Internetworking Basics, INTERNETWORKING
Dividing 1 large network into a few dots, called Network Segment, which is completed by Routers, Switches, and Bridges.
The possible reason for causing LAN congestion is: 1. Too many hosts exist in the Broadcast Domain 2. Broadcast Storm 3. Multicast 4. Excessive bandwidth
Using Routers in the network: 1. They defaults to not forward broadcasts 2. They can filter networks based on the information of Layer-3 (Network Layer).
Main purposes of Switches: Improve the performance of LAN, provide more bandwidth to users
Collision Domain: Ethernet Terminology 1, a device in a conflict domain sends a packet in a certain network segment, forcing all other devices of the network segment to pay attention to this package. And in one of the same time Different equipment attempt to send the package at the same time, then the occurrence of conflicts will be caused by this network segment, reducing network performance
Bridges is equivalent to Switches in a sense, and different places are Bridges only including 2 to 4 ports (port), while Switches can include up to Hundred ports. But the same place is that they can be divided into large conflict domains A small conflict domain, because 1 port is a conflict domain, but they are still in one large broadcast domain. Split the task of the broadcaster domain, can be done by Routers
Internetworking models, INTERNETWORKING
Early network vendors have private networks, not convenient to communicate with other manufacturers. So, in the late 1970s, ISO organization created an OSI (Open System Interconnection) reference model.
The OSI Reference Model is used to help different manufacturers create network devices and software that work together with the other party, the biggest feature is hierarchical. But it is still just a reference model rather than physical models.
Advantages of ReferNCe Models
OSI Reference Model Advantages: 1. Allow multi-manufacturers to develop network standardization components 2. Allow different types of network hardware and software to communicate with each other 3. Prevents changes in some layers to other layers to avoid homogeneration to the entire model
The OSI Reference Model
The OSI reference model is divided into 7 layers of 2 groups; the maximum 3 layer defines how the end user is communicating; the bottom 4 layer defines how the data is transmitted to the end. The highest level 3, also known as the Upper Layer, they Do not care about the specific situation of the network, these work is 4 layers to complete
The entire reference model is divided from high to low: 1.Application2.presentation3.session4.transport5.network6.data link7.physical
Network devices running on the entire OSI reference model are: 1. Network Management Workstation (NMS) 2. Web Page and Application Server 3. Gateway (Gateways) 4. Hosts on the Internet (Hosts)
OSI reference model: 1.Application layer: Provide user interface 2.Presentation layer: expressed data; operations such as encryption, compression, etc. 3.ssion layer: Establish a session, dividing data 4 of different applications 4. TRANSPORT layer: Provide reliable and unreliable data delivery; corrected 5.Network layer before error data Re-transfer: Provide logical address, path selection of routers for Routers 6.Data Link layer: Package the byte properties Frame; access to the transmission medium according to the MAC address; implement an error detection, but does not implement an error correction 7.Physical layer: Transfer bit (bit) between devices; define voltage, line speed, pin and other physical specifications
OSI Reference Model Features Each layer: 1.Application Layer: Provide file, print, database, and other applications 2.Presentation layers: Data encryption, compression, and translation, 3.Session layer: session control 4.Transport layer : Provides an end-to-end connection 5.Network layer: Routing 6.Data Link layer: Membrade frame 7.physical layer: Define physical topology
The session layer
The Session Layer is responsible for establishing, managing, and terminating sessions. During the device and node (NODES) session control .3 modes: Simplex Half Duplex and Full Duplex
Some examples Session layer protocols and interfaces: 1.Network File System (NFS) 2.Structured Query Language (SQL) 3.Remote Procedure Call (RPC) 4.X Window5.AppleTalk Session Protocol6.Digital Network Architecture Session Control Protocol (DNA SCP) The Transport Layer
The Transport Layer Re-combines data streams (Data stream)
Flow Control
Flow Control guarantees the integrity of the data and prevents the recipient buffer overflow, the buffer overflow will result in incomplete data. If the data sender is too fast, the acceptor temporarily stores the Data report (DataGrams) In the buffer (Buffer)
Reliable data transmission uses a connection-oriented communication method, guaranteed: 1. Receive partner received segment (segment) will send back acknowledgment (ACKNOWLEDGE) to send party 2. No confirmation The re-transmitted 3. Segment should be in appropriate order before reaching the acceptor 4. The flow control technology that can be managed is used to avoid the loss of congestion, overloading and data.
Connection-Oriented Communication
Connecting communication: sending party first established a session (call setup) or 3 degree handshake (Three-Way Handshake); then the data begins to transfer; after the data bolt is completed, the virtual circuit connection is terminated (Virtual Circuit)
3 degree handshake (orientation back) process: 1. Segment of the first request connection license is required to be synchronized, transmitted by the sender to the acceptor 2. Send party and the recipient negotiation connection 3. Acceptor and sender Synchronization 4 The sender conducts confirmation 5. Connection establishment, start transmitting data
If the sender sends a data report too fast, and the reception party buffer is already full, it will feed back the information of 1 Not Ready to the sender, and the information will feed back the information to the sender after the data processing in the buffer is completed. So the sender continues to send data. This is the purpose of stream control
If any data segment is lost during transmission, it is copied, or if it is damaged, this will result in failure. This problem has to rely on the acceptor feedback to confirm the sender
Windowing
Window means that the sender is allowed to wait for the data segment, the size is measured by bytes, such as bytes, such as: If the 1 TCP session is established in a 2-byte window, if the window is transmitted from the window 2 bytes increased to 3 bytes, then the sender will not wait for the confirmation information of the previous 2 bytes, transfer directly with 3 bytes
The Network Layer
The Network Layer is used to manage the device address, track the location on the network, determine the best route to transfer data. There are two packages: 1. Data (data) 2. Routing update information (route Updates)
Routers must keep one single routing table for each routing protocol, because different routing protocols track network information according to different address mechanisms
Some of the information contained in the routing table: 1.Interface: Exit 2. degree (metric)
Some of the key points of Routers: 1. By default, the broadcast and multicast package 2. Determine 1 hop (HOP) 3 according to the logical address. The bridging function of layer 2 can be provided, and one interface 4 can be routed simultaneously. Provide VLANS connection 5. You can provide Quality of Service (QoS)
The Data Link Layer
The Data Link Layer is responsible for the physical transmission, error detection, network topology and flow control of the data. This means that it will be delivered according to the hardware address on the data LAN, but also to translate the network layer to the Physical Layer. transmission
The Data Link Layer of the IEEE Ethernet (EHERNET) has 2 sub-layers: 1.media Access Control (Mac) 802.3: This layer defines physical address and topology, error detection, stream control, etc. Sharing bandwidth, first-serving principle (First Come / First Served) 2.Logical Link Control (LLC) 802.2: Responsible for Identifying the Network Layer Protocol and encapsulate data .LLC header information tells Data Link Layer how to process accepted frames, LLC also provides stream control and Control bits number Switches and Bridges at The Data Link Layer
The second layer of equipment Switches is considered to be hardware-based Bridges because one special hardware called Application-Specific Integrated Circuit (ASIC) is used. Muics can be at a very low delay (latency). Bridges are based on software nature
Delay: 1 frame consumed from the port that the port arrives at the outlet
Transpent Bridging: If the target device and frame are in the same network segment, the layer 2 device prevents the cloged port from being transmitted to another network segment; if it is in different network segments, the frame is in different network segments, the frame Will only be transferred to the network segment where the target device is located
The network segment connected to each and the Switches must be the same type of device, such as the host on the token ring and the host on the Ethernet of the Ethernet, which is called Media Translation, but you can use Routers to connect such different types of networks
Using Switches in the LAN than using the benefits of using HUBS: 1. Device inserting Switches can transmit data at the same time, and hubs can't 2. In Switches, each port is in one separate conflict domain, and all ports of HUBS are in In a large conflict domain, it is conceivable that the former can effectively increase bandwidth in the LAN. But all ports of these two devices are still in one large broadcast domain.
The Physical Layer
The Physical Layer is responsible for sending and receiving bit. Bit consists of 1 or 0. This layer is also used to identify data terminal equipment (DTE) and Data Communication Equipment (DCE) interface
DCE is generally located in the service provider and DTE is generally an accessory device. Available DTE services are usually accessed via Modem or Channel Service Unit / Data SEVICE Unit (CSU / DSU)
HUBS: It is actually a multi-port REATERS, re-enlarged signal, solving the problem of too long, signal attenuation.
1 Physical Star Topology, is actually logically logically logical bus (Bus) topology
Ethernet networking
The Ethernet uses a constent medium access method. This mechanism allows all hosts to share with all hosts on all networks. PHYSical Layer and Data Link Layer are used. It uses one type of conflict detected carrier monitor multiplexed access Carrier Sense Multiple Access with Collision Detection, CSMA / CD) mechanism
CSMA / CD: Helps the shared bandwidth device to avoid simultaneously sending data, conflicting protocols. Backoff algorithms is used to determine when 2 devices that conflict have re-transmitted data
Problems Brought by CSMA / CD Network: 1. Delay 2. Low throughput (THROUGHPUT) 3. Congestion
HALF- FULL-DUPLEX Ethernet
HALF-DUPLEX Ethernet: It only uses 1 pair cable. If HUBS is connected to Switches, you must operate in half-duplex mode, because the end workstation must be able to detect conflicts. Half-duplex Ethernet bandwidth Using only 30% -40% of the upper limit
Full-Duplex Ethernet: 2 pairs of cable, point-to-point connection, no conflict, double bandwidth utilization
Full-duplex Ethernet can be used in the three kinds of sites: 1.Switch and Host Connecting 2. Switch and Switch Connected 3. Host and Host Automatic Detection Mechanisms Connected by Crossover Cable (Auto-Detection Mechanism) : When the full duplex Ethernet port power is activated, it is connected to the far end and negotiates it with it. See is running at a speed of 10 Mbps or speed at 100Mbps; if you check, you can use a full-duplex mode, if No, switch to the half-duplex mode
Ethernet At the Data Link Layer
4 types of Ethernet frames: 1. Ethernet II2.ieee 802.23.ieee 802.34.snap
Ethernet Addressing
The MAC address is burned in the Network Interface Card (NIC). MAC address, also called hardware addresses, consists of 48-bit long (6 bytes), and 16-based numbers .0-24 bits are made of manufacturers They allocate. 25-47 bits, called organizational unique markers (ORGANIZATIONALLY IDENTIFIER, OUI).
OUI is assigned by IEEE to each organization. The organization assigns 1 unique global address to each network card in order to ensure that there will be no repetition number. The 47th is Individual / Group (I / g) When I / G bit is 0, we can imagine that this address is the actual address of the MAC address. It can appear in the MAC header information; when I / G bit is 1, we can imagine it for broadcast or multicast. The 46th is called G / L bit, also called U / L bit. When this bit is 0, it represents it is the global address allocated by the IEEE; when this bit is 1, representative local management addresses (for example in Decnet) )
Ethernet Frames
The second layer is used to connect the first layer of bits to bytes, and then constitute frames.
Types of 3 media access methods: 1. Strue (Contention) for use in Ethernet 2. Token Passing, used in FDDI and Token Ring 3. Vote for polling, used in IBM Mainframes and 100VG-Anylan
Cyclic Redundancy Check (CRC): For error detection, not error correction
Tunneling: Package different types of frames in 1 frame
EtherNet II Frame: 1. Preamle field: Alternate 1 and 0 Composition. 5MHz clock frequency, 8 bytes, including 7-byte start frame division (SFD), SFD is 10101011, Last 1 byte synchronization (SYNC) 2. Destination Address, DA): 6 bytes 3. Source Address, SA): 6 bytes 4. Type (TYPE) field: used to identify the upper protocol , 2 bytes 5. Data (DATA): 64 to 1500 bytes 6. Frame Check Sequence, FCS: 4 bytes, Storage CRC Values
802.3 Ethernet Frame: 1. Preamle field: Alternate 1 and 0 Composition. 5MHz clock frequency, 8 bytes, including 7-byte start frame division (SFD), SFD is 10101011, Last 1 byte synchronization (SYNC) 2. Destination Address, DA): 6 bytes 3. Source Address, SA): 6 Bytes 4. Length (Length) field: You cannot identify the upper protocol, 2 bytes 5. Data (DATA): 64 to 1500 bytes 6. Frame Check Sequence, FCS: 4 bytes, Storage CRC Values
802.2 and SNAP
Because 802.3 Ethernet frame does not identify the capabilities of the upper protocol (use the length field), it requires the 802.2 LLC standard defined by IEEE to help it implement this function.
802.2 Frame (SAP): 1. Target Service Access Point (DEST SAP) field: 1 byte 2. Source SAP) field: 1 byte 3. Control field: 1 or 2 bytes 4 Data: size variable
1 802.2 frame consists of 802.3 Ethernet frames plus LLC information so that it can identify the upper protocol
802.2 frame (SNAP): It has its own protocol to identify the upper protocol 1. Destination SAP field: 1 byte, always aa2. Source Service Access Point (Source SAP) field: 1 byte Total aa3. Control field: 1 or 2 bytes, value is always 34.oui ID: 3 byte 5. Type (TYPE) field: 2 bytes, identify the upper protocol 6. Data: Size variable Ethernet At The Physical Layer
Some original and extended IEEE 802.3 standards: 1.10Base2: base is a baseband transmission technology, 2 means the maximum distance is close to 200 meters, actually 185 meters, 10 refers to the speed of 10Mbps, using the physical and logical bus topology, AUI connector 2.10Base5: 5 refers to the maximum distance of 500 meters, 10 refers to the speed of 10Mbps, which uses a physical and logical bus topology, AUI connector 3.10Baset: 10 refers to the speed of 10Mbps, which is a physical star and logical bus. Topological structure, 3 type UTP twisted pair, RJ-45 connector, each device must be connected to HUB or Switch, so 1 network segment can only have 1 host 4.100Baset: 100 refers to the speed of 100Mbps, which is physically Star and logical bus topology, 5, 6 or 7 UTP2 pair twisted pair, RJ-45 connector, 1 network segment 1 host 5.100BASEFX: 100 refers to the speed of 100Mbps, fiber optic technology, point-to-point topology, maximum 412 meters, ST or SC connector 6.1000Baset: 1000 refers to the speed of 1000Mbps, fiber optic technology, point-to-point topology, maximum distance 412 meters, 5 UTP4 pair pair, maximum distance 100 meters
Ethernet Cabling
Ethernet cable cable: 1. Straight-through 2. Crossover 3. Rolled
Straight-through cable
Bright line is used to connect: 1. Host and Switch / Hub2.Router and Switch / Hub
The straight line only uses 1, 2, 3, 6-pin, 2-terminal connected method
Crossover Cable
Cross wires are used to connect: 1Switch and Switch2. Host and hosts 3.Hub and Hub4.Hub and Switch5. Hosts are directly connected to ROUTER
Cross wires use only 1, 2, 3, 6-pin, 2-terminal connected method 1 even 3, 2, 6, 3, 1, 6 connected 2
Rolled Cable
The reverse wire is not used to connect the Ethernet connection. It is used to connect the host port of the host and the router. It uses 1 to 8 heel pins, and the 2nd is all opposite.
When the host is connected to the router's console port with the inversion line, the HyperterMinal program in the Window system can be connected to the Router, which is configured: 1.bps: 96002.data bits: 83.parity: None4.stop bits : 15.Flow Control: None
Data encapsulation
Encapsulation: Adding the OSI Reference Model Each floor of each floor is added to the process of data information, and it is called unquea.
Protocol Data Units (PDU): Data includes information of encapsulated information in the OSI reference model: 1.Transport Layer: segment2.network layerscket or DataGram3.Data Link Layer: frame4.physical layer: bits
Chapter2 Internet Protocols
TCP / IP and The DOD Model
The DOD model is considered to be the concentrate of the OSI reference model, divided into 4 layers, from top to bottom: 1.Process / Application Layer2.host-to-host layer3.internet Layer4.Network Access Layer, where functions The OSI reference model corresponds to each other, then: 1. DOD model PROCESS / Application layer corresponding to the highest 3-layer 2.DOD model of the OSI Reference Model Corresponds to the TRANSPORT layer of the OSI reference model 3.DOD model of the TRNET The NetWork Access Layer of the NetWork Agreement of the OSI Reference Model Corresponds to the OSI Reference Model of the OSI Reference Model THE Process / Application Layer Protocols
The protocols and applications containing the Process / Application layer include: Telnet, FTP, X Windows, TFTP, SMTP, SNMP, NFS, and LPD, etc.
Dynamic Host Configuration Protocol (DHCP) / Bootp (Bootstrap Protocol)
Dynamic Host Configuration Protocol (DHCP) server can be provided with: 1.IP address 2. Subnet mask 3. Domain Name 4. Default Gateway 5.dns6.wins
The Host-to-host Layer Protocols
The Host-to-Host layer describes two protocols: 1. Transmission Control Protocol, TCP 2. User Data Ravel Protection (UDP)
Transmission Control Protocol (TCP)
When 1 host starts sending data segments (segment), the sender's TCP protocol is negotiated and connected to the recipient TCP protocol. After the connection, the so-called virtual circuit (Virtual Circuit), such a communication method is called Connection-Oriented). The biggest advantage for connection is reliable, but it adds additional network burden (Overhead)
User DataGram Protocol (UDP)
The most characteristic of the UDP protocol is no connection (not reliable, because it does not negotiate and connect with the other party, it will not give the data segment label, and do not care about whether the data segment reaches the recipient
Key Concepts of Host-To-host protocols
Now make a comparison of some of the TCP protocols and UDP protocols: 1.TCP. The protocol is to send the data segment to the segment mark; the UDP protocol is not 2.TCP protocol is reliable; the UDP protocol is not reliable 3.TCP protocol is connected The UDP protocol uses no connection 4.TCP protocol load is high; the UDP protocol low load 5.TCP protocol The sender of the TCP protocol is to confirm whether the recipient receives the data segment; UDP is negative 6.TCP protocol adopts window technology and flow control; UDP protocol on the contrary
Port Numbers
The TCP and UDP protocols must communicate with the upper layer using the port number, as different port numbers represent different service or applications. 1 to 1023 port called well-known port numbers (Well-KNown Port Numbers). Source The port is generally random allocation of 1024.
The Internet Layer Protocols
In the DOD model, the Internet layer is responsible for: routing, and providing a separate network interface to the upper layer.
Internet Protocol (IP)
The IP protocol looks for the address of each packet (Packets), and then determines the 1 segment of the path under this packet according to the routing table to find the best path
Internet Control Message Protocol (ICMP)
The ICMP protocol is the Internet layer that works in the DOD model. The IP protocol uses the ICMP protocol to provide some different services. The ICMP protocol is a management protocol.
Some ICMP protocols related information and events: 1. Destination unreachable: If 1 Routers cannot send IP protocol datagrans to farther, then Router will send ICMP protocol information to the sender of the datagram, Tell it that the target network is not arrival. 2. Buffer fulle: If the Router's buffer has already filled the IP protocol data sent by the sender, it will send ICMP protocol information to the sender and tell it to buffer. The area is full, if it will cause the buffer to overflow, resulting in data loss 3. Jump (hops): IP protocol datagram After 1 ROUTER, it is called the 1 hop 4.PING (Packet Internet Groper): ICMP Protocol information to check if the network's physical connection and logical connection is intact 5.TraceRoute: Track data on the network based on ICMP protocol information, which jump Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is used to find hardware addresses according to 1 known IP address. It translates IP addresses into hardware addresses
Reverse Address Resolution Protocol (RARP)
RARP protocol is used to translate MAC addresses into IP addresses
IP Addressing
The IP address is a software address, the MAC address is a hardware address, and the MAC address is burned in the NIC. The MAC address is used to find the host address in the local network. IP address is unique, also called Network Address; hardware address Also called Node Address
Network address
Network address is divided into 5 categories: 1.A address: 4 8-bit position group (OCTETS). The first OCTET represents the network number, the remaining 3 representative host bits. The range is 0xxxxxx, 0 to 1272.b Class Address: The first 2 Octets represent the network number, the remaining 2 representative host bits. The range is 10xxxxxx, that is, 128 to 1913.c class Address: The first 3 OCTETs represent the network number, the remaining 1 representative host bit. The range is 110xxxxx, ie 192 to 2234.D address: multicast address, range is 224 to 2395.e address: reservation, experiment, range is 240 to 255
Network address: Special Purpose
Some special IP addresses: 1.IP address 127.0.0.1: Local loopback test address 2. Broadcast address: 255.255.255.2553.ip Address 0.0.0.0: Representative Any network 4. The network number is 0: Representative This network Or this network segment 5. The network number is all 1: represents all network 6. Node number is 0: Represents any host address of a certain network segment 7. Node is all 1: Represents all host broadcast addresses representing the network segment The TCP / IP protocol stipulates that the IP address of the host number part is used for broadcast. The so-called broadcast address refers to sending a message to all hosts in the Internet, that is, regardless of the physical network characteristics, the Internet network supports broadcast transmission. As 136.78.255.255 is a broadcast address in the class B address, you send the information to this address, send the information to all the hosts 136.78. Sometimes you need to broadcast in this network, but I don't know the network. When the network number, the TCP / IP protocol specifies that the IP address of 32-bit is used for this broadcast, ie 255.255.255.255.
Private IP Address
Private IP Address: Saving the IP address is space, adding security. Networks in private IP address are called intranets, communicating with external portions, must rely on network address translation, nat)
Some private addresses range: 1.A Address: 10.0.0.0 to 10.255.255.255.2552.B Class Address: 172.16.0.0 to 172.31.255.2553.C Class Address: 192.168.0.0 to 192.168.255.255
Broadcast Address
Broadcast address: 1. Layer 2 broadcast: ff.ff.ff.ff.ff.ff.ff.ff.FF, send to all nodes in the LAN 2. Layer 3 broadcast: Send all nodes on the network 3. Unicast: Send to a separate A target host 4. Multicast: Many nodes sent to different networks by one host
Introduction to NetWork Address Translation (NAT)
NAT is generally operated on the Cisco Router, used to connect 2 networks while translating private addresses, translation of public addresses, and features: 1. Static NAT (static nat): Local address and global address one by one. Such The way you need you have an IP address on the true Internet 2. Dynamic NAT (Dynamic Nat): Corresponding to the unregistered IP address to an IP address in the registered IP address pool. You don't have to configure your Router Internal and external address: Overloading: The most widely used NAT configuration type. Similar to dynamic NAT, but it is a registered IP address corresponding to 1 set of unregistered IP addresses (ports) On. So it is called port address translation (PORT)
Chapter3 IP Subnetting and Variable Length Subnet Masks (VLSM) Subnetting Basics
Subnet division advantages: 1. Reduce network traffic 2. Improve network performance 3. Simplify management 4. Easy to expand geography
How to Creat Subnets
How to divide the net? First, you want to know the power of 2: 2 0 times to 9 times the value is: 1, 2, 4, 8, 16, 32, 64, 128, 256 and 512. There is also understandable: The subnet is divided by means of the host position, and the part taken as a subnet. So this means more than the subnet, the less the host will
Subnet Masks
Subnet mask is used to identify which part of the IP address is the network address, which is the host address, with 1 and 0, a length of 32 bits, the full 1 bit represents the network number. Not all the networks need subnets, So introduce 1 concept: Default Subnet Mask. The default sub-mask of the class IP address is 255.0.0.0.0.0.0.255.0.0.0.0.055.255.255.0
ClassSs Inter-Domain Routing (CIDR)
CIDR is called a class-free inter-domain routing, ISP is often assigned an address to the client, ISP is provided to 1 block, similar to this: 192.168.10.32/28, this row number tells you your subnet mask How much, the / 28 represents a number of 1, max. But you must know 1 point: whether it is a class or Class B or other class address, the maximum available can only be 30 /, that is, 2 bits Host position
CIDR value: 1. Mask 255.0.0.0:0.0:/93. Mask 255.192.0.0:/104. Mask 255.192.0.0:/104. Mask 255.224.0.0:/115. Mask 255.240.0.0:/126. Mask 255.248.0.0:/145. Mask 255.254.0.0:/159. Mask 255.255.0.0:/16 (B) Default Masking Code) 10. Mask 255.255.128.0:/1711. Mask 255.255.224.0:/1913. Mask 255.255.240.0:/2014. Mask 255.255.248.0:/2115. Masking Code 255.255.252.0:/255.254.0:/2317. Mask 255.255.255.0:/24 (Class address default mask) 18. Mask 255.255.255.128:/2519. Mask 255.255.255.192: / 2620. Mask 255.255.255.224:255.255.240:/2822. Mask 255.255.255.248:/255.255.252:/30
Subnetting Class A, B & C Address
Several shortcuts of the division: 1. How many subnet mask you choose will generate?: 2 X-2 (X represents mask bit, ie, 2) 2 How many hosts can I have each subnet?: 2 of the Y times -2 (Y represents the host bit, ie the part of the 2) is 0, the effective subnet is?: Effective subnet number = 256-10 The subnet mask (the result is called block size or base number) 4. The broadcast address of each subnet is: Broadcast address = The effective host of each subnet is?: Ignore the subsidiary The rest of the address of 0 and all 1 is the active host address. The last effective one host address = the next sub-network number-2 (ie broadcast address-1), according to the specific example of the above-described shortcut division: C class address example : Network address 192.168.10.0; Subnet mask 255.255.255.192 (/ 26) 1. Number of subnets = 2 * 2-2 = 22. The number of hosts = 2 = 2 = 623. Available Subnet?: BLOCK SIZE = 256-192 = 64; So the first subnet is 192.168.10.64, the second is 192.168.10.1284. Broadcast address: next subnet-1. So the two subnet broadcast addresses is 192.168.10.127, respectively. 192.168.10.1915. The effective host range is: The host address of the first subnet is 192.168.10.65 to 192.168.10.126; the second is 192.168.10.129 to 192.168.10.190
Class B Address: Network Address: 172.16.0.0; Subnet Mask 255.255.192.0 (/ 18) 1. Number of subnets = 2 * 2-2 = 22. Host number = 2 square -2 = 163823 Subnet?: Block size = 256-192 = 64; So the first subnet is 172.16.64.0, the last 1 is 172.16.128.04. Broadcast address: next subnet-1. So 2 subnet broadcast addresses It is 172.16.127.255 and 172.16.191.2555. The effective host range is: the host address of the first subnet is 172.16.64.1 to 172.16.127.254; the second is 172.16.128.1 to 172.16.191.254
Class B Address: Network Address: 172.16.0.0; Subnet Mask 255.255.255.224 (/ 27) 1. Number of subnets = 2 = 2046 (because the B-class address default mask is 255.255. 0.0, the network bit is 8 3 = 11) 2. The number of hosts = 2 is 5 times - 2 = 303. Available Subnet?: Block size = 256-224 = 32; So the first subnet is 172.16. 0.32, last 1 is 172.16.255.1924. Broadcast address: next subnet-1. So the first subnet and the last 1 subnet broadcast address is 172.16.0.63 and 172.16.255.2235. The effective host range is: First The host address of the net is 172.16.0.33 to 172.16.0.62; the last 1 is 172.16.255.193 to 172.16.255.223
Variable Length Subnet Masks (VLSM)
East Subnet Mask (VLSM) effect: Save IP address space; reduce routing table size. When using VLSM, the route protocol used must be able to support it, including RIPv2, OSPF, EIGRP, and BGP. About more VLSM knowledge, you can go to Google.com to search
Troubleshooting IP Address
Some network problems have no difficulty 1. Open 1 DOS window in Windows, ping local loopback address 127.0.0.1, if the feedback information fails, the IP protocol stack is wrong, you must reinstall the TCP / IP protocol 2. If 1 is successful, Ping Native IP address, if the feedback information fails, your NIC cannot communicate with the IP protocol stack.
Chapter4 Introduction To The Cisco Iosthe Cisco Router User Interface
Cisco InternetWork Operation System (iOS) is Cisco's Routers and Switches kernels
Cisco Router iOS
Some of iOS: 1. Carry Network Protocol and Function 2. Connect to devices that generate high-speed traffic 3. Increase network security 4. Provide network scalability to simultaneously increase network growth and redundancy problems 5. Reliable Connection Network Resources You can enter iOS: 1. By the router's console port, used for local 2. Auxiliary (AUX) port for remote 3. Telnet through the VTY line.
Bringing Up A Router
When starting 1 ROUTER, it will be divided into the following stages: 1. Power-on self-test, post) 2. If 1 is normal, if iOS exists, it will be from its flash (Flash Memory) Find and load iOS into the RAM (2500 Series does not load RAM, running directly from flash memory). Flash is an electronically erased read-only memory (Electronical EraSable Programmable Read-Only Memory, EEPROM) 3. If 1 And 2 normal, next it will find the launch profile startup-config in non-volatile RAM (NVRAM), if no startup configuration file is found, Router will enter the setup mode
Setup mode
Setup mode can be configured to Router, but we do not recommend using this method to configure Router. It is divided into 2 modes: 1.Basic Management2.extended Management
In Setup mode, [] represents the default setting, you can use Ctrl C to exit Setup mode at any time
Command-line interface
When you ask if you enter the setup mode, select NO, enter the command line mode
Logging Into the router
From User Mode, enter the privilege mode (Exec mode), pay attention to the change in the prompt: Router> Enablerouter #
Exit from privilege mode to user mode: Router # Disablerouter>
Exit the Router command line: Enter logout in user mode and privilege mode, as follows: Router # logoutrouter Con0 is now AvailablePress Return To Get Started
Overview of router modes
Configure Router, you need to enter a pattern called configuration mode, enter Configure Terminal in privileged mode Enter the global configuration mode, the command entered under this is a global command, once input, will result in the entire ROUTER Impact. As follows, pay attention to the changes in the prompt: Router # configconfigruation from terminal, Memory or network [Terminal]? (Press Enter) Router (config) # Difference between Terminal, Memory and Network: 1.configure Terminal: Configuring Router Running -config, Running-Config is currently running in dynamic RAM (DRAM) configuration file 2.configure memory: configures Router's Startup-Config, so-called Startup-config is the configuration file stored in the NVRAM stored in Router 3.configure Network: Configure configuration files stored on the TFTP host
Interfaces
In the global configuration mode, switch the router interface, enter the interface command, is used to prompt the optional parameters, for the following: Router #Interface? () Serial Serial The first half is the parameter, the second half is description, then enter Serial 0, enter the Router interface configuration mode, as follows: Router (config) #interface serial 0router (config-if) #
Subinterfaces
At a part of the Router's interface, enter the subinterface, enter the command into the sub-interface mode, as follows, note: Router (config) #interface fa0 / 0.? <0-4294967295> FasteherNet Interface NumberRouter (config) # Interface Fa0 / 0.1Router (config-subs) #line command
Enter the line configuration mode, note the prompt, as follows: Router #LINE Console 0Router (config-line) #
Routing Protocol configurations
Configure routing protocols to Router, such as RIP, note prompt, as follows: Router #Router Riprouter (config-router) #
Exiting from global mode to privilege mode You can use shortcuts Ctrl Z
Editing and Help Features
Some close-up: 1. Enter the command line? You will get the list of commands that can be used in this mode. Enter C plus 1? You will get all commands you can use in this mode: router # c? CLOCK Configuration Connect CopyRouter # clock? Set set the time and date3. If the command you entered is incomplete, 1 error will be obtained Tip: IMComplete Command, this helps analyze the command. No error, such as Show can be abbreviated as SH, SHO, but if you enter incomplete abbreviations, you will get an error message: Ambiguous CommandRouter #SH TE% Ambiguous Command: SH TEROUTER # SH TE? TECH-Support Template Terminal
All other shortcuts: 1.ctrl a: quickly move the cursor to the destination of the whole line. Ctrl B: Back 1 character 5.esc f: Adjour 1 word 6.ctrl f: Adjour 1 character 7.ctrl D: Delete 1 character 8.Backspace: Delete 1 character 9. Ctrl R: Re-displays 1 row 10.ctrl u: Erase 1 Trunk 11.ctrl W: Delete 1 word 12.Tab: Automatic Replenance Command 13.up Arrow or Ctrl P: The last input before display Over the command 14.down Arrow or Ctrl N: Displayed the command just entered before
Other some of the history of history: 1.Show history: Displays the last 10 commands, the default is 10, can modify this value 2.Terminal History Size: Modify the number of commands that display the last input, the default is 10 Bar, Maximum 256 3.Show Terminal: Display Command History Cache Size, as follows: Router # Shiminal () History Is Enabled, History Size IS 10 () Router # Terminal History Size? <0-256> size of History BufferRouter # Terminal History Size 25Router # Shiminal () History IS Enabled, History Size IS 25 ()
Gather Basic Routing Information
Show version: Displays the basic configuration and software version of the system hardware, as well as the name and source of the configuration file, and startling the mirror, the final is the value of Configuration Register.
Set Passwords:
There are 5 passwords for encryption your Cisco Router: 1. Console 2. Auxile (AUX) 3.vty4.enable password5.enable Secret
Enable passwordSenable Password: Encrypts Console and Aux port to prevent unauthorized users from entering privilege mode, but the password is a non-encrypted form Enable Secret: Give console and AUX port, prevent unauthorized users from entering privilege mode, password is encrypted, and once they work This password will be over Enable Password. If you set the Enable Password and Enable Secret, you must enter a different password, as follows: Router (config) #enable password 123Router (config) #ENABLE SecR 123THE ENABLE Password You Have Chosen Is The Same As Your Enable Secret.this Is Not Recommended.re-Enter The Enable PasswordRouter (config) #ENABLE SecR 321
If the password of the VTY line is not set, you will not be able to use Telnet to connect it.
Auxiliary Password
Configuring aux password: Router # conf Trouter (config) #LINE AUX? <0-0> first line number (config) #LINE AUX 0Router (config-line) #loginRouter (config-line) #password 123
Console Password
Configure the console password and some auxiliary commands: router # conf Trouter (config) #LINE console? <0-0> first line numberrouter (config) #LINE Console 0Router (config-line) #loginRouter (config-line) #password 123Router Config-timeout? <0-35791> Timeout in minutesrouter (config-line) # EXEC-TIMEOUT 0? <0-2147483> Timeout in seconds
Telnet Password
Configuring VTY password: If your iOS is not an Enterprise Edition, you can only have 5 VTY lines by default, lines 0 to 4. Configuration: Router (config-line) #line vty 0? <1-4> Last Line Number
Just said, if your VTY line does not configure the password, you will not be telnet to connect it, it will report the error: The VTY line does not configure the password. But you can cancel the Vty password, so you can do without a password. Telnet, is safe, this method is not recommended, configured as follows: Router (config-line) #LINE VTY 0 4Router (config-line) #no login
Encryption your passwords
Only Enable Secret is encrypted, when you enter a sh running-config display DRAM in privileged mode, other passwords will be listed out: Router # sh Run ()! Enable Secret Jhdflkdfg $ # SDFENABLE Password 123! slightly)
Encrypt your password: Using Service Password-Encryption command in global configuration mode BANNERS
Banner is similar to a slogan, greeting. The most commonly used MOTD (Message of the Day), the delimiter is used to separate information, but the separator cannot appear in MOTD information, as follows: router #banner motd #the router is Mine #Router # ^ z (Ctrl Z) Router # exitRouter Con0 is now AvailablePress Return To Get Startedthe Router is Minerouter>
Three other Banner: 1.exec banner2.incoming banner3.login banner
Router Interfaces
Configure the router interface, the general command mode is used: Interface Type Number format, such as Router (config) #int Ethernet 0 but Cisco's 2600, 3600, 4000, and 7000 and other series uses physical card slots and modular port mechanisms. Therefore, the command changes to: Interface Type Slot / Port, such as Router (config) #int Fastethernet 0% IMCOMPLETE COSTERNET 0 / ROUTER (config) #int FasteThernet 0 /? <0-1> Fastethernet Interface NumberRouter (config) #int FasteThernet 0/1
Configure the media type of the connector, use the Media-Type command, but this is generally automatically detected, as follows: Router (config) #int fa 0 / 0Router (config-if) # media-type? 100Basex Use RJ45 for -tx; sc F0 for -fxmii use mii connectionctor
Bring Up an interface
Open and close 1 interface, use the shutdown and no shutdown command, when you turn off an interface, use the sh interfaces command to view the status, and you will see the following output: Router # sh int e0ethernet0 is Administrative Down, The Line Protocol Is Down is closed, so you have to open it manually, as follows: Router # conf Trouter (config) #int E0Router (config-if) #no shutrouter (config-if) # ^ Zrouter # Sh Int E0 E0ETHERNET IS UP, LINE Protocol Is Up ()
Configuring an ip address on an interface
Configure the IP address to an interface, use the IP address [address] command, as follows: Router #int E0router (config-if) #ip address 172.16.10.2 255.255.255.0 Remember to open the interface: Router (config -IF) #no shutrouter (config-if) # ^ z
If you need to add a second subnet address at one interface, use the secondary parameter at the end, which will replace the existing IP address, as follows: Router #int E0router (config-if) #ip address 172.16.20.2 255.255. 255.0 SecondaryRouter (config-if) # ^ z To verify: Router # Sh Run ()! Interface Ethernet0ip address 172.16.20.2 255.255.255.0 Secondaryip Address 172.16.10.2 255.255.255.0!
Serial Interface CommandSserial port is generally connected to a device for providing clock frequencies such as CSU / DSU. However, if you use a back-to-back configuration in an experimental environment, then 1-terminal will provide a clock frequency as a DCE device. Default Cisco's ROUTER It's all DTE, so you have to let 1 serial interface to provide the clock frequency. The command used is: Clock Rate, as follows: Router #int S0router (config-if) #clock Rate? Speed (Bits Per Second) 1200 () 5600064000 () ROUTER (config-if) #clock Rate 64000% error: this commands applies only to dce interfacesRouter (config-if) #int s1router (config-if) #clock Rate 64000
Determine if the serial interface is the DCE cable using the sh cytrollers command, as follows: Router> Sh Controllers S 0HD Unit 0, IDB = 0x297de8, Driver Structure AT 0x29F3A0Buffer Size 1524 HD Unit 0, V.35 DCE CABLE
The default serial connection bandwidth of Cisco's Router is T-1 (1.544Mbps). Some routing protocols are measured by bandwidth, so we give it a bandwidth, use the bandwidth command, pay attention to the parameter unit is KB, as follows : ROUTER (config-if) #BANDWIDTH? <1-10000000> Bandwidth in KilobitsRouter (config-if) #bandwidth 64
Hostnames
Configure the host name to the Router, use the hostname command, this is the local flag, does not affect the work on the Internet, pay attention to the carriage return to take effect immediately, as follows: Router (config) #hostname Nococo (config) #Hostname NoConoco (config) #
Descriptions
Description Command: The local flag can be described in order to distinguish, as follows: Noco (config) # it E0noco (config-if) #description Sales lannoco (config-if) # ^ z To verify: Noco # SH INT E0 Description: Sales LAN ()
Viewing and saving configurations
Copy Running-Config (DRAM) to Startup-Config (NVRAM), using a copy running-config startup-config command: Noco # Copy Run Start
You can use the ERASE STARTUP-Config command to delete the startup-config file, as follows: Noco # Erase Startup-config () Noco # SH start %% NON-VOLATILE Configuration Memory Is Not Present If in this case, use the reload command to re-use the Reload command. Start the router, will enter Setup mode
Verifying your configuration
Ping: The ICMP Echo Requests and RepliestraceRaoute are used: Use ICMP and IP TTL to track the path passed by the package.
Verifying with the show ip interface command
SHOW IP Interface: Provides the layer 3 information of the Router interface, including: 1. Interface Status 2.IP Address and Mask 3. Access List 4. Some other basic IP information
Using the show ip interface brief Command
SHOW IP Interface Brief: and Show IP Interface Similar to SHOW IP Interface, just provide a summary information for simple points Using the show controllers Command
SH controllers: Shows the information of the physical interface, also provides the serial port cable information, as follows: Router # sh Controllers Serial 0/0 () Buffer size 1524 HD Unit 0, V.35 DTE Cable () Router # SH Controllers Serial 0/1 () Buffer Size 1524 HD Unit 1, V.35 DCE CABLE
Chapter5 IP RoutingRouting Basics
Route Protocol: Used for Routers Dynamic Looking for Network Best Paths to ensure that all Routers have the same routing table. Generally, the routing protocol determines the path to the network on the network. This type of protocol has OSPF, RIP , IGRP, EIGRP, etc. Routed Protocol: When all Routers knows the topology of the entire network, the routing protocol can be used to send data. Generally, the routing protocol is assigned to the interface, used to determine the data Package delivery method. This type of example has IP and IPX
Routing: Send 1 packet from 1 device to another device in different networks. These tasks rely on Routers to complete .Routers does not care about the host, they only care about the status of the network and determine the best path in the network.
Router can route packets, you must know at least the following status: 1. Destination Address 2. You can learn from the remote network status neighbor Router3. All routes to the remote network 4. The best path to the remote network 5. How to keep and verify routing information
The IP Routing Process
Routing principle: When a host in the IP subnet sends an IP package to another host, it will directly send the IP package to the network, and the other party can be received. Talk to different IPs. When the host is on the Internet, it is necessary to select a Router that can reach the target subnet, send the IP package to the router, which is responsible for sending the IP package to the destination. If there is no such Router, the host will send IP package On the Router called the default gateway. The default gateway is a configuration parameter on each host. It is when the IP address of a ROUTER interface on the same network forwards the IP package, According to the network number portion of the IP package's IP address, select the appropriate interface, send the IP package. Like the host, the router also determines whether the interface is connected to whether the subnet is destined. If so, directly put the package through the interface Send it to the network, otherwise, choose the next ROUTER to transfer the package .Router also has its default gateway, which is used to transmit the IP package that I don't know, this way, IP packets you know through the IP package that you know how to transfer it correctly Going out, IP packs don't know to the default gateway, such a level of transfers, the IP package will eventually be sent to the destination, and the IP package that does not send the destination is discarded by the network.
When the host A sent a IP package to host B, the target MAC address is used by the default gateway Ethernet interface address. This is because the frame cannot be placed at the remote network.
Show IP Route: View Routing Table Information, such as Router # SH IP Route () Gateway of Last Resort Is Not Setc 192.168.10.0/24 IS Directly Connected, Fastethernet0 / 0C 192.168.20.0/24 IS Directly Connected, Serial 0 / 0Router # c represents: directly connected
Configuring IP Routing in Our Network
When 1 ROUTER receives 1 target network number, it does not send a broadcast to find the target network when it is listed in the package listed in the routing table, but directly discards it.
Several different types of routes: 1. Static routing 2. Default routing 3. Dynamic routing
Static routing
Static routing: Manual filling the route line to the routing table, the advantages are: 1. No additional Router CPU burden 2. Save bandwidth 3. Increase security disadvantages are: 1. Network administrator must understand the entire topology of the network 2 If the network topology changes, the administrator wants to manually modify the routing table 3. not suitable for the configuration commands of static routes in large networks: ip route [dest-network] [MASK] [Next-Hop Address or EXIT Interface] [Administrative Distance] [PERMINTRATIVE DISTANCE] [PERMANENT] IP Route: Create Static Routing Dest-Network: Decide to put into the routing table Mask: Mask next-hop address: Lower 1 Jumping Router Address EXIT INTERFACE: If you want, you can Take this replacement NEXT-HOP Address, but this is a point-to-point connection, such as a wide area network (WAN) connection, this command does not work on the lan Administrative Distance: By default, static routes The management distance is 1, if you replace Next-Hop address instead of next-hop address, the management distance is 0Permanent: If the interface is used by Shutdown or Router, this routing will automatically be removed from the routing table. Use this parameter to ensure that even if the above situation occurs, this route remains in the routing table.
Static route specific configuration: http://bbs.*********.com/uploadfil... 13414321781.jpGrouter Network Address Interface AddressRoutera 192.168.10.0 FA0 / 0 192.168.10.1192.168.20.0 S0 / 0 192.168.20.1Routerb 192.168.20.0 S0 / 0 192.168.20.2192.168.40.1192.168.30.0 FA0 / 0 192.168.30.1Routerc 192.168.40.0 S0 / 0 192.168.40.2192.168.50.0 FA0 / 0 192.168.50.1
Preparation: First configure basic information of Routera, B and C, pay attention to RouterB as DCE to provide clock frequency: routera (config) #IP Address 192.168.10.1 255.255.255.0Routera (config-if ) #no shutRoutera (config-if) #int s 0 / 0routera (config-if) #ip address 192.168.20.1 255.255.255.0routera (config-if) #no shutRoutera (config-if) # ^ Zroutera # Copy Run Start
Routerb (config) #int Fa0 / 0Routerb (config-if) #ip address 192.168.30.1 255.255.255.0routerb (config-if) #no shutrouterb (config-if) #int s 0 / 0routerb (config-if) #ip address 192.168.20.2 255.255.255.0RouterB (config-if) #clock rate 64000RouterB (config-if) #no shutRouterB (config-if) #ip address 192.168.40.1 255.255.255.0RouterB (config-if) #clock rate 64000RouterB ( Config-IF) #no shutrouterb (config-if) # ^ zrouterb # Copy Run Start
Routerc #int Fa0 / 0Routerc (config-if) #ip address 192.168.50.1 255.255.255.0routerc (config-if) #no shutrouterc (config-if) #int S 0 / 0Routerc (config-if) #ip Address 192.168.40.2 255.255.255.0routerc (config-if) #no shutrouterc (config-if) # ^ Zrouterc # Copy Run Start Configuring Routera Static Routing: Routera knows your own network 192.168.0.0 and 192.168.20.0 (directly connected directly), So the Routera's routing table must be added to the information of 192.168.30.0 and 192.168.40.0, 192.168.50. Pay attention to the next jump interface, as follows: Routera (config) #ip route 192.168.0.0 255.255.255.0 192.168.20.2Routera (config) # IP ROUTE 192.168.40.0 255.255.255.0 192.168.20.2Routera (config) #ip route 192.168.50.0 192.168.20.2
Verify Routing Information: Routera # SH IP Route (omitted) S 192.168.50.0 [1/0] VIA 192.168.20.2 () S represents static routing, [1/0] is managed distance and degree
Configuring Routerb Static Routing: The network must learn from Routerb should be 192.168.10.0 and 192.168.50.0, pay attention to their lower 1 jump interface address, configured as follows: routerb (config) #ip route 192.168.0.0 255.255.255.0 192.168.20.1 Routerb (config) #ip Route 192.168.50.0 255.255.255.0 192.168.40.2
Configuring Routerc Static Routing: The network that Routerc must learn should be 192.168.0.0, 192.168.20.0 and 192.168.30.0, pay attention to their lower 1 jump interface address, configured as follows: routerc (config) #ip route 192.168.10.0 255.255. 255.0 192.168.40.1Routerc (config) #ip Route 192.168.0 192.168.455.0 192.168.40.1Routerc (config) #ip route 192.168.30.0 255.255.255.0 192.168.40.1
Verifying your configuration
According to the topology above, we will verify that the PING pass is able to end: Routerc # ping 192.168.10.1 Sending 5, 100-Byte ICMP Echos to 192.168.10.1, timeout is 2 Seconds: !!!!! () Routera # ping 192.168.50.1 () Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds: !!!!! () 2-side can ping, explanation
Default routing
Default Routing: Generally used in the Stub network, the Stub network is a network with only one exit path. Use the default route to send those target networks that are not included in the routing table. According to the topology map, you can't put the default Routing is defined on Routerb because Routerb has more than one exit path interface. In fact, you can understand the default route to the static route of the wildcard.
Configuring the default route: First configured static routing Routerc (config) #NO IP Route 192.168.10.0 255.255.255.255 192.168.40.1Routerc (config) #NO IP Route 192.168.20.0 255.255.255.255 192.168.40.1Routerc (config) #No IP Route 192.168.30.0 255.255.255.255 192.168.40.1 Configure the default route: Routerc (config) #ip route 0.0.0.0 0.0.0.0 192.168.40.1 Additional commands, make each interface break classification IP rules, 12.x The iOS default contains this command, as follows: Routerc #ip classless: Routerc # ^ zrouterc # SH IP Route (omitted) S * 0.0.0.0.0 [1/0] VIA 192.168. 40.1s * Represents Default Routing Dynamic Routing
Dynamic routing protocols, there are many advantages, flexible, etc., but shortcomings, such as occupying additional bandwidth, high CPU load
The two routing protocols used in the network: Internal Gateway Protocol (Interior Gateway Protocols, IGPS) and External Gateway Protocols, EGPS
Autonomous System (AS): The same network collection with one management domain means all Routers in this, share the same routing table information
IGPS: Communication in the same AS exchange routing EGPS: AS
Routing Protocol Basics
Administrative Distances
Manage Distance (AD): 0 to 255, which represents a trusted value of a routing selection source. The smaller the value, the higher the credibility level .0 is the most trusted, 255 is the least Trust is not from this line. If 1 Router receives 2 routing updates from the remote, Router will check the AD and the AD value will be selected as the new route in the routing table. If they With the same AD, they will compare their degree. The degree will be used as a new route. If their AD and degree are the same, then balanced load in 2 lines.
Some common route protocol default AD: 1. Direct connection: 02. Static route: 13.EIGRP: 904.IGRP: 1005.OSPF: 1106.RIP: 120
Remember, if you configure static route on the line, RIP is configured. By default, Router only uses static routes, because its AD is 1 less than RIP AD
Routing Protocols
3 routing protocols: 1. Distance vector 2. Link State 3. Hybrid (Hybrid)
Distance vector: Used to determine the best path based on distance, when 1 data packet is passed through 1 ROUTER, is called a 1 hop. The least hop has the least hop as the best path. Such a protocol Examples include RIP and IGRP, they put the entire routing surface to adjacent Routers directly connected to them
Link status: also called the shortest-path-first protocol. Each Router creates three separate tables, one is used to track adjacent Router connected directly to it; 1 is used to determine the entire network Topological structure; another one piece as a routing table. So this protocol is high than the distance vector. This protocol is OSPF.
Hybrid: Comprehensive 2 characteristics, such an agreement with EIGRP
Distance-Vector Routing Protocols
The distance vector routing algorithm passes the full routing table to the neighboring Router, then this ROUTER adds the options of the received table to complete the entire routing table, this is called Routing by Rumor, because this Router is from adjacent Router accepts updates instead of discovering changes in networks
RIP is an example of the distance vector. RIP uses the number of hops to determine the best path. If you reach 1 network has the same link, the balanced load is on these 2 links, the average distribution, RIP is most Support 6 balance links
Pinhole Congestion: If 2 to reach the number of hops of the links 1 and 2 of the remote network is 1, the bandwidth of the link 1 is 56kbps, 2 is the T1 line 1544kbps, obvious, chain 2 2 Overlink 1, but RIP uses the number of hops, so RIP will assign data average to links 1 and 2, which causes us to understand the startup process of the down vector protocol: when Router started At the time, only those network numbers connected directly to their own routing tables, when the distance vector protocol is started on each ROUTER, the routing table will update your routing table from the neighboring Router. Each The Router will send a complete routing table, including the network number, outlet interface, and hop number. Next, the routing table contains complete network information to achieve a traffic state. In addition, during gathering, no The data will be transmitted, so it is said that fast convergence will become an indispensable topic.
Routing loops
The distance vector protocol tracks changes to the entire network through the periodic broadcast routing update, which includes a complete routing table. It looks good, but it adds the load to the CPU and takes up additional bandwidth. And If you are too slow, you can easily lead to inconsistencies of routing tables and easy to generate routing loops.
Example of routing cycle: http://bbs.**********.com/uploadfil... 12244266877.jpg If the network 5 has problems, do not work, e will send updates to C report So, C starts to stop using E-to-line information to network 5, but this time A, B and D do not know the network 5 problem. So they still continue to send update information .c Send Update to b to stop the route to the network 5. However, at this time, A and D have not been updated, so they think that the network 5 is still available, and the number of hips is 3. Next, a send update says: Hey! Network 5 can also be used. B and D Accept A send After the update, there is no way, and the same feels that can be used to reach the network 5, and the network 5 is available. So, in this way, 1 target network is a network 5 packet will enter A to B, and then return to A ... ...
Maximum hop count
The problem of routing cycles can also be described as a counting to infinity. The 1 solution is to define the maximum hop count. RIP is the maximum number of hops: the maximum number of hops is 15, 16 Jump is unreachable. But this cannot be fundarated to remove the routing loop
Split Horizon
Another one solution is the split horizon. It is specified that the routing information sent by 1 interface cannot be sent back to this interface. This method reduces the incurringness and load of routing information.
Route poisoning
Route Poisoning also is also used to avoid inconsistent update information to prevent network cycles. From the topology map, when the network 5 is not available, E will turn this line to 16, that is, it is not arrogant, destroy this The line. This c will not send an error update. When c receives E's Route Poisoning information, c Send a update called Poison Reverse to E, which guarantees that all lines know the destruction line information To prevent cycling
Holddowns
Suppression Time (Holddown): After a routing information is invalid, this route is in a suppression state, ie no longer receives a route update regarding the address of the same destination in a certain period of time. If the router knows one from a network segment The path failed, then immediately learned this route valid on another network segment. This effective information is often incorrect, suppressing the timing to avoid this problem, and when a link is frequently stopped, suppression timing is reduced. The floating of routes increases the stability of the network. It uses trigger updates to reset the HoldDown timer
Trigger updates: and general updates are different. When the routing table changes, the update message is broadcast immediately to the adjacent routers, rather than waiting for 30 seconds of update cycles. Similarly, when a router is just starting RIP, it broadcasts Request packet. Received the neighboring router that this broadcast immediately responds to a new message without having to wait until the next update cycle. In this way, the change in the network topology will be quickly transmitted on the network, reducing the possible route cycle. Sexuality
Several conditions triggering the update reset timer: 1. Timer timeout 2. Received 1 update with betterness 3. Flush Time
Routing Information Protocol (RIP)
RIP is a distance vector routing protocol, using hop as degrees, maximum 15 hop, it sends information about the entire routing table every 30 seconds. RIP is suitable for small networks. RIP version 1 (RIPv1) Use grade routes (Classful Routing ), Means that all devices in the network must use the same subnet mask; while RIP version 2 (RIPv2) uses non-classified routing. We discuss RIPV1RIP TIMERS
RIP uses three different timings to adjust its performance: 1. Route Update Timer 2. Route Invalid Timer 3. Route Timer 4. Routing Refresh Time (Route Flush Timer
Routing update count: Router sends a routing table copy to the periodic time of neighboring Router, 30 seconds
Routing invalid timing: If you have been 180 seconds, a routing option is not confirmed, Router thinks it has been invalid.
Keep the timer: When the router knows that the route is invalid, the Router will enter the HoldDown state, the default time is 180 seconds, if in this 180 seconds, the router receives the route update or more than 180 seconds, keep the timer stop counting
Routing Refresh Time: If you have been 240 seconds, the options for the routing table still have not been confirmed, it is removed from the routing table.
Configuring Rip Routing
Configure rip: http://bbs.*********.com/uploadfil...13414321781.jpGrouter Network Address Interface AddressRoutera 192.168.10.0 FA0 / 0 192.168.0192.168.20.0 S0 / 0 192.168 .20.1Routerb 192.168.20.2192.168.40.0 S0 / 1 192.168.40.1192.168.0.01Routerc 192.168.40.0 S0 / 0 192.168.40.4192.168.50.0 FA0 / 0 192.168 .50.1
First configure Routera, due to the problem of AD, so before you go to the previous static routing, as follows: Routera (config) #No IP Route 192.168.0 192.168.20.2rtoutera (config) #NO IP Route 192.168.40.0 255.255 .255.0 192.168.20.2Routera (config) #NO IP Route 192.168.50 192.168.20.2 Using the RIP configuration command to router RIP, start RIP, next to the network number of the NETWORK command to configure the network number, pay attention Router's prompt, as follows: Routera (config) #Router riproutera (config-router) #Network 192.168.0.0routera (config-router) #Network 192.168.20.0routera (config-router) # ^ Zroutera # Note the network number of the configuration It is the network that is directly connected, and the network task that is not directly connected to the RIP is handed over to RIP. In addition, it is necessary to pay attention to the RIPv1 is Classful Routing, meaning if you use Class B 172.16.0.0.04, subnet 172.16. 10.0, 172.16.20.0 and 172.16.30.0, when configuring RIP, you can only configure the network number to network 172.16.0.0
Configuring Routerb, due to the problem of AD, so before you go to the previous static routing, as follows: Routerb (config) #NO IP Route 192.168.50 192.168.40.255.0 192.168.40.25555.0.0 255.255.255.0 192.168.20.1 configuration RIP: RouterB (config) #router ripRouterB (config-router) #network 192.168.20.0RouterB (config-router) #network 192.168.30.0RouterB (config-router) #network 192.168.40.0RouterB (config-router ) # ^ Zrouterb # Configure Routerc, because of AD, so before you go to the previous default route, as follows: Routerc #NO IP Route 0.0.0.0 0.0.0.0 192.168.0.1 Configure RIP: Routerc (config) #Router Riprouterc (config-router) #Network 192.168.50.0routerc (config-router) #Network 192.168.40.0routerc (config-router) # ^ zrouterc #
Verifying the rip routing tables
Verify configuration routing information, as follows: Routera # SH IP Route (omitted) R 192.168.50.0 [120/2] VIA 192.168.20.2, 00:00:23, Serial0 / 0 () Note that R represents RIP, [120/2] represents AD and degree, here, the degree is the number of hops. If you see it in this information is [120/15], then the next 1 jump is 16, not arrogant, this route The line will also be invalid, will be discarded
Holding Down Rip ProPagation
If you want to block the RIP update information from being propagated on the LANS and WANS, you can use the passive-interface command, this command can prevent the RIP update information from sending out from the interface you defined, but this interface can still accept update information, As follows: Routera (config) #Router riproutera (config-router) #Network 192.168.0.0routera (config-router) # passive-interface s 0 / 0Irior Gateway Routing Protocol (IGRP) IGRP is a Cisco private distance vector routing protocol, meaning It is said that only Cisco's Routers can run IGRP.IGRP some of the features: maximum hop 255, the default 100 jump, which is more suitable for medium large networks. And, IGRP defaults to use bandwidth and delay (delay) as the most Good path, this degree is called Composite Metric. When you configure IGRP, you must use the AS number as a configuration parameter, all Routers must share routing table information using the same AS number. IGRP supports 6 Equilibrium load
Here is some of you can't find in RIP. The IGRP proprietary feature: 1.IGRP can be used in 1 large networking 2. Use the AS number 3. Send a complete route update every 90 seconds 4. Use bandwidth And delayed as a degree
IGRP Timers
IGRP timing: 1. Routing update count: Default 90 seconds 2. Routing invalid timing: Default 270 seconds 3. Keep timer: Default 280 seconds (3 times update time 10 seconds) 4. Routing Refresh time: Default 630 seconds
Configuring IGRP Routinghttp: //bbs.**********.com/UploadFil...13414321781.jpgRouter Network Address Interface AddressRouterA 192.168.10.0 fa0 / 0 192.168.10.1192.168.20.0 s0 / 0 192.168. 20.1Routerb 192.168.20.0 S0 / 0 192.168.0.2192.168.40.0 S0 / 1 192.168.40.1192.168.30.40.10. 192.168.40.0 S0 / 0 192.168.40.4192.168.50.0 FA0 / 0 192.168. 50.1 Configuring Routera, pay attention to the range of the AS number from 1 to 65535, as follows: Routera (config) #Router IGRP? <1-65535> Autonomous System NumberRoutera (config) #Router IGRP 10Routera (config-router) #Netw 192.168.0.0routera (config-router) #NETW 192.168.20.0routera (config-router) # ^ Zroutera # Remember that IGRP is also Classful Routing, and the configuration network number is a network that is directly connected to it.
Configure RouterB, as follows: Routerb (config) #Router IGRP 10Routerb (config-router) #Netw 192.168.20.0routerb (config-router) #NETW 192.168.30.0routerb (config-router) #NETW 192.168.40.0routerb (config-router ) # ^ Zrouterb #
Configure Routerc, as follows: Routerc #Router IGRP 10Routerc (config-router) #Netw 192.168.0.0routerc (config-router) #NETW 192.168.50.0routerc (config-router) # ^ Zrouterc # Note Routera, RouterB and Routerc Use the same AS number
Verifying the IGRP Routing Tables
Let's verify: Routera # SH IP Route (omitted) I 192.168.50.0 [100/170420] VIA 192.168.20.2, Serial0 / 0 (omitted) i represents IGRP [100/170420] AD and compound degree, the lower the degree Better
Verifying your configurations
Some proof-of-command: show protocols: Display all routable protocols and interfaces to view and related agreements, as follows: RouterB # sh protocolsGloabal values: Internet Protocol routing is enabledFastEthernet0 is up, line protocol is upInternet Address is 192.168.30.1/24Serial0 / 0 IS UP, LINE Protocol IS Upinternet Address IS 192.168.20.2/24serial0/1 IS Up, Line Protocol IS Upinternet Address IS 192.168.40.1/24Routerb#
Show IP Protocols: Displaying the routing protocol on the router, as follows: RouterB # Sh IP protocolsrouting protocols is "rip" (omitted)
Debug ip rip: Send console message Displays information about sending up the RIP packet on the Router interface, close Debug, use the undebug all or no debug all command, as follows: RouterB # debug ip riprip protocol debugging is onRouterB # 07: 12: 56 : Rip: received v1 update from 192.168.40.2 on Serial0 / 107: 12: 56: 192.168.50 in 1 hops () Routerb # undebug alleall Possible Debugging Has Been Turned OffrouterB # debug ip IGRP Events Run in the network IGRP routing information summary, turn off Undebug IGRP Events or undebug ip IGRP Events or undebug all command, as follows: Routerb # debugging is on07: 13: 50: IGRP: Received Request from 192.168.40.2 on serial0/107: 13: 50: IGRP: Sending Update to 192.168.40.2 Via Serial1 (192.168.40.1) 07:13:51: IGRP: Update Contains 3 Interior, 0 System, And 0 Exterior Routes07: 13: 51: IGRP: Total Route in Update: 3 () Routerb # un allall Possible Debugging Has Been Turned Off
Debug IGRP Transactions: Displays the request message from the neighboring Router to update and send broadcast messages from the Router to the neighboring Router, close Undebug All, as follows: RouterB # debug ip IGRP Transactions07: 14: 05: IGRP: Received Request from 192.168.4: 05: IGRP: Sending Update to 192.168.40.2 Via Serial1 (192.168.40.1) 07:14:05: Subnet 192.168.30.0, Metric = 110007: 14: 05: Subnet 192.168.20.0, metric = 158250 () Routerb # unsible debugging Has Been Turned OffrouterB #
Chapter6 Layer 2 Switchingswitching Services
The routing protocol has the process of blocking the loop of the layer 3. However, if there is redundant physical connection between your Switches, the routing protocol does not block the occurrence of layers 2 cycles, which must rely on the spanning tree protocol, STP )
Unlike Bridges use software to create and manage MAC address filtering tables, Switches uses Asics to create and manage MAC address tables, you can imagine Switches into multi-port Bridges.
Switches and Bridges of Layer 2 are quickly Router of the layers 3 because they don't cost additional time word view layer 3 package information. Instead, they view the hardware address of the frame and decide whether forwarding or discarding. Each port is a conflict domain, All ports are still in a large broadcast domain
Layer 2 exchange provides: 1. Hardware-based bridge (ASIC) 2. Wire speed 3. Lower delay (latency) 4. Low consumption
Bridging vs. lan switching
Some differences and similar parts of bridge and layer 2: 1. Bridges Based on software, Switches Based on hardware 2.Switches and views of multi-port Bridges3.bridges only generated on each Bridge, and Switches can have Many instances 4. The port of Switches is much more than Bridges5. Both forwarding layer 2 broadcast 6. Both are learned by checking the source MAC address received by the received frame 7. Both are based on the layer 2 address to forward the Decide Threee Switch Function At Layer 2
Some of the features of the layer 2 exchange: Address Learning: Adding 1 MAC address database called forwarding / filtering table by viewing the source MAC address of the frame 2. Forward / filter decision (Forward / Filter Decisions) : When 1 interface receives 1 frame, Switch looks at the target MAC address and exit interface in the MAC address database, and then forwards to the eligible target port 3. Cycle Avoidance: If there is redundancy The connection may result in a cycle, STP is used to destroy these cycles
Spanning Tree Protocol (STP) Spanning Tree Terms
When Digital Equipment Coporation (DEC) created the original STP when it was acquired and renamed as Compaq, the IEEE created its own STP called 802.1D version of STP. And the previous DEC's STP is not compatible .STP's main task It is the loop of the prevention layer 2, STP uses the spanning-tree algorithm, STA to create a topology database, then find redundant connection and destroy it.
Let's take some terms about STP: 1.STP: Bridges exchange BPDU information to detect cycles and break the circulation by turning off the interface 2. Root Bridge: Have the best bridge ID is root Bridge, some ports in the network, such as which ports are blocked (block) which ports are determined by the forwarding mode to determine 3. BPDU: Bridge protocol data unit, all Switches By switching this information to select the root Switch 4.bridge ID : For all STP Tracking Networks, this ID is compliant by Bridge priority (Priority) and MAC addresses, priority defaults to 32768, the lowest ID is the root bridge 4. Non-root bridge: Not a full non-root bridge of the root bridge, non-root bridge swap BPDUS to update the STP Topology Database 5. Root Port: The port directly connected to the root bridge, or the shortest interface to the root bridge. If the root bridge More than one connection, will compare the bandwidth of each connection, cost (COST) as a root port; if the same is the same, the bridge ID is compared, the ID will be selected 6. Specify port (Designated port): low cost Port, as a forwarded port 7. Port cost: Belt to decide 8. Non-specified port (nondesignated port): high consumption, blocking mode, ie no forwarding frame 9. Forward port (Forwarding Port) : Forwarded ports to forward frames 10. Block ports: do not forward frames, to prevent cycling, although not forwarded, but it can listen frames
Spanning Tree Operations
Before you said: The task of STP is to find all connections in the network and close some redundant connections that will cause a loop. STP first elects 1 root bridge to make decisions to make a decision on the topology in the network. When all Switches After receiving the election root bridge, all Bridge begins to find the root port. If there is a number of connections between Switches, there can be only one port as the specified port.
Selecting the root bridge
The Bridge ID is used to elect the root bridge and determine the root port in the STP field. This ID is 8-byte long, including the MAC address of the priority and the device, the default priority of the IEEE version of STP is 32768. Decide who is the root bridge, If the priority is the same, then compare the MAC address, the MAC address is small as the root bridge.
Selecting The Designated Port
If more than one connection to the root bridge, the comparison port consumption is started as the root port. The following is some typical consumption standards: 1.10Gbps: 22.1Gbps: 43.100Mbps: 194.10Mbps: 100spanning-tree port State
5 states running STP BRIDGES and SWITCHS: 1. Blocking: Do not transfer frame, only listen to BPDUS, the main purpose is to prevent the generation of cycles. By default, all ports are Blocking Status 2 when Switch starts. Listening: Port listens BPDUS to determine that there is no loop before transferring data frames 3. Learn BPDUS and learn all paths, learn MAC address tables, no forward frame 4. Forwarding: Forwarding: Forward And receive data frame 5. Disable (Disabled): Do not participate in frame forwarding and STP, usually in this state is uncomfortable
In general, the port is only in the forwarding and blockage state. If the network topology changes, the port will enter the listening and learning status, these states are temporary
CONVERGENCE
Convergence, convergence: When all ports move to non-forward or blockage, there is no data will be transmitted before convergence is completed. Convergence ensures that all devices have the same database to meet the same. General comment Said that from blocking state enters the forwarding state takes 50 seconds
Spanning Tree Example
Let's take a look at 1 STP, the topology map gives known MAC addresses, and all priorities are 32768: http: //bbs.*********.com/uploadfil .. . 13411284447.jpg Note that the MAC address of A is 32768, so A as the root bridge, and it is to be noted that all ports of the root bridge are used as a forwarding mode (specified port). Next, determine the root port, directly The root bridge is connected as the root port, and as a forwarding mode, it can be determined that the root port is specified port, the Bridge ID determines the specified and non-specified port. But between D and E, because D's bridge ID is small, For the specified port, E as a non-specified port, as follows: http: //bbs.*********.com/uploadfil..71521868526.jpg
LAN Switch Types
The Type of the LAN determines how to deal with the delay when the Switch's port is received (Latency): Indicates the time spent on the exit interface that leaves the device to leave the device, this according to different exchanges Mode is different
3 swap modes: 1.cut-through (fastforward): Cisco called Cut-Through, Fastforward or Real Time mode, when using this mode, LAN Switch only reads the target address of the frame, reduces Delay, but it is not suitable for network 2.FragmentFree (Modified Cut-Through: and CUT-THROUGH, but LAN Switch is similar to Cut-THROUGH, which is Catalyst 1900. Default mode 3.Store-and-forward: In this mode, the LAN Switch replicates the entire frame to its buffer, then calculates the CRC, and the length of the frame may be different, so the delay varies according to the length of the frame. If the CRC is incorrect, the frame will be discarded; if it is correct, the LAN Switch looks for the hardware destination address and then forwards them three modes to the frame. The degree of reading is as follows: http: //bbs.********* .com / uploadfil ... 15495750864.jpg
Configuring the catalyst 1900 and 2950 switches
1900 is a low-end Switch product, divided into 1912 and 1924 Series: 1912 is 12 10Baset ports and 1924 is 24 10Baset ports
1900 and 2950 Switch Startup
When 1900 is started, first run POST, at this time, the LEDs of each port are green. When the POST is completed, the LEDs start flashing and then off; if the post discovers a certain port, the system LED The LED of the problem of the problem begins to turn yellow. If your Console cable is connected, the post starts the menu as follows: 1 user (s) now active on management console.user interface menu
[M] Menus [K] Command Line [I] IP ConfigurationEnter Selection: KCli Session with the switch isoto end the cli session, enter [exit].>
And the start of 2950, it is a bit like Router, first enters Setup mode. But by default you can configure it, start the following: --- System Configuration Dialog --- Would You like to Enter The Initial Configuration Dialog? [Yes / no] : NO
Press Return To Get Started!
00:04:53: Interface VLAN1, Changed State To Administrative Down00: 04: 54:% LineProto-5-Updown: Line Protocol on Interface VLAN1, Changed State To Downswitch>
Setting the passwords
Configuring password: 1. Login password (user mode): Prevent unauthorized users from logging in to 2. Enable password (privilege mode): Prevent unauthorized users from modifying configuration
Setting the user mode and enable mode passwords
In 1900, enter K into the CLI, enter the enable to enter the privileged mode, then enter the Config T to enter the global configuration mode, as follows:> EN # config t (config) # After entering the global configuration mode, use the enable password command to configure the login password. Password, as follows: (config) #ENABLE Password? Level set exec level password (config) #ENABLE Password Level? <1-15> Level NumberLevel1 is the login password, the Level15 is enabled, the password length ranges from 4 to 8 characters , as follows: (config) #enable password level 1 nocoluvsnokoError: Invalid password length.Password must be between 4 and 8 characters reconfiguration and verification: (config) #enable password level 1 noco (config) #enable password level 15 noko (config ) # EXIT # EXIT
The configuration and configuration of the 2950 is a bit similar to: switch> enswitch # conf TSwitch (config) #LINE? <0-16> first line Numberconsole Primary Terminal Linevty Virtual TerminalSwitch (config) #LINE VTY? <0-15> first Line numberSwitch (config) #line vty 0 15Switch (config-line) #loginSwitch (config-line) #password nokoSwitch (config-line) #line con 0Switch (config-line) #loginSwitch (config-line) #password nocoSwitch ( Config-line) #EXITSwitch (config) # EXITSWIT # set The Enable Secret Password
Enable Secret is safer than Enable Password, and when 2 is set, only the former works in 1900, pay attention to the 1900, Enable Secret and Enable Password can be set as the same, as follows: (config) #enable secret noko2950 The following configuration is similar, but Enable Secret and Enable Passwor cannot be set, as follows: switch (config) #enable password nokoswitch (config) #ENABLE SecR Nokothe Enable Secret You have chosen is The Same as your enable password. THIS IS NOT Recommended. Re-Enter the enable secret.switch (config) #enable second nocoswitch #
Setting the hostname
Configure the host name to 1900, use the hostname command, as follows: (config) #Hostname Nokonoko (config) # 给 #Hostname to configure the host name, use the hostname command, as follows: Switch (config) #Hostname Nococo (config) #
Setting IP information
You can do not configure IP information, directly insert the cable into the port, you can work. Configure IP address information. 2 reasons: 1. Manage Switch2 through Telnet or other software mode. Configure VLANS and other network functions.
By default, there is no IP address and the default gateway information configuration. Under 1900, use the show IP command to view the default IP configuration, as follows: 1900 # SH iPip address: 0.0.0.0sUBNet Mask: 0.0.0.0Default Gateway: 0.0.0.0Management VLAN : 1DOMAIN Name: Name Server 1: 0.0.0.0Name Server 2: 0.0.0.0http server: Enablehttp Port: 80rip: Enable Using the IP address information and the IP default-gateway command in 1900 to configure IP address information and default gateway information, as follows : 1900 (Config) #ip address 172.16.10.16 255.255.255.01900 (config) #ip default-Gateway 172.16.10.11900 (config) #
The configuration under the 2950 is configured under the VLAN1 interface. VLAN1 is managing VLAN. The default all interfaces are members of VLAN1, configured as follows: 2950 (config) #INT VLAN12950 (Config-IF) #ip address 172.16.10.17 255.255.255.02950 CONFIG-IF) #NO SHUT2950 (config-if) # EXIT2950 (config) #ip default-Gateway 172.16.10.12950 (config) # 注意 2 2950 The IP address configuration is under the VLAN1 interface, and pay attention to the open interface configuring interface Description
Configuration Description Information, use the description command in interface configuration mode, the description information under 1900 cannot use the space bar, as follows: 1900 (config) #int E0 / 11900 (config-if) #description Cisco_VLAN1900 (config-if) #int F0 / 261900 (config-if) #description trunk_to_building_41900 (config-if) #
The description below 2950 can use the space bar, as follows: 2950 (config) #int Fa 0/12950 (config-if) #description Sales Printer2950 (config-if) # ^ z You can use the show interface and show running-config commands View these description information
Erasing the switch configuration
The profile of the 1900 and 2950 is stored in NVRAM, but you can't view the contents of NVRAM or Startup-Config, you can only view the contents of Running-Config, and you are automatically replicated to the configuration. To NVRAM, there is no command such as a copy run start; however, the 2950 has startup-config and running-config. Use the Copy Run Start to save the configuration to the NVRAM, erase the startup-config file in the 2950 use ERASE STARTUP-Config command. Erase the use of DELETE commands in 1900. The following: 1900 # delete? NVRAM NVRAM ConfigurationVTP Reset vtp configuration to defaults1900 # delete nvram2950 as follows: 2950 # Erase Startup-config
Chapter7 Virtual Lans (VLANS) VLAN Basics
How to split the broadcast domain in 1 exchange network? The answer is to create a VLAN.vlan is a logical group that connects to a network user and resource that is connected to a port that is a direct Switch. Different ports are assigned to different subnets. You can create a smaller broadcast domain. By default, hosts in a VLAN cannot communicate with other VLANs unless you use router to create a VLAN communication.
VLAN's features: 1. Network increase, move, and change, only need to configure appropriate ports in the appropriate VLAN 2. Secure, because users of different VLANs cannot communicate with each other unless they rely on Router to do communication between VLANs 3. Because the VLAN can be considered to be a logical group, the VLAN and the physical location, the geographic location is independent of 4.VLAN increasing security 5.Vlan increases the number of broadcast domains, and reduces the size of the broadcast domain.
Broadcast Control
Each protocol will have broadcast phenomenon, as for the inconsistency, the number, generally determined by the following points: 1. Protocol type 2. Application running on the network 3. How to use these services
Security
Safety is the 1 big feature of VLAN, and different VLAN users cannot communicate with each other unless they are in communication between VLANs.
Flexibility and scalability
The flexibility and scalability of the VLAN: 1. You can assign the appropriate port to the appropriate VLAN regardless of the physical location. You can understand the image below, as shown in Figure: http: //bbs.* *********. com / uploadfil ... 91446370092.jpg2. When VLAN is increased, you can divide more VLANs to reduce broadcast consumption of more bandwidth, in VLAN The less users, the less the following, the less the following two pictures, which can be obvious, Figure 2, the VLAN has higher flexibility and scalability, as follows: http: //bbs.* *********. com / uploadfil ... 91521144367.jpGHttp: //bbs.*********.com/uploadfil... 15132887548.jpgvlan Membershipshi
Manual VLAN is called static VLAN (Static VLAN) by administrator, using intelligent management software, dynamically divided VLAN called dynamic VLAN (Dynamic VLAN)
Static VLANS
Static VLAN: Static VLAN security, manual division port gives VLAN, and there is no relationship with the physical location of the device. Moreover, hosts in each VLAN must have the correct IP address information, such as VLAN2 configured to 172.16.20.0/24
Dynamic VLANS
Dynamic VLAN: Using intelligent management software, you can create a VLAN.cisco device administrator based on MAC addresses, protocols, and even applications to create a MAC address database using the VLAN Management Policy Server (VLAN Management Policy Server, VMPS). To create a VLAN according to this dynamic, the VMPS database maps the MAC address on the VLAN
Identifying VLANS
When the frame is swapped in the network, Switches is tracked according to the type, plus the hardware address to determine how it operates them. There are 1 point to remember: in different types of connections, the frame is processed. Different
2 connection types in the exchange environment: 1.Access Links: Refers to the port that belongs to only one VLAN, and only forwards the port of the data frame, also called Native VLAN.Switches before sending the frame to the Access-Link device Go to any VLAN information. And the Access-Link device cannot communicate with the VLAN unless the packet is routed 2.Trunk Links: refers to ports that can forward multiple different VLANs. Trunk Link must use ports above 100Mbps Perform a point-to-point connection, 1 time you can carry up to 1005 VLAN information .Trunk Link makes your individual ports simultaneously a port of several VLANs, so you don't need a layer 3 device. When you use Trunk Link between Switches The information of multiple VLANs will pass from this connection; if you do not use Trunk Link between your Switches, only VLAN1 is passed through this connection. VLAN1 default as a management VLAN
Frame tagging
Frame tagging: Frame identification method. When frame reaches each Switch, first check the VLAN ID, then determine how the frame is processed. When the frame arrives and the Access Link matches the VLAN ID, Switch removes the VLAN identifier
VLAN Identification Method
VLAN identifier: On the trunk link on the switch, you can build a VLAN information across multiple switches by additional VLAN information. Additional VLAN information, the most representative: 1.Inter-switch link (ISL) : It belongs to Cisco private, only in fast and Gigabit Ethernet connections, ISL routing can use 2.ieee 802.1Q: commonly known as Dot 1 Q. Created by IEEE So, between Cisco and non-Cisco devices, it is not possible to use the ISL must use the VLAN identification information attached to the data frame and the type field in the data frame in the data frame. Based on IEEE802.1q attached VLAN Information, just like the label of the items when the item is transmitted, of course, the main purpose of ISL and 802.1Q is to provide communication between VLANs.
Inter-Switch Link (ISL) Protocol
ISL: ISL is operated in layers 2, ISL is an external label processing process, so the original data frame is not changed, ISL adds 26-byte length ISL header information in the data frame header, plus The 4-byte FCS field performs a CRC operation, so only the device that supports ISL can read it, maximize 1522 bytes. When frame is transferred to Access Link, the ISL package information will be removed
Walking with Trunk Link in multiple VLANs, the benefits of using the Router connection are: Reduce delay
VLAN TRUNKING Protocol (VTP)
VTP is also created by Cisco, but it is no longer for Cisco private. VTP's main purpose is to manage all configuration VLANs in 1 exclusive environment to keep all VLANs to consistency VTP allowed, delete and rename VLANs. , Then these modified information spread to all Switches on the entire VTP domain
Some of VTP: 1. Convergence of maintaining VLAN information 2. Accurate tracking and monitoring VLAN3. Dynamically reported VLAN information to all Switch4 in VTP domain. Method for plug-and-play Increase VLAN5. Trunk Link can be carried out in a hybrid network, such as Ethernet to ATM Lane, FDDI, etc.
Before you use VTP Management VLAN, you must first create a VTP server (VTP Server), all servers who want to share VLAN information must use the same domain name. And, if you configure a Switch and other Switch in 1 VTP domain In this switch, you can only share VLAN information with Switch in this VTP domain. In fact, if you only have 1 VLAN, you don't need to use VTP .vtp information is sent and received via Trunk port. You can configure your password to the VTP. But to remember, all SWITCH must configure the same password.
Switch advertises VTP management domain information, plus version number and known VLAN configuration parameter information. There is also a transparent vtp mode, in this mode, you can configure the switch to forward VTP information through Trunk port But do not accept VTP update information to update its own VTP database
Switch detected an increased VLAN through the VTP notice, then shared the new VLAN and the existing connection. New update information add 1 on the previous version number
VTP MODES OF OPERATION
Three modes operated in the VTP domain: 1. Server mode: All Catalyst Switches default settings, 1 VTP domain must have at least one server to propagate VLAN information, changes to VTP information must Operation in server mode. Configuration Save in NVRAM 2. Client Mode: In this mode, Switches accepts information from the VTP server, and they also send and receive updates, but they can't do any changes. The VTP server notifies that the customer Switches says that before adding new VLANs, you cannot add new VLANs on the port of Customer Switch. Configuration does not save in NVRAM 3. Transparent mode: Switch in this mode does not increase and delete VLAN, because they have their own database, not with other sharing. Configuration is saved in NVRAM
VTP pruning
VTP pruning: Reduce broadcast, multicast, unicast, and reserved bandwidth .vtp pruning is only sent to broadcast on Trunk Link. By default, VTP pruning is not enabled on all Switches. When you enable vtp pruning on the VTP server The entire VTP domain enables VTP pruning. The default can only be in VLAN2 to VLAN1005, VLAN1 is managing VLAN.
Routing Between VLANS
You can use Router that supports ISL routing to connect to VLAN, supporting the lowest model of ISL routing is 2600 series, 1600, 1700, and 2500 series do not support. As shown below, it is the association between Router and Each VLAN, each router interface Insert 1 Access Link, which also illustrates that the IP address of each interface of Router is the default gateway for each VLAN: http://bbs.*********.com/uploadfil. ... Or 802.1Q Trunk Link, such a method is called a single arm route. As shown in the figure below: http://bbs.*********.com/uploadfil...10292693009.jpgconfiguring VLANS
Create a VLAN: 1900, use the VLAN [VLAN #] name [name] [VLAN #] command, as follows:> EN # config t (config) #hostname 19001900 (Config) #VLAN 2 Name Sales1900 (config) #VLAN 3 Name Marketing1900 (config) #VLAN 4 Name Mis1900 (config) #Exit verification, use the show vlan command, remember that before you didn't give the VLAN allocated port, the previous VLAN will not work. And all ports are default In VLAN1, VLAN1 is managing VLAN. As follows: 1900 # sh Vlanvlan Name Status Ports ------------------------------------------------------------------------------------------------------------------------------------------ -------------------------------------------- 1 default enable 1-12 , AUI, A, B2 SALES Enable3 Marketing Enable Create a VLAN at 2950, using the vlan database command in privilege mode, create a command and 1900, pay attention to the apply command. As: 2950 # vlan database2950 (VLAN ) #vlan 2 name MarketingVLAN 2 modified: name: Marketing2950 (vlan) #vlan 3 name AccountingVLAN 3 added: name: Accounting2950 (vlan) #applyAPPLY complete2950 (vlan) # Ctrl C2950 # or the show vlan show vlan brief command to verify the : 2950 # sh Vlan Briefvlan Name Status Ports ------------------------------------------ ----------------------------------- 1 Default Active FA0 / 1 ... FA0 / 122 Marketing Active3 Accounting Active (omitted)
Assigning Switch Ports to VLANS
Created a VLAN, the next thing to do is to assign port. 1,900, using the vlan-membership command only one to allocate one, can static or Dynamic as a parameter, as follows: 1900 (config) #int E0 / 21900 (CONFIG) #int E0 / 21900 CONFIG-IF) # VLAN-Membership Static 21900 (Config) #int E0 / 41900 (config-if) # VLAN-Membership Static 31900 (Config) #int E0 / 51900 (config-if) # VLAN-Membership Static 41900 (Config) -IF) # EXIT1900 (config) # EXIT1900 # Verification, as follows: 1900 # sh Vlanvlan Status Ports ---------------------------------------------------------------------------- ------------------------------------------------ 1 Default Enable 1-12, AUI, A, B2 SALES Enable 23 Marketing Enable 4 () 2950 Configuration Using the Switchport Access VLAN [VLAN #] command, as follows: 2950 (config-if) #int F0 / 22950 (config- IF) #Switchport Access VLAN 22950 (config-if) #int F0 / 32950 (config-if) #Switchport Access VLAN 32950 (config-if) #int F0 / 42950 (config-if) #Switchport Access VLAN 42950 (Config- IF) # EXIT2950 (config) # EXIT2950 # Verify configuration information, as follows: 2950 # sh Vlan Briefvlan Name Status ports -------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- 1 Default Active FA0 / 1 FA0 / 5 ... FA0 / 122 Marketing Active Fa0 / 23 Accounting Active FA0 / 3 () Configur ING TRUNK PORTS
1900 Use Dynamic ISL (DISL) package, in fast Ethernet configuration trunk, using Trunk [parameter] command in interface configuration mode, as follows, set the 26 interface to Trunk port: 1900 (config) #int F0 / 261900 (config-if) #trunk? auto set disl state to autodesirable set dispate to desirablenonegotiate set dispate to off network set disl stat state to on s s #trunk ON setting parameters ON As the Trunk port of permanent ISL, it can be negotiated with and connected, and the connection is converted to the Trunk Link2950 in the interface configuration mode, using the switchport command, as follows: 2950 (config) #int F0 / 122950 (config-if) #Switchport Mode Trunk2950 (config-if) # ^ z2950 # Verification configuration information: 2950 # sh Run ()! Interface Fastethernet0 / 12Switchport Mode Trunkno ip address! ()
Configuring Inter-VLAN Routing
Communication between VLANs must be used to connect to the Router or 3 Switch. To support ISL and 802.1Q in Router's fast Ethernet interface, you must divide the interface into a number of logical interfaces (non-physics), 1 interface corresponding to 1 These interfaces are subinterfaces. There is also a must know that the default you cannot do Trunk connections between 1900 and 2950, because 1900 only supports ISL routes and 2950 support 802.1Q routes, 2 Using each other of the TRUNK port configuration, using the EncapSulation ISL [VLAN #] command, as follows: 2600Router (config) #int F0 / 0.12600Router (config-subs "encapsulation ISL [VLAN #] to connect 2950 such configuration And below: 2600Router (config) #int F0 / 0.12600Router (config-subs #ENcapsulation dot1Q [VLAN #]
Configuring VTP
By default, both 1900 and 2950 are configured to vtp server mode, configure VTP, first configure the VTP domain name, and password, whether pruning, etc. Under the global configuration mode, use the vtp command in global configuration mode, as follows: 1900 (config) #VTP ? client VTP clientdomain Set VTP domain namepassword Set VTP passwordpruning VTP pruningserver VTP servertransparent VTP transparenttrap VTP trap1900 (config) #vtp server1900 (config) #vtp domain noco1900 (config) #vtp password noko use the show vtp command in privileged mode authentication, as follows : 1900 # sh vtpVTP version: 1Configuration revision: 0Maximum VLANs supported locally: 1005Number of existing VLANs: 5VTP domain name: nocoVTP password: nokoVTP operating mode: Server (slightly) 2950 as follows: 2950 (config) #vtp mode server2950 (config) # VTP Domain Noco Verification Information, as follows: 2950 # SH VTP? Counters VTP Status2950 # SH VTP STATUS ()
Configuring Switching In Our Sample Internetwork
Configuration example: http://bbs.*********.com/uploadfil... 11454766958.jpg first configure 2950c, as follows 2950C (config) #Nable Secret Noko2950c (config) #LINE CON 02950C ( Config-line # login2950c (config-line) #password noco2950c (config-line) #LINE VTY 0 152950C (config-line) # Login2950c (config-line) #password noco2950c (config-line) # # # # 2950c # 2950C (config-line) # exit2950C (config) #int vlan12950C (config-if) #ip address 172.16.10.2 255.255.255.02950C (config-if) #no shut2950C (config-if) # exit2950C (config) #up default -gateway 172.16.10.12950C (config) # ^ Z2950C # copy run start configuration 2950B, as follows: 2950B (config) #enable secret noko2950B (config) #line con 02950B (config-line) # login2950B (config-line) #password Noco2950b (config-line) #LINE VTY 0 152950B (config-line) # login2950b (config-line) #password noco2950b (config-line) # 2950b # 2950b (config-line) # in e # # inT vlan12950B (config-if) #ip address 172.16.10.3 255.255.255.02950B (config-if) #no shut2950B (config-if) # exit2950B (config) #up default-gateway 172.16.10.12950B (config) # ^ Z2950B # Copy Run S TART Configuration Trunk, 2950B as follows: 2950B (config) #int F0 / 12950B (config-if) #Switchport Mode Trunk2950B (config-if) #int F0 / 42950B (config-if) #Switchport Mode Trunk2950b (config-if) # INT F0 / 52950B (Confgi-IF) #Switchport Mode Trunk Configuring Trunk, 2950C as follows: 2950C (Config) #int F0 / 42950C (Confgi-IF) #Switchport Mode Trunk2950c (config-if) #int F0 / 52950c (config- if) #switchport mode trunk trunk authentication information using the show interface trunk command is as follows:. 2950B # sh int trunkPort Mode Encapsulation Status Native vlanFa0 / 1 on 802.1q trunking 1Fa0 / 4 on 802.1q trunking 1Fa0 / 5 on 802.1q trunking 1 ( Slightly) Before we have made basic configurations and Trunk ports for 2950B and 2950C. Next, VTP and create VLANs, and verify. 2950c as follows:
2950C (config) #vtp mode server2950C (config) #vtp domain Cisco2950C (config) # ^ Z2950C # vlan database 2950C (vlan) #vlan 2 name sales2950C (vlan) #vlan 3 name marketing2950C (vlan) # apply2950C (vlan) # ^ C2950C # SH VLAN BRIEF Next, allocate the FA0 / 2 to VLAN2, FA0 / 3 assignment to VLAN3, the default all ports are in VLAN1, configured as follows: 2950c (config) #int FA0 / 22950C (config-if) #Switchport Access VLAN22950C (config) #int FA0 / 32950C (config-if) #Switchport Access VLAN3 Verification Information, pay attention to the ports column in VLAN1, as follows: 2950c # SH VLAN Briefvlan Name Status Ports --- -------------------------------------------------- ----------------------- 1 Default Active FA0 / 1 FA0 / 5 ... FA0 / 102 Sales Active FA0 / 23 Marketing Active FA0 / 3 Configuration 2950B , Set it into a customer mode, 2950B receives VLAN information from 2950C, as follows: 2950B (config) #vtp mode client2950b (config) #VTP Domain Cisco2950b (config) # ^ z authentication, note 2950B has been known from 2950C to know VLAN information And below: 2950B # SH VLAN Briefvlan Name Status Ports ---------------------------------------- ------------------------------------- 1 Default Active Fa0 / 1 ... FA0 / 122 Sales Active 3 Marketing Active But still wants to assign a port to 2950B, as follows: 2950B (config) #int FA0 / 22950B (Confi G-IF) #Switchport Access VLAN22950B (config) #int FA0 / 32950B (Config-IF) #Switchport Access VLAN3 Verification Information, as follows: VLAN Name Status Ports ---------------- -------------------------------------------------- ---------- 1 Default Active FA0 / 1 FA0 / 5 ... FA0 / 122 Sales Active FA0 / 23 Marketing Active FA0 / 3 to now, 2950C and 2950B configurations are completed, verified We have not found any questions, what is the configuration?
Of course, it is a communication between the VLAN. According to the topology map above, you can know that you need to configure on RouterB, as follows: Routerb (config) #Hostname TrunkRoutertrunkrouter (config) #int f0 / 0trunkrouter (config-if) #NO IP AddressTrunkrouter Config-if) #no Shut Create a sub-interface, and define the package type, as follows: TrunkRouter (config-if) #int F0 / 0.1trunkrouter (config-subif) #encapsulation dot1q1trunkrouter (config-subif) #ip address 172.16.10.1 255.255.255.0Trunkrouter (config-if) #int f0 / 0.2Trunkrouter (config-subif) #encapsulation dot1q 2Trunkrouter (config-subif) #ip address 172.16.20.1 255.255.255.0Trunkrouter (config-if) #int f0 / 0.3Trunkrouter (Config-Subif) #encapsulation dot1q 3trunkrouter (config-substun) #ip address 172.16.30.1 255.255.255.0trunkrouter (config-if) #EXIT creation sub-interface, each interface corresponds to 1 VLAN. Note that if you try to be in the first A sub-interface assigns an IP address, will receive an error message unless you first define the package type, as follows: TrunkRouter (config-if) #int F0 / 0.1trunkrouter (config-subif) #ip address 172.16.10.1 255.255.255.0 Configuring IP Routing On a Lan Subinterface Is Only Already Configured AS Part of An IEEE 802.10, IEEE 802.1Q, or ISL VLAN. Verify configuration information, as follows: Trunkrouter # Sh Runchapter8 MA Naging a Cisco Interworkthe Internal Components of a Cisco Router
Some components of Cisco Router: Bootstrap: In the microcode in the ROM, start the router when initialization, then load iospost: In the microcode stored in the ROM, use to check if the hardware basic configuration is normal , Then determine which interfaces can be available in the ROM MONITOR: in the microcode stored in the ROM, the effect is MINI-iOS: Cisco called it RxBoot or bootloader, which is stored in the ROM, IOS simplified version, use To load iOS into flash, RAM (Random-Access Memory): to save packet cache, ARP cache, routing table, and running-config configuration files. Some ROUTERs, IOS can run ROM from RAM (Read- ONLY MEMORY): Used to start and maintain Router normalization Flash Memory: It is used to store iOS. When Router restarts, the flash is not erased, the EEPROMNVRAM (Nonvolatile Ram) created by Intel: Store Startup -config configuration file, after the Router restarted, these files are the Configuration Register who is not erased: how to control the router how to start, this value can be viewed using Show Version, generally 0x2102 (16), meaning Is telling Router to load iOS from flash memory and load a configuration file from NVRAM
The router boot sequence
Start sequences are used to test hardware and loaded software, including the following steps: 1. First, POST, test hardware 2.bootstrap Find and load ios3.ios in NVRAM to find a valid Startup-Comfig configuration file 4. If Find this configuration file in NVRAM, Router is operable; if the file does not exist, Router goes to setup mode Managing Configuration Registers
Cisco's ROUTER has 1 16-bit Configuration Register in NVRAM. Default This value 0x2102 is set to load iOS from flash memory and find the launch profile from NVRAM
Understanding The Configuration Register Bits
Some common senses: 1. 0 to 3: Start field 2. Lein 6: Ignore NVRAM content 3. Sess 8: Disable break
Start field (00 to 03): 1. Set to 00: ROM Monitor mode, enter this mode, the value of Configuration Register is set to 2100. Then you want to start the router, you need to manually enter B (feel) A little similar to Solaris Openboot Haha) 2. Set to 01: Start from the mirror icon in the ROM, set the value of the Configuration Register to 2101, the prompt is Router (boot)> 3. Set to 02 to 0f: Define the default startup file Name, find in NVRAM
Checking The Current Configuration Register Value
Use the show version command to view the value of the current Configuration Register, at the bottom of the output. This command will display the hardware configuration information, software version, configuration file information, start mirror icon, etc.
Changing The Configuration Register
You can determine the Router's startup and operation mode by modifying the value of Configuration Register. Using config-register commands in global configuration mode. The modified value is 0x101, pay attention to the output content, as follows: Router (config) # config-register 0x101Router (config ) # ^ Zrouter # SH VER () Configuration Register IS 0x2102 (Will BE 0x0101 AT Next Reload) Pay attention to the modified value and the current value, the modified value is only effective after restarting
Recovering Passwords
If you have forgotten your password? Before mentioned, bit 6 can ignore the content of the stored launch profile in the NVRAM, the default is 0x2102, so we modify the value to 0x2142, you can reach the effect of ignore NVRAM. Below is the main steps for password recovery: 1. When starting Router, use the Break interrupt to start 2. Set the value of the Configuration Register to 0x21423. Restart 4. Enter the privileged mode 5. Copy the startup-config file to Running- In the config file 6. Modify the password 7. Restore the value of the Configuration Register to 0x21028. Save Configuration 9. Restart
The specific modifications, 2500 series and 2600 series are different, let's take a look at the 2600 series of modified instances, start using Ctrl Break. Note Monitor: Command "Boot" Aborted Due To User Interrupt. As follows: system bootstrap, Version 11.3 (2) XA4, RELEASE SOFTWARE (fc1) (slightly) PC = 0xfff0a530, Vector = 0x500, SP = 0x80004374monitor: command "boot" aborted due to user interruptrommon 1> confreg 0x2142You must reset or power cycle for new config to take The Effect prompts to restart, as follows: Rommon 1> RESET is restarted, enter the privilege mode, copy the Startup-config to running-config, and change the password. As follows: Router # Copy Start Runrouter # Conf Trouter (config) #ENABLE SECRET NOKO restores the value of Configuration Register and saves, as follows: Router # config-register 0x2102router # ^ Zrouter # Copy Run Start2500 Series modification, input O interrupt start, then O / R Modify the value of Configuration Register, as follows: System Bootstrap, Verstem Bootstrap, Version 11.0 (10C), Software (omitted) AT 0x1098FEC (PC)> O ()> 0x2142 Restart, enter i, as follows:> i Next Steps and 2600 Like the series, the following: Router # Copy Start Runrouter # Conf Trouter (config) #enable Secret Noko restores the value of Configuration Register, and saves, as follows: Router # config-register 0x2102router # ^ Zrouter # Copy Run Start
Backing up and resting the cisco iOS
Prepare the iOS back up to the TFTP server: 1. Confirm that you can access the TFTP server 2. Verify that the TFTP server has enough space to save the iOS file 3. Determine the name and path
Verifying Flash Memory
Verify flash information, use the show flash command, as follows: Router # sh Flashsystem Flash Directory: File Length Name / Status1 8121000 C2500-JS-L.112-18.bin
Backing up the cisco iOS
Back your iOS back up to TFTP servers, using the COPY FLASH TFTP command in privilege mode, remember that the server ping is best to see if it is a pass before backup.
Restoring or Upgrading the Cisco Router iOS
Use the Copy TFTP flash command from TFTP recovery or upgrade iOS, privileged mode
BACKING UP and Restore The Cisco Configuration
Back up the configuration file to the TFTP server, and touch the iOS back up the command to the TFTP server; the restore is also the same: 4. Startup-config file backup: Copy Startup-config tftp2.startup-config file Recovery: Copy TFTP Startup-Config3 .Running-config file Backup: Copy Running-config tftp4.running-config file Recovery: Copy TFTP Running-Config
Verify command for show running-config and show startup-configerasing the configuration
Erase Start Profile Startup-Config files, use the ERASE STARTUP-Config command in privileged mode, after erase, then restart, Router will go to Setup mode
Using Cisco Discovery Protocol (CDP)
The Cisco Discovery Protocol (CDP) is Cisco Private, helps administrators to collect information for local and remote devices.
Getting CDP Timers and Holdtime Information
Previously mentioned some of the introduction of CDP, the show cdp command provides 2 information to you: 1.CDP Timer: CDP package is sent to each active interval, the default is 60 seconds 2.cdp Holdtime: A device from adjacent The hold time of the package received, the default is 180 seconds as follows: Router # SH CDPGLOBAL CDP Information: Sending CDP Packets Every 60 Secondssending A Holdtime Value Of 180 SecondsRouter # can modify the default time, in global configuration mode, using CDP Timer And the CDP Holdtime command, as follows: Router # conf Trouter (config) #CDP Timer 90Router (config) #CDP HoldTime 240 Turns off the CDP on all interfaces, using the no CDP Run command in global configuration mode; turn off the CDP of an interface NO CDP enable command. Open again to use CDP Run and CCDP Enable commands. As follows: Router (config) #NO CDP RunRouter (config) #int Fa0 / 1Router (config-if) #NO CDP enable
Gathering neighbor inform
Using Show CDP neighbour, you can display the information of the device directly connected, as follows: Router # SH CDP Neicapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMP, R - RepeaterDevice ID Local Intrfce Holdtime Capability Platform Port Id1900Switch Eth 0 238 TS 1900 22500B Ser 0 138 R 2500 Ser 0router # Some options Explanation: 1.Device ID: Main Name of Directly Connected Device 2.local Interface: Receive CDP Pack Interface 3.Holdtime: The hold time of a package received from adjacent devices, if this time still confiscates new CDP packets, it will be discarded 4. Capability: See output top information 5.Platform: Cisco device Type 6.port ID: Interface for Accepting CDP Package Information for Connecting Devices To view more detailed CDP information, you can use Show CDP Neighbor Detail or Show CDP entry * command
Gathering interface traffic information
Use the show cdp traffic command to display the interface CDP packet traffic information, as follows: Router # SH CDP TrafficCDP Counters: Packets Output: 13, Input: 8HDR Syntax: 0, Chksum Error: 0, Encaps Failed: 0NO Memory: 0, Invalid Packet: 0 , Fragment: 0Router #
Gathering Port and Interface Informations
Use the show cdp interface command to display the CDP status information of the interface
Using telnet
Telnet using Telnet [IP Address] in privileged mode, as follows: router # telnet 172.16.10.2strying 172.16.10.2 ... openpassword required, but none set [connection to 172.16.10.2 closed by foreign host] Router # It can be seen that if the Vty is not password configuration, you don't allow you telnet (unless you use the no login command, but security is almost 0). So before telnet, remember to configure the password to the target device Vtyline Telnetting Into Multiple Devices Simultaneously
When you telnet to remote devices, you can use the exit command to terminate the connection in any case. But if you want to keep this connection, use Ctrl Shift 6 when you use Ctrl SHIFT 6, then press another device. The next X key, you can return to the local console, then Telnet in another 1 device. As: 2500 # telnet 172.16.10.2strying 172.16.10.2 ... OpenUser Access VerificationPassword: 2600> [Ctrl Shift 6, x] 2500 # telnet 192.168.0.32 (omitted)
Checking Telnet Connections
Location from local to remote connection sessions, using show sessions commands, as follows: 2500 # sh sessionsconn host address byte idle conn name1 172.16.10.2 172.16.10.2 0 0 172.16.10.2 * 2 192.168.0.32 192.168.0.32 0 0 192.168.0.322500 # Note * The session represents your last session, you can knock down 2 Enter back to the * session, or enter the previous number, then knock 2 Enter key Back to the corresponding session
Checking telnet user
Use the show users command to enumeral local all activities console and vty ports, as follows: 2500 # SH userSline user host (s) idle location * 0 Con 0 172.16.10.2 00: 07: 52192.168.0.32 00:07:18 Note the contained above On behalf of the local console, this example can see 2 devices connected to the local console. Next, use this command on our remote device, as follows: 2600> SH USERSLINE User Host (s) idle location0 con 0 idle 9 * 2 Vty 0 This output can see that console is active, and Vty port 2 is used.
Closing Telnet sessions
I have said before, I have to terminate the Telnet session, using the exit command on the remote (Telnet) device. But if you want to terminate the session from your local device, you need to use the disconnect command locally, as follows: 2500 # disconnect? <1-2> the number of an active network connectionWORD The name of an active network connection
Resolving Hostnames2 Presses the Host Name to IP Address: 1. Establish a host table (Host Table) on each Router. Create a DNS server (domain name system server), this similar dynamic host table
Building a host table
The host table provides only the resolution included. The command to establish a host table is an IP host [Host Name] [TCP port number] [IP address], the default TCP port number is 23.1 hosts can correspond to up to 8 IP addresses. As follows: 2500 (config) #ip host 2501b 172.16.10.22500 (config) #ip host 1900s 192.168.0.322500 (config) # ^ z Use the show host to verify the new host table, as follows: 2500 # sh hostsdefault domain is not setname / address lookup Uses Domain ServiceName Servers Are 255.255.255.255host Flags Age Type Address (ES) 2501B (Perm, OK) 0 IP 172.16.10.21900s (Perm, OK) 0 IP 192.168.0.322500 # Note the PERM of the Flags option, the representative is manually entered, If this is TEMP, it indicates that is parsed by DNS.
Using DNS to Resolve Names
If you enter 1 Cisco device unrecognized command in the CLI, it will be parsed by DNS by default (it thinks is a host name). This bad place is to spend additional time waiting for DNS analysis. Use the no ip domain-lookup command in global configuration mode to close it
If you have a DNS server in your network, you can use more than 1 command to start working: 1. The first command is: IP Domain-lookup, this command is open by default. If you use NO IP before If DOMAIN-LOOKUP, use this command to open it 2. The second command is: IP Name-Server. Set the IP address of the DNS server, you can make 1 IP address to 6 servers 3. Latest command Yes: IP Domain-Name. Although this command is optional, it is best to set 1, the following: 2500 (config) #ip Domain-lookup2500 (config) #ip name-server 192.168.0.232500 (config) #ip Domain-name noko.com2500 (config) # ^ z2500 # You can use the ping command to be cut, as follows: 2500 # ping 1900stranslating "1900s" ... Domain Server (192.168.0.23) [OK] Using the show hosts command verification as follows: 2500 # sh hostsDefault domain is noko.comName / address lookup uses domain serviceName servers are 192.168.023Host Flags Age Type address (es) 2501B (perm, OK) 0 IP 172.16.10.21900S.noko.com (temp, OK 0 IP 192.168.0.322500 #
Checking Network Connectivity
The ping and traceroute commands are a good tool for checking the network connection Chapter9 Managing Traft ListsIntroduction to Access Lists
The main role of Access List, ACL is to filter the packet you don't want. Set some rules of the ACL: 1. Press the order, first compare the first line, then compare the second line .. until the last line 2. From the first line until one eligible row is found; after in line with the rest, the remaining rows will no longer continue to compare 3. The default refusal (DENY) implied in each ACL, if Didn't find a permit statement, meaning that the package will be discarded. So each ACL must have at least 1 line permit statement unless you think about all packets discard 2 main access list: 1. Standard access list (STANDARD Access Lists): Use the source IP address to make filtering decision 2. Extended Access Lists: It compares the source IP address and the target IP address, the protocol field of the destination 3, the layer 4 port number is used to do filtering decision
Using the ACL to filter, the ACL must be applied to the interface that needs to be filtered, otherwise the ACL does not function as a filter. And you have to define the direction of filtering, such as you want to filter it from Internet to your business network. The packet still wants to filter out the data package from the enterprise network to the Internet? Direction is divided into two types: 1.inbound ACL: first processed, routing 2.outbound ACL: first route, processed
Some points to set up ACL: 1. Each interface, each direction, each protocol, you can only set up 1 ACL2. Organize your ACL order, such as the most testive top 3. You can't remove 1 line from ACL, remove 1 line of meaning you will remove the entire ACL, Named Access Lists (introduced a named access list later) 4. The default ACL end statement is deny any, so you want Remember to have at least one permit statement 5 in the ACL 5. Remember to apply it to the interface that needs to filter it after the ACL is created. 6.acl is the data package used to filter the Router, it does not filter ROUTER The data packet generated in itself 7. Place the IP Standard ACL in the place where the IP standard ACL is closely as possible; place the IP extended ACL in the departure address as much as possible
Standard Access Lists
Introducing the ACL settings before introducing the wildcard mask. It is composed of 4 8-bit groups of 0 and 255.0 representatives must exactly match, 255 representatives, such as: 172.16.30.0 0.0.0.255, This 8-bit group group telling Router must do exactly, the value of the 1 bit 8-bit position group can be arbitrary. If you want to specify 172.16.8.0 to 172.16.15.0, the wildcard mask is 0.0.7.255 ( 15-8 = 7)
Configure IP standard ACL, use Access-Lists [Range Number] [ANY / HOST] command in privileged mode. The range number is from 1 to 99 and 1300 to 1999; Permit / Deny is permissible and refusal; Any For any host, Host is a specific host (need to keep up with IP address) or 1 paragraph
Let's take an example of setting IP standard ACL: http://bbs.*********.com/uploadfil, as shown, Router has 3 LAN connectivity 1 Internet connection. Now, users' users do not allow users to access the financial department, but they allow them to access the market and Internet connection. Configure the following: Router (config) # Access-list 10 deny 172.16.40.0 0.0.0.255Router (config ) # Access-list 10 permit Any noticed Deny Any, so at the end, we have to add permit any, Any equivalent to 0.0.0.0 255.255.255.255. Next, apply the ACL application on the interface, before saying as much as possible The IP standard ACL is placed near the target address, so use the IP access-group command to put the ACL 10 in the E1 interface, the direction is out. The OUT is OUT. As follows: Router (config) #int e1Router (Config-IF) #ip Access-Group 10 OUT
Controlling Vty (Telnet) Access
Use the IP standard ACL to control the VTY line access. The configuration steps are as follows: 1. Create an IP standard ACL to allow some hosts to Telnet2. Use the access-class command to apply the ACL to VTY lines, as follows: Router (config) # Access-list 50 permit 172.16.10.3router (config) #line vty 0 4router (config-line) # Access-Class 50 In, for example, enter the VTY line mode, apply the ACL, the direction is coming in, that is, IN. Because the default implicit Deny Any, so the above example, only the IP address is 172.16.10.3 host Telnet to Router
Extended Access Lists
Extended ACL: Command is an Access-List [ACL number] [permit / deny] [protocol] [source address] [target address] [operator] [port] [log] .An, the scope of 100 to 199 and 2000 2699; The protocol is TCP, UDP, etc., the operation symbol has the EQ (Table equal to), GT (greater than), LT (less than) and NEQ (non-equal), etc.; log is optional, indicating that this ACL is recorded, Log
To see an instance of configuring an ACL: http://bbs.*********.com/uploadfil, if you want to reject Telnet and FTP to the host of the financial department 172.16 .30.5, configured as follows: Router (config) # Access-list 110 deny tcp any host 172.16.30.5 EQ 21Router (config) # access-list 110 deny tcp any host 172.16.30.5 EQ 23Router # access-list 110 permit IP Any Any remembers the default unlike Deny All. Apply to the E1 interface, pay attention to OUT, as follows: Router #int e1Router (config-if) #ip access-group 110 OUT
Named Access Lists
Name Access List is another way to create standard and extended access list. It allows you to use named methods to create and apply standards or extended access lists. Use the IP access-list command to create, as follows: http: // bbs. **********. com / UploadFil ... 12392068957.jpgRouter (config) #ip access-list? extended Extended Acclogging Control access list loggingstandard Standard Access ListRouter (config) #ip access-list standard? < 1-99> Standard IP access-list numberWORD Access-list nameRouter (config) #ip access-list standard BlockSalesRouter (config-std-nacl) # Standard Access List configuration commands:? default Set a command to its defaultsdeny Specify packets to rejectexit Exit from access-list configuration modeno Negate a command or set its defaultpermit Specify packets to forwardRouter (config-std-nacl) #deny 172.16.40.0 0.0.0.255Router (config-std-nacl) #permit anyRouter (config-std-nacl ) #Exitrouter (config) # ^ Zrouter # Sh Run ()! ip access-list standard blocksalesdeession 172.16.40.0 0.0.0.0.0.0.255Permit ANY! () Next to the interface, as follows: Router (config) #int 1Router (config-if) #ip access-group block block outrouter (config-if) # ^ Zrouter # monitoring access lists
Some verification of the ACL command, as follows: 1.Show access-list: Displays all ACL information configured on the Router, but does not show which acl information is applied 2. SHOW Access-list [Number]: Display specific A number ACL information, nor does it show this ACL3.SHOW IP Access-list: Only IP Access List Information 4. SHOW IP Interface: Displays the information and configuration of all interfaces 5.SHOW IP Interface [interface Number]: Displays the information and configuration of the specific interface 6.SHOW Running-config: Displays DRAM information and ACL information, and the application information of the interface to ACL
Chapter10 Enhanced IGRP (EIGRP) and Open Shortest Path First (OSPF) EIGRP Features and Operation
EIGRP is a Classless, an enhanced distance vector routing protocol, similar to IGRP, and EIGRP uses AS, but the IGRP is different, and EIGRP wants information about the subnet mask in its routing update information. In this way, when we design the network, we will allow us to use VLSM and Summarization.eigrP sometimes a hybrid routing protocol because it has some features of the distance to the quantity road and link state: such as it is not like OSPF. Send a link status package to send a traditional distance vector update; EIGRP also has a link status protocol. For example, it synchronizes the routing table when the neighboring Router is started, and then send 1 update only when the topology changes. This is Make EIGRP to work in a large network. The main features of EIGRP are as follows: 1. Supports IP, IPX and AppleTalk2 through PDMS (Protocol-dependent module). Valid neighbor Router discovery 3. By reliable transfer protocol (RELIABLE TRANSPORT Protocol, RTP) Performing communication 4. Select the best path by diffusion update algorithm (DUAL) Protocol-Dependent Module
The 1 big feature of EIGRP is that it can support several network layer protocols: IP, IPX, and AppleTalk. It can support several network layer protocols like EIGRP, but the intermediate system-to-interface system (IS-IS) protocol, but This protocol only supports IP and ConnectionLess Network Service (Clns) .EIGRP supports different network layer protocols through PDMS. Each EIGRP PDM maintains a separate routing information table to load a certain protocol (such as IP) routing information. That is, IP / EIGRP table, IPX / EIGRP table and AppleTalk / EIGRP table
Neighbor Discovery
Before running the EIGRP's ROUTER exchange information, they must first become neighbor. Establishing a neighbor relationship must meet the following three conditions: 1.Hello information or accept ACK2.AS matches 3.K value
The link status protocol tends to use Hello information to establish a neighbor relationship, which does not periodically transmit routing as a distance vector. In order to maintain a neighbor relationship, Router running EIGRP must continue from the neighbor to Hellos.
If it is not within 1 AS, the router does not share routing information, nor does it establish a neighbor relationship. The advantage of this is that the propagation of a specific AS internal route information is in a large network.
When EIGRP discovers new neighbors, it began to advertise the entire routing table to other Router. When all Router knows the addition of new members, after learning the new path, since then, there is a change in the routing table. Communicate to other Router. When the router receives the neighbor update, save them in the local database table
See a few terms: 1. Feasible distance: The minimum route to a destination 2. SUCCESSOR: Subsessor: Subsequent is a direct connection neighbor Router, with the shortest route to the destination. Transfer the package to the destination by successively Router 3. The Note Distance: The neighboring Router of the adjacent Router reaches the shortest route to a destination 4. Viable subsequent successs: Feasible Success: A neighbor Router, through it can reach the destination, not using this router because the degree of the route to the destination is higher than the other Router, but its annotation distance is less than the feasible distance, so it is saved in the topology table, use it Alternate route
Reliable Transport Protocol (RTP)
EIGRP uses a private protocol called RTP to manage communication between EIGRP's ROUTER, such as RTP's name, reliable (Reliable), is the key to this protocol. RTP is responsible for EIGRP packets to all neighbors. According to sequential transmission. It supports hybrid transmission of multicast or single-point transfer packets / for efficiency. Only some E IGRP packets are guaranteed. RTP ensures that they are in progress between adjacent ROUTERs. Communication can be maintained. Therefore, it maintains a retraction table for neighbors. The table indicates that the packet has not been confirmed by neighbors. Unconfirmed reliable packets can be retransmitted by 1 6 times or until the time is time timeout, When the time longer is the limit. The multi-play address used by theEIGRP is 224.0.0.10diffusing Update Algorithm (DUAL)
EIGRP uses DUAL to select and hold the best path to the remote. It enables the Router to decide whether a path to a neighbor announcement is in a loop state, and allows Router to find an alternate path without waiting for updates from other Router. This help As a result of the convergence of the network. This algorithm is taken into the following points: 1. Backup routing line 2. Support VLSM3. Dynamic Route Recovery 4. Did not find the line to send query search for new route
Using EIGRP To Support Large Networks
EIGRP can work well in large networks, including many advantages such as: 1. Multiple AS2 can be supported on 1 separate ROUTER. Support VLSM and Summarization3. Routing discovery and keep
Multiple AS
Only the same ROUTER in the AS can share routing information. Divide large networks into different AS, can effectively speed up the aggregation. EIGRP AD is 90, and external EIGRP (External EIGRP) AD is 170
VLSM Support and Summarization
I have said that EIGRP supports VLSM and also supports discontinuous subnet. What is no continuous subnet?, As shown below: http://bbs.*********.com/uploadfil... 11441771288. JPG can be seen as shown in the figure, 2 subnets 172.16.10.0/24 and 172.16.20.0/24 are connected by 10.3.1.0/24, but Routera and B believe that they only have network 172.16.0.0
EIGRP supports manual creation of Summary on any running EIGRP's ROUTER, which reduces the volume of the routing table. EIGRP automatically puts the network summarize to the hierarchy, as shown in the figure: http://bbs.********* .com / uploadfil ... 14542432642.jpg
Route Discovery and Maintenance Similar to some link status, EIGRP discovers neighbors through Hello information; and it is similar to the vectors, using the routing routing mechanism, that is, not active, but listening to the information from others. EIGRP uses one The series of gathers are stored in information: 1. Neighbor watch, record some information about neighbors 2. Topology table, record the topology status in the network 3. Route table, according to this to do routing decision
EIGRP Metrics
EIGRP uses a mixture, including 4 aspects: 1. Bandwidth 2. Delay 3. Load (LOAD) 4. Relia 5. Maximum Transmission Unit (Maximum Transmission UNIX, MTU)
By default, EIGRP uses bandwidth and delay to determine the best path.
Configuration EIGRP
Configure EIGRP, first use the Router EIGRP [AS number] command in global configuration mode. Next, use the network command to define the direct connection network. Can still use the passive-interface command like IGRP to ban an interface to receive or send Hello Information. And remember that EIGRP AD is 90
