100VG-AnyLAN applications. Other
types of cabling include Category 3 which supports data rates up to 16 Mbps, and
Category 1 which only supports speeds up to 1Mbps. The cable we are about to
make is considered Category 5, and will work on both 10 Mbit and 100 Mbit
systems, assuming all components used (cables and jacks) are rated for Category 5.

What you need

Cable - Be sure the cable(s) you are using is properly rated for
CAT 5. It should state clearly on the jacket of the cable, what it is
rated at. One option that you have when selecting your cable is to
use a pre-made normal 'straight through' cable, and simply whack
off one of the ends, and replace with a new "Crossed Over" end.
For the purpose of this article, though, we aren't going to go that
route. We are going to make the whole thing from scratch - using
bulk CAT 5 cable.

Connectors - Crossover cables are terminated with CAT 5 RJ-45
(RJ stands for "Registered Jack") modular plugs. RJ-45 plugs are
similar to those you'll see on the end of your telephone cable
except they have eight versus four contacts on the end of the
plug. Also, make sure the ends you select are rated for CAT 5
wiring. There are also different types of jacks which are used for
different types of cabling (such as Solid Core wire). Make sure you
buy the correct jacks for your cabling.

Crimper - You will need a modular crimping tool. My advice on

what brand to get? Well, I really don't have a preference at this
point, but make sure you buy a good one. If you spend about 40
to 50 bucks, you should have one that will last ya a lifetime.
Spend 10 to 20 bucks, and you might be able to make a few
cables with it if you're lucky. You definitely get what you pay for
when it comes to crimpers!

Stripper - No I'm not talking about what Spot had at his bachelor
party, I am talking about a tool to strip the ends off the wires you
pervert! There are several specialized tools, which can be used to
strip the jackets off of cabling. If you do not have access to one of
these tools, cautious use of a razor blade or knife should work just
fine - but keep in mind if you go the razor blade / knife route,
extra special care must be used as to not damage the wires inside

the jacket.

Cutters - You need a pair of cutters that will allow you to cut a
group of cables in a straight line. It is very important that all the
wires are the same lengths, and without proper cutters, this can
be a difficult task.

You now know what crossover cables are used for. You know why
you need one. You also know what you need to make one, so I
guess we're ready... First thing you will want to do it cut off the
appropriate length of cable that you will need. Be sure that it is
plenty long enough. If you screw up, and don't cut it long enough,
you will have to start all over, and you will not only waste you
time, but cable and the RJ-45 ends as well. If you are pulling this
cable through a wall, or ceiling, make sure the pulling is
completed first. It is much more difficult to pull a cable with the
ends already on it. So you have all the parts, you understand the
concepts, and you have your cable, lets get started!

1) - Start by stripping off about 2 inches of the plastic

jacket off the end of the cable. Be very careful at this
point, as to not nick or cut into the wires, which are
inside. Doing so could alter the characteristics of your
cable, or even worse render is useless. Check the wires,
one more time for nicks or cuts. If there are any, just
whack the whole end off, and start over.

2) - Spread the wires apart, but be sure to hold onto the base of the jacket
with your other hand. You do not want the wires to become untwisted
down inside the jacket. Category 5 cable must only have 1/2 of an inch
of 'untwisted' wire at the end; otherwise it will be 'out of spec'. At this
point, you obviously have ALOT more than 1/2 of an inch of un-
twisted wire, but don't worry - well take care of that soon enough.

Begin to untwist the twisted exposed wires on your cable. Use caution so that you
do not untwist them down inside the jacket. Once you have all the wires untwisted
begin to arrange them in the proper order based on the pictures above. This stage
can be a pain in the ass, especially some of the middle wires. Once you get all the
wired arranged in the proper order, make sure your wire cutters are within reach
then grasp them right at the point where they enter the jacket. Make sure you keep
them in the proper order! Grab your cutters now. Line them up along your prepared

wires about 1/2 inch above the jacket. Be sure at this point that you are both 1/2
inch above the jacket, and that your cutters are aligned straight across the wires.
You want to make a clean cut here - also make sure you don't let go of that jacket /

4) -. From this point forward things get a lot easier. Grab your
jack, and begin to slide the wires into the jack. Once you get to
the point where the jacket begins to enter the jack things might
get a little tough, but just have some patience and hold onto those
wires. It will fit in there just fine. Once it is in as far as it will go the
wires should extend almost to the front of the jack, and about 3/8
of an inch of the jacket will be inside the jack. Like the pictures

5) - Grab those crimpers - because not all crimpers are exactly
the same your pictures may not match exactly what you see
below. Be sure to keep a good grip on that jack and the cable.
Insert the jack into the crimper. It should only go in one way, so
you don't have a whole lot to worry about inserting it. Begin to
compress those crimpers. You will more than likely hear a clicking
sound. Keep squeezing. If you try to let go to early, nothing will
happen. They will not release. Keep going until they stop clicking /
stop moving all together. At this point, you should be able to let
go of the jack, and the crimpers. The crimpers should release now
leaving you with a crimped jack. If the crimpers do not release,
you probably are a wimp and didn't press hard enough. Go ask
your mom to help you at this point. She can probably finish what
you started.

Insert the jack into the crimper C rimp it! Crimp it good!

It's time to examine what we have done. If you look at the end of
the jack (distal), you should see that the copper connectors should
not be pressed down into the wires. Toward the back of the jack
(where the jacket meets the jack) it should be crimped securely
holding the jacket / cable in the jack. If something has gone
wrong, don't worry, its not the end of the world. Grab those
cutters, and just whack the whole jack off and start back at step 1
(a pain in the ass I know, but its better to have a cable that works,
than to spend hours trouble shooting your PC trying to figure out
why you can't see the other machine). If everything is cool, all you
have to do now is make the other end of the cable (unless you are
using a pre-fab cable and have whacked one of the ends off), so
go back to step one, and make the other end now.

In closing
You should now have a fully functional CAT 5 Crossover cable. It's a good idea to
label it as such, especially if you have a lot of other cables lying around. So what
are ya waiting for... install the cable and test it out. If it doesn't work, double-check
the ends. There is always a possibility that you have overlooked something. If so
just whack the bad end and make new one. Remember the more jacks you install,
and the more cables you make, the easier it gets. It's really not that hard to do, the
first time is definitely the most difficult.

Here are a few other things to keep in mind...

• Maximum Cable length for including connectors is 100 meters (or about 328
• Do not allow the cable to be sharply bent, or kinked, at any time. This can
cause permanent damage to the cables' interior
• Do not overtighten cable ties
• Do not use excessive force when pulling cable through floors, walls or
• Do not use staples to secure category-5 cable, use the proper hangers, which
can be found at most hardware stores


Routers :
A router is similar to a bridge but can handle more complex
types of communication between dissimilar networks. Routers are
usually employed by wide area networks which often connect
networks using different communication protocols and dissimilar
addressing schemes. The routers work in the Network layer thus
giving them the ability to understand the protocols being used to
carry the data over the network. Since routers can understand
protocols they can use the rules to decide what to do with a
specific data.

l TCP/IP uses the term gateway to refer to routers.

Features of Router

Multiple Active paths

Routers are able to keep track of multiple active paths. They

keep track of multiple active paths between any given source and
destination network.

• l Identify address

Routers work at the network layer and can access more

information than a bridge. Routers can identify source and
destination network addresses within packets.

• Traffic Management

Routers provide excellent traffic management using

intelligent path selection. Routers select the best route which

is based on traffic loads line speeds number of hops or
administrator pre set costs.

• Sharing information

Routers can share status and routing information with other

routers. By doing this they can listen to the network and identify
which connections are busy and which are not.

• Filtering bad data

Routers do not forward any information that does not have a

correct network address. This is the reason they don't forward bad
data. Routers also filter broadcast traffic by not routing broadcast
packets. .

• Performance

Routers perform complex tasks. This means they are slower

than bridges because they keep processing data intensively. A
router can be a dedicated box with a port to all networks.
Routable protocols contain information in each packet relating to
the network address of the source and destination nodes.

• Routers routing packet

This kind of information allows a router to forward the packet

to a particular network rather than a particular node. Different
protocols address networks using a variety of naming schemes.

Inside a Router

 Router is a dedicated computer

 Contains hardware found in most PCs

 Does not have hard disk – Flash memory is used instead to

hold IOS

 NVRAM used to hold configuration files

 DRAM used to hold routing tables, buffering, ARP cache etc

 CPU, ROM and interfaces too

 Router is a dedicated computer

 Contains hardware found in most PCs

 Does not have hard disk – Flash memory is used instead to

hold IOS

 NVRAM used to hold configuration files

 DRAM used to hold routing tables, buffering, ARP cache etc

 CPU, ROM and interfaces too

Internal Components of a 2600 Router

External Connections

 Configuration connections

– Console and AUX

 LAN connections

– FastEthernet (usually)

 WAN connections – often via WAN Interface Cards


 Newer hardware is modular

 Makes upgrading cheaper

External Connections on a Router

Router Connections

Connecting to a Router

 First-time connection must be via console cable
attached to a PC

 PC runs terminal emulator e.g. Hyperterminal

 Correct parameters must be set

Physical Connection to Router

Routers are network layer equipment which forwards the incoming

packets towards the required destination.

• Cisco 3600 Series

• Cisco 2600 Series

• Cisco 1700 Series

• Cisco 800 Series

Cisco 3600 Series Router:

The Cisco 3600 Series is a family of modular, multi-service access

platforms for medium and large-sized offices and smaller Internet
Service Providers. With over 70 modular interface options, the
Cisco 3600 family provides solutions for data, voice, video, hybrid
dial access, virtual networks (VPNs), and multi-protocol data
routing. The high-performance, modular architecture protects
customer’s investment in network technology and integrates the
functions of several devices into a single, manageable solution.
The Cisco 2600 and 3600 series of multi-service platforms has
been greatly enhanced with many voice capabilities: added
support for voice over Frame relay (VoFR) and Voice over.

ATM (VoATM-AALS) on the digital voice interfaces (TI and EI)

From the beginning, the Cisco 3600 series was designed with
performance, flexibility, and cost effectiveness in mind, making
the multi-service branch office possible today.

Basic Commands of Router

Enter Privileged Exec Mode


Leave Privileged Exec Mode and go back to User Mode


Log out of the router, end the console session, same as exit


Log out of the router, end the console session, same as logout


Setup a basic configuration (prompted by questions)


Show the current configuration stored in RAM

Show running-config

Show the startup configuration stored in NVRAM

Show startup-config

Display IOS version (Configuration register value is also displayed)

Show version

Show IOS files stored in flash and available free space

Show flash

Save the current configuration into NVRAM

Copy running-config startup-config

Use the startup configuration stored in NVRAM

Copy startup-config running-config

Load a saved configuration from a TFTP server into NVRAM

Copy tftp running-config

Upgrade the IOS stored in flash from an images stored on a TFTP


Copy tftp flash

Create a backup of router IOS and store it in a file on a TFTP


Copy flash tftp

Instruct the router to boot from a specific IOS image stored in


Boot system flash [filename]

Instruct the router to boot from a specific IOS image stored on a

TFTP server

Boot system tftp [filename]

Enter Global Configuration Mode

Congfig terminal

Set a Message-of-the-day banner to be displayed before the user

logs in to the router

Banner motd#message#

Set a login message to be displayed before the user logs in to the


Banner login #message#

Set a banner to be displayed after the user logs in to the router

Banner exec # message#

(incoming is displayed with a reverse telnet connection, exec with
all others)

banner incoming #message#

Give the router a hostname (default is router)

Hostname [name]

Disable DNS lookups (enabled by default)

No ip domain-lookup

Specify DNS servers for hostname and address resolution

Ip name-server server-ip1[server-ip2………..server-ip6]

Disable the HTTP server (enable by default)

No ip http server

Change the size of the history buffer (default is 10 commands)

Terminal history size 20

Set a password for privileged Exec Mode

Enable password [password]

Set an encrypted password for Privileged Exec Mode

Enable secret [password]

Set password TELNET access

Line vty 0 4


Password [passwords]

Set a password for console port access

Line console 0


Password [passwords]

Interface Configuration
Configure the interface Ethernet 0

Interface e 0

Configure the first Serial interface

Interface s 0

Configure the second Token ring interface

Interface t 1

Enable an interface

No shutdown

Disable an interface


Set the clock rate on a DCE (make a router a DCE)

Clock rate 56000

Set the bandwidth

Bandwidth 64

Display the status of an interface

Show interface serial 1

Display DTE/DCE state

Show controller serial 1

Set keepalive period

Keepalive 10

Disable IP routing (IP routing is enabled by default)

No ip routing

Display IP routing table

Show ip route

Configure an interface with an IP address

Ip address

Enable RIP

Router rip

Network [network-address1]

Network [network-address2…]

Enable split Horizon on an interface

Ip split-horizonEnable RIP Triggered updates (only send updates

when routing table has changed instead of every 30 seconds)

Ip rip triggered

Disable automatic route summarization

No auto-summary

Enable IGRP

Router igrp [as-number]

Network [network-address1]

Network [network-address2….]


The major router components are as follows:

• Bootstrap – stored in ROM microcode – brings router

up during initialisation, boots router and
loads the IOS

• POST – Power On Self Test - stored in ROM microcode –

checks for basic functionality of router hardware and
determines which interfaces are present

• ROM Monitor – stored in ROM microcode – used for

manufacturing, testing and troubleshooting

• Mini-IOS – a.k.a RXBOOT/boot loader by Cisco – small IOS
ROM used to bring up an interface and load a Cisco IOS into
flash memory from a TFTP server; can also do a few other
maintenance operations

• RAM – holds packet buffers, ARP cache, routing table,

software and data structure that allows the router to
function; running-config is stored in RAM, as well as the
decompressed IOS in later router models

• ROM – starts and maintains the router

• Flash memory – holds the IOS; is not erased when the router
is reloaded; is an EEPROM [Electrically Erasable
Programmable Read-Only Memory] created by Intel, that can
be erased and reprogrammed repeatedly through an
application of higher than normal electric voltage

• NVRAM – Non-Volatile RAM - holds router configuration; is not

erased when router is reloaded

Starting a Router

When a Cisco router is started for the first time, it does not have
an initial configuration. The router prompts the user for a
minimum of details. This basic setup is not intended for entering
complex configurations or protocol features. The setup command
gives you the following option:

• Go to the EXEC prompt without saving the created


• Go back to the beginning of setup without saving the created


• Accept the created configuration, save it to NRAM, and exit
the EXEC mode.

Default answers appear in square brackets ([ ]). You can accept

the defaults by pressing the Return key. At the first setup prompt,
you can enter no to discontinue setup. You can abort the setup
process at any time by pressing Ctrl+C.

Configuring the Router

ROM privileged EXEC mode, the configure terminal command

provides access to global configuration mode. From global
configuration mode. You can access specific configuration modes,
such as the following:

Interface: Configures operations on a per-interface basis.

Sub-interface: Configures multiple virtual interfaces.

Controller: Support commands that configure controllers (such as

E1 and T1)

Line: Configures the operation of a terminal line.

Router: Configures IP routing protocols.

Assigning a Router Name


The hostname command can name a router:


#configure terminal

(config)#hostname Router


Configuring a Serial Interface


Configure terminal


Interface s1


Clock rate 64000


Bandwidth 64

Router #

Show interface serial

Configuring Router Password


Route(config)# line console 0


Router(config-line)#password homer

Router(config)#line vty 0 4


Router(config-line)#password bart

The number 0 to 4 in the line vty command specify the number of

Telnet sessions allowed in the router. You can also set up a
different password for each line by using the line vty port number

Router(config)#enable password apu

Router(config)#enable secret flanders

Router(config)#service password-encryption


Network Address Translation, an Internet standard that enables a

local-area network (LAN) to use one set of IP addresses for
internal traffic and a second set of addresses for external traffic. A
NAT box located where the LAN meets the Internet makes all
necessary IP address translations.

NAT serves three main purposes:

• Provides a type of firewall by hiding internal IP

• Enables a company to use more internal IP addresses.
Since they're used internally only, there's no possibility
of conflict with IP addresses used by other companies
and organizations.
• Allows a company to combine multiple ISDN
connections into a single Internet connection.



A type of NAT in which a private IP address is mapped to a public

IP address drawing from a pool of registered (public) IP addresses.
Typically, the NAT router in a network will keep a table of
registered IP addresses, and when a private IP address requests
access to the Internet, the router chooses an IP address from the
table that is not at the time being used by another private IP
address. Dynamic NAT helps to secure a network as it masks the
internal configuration of a private network and makes it difficult
for someone outside the network to monitor individual usage
patterns. Another advantage of dynamic NAT is that it allows a
private network to use private IP addresses that are invalid on the
Internet but useful as internal addresses.


A type of NAT in which a private IP address is mapped to a public

IP address, where the public address is always the same IP
address (i.e., it has a static address). This allows an internal host,
such as a Web server, to have an unregistered (private) IP address
and still be reachable over the Internet.
A NAT example

If a small business is using the network ID for its

intranet and has been granted the public address of w1.x1.y1.z1
by its Internet service provider (ISP), then network address
translation (NAT) maps all private addresses on to the
IP address of w1.x1.y1.z1. If multiple private addresses are
mapped to a single public address, NAT uses dynamically chosen
TCP and UDP ports to distinguish one intranet location from


• The use of w1.x1.y1.z1 and w2.x2.y2.z2 is intended to

represent valid public IP addresses as allocated by the
Internet Assigned Numbers Authority (IANA) or an ISP.

The following illustration shows an example of using NAT to

transparently connect an intranet to the Internet.

If a private user at uses a Web browser to connect
to the Web server at w2.x2.y2.z2, the user's computer creates an
IP packet with the following information:

• Destination IP address: w2.x2.y2.z2

• Source IP address:

• Destination port: TCP port 80

• Source port: TCP port 5000

This IP packet is then forwarded to the NAT protocol, which

translates the addresses of the outgoing packet to the following:

• Destination IP address: w2.x2.y2.z2

• Source IP address: w1.x1.y1.z1

• Destination port: TCP port 80

• Source port: TCP port 1025

The NAT protocol keeps the mapping of {, TCP 1025}

to {w1.x1.y1.z1, TCP 5000} in a table.

The translated IP packet is sent over the Internet. The response is

sent back and received by the NAT protocol. When received, the
packet contains the following public address information:

• Destination IP address: w1.x1.y1.z1

• Source IP address: w2.x2.y2.z2

• Destination port: TCP port 1025

• Source port: TCP port 80

The NAT protocol checks its translation table and maps the public
addresses to private addresses and forwards the packet to the
computer at The forwarded packet contains the
following address information:

• Destination IP address:

• Source IP address: w2.x2.y2.z2

• Destination port: TCP port 5000


When an internetwork is created by connecting WANs and
LANs to a router there is a need to configure logical
network address, such as IP addresses to all hosts on the
internetwork so that they can communicate across that
internetwork. The term routing is used for taking a packet
from one device and sending it through the network to
another device on a different network. Routers don’t care
about hosts. They only care about networks and the best
path to each network. The logical network address of the
destination host is used to get packets to a network through
a routed network, then the hardware address of host is used
to deliver the packets from a router to correct destination

To able to route packets, a router must know following:

• Destination address

• Neighbor routers from which it can learn about remote


• Possible routes to all remote networks

• How to maintain and verify routing information

The routers learns about remote networks from neighbor

routers or from an administrator. The routers then builds a
routing table that describes how to find the remote network.
If a network is directly connected, then routers already
knows how to get it. If network isn’t connected , the router
must learn how to get to it in two ways:

• Static Routing

• Dynamic Routing

By using static routing, meaning that someone must

handtype all network locations into a routing table. It satic
routing is used, the administrator is responsible for updating
all changes by hand into all routers.

In dynamic routing , a protocol on one router communicate

with the same protocol running on neighbor router. The
router then update each other about all the network they
know about and place this information into routing table. If a
change occur in the network, the dynamic routing protocol
automatically inform all routers about the event. In a large
network, a combination of both dynamic and static routing is


Static routing occurs when manually add routes in each

router’s routing table. There are pros and cons to static
routing, but that’s true for all routing processes. Static routers
specify the path packets take, allowing precise control over a
network’s routing behavior. Static routes are sometimes used to
define a gateway of last resort .This is where a packet is routed if
no other suitable path can be found. Static router are also used
when routing to a stub network. A stub network is a network
accessed by a single route. Often static routers are the only way
on to or off of a stub network. Static routers are also used for
security reasons or when the network is small. By using static
routing, meaning that someone must handtype all network
locations into a routing table. It satic routing is used, the
administrator is responsible for updating all changes by hand
into all routers


• There is no overhead on the router CPU, which means

we can possibly buy a cheaper router than dynamic

• There is no bandwidth usage between routers.

• It adds security, because the administrator can choose

to allow routing access to certain networks only.


• The administrator must really understand the

internetwork and how each router is connected in order
to configure routers correctly.

• If a network is added to the internetwork, the

administrator has to add a route to it on all routers by

• It’s not feasible in large network because maintaining it

would be a full-time job in itself.


ip route [destination_network] [mask] [next-hop_address or


[administrative_distance] [permanent]

Following list describe each command in the string:

Ip route : This command used to create the static route.

Destination_ network: The network we are placing in the

routing table. Mask: the subnet mask being used on the
network. Next-hop_address: The address of

the next –hop router that will receive the packet and forward
it to the remote network. This is a router interface that’s on
a directly connected network. We must ping the router
interface before we add the route . If we type in the wrong
next-hop address, or the interface to that router is down, the
static route will show up in the router’s configuration, but
not in the routing table.

Exitinterface: we can use it in place of the next-hop

address if we want , but it’s got to be on a point – to –point
link, such as a WAN. This command will not work on a LAN
such as Ethernet.

Administrative_distance: By default, static routes have an

administrative distance of 1. We can change the default
value by adding an administrative weight at the end of

Permanent: If the interface is shut down, or the router can ‘t

communicate to the next-hop router’ the route will
automatically be discarded from the routing table. Choosing
the permanent option keeps the entry in the routing table
no matter what happens.


• We use default routing to send packets with a remote

destination networking not in the routing table to the
next- hop router. We can also use default routing on
stub networks those with only one exit path out of







Dynamic routing is when protocols are used to find networks

and update routing tables on router. It is eaiser than using
static or default routing, but it will cost in terms of router
CPU processes and bandwidth on network links. A routing
protocol defines the set of rules used by a router when it
communicates routing information between neighbor routers.







Administrative Distances:

The AD is used to rate the trustworthiness of routing

information received on a router from a neighbor router. An
AD is an integer from 0 to 255, where 0 is the most
trusted and 255 means no traffic will be passee via this

If a ruter receive two updates listing the same remote

network, the first thing the router checks the AD. If one of
the advertised routes has a lower AD than the other, then
the route with lowest AD will be placed in the routing table.

Default administrative distances:





IGRP 100

OSPF 110

RIP 120


255(this route will never

be used)

There are three classes of routing protocols:

Distance vector:
The distance vector protocols find the best path to a remote
network by judging distance. Each time a packet goes
through a router that’s called a hop. The router with least
number of hops to the network is determined to be the
best path. The vector indicates the direction to the remote
network. Both RIP and IGRP are distance- vector routing
protocols. They send the entire routing table to directly
connected neighbors.

The distance-vector routing algorithm passes complete routing
table contents to neighboring routers , which then combine
the received routing table with their own routing tables to
complete the router’s routing table. This is called routing by
rumer, because a router receiving an update from a
neighbor router believes the information about remote
networks without actually finding out for itself. It’s possible
to have a network that has multiple links to the same
network, and if that’s the case, the administrative distance is
checked firstl. If AD is same, the protocols will have to use
other metrics to determine the best path to use to that
network. RIP uses only hop count to determine the best
path to a network. If RIP finds more than one link to the
same remote network with same hop count, it will
automatically perform a round-robin load balancing. RIP can
perform load balancing for upto six equal cost links(four by

Link state:
In link state protocols, also called shortest-path-first
protocols, the routers each create three separate tables. One
of these tables keep track of directly attached neighbors,
one determines the topology of entire internetwork, and one
is used as the routing table. Link state routers know more
about the internetwork than any distance-vector routing
protocol. Link-OSPF is an IP routing protocol that is
completely link state. Link state protocol send updates
containing the state of their own links to all other routers
on the network.

Hybrid protocols use aspects of both distance vector and link
state- for example, EIGRP.

Characteristics of Routing Protocols

A routing protocol defines the set of rules used by a router when it

communicates with neighboring routers. It interprets information
in a network layer address to allow a packet to be forwarded to
the destination network.

• How updates are conveyed

• What knowledge is conveyed.

• When to convey knowledge

How to locate recipients of the updates



distance-vector routing protocol. It send the complete
routing table out to all active interfaces every 30

• RIP only uses hop count to determine the best way to
remote network, but it has maximum allowable hop
count of 15 by default, meaning that 16 is deemed

• RIP works well in small networks , but it’s inefficient on

large networks with slow WANs links or on networks
with a large number of router installed,



RIP VERSION 1 uses only CLASSFULL ROUTING, which means

that all devices in the network must use the same subnet
mask. This is because RIP version1 doesn’t send updates with
subnetmask information .

RIP VERSION 2 provides something called prefix routing and

does send subnetmask information with the route updates.


RIP uses three different kinds of timer to regulate its



Sets the interval (30 seconds) between periodic routing

updates, in which the router sends a complete copy of its
routing table out to all neighbors.


Determine the length of time that must elapse (180 seconds)

before a router determines that a route has become invalid.
It will come to this conclusion if it hasn’t heard any
updates about a particular route for that period. When that

happens , the router will send out updates to all its
neighbors letting them know that the route is invalid.


This sets the amount of time during which routing

information is suppressed. Routers will enter into the
holddown state when an update packet is recived that
indicated the route is unreachable. The continues until either
an update packet is received with a better metric or until
the holddown timer expires. The default is 180 seconds.


Sets the time between a route becoming invalid and its

removal from the routing table(240 seconds). Before it’s
removed from the table, the router notifies its neighbors of
that route’s impending demise. The value of the route
invalid timer must be less than that of the route flush
timer. This gives the router enough time to tell its neighbors
about the invalid route the local routing table is updated.




cisco- proprietary distance-vector routing protocols.This
means that to use IGRP in your network all routers
must be cisco routers.

• Cisco created this routing protocol to overcome the

problem of associated with RIP.

• IGRP has a maximum hop count of 255 with a default

of 100. This is helpful in larger networks and solves the
problem of 15 hops being the maximum possible in a
RIP network.

• IGRP also uses a different metric than RIP. IGRP uses

the bandwidth and delay of the line by default as a
metric for determining the best route to a internetwork.
This is also called a composite metric.


To control performance , igrp includes the following timers

with default settings:

Update timers:

These specify how frequently routing –update message should

be sent. The default is 90 seconds.

Invalid timers:

These specify how long a router should wait before declaring
a route invalid if it doesn’t receive a specific update about
it. The default is three times the update period.

Hold down timer:

These specify the hold down period. The default is three

times the update timer period plus 10 seconds.

Flush timer:

These indicates how much time should pass before a route

should be flushed from the routing table. The default is
seven times the routing update period. If the update timer
is 90 seconds by default, then7*90=630seconds elapse
before a route will be flushed from the route table.








Configuration of RIP and IGRP

The CCNA exam requires you to understand RIP and IGRP

configuration details. RIP and IGRP configuration requires an
understanding of two subtle nuances- namely, what the network
command really implies and how the router interprets the network
command other than these tow details, configuration is relatively
easy. Hands-on experience is the best way to fully learn the
details of configuration. In lieu of that, this section lists
commands, provides examples, and points out any tricky features.
And summarize the more popular commands used for RIP and
IGRP configuration and verification. Tow configuration samples
follow. The Cisco IOS documentation is an excellent reference for
additional IP command, and the Cisco Press book


Cisco Network Devices is an excellent reference, particularly if you

are not able to attend the instructor-led version of the class.

Command Configuration Mode

Router rip Global

Router igrp process-id Global

Network net-number Router subcommand

Passive-interface type number Router subcommand

Maximum-paths x Router subcommand

Variance multiplier Router subcommand

Traffic-share {balance | min} Router subcommand

Command Function

Show up route [subnet] Shows entire routing table, or one entry if

subnet is entered

Show ip protocol Shows routing protocol parameters and current

timer values.

Debug ip rip issues log messages for each RIP update

Debug ip igrp transactions Issues log messages with details of the

IGRP updates

Debug p igrp event Issues log messages for each IGRP packet.

The Network Command

Each network command enables RIP or IGRP on a set of interface.

However, as a CCNA, you must understand the subtleties to what
that really means (as explained in the next several paragraphs.)
However, what “enables” really means in this case is not obvious
from Cisco IOS documentation. Also, the parameters for the
network command are not intuitive to many people new to Cisco
IOS configuration commands; therefore, routing protocol
configuration, including the network command, is a likely topic for
tricky question on he exam. The network command causes
implementation of the following three functions:

• Routing updates are broadcast or multicast out an interface.

• Routing updates are processed if they enter that same


• The subnet directly connected to that interface is advertised.

The network command matches some of the interfaces on a
router. The interfaces matched by the network command have the
three functions previously mentioned performed on them.
Examples provide a much easier understating of the network
command, as demonstratekd in.

IGRP Matrics

IGRP uses a composite metric. This metric is calculated as a

function of bandwidth, delay, load, and reliability. By default, only
the bandwidth and delay are considered; the other parameters
are considered only if enabled via configuration. Delay and
bandwidth are not measured values but are set via the delay and
bandwidth interface subcommands. (The same formula is used for
calculating the metric for EIGRP, but with a scaling factor so that
the actual metric values are larger, allowing more granularity in
the metric.) The show up ruter command in Example 6-2 shows
the IGRP metric values in brackets. For example, the router to shows the value [100/8539] beside the subnet number.
The 8539 is a single value, as calculated based on bandwidth and
delay. The metric is calculated (by default) as the sum of the
inverse of the minimum bandwidth, plus the cumulative delay on
all links in the route. In other words, the higher the bandwidth, the
lower the metric; the lower the cumulative delay, the lower the


ENHANCED IGRP (EIGRP) is a classless, enhanced distance-

vector protocol that gives us a real edge over another Cisco
proprietary protocol, Interior Gateway Routing Protocol (IGRP).
Like IGRP, EIGRP uses the concept of an autonomous system
to describe the set of contiguous router that run the same
routing protocol and share routing information. But unlike
IGRP, EIGRP includes the subnet mask in its route updates.

• EIGRP is sometimes referred to as a hybrid roting
protocol because it has characteristics of both distance-
vector and link -state protocols.

• EIGRP has link state characteristics- it synchronizes

routing tables between neighbors at startup, and then
sends specific updates only when topology change
occur. This makes EIGRP suitable for very large

• EIGRP has a maximum hop count of 255.


 Support for IP, IPX, via protocol-dependent modules.

 Considered classless.

 Support for VLSM/CIDR.

 Support for summaries and discontiguous networks.

 Efficient neighbor discovery.

 Communication via Reliable Transport Protocol (RTP).

 Best path selection via Diffusing Update



Each router keeps state information about adjacent

neighbors. When a newly discovered neighbor is learned,
the address and interface of the neighbor are recorded, and
this information is held in the neighbor table, stored in RAM .
There is one neighbor table for each protocol-dependent
module. Sequence numbers are used to match
acknowledgments with update packets. The last sequence
number received from the neighbor is recorded so that out
of order packets can be detected.


The topology table is populated by the protocol-dependent

modules and acted upon the Diffusing Update Algorithm
(DUAL). It contains all destinations advertised by neighboring
routers, holding each destination address and a list of
neighbors that have advertised the destination. For each
neighbor , the advertised metric is recorded, which comes
only from the neighbor’s routing table. If the neighbor is
advertising this destination, it must be using the roué to
forward packets.


A destination entry is moved from the topology table to the

routing table when there is a feasible successor. A feasible
successor is a path whose reported distance is less than
feasible distance, and it is considered a backup route. EIGRP
will keep up to six feasible successor in the topology table.
The show ip eigrp topology command will display all the
EIGRP feasible successor routes known to a router.


A successor route is the best route a remote network. A

successor route is used by EIGRP to forward traffic to a
destination and is stored in the routing table. It is backed
up by a feasible successor route that is stored in the
topology table- if one is available.


EIGRP uses a proprietary protocol, called reliable transport

protocol (rtp), to manage the communication of messages

between EIGRP speaking routers. And as name suggests,
reliability is a key concern of this protocol.

When EIGRP sends muticast traffic , it uses the class D

address Each router is aware of who its neighbors are,

and for each multicast it sends out, it maintains a list of
the neighbors who have replied. If EIGRP doesn’t get a reply
from a neighbor, it will switch to using unicast to resend
the same data. If it still does not get a reply after 16
unicast attempts, the neighbor is declared dead. It is refers
as reliable multicast.


EIGRP uses Diffusing Update Algorithm( DUAL) for selecting

and maintaining the best path to each remote network. Tjis
algorithm allows following:

 Backup route determination if one is available

 Support of Variable -Length Subnet Mask( VLSMs)

 Dynamic route recoveries

 Queries for an alternate route if no route can be found

DUAL provide EIGRP with possibly the fastest convergence

time among all protocols. The key to EIGRP’s speedy
convergence is twofold:

First, EIGRP routers maintain a copy of all of their neighbor’s

routes, which they use to calculate their own cost to each
remote network. If the best path goes down, it may be a
simple as examining the contents of the topology table to
select the best replacement route.

Secondly, if there isn’t a good alternative in the local
topology table,EIGRP routers very quickly ask their neighbors
for help finding one, they are not afraid to ask directions,
ralying on other routers and leveraging the information they
provide accounts for the “diffusing” character of DUAL.

DUAL is responsible for selecting and maintaining

information about the best paths.


It includes cool features that make it suitable for use in

large networks:

• Support for multiple ASes on a single router

• Support foe VLSM and summarization

• Route discovery and maintance


EIGRP use autonomous syatem numbers to identify the

collection of routers that share route information. Only
routers that have the same autonomous system numbers
share routers. In large networks , you can easily end up
with really complicated topology and route tables, and
that can markedly slow convergence during diffusing
computation operations. So in EIGRP it is possible to
divide the network into multiple distinct EIGRP
autonomous system or ASEs. Each AS is populated by a
contiguous series of router, and route information can be
shared among the different ASes via redistribution.

The use of redistribution within EIGRP leads us to anoher

feature. Normally the administrative distance (AD) of an
EIGRP route is 90, but this is true only for what is
known as an internal EIGRP route. These are routes

originated within a specific autonomous system by EIGRP
router that are members of the same autonomous system.

The other type of route is called an external EIGRP

route and has an AD of 170, which is not so good .These
routers appear within EIGRP route tables courtesy of either
manual or automatic redistribution, and they represent
networks that originated outside of the EIGRP autonomous


One of the more sophisticated classless routing protocol,

EIFRP supports the use of Variable Length Subnet Masks.
This is really important because it allows for the
conversation of address space through the use of subnet
mask that more clodely fit the host requriments, such as
using 30 bit subnetmasks for point to point networks. And
because subnet mask is propagated with every route
update, EIGRP also supports the use of discontigous
subnets, something that gives a lot of more flexibility
when designing the networki’s IP address plan.A
discontigiuous network is one that has two or more
subnetworks of a classful network connected together by
different classful networks...

EIGRP also supports the manual creation of summaries at

any and all EIGRP routers, which can substantially reduce
the size of the route table.


The hybrid nature of EIGRP is fully received in its approach

to route discovery and maintance. Like many link-state
protocols, eigrp supports the concepts of the neighbors that
are discovered via a HELLO process, and whose state is

monitored. Like many distance-vector protocols, EIGRP uses
the routing by rumor mechanism.

EIGRP uses a series of tables to store the important

information about its environment:

• Neighborship table

• Topology table

• Route table

The neighborship table reords information about router with

whom neighborship relationship have been formed.

The topology table stores the route advertisements about

every router in the internetwork received from each

The route table stores the routes that are currently used
to make decisions. There would be seprate copies of each
of these tables for each protocol that is actively being
supported by EIGRP, wheather it is IP, IPX or AppleTalk.


EIGRP use a single factor to copare routes and select

the best path, EIGRP can use a combination of four:

• Bandwidth

• Delay

• Load

• Reliability

EIGRP uses only bandwidth and delay of line to determine

the best path to a remote network by default.


By default EIGRP can provide unequal cost load balancing

of up to four links.EIGRP has maximum hop count of 100.
But it can set up to 255.


OPEN SHORTEST PATH FIRST (OSPF) is an open standards

routing protocol that been implemented by a wide verity of
network vendors, including Cisco. If we have multiple routers
and not of them are Cisco. If it is a large networks, then
really your only options are OSPF or something called
route redistribution- a translation service between routing

This works by using the Dijkstra algorithm. First a shortest

path tree is constructed and then the routing table is
populated with the resulting best paths. OSPF converges
quickly, although perhaps not so quickly as EIGRP, and
supports multiple, equal cost routers to use the same

OSPF provides the following features:

 Consists of areas and autonomous system

 Minimize routing update traffic

 Allows scalability

 Supports VLSM/CIDR

 Has unlimited hop count

 Allows muti-vendor deployment (open standard)

 OSPF is the link-state routing protocol


VLAN Basics

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a

broadcast domain created by switches. Normally, it is a router
creating that broadcast domain. With VLAN’s, a switch can create
the broadcast domain.

This works by, you, the administrator, putting some switch ports in
a VLAN other than 1, the default VLAN. All ports in a single VLAN
are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A

can be in VLAN 10 and other ports on switch B can be in VLAN 10.
Broadcasts between these devices will not be seen on any other
port in any other VLAN, other than 10. However, these devices
can all communicate because they are on the same VLAN. Without
additional configuration, they would not be able to communicate
with any other devices, not in their VLAN.
Are VLANs required?

It is important to point out that you don’t have to configure a

VLAN until your network gets so large and has so much traffic that
you need one. Many times, people are simply using VLAN’s
because the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are

enabled by default and ALL devices are already in a VLAN. The
VLAN that all devices are already in is VLAN 1. So, by default, you

can just use all the ports on a switch and all devices will be able to
talk to one another.
When do I need a VLAN?

You need to consider using VLAN’s in any of the following


• You have more than 200 devices on your LAN

• You have a lot of broadcast traffic on your LAN
• Groups of users need more security or are being slowed
down by too many broadcasts?
• Groups of users need to be on the same broadcast domain
because they are running the same applications. An example
would be a company that has VoIP phones. The users using
the phone could be on a different VLAN, not with the regular
• Or, just to make a single switch into multiple virtual switche

There are several ways that VLANs simplify network management:

• Network adds, moves, and changes are achieved by

configuring a port into the appropriate VLAN.

• A group of users needing high security can be put into a

VLAN so that no users outside of the VLAN can communicate
with them.

• As a logical grouping of users by function, VLAN can be

considered independent from their physical or geographic

• VLANs can enhance network security.

• VLANs increase the number of broadcast domains while

decreasing their size.

Types of VLAN

There are only two types of VLAN possible today, cell-based VLANs
and frame-based VLANs.

• Cell-based VLANs are used in ATM switched networks with

LAN Emulation (or LANE). LANE is used to allow hosts on
legacy LAN segments to communicate using ATM networks
without having to use special hardware or software
• Frame-based VLANs are used in ethernet networks with
frame tagging. The two primary types of frame tagging are
IEEE 802.10 and ISL (Inter Switch Link is a Cisco proprietary
frame-tagging). Keep in mind that the 802.10 standard
makes it possible to deploy VLANs with 802.3 (Ethernet),
802.5 (Token-Ring), and FDDI, but ethernet is most common.

VLAN modes

There are three different modes in which a VLAN can be

configured. These modes are covered below:

• VLAN Switching Mode – The VLAN forms a switching bridge in

which frames are forwarded unmodified.
• VLAN Translation Mode – VLAN translation mode is used
when the frame tagging method is changed in the network
path, or if the frame traverses from a VLAN group to a legacy
or native interface which is not configured in a VLAN. When
the packet is to pass into a native interface, the VLAN tag is
removed so that the packet can properly enter the native
• VLAN Routing Mode – When a packet is routed from one
VLAN to a different VLAN, you use VLAN routing mode. The
packet is modified, usually by a router, which places its own
MAC address as the source, and then changes the VLAN ID of
the packet.

VLAN configurations

Different terminology is used between different hardware

manufacturers when it comes to VLANs. Because of this there is
often confusion at implementation time. Following are a few
details, and some examples to assist you in defining your VLANs
so confusion is not an issue.
Cisco VLAN terminology

You need a few details to define a VLAN on most Cisco equipment.

Unfortunately, because Cisco sometimes acquires the
technologies they use to fill their switching, routing and security
product lines, naming conventions are not always consistent. For
this article, we are focusing only one Cisco switching and routing
product lines running Cisco IOS.

• VLAN ID – The VLAN ID is a unique value you assign to each

VLAN on a single device. With a Cisco routing or switching
device running IOS, your range is from 1-4096. When you
define a VLAN you usually use the syntax "vlan x" where x is
the number you would like to assign to the VLAN ID. VLAN 1
is reserved as an administrative VLAN. If VLAN technologies
are enabled, all ports are a member of VLAN 1 by default.
• VLAN Name – The VLAN name is an text based name you use
to identify your VLAN, perhaps to help technical staff in
understanding its function. The string you use can be
between 1 and 32 characters in length.
• Private VLAN – You also define if the VLAN is to be a private
vlan in the VLAN definition, and what other VLAN might be
associated with it in the definition section. When you
configure a Cisco VLAN as a private-vlan, this means that
ports that are members of the VLAN cannot communicate
directly with each other by default. Normally all ports which
are members of a VLAN can communicate directly with each
other just as they would be able to would they have been a
member of a standard network segment. Private vlans are
created to enhance the security on a network where hosts
coexisting on the network cannot or should not trust each
other. This is a common practice to use on web farms or in

other high risk environments where communication between
hosts on the same subnet are not necessary. Check your
Cisco documentation if you have questions about how to
configure and deploy private VLANs.
• VLAN modes – in Cisco IOS, there are only two modes an
interface can operate in, "mode access" and "mode trunk".
Access mode is for end devices or devices that will not
require multiple VLANs. Trunk mode is used for passing
multiple VLANs to other network devices, or for end devices
that need to have membership to multiple VLANs at once. If
you are wondering what mode to use, the mode is probably
"mode access"

Broadcast Control

Broadcasts occur in every protocol, but how often they occur

depends upon three things.

• Type of protocol.

• The applications(s) running on the internetwork.

• How these services are used.

Some older applications have been rewritten to reduce their

bandwidth needs, but there’s a new generation of applications
that are incredibly bandwidth-greedy, consuming all they can find.
These bandwidth abusers are multimedia applications that use
broadcasts and multicasts extensively. Faulty equipment,
inadequate segmentation, and poorly designed firewalls only
serve to compound the problems that these broadcast-
intermissive applications create. All of this has truly added a new
dimension to network design, as well as generating new
challenges for an administrator. making sure the network is
properly segmented in order to isolate one segment’s
problems and keep those problems from propagating throughout

the internetwork is imperative. The most effective way of doing
this is through strategic switching and routing.

Since switches have become more cost-effective lately,

many companies are replacing their flat hub networks with a pure
switched network and VLAN environment. All devices in VLAN are
members of the same broadcast domain and receive all
broadcasts. The broadcasts by default, are filtered from all ports
on a switch that are not members of the same. VLAN This is great
because it offers all the benefits gain with a switched design
without the serious anguish you would experience if all your users
were in the same broadcast domain .

• First, anyone connecting to the physical net work could
access the network resources located on that physical LAN.

• Second, all anyone had to do to observe any and all traffic

happening in that network was to simply plug a network
analyzer into the hub. And third, in that same vein , user
could join a workgroup by just plugging their workstation into
the existing hub, So basically, this was non security.

This is why VLAN are so cool. By building then and creating

multiple broadcast groups, administrators can now have control
over each port and users. The days when users could just plug
their workstations into any switch port and gain access to network
resources are history because the administrator is now awarded
control over each port and whatever resources that port can

Also, because VLANs can be created in accordance with the

network resources a user requires, switches can be configured to
inform a network management station of any unauthorized access
to network resources .And if you need inter-VLAN communication,
you can implement restrictions on a router to achieve it. You can

also place restrictions on hardware addresses, protocols, and
applications-now we’re talking security.

Flexibility and Scalability

• This means that broadcasts sent out from a node in one

VLAN, won’t be forwarded to ports configured to be in a
different VLAN. So by assigning switch ports or users to VLAN
groups on a switch or group of connected switches, you gain
the flexibility to add only the users you want into that
broadcast domain regardless of their physical location. This
setup can also work to block broadcast domain regardless of
their physical location. This setup can also work to block
broadcast storms caused by a faulty Network Interface Card
(NIC), as well as prevent an intermediate device from
propagating the storms throughout the entire internetwork.
Those evils can still happen on the VLAN where the problem
originated, but the disease will just be quarantined to that
one ailing VLAN.

• Another advantage is that when a VLAN gets too big, you can
create more VLANs to keep the broadcasts from consuming
too much bandwidth—the fewer users in a VLAN, the fewer
users affected by broadcasts. and good, but the users
connect to these services when you create your VLAN.

• To understand how a VLAN looks to a switch, it’s helpful to

begin by first looking at a traditional network. Figure shows
how a network was created by connecting physical LAN using
hubs to a router.

VLAN Memberships
VLAN are usually created by an administrator, who then assigns
switch ports to each VLAN. Such a VLAN is called a static VLAN. If
the administrator wants to do a little more work up front and
assign all the host devices’ hardware addresses in to a database,

the switches can be configured to assign VLANs dynamically
whenever a host is plugged into a switch. This is called a dynamic.

Static VLANs

• Static VLANs are the usual way of creating VLAN, and they’re
also the most secure. The switch port that you assign a VLAN
association to always maintains that association until an
administrator manually changes that port assignment.

• This type of VLAN configuration is comparatively easy to set

up and monitor, ,and it works well in a network where the
movement of users with the network is controlled. And
although it an be helpful to use network management
software to configure the ports, It’s not mandatory.

Dynamic VLANs

• A dynamic VLAN determines a node’s VLAN assignment

automatically, using intelligent management software; you
can base VLAN assignments on hardware (MAC) addresses,
protocols, or even applications to create dynamic VLANs.

Identifying VLANs :
As frames are switches throughout the network, switches must be
able to keep track of all the different types, plus understand what
to do with them depending on the hardware address. And
remember, frames are handled differently according to the type of
link they are traversing.. There are two different type of links in a
switched environment.

Access links :

• This type of link is only part of one VLAN and it’s referred to
as the native VLAN of the port. Any device attached to an
access link is unaware of a VLAN membership the device just

assumes it’s part of a broadcast domain, but has no
understanding of the physical network.

Trunk links :

• Trunks can carry multiple VLAN and originally gained their

name after the telephone system trunks that carry multiple
telephone conversations.

• A trunk link is 100-or 1000 Mbps point to point link between

two switches, between a switch and router, or between a
switch and server. These carry the traffic of multiple VLANs-
from 1 to 1005 at a time.

(promotes scaling) and minimizes the risk of errors cause by

duplicate names or incorrect VLAN types. VTP operates in
server, client or transparent mode. The default is serer
mode. VLAN updates are not propagated over the network
until a management domain name is specified.


Figure 1. Two router basic configuration
The objective of the lab is to configure a simple network to allow two routers to
route packets between two remote networks.
Set up


• Verify the physical configuration shown in Figure 1.

• Connect PC3 to the console port of RouterA using the console cable.
• Verify that both PC1 and PC2 are connected via a cross-over (red) cable to
the routers. Each PC should connect to one of the routers Ethernet
transceivers. Verify that the serial cable is connected to the DCE port on
RouterA and the DTE port on RouterB.
• Turn on the power strip.
• Turn on PC1, PC2, and PC3. Verify that the live CDs are in PC1 and PC2.
• Turn on both routers.

Login to RouterA

Login to PC3 with the given userid and password.

Start the terminal program KPP to access the serial port.

, Click configure
Click device
Click modem

Click Terminal. It should now connect to the router console port. The
command line interface RouterA> should appear.

Configure RouterA and RouterB by typing the following commands. The console
port cable will need to be moved to the router being configured. The part
beginning with // are comments and should not be entered.

Part 1. Configure RouterA and RouterB IP Addresses

RouterA#config t
RouterA(config)#int e0 //Choose Ethernet interface e0
RouterA(config-if)#ip address
RouterA(config-if)#description LAN Network for RouterA
RouterA(config-if)#no shutdown //this means interface
is up
RouterA(config-if)#int s0 //configure serial interface
RouterA(config-if)#ip address
RouterA(config-if)#clockrate 250000
RouterA(config-if)#no shutdown
RouterA(config-if)#description Network connection to
RouterA(config-if)#^Z //combination of control+z, which
takes you back
to the privileged executive mode
RouterA# copy run start //Save your changes to NRVAM.
If you do not,
when the router reboots all changes are lost. Wait
until the router responds with [Ok]
RouterB#config t
RouterB(config)#int e0 //Choose Ethernet interface e0
RouterB(config-if)#ip address
RouterB(config-if)#description LAN Network for RouterB
RouterB(config-if)#no shutdown //this means interface
is up
RouterB(config-if)#int s1 //configure serial interface
RouterB(config-if)#ip address
RouterB(config-if)#no shutdown
RouterB(config-if)#description Network connection to
RouterB# copy run start

Part 2. Verify router configurations

Once both routers are configured, use the ping command from a router to ping the
neighboring router's serial and Ethernet interfaces.

Verify the configuration on both routers using the following commands.

RouterA#show ip route
RouterA#show ip int

Part 3. Configure PC1 and PC2 IP Addresses

Manually configure the PC1 and PC2 IP addresses.


Click on "K" in the lower left corner of the screen.

Click "Settings"
Click "Netconfig"
Choose "No".
Type as the IP address.
Type as the network mask.
Type for the default gateway.
Use the default for the DNS.
Click "Exit".
Start a terminal and do the following commands. Note and log what happens at
each point.
o #ping
o #ping
o #ping
• #ping

Repeat the steps for PC2 but set the IP address to and the default
gateway to
Start a terminal and do the following commands. Note and log what happens at
each point.

o #ping
o #ping
o #ping
o #ping
o #ping

Part 4. Adding dynamic routing: RIP

A routing protocol like RIP needs to be enabled on the routers to advertise the
directly connected networks to the neighboring router.
RouterA#config t
RouterA#ip routing //enable routing
RouterA(config)#router RIP //enable the routing
information protocol
RouterA#copy run start


Enable RIP on RouterB but advertise

Part 5. Verify the two routers are routing packets to the remote network

Use PC1 and PC2 to verify that the two remote networks can communicate.

If both ping commands work, then the configuration is complete. Two remote
networks are communicating through two routers. Congratulations!


wireless communication may be used to transfer

information over short distances (a few meters as in
television remote control) or long distances (thousands or
millions of kilometers for radio communications). The term is
often shortened to "wireless". It encompasses various types
of fixed, mobile, and portable two-way radios, cellular
telephones, personal digital assistants (PDAs), and wireless
networking. Other examples of wireless technology include
GPS units, garage door openers and or garage doors,
wireless computer mice, keyboards and headsets, satellite
television and cordless telephones.

Wireless operations permits services, such as long range

communications, that are impossible or impractical to
implement with the use of wires. The term is commonly used
in the telecommunications industry to refer to
telecommunications systems (e.g. radio transmitters and
receivers, remote controls, computer networks, network
terminals, etc.) which use some form of energy (e.g. radio
frequency (RF), infrared light, laser light, visible light,
acoustic energy, etc.) to transfer information without the use
of wires.[1] Information is transferred in this manner over both
short and long distances.
Wireless networks

Wireless networking (i.e. the various types of unlicensed 2.4 GHz

WiFi devices) is used to meet many needs. Perhaps the most
common use is to connect laptop users who travel from location to
location. Another common use is for mobile networks that connect
via satellite. A wireless transmission method is a logical choice to
network a LAN segment that must frequently change locations.
The following situations justify the use of wireless technology:

• To span a distance beyond the capabilities of typical cabling,

• To provide a backup communications link in case of normal
network failure,
• To link portable or temporary workstations,
• To overcome situations where normal cabling is difficult or
financially impractical, or
• To remotely connect mobile users or networks.


Wireless communication can be via:

• radio frequency communication,

• microwave communication, for example long-range line-of-
sight via highly directional antennas, or short-range
communication, or
• infrared (IR) short-range communication, for example from
consumer IR devices such as remote controls or via Infrared
Data Association (IrDA).

Applications may involve point-to-point communication, point-to-

multipoint communication, broadcasting, cellular networks and
other wireless networks.

Typical Wireless Devices

• Access-Points
• Bridges
• Switches
• Routers
• Antennas
• Client Adaptors
• Laptops
• PDAs
• Phones
• Printers
• Desktop PCs
• Bar Code Scanners
Cisco Wireless Devices

Aironet 1200 Series Aironet 1100 Series Aironet 1300 Series Bridge

Access-Point Access-Point

Typical Application of Access-Points


Creates and maintains
Institute of Electrical and
Electronics Engineers (IEEE)
Regulates the use of
Federal Communications
wireless devices
Commission (FCC)
in the U.S.

European Chartered to produce
Telecommunications common
Standards Institute (ETSi) standards in Europe
Promotes and tests for
Wi-Fi Alliance WLAN
Educates and raises
WLAN Association (WLANA) awareness regarding


Wireless starts with 802.11, and there are various other up-
and-coming standard groups as well, like 802.16 and 802.20.
And there’s no doubt that cellular networks will become huge
players in our wireless future. But for now, we’re going to
concentrate on the 802.11 standards committee and
subcommittees.IEEE 802.11 was the first, original
standardized WLAN at 1 and 2Mbps. It runs in the 2.4GHz
radio frequency and was ratified in 1997 even though we
didn’t see many products pop up until around 1999 when
802.11b was introduced.


IEEE 802.11a 54Mbps, 5GHz standard
IEEE 802.11b Enhancements to 802.11 to support 5.5 and
IEEE 802.11c Bridge operation procedures; included in the
IEEE 802.1D standard
IEEE 802.11d International roaming extensions
IEEE 802.11e Quality of service
IEEE 802.11f Inter-Access Point Protocol
IEEE 802.11g 54Mbps, 2.4GHz standard (backward
compatible with 802.11b)
IEEE 802.11h Dynamic Frequency Selection (DFS) and
Transmit Power Control (TPC)
at 5Ghz
IEEE 802.11i Enhanced security
IEEE 802.11j Extensions for Japan and U.S. public safety
IEEE 802.11k Radio resource measurement enhancements
IEEE 802.11m Maintenance of the standard; odds and ends
IEEE 802.11n Higher throughput improvements using MIMO
(multiple input, multiple
output antennas)
IEEE 802.11p Wireless Access for the Vehicular Environment
IEEE 802.11r Fast roaming
IEEE 802.11s Extended Service Set (ESS) Mesh Networking



Security Device Manager

The Cisco
Security Device Manager (SDM) is an intuitive, Web-based device
management tool embedded within Cisco IOS access routers.
Cisco SDM simplifiesrouter and security configuration through
intelligent wizards, enabling customers to quickly and easily
deploy, configure, and monitor a Cisco access router without
requiring knowledge of the Cisco IOS Software command-line
interface (CLI). Cisco Router and Security Device Manager (SDM)
is an easy-to-use device management tool that allowsyou to
configure Cisco IOS security features and network connections
through an intuitive web-based graphical user interface. This
quick start guide shows you how to connect your PC to your router
and begin using SDM.

SDM runs under Firefox 1.0.3, Internet Explorer version 5.5 or

later, and under Netscape 7.1 on a PC that is running Microsoft
Windows XP, Windows 2000, Windows 2003, Windows ME, or
Windows NT 4.0 (with Service Pack 4). SDM supports Java plug-in
version 1.4.2_05 and later.

Task 1: Install Interface Cards, and Cable the

Before SDM can be used to configure the router, you must install
all the necessary hardware accessoriesthat are applicable to your

router, such as WAN interface cards (WICs), network modules
(NMs), or advanced interface module (AIM) cards that you will use
to connect to the network. Refer to the quick start guide for your
router for instructions on installing these interface cards, cabling
the router, and
verifying that all the connections are working properly.
Task 2: Configure Your PC, and Connect It to
the Router
You have to set up the PC to communicate with SDM. SDM is
shipped with a default configuration file that assigns an IP address
to a LAN interface on the router, and you must configure the PC to
be on the same subnet as the router LAN interface.First determine
whether your router is configured as a Dynamic Host
Configuration Protocol (DHCP) server or not.

Figure 1 Configuring the PC to Obtain an IP Address Automatically

These Routers Are Not Configured as DHCP Servers
If you did not find your router in Table 1, your router is not
configured as a DHCP server, and you mustassign a static IP
address to the PC. Click Use the following IP address, and assign
an IP addressbetween and to the Ethernet
port of the PC, and use the subnet mask255.255.255.248, as
shown in Figure 2. You can leave the Default gateway and DNS
server fields blank.

Figure 2 Configuring Your PC with a Static IP Address Between and

Task 3: Log on to the Router
If you received the SDM CD with your router, use the CD to
connect to the router by following the next procedure. If you did
not receive the SDM CD, use the procedure in the “I Did Not
Receive the SDM CD” section on page 7.

I Received the SDM CD

If you received the SDM CD, complete the following procedure.

Step 1 Disable any popup blockers active in your web browser.

Step 2 Place the SDM CD in your PC CD drive. If the CD does not

launch, navigate to the drive and double-click the setup.exe file.

Step 3 When the CD screen is displayed (Figure 3), click First-time
Router Setup.
Figure 3 SDM CD Screen

Step 4 Ensure the PC is connected to the router as described in

the First-Time Router Setup window (Figure 4),and then click
Launch Cisco SDM Express

Figure 4 First-Time Router Setup Window

Step 5 Enter the username cisco, and the password cisco in the
login windows that appear during the startup process

Task 4: Complete Cisco SDM Express
Cisco SDM Express is an SDM program that lets you quickly
configure the router LAN and Internet connections.
Step 1 When you connect to the router, the SDM Express Launch
page (Figure 5) appears, followed by one or more certificate
windows. Click Yes, or click Grant to accept the certificates.
Figure 5 SDM Express Launch Page

Step 2 The SDM Express Overview page appears and then the
SDM Express Wizard page is also displayed (Figure 6). Click Next
to begin configuring the router
Figure 6 SDM Express Overview and Wizard Pages

The SDM Express wizard will ask you to enter an enable secret password to
control access to Cisco IOS software. Be sure to write down or remember the
enable secret password that you enter. It is not shown in the Enable
Password field or in the Summary window, and it cannot be reset without
erasing the router configuration. You are also asked to change the router’s
LAN IP address from its default value.
Step 3 When the Summary window appears, write down the LAN IP address,
the username and the userpassword that you entered, and click Finish. You
will need this information to reconnect to the router to perform additional

Step 4 Exit SDM Express and complete “Task 5: Reconnect to the Router
Using the New IP Address” toreconfigure the PC and reconnect to your router,
using the new IP address that you gave to the LAN interface.reconfigure the

PC and reconnect to your router, using the new IP address that you gave to
the LAN interface

Task 5: Reconnect to the Router Using the

New IP Address
If you changed the IP address of the router LAN interface as
recommended in the SDM Express wizard,you lost your connection
to the router. Follow these steps to reconnect to your router:
Step 1 Reconfigure your PC if necessary. If you configured a DHCP
server on the router in Task 4, configure the PC to obtain an IP
address automatically, as shown in Figure 1 on page 2. If the
router was already
configured as a DHCP server but the address pool has changed,
open a command window on the PC andenter ipconfig /release,
followed by ipconfig /renew to obtain a new IP address from the
router. If you did not configure a DHCP server on the router, your
network uses static IP addresses, and you
must assign a new IP address to the PC Ethernet interface. Place it
on the same subnet as the router’s Ethernet port, which you
configured in Task 4. Figure 7 shows an example PC configuration
when the
router LAN IP address is (as indicated by the Default
gateway field) and the subnet mask is255.255.255.0. The PC is
configured with an IP address of, an address on the
same subnet as the router.

Figure 7 If you did not configure the router as a DHCP server,
configure the PC with a static IP address (Example)

Step 2 Open a web browser and enter the new IP address that
you gave the router LAN interface.http://new-IP-address
For example, if you gave the LAN interface the IP address, you would enter the following
command in the browser.
Step 3 Enter the username and password that you specified in
Task 4. If SDM is installed on your router, the SDM home page
appears, as shown in Figure 8.

Figure 8 SDM Home Page

Figure 9 SDM Express Overview Window

Step 4 Test the Internet (WAN) connection that you configured by

opening another web browser window andconnecting to a
website. If you can connect to a website, such as,
yourWAN connection works properly. If you cannot, you can use
SDM Express or SDM to correct your WAN settings.

Step 5 If you received the SDM CD, go to “Task 6: Install SDM from
the CD” to install SDM. If you did not receive the SDM CD, SDM is
already installed on your router.

Task 6: Install SDM from the CD

If you have the SDM CD, you can install SDM on the PC and on the
router. If SDM launched when you reconnected to the router in
Task 5: Reconnect to the Router Using the New IP Address, SDM is
already installed on the router and you do not need to complete
this procedure.
The installation wizard on the CD guides you through installing
SDM and its components on your PC and your router. Installing
SDM on your PC allows you to use SDM to configure and manage
routers on your network.
step 1 Return to the CD screen, and click Install SDM

Step 2 When the Install Options window appears (Figure 11),
select where you want to install SDM. Selecting
This Computer installs SDM on the PC and enables you to
configure and monitor other routers on the network besides the
router you have just set up
Figure 11 Select Where You Want to Install SDM


install SDM and its other applications on your router, or you can
install them on both thePC and the router.

Step 3 Complete the installation wizard.

Using SDM
If SDM is installed on the router, start it by opening a browser
and entering the new IP address thatyou gave the LAN interface,
just as you did in Task 5: Reconnect to the Router Using the New
IP Address, page 10.
http://new-IP-address If SDM is installed on the PC, start it by
selecting it from the program menu (Start > Programs > Cisco
Systems > SDM 2.1. Then, provide the IP address of the router
in the SDM Launcher window

(Figure 12)

Figure 12 SDM Launcher

If you are using Internet Explorer on a PC running Windows XP

with Service Pack 2, and Internet Explorer displays a message
telling you that it has restricted this file from showing active
content that could access your computer, select Tools >
Internet Options > Advanced from the Internet Explorer
Tools menu, and check Allow active content to run in files on
my computer. Then click Apply, and relaunch SDM. Cisco SDM
provides a series of easy-to-use wizards that quickly take you step
by step through configuring your router, without requiring
knowledge of the Cisco IOS software CLI. You can use SDM
wizards to:
• Configure additional LAN and WAN connections.
• Create firewalls.
• Configure VPN, Easy VPN, and DMVPN connections, and create
and manage digital certificates.
• Perform a security audit on the router and have SDM fix security
• Configure basic routing.
• Create Network Address Translation (NAT) rules on the router.
• Create Quality of Service (QoS) policies.
After you have used wizards to create basic configurations, SDM
enables you to edit the configurations you created. You can edit
firewalls to create a firewall policy for your network. You can also
configure and manage the Intrusion Prevention System (IPS) on
the router to protect your network from attacks,
and perform additional tasks, such as creating user accounts and
creating router management policies.
To start a wizard, simply click the Configure button at the top of
the SDM home page shown in Figure 8, and then click the
appropriate button in the left frame of the SDM Configuration

Figure 13 An SDM Configuration Window

Click the Help button in any SDM window for more information on
the task you are performing. SDM automatically saves changes to
the router’s running configuration, and you can direct it to save
the running configuration to the startup configuration


Note: The IP addressing schemes used in this configuration are not legally routable on the
Internet. They are RFC 1918 addresses which have been used in a lab environment.

Interface Configuration

Complete these steps in order to configure the interfaces of a Cisco router.

1. Click Home in order to go to the SDM Home page.

The SDM Home page provides information such as hardware and software of the router,
feature availability, and a configuration summary. The green circles show the features
supported in this router and the red circles show the features not supported.

2. Choose Configure > Interfaces and Connections > Create Connection in order to
configure the WAN connection for the interface.

As an example, for serial interface 2/0, choose the Serial option and click Create New

Note: For other types of interfaces like Ethernet, choose the respective interface type and
proceed by clicking the Create New Connection button.

3. Click Next in order to proceed once this interface appears.

4. Select Serial interface 2/0 (desired) from the Available Interfaces option and click Next.

5. Choose the encapsulation type for the serial interface and click Next.

6. Specify the static IP address with the corresponding subnet mask for the interface and
click Next.

7. Configure the default routing with optional parameters such as the next hop IP address
( as per network diagram) supplied by the ISP and click Next.

This window appears and shows the configuration summary configured by the user. Click

This window appears and shows the command delivery status to the router. Otherwise, it
displays errors if the command delivery fails due to incompatible commands or
unsupported features.

8. Choose Configure > Interfaces and Connections > Edit Interfaces/Connections in
order to add/edit/delete the various interfaces.

Highlight the interface with which you want to make changes and click Edit if you want
to edit or change the interface configuration. Here you can change the existing static IP

NAT Configuration

Dynamic NAT Configuration

Complete these steps in order to configure the dynamic NAT in a Cisco router.

1. Choose Configure > NAT > Basic NAT and click Launch the selected task in order to
configure basic NATing.

2. Click Next.

3. Choose the interface that connects to the Internet or your ISP and choose the IP address
range to which Internet access is to be shared.

4. This window appears and shows the configuration summary configured by the user. Click

5. The Edit NAT Configuration window shows the configured dynamic NAT configuration
with the translated IP address overloaded (PATing). If you want to configure the dynamic
NATing with address pool, click Address Pool.

6. Click Add.

Here informations such as the pool name and IP address range with netmask are provided.
There can be times when most of the addresses in the pool have been assigned, and the IP
address pool is nearly depleted. When this occurs, PAT can be used with a single IP
address in order to satisfy additional requests for IP addresses. Check Port Address
Translation (PAT) if you want the router to use PAT when the address pool is close to

7. Click Add.

8. Click Edit.

9. Choose Address Pool in the Type field, provide the name to the Address Pool as pool1
and click OK.

10. This window shows the configuration for dynamic NATing with the address pool. Click
Designate NAT Interfaces.

Use this window in order to designate the inside and outside interfaces that you want to
use in NAT translations. NAT uses the inside and outside designations when it interprets
translation rules, because translations are performed from inside to outside, or from
outside to inside.

Once designated, these interfaces are used in all NAT translation rules. The designated
interfaces appear above the Translation Rules list in the main NAT window.

Static NAT Configuration

Complete these steps in order to configure static NAT in a Cisco router.

1. Choose Configure > NAT > Edit NAT Configuration and click Add in order to
configure static NATing.

2. Choose the Direction either from inside to outside or from outside to inside, specify the
inside IP address to be translated under Translate from Interface. For the Translate to
Interface area select the Type.
o Choose IP Address if you want the Translate from Address to be translated to an
IP address defined in the IP Address field.

o Choose Interface if you want the Translate from Address to use the address of
an interface on the router. The Translate from Address is translated to the IP
address assigned to the interface that you specify in the Interface field.

Check Redirect Port if you want to include port information for the inside device in the
translation. This enables you to use the same public IP address for multiple devices, as
long as the port specified for each device is different. You must create an entry for each
port mapping for this Translated to address. Click TCP if this is a TCP port number and
click UDP if it is a UDP port number. In the Original Port field, enter the port number on
the inside device. In the Translated Port field, enter the port number that the router is to
use for this translation. Refer to the Allowing the Internet to Access Internal Devices
section of Configuring Network Address Translation: Getting Started.

This window shows the static NATing configuration with port redirection enabled.

Routing Configuration

Static Routing Configuration

Complete these steps in order to configure static routing in a Cisco router.

1. Choose Configure > Routing > Static Routing and click Add in order to configure static

2. Enter the Destination Network address with mask and select either outgoing interface or
next hop IP address.

This window shows the static route configured for the network with
as the next hop IP address.

Dynamic Routing Configuration

Complete these steps in order to configure the dynamic routing in a Cisco router.

1. Choose Configure > Routing > Dynamic Routing.

2. Select the RIP and click Edit.

3. Check Enable RIP, select the RIP version, and click Add.

4. Specify the Network address to be advertised.

5. Click OK.

6. Click Deliver in order to transfer the commands to the router.

This window shows the dynamic RIP routing configuration.

Miscellaneous Configuration

Complete these steps in order to configure the other basic settings in a Cisco router.

1. Choose Configure > Additional Tasks > Router Properties and click Edit if you want
to change the Hostname, Domain Name, Banner and Enable Secret Password properties
for a router.

2. Choose Configure > Additional Tasks > Router Access > User Accounts/View in
order to add/edit/delete the User Accounts to the router.

3. Choose File > Save Running Config to PC... in order to save the configuration to the
NVRAM of the router as well as the PC and to reset the current configuration to default
(factory) settings.

4. Go to the task bar and choose Edit > Preferences in order to enable these User
Preferences options:
o Preview commands before delivering to router.
o Save signature file to Flash.
o Confirm before exiting from SDM.
o Continue monitoring interface status when switching mode/task.

5. Choose View from the task bar if you want to:
o View the Home, Configure, or Monitor pages.
o View the running configuration of the router.
o View various show commands.
o View SDM default rules.
o Choose Refresh in order to synchronize the router configuration if there are any
configured through the CLI with SDM.

CLI Configuration
Router Configuration

Router#show run
Building configuration...

Current configuration : 2525 bytes

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router

no logging buffered
enable password cisco
no aaa new-model
resource policy
ip cef

!--- RSA certificate generated after you enable

!--- ip http secure-server command.

crypto pki trustpoint TP-self-signed-392370502

enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-
revocation-check none
rsakeypair TP-self-signed-392370502
crypto pki certificate chain TP-self-signed-
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609
2A864886 F70D0101 04050
30312E30 2C060355 04031325 494F532D 53656C66
2D536967 6E65642D 43657
69666963 6174652D 33393233 37303530 32301E17
0D303530 39323330 34333
375A170D 32303031 30313030 30303030 5A303031
2E302C06 03550403 13254
532D5365 6C662D53 69676E65 642D4365 72746966
69636174 652D3339 32333
35303230 819F300D 06092A86 4886F70D 01010105
0003818D 00308189 02818
C86C0F42 84656325 70922027 EF314C2F 17C8BBE1
B478AFA3 FE2BC2F2 3C272
A3B5E13A 1392A158 73D8FE0D 20BFD952 6B22890C
38776830 241BE259 EE2AA
CF4124EA 37E41B46 A2076586 2F0F9A74 FDB72B3B
6159EEF7 0DEC7D44 BE489
9E351BF7 F5C808D9 2706C8B7 F5CE4B73 39ED8A61
508F455A 68245A6B D072F
02030100 01A36630 64300F06 03551D13 0101FF04
05300301 01FF3011 06035
11040A30 08820652 6F757465 72301F06 03551D23
04183016 80148943 F2369
ACD8CCA6 CA04EC47 C68B8179 E205301D 0603551D
0E041604 148943F2 36910
D8CCA6CA 04EC47C6 8B8179E2 05300D06 092A8648

86F70D01 01040500 03818
3B93B9DC 7DA78DF5 6D1D0D68 6CE075F3 FFDAD0FB
9C58E269 FE360329 2CEE3
D8661EB4 041DEFEF E14AA79D F33661FC 2E667519
E185D586 13FBD678 F52E1
E3C92ACD 52741FA4 4429D0B7 EB3DF979 0EB9D563
51C950E0 11504B41 4AE79
0DD0BE16 856B688C B727B3DB 30A9A91E 10236FA7
63BAEACB 5F7E8602 0C33D

!--- Create a user account named sdmsdm with

all privileges.

username sdmsdm privilege 15 password 0 sdmsdm

interface Ethernet0/0
no ip address

!--- The LAN interface configured with a

private IP address.

interface FastEthernet1/0
ip address

!--- Designate that traffic that originates

from behind
!--- the interface is subject to Network
Address Translation (NAT).

ip nat inside
ip virtual-reassembly
duplex auto
speed auto

!--- This is the WAN interface configured with

a routable (public) IP address.

interface Serial2/0
ip address

!--- Designate that this interface is the

!--- destination for traffic that has undergone

ip nat outside
ip virtual-reassembly
interface Serial2/1
no ip address
interface Serial2/2
no ip address
interface Serial2/3
no ip address

!--- RIP version 2 routing is enabled.

router rip
version 2
no auto-summary

!--- This is where the commands to enable HTTP

and HTTPS are configured.

ip http server
ip http secure-server

!--- This configuration is for dynamic NAT.

!--- Define a pool of outside IP addresses for


ip nat pool pool1


!--- In order to enable NAT of the inside

source address,
!--- specify that traffic from hosts that match
access list 1
!--- are NATed to the address pool named pool1.

ip nat inside source list 1 pool pool1

!--- Access list 1 permits only

network to be NATed.

access-list 1 remark SDM_ACL Category=2

access-list 1 permit

!--- This configuration is for static NAT

!--- In order to translate the packets between

the real IP address with TCP
!--- port 80 and the mapped IP address with TCP port 500.

ip nat inside source static tcp 80 500 extendable


!--- The default route is configured and points


ip route


!--- The static route is configured and points


ip route

line con 0
line aux 0

!--- Telnet enabled with password as sdmsdm.

line vty 0 4
password sdmsdm


Choose Configure > Interface & Connections > Edit Interface Connections > Test
Connection in order to test the end-to-end connectivity. You can specify the remote end IP
address if you click the User-specified radio button.


The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands.
Use the OIT to view an analysis of show command output.

Note: Refer to Important Information on Debug Commands before you issue debug commands.

You can use these options in order to troubleshoot:

• Choose Tools > Update SDM from the task bar in order to ping, Telnet, and upgrade the
SDM to the latest version. You can do this from, from the local PC, or from
the CD.

• Choose Help > About this Router in order to view information on the hardware
configuration of the router.

This window shows information about the IOS image stored in the router.

• The Help option provides information about the various available options in the SDM for
the configuration of routers.