Anda di halaman 1dari 36

Richard Deal's CCNA (640-801) Cram Sheet

By Richard A. Deal
Distributed by
Copyright © 2003 Boson Software, Inc. All Rights Reserved.

No part of this copyrighted document and/or related copyrighted software may be

reproduced, transmitted, translated, distributed, or otherwise copied in any manner or
format whatsoever, without the prior written signed permission of Boson Software, Inc.

This copyrighted document and/or its related copyrighted software is licensed to the End
User for use only in accordance with the Boson End User License Agreement (EULA).
This document and its related software are never sold and are only licensed under the
terms of the EULA.

Trademarks or Registered Trademarks of Boson Software, Inc. in the United States and
certain other countries.

Cisco®, Cisco Systems®, CCNA®, CCDA®, CCNP®, CCDP®, CCIE®, IOS®, and
their related logos, are Trademarks or Registered Trademarks of Cisco Systems, Inc. in
the United States and certain other countries. All other trademarks, registered trademarks,
service marks, and/or certification marks, are the property of their respective owners.
Any use of a third party mark does not constitute a challenge to said mark. Trademark,
service mark, and/or certification mark acknowledgements will be added to the next
product revision upon request.

Boson Software, its products, courseware, practice tests, study guides, software
applications, and/or other materials are not sponsored by, endorsed by or affiliated
with Cisco Systems, Inc., or any company mentioned within and/or related to this

First Edition

CCNA 640-801 Cram Sheet
This Cram Sheet is based on many years of networking experience with Cisco
equipment, many years of authorizing experience, and many years of test taking
experience with Cisco certifications. Having written Exam Cram books for Que
Publishing and The Coriolis Group, I felt that having all the important material
condensed into a few dozen pages will greatly help those people who have gone
through book-reading and training and are in their final days of CCNA exam

This Cram Sheet is based on my book with McGraw-Hill, entitled CCNA Cisco
Certified Network Associate Study Guide (640-801). It pulls all of the
important information from this book and puts it into a condensed and simplified
presentation. I’ve broken this Cram Sheet into 18 sections, including the
Introduction. The remaining sections correspond to the chapter numbers in my

Please note that you can use this Cram Sheet to study for all three CCNA
exams: INTRO (640-821), ICND (640-811), and CCNA (640-801). For preparing
for INTRO, study the notes for chapters 1-6. For preparing for ICND, study
chapters 3 and 5-17. For the CCNA, study all chapters.

Further Preparation
If you want to practice your test-taking skills, I also offer practice exams with
QuizWare (, which is an affiliate of Boson Software
( Please feel free to download my exams and try them
out (you get to look at a dozen questions free without having to activate them.
Each exam has over 450 questions, with 20+ simulation questions. I have an
exam on INTRO (640-821), ICND (640-811), and two on the CCNA (640-801).

If you have any further questions about my book, my practice exams, or this
Cram Sheet, please visit my web page at
or you can email me at

Thanks for your support! And good luck studying!!!

Richard A. Deal
Richard A. Deal

Chapter 1: Networking Technologies
SOHO is a term used to describe users working from a home or small office. A branch
office is a small group of users connected in a small area called a LAN. Mobile users
constantly change their access point for connections, which can be LAN or WAN. The
corporate office is where most users and resources are located.

Ethernet has either a physical bus, star, or point-to-point topology; but logically it is
represented as a bus. FDDI uses both a physical and logical ring topology. Token Ring
uses a physical star topology, but a logical ring topology.

ISDN and analog circuit-switched connection are used for temporary or backup
connections. Leased lines (dedicated circuits) are used to provide guaranteed bandwidth
across short distances. Packet- and cell-switched services are used when you have a
single connection to the WAN, but need to connect to multiple destinations. Cell-
switched services (ATM and SMDS) provide a high level of QoS, while packet-switched
services (Frame Relay and X.25) provide a low level.

An intranet is local to one company. An extranet extends an intranet, providing services

to known external users and companies. An internet provides connections across a public
network for unknown users. VPNs can be used to protect/encrypt traffic for
internet/extranet traffic.

Chapter 2: Networking Concepts
The OSI Reference Model (ORM) defines the process of connecting two layers, promotes
interoperability between vendors, separates a process into simpler components, and
compartmentalizes the design process for vendors, simplifying implementation and

The ORM has seven layers: application, presentation, session, transport, network, data
link, and physical. The top layer, application provides the user interface and includes
applications like FTP, web (HTTP), email (SMTP), and telnet. The presentation layer
defines how information is presented to the user and includes the following: ASCII,
EBCIDIC, BMP, GIF, JPEG, WAV, AVI, and MPEG. The session layer sets up and tears
down network connections and includes NFS and RPCs. The transport layer can provide
a guarantee or no guarantee for delivery of data and includes TCP and UDP from TCP/IP.
The network layer, where routers function, defines a logical topology and layer-3
addressing. Protocols at this layer included TCP/IP, IPX, and AppleTalk. The data link
layer, where switches, bridges, and NICs operate, defines MAC (hardware) addresses and
how devices communicate on a media type. Protocols at this layer include IEEE’s 802.2,
802.3, 802.5, Ethernet II, HDLC, PPP, and Frame Relay. The physical layer, where hubs
and repeaters operate, defines the physical properties of connections and
communications, which includes wires, like UTP and fiber, and connectors, like RJ-45
and DB-9. Copper cabling is susceptible to EMI (electromagnetic interference) while
fiber is not.

Narrowband solutions provide connectivity at lower data rates, but can be increased by
using spread spectrum, which spreads a signal across multiple frequencies. Cisco’s
Aironet uses spread spectrum. Broadband solutions provide higher data rates and is used
by Sprint’s PCS and can provide national coverage. For international coverage, satellite
can be used, but it has a high latency and cost.

802.11b, called Wi-Fi, operates at 2.4 GHz at speeds of 11 Mbps. 802.11a operates at 5
GHz at speeds of 54 Mbps. 802.11g operates at 2.4 GHz at speeds of 54 Mbps. 802.11b
and 802.11g are interoperable.

The first six hexadecimal digits of a MAC address represent the OUI. MAC addresses
must be unique within a broadcast domain (VLAN), but can be duplicated across
broadcast domains. A unicast is sent to a single device; a broadcast is sent to every
device; and a multicast is sent to a group of devices.

Ethernet uses CSMA/CD. No one device has priority over another. Before transmitting,
the device senses the wire. If two devices transmit simultaneously, a collision occurs.
When this happens, they generate a jam signal, wait a random period, and retry
transmitting again.

IEEE 802.2 uses a SAP or SNAP field to differentiate amongst encapsulated protocols. A
SNAP frame sets the SAP fields to 0xAA to indicate a SNAP frame. SNAP is used to

extend the number of protocols 802.2 frames can transport. Ethernet II, developed by
DEC, Intel, and Xerox (DIX), and IEEE’s 802.3 are not compatible. Ethernet II doesn’t
have sublayers while 802.3 has two (LLC and MAC) and Ethernet II has a type field
while 802.3 has a length field.

Half-duplex (Hubs, 10BaseT, 10Base2, and 10Base5) connections are used in a shared
medium and allow a device to either send or receive. Half-duplex connections experience
collisions. Full-duplex connections require point-to-point connections, where devices can
simultaneously send and receive without collisions occurring.

Bridges learn, forward and remove loops (using STP). The three types of traffic bridges
flood are broadcasts, multicasts, and unknown destinations. Bridges and switches are
used to solve bandwidth and collision problems--routers can do this, but they cost more.

The network layer defines logical addresses, finds layer-3 paths to destinations, and
connects different media types together, like serial and Ethernet. Routers make routing
decisions based on the network component of an address. A routing table stores the
locations of networks. Routers allow you to build a scalable hierarchical network, contain
broadcasts and multicasts, find optimal paths to destinations, switch packets on the same
interface, implement QoS, filter and encrypt traffic, and many other things.

The transport layer sets up and maintains a session connection between devices, provides
for reliable or unreliable delivery of data, implements flow control through ready/not
ready signals or windowing, and multiplexes connections. When providing reliable
delivery of data, the transport layer goes through a three-way handshake. Source and
destination port numbers are used to multiplex connections. Flow control is used to
ensure a source doesn’t overrun a destination with too much data. Ready/not ready
signals are not efficient for flow control because they cause unnecessary delays and drops
of traffic. Windowing defines a specified amount of data that can be sent, and then the
source has to wait for an acknowledgment before sending more data.

A PDU is a generic term used to describe information. Data is something the application,
presentation, and session layers create. The transport layer encapsulates this in a segment.
The network layer encapsulates this in a packet or datagram (IP). The data link layer
encapsulates this in a frame. The physical layer converts this to a physical layer signal on
the physical medium used. The destination goes through a de-encapsulation process.

Cisco uses a 3-layer hierarchical design: core, distribution, and access. The core, using
switches, provides a high-speed switching infrastructure and doesn’t perform packet
manipulations. The distribution layer, using switches and routers, separates the core and
access layers, providing a logical boundary and containing broadcasts. Policies are
implemented here. The access layer provides a user’s initial access to the network.

Chapter 3: IP Addressing
IP addressing is a VERY important topic on the INTRO, ICND, and CCNA exams. If
you don’t understand IP addressing and subnetting, you will probably fail the exam.

TCP, at the transport layer, provides for flow control and reliable connections, and
includes applications like FTP (21), telnet (23), SMTP (25), and HTTP (80). A TCP
segment includes source and destination port numbers, a sequence number, an
acknowledgement number, code bits (control and synchronization functions), a window
size, and a checksum, among other things. TCP uses a 3-way handshake (SYN,
SYN/ACK, and ACK) when setting up a reliable connection. PAR (positive
acknowledgment and retransmission) is used by TCP to recover from lost segments: the
same segment is sent repeatedly, with a small delay between segments, until an ACK is
received from the destination. ACKs can be sent along with sequence numbers in the
same segment.

UDP, at the transport layer, doesn’t provide any reliability or flow control, but is more
efficient than TCP, and includes applications like DNS (53), TFTP (69), SNMP (161) and
RIP (520).

IP, at the network layer, uses the TTL field to limit the number of hops a packet can
travel. Protocols that use IP include ICMP, IGRP, IPv6, TCP, and UDP, among others.
Ping and traceroute use ICMP, where are used to test connectivity between devices. Ping
generates an echo and expects and echo reply from the destination.

ARP resolves an IP address to a MAC address and RARP, using a layer-2 function,
allows a device to acquire a layer-3 address. DHCP allows a device to acquire an IP
address, subnet mask, DNS, TFTP, and WINS server addresses, a domain name, and
length of the address lease. When a device needs to send something to another broadcast
domain, it uses the real destination layer-3 address in the packet, but the MAC address of
the default gateway in the frame.

Computers deal with numbers in binary. A byte has 8 bits, where each bit has a decimal
value, shown below:

Bit Position 8 7 6 5 4 3 2 1
Decimal Value 128 64 32 16 8 4 2 1

To convert a binary value into a decimal value, add up the decimal values equivalent to
the bits that are turned on (set to 1).

Hexadecimal has a range of values from 0-9 and A-F and are represented in 4 bits. Use
this chart to convert between the three numbering schemes:

Decimal Binary Hex

0 0000 0

1 0001 1
2 0010 2
3 0011 3
4 0100 4
5 0101 5
6 0110 6
7 0111 7
8 1000 8
9 1001 9
10 1010 A
11 1011 B
12 1100 C
13 1101 D
14 1110 E
15 1111 F

IP addresses are 32-bits in length and represented in a dotted decimal notation.

Remember the following table for IP addresses:

Network bytes 1 (8) 2 (16) 3 (24)
Host bytes/bits 3 (24) 2 (16) 1 (8)
High order bits 0 10 110 1110 11110
Addresses 1-126 128-191 192-223 224-239 240-254

Networks 0, 127, and 255 are reserved: 0 represents all IP addresses, 127 is the loopback
and for testing, and 255 is for broadcasts. Class D addresses are used for multicasting and
Class E are reserved.

Each network has a network (wire) number, a directed broadcast, and host addresses
(between the first two values). Each network loses two host addresses (network and
broadcast). Knowing the number of host bits, the total number of host addresses in a
network is 2N - 2, while the total number of addresses in a network is 2N.

Subnet masks define the network and host boundary in IP addresses. A binary 1 indicates
a network number and a binary 0 indicates a host component. All the binary 1s and 0s
must be contiguous, and the length of the subnet mask is 32 bits. When subnetting, the
first and last subnets in a network (subnet 0) may or many not be valid. Remember this
important point for the exam. To convert a binary subnet mask into a decimal mask, add
up the host bit values, creating a decimal number, and subtract this from 255, which
results in the subnet mask value.

When developing an IP addressing scheme, use these steps: (1) figure out the network
and host requirements; (2) satisfy host and network requirements; (3) figure out the
subnet mask; (4) figure out the network addresses; (5) figure out the directed broadcasts

for your networks; (6) figure out the host values for your networks. The directed
broadcast address is one number less than the next network number.

If you are given a specific address and subnet mask, and asked to determine if this is a
network, host, or directed broadcast address, follow these steps: (1) Examine the subnet
mask and find the interesting octet (boundary between networks and hosts--non-255
number); (2) Subtract the interesting octet from 256 (this results in the multiple that
network numbers are increasing by in the interesting octet); (3) Write down the network
numbers starting at 0; (4) Write down the broadcast addresses for those around the
address in question (the broadcast address is one less than the next network number); (5)
Write down the host addresses (addresses between the network and broadcast addresses).

You can use Boson’s subnet calculator to check your results when practicing your IP
addressing (

Chapter 4: Preparing Network Connections

Hubs and repeaters connect devices together in the same collision domain. Repeaters
repeat a signal and are used to extend the length of a cable. A hub is repeater. These
devices operate at layer-1 in the same collision, or bandwidth domain. Switches and
bridges are used to solve collision and bandwidth problems. Switches dedicate a port to
each device (separate collision/bandwidth domain), which is called micro segmentation.
Routers connect broadcast domains together and don’t propagate broadcasts by default.

Out-of-band (console and aux ports) management doesn’t affect the traffic on the
backplane of a device while in-band (telnet, SNMP, web browser) management does.
Most Cisco console connections use an RJ-45 rollover cable and an RJ-45-to-DB-9
terminal adapter. With a rollover cable, the pins on the two sides of the cable are
reversed. When setting up a console connection, configure the following in your terminal
package: speed (9,600 bps), data bits (8), stop bits (1), parity (none), flow control (none).

The nomenclature for switch’s interfaces is type slot_#/port_#. Interface types include
ethernet, fastethernet, or gigabit. The slot number is always 0 for the 1900 and
2950 switches. The port number starts at 1 and works its way up. The nomenclature of
router interfaces is the same, but more types are included, like atm, asynch, bri,
ethernet, fddi, serial, tokenring. However, port numbers always start at 0. Plus
for non-modular routers, omit the slot_# and the “/”--just specify the port_#.

When connecting Ethernet devices together, use a crossover cable for DTE-to-DTE and
DCE-to-DCE connections and a straight cable for DTE-to-DCE connections. A DTE is a
router, PC, or file server and a DCE is a hub or switch. A crossover cable crosses over
pins 1-3 and 2-6. For serial connections, Cisco uses a proprietary DB-60 or DB-21
interface connector.

Chapter 5: Basic Switch and Router
IOS stands for Internetwork Operating System and its advantages include features,
connectivity, scalability, reliability, and security. When the Cisco device boots up, it runs
POST, finds and loads the IOS, and finds and loads the configuration file. You can access
a Cisco device via a console or aux port or the VTY ports via telnet, TFTP, SNMP, or a
web browser.

The IOS has three different modes: User EXEC, Privilege EXEC, and Configuration.
From User EXEC mode, use the enable command to access Privilege EXEC mode. To
go back to User EXEC mode, use the disable command. To log out of either mode, use
the exit command. Use the configure terminal command to access Configuration
mode. Use the hostname command to change the name of the device—this name has
local significance only. To enable an interface on any device, use the no shutdown
command. To disable an interface, use the shutdown command. If you are in a
Subconfiguration mode and enter a Global command, typically the router executes the
command as a Global command and takes you back to Global mode. The exit command
takes you back one Configuration level. The end or CNTRL-Z control sequence exits
Configuration mode. The show running-config command displays the IOS device’s
currently running configuration in RAM. Any command that examines or manipulates
configuration files must be executed from Privilege EXEC mode.

You can use the help command or the ? to pull up context-sensitive help; and you can
abbreviate commands to their most unique characters. You can use the context-sensitive
help when doing the simulation questions on the INTRO, ICND, and CCNA exams.
There are four editing features supported by the IOS: symbolic translation, command
prompting, syntax checking, and command recall. The router holds the last 10 executed
commands in its history buffer. <CNTRL>A takes you to the beginning of a line and
<CNTRL>E to the end. <CNTRL>P takes you to a previous command and <CNTRL>N
to a more recent one.

From the main menu of the 1900, enter K to access the IOS. The enable password
level 1|15 command configures the User (1) and Privilege (15) EXEC passwords. To
assign a password to the 1900, us the ip address command; and to assign the default
gateway address, use the ip default-gateway command. The configuration on the
1900 is automatically saved.

On the 2950 or router, use the line password command to secure User EXEC access.
Routers support five VTYs (0-4). Use the login command to allow login access on your
VTYs. The enable password command configures an unencrypted Privilege EXEC
password and the enable secret command creates an encrypted one. To assign a
password to the 2950, us the ip address command under the VLAN interface
(interface vlan1); and to assign the default gateway address, use the ip default-

gateway command. The 2950 and routers do NOT automatically save their
configurations. To save the configuration on a 2950 or router, use the copy running-
config startup-config command.

When a router doesn’t contain a configuration file in NVRAM when it boots up, it takes
you into the System Configuration Dialog, which can be reached via the Privilege setup
EXEC command. To break out of the scrip without saving your changes, use
<CNTRL>C. At the end of the script, answering 0 aborts the script and ignores your
input; a 1 takes you back to the beginning of the script and remembers your previous
answers; a 2 ends the script, but saves and executes your changes. Anything in []s are
default values. The script takes you through global configurations first, and then interface
configurations. You cannot configure everything with this script.

On a router, use the banner motd command to create a login banner and the exec-
timeout command to set up the idle timeout for management connections. The
terminal monitor Privilege EXEC command allows you to view console output on
non-console lines.

If an interface is “up and up” the physical and data link layers are operational; “up and
down” indicates a data link layer problem; “down and down” indicates a physical layer
problem; “administratively down and down” indicates a disabled interface (shutdown
command). Use the show interfaces command to verify its status.

If you are copying and pasting a configuration file into a router, and the router interface is
disabled with the shutdown command, your pasted configuration file must contain the
no shutdown command in order to active the interface. This is a common problem
when copying and pasting a configuration file from an old router to a new router, where
the interfaces on the new router are disabled by default.

For serial interfaces on routers in a back-to-back connection, use the show controller
command to determine the DTE and DCE--the clock rate command configures the
physical speed for the connections. The bandwidth command does not change the speed
of the interface: it affects only the metric used by certain routing protocols.

On routers, configure IP addresses on interfaces with the ip address command. If you

misconfigured an IP address on a router’s interface, use the no ip address command
to remove it or the ip address command to overwrite the old one. The show ip
interface command displays if an ACL is applied to an interface.

The show version command displays the IOS version, the uptime, the amount of
RAM, NVRAM, and flash, the type and number of interfaces, and the configuration
register value.

Chapter 6: Managing Your Network Device
On a Cisco device, POST executes hardware tests. The bootstrap program (not the IOS)
finds and loads the IOS image. ROMMON contains a mini-operating system (not the
IOS) used for debugging and low-level testing of the Cisco device. The Mini-IOS is a
stripped down IOS stored in ROM and is used to perform an emergency boot of the
router if it can’t find an IOS image--this mode is called RXBOOT mode. All of these
components are stored in ROM. The operating system is stored in flash and the
configuration file is stored in NVRAM.

When booting up, the router runs POST, loads the bootstrap program, loads the IOS, and
executes the configuration file. You can use boot system commands to affect where
the router should find and load the IOS: flash, a TFTP server, or ROM. If these
commands don’t exist in NVRAM, the default bootup process is used.

The configuration register is used by the device to determine how it boots up and finds its
components. A 0x0 in the fourth digit means the router will boot into ROMMON mode; a
0x1 causes the router to boot into RXBOOT mode (Mini-IOS); a 0x2 causes the router to
boot up using the default process. The configuration register can be used with the show
version command. The default value is 0x2102.

If you need to perform the password recovery procedure, break into ROMMON mode by
using the <CNTRL><BREAK> sequence when the router begins to boot. Change the
configuration register to 0x2142 and boot up the router. Break out of the System
Configuration Dialog and enter Privilege EXEC mode. Copy the NVRAM configuration
into RAM. Enter Configuration mode, change the passwords, enable the router’s
interfaces, and change the configuration register back to 0x2102 (config-register).
Exit to Privilege EXEC mode and save the configuration from RAM to NVRAM.

Anytime you execute a copy command that copies from RAM to something else, the
router uses an overwrite process. Anytime you copy something into RAM, the router uses
a merge process.

The show flash and show version commands display the amount of flash in your
router. Cisco images use a naming convention that describes the platform image, the
feature set, if the image is compressed or relocatable, and the IOS version and revision
numbers. Before loading an IOS image on a TFTP server, check to make sure it is
reachable (ping), check its disk space, check to see if the file nomenclature of the IOS is
supported, and verify if the file must exist (empty) first before you can copy to it. The
copy flash tftp command backs up the IOS image and the copy tftp flash
command upgrades it. The reload command reboots the router.

The show interfaces command and CDP tests layer-2 connectivity. The ping and
traceroute commands test layer-3 connectivity. The telnet command tests layer-7

connectivity. debug commands test layer-2 through layer-7 connectivity. The undebug
all or no debug all command disables all debug functions.

CDP is enabled on every Cisco device by default. Multicast updates are generated every
60 seconds with a hold-down timer of 180. Neighboring Cisco devices will never forward
another neighbor’s messages. CDP is supported on ATM, Ethernet, FDDI, Frame Relay,
HDLC, and PPP interfaces. Use the no cdp run command to globally disable CDP and
the no cdp enable command to disable CDP on an interface. The show cdp
neighbors command displays your directly connected Cisco devices, and adding the
detail parameter displays their layer-3 addresses.

The simple ping and traceroute commands can be executed from both User and
Privilege EXEC modes, but the extended versions can only be executed from Privilege
EXEC mode.

Ping uses ICMP echo messages to test connectivity. If the destination is reachable, the
destination responds back with an echo reply (“!”); otherwise, an intermediate router
responds back with either a destination or network unreachable message (“.”, “n”, or
“u”). An “a” indicates the ICMP message was filtered. With an extended ping, you can
enter the following information: protocol, source and target address, number of tests (5),
packet size (100 bytes), timeout (2 seconds), type of service, fragmentation, data pattern,
and IP header options.

If you are experiencing connection problems, first check internal connectivity by pinging
your loopback address ( If this fails, there is a problem with your TCP/IP
protocol stack. Next, ping your PC’s IP address. Fix it with either ipconfig or
winipcfg. Next ping your default gateway. If this fails, check your PC’s subnet mask
and the configuration of the default gateway (router).

The traceroute command lists each router the packet goes through when traveling to
the destination, and is used to troubleshoot routing problems.

The 1900 does not support telnet. To suspend a telnet session, use the
<CNTRL><SHIFT>6 x control sequence. Pressing <ENTER> on an empty line resumes
the last suspended telnet session. To resume a specific suspended telnet session, use the
resume command. The show sessions command to displays your suspended telnet
sessions and the disconnect command disconnects them.

Chapter 7: Bridging and Switching
Bridges perform switching in software and switches in hardware (ASICs). Bridges only
support store-and-forward switching while switches can support store-and-forward, cut-
through, and fragment-free switching. Store-and-forward pulls in the whole frame,
checks the CRC, and the forwards the frame; cut-through reads the first 14 bytes (through
the destination MAC) and forwards the frame; fragment-free reads the first 64 bytes and
forwards the frame. The 1900 supports all three (defaults to fragment-free), but the 2950
only supports store-and-forward.

Bridges support 2-16 ports while switches can support dozens or hundreds. Bridges only
support half-duplex while switches support both half- and full-duplex. All ports in a
bridge are in the same broadcast domain while switches can break up broadcast domains
with VLANs. With bridges, there is only one instance of STP, while switches can support
1 instance per VLAN.

Bridges/switches have three main functions: learn, forward, and remove loops. Bridges
learn by placing source MAC addresses and their connected ports in a CAM (port
address) table. This table is used to intelligently forward frames. Broadcasts, multicasts,
and unknown destinations are always flooded. The show mac-address-table command
displays the CAM table contents, including the MAC address, port, VLAN, and the
method (static or dynamic) from which user’s device was learned.

The IEEE 802.1D (STP) protocol is used to remove loops. Switches use BPDUs to share
topology information, which are generated every 2 seconds. The switch’s ID is composed
of a priority and MAC address. The switch with the lowest ID is chosen as the root.

A BPDU’s path cost is incremented by the post cost when received on a port. Each
switch chooses a root port to reach the root switch. This is chosen by the lowest
accumulated path cost to the root, the connected switch with the lowest switch ID, the
port with the lowest priority, or the physically lowest-numbered port, in that order if there
are multiple ports or ties. Each segment also uses one port on one switch to reach the
root, called the designated port. This is chosen by using the connected switch with the
lowest accumulated path cost, the switch with the lowest ID, the port with the lowest
priority, or the lowest physically-numbered port.

When STP is running, a port can go through four states: blocking (20 seconds), listening
(15 seconds), learning (15 seconds), and forwarding, which can take from 30-50 seconds
to converge. In all states, BPDUs are processed on the port. In the learning state, the
CAM table is built. In the forwarding state, user frames are forwarded through ports.

All ports on Cisco switches are enabled. The 1900’s 10BaseT are half-duplex, the
100Base and the 2950s are auto-sensing. CDP and STP is enabled for all ports. No
passwords or IP addresses are configured on the switches. The duplex command
configures the duplexing the speed command configures the speed (only the 2950): use
the show interfaces command to verify your interfaces’ configuration.

The port secure command on the 1900 enables port security--up to 132 addresses can
be dynamically learned. To disable port security, reset the addresses to 132 and use the
no port secure command.

To backup a 1900’s configuration to a TFTP server, use copy nvram tftp:. To

restore it, use copy tftp: nvram. To delete it, use delete nvram, which sets the
switch back to its factory defaults.

Chapter 8: Virtual LANs
A VLAN is a group of devices in the same subnet or broadcast domain, providing
location independence. This make adds, moves, and changes easier and allows you to
group users together based on job functions. Routers are used to move packets between
broadcast domains. Both the 1900 and 2950 support 64 VLANs.

Static VLANs are manually configured and are called port-based VLAN. Dynamic
VLANs have the switch, with the assistance of a VMPS server, put a device in the VLAN
based on information from the device, like its MAC address, layer-3 address, or the
user’s user or group name.

An access-link connects a switch to a normal Ethernet NIC where standardized Ethernet

frames are transmitted. A trunk allows you to carry traffic for multiple VLANs. Cisco
supports four trunking methods: ISL (Cisco-proprietary), IEEE’s 802.1Q, ATM’s LANE,
and 802.10 with FDDI (Cisco-proprietary). ISL adds a 26-byte header and 4-byte trailer
to the user’s frame--the 1900 only supports ISL. 802.1Q inserts a 4-byte tag into the
user’s frame and recomputes the FCS--the 2950 only supports this.

PVST supports one STP instance per VLAN and works ISL trunks. CST supports one
instance of STP for all VLANs and works on 802.1Q trunks. On the 1900, the show
spantree command displays STP information; on the 2950, the show spanning-
tree command displays STP information.

Cisco’s VTP is used to share VLAN information across trunk connections and ensures a
consistent VLAN implementation is maintained across all switches in the same domain.
VTP supports three modes: server, client, and transparent. Servers generate VTP
multicasts every 5 minutes. Here is a comparison of the three different VTP modes:

Server Client Transparent

Adds, modifies, and deletes VLANs Y N Y
Generates VTP messages Y N N
Propagates VTP messages Y Y Y
Accepts changes in VTP messages Y Y N
Default mode Y N N

Clients don’t store VLAN information locally--the generate an advertisement request

when they boot up and learn this from a server. Servers generate subset and summary
advertisements. VTP switches use highest configuration version number in server
messages to determine who has the most current VLAN information. VTP pruning can be
used to dynamically prune inactive VLANs from trunks, but requires switches to be in
server mode.

By default, switches don’t have a domain name configured and default to server mode.
No password is configured and pruning and traps are enabled on the 1900, but disabled

on the 2950. To set up VTP on a 1900, use the following commands: vtp domain, vtp
server|client|transparent, vtp password, vtp pruning enable|disable,
and vtp trap enable. On the 2950, VTP is set up from Privilege EXEC mode with
the vlan database command. Use these commands in this mode to configure VTP:
vtp domain, vtp server|client|transparent, vtp password, vtp pruning,
abort (don’t save), and exit (save).

DTP is a Cisco-proprietary protocol that is used to dynamically form trunks on ports. To

form a trunk one side needs to be set to either on or desirable and the other to on, auto, or
desirable. To disable DTP, but still set up a trunk, use no-negotiate. The default mode is
auto. The 1900 trunk command enables trunking and the show trunk A|B command
verifies trunking. The 2950 switchport mode command configures trunking and the
show interfaces switchport|trunk command verifies it.

Every Cisco switch comes with 5 pre-configured VLANs: 1 and 1002-1005. All
interfaces, by default, belong to VLAN 1--this is also the management VLAN where
CDP, DTP, VTP messages are generated. In order to add, delete, or change VLANs, your
switch must be in VTP server or transparent mode. You can change a VLAN name, but
changing its number requires deleting it and then adding it with the correct number. If
you need to delete a VLAN, first reassign any ports to a different VLAN; otherwise the
ports will be placed in VLAN 1. The vlan command creates VLANs (on the 2950 this is
done in the VLAN database). On the 1900, use the vlan-membership static
command to associate ports to VLANs; on the 2950 use the switchport mode
access and switchport access vlan commands. Use the show vlan command to
display your VLANs.

Chapter 9: Routing Overview
The three main functions of a router is to learn about neighboring routers, find and
choose the best path to destination networks, and keep this information up-to-date. These
routes can be configured statically or learned dynamically. A connected route is a
network directly connected to a router’s interface. A routed protocol is a layer-3 protocol
like IP or IPX. A routing protocol determines how to get a routed protocol’s traffic to a
destination. Routing protocols include RIP, IGRP, OSPF, and EIGRP. Each routed
protocol has its own routing table on the router. You should consider the following when
choosing a routing protocol: routing metrics, how routing information is shared,
convergence of the protocol, overhead, and processing of routing information.

An autonomous system is a group of networks under a single administrative control and

these are uniquely identified by a unique number. Administrative distances are used to
range IP routing protocols and is proprietary to Cisco: the lower the number the more
preferred. Here are some default distances: connected (0), static (0 or 1), EIGRP (90),
IGRP (100), OSPF (110), and RIP (120). Within a routing protocol, metrics are used to
choose the best path. The lower the metric the better the route. Here are some common
metrics used by routing protocols:

Metric Routing Protocols Description

Bandwidth EIGRP, IGRP Capacity of the links in Kbps
Cost OSPF Inverse of the bandwidth
Delay EIGRP, IGRP Measurement of time
Hop count RIP Number of routers away
Load EIGRP, IGRP Utilization
MTU EIGRP, IGRP Frame size
Reliability EIGRP, IGRP Least amount of errors or down time

To configure a static route, use the ip route command. You can specify a neighboring
router or your router’s exit interface as the next hop. A default route has an address of

Classful protocols only understand class subnets and only support one subnet mask per
class address (RIPv1 and IGRP). Classful protocols support more than one subnet mask
per class address (RIPv2, EIGRP, OSPF, BGP, and IS-IS).

Use the show ip route command to display your IP routing table. Here are some
routing protocol codes: R (RIP), I (IGRP), D (EIGRP), and O (OSPF). The routing table
lists network numbers, subnet masks, the neighboring router that advertised the route, the
interface used to reach the route, and how old the route is.

A router-on-a-stick is a router with a trunk interface that routes traffic between VLANs
on the trunk. This is done by creating subinterfaces on the router.

Distance vector protocols use the Bellman-Ford algorithm to choose paths. They are easy
to set up and troubleshoot and have low overhead for memory and processing cycles:
When a route is received on an interface, the router increments the metric, compares this
to the routing table, and updates it, if necessary. Distance vector protocols use periodic
broadcasts. Link state protocols use the Dijkstra algorithm to choose paths to destinations
and create a loop-free topology. Unlike distance vector protocols, they are more CPU-
and memory-intensive. They use multicasts to disseminate routing information and only
advertise changes. They support route summarization and hierarchical routing.

Convergence occurs when all routers understand the current topology of the network,
which can be done by examining their routing tables. A routing loop is where routers
have a misunderstanding of how to reach destinations in a network. Distance vector
protocols have problems with routing loops. Counting to infinity is where packets travel
around a routing loop forever: hop count limits are used to prevent this. Split horizon
prevents a router from advertising a route out an interface from which it was learned.
When a network is not reachable, a router assigns an infinite metric to it, poisoning it
(poisoned route). A router that receives a poisoned route will generate a poison reverse,
breaking the split horizon rule by advertising it out all interfaces, including the source
interface. A router uses hold-down timers to keep the poisoned route in the routing table
long enough so that all routers can learn about and process the change. The hold down
timer is typically three times the update interval, which slows down convergence.

Chapter 10: Configuring Distance Vector
To enable routing on your router, you need to perform two things: put IP addresses on
your interfaces (and enable them) and configure a routing protocol. The order of these
two items is not important. Use the router command to enter an IP routing protocol and
the network command to specify a network (interfaces) that will participate in the
routing protocol. For classful protocols, I highly recommend that you put in the class
address (not the subnetted address) when configuring the network statement on any
exam questions--it’s a simulator, not a full-functioning router.

RIPv1 is a classful, distance vector protocol and broadcasts routing updates every 30
seconds. It uses hop count as a metric and has a hold-down timer of 180 and a flush
period of 240 seconds. RIP can load balance, by default, across 4-equal cost paths, but
this can be increased to 6. RIPv2 is a hybrid protocol: it is classless (supports VLSM and
route summarization), triggered updates, and multicasts. It is backwards compatible with

Use the router rip command to take you into IP RIP’s configuration and the
network command to specify the interfaces that will participate in RIP. The version
command specifies, globally, which version of RIP your router will use. By default, a
Cisco RIP router will only generate RIPv1 updates, but will receive either RIPv1 or v2.
Use the show ip protocols command to view your RIP configuration. The debug
ip rip command displays RIP updates your router generates or receives on a interface.

Cisco’s IGRP (Interior Gateway Routing Protocol) is a classful, distance vector protocol
and broadcasts updates every 90 seconds, with a hold-down period of 280 seconds and a
flush period of 630 seconds. It uses triggered updates to speed up convergence. Its default
metrics include bandwidth and delay, but you can also enable reliability, load, and MTU
for the metric algorithm. Unlike RIP, IGRP supports load balancing across unequal-cost
paths by using the variance command.

When configuring IGRP, you must specify the autonomous system number after entering
the router igrp command. Routers in different autonomous systems will not share
routing information. The network command specifies the interfaces that will participate
in IGRP--use classful network numbers with this command. Use the show ip
protocols command to view IGRP’s configuration. The debug ip igrp events
command displays IGRP routing updates, like when an updates is received or generated,
while the debug ip igrp transactions command displays the actual contents of
the routing updates.

Chapter 11: Configuring Advanced Routing
OSPF (Open Shortest Path First) is an open standard routing protocol that uses a link
state algorithm called the SPF (shortest path first) algorithm. Developed by Dijkstra, this
algorithm guarantees a loop-free topology. It uses triggered, incremental updates and
multicasts to communicate with other OSPF routers. OSPF uses cost as a metric, which is
an inverse of the bandwidth of a link.

OSPF is classless and supports VLSM and route summarization. It supports a two layer
hierarchy using areas: area 0 is the backbone and other areas are connected to the
backbone. OSPF is typically used in large routing environments with mixed-vendor
router products. OSPF has more overhead than distance vector protocols: it requires more
memory to hold additional information (neighbor and topology/database tables), requires
extra CPU processing to run the SPF algorithm, especially when you turn on your routers,
requires a careful design to create a hierarchical network, and is difficult to configure and

Each OSPF router has an ID. The ID is used to differentiate between different OSPF
routers. If the router has a loopback interface(s), the highest IP address between these
interfaces is chosen; otherwise, the highest IP address on an active interface is chosen. If
there are no active interfaces on the router, OSPF will not start. It is recommended to
create a loopback interface for the OSPF router ID. To create a loopback interface, use
the interface loopback command.

OSPF routers use Link State Advertisements (LSAs) to communicate with each other. To
build and maintain a neighbor relationship, OSPF routers generate hello LSAs every 10
seconds. On broadcast links, OSPF routers share routing information to a DR (designated
router) via, who disseminates this to everyone else on the segment via The router with the highest priority is chosen as the DR and the second highest
as the BDR. If there is a tie, the router with the highest router ID is chosen. DRs and
BDRs are not used on point-to-point links.

OSPF routers shared connected routes with the DR, which includes the ID of the
advertising router, the type of link-state for the route, the cost of the route, and the
sequence number for the advertised route. Distance vector protocols, on the other hand,
share almost any route in their routing table (connected or remote) with their neighbors.
OSPF routers go through an initialization process to determine if they can become
neighbors. If they don’t then they won’t share routing information. If OSPF routers enter
a two-way state, they are neighbors; however, routing information is always disseminated
via the DR on multi-access segments. Whenever routing information is shared, an
acknowledgement is shared to verify receipt of the update.

To configure OSPF, use the router ospf command and specify the process ID--this is
used to differentiate between different OSPF processes running on the same router. The

network command is used to specify which interfaces participate in OSPF and has this
syntax: network network_# wildcard_mask area area_#. The wildcard mask is
an inverted subnet mask and is used to match on all interfaces, a range of interfaces, or
one specific interface. The area number specifies which are this interface(s) belong to.
Area 0 is the backbone.

For serial interfaces, the bandwidth defaults to 1,544 Kbps. Since OSPF uses cost
(bandwidth inverse) as a metric, you’ll want to change this metric on serial interfaces that
are clocked differently (bandwidth command). The following table shows the default
cost values for OSPF interfaces:

Interface 56 Kbps 64 Kbps T1 Ethernet Fast Ethernet

Cost 1,785 1,652 64 10 1

To see your router’s ID as well as the ID of the DR and BDR, use the show ip ospf
interface command. This also displays the hello (10) and dead (40) timer values, the
number of neighbors, as well as the number of OSPF adjacencies. To see a list of
neighbors, use the show ip ospf neighbor command, which displays the neighbors,
their states, their IDs, and the interface they are connected to.

Cisco’s EIGRP (Enhanced IGRP) is a hybrid of IGRP. It uses the same metrics
(bandwidth, delay, reliability, load, and MTU), but is more scalable. It uses multicasts
( and incremental updates to reduce the amount of bandwidth for routing
updates. It is classless and supports VLSM and route summarization. It can route for
three routed protocols: IP, IPX, and AppleTalk. EIGRP uses the DUAL algorithm to
build a loop-free topology. EIGRP routers generate multicast hellos every 5 seconds on
LAN interfaces. They use the hellos to build neighbor relationships and as a keep-alive
function. Other message types include update, query, reply, and acknowledgement.
Whenever routing information is shared, an acknowledgement is shared to verify receipt
of the update.

EIGRP has more overhead than IGRP. It has a neighbor table, which lists the adjacencies
that have been built with other tables, and a topology table, which contains a list of all
routes and paths to reach these routes (basically a copy of each neighbor’s routing table).
For each routed protocol EIGRP is routing for, the router maintains a separate set of
EIGRP neighbor, topology, and routing tables. In the topology table, a successor route
has the best path to reach the destination. DUAL takes the successor routes in the
topology table and builds the routing table. A feasible successor is a valid backup path to
reach a destination (has a worse metric than a successor, but is not part of a routing loop).
If a successor route fails, DUAL can immediately take a feasible successor backup route
and plug it into the routing table, speeding up convergence. An advertised distance of a
route is the metric a neighbor advertises for a route. When this route is received on a
router’s interface, the router increments the metric, resulting a value called the feasible
distance. For a route to be considered a feasible successor, its advertised metric must be
less than the current successor route’s feasible distance.

Configuring EIGRP is just like configuring IGRP. Use the router eigrp command,
along with the autonomous system number. Routers in different AS numbers will not
share routing updates; however an IGRP and EIGRP router in the same AS will share
routes with each other. To specify the interfaces that participate in EIGRP, use the
network command--even through EIGRP is classless, configure it as a classful protocol.
In other words, enter the classful network number with the network command. When
looking at the routing table with the show ip route command, EIGRP routes show up
as a “D”.

Chapter 12: Advanced IP Addressing
VLSM (Variable Length Subnet Masking) provides two advantages: provides for more
efficient use of your address space and allows you to perform route summarization.
VLSM requires a routing protocol to be classless. Basically, VLSM is taking a class
network, subnetting it once, and then taking a subnet, and subnetting it further. This
process can be repeated. In other words, you can have more than one subnet mask for a
network number.

To perform VLSM, use these steps: (1) Find the segment with the largest number of
devices; (2) Find the appropriate subnet mask for this segment; (3) Write down the list of
network numbers created by this mask; (4) For a smaller segment, take one of the
subnetted network numbers and apply a different, yet appropriate, mask to it; (5) Write
down your subnetted subnets. If you need even smaller segments, go back to step 4.

Where VLSM extends the networking bits to the right, route summarization brings them
back to the left. Route summarization takes a bunch of contiguous networks (with the
high-order bits in common) and advertises the summarized route with a new subnet mask
value (that covers the range of subnets). This, route summarization reduces the sizes of
routing tables, the sizes of routing updates, and contain networking problems within
defined boundaries. Classless Interdomain Routing (CIDR), or supernetting, takes VLSM
one step further. VLSM can only summarize back to the class network boundary (A, B,
or C). CIDR allows you to summarize class network numbers, like multiple Class C

If you use hierarchical addressing, you gain the following benefits: more efficient
routing, reduced routing table sizes and decreased memory with route summarization,
simplified troubleshooting, and less routing traffic.

When setting up route summarization, remember that the routing protocol must carry the
subnet mask with the routing entry, routers make routing decisions based on all 32 bits of
the destination address, and summarized routes must have the same highest-order
matching bits.

Classless protocols support discontiguous subnets because their routing updates carry the
subnet mask with them. Classful protocols, however, don’t support discontiguous
subnets: they only advertise network numbers…not subnet masks.

Chapter 13: IP Access-Lists
Access control lists (ACLs) are used for many purposes, include the filtering of traffic on
interfaces. These are basically a group of statements that define policies. Each group of
ACL statements is differentiated by assigning it a unique name or number. When an ACL
is applied inbound, the ACL is processed first before any further processing is performed
on inbound traffic. When an ACL is applied outbound, traffic is first routed to the
interface and then the ACL is processed to determine if it is allowed or denied. Standard
IP ACLs can filter only on the source IP address, while extended IP ACLs can filter on
source and destination addresses, IP protocol, and IP protocol information, like ICMP
message types and UDP and TCP port numbers. Standard IP ACLs use numbers from 1-
99 and 1,300-1,999 while extended IP ACLs use numbers from 100-199 and 2,000-2,699.

When a match occurs against a statement, an ACL can either permit or deny the packet.
The order of the statements is important because ACLs are processed top-down, starting
with the first statement; once a match is found, no further statements are processed. If the
last ACL statement is process and no match is found, the packet is dropped (this is called
the implicit deny statement). Therefore, an ACL should have at least one permit
statement to make sense.

Because order is important, place the most restrictive statements at the top and the least
restrictive statements at the bottom. When applied to an interface, a router cannot filter
traffic itself creates. Plus, if you apply an empty ACL to an interface (no ACL entries),
all traffic is permitted by default--you need at least one statement in the ACL for the
implicit deny to function. Only one ACL, per protocol, can be applied to one direction
on an interface: in other words, you can’t apply two IP ACLs inbound on the same
interface, but could have an IP ACL applied in and out.

To activate an IP ACL on an interface, us the ip access-group command and specify

either in or out out. When setting up ACLs, place standard ACLs as close to the
destination devices as possible. When using extended ACLs, place them as close to the
source devices as possible.

To edit an ACL, perform the following steps: (1) Execute the show running-config
command and copy your ACL statements; (2) Paste the commands in a text editor and
edit them; (3) Remove the ACL from the interface with the no ip access-group
ACL_# in|out command; (4) Delete the old ACL: no access-list ACL_#; (5)
Copy and paste the text editor ACL back into the router; (6) Reapply the ACL to the
interface with the ip access-group command.

ACL entries use wildcard masks to match against bits in the addresses of packets. A 0 in
a wildcard mask bit means it must match and a 1 means it doesn’t have to match. To
create a wildcard mask, take the corresponding subnet mask and invert it. The trick to
doing this is subtracting each octet in the subnet mask from 255. For example would result in a wildcard mask of For instance, to match on

all addresses, use this:, which is represented as any. To match
on a specific address, use a wildcard mask of

To create a standard IP ACL, use this command: access-list 1-99|1600-1999

permit|deny source_IP_address [wildcard_mask] [log]. If you omit the
wildcard mask, it defaults to (an exact match). If you want to restrict telnet access
to a router, create a standard ACL and list the IP addresses that are allowed, and then
apply this ACL to your router’s VTY lines with the access-class in command.

To create an extended IP ACL, use this command: access-list 100-199|2000-

2699 permit|deny IP_protocol source_address source_wildcard_mask
[protocol_information] destination_address
destination_wildcard_mask [protocol_information] [log]. Note that you
must specify both the source and destination addresses and wildcard masks. For TCP or
UDP, use the tcp or udp protocol parameters. With TCP traffic, using the
established parameter allows you to filter on TCP control information, like the ACK
and RST bits--basically is allows or denies connections with these set. You can also
specify operators (eq, neq, range, lt, gt) and port numbers (or names) for the source
and/or destination. To filter on ICMP traffic, specify the echo protocol. To filter on a
specific ICMP message type, specify the type, like these: administratively-
prohibited, echo, echo-reply, host-unreachable, net-unreachable, and

To create a standard named ACL, use the following configuration:

Router(config)# ip access-list standard ACL_name
Router(config-std-acl)# permit|deny source_IP_address

For an extended named ACL, use the following configuration:

Router(config)# ip access-list extended ACL_name
Router(config-ext-acl)# permit|deny IP_protocol
source_IP_address wildcard_mask [protocol_information]
destination_IP_address wildcard_mask [protocol_information] [log]

Note that you are taken into a Subconfiguration mode with either of the above two

The show ip interfaces and show running-config commands display if you

have applied an ACL to an interface. To list all your ACLs and statements on a router,
use the show access-lists command. To only list IP ACLs, use the show ip
access-list command.

Chapter 14: Additional IP Features
Private IP addresses are defined in RFC 1918 and include 3 classes of addresses: A
(, B (, and C ( You can only
use these addresses in a private network. To access the Internet, these addresses must be
translated by a translation device. You might need to use address translation if: your ISP
didn’t assign you enough public addresses an you had to use private ones; you are using
public addresses, change ISPs, and your new ISP won’t support your public address
space; you merge two companies together that are using the same, overlapping, address
space; you want to assign the same IP address to multiple machines such that the Internet
sees these machines as one logical device.

Address translation has many terms. Local refers to an address used by a device on the
inside of your network. Global refers the address that represents the local device as the
packet leaves your network (has been translated). Typically, an inside local IP address is
a device with an associated private address and an inside global IP address is a device
with an associated public address.

With NAT, one IP address is translated to another. With PAT (address overloading),
many IP addresses are translated one IP address, and port numbers are used to
differentiate the inside devices. PAT supports up to 4,000 devices using the same address.
Port address redirection allows you to redirect traffic to a specific address (or port) to a
different address (or port)--this is used when your ISP only assigns you a single public IP
address, and you need to allow outside access to internal resources. With static
translation, you manually configure the translation on the address translation device; with
dynamic, the address translation device performs the translation automatically.

Address translation advantages include an almost inexhaustible number of addresses at

your disposal, the ability to hide your internal network addressing design, tighter control
over traffic entering and leaving your network, and the ability to more easily change ISPs
or merge with other networks. Address translation disadvantages include difficult
troubleshooting, added delay to connections, and not all applications support, like
multimedia and NetBIOS.

To create a static NAT translation, use this command: ip nat inside|outside

source static. To create a dynamic NAT translation, use these commands: ip nat
pool and ip nat inside source list. To perform PAT with global addresses, add
the overload parameter to the ip nat pool command. To activate address
translation, you must specify which interfaces are internal and external with the ip nat
inside|outside Interface commands. To view the entries in your router’s address
translation table, use the show ip nat translations command. To clear dynamic
entries from this table, use the clear ip nat translations command. To see the
router actually perform address translation, use the debug ip nat command.

DHCP provides these advantages: reduces configuration errors, reduces the amount of
configuration, and centralizes IP addressing information. When a DHCP client goes
through four steps when requiring addressing information: Client generates a
DHCPDISCOVER; (2) All servers respond back with a DHCPOFFER; (3) Client accepts
one of the offers with a DHCPREQUEST; (4) The server acknowledges the lease of the
address with a DHCPACK.

To enable your router to become a DHCP server, use the service dhcp command.
DHCP servers can assign IP addresses, subnet masks, default gateway addresses, DNS,
TFTP, and WINS server addresses, and a domain name. To have your router use DHCP
to acquire addressing information, use the ip address dhcp Interface command.

Chapter 15: WAN Introduction
The most important factor when choosing a WAN service is typically cost. The CPE
(Customer Premises Equipment) is your networking equipment, including your router
and modem/NT1/CSU/DSU. The demarcation point is the boundary where the carrier’s
responsibility stops and yours begins. The local loop is the connection from the carrier to
the demarcation point. The CO (central office) is the carrier’s switch at the local office
and the toll network is the infrastructure the carrier uses to support your connection.

There are four types of WAN services: leased lines (dedicated), circuit-switched
connections (ISDN and analog), packet-switched connections (Frame Relay and X.25),
and cell-switched connections (ATM and SMDS). Leased lines are used for short-
distance connections where you need guaranteed bandwidth for a constant amount of
traffic. Circuit-switched connections are used to backup primary connections, provide
access for SOHO users, and provide temporary bandwidth boosts. In the US, analog
connections are restricted to 53 Kbps by the FCC. Packet/cell-switched services are used
when your router has a single WAN interface, but needs to connect to multiple devices.

HDLC is based on ISO standards and supports synchronous and asynchronous

connections. SDLC, developed by IBM, is used in IBM SNA environments. LAPB is
used by X.25 and has error detection and correction. LAPF is used by Frame Relay. PPP
is an open standard typically used for dialup and dedicated connections. HDLC is the
default encapsulation on Cisco synchronous serial interfaces. This is proprietary to Cisco-
-Cisco added a field to ISO’s HDLC header (up and down status); in other words, Cisco’s
HDLC only works with other Cisco devices. To set the encapsulation to HDLC on a
serial interface, execute encapsulation hdlc. To view the encapsulation used on
your serial interfaces, use the show interfaces command. If two sides are configured
with different encapsulations, the interface status will be “up and down”.

PPP is an open standard that dynamically configures connections, authenticates remove

devices, compresses packet headers, tests the quality of links, performs error detection
(and correction), and supports bundling of multiple physical connections into a logical
channel. PPP has two components: LCP and NCP. LCP sets up and maintains a PPP
connection, including authentication, if configured. NCP negotiates the protocols that
will be encapsulated in PPP frames, like IP and CDP.

To specify PPP as a frame type on an interface, execute the encapsulation ppp

command. Upon a successful LCP and NCP negotiation, protocols listed in the output of
the show interfaces command should be listed as “open”. To troubleshoot LCP and
NCP problems, use the debug ppp negotiation command.

PPP supports two authentication protocols: PAP and CHAP. PAP sends the username and
password across the connection in clear text while CHAP sends an output hashed value
created by the MD5 hash function. PAP uses a two-way handshake while CHAP uses a
three-way handshake when performing authentication. To build a local authentication

database, use the username command. To enable authentication, use the ppp
authentication pap|chap Interface command. If you are experiencing problems
with authentication, use the debug ppp authentication command

Chapter 16: Frame Relay
To figure out the number of connections or circuits you need to fully mesh a network, use
this formula: (N * (N – 1)) / 2. Any solution that uses VCs (virtual circuits) is best used
when your router has a single interface, but needs to connect to multiple destinations.
VCs are easier to provision and can more easily allot bandwidth to match than
channelized connections (TDM). A PVC is similar to a leased line and should be used
when you have constant data being sent. An SVC is similar to a circuit-switched
connection and should be used when you have small amounts of period data.

LMI (Local Management Interface) defines how a Frame Relay DTE (router) and DCE
interact (switch). There are three LMI standards: Cisco (Gang of Four), ITU-T’s Q.933
Annex A, and ANSI’s Annex D. Every 10 seconds, a Cisco router generates an LMI
status enquiry and the switch will respond back, if there. On every 6 th message, the router
asks for a full status update of all of the VCs the router is connected to.

A DLCI (data link connection identifier) defines the address of a VC. These addresses are
locally significant and can be different on different WAN segments. Switches take care of
the conversion of DLCI numbers in this instance. Certain DLCI numbers are reserved for
management purposes. ANSI’s Annex D and ITU-T’s Annex A LMI use DLCI 0 and
Cisco’s LMI uses 1,023. When connecting to Frame Relay DTEs together, if the carrier’s
infrastructure is ATM, the FRF.5 Networking Interworking is used. However, if one DTE
uses Frame Relay, and the carrier and the other DTE uses ATM, FRF.8 Service
Interworking is used for the connection.

The access rate is the physical speed of the connection from your router to the carrier.
CIR (committed access rate) is the guaranteed data rate for a VC. BC (committed burst
rate) is a higher average data rate allowed by the carrier for your VC, but over a smaller
period than CIR. As long as your data rate stays within these parameters, the carrier will
not mark the DE (discard eligible) bit in the frame header, lowering the priority for your
nonconforming traffic. BE (excessive burst rate) is the maximum data rate the carrier will
service your VC: if you exceed this the carrier drops your frames. When your total of the
accumulated CIR values of your VCs on an interface exceed the access rate, you have an
oversubscription problem: you are betting that all VCs will run slower, on average, than
their configured CIRs.

FECN and BECN (forward and backward explicit congestion notification) are used to
indicate congestion on a VC. When traffic is traveling to a destination, and the carrier
experiences congestion, the carrier can mark the FECN bit in the frame header. When the
destination receives the frame, it responds back to the source with a BECN. This
indicates to the source that there is congestion from the source to the destination, and
allows the source to slow down its traffic rate for the VC.

To configure Frame Relay on your serial interface, use the encapsulation frame-
relay [cisco|ietf] command. There are two supported encapsulations: Cisco’s and
IETF’s. Cisco’s is the default, but use IETF for vendor interoperability. As of IOS 11.2,

Cisco routers can autosense the LMI type used by the carrier. You can also hardcode the
LMI type with the frame-relay lmi-type cisco|ansi|q933a command. Use
either the show frame-relay lmi or show interfaces command to verify your
LMI configuration and operation. To see the actual LMI messages sent and received, use
the debug frame-relay lmi command.

You can resolve layer-3 to DLCI numbers via static configuration or Inverse ARP. With
a static definition, you use the frame-relay map command. This command requires
you to specify the protocol, destination layer-3 address, and local DLCI number to use to
reach the destination. By default broadcasts don’t traverse a manually resolve VC unless
you add the broadcast parameter.

Inverse ARP will dynamically determine the layer-3 address the destination is using on a
VC. It is automatically enabled and occurs every 60 seconds. When the destination
responds back, the source examines the DLCI number in the frame to determine what VC
to use to reach the destination. Before Inverse ARP occurs, the VC must be in an active
state. There are three states for a VC: active, inactive, and deleted. An active VC is
operational between both DTE endpoints. An inactive VC is active between the DTE and
some part of the carrier’s network, but not to the destination DTE. A deleted VC has lost
communications with the local DCE (you are no longer receiving LMI replies from the
carrier’s switch). To view the statuses of your VCs, use the show frame-relay pvc
command. To see both the dynamic and statically configured resolutions for VCs, use the
show frame-relay map command.

NBMA (Non-Broadcast Multi-Access) is an environment where many devices are

connected together, but it doesn’t support a traditional broadcast environment like
Ethernet in a LAN. NBMA occurs in environments that use VCs. To emulate a broadcast
environment, devices replicate a broadcast across each VC they are connected to. This
can create a problem if the network is not fully meshed--in this case, not all devices
receive the broadcast. With distance vector protocols that use broadcasts to disseminate
routing updates, this presents reachability problems because of split horizon. If A is
attached to B and C, but B and C don’t have a VC between them, when B generates a
routing update, only A sees it--A can’t forward it to C because of the split horizon rule.
To overcome this problem, use one of these four solutions: Use a fully meshed, instead of
a partially meshed, network; Use static routes; Disable split horizon; use Subinterfaces on
the hub router in the hub-and-spoke design. The recommended approach is subinterfaces.

When creating a subinterface, use the: interface serial #.subinterface_#

point-to-point|multipoint. Multipoint subinterfaces have the same split horizon
problem that partially meshed environments encounter. The main problem of using point-
to-point subinterfaces is that each point-to-point connection requires its own network
number. When using subinterfaces, only the encapsulation frame-relay and
frame-relay lmi-type commands are configured on the physical interface--all other
configurations are done on the subinterfaces. If you are using Inverse ARP, specify the
DLCI(s) associated with the subinterface by using the frame-relay interface-
dlci command; for manual resolution, use the frame-relay map command.

Chapter 17: ISDN
ISDN (Integrated Services Digital Network) is a group of standards that define how voice
and data connections can be dynamically set up across digital circuits. ISDN is better
than analog modem connections because it has a faster setup time (1 second), supports
multiple services (data, video, and voice), and has guaranteed data rates.

A DS0 is the smallest type of channelized connection and is clocked at 64Kbps. A DS1
comes in two flavors: T1 (24 DS0s, clocked at 1.544 Mbps) and E1 (32 DS0s, clocked at
2.048 Mbps). T1s are common in North America while E1s are popular in Europe and
most of the rest of the world. ISDN supports two connections: BRI (Basic Rate Interface)
and PRI (Primary Rate Interface). This table compares the two:

Connection BRI PRI T1 PRI E1

Bearer Channels 2 23 30
Signaling Channels 1 1 2
Total Bandwidth 192 Kbps 1.054 Kbps 2.048 Kbps

B (Bearer) channels are used to transport user information and D (signaling) channels are
used to set up and tear down connections. Each channel is a DS0 (64 Kbps). The BRI’s D
channel is broken into two components: 16 Kbps is used for signaling and 48 Kbps is
used for framing, clocking, and synchronization.

ITU-T’s Q.921 signaling data link layer protocol is used for an ISDN user device and a
carrier’s ISDN Switch to communicate with each other. LAPD is the frame format used
by this standard, which is based on HDLC. ITU-T’s Q.931 standard defines how ISDN
phone calls are made and torn down.

A TE1 is an ISDN end-user device with a native ISDN interface (BRI or PRI), which
connects to an NT1 or NT2. A TE2 has a non-native ISDN interface and needs a TA
(Terminal Adapter) to connect to a NT1 or NT2. An NT2 is used to connect multiple
ISDN end-user devices together and connects to an NT1. An NT1 connects to the carrier
and coverts the carrier’s 2-wire connection to an ISDN 4-wire connection. The NT1 and
NT2 are typically in the same chassis. The LE (Local Exchange) is the connection
between your NT1 and the carrier’s ISDN switch.

The “R” reference point is the connection between a TE2 and a TA. The “S” reference
point is the connection between a TA or TE2 to a NT2. The “T” reference point is the
connection between the NT2 and NT1. The “U” reference point is the connection
between the NT1 and LE. If an interface is labeled “S/T”, this means that it has a native
ISDN interface with a built-in NT1.

To configure the ISDN switch globally or on an interface, use the isdn switch-type
command. You need to use the switch type that the carrier switch is emulating. The
interface configuration overrides the global setting. If your carrier is using a National

ISDN-1 or Nortel DMS-100 switch, you might have to configure SPIDs for your two B
channels in your BRI by using the isdn spid1|spid2 command.

If you have a PRI, you must first configure your T1 or E1 controller interface. To access
it, use the controller command and use the framing, linecode, clock source,
pri-group, and no shutdown commands. T1s typically use ESF framing and B8ZS
linecoding while E1s use CRC4 and HDB3. The pri-group command specifies which
channels in the T1 or E1 that you can use. All other configurations, like the ISDN switch
type and addressing, are done under a logical serial interface: interface serial
port_#:23|15. 15 is used to signify the signaling channel on an E1 and 23 for a T1.

To see the data link layer status of the ISDN connection between you and the carrier, use
the show isdn status command. For Q.921, if you see
MULTIPLE_FRAME_ESTABLISHED, then the data link layer is functioning correctly.

DDR (Dial-on Demand Routing) should be used for backing up a primary WAN
connection, short and temporary phone calls, and situations where traffic is periodic with
little bandwidth. When using DDR, your router goes through 4 steps to set up a phone
connection: (1) Router checks an incoming packet to destinations in its routing table and
determines if it the destination is the DDR interface; (2) For DDR interfaces, the router
checks to make sure that the traffic is interesting; (3) For interesting traffic, the router
will make a phone call to the destination if one isn’t already established; (4) The router
switches traffic out of the DDR interface.

To prevent a routing protocol from triggering phone calls, you typically use static routes
(ip route) and dialer-lists. Dialer-lists are used to define interesting traffic (dialer-
list command). They are activated on a router’s DDR interface with the dialer-
group command. For legacy DDR, use the dialer map Interface command to define
the destination to call. With this command, you specify the layer-3 protocol and
destination address of the remote router, the phone number to call, if broadcasts are
allowed (optional), a remote device name (used with PPP PAP or CHAP--optional), and
the speed of the link (optional).

DDR connections have a default idle timeout of 120 seconds. The timeout measures
interesting traffic denoted in the dialer-list commands. If no interesting traffic
traverses the circuit, it will be torn down after the idle timeout is reached. Please note that
once a circuit is established, both interesting and non-interesting traffic can traverse it,
but only interesting traffic can keep it up. A default fast idle time of 10 seconds can be
used to prematurely terminate a currently idle B channel to establish a phone call for a
new connection. You can also have DDR bring up a second channel when bandwidth
becomes saturated on the first B channel with the dialer load-threshold command.
A value of 1 represents 1%, 128 50%, and 255 100% load.

The show dialer command displays all currently active phone calls (analog and
digital) while the show isdn active command only displays active ISDN calls. The
debug dialer command displays when traffic triggers or terminates any type of phone

call and the debug isdn q931 command displays when traffic triggers or terminates an
ISDN phone call.

Legacy DDR has limitations that dialer profiles address. Dialer profiles allow a physical
interface to be shared by multiple logical DDR interfaces, allow multiple dialup
interfaces to backup a primary WAN connection, and don’t require a separate dialer
map command for each protocol/destination combination.

Dialer profiles require you to create a logical DDR interface with the interface
dialer command. All DDR configurations and addressing are configured here. The
dialer remote-name command configures the name of the remote router and must be
configured first; it is used by PAP or CHAP for authentication. The dialer string
command specifies the phone number to dial and the dialer pool command specifies
which physical interfaces can be used by this logical DDR interface.

With dialer profiles, no layer-3 addressing is configured on the physical interfaces--only

encapsulation information. The dialer pool-member command specifies which
logical DDR interfaces can use this physical interface for dialup connections. The
number specified in this command needs to match the number in the dialer interface’s
dialer pool command.