<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>CCNA Training » CCNA Knowledge</title>
<atom:link href="http://www.9tut.com/category/ccna-knowledge/feed" rel="self" type="application/rss+xml" />
<link>http://www.9tut.com</link>
<description>CCNA Training with Questions, Answers and Explanations</description>
<lastBuildDate>Tue, 26 May 2015 00:43:33 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<generator>http://wordpress.org/?v=3.9.6</generator>
<item>
<title>Simple Network Management Protocol SNMP Tutorial</title>
<link>http://www.9tut.com/simple-network-management-protocol-snmp-tutorial</link>
<comments>http://www.9tut.com/simple-network-management-protocol-snmp-tutorial#comments</comments>
<pubDate>Mon, 16 Jun 2014 17:40:32 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=2206</guid>
<description><![CDATA[Building a working network is important but monitoring its health is as important as building it. Luckily we have tools to make administrator’s life easier and SNMP is one among of them. SNMP presents in most of the network regardless of the size of that network. And understanding how SNMP works is really important and […]]]></description>
<content:encoded><![CDATA[<p>Building a working network is important but monitoring its health is as important as building it. Luckily we have tools to make administrator’s life easier and SNMP is one among of them. SNMP presents in most of the network regardless of the size of that network. And understanding how SNMP works is really important and that what we will learn in this tutorial.</p>
<p><span class="blueandbold">Understand SNMP</span></p>
<p>SNMP consists of 3 items:</p>
<p>+ <strong>SNMP Manager</strong> (sometimes called Network Management System – NMS): a software runs on the device of the network administrator (in most case, a computer) to monitor the network.<br /> + <strong>SNMP Agent:</strong> a software runs on network devices that we want to monitor (router, switch, server…)<br /> + <strong>Management Information Base</strong> (MIB): is the collection of managed objects. This components makes sure that the data exchange between the manager and the agent remains structured. In other words, MIB contains a set of questions that the SNMP Manager can ask the Agent (and the Agent can understand them). MIB is commonly shared between the Agent and Manager.</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/SNMP/SNMP_Components.jpg" alt="SNMP_Components.jpg" width="438" height="239" /></p>
<p><span id="more-2206"></span></p>
<p>For example, in the topology above you want to monitor a router, a server and a Multilayer Switch. You can run SNMP Agent on all of them. Then on a PC you install a SNMP Manager software to receive monitoring information. SNMP is the protocol running between the Manager and Agent. SNMP communication between Manager and Agent takes place in form of messages. The monitoring process must be done via a MIB which is a standardized database and it contains parameters/objects to describe these networking devices (like IP addresses, interfaces, CPU utilization, …). Therefore the monitoring process now becomes the process of GET and SET the information from the MIB.</p>
<p><span class="blueandbold">SNMP Versions</span></p>
<p>SNMP has multiple versions but there are three main versions:</p>
<p>+ <strong>SNMP version 1</strong><br /> + <strong>SNMP version 2c</strong><br /> + <strong>SNMP version 3 </strong></p>
<p>SNMPv1 is the original version and is very legacy so it should not be used in our network. SNMPv2c updated the original protocol and offered some enhancements. One of the noticeable enhancement is the introduction of INFORM and GETBULK messages which will be explain later in this tutorial.</p>
<p>Both SNMPv1 and v2 did not focus much on security and they provide security based on <strong>community string</strong> only. Community string is really just a clear text password (without encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and interception. There are two types of community strings in SNMPv2c:</p>
<p>+ <strong>Read-only (RO)</strong>: gives read-only access to the MIB objects which is safer and preferred to other method.<br /> + <strong>Read-write (RW)</strong>: gives read and write access to the MIB objects. This method allows SNMP Manager to change the configuration of the managed router/switch so be careful with this type.</p>
<p>The community string defined on the SNMP Manager must match one of the community strings on the Agents in order for the Manager to access the Agents.</p>
<p>SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups. This is achieved by implementing three new major features:<br /> + <strong>Message integrity:</strong> ensuring that a packet has not been modified in transit.<br /> + <strong>Authentication:</strong> by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network.<br /> + <strong>Privacy (Encryption):</strong> by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.</p>
<p>Note: Although SNMPv3 offers better security but SNMPv2c however is still more common. Cisco has supported SNMPv3 in their routers since IOS version 12.0.3T.</p>
<p>In the next part we will learn the SNMP messages used in each version.</p>
<p><span class="blueandbold">SNMP Messages</span></p>
<p>SNMP Messages are used to communicate between the SNMP Manager and Agents. SNMPv1 supports five basic SNMP messages:</p>
<p>+ <strong>SNMP GET</strong><br /> + <strong>SNMP GET-NEXT</strong><br /> + <strong>SNMP GET-RESPONSE</strong><br /> + <strong>SNMP SET</strong><br /> + <strong>SNMP TRAP</strong></p>
<p>In general, the GET messages are sent by the SNMP Manager to retrieve information from the SNMP Agents while the SET messages are used by the SNMP Manager to modify or assign the value to the SNMP Agents.</p>
<p>Note: GET-NEXT retrieves the value of the next object in the MIB.</p>
<p>The GET-RESPONSE message is used by the SNMP Agents to reply to GET and GET-NEXT messages.</p>
<p>Unlike GET or SET messages, TRAP messages are initiated from the SNMP Agents to inform the SNMP Manager on the occurrence of an event. For example, suppose you want to be alarmed when the CPU usage of your server goes above 80%. But it would be very annoying if the administrator has to actively use the GET message to check the CPU usage from time to time. In this case, the TRAP message is very suitable for that purpose because the administrator would only be informed from the CPU itself when that event occurs. The figure below shows the direction of SNMP messages:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/SNMP/SNMP_Messages_Flow.jpg" alt="SNMP_Messages_Flow.jpg" width="438" height="239" /></p>
<p>From SNMPv2c, two new messages were added: INFORM and GETBULK.</p>
<p><strong>INFORM</strong>: An disadvantage of TRAP message is unreliable. SNMP communicates via UDP so it is unreliable because when the SNMP Agents send TRAP message to the SNMP Manager it cannot know if its messages arrive to the SNMP Manager. To amend this problem, a new type of message, called INFORM, was introduced from SNMPv2. With INFORM message, the SNMP Manager can now acknowledge that the message has been received at its end with an SNMP response protocol data unit (PDU). If the sender never receives a response, the INFORM can be sent again. Thus, INFORMs are more likely to reach their intended destination.</p>
<p><strong>GETBULK</strong>: The GETBULK operation efficiently retrieve large blocks of data, such as multiple rows in a table. GETBULK fills a response message with as much of the requested data as will fit.</p>
<p>Note: There is no new message types on SNMPv3 compared to SNMPv2c.</p>
<p><span class="blueandbold">SNMP Configuration</span></p>
<p>In the last part we will go through a simple SNMP configuration so that you can have a closer look at how SNMP works. SNMPv2c is still more popular than SNMPv3 so we will configure SNMPv2c.</p>
<p><strong>1. Configure a community string</strong></p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#snmp-server community 9tut ro</td>
</tr>
</tbody>
</table>
<p>In this case our community string named “9tut”. The <strong>ro</strong> stands for read-only method.</p>
<p><strong>2. Configure the IP address of a host receiver (SNMP Manager) for SNMPv2c TRAPs or INFORMs</strong></p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#snmp-server host 10.10.10.12 version 2c TRAPCOMM</td>
</tr>
</tbody>
</table>
<p>“TRAPCOMM” is the community string for TRAP.</p>
<p><strong> 3. Enable the SNMP Traps</strong></p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#snmp-server enable traps</td>
</tr>
</tbody>
</table>
<p>If we don’t want to enable all trap messages we can specify which traps we want to be notified. For example, if you only want to receive traps about link up/down notification type then use this command instead:</p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#snmp-server enable traps link cisco</td>
</tr>
</tbody>
</table>
<p>Of course we have to configure an SNMP Manager on a computer with these community strings so that they can communicate.</p>
<p>Good resource and reference: <a href="http://docwiki.cisco.com/wiki/Simple_Network_Management_Protocol" target="_blank">http://docwiki.cisco.com/wiki/Simple_Network_Management_Protocol</a>.</p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/simple-network-management-protocol-snmp-tutorial/feed</wfw:commentRss>
<slash:comments>47</slash:comments>
</item>
<item>
<title>Syslog Tutorial</title>
<link>http://www.9tut.com/syslog-tutorial</link>
<comments>http://www.9tut.com/syslog-tutorial#comments</comments>
<pubDate>Thu, 22 May 2014 17:02:03 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=2162</guid>
<description><![CDATA[As an administrator of a network, you have just completed all the configuration and they are working nicely. Now maybe the next thing you want to do is to set up something that can alert you when something goes wrong or down in your network. Syslog is an excellent tool for system monitoring and is […]]]></description>
<content:encoded><![CDATA[<p>As an administrator of a network, you have just completed all the configuration and they are working nicely. Now maybe the next thing you want to do is to set up something that can alert you when something goes wrong or down in your network. Syslog is an excellent tool for system monitoring and is almost always included in your distribution.</p>
<p><span class="blueandbold">Places to store and display syslog messages</span></p>
<p>There are some places we can send syslog messages to:</p>
<table border="1">
<tbody>
<tr>
<td><strong>Place to store syslog messages</strong></td>
<td><strong>Command to use</strong></td>
</tr>
<tr>
<td>Internal buffer (inside a switch or router)</td>
<td>logging buffered [size]</td>
</tr>
<tr>
<td>Syslog server</td>
<td>logging</td>
</tr>
<tr>
<td>Flash memory</td>
<td>logging file flash:filename</td>
</tr>
<tr>
<td>Nonconsole terminal (VTY connection…)</td>
<td>terminal monitor</td>
</tr>
<tr>
<td>Console line</td>
<td>logging console</td>
</tr>
</tbody>
</table>
<p>Note: If sent to a syslog server, messages are sent on UDP port 514.</p>
<p>By default, Cisco routers and switches send log messages to the console. We should use a syslog server to contain our logging messages with the <span class="pinkandbold">logging </span> command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.</p>
<p><span id="more-2162"></span></p>
<p><span class="blueandbold">Syslog syntax</span></p>
<p>A syslog message has the following format:</p>
<table border="1">
<tbody>
<tr>
<td><strong>seq no:timestamp%FACILTY-SEVERITY-MNEMONIC</strong>: message text</td>
</tr>
</tbody>
</table>
<p>Each portion of a syslog message has a specific meaning:<br /> + <strong>S</strong><strong>eq no</strong>: a sequence number only if the <span class="pinkandbold">service sequence-numbers</span> global configuration command is configured<br /> + <strong>T</strong><strong>imestamp</strong>: Date and time of the message or event. This information appears only if the <span class="pinkandbold">service timestamps</span> global configuration command is configured.<br /> + <strong>FACILITY</strong>: This tells the protocol, module, or process that generated the message. Some examples are SYS for the operating system, IF for an interface…<br /> + <strong>SEVERITY</strong>: A number from 0 to 7 designating the importance of the action reported. The levels are:</p>
<table border="1">
<tbody>
<tr>
<td><strong>Level</strong></td>
<td><strong>Keyword</strong></td>
<td><strong>Description</strong></td>
</tr>
<tr>
<td>0</td>
<td>emergencies</td>
<td>System is unusable</td>
</tr>
<tr>
<td>1</td>
<td>alerts</td>
<td>Immediate action is needed</td>
</tr>
<tr>
<td>2</td>
<td>critical</td>
<td>Critical conditions exist</td>
</tr>
<tr>
<td>3</td>
<td>errors</td>
<td>Error conditions exist</td>
</tr>
<tr>
<td>4</td>
<td>warnings</td>
<td>Warning conditions exist</td>
</tr>
<tr>
<td>5</td>
<td>notification</td>
<td>Normal, but significant, conditions exist</td>
</tr>
<tr>
<td>6</td>
<td>informational</td>
<td>Informational messages</td>
</tr>
<tr>
<td>7</td>
<td>debugging</td>
<td>Debugging messages</td>
</tr>
</tbody>
</table>
<p>Note: You can remember the order above with the sentence: “<strong>E</strong>ventually <strong>A</strong>ll <strong>Critical Errors W</strong>ill <strong>N</strong>ot <strong>I</strong>nvolve <strong>D</strong>amage”.</p>
<p>The highest level is level 0 (emergencies). The lowest level is level 7. To change the minimum severity level that is sent to syslog, use the <span class="pinkandbold">logging trap <em>level</em></span> configuration command. If you specify a level, that level and all the higher levels will be displayed. For example, by using the <span class="pinkandbold">logging console warnings</span> command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed. Levels 0 through 4 are for events that could seriously impact the device, whereas levels 5 through 7 are for less-important events. By default, syslog servers receive informational messages (level 6).</p>
<p>+ <strong>MNEMONIC</strong>: A code that identifies the action reported.<br /> + <strong>message text</strong>: A plain-text description of the event that triggered the syslog message.</p>
<p>Let’s see an example of the syslog message:</p>
<table border="1">
<tbody>
<tr>
<td>39345: May 22 13:56:35.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down</td>
</tr>
</tbody>
</table>
<p>+ <strong>seq no</strong>: 39345<br /> + <strong>T</strong><strong>imestamp</strong>: May 22 13:56:35.811<br /> + <strong>FACILTY</strong>: LINEPROTO<br /> + <strong>SEVERITY level</strong>: 5 (notification)<br /> + <strong>MNEMONIC</strong>: UPDOWN<br /> + <strong>message text</strong>: Line protocol on Interface Serial0/0/1, changed state to down</p>
<p><span class="blueandbold">Syslog Configuration</span></p>
<p>The following example tells the device to store syslog messages to a server on 10.10.10.150 and limit the messages for levels 4 and higher (0 through 4):</p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#logging 10.10.10.150<br /> Router(config)#logging trap 4</td>
</tr>
</tbody>
</table>
<p>Of course on the server 10.10.10.150 we have to use a syslog software to capture the syslog messages sent to this server.</p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/syslog-tutorial/feed</wfw:commentRss>
<slash:comments>38</slash:comments>
</item>
<item>
<title>Gateway Load Balancing Protocol GLBP Tutorial</title>
<link>http://www.9tut.com/gateway-load-balancing-protocol-glbp-tutorial</link>
<comments>http://www.9tut.com/gateway-load-balancing-protocol-glbp-tutorial#comments</comments>
<pubDate>Sun, 04 May 2014 04:21:17 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=2117</guid>
<description><![CDATA[The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it […]]]></description>
<content:encoded><![CDATA[<p>The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group. In this tutorial, we will learn how GLBP works.</p>
<table border="1">
<tbody>
<tr>
<td>Note: Although we can partially configure load balancing via HSRP or VRRP using multiple groups but we have to assign different default gateways on the hosts. If one group fails, we must reconfigure the default gateways on the hosts, which results in extra administrative burden.</td>
</tr>
</tbody>
</table>
<p class="blueandbold">GLBP Election</p>
<p>When the routers are configured to a GLBP group, they first elect one gateway to be the Active Virtual Gateway (<strong>AVG</strong>) for that group. The election is based on the priority of each gateway (highest priority wins). If all of them have the same priority then the gateway with the highest real IP address becomes the AVG. The AVG, in turn, assigns a virtual MAC address to each member of the GLBP group. Each gateway which is assigned a virtual MAC address is called Active Virtual Forwarder (<strong>AVF</strong>). A GLBP group only has a maximum of four AVFs. If there are more than 4 gateways in a GLBP group then the rest will become Standby Virtual Forwarder (SVF) which will take the place of a AVF in case of failure. The virtual MAC address in GLBP is 0007.b400.xxyy where xx is the GLBP group number and yy is the different number of each gateway (01, 02, 03…).</p>
<table border="1">
<tbody>
<tr>
<td>Note: <br />
+ In this tutorial, the words “gateway” and “router” are use interchangeable. In fact, GLBP can run on both router and switch so the word “gateway”, which can represent for both router and switch, is better to describe GLBP. <br />
+ For switch, GLBP is supported only on Cisco 4500 and 6500 series.</td>
</tr>
</tbody>
</table>
<p>The gateway with the highest priority among the remaining ones is elected the Standby AVG (<strong>SVG</strong>) which will take the role of the AVG in the case it is down.</p>
<p><img class="aligncenter" alt="GLBP_topology.jpg" src="http://www.9tut.com/images/ccna_self_study/GLBP/GLBP_topology.jpg" width="375" height="236" /></p>
<p><span id="more-2117"></span></p>
<p>For example in the topology above suppose all of the gateways have the same priority and GLBP is turned on at the same time on all gateways (or they are configured with the preempt feature), R4 will be elected AVG because of its highest IP address 10.10.10.4. R3 will be elected SVG because of its second highest IP address (10.10.10.3). The AVFs are elected based on the weight so the four highest weight values would win for the four AVFs. In this case we only have four gateways so surely they are all elected AVFs. With GLBP, there is still one virtual IP address which is assigned by the administrator via the “glbp <group number> ip …” command (for example glbp 1 ip 10.10.10.100).</p>
<p class="blueandbold">How GLBP works</p>
<p><img class="aligncenter" alt="GLBP_topology_works.jpg" src="http://www.9tut.com/images/ccna_self_study/GLBP/GLBP_topology_works.jpg" width="400" height="236" /></p>
<p>After the election ends, R4 is both the AVG and AVF; R3 is SVG and AVF; R2 & R1 are pure AVFs. R4 assigned the MAC addresses of 0007.b4000101, 0007.b4000102, 0007.b4000103, 0007.b4000104 to R1, R2, R3, R4 respectively; we will abbreviate the MAC addresses as 01, 02, 03 and 04. Let’s see how GLBP works!</p>
<p>The default gateway of PC1, PC2 and PC3 were set to 10.10.10.100 so if they want to send traffic outside they have to send ARP Request first to their default gateway. They broadcast an ARP Request to ask “Hey, I need to know the MAC address of the guy 10.10.10.100!”. R4, which is the AVG, is responsible for answering the ARP Request. But the trick here is it does not always give the same answer to that question:</p>
<p>For PC1, R4 will answer “The MAC address of the guy 10.10.10.100 is <strong>01</strong>!”. <br />
For PC2, R4 will answer “The MAC address of the guy 10.10.10.100 is <strong>02</strong>!”.<br />
For PC3, R4 will answer “The MAC address of the guy 10.10.10.100 is <strong>03</strong>!”.<br />
For PC4, R4 will answer “The MAC address of the guy 10.10.10.100 is <strong>04</strong>!”.</p>
<p>As the result of this, PC1 will send the traffic to R1; PC2 will send traffic to R2; PC3 will send traffic to R3 and PC4 will send traffic to R4! And load balancing is achieved!</p>
<p class="blueandbold">When AVG fails</p>
<p>Everything is working smoothly then suddenly R4 (AVG) is down. What will happen now?</p>
<p>As we know R3 was chosen as SVG because of its second highest priority so when R4 is down, R3 becomes the new AVG and is responsible for forwarding traffic sent to the virtual MAC address of R4. In other words, R3 is now responsible for traffic from PC3 & PC4 with two MAC addresses 03, 04. Communication between R4 continues without disruption or change at the host side.</p>
<p><img class="aligncenter" alt="GLBP_topology_AVG_fails.jpg" src="http://www.9tut.com/images/ccna_self_study/GLBP/GLBP_topology_AVG_fails.jpg" width="400" height="236" /></p>
<p>Wait! Maybe you have a question to ask here. So how about the Switch? How can the switch forward the frames to the new SVG on another port? Remember that Switch saved the MAC 04 for the port connecting to R4. Well, the answer here is when the standby becomes the active it will send a gratuitous ARP reply to flush the CAM tables of the switches and the ARP cache of the hosts. So the switch will learn the new port for MAC 04.</p>
<p>Each AVF listens to others, if one AVF can no more forward traffic, all listening AVFs will compete to take the responsibility of the failed AVF vMAC along with its own (AVF with higher weighting wins).</p>
<p>To detect a gateway failure, GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222.</p>
<p>GLBP supports up to 1024 virtual routers (GLBP groups) per physical interface of a router.</p>
<p class="blueandbold">Load balancing algorithm</p>
<p>GLBP load sharing is done in one of three ways:</p>
<p><strong><strong>Round-robin load-balancing algorithm</strong>: </strong>Each router MAC is used sequentially to respond to ARP requests. This is the default load balancing mode in GLBP and is suitable for any number of end hosts<strong>.<br />
Weighted load-balancing algorithm</strong>: Traffic is balanced proportional to a configured weight. Each GLBP router in the group will advertise its weighting and assignment; the AVG will act based on that value. For example, if there are two routers in a group and R1 has double the forwarding capacity of router B, the weighting value of router A should be configured to be double the amount of R2.<br />
<strong>Host-dependent load-balancing algorithm</strong>: A given host always uses the same router.</p>
<p><span class="blueandbold">Interface Tracking</span></p>
<p>Like HSRP, GLBP can be configured to track interfaces. For example, if the WAN link from Router R4 is lost, GLBP detects the failure and decrements the router priority (when a tracked interface fails). The second router then becomes primary. This transition is transparent for the hosts.</p>
<p><img class="aligncenter" alt="GLBP_Interface_Tracking.jpg" src="http://www.9tut.com/images/ccna_self_study/GLBP/GLBP_Interface_Tracking.jpg" width="373" height="429" /></p>
<p class="blueandbold">GLBP Authentication</p>
<p>GLBP has three authentication types:<br />
+ No authentication<br />
+ MD5 authentication<br />
+ Plain text authentication</p>
<p>MD5 is the most security method so far. With this method, the same keys are configured on both ends. One end will send the encrypted key (called hash, using MD5) to the other. At the other side, the same key is also encrypted and compared with the receiving encrypted key. If the two encrypted keys are the same then authentication is approved. The advantage of this method is only the encrypted key is sent through the link. The key for the MD5 hash can either be given directly in the configuration using a key string or supplied indirectly through a key chain.</p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/gateway-load-balancing-protocol-glbp-tutorial/feed</wfw:commentRss>
<slash:comments>73</slash:comments>
</item>
<item>
<title>EtherChannel Tutorial</title>
<link>http://www.9tut.com/etherchannel-tutorial</link>
<comments>http://www.9tut.com/etherchannel-tutorial#comments</comments>
<pubDate>Fri, 17 Jan 2014 16:29:56 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=2039</guid>
<description><![CDATA[EtherChannel is the technology which is used to combine several physical links between switches or routers into one logical connection and treat them as a single link. Let’s take an example to see the benefits of this technology: Suppose your company has two switches connecting with each other via a FastEthernet link (100Mbps): Your company […]]]></description>
<content:encoded><![CDATA[<p>EtherChannel is the technology which is used to combine several physical links between switches or routers into one logical connection and treat them as a single link. Let’s take an example to see the benefits of this technology:</p>
<p>Suppose your company has two switches connecting with each other via a FastEthernet link (100Mbps):</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/EtherChannel/Switch_single_link.jpg" alt="Switch_single_link.jpg" width="324" height="42" /></p>
<p>Your company is growing and you need to transfer more than 100 Mbps between these switches. If you only connect other links between the two switches it will not work because Spanning-tree protocol (STP) will block redundant links to prevent a loop:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/EtherChannel/Switch_STP_block.jpg" alt="Switch_STP_block.jpg" width="337" height="53" /></p>
<p>To extend the capacity of the link you have two ways:</p>
<p>+ Buy two 1000Mbps (1Gbps) interfaces<br />
+ Use EtherChannel technology to bundle them into a bigger link</p>
<p><span id="more-2039"></span></p>
<p>The first solution is expensive with the new hardware installed on the two switches. By using EtherChannel you only need some more unused ports on your switches:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/EtherChannel/EtherChannel_Switch.jpg" alt="EtherChannel_Switch.jpg" width="330" height="75" /></p>
<p>EtherChannel bundles the physical links into one logical link with the combined bandwidth and it is awesome! STP sees this link as a single link so STP will not block any links! EtherChannel also does load balancing among the links in the channel automatically. If a link within the EtherChannel bundle fails, traffic previously carried over the failed link is carried over the remaining links within the EtherChannel. If one of the links in the channel fails but at least one of the links is up, the logical link (EtherChannel link) remains up.</p>
<p>EtherChannel also works well for router connections:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/EtherChannel/EtherChannel_router.jpg" alt="EtherChannel_router.jpg" width="286" height="76" /></p>
<p>When an EtherChannel is created, a logical interface will be created on the switches or routers representing for that EtherChannel. You can configure this logical interface in the way you want. For example, assign access/trunk mode on switches or assign IP address for the logical interface on routers…</p>
<p>Note: A maximum of 8 Fast Ethernet or 8 Gigabit Ethernet ports can be grouped together when forming an EtherChannel.</p>
<p>There are three mechanisms you can choose to configure EtherChannel:</p>
<p>+ Port Aggregation Protocol (PAgP)<br />
+Â Link Aggregation Control Protocol (LACP)<br />
+ Static (“On”)</p>
<p><strong>LACP is the IEEE Standard</strong> (IEEE 802.3ad) and is the most common dynamic ether-channel protocol, whereas <strong>PAgP is a Cisco proprietary</strong> protocol and works only between supported vendors and Cisco devices. All ports in an EtherChannel must use the same protocol; you cannot run two protocols on two ends. In other words, PAgP and LACP are not compatible so both ends of a channel must use the same protocol.</p>
<p>The Static Persistence (or “on” mode) bundles the links unconditionally and no negotiation protocol is used. In this mode, neither PAgP nor LACP packets are sent or received.</p>
<p>(http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094714.shtml)</p>
<p>Next we will learn more about the three EtherChannel mechanisms above.</p>
<p class="blueandbold">Port Aggregation Protocol (PAgP)</p>
<p>PAgP dynamically negotiates the formation of a channel. There are two PAgP modes:</p>
<table border="1">
<tbody>
<tr>
<td><strong>Auto</strong></td>
<td>Responds to PAgP messages but does not aggressively negotiate a PAgP EtherChannel. A channel is formed only if the port on the other end is set to Desirable. This is the default mode.</td>
</tr>
<tr>
<td><strong>Desirable</strong></td>
<td>Port actively negotiates channeling status with the interface on the other end of the link. A channel is formed if the other side is Auto or Desirable.</td>
</tr>
</tbody>
</table>
<p>The table below lists if an EtherChannel will be formed or not for PAgP:</p>
<table border="1">
<tbody>
<tr>
<td><strong>PAgP</strong></td>
<td><strong>Desirable</strong></td>
<td><strong>Auto</strong></td>
</tr>
<tr>
<td><strong>Desirable</strong></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><strong>Auto</strong></td>
<td>Yes</td>
<td class="ccnaquestionsnumber">No</td>
</tr>
</tbody>
</table>
<p class="blueandbold"><strong>Link Aggregation Protocol (LACP)</strong></p>
<p>LACP also dynamically negotiates the formation of a channel. There are two LACP modes:</p>
<table border="1">
<tbody>
<tr>
<td><strong><strong>Passive</strong></strong></td>
<td>Responds to LACP messages but does not aggressively negotiate a LACP EtherChannel. A channel is forms only if the other end is set to Active</td>
</tr>
<tr>
<td><strong><strong>Active</strong></strong></td>
<td>Port actively negotiates channeling with the interface on the other end of the link. A channel is formed if the other side is Passive or Active</td>
</tr>
</tbody>
</table>
<p>The table below lists if an EtherChannel will be formed or not for LACP:</p>
<table border="1">
<tbody>
<tr>
<td><strong>LACP</strong></td>
<td><strong>Active</strong></td>
<td><strong>Passive</strong></td>
</tr>
<tr>
<td><strong>Active</strong></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><strong>Passive</strong></td>
<td>Yes</td>
<td class="ccnaquestionsnumber">No</td>
</tr>
</tbody>
</table>
<p>In general, <strong>Auto</strong> mode in PAgP is the same as <strong>Passive</strong> mode in LACP and <strong>Desirable</strong> mode is same as <strong>Active</strong> mode.</p>
<p>Auto = Passive<br />
Desirable = Active</p>
<p class="blueandbold">Static (“On”)</p>
<p>In this mode, no negotiation is needed. The interfaces become members of the EtherChannel immediately. When using this mode make sure the other end must use this mode too because they will not check if port parameters match. Otherwise the EtherChannel would not come up and may cause some troubles (like loop…).</p>
<p>Note: All interfaces in an EtherChannel must be configured identically to form an EtherChannel. Specific settings that must be identical include:<br />
+ Speed settings<br />
+ Duplex settings<br />
+ STP settings<br />
+ VLAN membership (for access ports)<br />
+ Native VLAN (for trunk ports)<br />
+ Allowed VLANs (for trunk ports)<br />
+ Trunking Encapsulation (ISL or 802.1Q, for trunk ports)</p>
<p>Note: EtherChannels will not form if either dynamic VLANs or port security are enabled on the participating EtherChannel interfaces.</p>
<p>In the next part we will learn how to configure EtherChannel on switch/router interfaces.</p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/etherchannel-tutorial/feed</wfw:commentRss>
<slash:comments>48</slash:comments>
</item>
<item>
<title>Hot Standby Router Protocol HSRP Tutorial</title>
<link>http://www.9tut.com/hot-standby-router-protocol-hsrp-tutorial</link>
<comments>http://www.9tut.com/hot-standby-router-protocol-hsrp-tutorial#comments</comments>
<pubDate>Thu, 07 Nov 2013 02:00:38 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=1997</guid>
<description><![CDATA[In this tutorial we will learn what is HSRP and the need of HSRP in a network. Most of the company in the world has a connection to the Internet. The picture below shows a most simple topology of such a company: To make above topology work we need to: + Configure IP addresses on […]]]></description>
<content:encoded><![CDATA[<p>In this tutorial we will learn what is HSRP and the need of HSRP in a network.</p>
<p>Most of the company in the world has a connection to the Internet. The picture below shows a most simple topology of such a company:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/HSRP/Simple_company_topology.jpg" alt="Simple_company_topology.jpg" width="298" height="293" /></p>
<p>To make above topology work we need to:</p>
<p>+ Configure IP addresses on two interfaces of the Router. Suppose the IP address of Fa0/0 interface (the interface connecting to the switch) is 192.168.1.1.<br />
+ Assign the IP addresses, default gateways and DNS servers on all PCs. In this case we have to set the default gateways to Fa0/0 interface (with the IP address 192.168.1.1) of the router. This can be done manually or automatically via DHCP.</p>
<p><span id="more-1997"></span></p>
<p>After some time, your boss wants to implement some redundant methods so that even the Router fails, all PCs can still access the Internet without any manual configuration at that time. So we need one more router to connect to the Internet as the topology below:</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/HSRP/HSRP_company_topology.jpg" alt="HSRP_company_topology.jpg" width="298" height="293" /></p>
<p>But now we have a problem: There is only one default gateway on each host, so if Router1 is down and we want to access the Internet via Router2, we have to change the default gateway (to 192.168.1.2). Also, when Router1 comes back we have to manually change back to the IP address on Router1. And no one can access to the Internet in the time of changing the default gateway. HSRP can solve all these problems!</p>
<p class="blueandbold">HSRP Operation</p>
<p>With HSRP, two routers Router1 and Router2 in this case will be seen as only one router. HSRP uses a virtual MAC and IP address for the two routers to represent with hosts as a single default gateway. For example, the virtual IP address is 192.168.1.254 and the virtual MAC is 0000.0c07.AC0A. All the hosts will point their default gateway to this IP address.</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/HSRP/HSRP_virtual_router.jpg" alt="HSRP_virtual_router.jpg" width="298" height="283" /></p>
<p>One router, through the election process, is designated as <strong>active router</strong> while the other router is designated as <strong>standby router</strong>. Both active and standby router listen but only the active router proceeds and forwards packets. Standby router is backup when active router fails by monitoring periodic hellos sent by the active router (multicast to 224.0.0.2, UDP port 1985) to detect a failure of the active router.</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/HSRP/HSRP_active_standby_router.jpg" alt="HSRP_active_standby_router.jpg" width="298" height="283" />When a failure on the active router detected, the standby router assumes the role of the forwarding router. Because the new forwarding router uses the same (virtual) IP and MAC addresses, the hosts see no disruption in communication. A new standby router is also elected at that time (in the case of there are more than two routers in a HSRP group).</p>
<p>Note: All routers in a HSRP group send hello packets. By default, the hello timer is set to 3 seconds.</p>
<p><img class="aligncenter" src="http://www.9tut.com/images/ccna_self_study/HSRP/HSRP_active_fail.jpg" alt="HSRP_active_fail.jpg" width="298" height="283" /></p>
<p>Note: The virtual MAC address of HSRP version 1 is <strong>0000.0C07.ACxx</strong>, where <strong>xx</strong> is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.F<strong>XXXÂ </strong>(XXX: HSRP group in hexadecimal). But please notice that the virtual MAC address can be configured manually.</p>
<p>HSRP version 1 hello packets are sent to multicast address 224.0.0.2 while HSRP version 2 hello packets are sent to multicast address 224.0.0.102. Currently HSRPv1 is the default version when running HSRP on Cisco devices.</p>
<p>By default, a hello packet is sent between the HSRP standby group devices every 3 seconds, and the standby device becomes active when a hello packet has not been received for 10 seconds (called hold time).</p>
<p class="blueandbold">HSRP States</p>
<p>HSRP consists of 5 states:</p>
<table border="1">
<tbody>
<tr>
<td><strong>State</strong></td>
<td><strong>Description</strong></td>
</tr>
<tr>
<td>Initial</td>
<td>This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on</td>
</tr>
<tr>
<td>Listen</td>
<td>The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.</td>
</tr>
<tr>
<td>Speak</td>
<td>The router sends periodic HSRP hellos and participates in the election of the active or standby router.</td>
</tr>
<tr>
<td>Standby</td>
<td>In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)</td>
</tr>
<tr>
<td>Active</td>
<td>The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages</td>
</tr>
</tbody>
</table>
<p>Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.</p>
<p>Now let’s take an example of a router passing through these states. Suppose there are 2 routers A and B in the network; router A is turned on first. It enters the<strong> initial state</strong>. Then it moves to <strong>listen state</strong> in which it tries to hear if there are already active or standby routers for this group. After learning no one take the active or standby state, it determines to take part in the election by moving to <strong>speak state</strong>. Now it starts sending hello messages containing its priority. These messages are sent to the multicast address 224.0.0.2 (which can be heard by all members in that group). When it does not hear a hello message with a higher priority it assumes the role of active router and moves to <strong>active state</strong>. In this state, it continues sending out periodic hello messages.</p>
<p>Now router B is turned on. It also goes through <strong>initial </strong>and <strong>listen state</strong>. In listen state, it learns that router A has been already the active router and no other router is taking standby role so it enters <strong>speak </strong>state to compete for the standby router -> it promotes itself as <strong>standby </strong>router.</p>
<p>Suppose router A is in active state while router B is in standby state. If router B does not hear hello messages from router A within the holdtime (10 seconds by default), router B goes into speak state to announce its priority to all HSRP members and compete for the active state. But if at some time it receives a message from the active router that has a lower priority than its priority (because the administrator change the priority in either router), it can take over the active role by sending out a hello packet with parameters indicating it wants to take over the active router. This is called a coup hello message.</p>
<p><strong>Quick summarization:</strong></p>
<p>+ HSRP is Cisco proprietary which allows several routers or multilayer switches to appear as a single gateway IP address.<br />
+ HSRP has 5 states: Initial, listen, speak, standby and active.<br />
+ HSRP allows multiple routers to share a virtual IP and MAC address so that the end-user hosts do not realize when a failure occurs.<br />
+ The active (or Master) router uses the virtual IP and MAC addresses.<br />
+ Standby routers listen for Hellos from the Active router. A hello packet is sent every 3 seconds by default. The hold time (dead interval) is 10 seconds.<br />
+ Virtual MAC of 0000.0C07.ACxx , where xx is the hexadecimal number of HSRP group.<br />
+ The group numbers of HSRP version 1 range from 0 to 255. HSRP does support group number of 0 (we do check it and in fact, it is the default group number if you don’t enter group number in the configuration) so HSRP version 1 supports up to 256 group numbers. HSRP version 2 supports 4096 group numbers.</p>
<p>(Reference and good resource: <a href="http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml</a>)</p>
<p>We wrote a GNS3 lab of HSRP and you can read it here: <a href="http://www.networktut.com/hsrp-ip-route-tracking">http://www.networktut.com/hsrp-ip-route-tracking</a>.</p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/hot-standby-router-protocol-hsrp-tutorial/feed</wfw:commentRss>
<slash:comments>119</slash:comments>
</item>
<item>
<title>InterVLAN Routing Tutorial – Premium Tutorial</title>
<link>http://www.9tut.com/intervlan-routing-tutorial</link>
<comments>http://www.9tut.com/intervlan-routing-tutorial#comments</comments>
<pubDate>Wed, 22 Feb 2012 09:39:39 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=1061</guid>
<description><![CDATA[In the previous VLAN tutorial we learned how to use VLAN to segment the network and create “logical” broadcast domains. In this tutorial we will learn about InterVLAN Routing. What is InterVLAN routing? As we learned, devices within a VLAN can communicate with each other without the need of Layer 3 routing. But devices in […]]]></description>
<content:encoded><![CDATA[<p>In the previous <a href="http://www.9tut.com/virtual-local-area-network-vlan-tutorial" target="_blank">VLAN tutorial</a> we learned how to use VLAN to segment the network and create “logical” broadcast domains. In this tutorial we will learn about InterVLAN Routing.</p>
<p class="blueandbold">What is InterVLAN routing?</p>
<p>As we learned, devices within a VLAN can communicate with each other without the need of Layer 3 routing. But devices in separate VLANs require a Layer 3 routing device to communicate with one another. For example, in the topology below host A and B can communicate with each other without a router in the same VLAN 10; host C and D can communicate in the same VLAN 20. But host A can’t communicate with host C or D because they are in different VLANs.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/InterVLAN/InterVLAN_no_router.jpg" alt="InterVLAN_no_router.jpg" width="420" height="180" /></p>
<p>To allow hosts in different VLANs communicate with each other, we need a Layer 3 device (like a router) for routing:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/InterVLAN/InterVLAN_traditional_routing.jpg" alt="InterVLAN_traditional_routing.jpg" width="420" height="290" /></p>
<p style="text-align: left;">The routing traffic from one VLAN to another VLAN is called InterVLAN routing.</p>
<p><!--adsense--></p>
<p><span id="more-1061"></span></p>
<p style="text-align: left;">Please <a href="http://www.9tut.com/member/signup">Register</a> or <a href="http://www.9tut.com/member/login">Login</a> to read the rest of this tutorial.</p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/intervlan-routing-tutorial/feed</wfw:commentRss>
<slash:comments>45</slash:comments>
</item>
<item>
<title>Cisco Command Line Interface CLI</title>
<link>http://www.9tut.com/cisco-command-line-interface-cli</link>
<comments>http://www.9tut.com/cisco-command-line-interface-cli#comments</comments>
<pubDate>Tue, 20 Dec 2011 04:21:36 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=1024</guid>
<description><![CDATA[In the previous tutorial we learned about the boot sequence of a Cisco router/switch. After that, the router will allow us to type commands but in different modes we can only used specific commands. So in this tutorial we will learn about the Command Line Interface (CLI) and different modes in a Cisco router/switch. Below […]]]></description>
<content:encoded><![CDATA[<p>In the previous tutorial we learned about the <a href="http://www.9tut.com/cisco-router-boot-sequence-tutorial" target="_blank">boot sequence of a Cisco router/switch</a>. After that, the router will allow us to type commands but in different modes we can only used specific commands. So in this tutorial we will learn about the Command Line Interface (CLI) and different modes in a Cisco router/switch.</p>
<p>Below lists popular modes in Cisco switch/router:</p>
<table border="1">
<tbody>
<tr>
<td>Router></td>
<td>User mode</td>
</tr>
<tr>
<td>Router#</td>
<td>Privileged mode</td>
</tr>
<tr>
<td>Router(config)#</td>
<td>Configuration mode</td>
</tr>
<tr>
<td>Router(config-if)#</td>
<td>Interface level (within configuration mode)</td>
</tr>
<tr>
<td>Router(config-router)#</td>
<td>Routing engine level (within configuration mode)</td>
</tr>
<tr>
<td>Router(config-line)#</td>
<td>Line level (vty, tty, async) within configuration mode</td>
</tr>
</tbody>
</table>
<p>Now let’s discuss each mode in more detail</p>
<p><!--adsense--></p>
<p><span id="more-1024"></span></p>
<p><span class="blueandbold">User mode (Unprivileged mode)</span><br />
In most case this is the mode you will see on the screen after connecting to it. This mode provides limited access to the router. You are provided with a set of nondestructive commands that allow examination of certain router configuration parameters (mostly to view statistics). You cannot, however, make any changes to the router configuration.</p>
<p><span class="blueandbold">Privileged mode</span><br />
Also known as the Enabled mode, this mode allows greater examination of the router and provides a more robust command set than the User mode. In Privileged mode, you have access to the configuration commands supplied in the Global Configuration mode, meaning you can edit the configuration for the router.</p>
<p><span class="blueandbold">Configuration mode</span><br />
Also called the Global Configuration mode, this mode is entered from the Privileged mode and supplies the complete command set for configuring the router. In this mode you can access interface level, routing engine level, line level…</p>
<p class="blueandbold">Interface level</p>
<p>In some books, this level is also referred as “interface configuration mode” or “interface mode”. In fact, it is a level inside Configuration mode so you can see the “configuration” part in its prompt (config-if). This level can be accessed by typing a specific interface in Configuration mode. For example:</p>
<p><strong>Router(config)#interface fa0/0<br />
Router(config-if)#</strong></p>
<p>But notice that the prompt doesn’t give you information about which interface is being configured so be careful with this level while you are configuring! This lack of information can make you configure wrong interface easily!</p>
<p class="blueandbold">Routing engine level</p>
<p>This is the level where we configure dynamic routing protocols (RIP, OSPF, EIGRP…). You will learn about them later in CCNA.</p>
<p class="blueandbold">Line level</p>
<p>In this level we can configure Telnet, Console, AUX port parameters. Also notice that the prompt (config-line) is used for all “lines” on the router so you must be careful about which line you are configuring!</p>
<p>Note: The “line” here can be a physical Console port or a virtual connection like Telnet.</p>
<p>The image below shows how to access each mode and popular levels inside Configuration mode:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/CLI/popular_modes.jpg" alt="popular_modes.jpg" width="410" height="160" /></p>
<p>Learning about modes is not difficult and you will get familiar with them while configuring routers & switches. Just pay a little attention to them each time you practice and surely you can grasp them easily.</p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/cisco-command-line-interface-cli/feed</wfw:commentRss>
<slash:comments>29</slash:comments>
</item>
<item>
<title>Cisco Router Boot Sequence Tutorial</title>
<link>http://www.9tut.com/cisco-router-boot-sequence-tutorial</link>
<comments>http://www.9tut.com/cisco-router-boot-sequence-tutorial#comments</comments>
<pubDate>Fri, 16 Dec 2011 09:58:39 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=1013</guid>
<description><![CDATA[In this article we will learn about the main components of a Cisco router and how the boot process takes place. Types of memory Generally Cisco routers (and switches) contain four types of memory: Read-Only Memory (ROM): ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (POST). Flash Memory: […]]]></description>
<content:encoded><![CDATA[<p>In this article we will learn about the main components of a Cisco router and how the boot process takes place.</p>
<p><span class="blueandbold">Types of memory</span></p>
<p>Generally Cisco routers (and switches) contain four types of memory:</p>
<p><strong>Read-Only Memory</strong> (ROM): ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (POST).</p>
<p><strong>Flash Memory</strong>: Generally referred to simply as “flash”, the IOS images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on reload.</p>
<p><strong>Random-Access Memory </strong>(RAM): Stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded. By default, routers look here first for an Internetwork Operating System (IOS) file during boot.</p>
<p><strong>Non-volatile RAM</strong> (NVRAM): NVRAM holds the router’s startup configuration file. NVRAM contents are not lost when the router is powered down or reloaded.</p>
<p><!--adsense--></p>
<p><span id="more-1013"></span></p>
<p>Some comparisons to help you remember easier:</p>
<p>+ RAM is a volatile memory so contents are lost on reload, where NVRAM and Flash contents are not.<br /> + NVRAM holds the startup configuration file, where RAM holds the running configuration file.<br /> + ROM contains a bootstrap program called ROM Monitor (or ROMmon). When a router is powered on, the bootstrap runs a hardware diagnostic called POST (Power-On Self Test).</p>
<p><span class="blueandbold">Router boot process</span></p>
<p><strong>The following details the router boot process:</strong><br /> 1. The router is powered on.<br /> 2. The router first runs Power-On Self Test (POST)<br /> 3. The bootstrap checks the Configuration Register value to specify where to load the IOS. By default (the default value of Configuration Register is 2102, in hexadecimal), the router first looks for “boot system” commands in startup-config file. If it finds these commands, it will run boot system commands in order they appear in startup-config to locate the IOS. If not, the IOS image is loaded from Flash . If the IOS is not found in Flash, the bootstrap can try to load the IOS from TFTP server or from ROM (mini-IOS).<br /> 4. After the IOS is found, it is loaded into RAM.<br /> 5. The IOS attempts to load the configuration file (startup-config) from NVRAM to RAM. If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP. If no TFTP server responds, the router enters Setup Mode (Initial Configuration Mode).</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Boot_Sequence/Cisco_Boot_Sequence.jpg" alt="Cisco_Boot_Sequence.jpg" width="446" height="520" /></p>
<p>And this is the process we can see on our screen when the router is turned on:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Boot_Sequence/Cisco_router_boot_process.jpg" alt="Cisco_router_boot_process.jpg" width="580" height="902" /></p>
<p>In short, when powered on the router needs to do:</p>
<p>1. Run <span style="text-decoration: underline;">POST</span> to check hardware<br /> 2. Search for a <span style="text-decoration: underline;">valid IOS</span> (the Operating System of the router)<br /> 3. Search for a <span style="text-decoration: underline;">configuration file</span> (all the configurations applied to this router)</p>
<p><span class="blueandbold">Specify how much RAM, NVRAM and Flash of a router<br /> </span></p>
<p>Also, from the information shown above, we can learn some information about router’s model, RAM, Flash, NVRAM memories as shown below:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Boot_Sequence/RAM_ROM_Flash_memory.jpg" alt="RAM_ROM_Flash_memory.jpg" width="565" height="189" /></p>
<p>Note: The “show version” command also gives us this information.</p>
<p>All the above information is straight-forwarding except the information of RAM. In some series of routers, the RAM information is displayed by 2 parameters (in this case 60416K/5120K). The first parameter indicates how much RAM is in the router while the second parameter (5120K) indicates how much DRAM is being used for Packet memory. Packet memory is used for buffering packets.</p>
<p>So, from the output above we can learn:</p>
<p>Amount of RAM: 60416 + 5120 = 65536KB / 1024 = 64MB<br /> Amount of NVRAM: 239KB<br /> Amount of Flash: 62720KB</p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/cisco-router-boot-sequence-tutorial/feed</wfw:commentRss>
<slash:comments>179</slash:comments>
</item>
<item>
<title>OSI Model Tutorial</title>
<link>http://www.9tut.com/osi-model-tutorial</link>
<comments>http://www.9tut.com/osi-model-tutorial#comments</comments>
<pubDate>Wed, 02 Nov 2011 15:57:42 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=912</guid>
<description><![CDATA[Welcome to the most basic tutorial for networker! Understanding about OSI model is one of the most important tools to help you grasp how networking devices like router, switch, PC… work. Let’s take an example in our real life to demonstrate the OSI model. Maybe you have ever sent a mail to your friend, right? […]]]></description>
<content:encoded><![CDATA[<p>Welcome to the most basic tutorial for networker! Understanding about OSI model is one of the most important tools to help you grasp how networking devices like router, switch, PC… work.</p>
<p>Let’s take an example in our real life to demonstrate the OSI model. Maybe you have ever sent a mail to your friend, right? To do it, you have to follow these steps:</p>
<p>1. Write your letter<br />
2. Insert it into an envelope<br />
3. Write information about sender and receiver on that envelope<br />
4. Stamp it<br />
5. Go to the post office and drop it into a mail inbox</p>
<p>From the example above, I want to imply we have to go through some steps in a specific order to complete a task. It is also applied for two PCs to communicate with each other. They have to use a predefined model, named OSI, to complete each step. There are 7 steps in this model as listed below:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSI/OSI_Model.jpg" alt="OSI_Model.jpg" width="190" height="290" /></p>
<p>This is also the well-known table of the OSI model so you must take time to learn by heart. A popular way to remember this table is to create a fun sentence with the first letters of each layer. For example: <strong>A</strong>ll <strong>P</strong>eople <strong>S</strong>eem <strong>T</strong>o <strong>N</strong>eed <strong>D</strong>ata <strong>P</strong>rocessing or a more funny sentence sorted from layer 1 to layer 7: <strong>P</strong>lease <strong>D</strong>o <strong>N</strong>ot <strong>T</strong>hrow <strong>S</strong>ausage <strong>P</strong>izza <strong>A</strong>way.</p>
<p><span id="more-912"></span></p>
<p><!--adsense--></p>
<p>There are two notices about this table:</p>
<p>1. First, the table is arranged from top to bottom (numbering from 7 to 1). Each step is called a “layer” so we have 7 layers (maybe we usually call them “layers” to make them more… technical ^^).</p>
<p>When a device wants to send information to another one, its data must go from top to bottom layer. But when a device receives this information, it must go from bottom to top to “decapsulate” it. In fact, the reverse action at the other end is very natural in our life. It is very similar when two people communicate via mail. First, the writer must write the letter, insert it into an envelope while the receiver must first open the envelope and then read the mail. The picture below shows the whole process of sending and receiving information.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSI/OSI_Model_sending_receiving.jpg" alt="OSI_Model_sending_receiving.jpg" width="470" height="470" /></p>
<p>Note: The OSI model layers are often referred to by number than by name (for example, we refer saying “layer 3″ to “network layer”) so you should learn the number of each layer as well.</p>
<p>2. When the information goes down through layers (from top to bottom), a header is added to it. This is called encapsulation because it is like wrapping an object in a capsule. Each header can be understood only by the corresponding layer at the receiving side. Other layers only see that layer’s header as a part of data.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSI/OSI_Model_headers_added.jpg" alt="OSI_Model_headers_added.jpg" width="340" height="390" /></p>
<p>At the receiving side, corresponding header is stripped off in the same layer it was attached.</p>
<p class="blueandbold">Understand each layer</p>
<p><strong>Layer 7 – Application layer<br />
</strong></p>
<p>This is the closest layer to the end user. It provides the interface between the applications we use and the underlying layers. But notice that the programs you are using (like a web browser – IE, Firefox or Opera…) do not belong to Application layer. Telnet, FTP, email client (SMTP), HyperText Transfer Protocol (HTTP) are examples of Application layer.</p>
<p><strong>Layer 6 – Presentation layer</strong></p>
<p>This layer ensures the presentation of data, that the communications passing through are in the appropriate form for the recipient. In general, it acts as a translator of the network. For example, you want to send an email and the Presentation will format your data into email format. Or you want to send photos to your friend, the Presentation layer will format your data into GIF, JPG or PNG… format.</p>
<p><strong>Layer 5 – Session layer</strong></p>
<p>Layer 5 establishes, maintains and ends communication with the receiving device.</p>
<p><strong>Layer 4 – Transport layer</strong></p>
<p>This layer maintains flow control of data and provides for error checking and recovery of data between the devices. The most common example of Transport layer is Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).</p>
<p><strong>Layer 3 – Network layer</strong></p>
<p>This layer provides logical addresses which routers will use to determine the path to the destination. In most cases, the logic addresses here means the IP addresses (including source & destination IP addresses).</p>
<p><strong>Layer 2 – Data Link Layer</strong></p>
<p>The Data Link layer formats the message into a <em>data frame</em>, and adds a header containing the hardware destination and source address to it. This header is responsible for finding the next destination device on a local network.</p>
<p>Notice that layer 3 is responsible for finding the path to the last destination (network) but it doesn’t care about who will be the next receiver. It is the Layer 2 that helps data to reach the next destination.</p>
<p>This layer is subdivide into 2 sub-layers: logical link control (LLC) and media access control (MAC).</p>
<p>The LLC functions include:<br />
+ Managing frames to upper and lower layers<br />
+ Error Control<br />
+ Flow control</p>
<p>The MAC sublayer carries the physical address of each device on the network. This address is more commonly called a device’s MAC address. MAC address is a 48 bits address which is burned into the NIC card on the device by its manufacturer.</p>
<p><strong>Layer 1 – Physical layer</strong></p>
<p>The Physical Layer defines the physical characteristics of the network such as connections, voltage levels and timing.</p>
<p><!--adsense#MiddleContent--></p>
<p>To help you remember the functions of each layer more easily, I created a fun story in which Henry (English) wants to send a document to Charles (French) to demonstrate how the OSI model works.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSI/OSI_7_layers_fun.jpg" alt="OSI_7_layers_fun.jpg" width="750" height="1055" /></p>
<p> </p>
<p>Lastly, I summarize all the important functions of each layer in the table below (please remember them, they are very important knowledge you need to know about OSI model):</p>
<table border="1">
<tbody>
<tr style="background-color: #33ff66;">
<td><strong>Layer</strong></td>
<td><strong>Description</strong></td>
<td><strong>Popular Protocols</strong></td>
<td><strong>Protocol Data Unit</strong></td>
<td><strong>Devices operate in this layer</strong></td>
</tr>
<tr>
<td><strong>Application</strong></td>
<td>+ User interface</td>
<td>HTTP, FTP, TFTP, Telnet, SNMP, DNS…</td>
<td>Data</td>
<td>Â </td>
</tr>
<tr>
<td><strong>Presentation</strong></td>
<td>+ Data representation, encryption & decryption</td>
<td>
<p>+ Video (WMV, AVI…)<br />
+ Bitmap (JPG, BMP, PNG…)<br />
+ Audio (WAV, MP3, WMA…)<br />
….</p>
</td>
<td>Data</td>
<td>Â </td>
</tr>
<tr>
<td><strong>Session</strong></td>
<td>+ Set up, monitor & terminate the connection session</td>
<td>+ SQL, RPC, NETBIOS names…</td>
<td>Data</td>
<td>Â </td>
</tr>
<tr>
<td><strong>Transport</strong></td>
<td>+ Flow control (Buffering, Windowing, Congestion Avoidance) helps prevent the loss of segments on the network and the need for retransmission</td>
<td>+ TCP (Connection-Oriented, reliable)<br />
+ UDP (Connectionless, unreliable)</td>
<td>Segment</td>
<td>Â </td>
</tr>
<tr>
<td><strong>Network</strong></td>
<td>+ Path determination<br />
+ Source & Destination logical addresses</td>
<td>+ IP<br />
+ IPX<br />
+ AppleTalk</td>
<td>Packet/Datagram</td>
<td>Router</td>
</tr>
<tr>
<td><strong>Data Link</strong></td>
<td>
<p>+ Physical addresses</p>
<p>Includes 2 layers:<br />
+ Upper layer: Logical Link Control (LLC)<br />
+ Lower layer: Media Access Control (MAC)</p>
</td>
<td>+ LAN<br />
+ WAN (HDLC, PPP, Frame Relay…)</td>
<td>Frame</td>
<td>Switch, Bridge</td>
</tr>
<tr>
<td><strong>Physical</strong></td>
<td>
<p>Encodes and transmits data bits</p>
<p>+ Electric signals<br />
+ Radio signals</p>
</td>
<td>+ FDDI, Ethernet</td>
<td>Bit (0, 1)</td>
<td>Hub, Repeater…</td>
</tr>
</tbody>
</table>
<p>Note: In fact, OSI is just is a theoretical model of networking. The practical model used in modern networks is the TCP/IP model. You may think “Hm, it’s just theoretic and has no use in real life! I don’t care!” but believe me, you will use this model more often than the TCP/IP model so take time to grasp it, you will not regret – I promise :)</p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/osi-model-tutorial/feed</wfw:commentRss>
<slash:comments>463</slash:comments>
</item>
<item>
<title>Subnetting Tutorial – Subnetting Made Easy</title>
<link>http://www.9tut.com/subnetting-tutorial</link>
<comments>http://www.9tut.com/subnetting-tutorial#comments</comments>
<pubDate>Wed, 28 Sep 2011 06:47:59 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=850</guid>
<description><![CDATA[In this article, we will learn how to subnet and make subnetting an easy task. The table below summarizes the possible network numbers, the total number of each type, and the number of hosts in each Class A, B, and C network. Â Default subnet mask Range Class A 255.0.0.0 (/8) 1.0.0.0 – 126.255.255.255 Class […]]]></description>
<content:encoded><![CDATA[<p>In this article, we will learn how to subnet and make subnetting an easy task.</p>
<p>The table below summarizes the possible network numbers, the total number of each type, and the number of hosts in each Class A, B, and C network.</p>
<table border="1">
<tbody>
<tr>
<td>Â </td>
<td><strong>Default subnet mask</strong></td>
<td><strong>Range</strong></td>
</tr>
<tr>
<td><strong>Class A</strong></td>
<td>255.0.0.0 (/8)</td>
<td>1.0.0.0 – 126.255.255.255</td>
</tr>
<tr>
<td><strong>Class B</strong></td>
<td>255.255.0.0 (/16)</td>
<td>128.0.0.0 – 191.255.255.255</td>
</tr>
<tr>
<td><strong>Class C</strong></td>
<td>255.255.255.0 (/24)</td>
<td>192.0.0.0 – 223.255.255.255</td>
</tr>
</tbody>
</table>
<p><span style="font-size: x-small;">Table 1 – Default subnet mask & range of each class</span></p>
<p>Class A addresses begin with a 0 bit. Therefore, all addresses from 1.0.0.0 to 126.255.255.255 belong to class A (1=<span style="text-decoration: underline;"><strong>0</strong></span>000 0001; 126 = <strong><span style="text-decoration: underline;">0</span></strong>111 1110).<br />
The 0.0.0.0 address is reserved for default routing and the 127.0.0.0 address is reserved for loopback testing so they don’t belong to any class.<br />
Class B addresses begin with a 1 bit and a 0 bit. Therefore, all addresses from 128.0.0.0 to 191.255.255.255 belong to class B (128=<span style="text-decoration: underline;"><strong>10</strong></span>00 0000; 191 = <span style="text-decoration: underline;"><strong>10</strong></span>11 1111). <br />
Class C addresses begin with two 1 bits and a 0 bit. Class C addresses range from 192.0.0.0 to 223.255.255.255 (192 = <span style="text-decoration: underline;"><strong>110</strong></span>0 0000; 223 = <span style="text-decoration: underline;"><strong>110</strong></span>1 1111).</p>
<p>Class D & E are used for Multicast and Research purposes and we are not allowed to subnet them so they are not mentioned here.</p>
<p>Note: The number behind the slash notation (/) specifies how many bits are turned on (bit 1). For example:</p>
<p>+ “/8″ equals “1111 1111.0000 0000.0000 0000.0000 0000″ -> 8 bits are turned on (bit 1)<br />
+ “/12″ equals “1111 1111.1111 0000.0000 0000.0000 0000″ -> 12 bits are turned on (bit 1)<br />
+ “/28″ equals “1111 1111.1111 1111.1111 1111.1111 0000″ -> 28 bits are turned on (bit 1)<br />
+ “/32″ equals “1111 1111.1111 1111.1111 1111.1111 1111″ -> 32 bits are turned on (bit 1) and this is also the maximum value because all bits are turned on.</p>
<p>The slash notation (following with a number) is equivalent to a subnet mask. If you know the slash notation you can figure out the subnet mask and vice versa. For example, “/8″ is equivalent to “255.0.0.0″; “/12″ is equivalent to “255.240.0.0″; “/28″ is equivalent to “255.255.255.240″; “/32″ is equivalent to “255.255.255.255″.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Subnet/Class_A_B_C_network_host_portions.jpg" alt="Class_A_B_C_network_host_portions.jpg" width="415" height="205" /></p>
<p style="text-align: center;"><span style="font-size: x-small;">The Network & Host parts of each class by default</span></p>
<p style="text-align: left;">From the “default subnet mask” shown above, we can identify the network and host part of each class. Notice that in the subnet mask, bit 1 represents for Network part while bit 0 presents for Host part (255 equals to 1111 1111 and 0 equals to 0000 0000 in binary form).</p>
<p><span id="more-850"></span></p>
<p><!--adsense--></p>
<p class="blueandbold">What is “subnetting”?</p>
<p>When changing a number in the Network part of an IP address we will be in a different network from the previous address. For example, the IP address 11.0.0.1 belongs to class A and has a default subnet mask of 255.0.0.0; if we change the number in the first octet (a block of 8 bits, the first octet is the leftmost 8 bits) we will create a different network. For example, <span style="text-decoration: underline;">12</span>.0.0.1 is in a different network from <span style="text-decoration: underline;">11</span>.0.0.1. But if we change a number in the Host part, we are still in the same Network. For example, 11.<span style="text-decoration: underline;">1</span>.0.1 is in the same network of 11.<span style="text-decoration: underline;">0</span>.0.1.</p>
<p>The problem here is if we want to create 300 networks how can we do that? In the above example, we can only create different networks when changing the first octet so we can create a maximum of 255 networks because the first octet can only range from 1 to 255 (in fact it is much smaller because class A only range from 1 to 126). Now we have to use a technique called “subnetting” to achieve our purpose.</p>
<p>“Subnetting” means we <strong>borrow some bits from the Host part to add to the Network part</strong>. This allows us to have more networks than using the default subnet mask. For example, we can borrow some bits in the next octet to make the address 11.1.0.1 belong to a different network from 11.0.0.1.</p>
<p><span class="blueandbold">How to subnet?</span></p>
<p>Do you remember that I said “in the subnet mask, bit 1 represents for Network part while bit 0 presents for Host part”? Well, this also means that we can specify how many bits we want to borrow by changing how many bit 0 to bit 1 in the subnet mask.</p>
<p><!--adsense#MiddleContent--></p>
<p>Let’s come back to our example with the IP 11.0.0.1, we will write all numbers in binary form to reveal what a computer really sees in an IP address.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Subnet/Class_A_binary_form.jpg" alt="Class_A_binary_form.jpg" width="475" height="160" /></p>
<p>Now you can clearly see that the subnet mask will decide which is the Network part, which is the Host part. By borrowing 8 bits, our subnet mask will be like this:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Subnet/Class_A_subnet_binary_form.jpg" alt="Class_A_subnet_binary_form.jpg" width="495" height="160" /></p>
<p>After changing the second octet of the subnet mask from all “0″ to all “1″, the Network part is now extended. Now we can create new networks by changing number in the first or second octet. This greatly increases the number of networks we can create. With this new subnet mask, IP 11.<span style="text-decoration: underline;">1</span>.0.1 is in different network from IP 11.<span style="text-decoration: underline;">0</span>.0.1 because “1″ in the second octet now belongs to the Network part.</p>
<p>So, in conclusion we “subnet” by borrowing bit “0″ in the Host portion and converting them to bit “1″. The number of borrowed bits is depended on how many networks we need.</p>
<p>Note: A rule of borrowing bits is we can only borrow bit 0 from the left to the right without skipping any bit 0. For example, you can borrow like this: “1111 1111. 1100 0000.0000 0000.0000 0000″ but not this: “1111 1111. 1010 0000.0000 0000.0000 0000″. In general, just make sure all your bit “1″s are successive on the left and all your bit “0″s are successive on the right.</p>
<p>In the next part we will learn how to calculate the number of sub-networks and hosts-per-subnet</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/subnetting-tutorial/feed</wfw:commentRss>
<slash:comments>198</slash:comments>
</item>
<item>
<title>Frame Relay Tutorial</title>
<link>http://www.9tut.com/frame-relay-tutorial</link>
<comments>http://www.9tut.com/frame-relay-tutorial#comments</comments>
<pubDate>Wed, 07 Sep 2011 11:38:17 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=817</guid>
<description><![CDATA[Let’s start this article with the question: Why do we need Frame Relay? Let’s take a simple example. Suppose you are working in a big company and your company has just expanded to two new locations. The main site is connected to two branch offices, named Branch 1 & Branch 2 and your boss wants […]]]></description>
<content:encoded><![CDATA[<p>Let’s start this article with the question: Why do we need Frame Relay?</p>
<p>Let’s take a simple example. Suppose you are working in a big company and your company has just expanded to two new locations. The main site is connected to two branch offices, named Branch 1 & Branch 2 and your boss wants these two branches can communicate with the main site. The most simple solution is to connect them directly (called a leased line) as shown below:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Frame_Relay/Frame_Relay_before_using_Frame_Relay.jpg" alt="Frame_Relay_before_using_Frame_Relay.jpg" width="300" height="140" /></p>
<p>To connect to these two branches, the main site router, HeadQuarter, requires two serial interfaces which a router can provide. But what happens when the company expands to 10 branches, 50 branches? For each point-to-point line, HeadQuarter needs a separate physical serial interface (and maybe a separate CSU/DSU if it is not integrated into the WAN card). As you can imagine, it will need many routers with many interfaces and lots of rack space for the routers and CSU/DSUs. Maybe we should use another solution for this problem? Luckily, Frame Relay can do it!</p>
<p><span id="more-817"></span></p>
<p><!--adsense--></p>
<p>By using Frame Relay we only need one serial interface at the HeadQuarter to connect to all branches. This is also true when we expand to 10 or 50 branches. Moreover, the cost is much lesser than using leased-lines.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Frame_Relay/Frame_Relay_implement_Frame_Relay.jpg" alt="Frame_Relay_implement_Frame_Relay.jpg" width="405" height="130" /></p>
<p>Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. It offers lower-cost data transfer when compared to typical point-to-point applications, by using virtual connections within the frame relay network and by combining those connections into a single physical connection at each location. Frame relay providers use a frame relay switch to route the data on each virtual circuit to the appropriate destination.</p>
<p>Maybe these terminologies of Frame Relay are difficult to understand so we will explain them in more detail in this article.</p>
<p class="blueandbold">DCE & DTE</p>
<p>The first concept in Frame Relay you must grasp is about DTE & DCE:</p>
<p>+ Data terminal equipment (DTE), which is actually the user device and the logical Frame-relay end-system<br />
+ Data communication equipment (DCE, also called data circuit-terminating equipment), which consists of modem and packet switch</p>
<p>In general, the routers are considered DTE, and the Frame Relay switches are DCE. The purpose of DCE equipment is to provide clocking and switching services in a network. In our example, HeadQuarter, Branch 1 & Branch 2 are DTEs while Frame Relay switches are DCEs.</p>
<p><!--adsense#MiddleContent--></p>
<p><span class="blueandbold">Virtual Circuits</span></p>
<p>The logical connection through the Frame Relay network between two DTEs is called a virtual circuit (VC). The term “virtual” here means that the two DTEs are not connected directly but through a network. For example, the HeadQuarter & Branch 1 (or Branch 2) can communicate with each other as if they were directly connected but in fact they are connected through a Frame Relay network with many Frame Relay switches between them.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Frame_Relay/Frame_Relay_virtual_circuit.jpg" alt="Frame_Relay_virtual_circuit.jpg" width="405" height="130" /></p>
<p>There are two types of VCs<br />
+ <strong>switched virtual circuits (SVCs)</strong>: are temporary connections that are only used when there is sporadic data transfer between DTE devices across the Frame Relay network. SVC is set up dynamically when needed. SVC connections require call setup and termination for each connection.<br />
+ <strong>permanent virtual circuits (PVCs)</strong>: A predefined VC. A PVC can be equated to a leased line in concept.</p>
<p>Nowadays most service providers offer PVC service only to save additional costs for signaling and billing procedures.</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/frame-relay-tutorial/feed</wfw:commentRss>
<slash:comments>150</slash:comments>
</item>
<item>
<title>Wireless Tutorial</title>
<link>http://www.9tut.com/wireless-tutorial</link>
<comments>http://www.9tut.com/wireless-tutorial#comments</comments>
<pubDate>Fri, 12 Aug 2011 07:52:16 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=787</guid>
<description><![CDATA[In this article we will discuss about Wireless technologies mentioned in CCNA. Wireless LAN (WLAN) is very popular nowadays. Maybe you have ever used some wireless applications on your laptop or cellphone. Wireless LANs enable users to communicate without the need of cable. Below is an example of a simple WLAN: Each WLAN network needs […]]]></description>
<content:encoded><![CDATA[<p>In this article we will discuss about Wireless technologies mentioned in CCNA.</p>
<p>Wireless LAN (WLAN) is very popular nowadays. Maybe you have ever used some wireless applications on your laptop or cellphone. Wireless LANs enable users to communicate without the need of cable. Below is an example of a simple WLAN:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Wireless/Wireless_Applications.jpg" alt="Wireless_Applications.jpg" width="330" height="380" /></p>
<p>Each WLAN network needs a wireless Access Point (AP) to transmit and receive data from users. Unlike a wired network which operates at full-duplex (send and receive at the same time), a wireless network operates at half-duplex so sometimes an AP is referred as a Wireless Hub.</p>
<p><span id="more-787"></span></p>
<p><!--adsense--></p>
<p>The major difference between wired LAN and WLAN is WLAN transmits data by radiating energy waves, called radio waves, instead of transmitting electrical signals over a cable.</p>
<p>Also, WLAN uses CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) instead of CSMA/CD for media access. WLAN can’t use CSMA/CD as a sending device can’t transmit and receive data at the same time. CSMA/CA operates as follows:</p>
<p>+ Listen to ensure the media is free. If it is free, set a random time before sending data<br />
+ When the random time has passed, listen again. If the media is free, send the data. If not, set another random time again<br />
+ Wait for an acknowledgment that data has been sent successfully<br />
+ If no acknowledgment is received, resend the data</p>
<p class="blueandbold">IEEE 802.11 standards:</p>
<p>Nowadays there are three organizations influencing WLAN standards. They are:</p>
<p>+ ITU-R: is responsible for allocation of the RF bands<br />
+ IEEE: specifies how RF is modulated to transfer data<br />
+ Wi-Fi Alliance: improves the interoperability of wireless products among vendors</p>
<p>But the most popular type of wireless LAN today is based on the IEEE 802.11 standard, which is known informally as Wi-Fi.</p>
<p><strong>* 802.11a:</strong> operates in the 5.7 GHz ISM band. Maximum transmission speed is 54Mbps and approximate wireless range is 25-75 feet indoors.<br />
<strong>* 802.11b:</strong> operates in the 2.4 GHz ISM band. Maximum transmission speed is 11Mbps and approximate wireless range is 100-200 feet indoors.<br />
<strong>* 802/11g:</strong> operates in the 2.4 GHz ISM band. Maximum transmission speed is 54Mbps and approximate wireless range is 100-200 feet indoors.</p>
<p><strong>ISM Band</strong>: The ISM (Industrial, Scientific and Medical) band, which is controlled by the FCC in the US, generally requires licensing for various spectrum use. To accommodate wireless LAN’s, the FCC has set aside bandwidth for unlicensed use including the 2.4Ghz spectrum where many WLAN products operate.</p>
<p><strong>Wi-Fi</strong>: stands for Wireless Fidelity and is used to define any of the IEEE 802.11 wireless standards. The term Wi-Fi was created by the Wireless Ethernet Compatibility Alliance (WECA). Products certified as Wi-Fi compliant are interoperable with each other even if they are made by different manufacturers.</p>
<p><!--adsense#MiddleContent--></p>
<p>Access points can support several or all of the three most popular IEEE WLAN standards including 802.11a, 802.11b and 802.11g.</p>
<p class="blueandbold">WLAN Modes:</p>
<p>WLAN has two basic modes of operation:</p>
<p><strong>* Ad-hoc mode: </strong>In this mode devices send data directly to each other without an AP.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Wireless/Wireless_Ad-hoc_mode.jpg" alt="Wireless_Ad-hoc_mode.jpg" width="245" height="160" /></p>
<p><strong>* Infrastructure mode:</strong> Connect to a wired LAN, supports two modes (service sets):</p>
<p>+ Basic Service Set (BSS): uses only a single AP to create a WLAN<br />
+ Extended Service Set (ESS): uses more than one AP to create a WLAN, allows roaming in a larger area than a single AP. Usually there is an overlapped area between two APs to support roaming. The overlapped area should be more than 10% (from 10% to 15%) to allow users moving between two APs without losing their connections (called roaming). The two adjacent APs should use non-overlapping channels to avoid interference. The most popular non-overlapping channels are channels 1, 6 and 11 (will be explained later).</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Wireless/Wireless_Infrastructure_mode.jpg" alt="Wireless_Infrastructure_mode.jpg" width="405" height="340" /></p>
<p>Roaming: The ability to use a wireless device and be able to move from one access point’s range to another without losing the connection.</p>
<p>When configuring ESS, each of the APs should be configured with the same Service Set Identifier (SSID) to support roaming function. SSID is the unique name shared among all devices on the same wireless network. In public places, SSID is set on the AP and broadcasts to all the wireless devices in range. SSIDs are case sensitive text strings and have a maximum length of 32 characters. SSID is also the minimum requirement for a WLAN to operate. In most Linksys APs (a product of Cisco), the default SSID is “linksys”.</p>
<p>In the next part we will discuss about Wireless Encoding, popular Wireless Security Standard and some sources of wireless interference.</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/wireless-tutorial/feed</wfw:commentRss>
<slash:comments>48</slash:comments>
</item>
<item>
<title>Virtual Local Area Network VLAN Tutorial</title>
<link>http://www.9tut.com/virtual-local-area-network-vlan-tutorial</link>
<comments>http://www.9tut.com/virtual-local-area-network-vlan-tutorial#comments</comments>
<pubDate>Wed, 20 Jul 2011 11:23:37 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=711</guid>
<description><![CDATA[VLAN Introduction “A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain” It is the concept of VLAN that most of the books are using but it doesn’t help us understand the benefits of VLANs. If you ask “What is a LAN?” you will receive the same answer: it is […]]]></description>
<content:encoded><![CDATA[<p><strong>VLAN Introduction</strong></p>
<p>“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain”</p>
<p>It is the concept of VLAN that most of the books are using but it doesn’t help us understand the benefits of VLANs. If you ask “What is a LAN?” you will receive the same answer: it is also a group of networking devices in the same broadcast domain!</p>
<p>To make it clearer, I expanded the above statement into a bit longer statement :)</p>
<p>“A virtual LAN (VLAN) is a group of networking devices in the same broadcast domain, logically”</p>
<p>It means that the devices in the same VLAN may be widely separated in the network, both by geography and location. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are designated for the same VLAN.</p>
<p>Let’s take an example to understand the benefits of VLAN. Suppose you are working in a big company with many departments, some of them are SALES and TECHNICAL departments. You are tasked to separate these departments so that each of them can only access specific resources in the company.</p>
<p>This task is really easy, you think. To complete this task, you just need to use different networks for these departments and use access-list to allow/deny that network to a specific resource. For example, you assign network 192.168.1.0/24 for SALES and 192.168.2.0/24 for TECH. At the “Company router” you apply an access-list to filter traffic from these networks. Below is the topology of your network without VLANs:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_need.jpg" alt="VLAN_need.jpg" width="570" height="200" /></p>
<p><!--adsense--></p>
<p><span id="more-711"></span></p>
<p>Everything looks good and you implement this design to your company. But after one month you receive many complaints from both your colleagues and leaders.</p>
<p>+ First, your department leaders need to access to additional private resources which employees are not allowed. <br />
+ Second, the company has just recruited some new SALES employees but now the SALES room is full so they have to sit at the 1st floor (in the TECH area). They want to access to SALES resources but they can only access to the TECH resources because they are connecting to TECH switch.</p>
<p>To solve the first problem maybe you will create a new and more powerful network for your leaders. But notice that each leader sits at different floor so you will need to link all of them to a switch -> what a mess!</p>
<p>The second problem is more difficult than the first one. Maybe you have to create another network at the TECH area and apply the same policy as the SALES department for these hosts -> another mess in management!</p>
<p>Maybe you will be glad to know VLAN can solve all these problems. VLAN helps you group users together according to their function rather than their physical location. This means you can use the same network for hosts in different floors (of course they can communicate with each other).</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_problem_solved.jpg" alt="VLAN_problem_solved.jpg" width="555" height="220" /></p>
<p>In this design:</p>
<p>+ you can logically create a new network with additional permissions for your leaders (LEADER network) by adding another VLAN.<br />
+ employees can sit anywhere to access the resources in their departments, provided that you allow them to do so.<br />
+ computers in the same department can communicate with each other although they are at different floors.</p>
<p><!--adsense#MiddleContent--></p>
<p>If these departments expand in the future you can still use the same network in any other floor. For example, SALES needs to have 40 more employees -> you can use 4th floor for this expansion without changing the current network.</p>
<p>But wait… maybe you recognize something strange in the above design? How can 2 computers connecting to 2 different switches communicate? If one computer sends a broadcast packet will it be flooded to other departments as switch doesn’t break up broadcast domains?<br class="spacer_" /></p>
<p>The answer is “Yes, they can!” and it is the beauty of VLAN. Hosts in the same VLAN can communicate normally even they are connecting to 2 or more different switches. This makes the management much more simple.</p>
<p>Although layer 2 switches can only break up collision domains but VLANs can be used to break up broadcast domains. So if a computer in SALES broadcasts, only computers in SALES will receive that frame.</p>
<p>So we don’t need a router, right? The answer is “we still need a router” to enable different VLANs to communicate with each other. Without a router, the computers within each VLAN can communicate with each other but not with any other computers in another VLAN. For example, we need a router to transfer file from LEADER to TECH. This is called “interVLAN routing”.</p>
<p>When using VLANs in networks that have multiple interconnected switches, you need to use <strong>VLAN trunking between the switches</strong>. With VLAN trunking, the switches tag each frame sent between switches so that the receiving switch knows which VLAN the frame belongs to. This tag is known as a VLAN ID. A VLAN ID is a number which is used to identify a VLAN.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_ID.jpg" alt="VLAN_ID.jpg" width="420" height="135" /></p>
<p>Notice that the tag is only added and removed by the switches when frames are sent out on the trunk links. Hosts don’t know about this tag because it is added on the first switch and removed on the last switch. The picture below describes the process of a frame sent from PC A to PC B.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_tag_added_removed.jpg" alt="VLAN_tag_added_removed.jpg" width="550" height="260" /></p>
<p>Note: Trunk link does not belong to a specific VLAN, rather it is a conduit for VLANs between switches and routers.</p>
<p>To allow interVLAN routing you need to configure <strong>trunking on the link between router and switch</strong>.</p>
<p>Therefore in our example we need to configure 3 links as “trunk”.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_problem_trunking.jpg" alt="VLAN_problem_trunking.jpg" width="555" height="220" /><br class="spacer_" /></p>
<p>Cisco switches support two different trunking protocols, <strong>Inter-Switch Link (ISL)</strong> and <strong>IEEE 802.1q</strong>. Cisco created ISL before the IEEE standardized trunking protocol. Because ISL is Cisco proprietary, it can be used only between two Cisco switches -> 802.1q is usually used in practical.</p>
<p>In 802.1q encapsulation, there is a concept called native VLAN that was created for backward compatibility with old devices that don’t support VLANs. Native VLAN works as follows:</p>
<p>+ Frame belonging to the native VLAN is not tagged when sent out on the trunk links<br />
+ Frame received untagged on the trunk link is set to the native VLAN.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VLAN/VLAN_native_VLAN.jpg" alt="VLAN_native_VLAN.jpg" width="550" height="260" /></p>
<p>So if an old switch doesn’t support VLAN it can still “understand” that frame and continue sending it (without dropping it).</p>
<p>Every port belongs to at least one VLAN. If a switch receives untagged frames on a trunkport, they are assumed to be part of the native vlan. By default, VLAN 1 is the default and native VLAN but this can be changed on a per port basis by configuration.</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/virtual-local-area-network-vlan-tutorial/feed</wfw:commentRss>
<slash:comments>155</slash:comments>
</item>
<item>
<title>VLAN Trunking Protocol VTP Tutorial</title>
<link>http://www.9tut.com/vlan-trunk-protocol-vtp-tutorial</link>
<comments>http://www.9tut.com/vlan-trunk-protocol-vtp-tutorial#comments</comments>
<pubDate>Sun, 10 Jul 2011 13:20:26 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=697</guid>
<description><![CDATA[This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is: “VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network” VTP minimizes misconfigurations and […]]]></description>
<content:encoded><![CDATA[<p>This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help you understand the basic concept, this is a summary of what VTP is:</p>
<p><strong>“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations to other switches in the network”</strong></p>
<p>VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the VLAN database across multiple switches.</p>
<p>VTP is a Cisco-proprietary protocol and is available on most of the Cisco switches.</p>
<p><strong>Why we need VTP?</strong></p>
<p>To answer this question, let’s discuss a real and popular network topology.</p>
<p>Suppose you are working in a medium company in a 5-floor office. You assigned each floor to a switch for easy management and of course they can be assigned to different VLANs. For example, your bosses can sit in any floor and still access Manage VLAN (VLAN 7). Your technical colleagues can sit anywhere on the floors to access Technical VLAN (VLAN 4). This is the best design because each person’s permission is not limited by the physical location.</p>
<p><br class="spacer_" /></p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VTP/VTP_building_needed.jpg" alt="VTP_building_needed.jpg" width="550" height="370" /></p>
<p><span id="more-697"></span></p>
<p><!--adsense--></p>
<p>Now let’s discuss about VTP role in this topology! Suppose VTP is not running on these switches. One day, your boss decides to add a new department to your office, the Support Department, and you are tasked to add a new SUPPORT VLAN for this department. How will you do that? Well, without VTP you have to go to each switch to enable this new VLAN. Fortunately your office only has 5 floors so you can finish this task in some hours :)</p>
<p>But just imagine if your company was bigger with 100-floor office and some VLANs needed to be added every month! Well, it will surely become a daunting task to add a new VLAN like this. Luckily, Cisco always “thinks big” to create a method for you to just sit at the “Main Sw”, adding your new VLANs and magically, other switches automatically learn about this VLAN, sweet, right? It is not a dream, it is what VTP does for you!</p>
<p><strong>How VTP Works</strong></p>
<p>To make switches exchange their VLAN information with each other, they need to be configured in the same <strong>VTP domain</strong>. Only switches belonging to the same domain share their VLAN information. When a change is made to the VLAN database, it is propagated to all switches via <strong>VTP advertisements</strong>.</p>
<p>To maintain domain consistency, only one switch should be allowed to create (or delete, modify) new VLAN. This switch is like the “master” of the whole VTP domain and it is operated in <strong>Server mode</strong>. This is also the default mode.</p>
<p>Other switches are only allowed to receive and forward updates from the “server” switch. They are operated in <strong>Client mode</strong>.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VTP/VTP_modes.jpg" alt="VTP_modes.jpg" width="460" height="210" /></p>
<p>In some cases, the network manager doesn’t want a switch to learn VTP information from other switches. He can set it to <strong>Transparent mode</strong>. In this mode, a switch maintains its own VLAN database and never learn VTP information from other switches (even the server). However, it still forwards VTP advertisements from the server to other switches (but doesn’t read that update). A transparent switch can add, delete and modify VLAN database locally.</p>
<p>Now return to the example above, we can configure any switches as the “server” but for our convenience, the “Main Sw” should be assigned this function and we should place it in a safe place.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VTP/VTP_modes_assigned.jpg" alt="VTP_modes_assigned.jpg" width="380" height="370" /></p>
<p style="text-align: left;">As said above, VTP advertisements bring VLAN information to all the switches in a VTP domain. Each VTP advertisement is sent with a <strong>Revision number</strong>. This number is used in order to determine whether the VTP advertisement is more recent than the current version of that switch. Because each time you make a VLAN change in a switch, the configuration revision is incremented by one. So the higher the revision number, the better your VTP advertisement.</p>
<p style="text-align: left;">For example, the first time the Main Sw sends a VTP advertisement, its Revision number is 1. When you add a new VLAN to the Main Sw, it will send a VTP advertisement with the Revision number of 2. Client switches first receive the VTP advertisement with the Revision number of 1, which is bigger than its current Revision number (0) so it updates its VLAN database. Next it receives the VTP advertisement with the Revision number of 2, it continues comparing with its current Revision number (1) -> it continues update its VLAN database.</p>
<p><!--adsense#MiddleContent--></p>
<p style="text-align: left;">One important thing you must know is when a switch receives a better VTP advertisement, it deletes its whole VTP information and copy the new information from the better VTP advertisement to its VLAN database. A switch does not try to compare its own VLAN database with information from the received VTP advertisements to find out and update the difference!</p>
<p style="text-align: left;">Note: VTP advertisements are sent as multicast frames and all neighbors in that domain receive the frames.</p>
<p><strong>The “show vtp status” command analysis</strong></p>
<p>The most important command to view the status of VTP on Cisco switches that each CCNA learners must grasp is the “show vtp status” command. Let’s have a look at the output of this command:</p>
<p><img src="http://www.9tut.com/images/ccna_self_study/VTP/show vtp status.jpg" alt="show vtp status.jpg " /></p>
<p>+ VTP Version: displays the VTP version the switch is running. By default, the switch runs version 1 but can be set to version 2. Within a domain, the two VTP versions are not interoperable so make sure to configure the same VTP version on every switch in a domain.<br />
+ Configuration Revision: current Revision number on this switch.<br />
+ Maximum VLANs Supported Locally: maximum number of VLANs supported locally.<br />
+ Number of Existing VLANs: Number of existing VLANs.<br />
+ VTP Operating Mode: can be server, client, or transparent.<br />
+ VTP Domain Name: name that identifies the administrative domain for the switch.</p>
<p>By default, a switch operates in VTP Server mode with a NULL (blank) domain name with no password configured (the password field is not listed in the output)</p>
<p>+ VTP Pruning Mode: displays whether pruning is enabled or disabled. We will discuss about VTP Pruning later.<br />
+ VTP V2 Mode: displays if VTP version 2 mode is enabled. VTP version 2 is disabled by default.<br />
+ VTP Traps Generation: displays whether VTP traps are sent to a network management station.<br />
+ MD5 Digest: a 16-byte checksum of the VTP configuration.<br />
+ Configuration Last Modified: date and time of the last configuration modification. Displays the IP address of the switch that caused the configuration change to the database.</p>
<p><strong>VTP Pruning</strong></p>
<p>To understand what VTP Pruning is, let’s see an example:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VTP/VTP_Pruning_example.jpg" alt="VTP_Pruning_example.jpg" width="500" height="340" /></p>
<p>When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover, that broadcast traffic also consumes processor time on Sw2. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/VTP/VTP_Pruning_Enabled.jpg" alt="VTP_Pruning_Enabled.jpg" width="500" height="340" /><br class="spacer_" /></p>
<p>VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. In the above example, Server switch doesn’t send broadcast frame to Sw2 because Sw2 doesn’t have ports in VLAN 10.</p>
<p>When a switch has a port associated with a VLAN, the switch sends an advertisement to its neighbors to inform that it has active ports on that VLAN. For example, Sw3 sends an advertisement to Server switch to inform that it has active port for VLAN 10. Sw2 has not advertised about VLAN 10 so Server switch will prune VLAN 10 on the trunk to Sw2.</p>
<p>You only need to enable pruning on one VTP server switch in the domain.</p>
<p>VTP Configuration</p>
<p><strong>Main Sw(config)#vtp version 2<br />
Main Sw(config)#vtp domain 9tut<br />
Main Sw(config)#vtp mode server<br />
Main Sw(config)#vtp password keepitsecret</strong></p>
<p>On client switches</p>
<p><strong>Client(config)#vtp version 2<br />
Client(config)#vtp domain 9tut<br />
Client(config)#vtp password keepitsecret<br />
Client(config)#vtp mode client</strong></p>
<p>Notice: Before configuring VTP make sure the links between your switches are trunk links. Your trunk link can automatically be formed if both of your switches are not 2960 or 3560 because ports on the 2960 and 3560 switches are set to dynamic auto by default. If both sides are set to dynamic auto, the link will remain in access mode. To configure trunk between these ports, use these commands:</p>
<p><strong>Client(config)#interface fa0/1</strong> (or the interface on the link you want to be trunk)<br />
<strong>Client(config-if)#switchport mode trunk</strong></p>
<p>These commands only need to be used on one of two switches to form the trunk.</p>
<p><strong>Below summaries important notes about VTP:</strong></p>
<p>+ Whenever a change occurs in the VLAN database, the VTP server increments its configuration revision number and then advertises the new revision throughout the VTP domain via VTP advertisements.<br />
+ VTP operates in one of three modes: server, transparent, or client.</p>
<p>VTP modes:</p>
<p>* Server: The default mode. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain. VTP messages are transmitted out of all the trunk connections. In Server mode we can create, modify, delete VLANs.</p>
<p>* Client: cannot make changes to the VLAN configuration when in this mode; however, a VTP client can send any VLANs currently listed in its database to other VTP switches. VTP client also forwards VTP advertisements (but cannot create VTP advertisements).</p>
<p>* Transparent: When you make a change to the VLAN configuration in this mode, the change affects only the local switch and does not propagate to other switches in the VTP domain. VTP transparent mode does forward VTP advertisements that it receives within the domain.</p>
<p>VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN.</p>
<p>For more information about VTP, I highly recommend you to visit the official tutorial about VTP published by Cisco. It is very comprehensive: <a href="http://www.cisco.com/warp/public/473/vtp_flash/" target="_blank">http://www.cisco.com/warp/public/473/vtp_flash/</a></p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/vlan-trunk-protocol-vtp-tutorial/feed</wfw:commentRss>
<slash:comments>305</slash:comments>
</item>
<item>
<title>IPv6 Tutorial</title>
<link>http://www.9tut.com/ipv6-tutorial</link>
<comments>http://www.9tut.com/ipv6-tutorial#comments</comments>
<pubDate>Fri, 24 Jun 2011 17:01:33 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=681</guid>
<description><![CDATA[Internet has been growing extremely fast so the IPv4 addresses are quickly approaching complete depletion. Although many organizations already use Network Address Translators (NATs) to map multiple private address spaces to a single public IP address but they have to face with other problems from NAT (the use of the same private address, security…). Moreover, […]]]></description>
<content:encoded><![CDATA[<p>Internet has been growing extremely fast so the IPv4 addresses are quickly approaching complete depletion. Although many organizations already use Network Address Translators (NATs) to map multiple private address spaces to a single public IP address but they have to face with other problems from NAT (the use of the same private address, security…). Moreover, many other devices than PC & laptop are requiring an IP address to go to the Internet. To solve these problems in long-term, a new version of the IP protocol – version 6 (IPv6) was created and developed.</p>
<p>IPv6 was created by the Internet Engineering Task Force (IETF), a standards body, as a replacement to IPv4 in 1998. So what happened with IPv5? IP Version 5 was defined for experimental reasons and never was deployed.</p>
<p>While IPv4 uses 32 bits to address the IP (provides approximately 2<sup>32</sup> = 4,294,967,296 unique addresses – but in fact about 3.7 billion addresses are assignable because the IPv4 addressing system separates the addresses into classes and reserves addresses for multicasting, testing, and other specific uses), IPv6 uses up to 128 bits which provides 2<sup>128</sup> addresses or approximately 3.4 * 10<sup>38</sup> addresses. Well, maybe we should say it is extremely extremely extremely huge :)</p>
<p><span id="more-681"></span></p>
<p><!--adsense--></p>
<p><strong>IPv6 Address Types</strong></p>
<table border="1">
<tbody>
<tr>
<td><strong>Address Type</strong></td>
<td><strong>Description </strong></td>
</tr>
<tr>
<td>Unicast</td>
<td>One to One (Global, Link local, Site local)<br />
+ An address destined for a single interface.</td>
</tr>
<tr>
<td>Multicast</td>
<td>One to Many<br />
+ An address for a set of interfaces<br />
+ Delivered to a group of interfaces identified by that address.<br />
+ Replaces IPv4 “broadcastâ€</td>
</tr>
<tr>
<td>Anycast</td>
<td>One to Nearest (Allocated from Unicast)<br />
+ Delivered to the closest interface as determined by the IGP</td>
</tr>
</tbody>
</table>
<p>A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)</p>
<p><strong>IPv6 address format</strong></p>
<p>Format:</p>
<p><strong>x:x:x:x:x:x:x:x</strong> – where <strong>x</strong> is a 16 bits hexadecimal field and <strong>x</strong> represents four hexadecimal digits.<br />
An example of IPv6: <strong><br />
2001:0000:5723:0000:0000:D14E:DBCA:0764</strong></p>
<p>There are:<br />
+ 8 groups of 4 hexadecimal digits. <br />
+ Each group represents 16 bits (4 hexa digits * 4 bit)<br />
+ Separator is “:†<br />
+ Hex digits are not case sensitive, so “<strong>DBCA</strong>” is same as “dbca” or “DBca”…</p>
<p>IPv6 (128-bit) address contains two parts: <br />
+ The first 64-bits is known as the prefix. The prefix includes the network and subnet address. Because addresses are allocated based on physical location, the prefix also includes global routing information. The 64-bit prefix is often referred to as the global routing prefix. <br />
+ The last 64-bits is the interface ID. This is the unique address assigned to an interface.</p>
<p>Note: Addresses are assigned to interfaces (network connections), not to the host. Each interface can have more than one IPv6 address.</p>
<p><!--adsense#MiddleContent--></p>
<p><strong>Rules for abbreviating IPv6 Addresses:</strong></p>
<p>+ Leading zeros in a field are optional</p>
<p>2001:<strong>0DA8</strong>:E800:<strong>0000</strong>:<strong>0260</strong>:3EFF:FE47:<strong>0001</strong> can be written as</p>
<p>2001:<strong>DA8</strong>:E800:<strong>0</strong>:<strong>260</strong>:3EFF:FE47:<strong>1</strong></p>
<p>+ Successive fields of 0 are represented as ::, but only once in an address:</p>
<p>2001:0DA8:E800:<strong>0000:0000:0000:0000:0001</strong> -> 2001:DA8:E800<strong>::1</strong></p>
<p>Other examples:<br />
– FF02:0:0:0:0:0:0:1 => FF02::1<br />
– 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB = 3FFE:501:8:0:260:97FF:FE40:EFAB = 3FFE:501:8::260:97FF:FE40:EFAB<br />
– 0:0:0:0:0:0:0:1 => ::1<br />
– 0:0:0:0:0:0:0:0 => ::</p>
<p><strong>IPv6 Addressing In Use</strong></p>
<p>IPv6 uses the “/†notation to denote how many bits in the IPv6 address represent the subnet.</p>
<p>The full syntax of IPv6 is</p>
<table border="1">
<tbody>
<tr>
<td><strong>ipv6-address</strong>/<strong>prefix-length</strong></td>
</tr>
</tbody>
</table>
<p>where<br />
+ <strong>ipv6-address</strong> is the 128-bit IPv6 address<br />
+ /<strong>prefix-length</strong> is a decimal value representing how many of the left most contiguous bits of the address comprise the prefix.</p>
<p>Let’s analyze an example: <br />
<span class="blueandbold">2001:C:7:ABCD</span><span class="pinkandbold">::1</span>/64 is really <br />
<span class="blueandbold">2001:000C:0007:ABCD</span>:<span class="pinkandbold">0000:0000:0000:0001</span>/64<br />
+ The first 64-bits <span class="blueandbold">2001:000C:0007:ABCD</span> is the address prefix<br />
+ The last 64-bits <span class="pinkandbold">0000:0000:0000:0001</span> is the interface ID<br />
+ /64 is the prefix length (/64 is well-known and also the prefix length in most cases)</p>
<p><!--adsense--></p>
<p>In the next part, we will understand more about each prefix of an IPv6 address.</p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/ipv6-tutorial/feed</wfw:commentRss>
<slash:comments>135</slash:comments>
</item>
<item>
<title>Rapid Spanning Tree Protocol RSTP Tutorial</title>
<link>http://www.9tut.com/rapid-spanning-tree-protocol-rstp-tutorial</link>
<comments>http://www.9tut.com/rapid-spanning-tree-protocol-rstp-tutorial#comments</comments>
<pubDate>Sun, 05 Jun 2011 15:52:58 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=623</guid>
<description><![CDATA[Note: Before reading this article you should understand how STP works. So if you are not sure about STP, please read my article about Spanning Tree Protocol tutorial first. Rapid Spanning Tree Protocol (RSTP) One big disadvantage of STP is the low convergence which is very important in switched network. To overcome this problem, in […]]]></description>
<content:encoded><![CDATA[<p>Note: Before reading this article you should understand how STP works. So if you are not sure about STP, please read my article about <a href="http://www.9tut.com/spanning-tree-protocol-stp-tutorial" target="_blank">Spanning Tree Protocol tutorial</a> first.</p>
<p>Rapid Spanning Tree Protocol (RSTP)</p>
<p>One big disadvantage of STP is the low convergence which is very important in switched network. To overcome this problem, in 2001, the IEEE with document 802.1w introduced an evolution of the Spanning Tree Protocol: Rapid Spanning Tree Protocol (RSTP), which significantly reduces the convergence time after a topology change occurs in the network. While STP can take 30 to 50 seconds to transit from a blocking state to a forwarding state, RSTP is typically able to respond less than 10 seconds of a physical link failure.</p>
<p>RSTP works by adding an alternative port and a backup port compared to STP. These ports are allowed to immediately enter the forwarding state rather than passively wait for the network to converge.</p>
<p>RSTP bridge port roles:</p>
<p><strong>* Root port</strong> – A forwarding port that is the closest to the root bridge in terms of path cost<br /> <strong>* Designated port</strong> – A forwarding port for every LAN segment<br /> <strong>* Alternate port</strong> – A best alternate path to the root bridge. This path is different than using the root port. The alternative port moves to the forwarding state if there is a failure on the designated port for the segment.<br /> <strong>* Backup port</strong> – A backup/redundant path to a segment where another bridge port already connects. The backup port applies only when a single switch has two links to the same segment (collision domain). To have two links to the same collision domain, the switch must be attached to a hub.<br /> <strong>* Disabled port</strong> – Not strictly part of STP, a network administrator can manually disable a port</p>
<p>Now let’s see an example of three switches below:</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RSTP/RSTP_port_roles_initial.jpg" alt="RSTP_port_roles_initial.jpg" width="350" height="330" /></p>
<p><span id="more-623"></span></p>
<p><!--adsense--></p>
<p>Suppose all the switches have the same bridge priority so the switch with lowest MAC address will become root bridge -> Sw1 is the root bridge and therefore all of its ports will be Designated ports (forwarding).</p>
<p>Two ports fa0/0 on Sw2 & Sw3 are closest to the root bridge (in terms of path cost) so they will become root ports.</p>
<p>On the segment between Sw2 and Sw3, because Sw2 has lower MAC than Sw3 so it will advertise better BPDU on this segment -> fa0/1 of Sw2 will be Designated port and fa0/1 of Sw3 will be Alternative port.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RSTP/RSTP_port_roles_middle.jpg" alt="RSTP_port_roles_middle.jpg" width="350" height="330" /></p>
<p>Now for the two ports connecting to the hub, we know that there will have only one Designated port for each segment (notice that the two ports fa0/2 & fa0/3 of Sw2 are on the same segment as they are connected to a hub). The other port will be Backup port according to the definition of Backup port above. But how does Sw2 select its Designated and Backup port? The decision process involves the following parameters inside the BPDU:</p>
<p>* Lowest path cost to the Root<br /> * Lowest Sender Bridge ID (BID)<br /> * Lowest Port ID</p>
<p>Well, both fa0/2 & fa0/3 of Sw2 has the same “path cost to the root” and “sender bridge ID” so the third parameter “lowest port ID” will be used. Because fa0/2 is inferior to fa0/3, Sw2 will select fa0/2 as its Designated port.</p>
<p> </p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RSTP/RSTP_port_roles.jpg" alt="RSTP_port_roles.jpg" width="350" height="330" /></p>
<p>Note: Alternative Port and Backup Port are in discarding state.</p>
<p>RSTP Port States:</p>
<p>There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into the 802.1w discarding state.</p>
<p><strong>* Discarding</strong> – the port does not forward frames, process received frames, or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state)<br /> <strong>* Learning</strong> – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP).<br /> <strong>* Forwarding</strong> – receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).</p>
<table border="1">
<tbody>
<tr>
<td><strong>STP State (802.1d)</strong></td>
<td><strong>RSTP State (802.1w)</strong></td>
</tr>
<tr>
<td>Blocking</td>
<td>Discarding</td>
</tr>
<tr>
<td>Listening</td>
<td>Discarding</td>
</tr>
<tr>
<td>Learning</td>
<td>Learning</td>
</tr>
<tr>
<td>Forwarding</td>
<td>Forwarding</td>
</tr>
<tr>
<td>Disabled</td>
<td>Discarding</td>
</tr>
</tbody>
</table>
<p>Although the learning state is also used in RSTP but it only takes place for a short time as compared to STP. RSTP converges with all ports either in forwarding state or discarding state.</p>
<p><strong>RSTP Quick Summary:</strong></p>
<p>RSTP provides faster convergence than 802.1D STP when topology changes occur.<br /> * RSTP defines three port states: discarding, learning, and forwarding.<br /> * RSTP defines five port roles: root, designated, alternate, backup, and disabled.</p>
<p>Note: RSTP is backward compatible with legacy STP 802.1D. If a RSTP enabled port receives a (legacy) 802.1d BPDU, it will automatically configure itself to behave like a legacy port. It sends and receives 802.1d BPDUs only.</p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/rapid-spanning-tree-protocol-rstp-tutorial/feed</wfw:commentRss>
<slash:comments>83</slash:comments>
</item>
<item>
<title>Spanning Tree Protocol STP Tutorial – Premium Tutorial</title>
<link>http://www.9tut.com/spanning-tree-protocol-stp-tutorial</link>
<comments>http://www.9tut.com/spanning-tree-protocol-stp-tutorial#comments</comments>
<pubDate>Wed, 01 Jun 2011 09:54:13 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=611</guid>
<description><![CDATA[To provide for fault tolerance, many networks implement redundant paths between devices using multiple switches. However, providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. This condition is known as a bridging loop. (Note: the terms bridge, switch are used interchangeably when discussing STP) To prevent bridging loops, the […]]]></description>
<content:encoded><![CDATA[<p>To provide for fault tolerance, many networks implement redundant paths between devices using multiple switches. However, providing redundant paths between segments causes packets to be passed between the redundant paths endlessly. This condition is known as a bridging loop.</p>
<p>(Note: the terms bridge, switch are used interchangeably when discussing STP)</p>
<p>To prevent bridging loops, the IEEE 802.1d committee defined a standard called the spanning tree algorithm (STA), or spanning tree protocol (STP). Spanning-Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an Ethernet network to function properly, only one active path can exist between two stations.</p>
<p><strong> </strong> Let’s see a situation when there is no loop-avoidance process in operation. Suppose you have two switches connected with redundant links. One switch connected to PC A and the other switch connected to PC B.</p>
<p>Now PC A wants to talk to PC B. It then sends a broadcast, say an Address Resolution Protocol (ARP) to find out where the location of PC B, the green arrow shows a broadcast frame sent by PC A.</p>
<p>When the switch A receives a broadcast frame, it forwards that frame to all ports except the port where it receives the request -> SwA forwards that ARP frame out of fa0/0 and fa0/1 ports.</p>
<p style="text-align: center;"><img alt="STP_broadcast_storm.jpg" src="http://www.9tut.com/images/ccna_self_study/STP/STP_broadcast_storm.jpg" width="460" height="110" /></p>
<p><span id="more-611"></span></p>
Please <a href="http://www.9tut.com/member/signup">Register</a> or <a href="http://www.9tut.com/member/login">Login</a> to read the rest of this tutorial.
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/spanning-tree-protocol-stp-tutorial/feed</wfw:commentRss>
<slash:comments>105</slash:comments>
</item>
<item>
<title>Network Address Translation NAT Tutorial</title>
<link>http://www.9tut.com/network-address-translation-nat-tutorial</link>
<comments>http://www.9tut.com/network-address-translation-nat-tutorial#comments</comments>
<pubDate>Sun, 22 May 2011 12:04:25 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=511</guid>
<description><![CDATA[To go to the Internet we need to get an public IP address and it is unique all over the world. If each host in the world required a unique public IP address, we would have run out of IP address years ago. But by using Network Address Translation (NAT) we can save tons of […]]]></description>
<content:encoded><![CDATA[<p>To go to the Internet we need to get an public IP address and it is unique all over the world. If each host in the world required a unique public IP address, we would have run out of IP address years ago. But by using Network Address Translation (NAT) we can save tons of IP addresses for later uses. We can understand NAT like this:</p>
<p>“NAT allows a host that does not have a valid registered IP address to communicate with other hosts through the Internet”</p>
<p>For example your computer is assigned a private IP address of 10.0.0.9 and of course this address can not be routed on the internet but you can still access the internet. This is because your router (or modem) translates this address into a public IP address, 123.12.23.1 for example, before routing your data into the internet.</p>
<p style="text-align: center;"><img alt="NAT_Basic.jpg" src="http://www.9tut.com/images/ccna_self_study/NAT/NAT_Basic.jpg" width="330" height="140" /></p>
<p><span id="more-511"></span></p>
<p><!--adsense--></p>
<p>Of course when your router receives a reply packet destined for 123.12.23.1 it will convert back to your private IP 10.0.0.9 before sending that packet to you.</p>
<p>Maybe you will ask “hey, I don’t see any difference of using NAT to save tons of IP addresses because you still need a public IP address for each host to access the Internet and it doesn’t save you anything, why you need to use NAT?”</p>
<p>Ok, you are right :), in the above example we don’t see its usefulness but you now understand the fundamental of NAT!</p>
<p>Let’s take another example!</p>
<p>Suppose your company has 500 employees but your Internet Service Provider (ISP) only gives you 50 public IP addresses. It means that you can only allow 50 hosts to access the internet at the same time. Here NAT comes to save your life!</p>
<p>One thing you should notice that in real life, not all of your employees uses internet at the same time. Say, maybe 50 of them use internet to read newspaper at the morning; 50 others use internet at noon for checking mail… By using NAT you can dynamically assign these 50 public IP addresses to those who really need them at that time. This is called <strong>dynamic NAT</strong>.</p>
<p>But the above NAT solution does not solve our problem completely because in some days there can be more than 50 people surfing web at the morning. In this case, only the first 50 people can access internet, others must wait to their turns.</p>
<p>Another problem is, in fact, your ISP only gives you much lesser IP addresses than the number 50 because each public IP is very precious now.</p>
<p>To solve the two problems above, another feature of NAT can be used: <strong>NAT Overload</strong> or sometimes called <strong>Port Address Translation</strong> (PAT)</p>
<p>PAT permits multiple devices on a local area network (LAN) to be mapped to a single public IP address with different port numbers. Therefore, it’s also known as port address translation (PAT). When using PAT, the router maintains unique source port numbers on the<strong> inside global</strong> IP address to distinguish between translations. In the below example, each host is assigned to the same public IP address 123.1.1.1 1 but with different port numbers (from 1000 to 1002).</p>
<p style="text-align: center;"><img alt="PAT_Basic.jpg" src="http://www.9tut.com/images/ccna_self_study/NAT/PAT_Basic.jpg" width="380" height="240" /></p>
<p>Note: Cisco uses the term <strong>inside local</strong> for the private IP addresses and <strong>inside global</strong> for the public IP addresses replaced by the router.</p>
<p>The outside host IP address can also be changed with NAT. The <strong>outside global</strong> address represents the outside host with a public IP address that can be used for routing in the public Internet.</p>
<p>The last term, <strong>outside local</strong> address, is a private address of an external device as it is referred to by devices on its local network. You can understand outside local address as the inside local address of the external device which lies at the other end of the Internet.</p>
<p>Maybe you will ask how many ports can we use for each IP? Well, because the port number ï¬eld has 16 bits, PAT can support about 2<sup>16</sup> ports, which is more than 64,000 connections using one public IP address.</p>
<p>Now you has learned all the most useful features of NAT but we should summary all features of NAT:</p>
<p>There are two types of NAT translation: dynamic and static.</p>
<p><strong>Static NAT</strong>: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network.</p>
<p><strong>Dynamic NAT:</strong> Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.</p>
<p><strong>PAT (NAT Overloading):</strong> is also a kind of dynamic NAT that maps multiple private IP addresses to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT both require a one-to-one mapping from the inside local to the inside global address. By using PAT, you can have thousands of users connect to the Internet using only one real global IP address. PAT is the technology that helps us not run out of public IP address on the Internet. This is the most popular type of NAT.</p>
<p>Besides NAT gives you the option to advertise only a single address for your entire network to the outside world. Doing this effectively hides the internal network from the public world really well, giving you some additional security for your network.</p>
<p>NAT terms:</p>
<p><strong>* Inside local address</strong> – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. <br />
<strong>* Inside global address</strong> – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. <br />
<strong>* Outside local address</strong> – The IP address of an outside host as it is known to the hosts on the inside network. <br />
<strong>* Outside global address</strong> – The IP address assigned to a host on the outside network. The owner of the host assigns this address.</p>
<p><img class="aligncenter" alt="NAT_terms_explained.jpg" src="http://www.9tut.com/images/ccna_self_study/NAT/NAT_terms_explained.jpg" width="418" height="136" /></p>
<p>To learn how to configure NAT please read my <a href="http://www.9tut.com/configure-nat-gns3-lab" target="_blank">Configure NAT GNS3 Lab tutorial</a></p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/network-address-translation-nat-tutorial/feed</wfw:commentRss>
<slash:comments>130</slash:comments>
</item>
<item>
<title>Access List Tutorial</title>
<link>http://www.9tut.com/access-list-tutorial</link>
<comments>http://www.9tut.com/access-list-tutorial#comments</comments>
<pubDate>Sun, 13 Feb 2011 14:52:41 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=458</guid>
<description><![CDATA[In this tutorial we will learn about access list. Access control lists (ACLs) provide a means to filter packets by allowing a user to permit or deny IP packets from crossing specified interfaces. Just imagine you come to a fair and see the guardian checking tickets. He only allows people with suitable tickets to enter. […]]]></description>
<content:encoded><![CDATA[<p>In this tutorial we will learn about access list.</p>
<p>Access control lists (ACLs) provide a means to filter packets by allowing a user to permit or deny IP packets from crossing specified interfaces. Just imagine you come to a fair and see the guardian checking tickets. He only allows people with suitable tickets to enter. Well, an access list’s function is same as that guardian.</p>
<p>Access lists filter network traffic by controlling whether packets are forwarded or blocked at the router’s interfaces based on the criteria you specified within the access list.</p>
<p>To use ACLs, the system administrator must first configure ACLs and then apply them to specific interfaces. There are 3 popular types of ACL: Standard, Extended and Named ACLs.</p>
<p><span id="more-458"></span></p>
<p><!--adsense--></p>
<p class="blueandbold">Standard IP Access List</p>
<p>Standard IP lists (1-99) only check source addresses of all IP packets.</p>
<p><strong>Configuration Syntax</strong></p>
<table border="1">
<tbody>
<tr>
<td><strong>access-list</strong> <em>access-list-number</em> {permit | deny} <em>source</em> {source-mask}</td>
</tr>
</tbody>
</table>
<p>Apply ACL to an interface</p>
<table border="1">
<tbody>
<tr>
<td><strong>ip access-group</strong> <em>access-list-number</em> {in | out}</td>
</tr>
</tbody>
</table>
<p>Example of Standard IP Access List</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Access_list/Standard_ACL_Example1.jpg" alt="Standard_ACL_Example1.jpg" width="370" height="230" /></p>
<p>Configuration:</p>
<p>In this example we will define a standard access list that will only allow network 10.0.0.0/8 to access the server (located on the Fa0/1 interface)</p>
<p class="codesnippet"><strong>Define which source is allowed to pass:</strong></p>
<p>Router(config)#<span class="pinkandbold">access-list 1 permit 10.0.0.0 0.255.255.255</span></p>
<p>(there is always an implicit deny all other traffic at the end of each ACL so we don’t need to define forbidden traffic)</p>
<p class="codesnippet"><strong>Apply this ACL to an interface:</strong></p>
<p>Router(config)#<span class="pinkandbold">interface Fa0/1</span></p>
<p>Router(config-if)#<span class="pinkandbold">ip access-group 1 out</span></p>
<p>The ACL 1 is applied to permit only packets from 10.0.0.0/8 to go out of Fa0/1 interface while deny all other traffic. So can we apply this ACL to other interface, Fa0/2 for example? Well we can but shouldn’t do it because users can access to the server from other interface (s0 interface, for example). So we can understand why an standard access list should be applied close to the destination.</p>
<p>Note: The “0.255.255.255″ is the wildcard mask part of network “10.0.0.0″. We will learn how to use wildcard mask later.</p>
<p class="blueandbold">Extended IP Access List</p>
<p>Extended IP lists (100-199) check both source and destination addresses, specific UDP/TCP/IP protocols, and destination ports.</p>
<p><strong>Configuration Syntax</strong></p>
<table border="1">
<tbody>
<tr>
<td><strong>access-list</strong> <em>access-list-number</em> {permit | deny} <em>protocol</em> source {source-mask} destination {destination-mask} [eq destination-port]</td>
</tr>
</tbody>
</table>
<p>Example of Extended IP Access List</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/Access_list/Extended_ACL_Example1.jpg" alt="Extended_ACL_Example1.jpg" width="370" height="230" /></p>
<p>In this example we will create an extended ACL that will deny FTP traffic from network 10.0.0.0/8 but allow other traffic to go through.</p>
<p>Note: FTP uses TCP on port 20 & 21.</p>
<p class="codesnippet"><strong>Define which protocol, source, destination and port are denied:</strong></p>
<p>Router(config)#<span class="pinkandbold">access-list 101 deny tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 21</span></p>
<p>Router(config)#<span class="pinkandbold">access-list 101 deny tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 20</span></p>
<p>Router(config)#<span class="pinkandbold">access-list 101 permit ip any any</span></p>
<p class="codesnippet"><strong>Apply this ACL to an interface:</strong></p>
<p>Router(config)#<span class="pinkandbold">interface Fa0/1</span></p>
<p>Router(config-if)#<span class="pinkandbold">ip access-group 101 out</span></p>
<p>Notice that we have to explicit allow other traffic (access-list 101 permit ip any any) as there is an “deny all” command at the end of each ACL.</p>
<p>As we can see, the destination of above access list is “187.100.1.6 0.0.0.0″ which specifies a host. We can use “host 187.100.1.6″ instead. We will discuss wildcard mask later.</p>
<p>In summary, below is the range of standard and extended access list</p>
<table border="1">
<tbody>
<tr>
<td><strong>Access list type</strong></td>
<td><strong>Range</strong></td>
</tr>
<tr>
<td>Standard</td>
<td>1-99, 1300-1999</td>
</tr>
<tr>
<td>Extended</td>
<td>100-199, 2000-2699</td>
</tr>
</tbody>
</table>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/access-list-tutorial/feed</wfw:commentRss>
<slash:comments>378</slash:comments>
</item>
<item>
<title>RIP Tutorial</title>
<link>http://www.9tut.com/rip-routing-protocol-tutorial</link>
<comments>http://www.9tut.com/rip-routing-protocol-tutorial#comments</comments>
<pubDate>Thu, 03 Feb 2011 12:15:35 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=443</guid>
<description><![CDATA[In this tutorial we will learn about RIP routing protocol Routing Information Protocol (RIP) is a distance-vector routing protocol. RIP sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count (the number of routers) to determine the best way to a remote network. Note: RIP v1 is […]]]></description>
<content:encoded><![CDATA[<p>In this tutorial we will learn about RIP routing protocol</p>
<p>Routing Information Protocol (RIP) is a distance-vector routing protocol. RIP sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count (the number of routers) to determine the best way to a remote network.</p>
<p>Note: RIP v1 is a classful routing protocol but RIP v2 is a classless routing protocol.</p>
<p>Classful routing protocols do not include the subnet mask with the network address in routing updates, which can cause problems with discontiguous subnets or networks that use Variable-Length Subnet Masking (VLSM). Fortunately, RIPv2 is a classless routing protocol so subnet masks are included in the routing updates, making RIPv2 more compatible with modern routing environments.</p>
<p>Distance vector protocols advertise routing information by sending messages, called routing updates, out the interfaces on a router</p>
<p><span id="more-443"></span>Key points:</p>
<p><!--adsense--></p>
<p>+ RIP uses hop counts to calculate optimal routes (a hop is a router). <br />
+ RIP routing is limited to 15 hops to any location (16 hops indicates the network is unreachable). <br />
+ RIP uses the split horizon with poison reverse method to prevent the count-to-infinity problem. <br />
+ RIP uses only classful routing, so it uses full address classes, not subnets. <br />
+ RIP broadcasts updates to the entire network. <br />
+ RIP can maintain up to six multiple paths to each network, but only if the cost is the same. <br />
+ RIP supports load balancing over same-cost paths. <br />
+ The update interval default is 30, the invalid timer default is 180, the holddown timer default is 180, and the flush timer default is 240.</p>
<p><br class="spacer_" /></p>
<p>A big problem with distance vector routing protocol is routing loop</p>
<p>A common problem that could occur with routing protocol is that a routing loop. Let’s take a look at how a routing loop occurs.</p>
<p>——————–</p>
<p>Here we have routers A, B and C. Notice that at the beginning (when a routing protocol is not turned on) there are only directly connected networks in the routing tables of these routers. For example, in the routing table of router A, <strong>network 1.0.0.0</strong> has already been known because it is directly connected through <strong>interface E0</strong> and the <strong>metric</strong> (of a directly connected network) is <strong>0</strong> (these 3 parameters are shown in the routing tables below).</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Initial.jpg" alt="RIP_Distance_Vector_Protocol_Initial.jpg" width="485" height="164" /></p>
<p>Also B knows networks <strong>2.0.0.0</strong> & <strong>3.0.0.0</strong> with a <strong>metric of 0</strong>.<br />
Also C knows networks <strong>3.0.0.0</strong> & <strong>4.0.0.0</strong> with a <strong>metric of 0</strong>.</p>
<p><br class="spacer_" /></p>
<p>Now we turn on RIP on these routers (we will discuss the configuration later. In the rest of this article, we will call network 1.0.0.0 network 1, 2.0.0.0 network 2 and so on).</p>
<p>RIP sends update every 30 seconds so after 30 sec goes by, A sends a copy of its routing table to B, B already knew about network 2 but now B learns about network 1 as well. Notice the metric we have here for directly connected networks, since we’re using RIP, we’re using a metric of hop count. Remember a hop count (or a hop) is how many routers that these packets will have to go through to reach the destination. For example, from router A to network 1 & 2 (which are directly connected) it goes to 0 hop, router B has now learned about network 1 from A via E0 interface so the metric now will be 1 hop.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_First_Update.jpg" alt="RIP_Distance_Vector_Protocol_First_Update.jpg" width="485" height="310" /></p>
<p>Each router receives a routing table from its direct neighbor. For example, Router B receives information from Router A about network 1 and 2. It then adds a distance vector metric (such as the number of hops), increasing the distance vector of these routes by 1.</p>
<p>B also exchanges its routing table with A about network 2 and 3.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Second_Update.jpg" alt="RIP_Distance_Vector_Protocol_Second_Update.jpg" width="485" height="310" /></p>
<p>B then passes the routing table to its other neighbor, Router C.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Third_Update.jpg" alt="RIP_Distance_Vector_Protocol_Third_Update.jpg" width="485" height="330" /></p>
<p style="text-align: left;">C also sends its update to B and B sends it to A.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Four_Update.jpg" alt="RIP_Distance_Vector_Protocol_Four_Update.jpg" width="485" height="330" /></p>
<p style="text-align: left;">Now the network is converged.</p>
<p style="text-align: left;">Now let’s assume network 4 down suddenly.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Network_Down.jpg" alt="RIP_Distance_Vector_Protocol_Network_Down.jpg" width="485" height="210" /></p>
<p>When network 4 fails, Router C detects the failure and stops routing packets out its E1 interface. However, Routers A and B have not yet received notification of the failure. Router A still believes it can access 4.0.0.0 through Router B. The routing table of Router A still refects a path to network 10.4.0.0 with a distance of 2 and router B has a path with a distance of 1.</p>
<p>There will be no problem if C sends an update earlier than B and inform that network is currently down but if B sends its update first, C will see B has a path to network 4 with a metric of 1 so it updates its routing table, thinking that “if B can go to network 4 by 1 hop than I can go to network 4 by 2 hops” but of course this is totally wrong.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Network_Down_2.jpg" alt="RIP_Distance_Vector_Protocol_Network_Down_2.jpg" width="485" height="240" /></p>
<p>The problem does not stop here. In turn, C sends an update to B and informs it can access network 4 by 2 hops. B learns this and think “if C can access network 4 by 2 hops than I can access by 3 hops”.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/RIP/RIP_Distance_Vector_Protocol_Network_Down_3.jpg" alt="RIP_Distance_Vector_Protocol_Network_Down_3.jpg" width="485" height="240" /></p>
<p>This same process occurs when B continually sends its update to C and the metric will increase to infinity so this phenomenon is called “counting to infinity”.</p>
<p>Below lists some methods to prevent this phenomenon:</p>
<p><strong>SPLIT HORIZON:</strong><br />
A router never sends information about a route back in same direction which is original information came, routers keep track of where the information about a route came from. Means when router A sends update to router B about any failure network, router B does not send any update for same network to router A in same direction.</p>
<p><strong>ROUTE POISONING:</strong><br />
Router consider route advertised with an infinitive metric to have failed ( metric=16) instead of marking it down. For example, when network 4 goes down, router C starts route poisoning by advertising the metric (hop count) of this network as 16, which indicates an unreachable network.</p>
<p><strong>POISON REVERSE:</strong></p>
<p>The poison reverse rule overwrites split horizon rule. For example, if router B receives a route poisoning of network 4 from router C then router B will send an update back to router C (which breaks the split horizon rule) with the same poisoned hop count of 16. This ensures all the routers in the domain receive the poisoned route update.</p>
<p>Notice that every router performs poison reverse when learning about a downed network. In the above example, router A also performs poison reverse when learning about the downed network from B.</p>
<p><strong>HOLD DOWN TIMERS:</strong></p>
<p>After hearing a route poisoning, router starts a hold-down timer for that route. If it gets an update with a better metric than the originally recorded metric within the hold-down timer period, the hold-down timer is removed and data can be sent to that network. Also within the hold-down timer, if an update is received from a different router than the one who performed route poisoning with an equal or poorer metric, that update is ignored. During the hold-down timer, the “downed” route appears as “possibly down” in the routing table.</p>
<p>For example, in the above example, when B receives a route poisoning update from C, it marks network 4 as “possibly down” in its routing table and starts the hold-down timer for network 4. In this period if it receives an update from C informing that the network 4 is recovered then B will accept that information, remove the hold-down timer and allow data to go to that network. But if B receives an update from A informing that it can reach network by 1 (or more) hop, that update will be ignored and the hold-down timer keeps counting.</p>
<p>Note: The default hold-down timer value = 180 second.</p>
<p><strong>TRIGGERED UPDATE :</strong><br />
When any route failed in network ,do not wait for the next periodic update instead send an immediate update listing the poison route.</p>
<p><strong>COUNTING TO INFINITY:</strong><br />
Maximum count 15 hops after it will not be reachable.</p>
<p><strong>Configuring RIP</strong></p>
<table border="1">
<tbody>
<tr>
<td>Router(config)#router rip</td>
<td>Enter router RIP configuration mode</td>
</tr>
<tr>
<td>Router(config-router)#network <em><address></em></td>
<td>Identify networks that will participate in the router protocol. Notice that you identify networks, and not interfaces.</td>
</tr>
</tbody>
</table>
<p>NOTE: You need to advertise only the classful network number, not a subnet:<br />
Router(config-router)#network 172.16.0.0<br />
not<br />
Router(config-router)#network 172.16.10.0</p>
<p>If you advertise a subnet, you will not receive an error message, because the router will automatically convert the subnet to the classful network address.</p>
<p>To learn more about configuring RIP, please read my <a href="http://www.9tut.com/configuring-rip-gns3-lab" target="_blank">Configuring RIP GNS3 Lab tutorial</a></p>
<p><!--adsense--></p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/rip-routing-protocol-tutorial/feed</wfw:commentRss>
<slash:comments>109</slash:comments>
</item>
<item>
<title>EIGRP Tutorial</title>
<link>http://www.9tut.com/eigrp-routing-protocol-tutorial</link>
<comments>http://www.9tut.com/eigrp-routing-protocol-tutorial#comments</comments>
<pubDate>Fri, 03 Dec 2010 02:27:03 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=380</guid>
<description><![CDATA[In this article we will mention about the EIGRP protocol. In the past, Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol but from March-2013 Cisco opens up EIGRP as an open standard in order to help companies operate in a multi-vendor environment. EIGRP is a classless routing protocol, meaning that it sends […]]]></description>
<content:encoded><![CDATA[<p>In this article we will mention about the EIGRP protocol.</p>
<p>In the past, Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietary routing protocol but from March-2013 Cisco opens up EIGRP as an open standard in order to help companies operate in a multi-vendor environment. EIGRP is a classless routing protocol, meaning that it sends the subnet mask of its interfaces in routing updates, which use a complex metric based on bandwidth and delay.</p>
<p>EIGRP is referred to as a <strong>hybrid routing protocol</strong> because it has the characteristics of both distance-vector and link-state protocols but now Cisco refers it as an advanced distance vector protocol.</p>
<p>Notice: the term “hybrid” is misleading because EIGRP is not a hybrid between distance vector and link-state routing protocols. It is a distance vector routing protocol with enhanced features.</p>
<p>EIGRP is a powerful routing protocol and it is really standout from its ancestor IGRP. The main features are listed below:</p>
<p>+ Support <strong>VLSM and discontiguous networks</strong><br />
+ <strong>Use Reliable Transport Protocol</strong> (RTP) to delivery and reception of EIGRP packets<br />
+ Use the best path selection <strong>Diffusing Update Algorithm (DUAL)</strong>, guaranteeing loop-free paths and backup paths throughout the routing domain<br />
+ <strong>Discover neighboring devices using periodic Hello messages</strong> to discover and monitor connection status with its neighbors<br />
+ Exchange the full routing table at startup and send <strong>partial* triggered updates</strong> thereafter (not full updates like distance-vector protocols) and the triggered updates are only sent to routers that need the information. This behavior is different from the link-state protocol in which an update will be sent to all the link-state routers within that area. For example, EIGRP will send updates when a new link comes up or a link becoming unavailable<br />
+ <strong>Supports multiple protocols</strong>: EIGRP can exchange routes for IPv4, IPv6, AppleTalk and IPX/SPX networks<br />
+ <strong>Load balancing</strong>: EIGRP supports unequal metric load balancing, which allows administrators to better distribute traffic flow in their networks.</p>
<p>* Notice: The term “partial” means that the update only includes information about the route changes.</p>
<p><span id="more-380"></span></p>
<p><!--adsense--></p>
<p>EIGRP use metrics composed of bandwidth, delay, reliability, and load. By default, EIGRP uses only bandwidth and delay.</p>
<p>EIGRP use five types of packets to communicate:</p>
<p>+ <strong>Hello:</strong> used to identify neighbors. They are sent as periodic multicasts<br />
+ <strong>Update:</strong> used to advertise routes, only sent as multicasts when something is changed<br />
+ <strong>Ack:</strong> acknowledges receipt of an update. In fact, Ack is Hello packet without data. It is always unicast and uses UDP.<br />
+ <strong>Query:</strong> used to find alternate paths when all paths to a destination have failed<br />
+ <strong>Reply:</strong> is sent in response to query packets to instruct the originator not to recompute the route because feasible successors exist. Reply packets are always unicast to the originator of the query</p>
<p>EIGRP sends every Query and Reply message using RTP, so every message is acknowledged using an EIGRP ACK message.</p>
<p><strong>EIGRP Route Discovery</strong></p>
<p>Suppose that our network has 2 routers and they are configured to use EIGRP. Let’s see what will happen when they are turned on.</p>
<p>Firstly, the router will try to establish a neighboring relationships by sending “Hello” packets to others running EIGRP. The destination IP address is 224.0.0.10 which is the multicast address of EIGRP. By this way, other routers running EIGRP will receive and proceed these multicast packets. These packets are sent over TCP.</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery.jpg" width="340" height="230" border="0" /></p>
<p>After hearing “Hello” from R1, R2 will respond with another “Hello” packet.</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery_2.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery_2.jpg" width="340" height="230" border="0" /></p>
<p style="text-align: left;">R2 will also send its routing table to R1 by “Update” packets. Remember that R2 will send its complete routing table for the first time.</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery_3.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery_3.jpg" width="340" height="230" border="0" /></p>
<p>R1 confirms it has received the Update packet by an “ACK” message.</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery_4.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery_4.jpg" width="340" height="230" border="0" /></p>
<p>R1 will also send to R2 all of its routing table for the first time</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery_5.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery_5.jpg" width="340" height="230" border="0" /></p>
<p style="text-align: left;">R2 sends a message saying it has received R1′s routing table.</p>
<p style="text-align: center;"><img alt="EIGRP_initial_route_discovery_6.jpg" src="http://www.9tut.com/images/ccna_self_study/EIGRP/EIGRP_initial_route_discovery_6.jpg" width="340" height="230" border="0" /></p>
<p>Now both R1 & R2 learn all the paths of the neighbor and the <strong>network is converged</strong>. But there are some notices you should know:<br />
+ After the network converged, “Hello” messages will still be sent to indicate that the it is still alive.<br />
+ When something in the network changes, routers will only send partial updates to routers which need that information.<br />
+ Hellos are sent as periodic multicasts and are not acknowledged directly.<br />
+ The first hellos are used to build a list of neighbors; thereafter, hellos indicate that the neighbor is still alive</p>
<p>To become a neighbor, the following conditions must be met:<br />
+ The router must hear a Hello packet from a neighbor. <br />
+ The EIGRP autonomous system must be the same.<br />
+ K-values must be the same.</p>
<p>EIGRP builds and maintains three tables: <br />
+ Neighbor table: lists directly connected routers running EIGRP with which this router has an adjacency<br />
+ Topology table: lists all routes learned from each EIGRP neighbor<br />
+ Routing table: lists all best routes from the EIGRP topology table and other routing processes</p>
<p><strong>Configuring EIGRP </strong></p>
<table border="1">
<tbody>
<tr>
<td valign="top">Router(config)#<strong>router eigrp 1</strong></td>
<td>
<p>Syntax: <strong>router eigrp <AS number><br />
</strong></p>
<p>Turn on the EIGRP process</p>
<p>1 is the Autonomous System (AS) number. It can be from 1 to 65535.</p>
<p>All routers in the same network must use the same AS number.</p>
</td>
</tr>
<tr>
<td>Router(config-router)#<strong>network 192.168.1.0 </strong></td>
<td>
<p>Router will turn on EIGRP 1 process on all the interfaces belonging to 192.168.1.0/24 network.</p>
</td>
</tr>
</tbody>
</table>
<p>In the next part we will learn about the Feasible Distance & Administrative Distance of EIGRP</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/eigrp-routing-protocol-tutorial/feed</wfw:commentRss>
<slash:comments>234</slash:comments>
</item>
<item>
<title>OSPF Tutorial</title>
<link>http://www.9tut.com/ospf-routing-protocol-tutorial</link>
<comments>http://www.9tut.com/ospf-routing-protocol-tutorial#comments</comments>
<pubDate>Fri, 03 Dec 2010 02:16:30 +0000</pubDate>
<dc:creator><![CDATA[9tutq]]></dc:creator>
<category><![CDATA[CCNA Knowledge]]></category>
<guid isPermaLink="false">http://www.9tut.com/?p=374</guid>
<description><![CDATA[In this article we will learn about the OSPF Routing Protocol Open-Shortest-Path-First (OSPF) is the most widely used interior gateway protocol routing protocol on the world because it is a public (non-proprietary) routing protocol while its biggest rival, EIGRP, is a Cisco proprietary protocol so other vendors can’t use it (edit: EIGRP has become a […]]]></description>
<content:encoded><![CDATA[<p>In this article we will learn about the OSPF Routing Protocol</p>
<p>Open-Shortest-Path-First (OSPF) is the most widely used interior gateway protocol routing protocol on the world because it is a public (non-proprietary) routing protocol while its biggest rival, EIGRP, is a Cisco proprietary protocol so other vendors can’t use it (edit: EIGRP has become a public routing protocol since 2013). OSPF is a complex link-state routing protocol. Link-state routing protocols generate routing updates only when a change occurs in the network topology. When a link changes state, the device that detected the change creates a link-state advertisement (LSA) concerning that link and sends to all neighboring devices using a special multicast address. Each routing device takes a copy of the LSA, updates its link-state database (LSDB), and forwards the LSA to all neighboring devices.</p>
<p>Note:</p>
<p>+ OSPF routers use LSA (Link State Advertisement)to describe its link state. LSDB stores all LSAs.</p>
<p>+ A router uses Router LSA to describe its interface IP addresses.</p>
<p>+ After OSPF is started on a router, it creates LSDB that contains one entry: this router’s Router LSA.</p>
<p>There are five types of OSPF Link-State Packets (LSPs).</p>
<p style="text-align: center;"><img style="border: 0px none currentColor;" src="http://www.9tut.com/images/ccna_self_study/OSPF/OSPF_example.jpg" alt="OSPF_example.jpg" width="440" height="300" /></p>
<p><span id="more-374"></span></p>
<p><!--adsense--></p>
<p>+ <strong>Hello</strong>: are used to establish and maintain adjacency with other OSPF routers. They are also used to elect the Designated Router (DR) and Backup Designated Router (BDR) on multiaccess networks (like Ethernet or Frame Relay).</p>
<p>+ <strong>Database Description</strong> (DBD or DD): contains an abbreviated list of the sending router’s link-state database and is used by receiving routers to check against the local link-state database</p>
<p>+ <strong>Link-State Request</strong> (LSR): used by receiving routers to request more information about any entry in the DBD</p>
<p>+ <strong>Link-State Update</strong> (LSU): used to reply to LSRs as well as to announce new information. LSUs contain seven different types of Link-State Advertisements (LSAs)</p>
<p>+ <strong>Link-State Acknowledgement</strong> (LSAck): sent to confirm receipt of an LSU message</p>
<p> </p>
<p>Key points</p>
<p>+ Is a public (non-proprietary) routing protocol.</p>
<p>+ Is the only link-state routing protocol you learn in CCNA</p>
<p>+ This works by using the Dijkstra algorithm</p>
<p>+ Information about its neighbors (local connectivity) is sent to the entire network using multicasting</p>
<p>+ Routing information is shared through Link-state updates (LSAs)</p>
<p>+ HELLO messages are used to maintain adjacent neighbors. By default, OSPF routers send Hello packets every 10 seconds on multiaccess and point-to-point segments and every 30 seconds on non-broadcast multiaccess (NBMA) segments (like Frame Relay, X.25, ATM).</p>
<p>+ Is a classless routing protocol because it does not assume the default subnet masks are used. It sends the subnet mask in the routing update.</p>
<p>+ Supports VLSM and route summarization</p>
<p>+ Uses COST as a metric which CISCO defines as the inverse of the bandwidth</p>
<p>+ Uses AREAs to subdivide large networks, providing a hierarchical structure and limit the multicast LSAs within routers of the same area — Area 0 is called <strong>backbone area</strong> and all other areas connect directly to it. All OSPF networks must have a backbone area</p>
<p>+ Only support IP but it’s not bad as we are all using IP, right? :)</p>
<p>Area Border Routers (ABR) are any routers that have one interface in one area and another interface in another area</p>
<p>Let’s see an example of OSPF</p>
<p>Suppose OSPF has just been enabled on R1 & R2. Both R1 and R2 are very eager to discover if they have any neighbors nearby but before sending Hello messages they must first choose an OSPF router identifier (router-id) to tell their neighbors who they are. The Router ID (RID) is an IP address used to identify the router and is chosen using the following sequence:</p>
<p>+ The highest IP address assigned to a loopback (logical) interface.</p>
<p>+ If a loopback interface is not defined, the highest IP address of all active router’s physical interfaces will be chosen.</p>
<p>+ The router ID can be manually assigned</p>
<p>In this example, suppose R1 has 2 loopback interfaces & 2 physical interfaces:</p>
<p>+ Loopback 0: 10.0.0.1</p>
<p>+ Loopback 1: 12.0.0.1</p>
<p>+ Fa0/0: 192.168.1.1</p>
<p>+ Fa0/1: 200.200.200.1</p>
<p>As said above, the loopback interfaces are preferred to physical interfaces (because they are never down) so the highest IP address of the loopback interfaces is chosen as the router-id -> Loopback 1 IP address is chosen as the router-id.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSPF/OSPF_choose_router_id.jpg" alt="OSPF_choose_router_id.jpg" width="340" height="280" border="0" /></p>
<p>Suppose R1 doesn’t have any loopback interfaces but it has 2 physical interfaces:</p>
<p>+ Fa0/0: 210.0.0.1 but it is shut down</p>
<p>+ Fa0/1: 192.168.1.2 (is active)</p>
<p>Although Fa0/0 has higher IP address but it is shutdown so R1 will choose Fa0/1 as its router-id.</p>
<p style="text-align: center;"><img src="http://www.9tut.com/images/ccna_self_study/OSPF/OSPF_choose_router_id_2.jpg" alt="OSPF_choose_router_id_2.jpg" width="340" height="230" border="0" /></p>
<p>Now both the routers have the router-id so they will send Hello packets on all OSPF-enabled interfaces to determine if there are any neighbors on those links. The information in the OSPF Hello includes the OSPF Router ID of the router sending the Hello packet.</p>
<p><!--adsense--></p>
<p>
]]></content:encoded>
<wfw:commentRss>http://www.9tut.com/ospf-routing-protocol-tutorial/feed</wfw:commentRss>
<slash:comments>190</slash:comments>
</item>
</channel>
</rss>