MODULE 1:BASIC DEVICE CONFIGURATION

First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU
subsystem. It tests the CPU, DRAM. Next, the switch loads the boot loader software, that It initializes
the CPU registers, which control where physical memory is mapped, the quantity of memory, and its
speed., initializes the flash file system and locates and loads a default IOS operating system software
image into memory and gives control of the switch over to the IOS.

The switch attempts to automatically boot by using information in the BOOT environment variable.
The IOS operating system then initializes the interfaces with the startup-config file.(=config.text and
is located in flash). Use the command show boot to see what the current IOS boot file is set to.

LEDs

System LED= Shows whether the system is receiving power and is functioning properly. If the LED is
off, it means the system is not powered on. If the LED is green, the system is operating normally. If
the LED is amber, the system is receiving power but is not functioning properly.

Redundant Power System (RPS) LED=Shows the RPS status. If the LED is off, the RPS is off, or it is not
properly connected. If the LED is green, the RPS is connected and ready to provide backup power. If
the LED is blinking green, the RPS is connected but is unavailable because it is providing power to
another device. If the LED is amber, the RPS is in standby mode, or in a fault condition. If the LED is
blinking amber, the internal power supply in the switch has failed, and the RPS is providing power.

Port Status LED=Indicates that the port status mode is selected when the LED is green. This is the
default mode. When selected, the port LEDs will display colors with different meanings. If the LED is
off, there is no link, or the port was administratively shut down. If the LED is green, a link is present.
If the LED is blinking green, there is activity and the port is sending or receiving data. If the LED is
alternating green-amber, there is a link fault. If the LED is amber, the port is blocked to ensure that a
loop does not exist in the forwarding domain and is not forwarding data (typically, ports will remain
in this state for the first 30 seconds after being activated). If the LED is blinking amber, the port is
blocked to prevent a possible loop in the forwarding domain.

Port Duplex LED=Indicates that the port duplex mode is selected when the LED is green. When
selected, port LEDs that are off are in half-duplex mode. If the port LED is green, the port is in full-
duplex mode.

Port Speed LED=Indicates that the port speed mode is selected. When selected, the port LEDs will
display colors with different meanings. If the LED is off, the port is operating at 10 Mbps. If the LED is
green, the port is operating at 100 Mbps. If the LED is blinking green, the port is operating at 1000
Mbps.

Power over Ethernet (PoE) Mode LED= If PoE is supported, a PoE mode LED will be present. If the
LED is off, it indicates the PoE mode is not selected and that none of the ports have been denied
power or placed in a fault condition. If the LED is blinking amber, the PoE mode is not selected but at
least one of the ports has been denied power or has a PoE fault.. If the port LED is alternating green-
amber, PoE is denied because providing power to the powered device will exceed the switch power
capacity. If the LED is blinking amber, PoE is off because of a fault. If the LED is amber, PoE for the
port has been disabled.

The boot loader has a command-line that provides access to the files stored in flash memory. The
boot loader can be accessed through a console connection following these steps :

Step 2. Unplug the switch power cord. Step 3. Reconnect the power cord to the switch and, within
15 seconds, press and hold down the Mode button while the System LED is still flashing green. Step
4. Continue pressing the Mode button until the System LED turns briefly amber and then solid green;
then release the Mode button. Step 5. The boot loader switch: prompt appears in the terminal
emulation software on the PC. By default, the switch attempts to automatically boot up by using
information in the BOOT environment variable. To view the path of the switch BOOT environment
variable type the set command. Then, initialize the flash file system using the flash_init command to
view the current files in flash. enter the dir flash: command to view the directories and files in flash,
as shown in the output. Enter the BOOT=flash command to change the BOOT environment variable
path the switch uses to load the new IOS in flash.

The boot loader commands support initializing flash, formatting flash, installing a new IOS, changing
the BOOT environment variable and recovery of lost or forgotten passwords.

The SVI for VLAN 99 will not appear as “up/up” until VLAN 99 is created and there is a device
connected to a switch port associated with VLAN 99.

Full-duplex is also known as bidirectional communication and it requires microsegmentation(switch

port has only one device connected)

With auto-MDIX enabled, either type of cable can be used to connect to other devices, and the
interface automatically adjusts to communicate successfully.

The first parameter (FastEthernet0/18 is up) refers to the hardware layer and indicates whether the
interface is receiving a carrier detect signal. The second parameter (line protocol is up) refers to the
data link layer and indicates whether the data link layer protocol keepalives are being received

Runts=frames discarded bc they are smaller than the minimum size frame(Giants=the opposite)

“Input errors” is the sum of all errors in datagrams that were received on the interface being
examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored counts

“Output errors” is the sum of all errors that prevented the final transmission of datagrams out the
interface that is being examined. The reported output errors from the show interfaces command
include the following: Collisions and .Late collisions (= occurs after 512 bits of the frame have been
transmitted. Excessive cable lengths are the most common cause of late collisions. Another common
cause is duplex misconfiguration.)

An IOS filename that includes the combination “k9” supports cryptographic (encrypted) features and
capabilities

Section=R1# show running-config | section line vty, include/exclude=show ip interface brief |

include up, begin=show ip route | begin Gateway
MODULE 2: SWITCHING CONCEPTS

Ingress = the port where a frame enters the device.

Egress = the port that frames will use when leaving the device.

The MAC address table is stored in content addressable memory (CAM) which is a special type of
memory used in high-speed searching applications. By default, most Ethernet switches keep an entry
in the table for five minutes

Switches make Layer 2 forwarding decisions very quickly. This is because of software on application-
specific-integrated circuits (ASICs). ASICs reduce the frame-handling time within the device and allow
the device to manage an increased number of frames without degrading performance

Store-and-forward switching:

Error checking = After receiving the entire frame on the ingress port, the switch compares the frame
check sequence (FCS) value in the last field of the datagram against its own FCS calculations

Automatic buffering = The ingress port buffering process used by store-and-forward switches
provides the flexibility to support any mix of Ethernet speeds. For example, handling an incoming
frame traveling into a 100 Mbps Ethernet port that must be sent out a 1 Gbps interface would
require using the store-and-forward method.

The cut-through switching method may forward invalid frames because no FCS check is performed.
However, cut-through switching has the ability to perform rapid frame switching

Characteristics of switches that alleviate network congestion include the following:

Fast port speeds=most access layer switches support 100 Mbps and 1 Gbps port speeds. Distribution
layer switches support 100 Mbps, 1 Gbps, and 10 Gbps port speeds and core layer and data center
switches may support 100 Gbps, 40 Gbps, and 10 Gbps port speeds

Fast internal switching =Switches use a fast internal bus or shared memory to provide high
performance.

Large frame buffers= Switches use large memory buffers to temporarily store more received frames
before having to start dropping them. This enables ingress traffic from a faster port (e.g., 1 Gbps) to
be forwarded to a slower (e.g., 100 Mbps) egress port without losing frames.

High port density - A high port density switch lowers overall costs because it reduces the number of
switches required. For instance, if 96 access ports were required, it would be less expensive to buy
two 48-port switches instead of four 24-port switches

Full-duplex communication allows both ends to transmit and receive simultaneously, offering 100
percent efficiency in both directions for a 200 percent potential use of stated bandwidth

A switch creates many smaller collision domains, and a hub increases the size of a single collision
domain
MODULE 3:VLANS

Virtual LANs (VLANs) provide segmentation and organizational flexibility in a switched network. A
VLAN creates a logical broadcast domain that can span multiple physical LAN segments. Each switch
port can be assigned to only one VLAN (except for a port connected to an IP phone or to another
switch)

all switch ports are on VLAN 1 unless it is explicitly configured to be on another VLAN. The
management VLAN is VLAN 1 by default. VLAN 1 cannot be renamed or deleted.

native VLAN should be set different than data vlan because it should be used to carry uncommon
untagged frames to avoid bandwidth contention on data VLANs.

Data VLANs are VLANs configured to separate user-generated traffic. They are referred to as user
VLANs. voice and network management traffic should not be permitted on data VLANs.

User traffic from a VLAN must be tagged with its VLAN ID when it is sent to another switch.
Specifically, an 802.1Q trunk port inserts a 4-byte tag in the Ethernet frame header to identify the
VLAN to which the frame belongs. The 802.1Q trunk port places untagged traffic on the native VLAN

A management VLAN is a data VLAN configured specifically for network management traffic
including SSH, Telnet, HTTPS, HTTP, and SNMP.

A separate VLAN is needed to support Voice over IP (VoIP). VoIP traffic requires the following:
Assured bandwidth to ensure voice quality, Transmission priority over other types of network traffic,
Ability to be routed around congested areas on the network, Delay of less than 150 ms across the
network

A trunk is a point-to-point link between two network devices that carries more than one VLAN.
When VLANs are implemented on a switch, the transmission of unicast, multicast, and broadcast
traffic from a host in a particular VLAN are restricted to the devices that are in that VLAN.

VLAN tag control information field consists of

Type = A 2-byte value called the tag protocol ID (TPID) value. For Ethernet, it is set to hexadecimal
0x8100.

User priority = A 3-bit value that supports level or service implementation.

Canonical Format Identifier (CFI) = A 1-bit identifier that enables Token Ring frames to be carried
across Ethernet links.

VLAN ID (VID) = A 12-bit VLAN identification number that supports up to 4096 VLAN IDs.

Management frames that are sent between switches is an example of traffic that is typically
untagged. If the link between two switches is a trunk, the switch sends the untagged traffic on the
native VLAN. If an 802.1Q trunk port receives a tagged frame with the VLAN ID that is the same as
the native VLAN, it drops the frame.
A Cisco IP phone connects directly to a switch port. Voice VLAN traffic must be tagged with an
appropriate Layer 2 class of service (CoS) priority value, Access VLAN traffic can also be tagged with a
Layer 2 CoS priority value, Access VLAN is not tagged

normal range VLANs:

They are used in all small- and medium-sized business and enterprise networks.

They are identified by a VLAN ID between 1 and 1005.

IDs 1002 through 1005 are reserved for legacy network technologies (i.e., Token Ring and Fiber
Distributed Data Interface).

IDs 1 and 1002 to 1005 are automatically created and cannot be removed.

Configurations are stored in the switch flash memory in a VLAN database file called vlan.dat.

extended range VLANs:

They are used by service providers to service multiple customers and by global enterprises large
enough to need extended range VLAN IDs.

They are identified by a VLAN ID between 1006 and 4094.

Configurations are saved, by default, in the running configuration.

They support fewer VLAN features than normal range VLANs.

Requires VTP transparent mode configuration to support extended range VLANs.

Trunk negotiation is managed by DTP, which operates on a point-to-point basis only, between
network devices. DTP manages trunk negotiation only if the port on the neighbor switch is
configured in a trunk mode that supports DTP.

Dynamic auto= makes the interfaces ablse to convert the link in the trunk mode if the neighbouring
interface is set to desirable or trunk mode

Dynamic Desirable= makes the interface convert in trunk mode if the neighbouring interface is set to
trunk, desirable or auto mode
MODULE 4: INTER-VLAN ROUTING

inter-VLAN routing options:

Legacy Inter=VLAN routing - This is a legacy solution. It does not scale well. using a router with
multiple Ethernet interfaces. Each router interface was connected to a switch port in different
VLANs. The router interfaces served as the default gateways to the local hosts on the VLAN subnet. It
is not reasonably scalable because routers have a limited number of physical interfaces. Requiring
one physical router interface per VLAN quickly exhausts the physical interface capacity of a router.
With legacy inter-VLAN routing methods, the switch ports that connect to the router should be
configured as access mode and be assigned appropriate VLANs

Router-on-a-Stick =This is an acceptable solution for a small to medium-sized network.

Layer 3 switch using switched virtual interfaces (SVIs) =This is the most scalable solution for medium
to large organizations.

The ‘router-on-a-stick’ inter-VLAN routing method overcomes the limitation of the legacy inter-VLAN
routing method. It only requires one physical Ethernet interface to route traffic between multiple
VLANs on a network.

The ‘router-on-a-stick’ inter-VLAN routing method. A Cisco IOS router Ethernet interface is
configured as an 802.1Q trunk and connected to a trunk port on a Layer 2 switch. The configured
subinterfaces are software-based virtual interfaces. Each is associated with a single physical Ethernet
interface. Each subinterface is independently configured with an IP address and VLAN assignment.
The router-on-a-stick method of inter-VLAN routing does not scale beyond 50 VLANs.

The modern method of performing inter-VLAN routing is to use Layer 3 switches and switched
virtual interfaces (SVI). An SVI is a virtual interface that is configured on a Layer 3 switch, as shown in
the figure.

The following are advantages of using Layer 3 switches for inter-VLAN routing:

There is no need for external links from the switch to the router for routing.

They are not limited to one link because Layer 2 EtherChannels can be used as trunk links between
the switches to increase bandwidth.

Latency is much lower because data does not need to leave the switch in order to be routed to a
different network.

They more commonly deployed in a campus LAN than routers.

Layer 3 switches use hardware-based switching to achieve higher-packet processing rates than
routers. when you delete a VLAN, any ports assigned to that VLAN become inactive.

When a Layer 2 interface on a multilayer switch is configured with the no switchport command, it
becomes a routed port. Multilayer switches can perform inter-VLAN routing by the use of internal
VLAN interfaces
MODULE 5: STP CONCEPTS

Spanning Tree Protocol (STP) is a loop-prevention network protocol that allows for redundancy while
creating a loop-free Layer 2 topology. IEEE 802.1D is the original IEEE MAC Bridging standard for STP.

A Layer 2 loop can result in MAC address table instability, link saturation, and high CPU utilization on
switches and end-devices, resulting in the network becoming unusable.. Both IPv4 and IPv6 include a
mechanism that limits the number of times a Layer 3 networking device can retransmit a packet. A
router will decrement the TTL (Time to Live) in every IPv4 packet, and the Hop Limit field in every
IPv6 packet.

A broadcast storm is an abnormally high number of broadcasts overwhelming the network during a
specific amount of time. Layer 2 multicasts are typically forwarded the same way as a broadcast by
the switch. So, although IPv6 packets are never forwarded as a Layer 2 broadcast, ICMPv6 Neighbor
Discovery uses Layer 2 multicasts.

The spanning tree algorithm begins by selecting a single root bridge. Then Each switch will
determine a single, least cost path from itself to the root bridge.

The physical paths still exist to provide redundancy, but these paths are disabled to prevent the
loops from occurring. If the path is ever needed to compensate for a network cable or switch failure,
STP recalculates the paths and unblocks the necessary ports to allow the redundant path to become
active. STP recalculations can also occur any time a new switch or new inter-switch link is added to
the network.

During STA and STP functions, switches use Bridge Protocol Data Units (BPDUs) to share information
about themselves and their connections. BPDUs are used to elect the root bridge, root ports,
designated ports, and alternate ports. Each BPDU contains a bridge ID (BID) that identifies which
switch sent the BPDU. As shown in the figure, the BID contains a priority value, an extended system
ID, and the MAC address of the switch. The lowest BID value is determined by the combination of
these three fields.

The default priority value for all Cisco switches is the decimal value 32768. The range is 0 to 61440 in
increments of 4096. A lower bridge priority is preferable. A bridge priority of 0 takes precedence
over all other bridge priorities. The extended system ID allows later implementations of STP to have
different root bridges for different sets of VLANs. This can allow for redundant, non-forwarding links
in a STP topology for one set of VLANs to be used by a different set of VLANs using a different root
bridge. When two switches are configured with the same priority and have the same extended
system ID, the switch having the MAC address with the lowest value, expressed in hexadecimal, will
have the lower BID.

All switches in the broadcast domain participate in the election process. After a switch boots, it
begins to send out BPDU frames every two seconds. These BPDU frames contain the BID of the
sending switch and the BID of the root bridge, known as the Root ID.

The path information, known as the internal root path cost, is determined by the sum of all the
individual port costs along the path from the switch to the root bridge. The BPDU includes the root
path cost. The default port costs are defined by the speed at which the port operates.
The root port is the port closest to the root bridge in terms of overall cost (best path) to the root
bridge. Paths with the lowest cost become preferred, and all other redundant paths are blocked.
Every segment between two switches will have one designated port. has the best path to receive
traffic leading to the root bridge. What is not a root port or a designated port becomes an alternate
or blocked port.

All ports on the root bridge are designated ports. If one end of a segment is a root port, then the
other end is a designated port. All switch ports with end devices (hosts) attached are designated
ports.

This leaves only segments between two switches where neither of the switches is the root bridge. In
this case, the port on the switch with the least-cost path to the root bridge is the designated port for
the segment.

When a switch has multiple equal-cost paths to the root bridge, the switch will determine a port
using the following criteria: Lowest sender BID, Lowest sender port priority, Lowest sender port ID

STP convergence requires three timers, as follows:

Hello Timer =The hello time is the interval between BPDUs. The default is 2 seconds but can be
modified to between 1 and 10 seconds.

Forward Delay Timer =The forward delay is the time that is spent in the listening and learning state.
The default is 15 seconds but can be modified to between 4 and 30 seconds.

Max Age Timer =The max age is the maximum length of time that a switch waits before attempting
to change the STP topology. The default is 20 seconds but be modified to between 6 and 40 seconds.

If a switch port transitions directly from the blocking state to the forwarding state without
information about the full topology during the transition, the port can temporarily create a data
loop. For this reason, STP has five ports states

Disabled= A port in Disabled state does not process BPDUs or forward user traffic.

Listening=This is a transitional state. In Listening state, spanning tree calculation starts. The port can
send and receive BPDUs, but does not forward user traffic.

Learning=This is a transitional state. In Learning state, a loop-free MAC address forwarding table is
established. The port does not forward user traffic.

Forwarding=A port in Forwarding state can forward user traffic and process BPDUs. Only the root
port and designated port can enter the Forwarding state.

Blocking=A port in Blocking state receives and processes only BPDUs, and does not forward user
traffic.

In Per-VLAN Spanning Tree (PVST) versions of STP, there is a root bridge elected for each spanning
tree instance. This makes it possible to have different root bridges for different sets of VLANs.
when the original Spanning Tree Protocol is the context of a discussion, the phrase “original 802.1D
spanning tree” is used to avoid confusion

(PVST+) = It is a spanning tree standard developed by Cisco for its devices which finds the root bridge
per VLAN. It is a Cisco default version of STP.

Rapid PVST

RSTP(802.1w)-faster

802.1s (Multiple Spanning Tree) :=This standard is developed by IEEE in which grouping of VLANs is
done and for each single group, RSTP is run. This is basically a Spanning Tree Protocol running over
another Spanning Tree Protocol.

RSTP (IEEE 802.1w) supersedes the original 802.1D while retaining backward compatibility. If a port
is configured to be an alternate port it can immediately change to a forwarding state without waiting
for the network to converge. The 802.1D disabled, blocking, and listening states are merged into a
unique 802.1w discarding state. However, there are two RSTP port roles that correspond to the
blocking state of STP. In STP, a blocked port is defined as not being the designated or root port. RSTP
has two port roles for this purpose. the alternate port has an alternate path to the root bridge. The
backup port is a backup to a shared medium, such as a hub

When a device is connected to a switch port or when a switch powers up, the switch port goes
through both the listening and learning states, each time waiting for the Forward Delay timer to
expire. This delay is 15 seconds for each state, listening and learning, for a total of 30 seconds. This
delay can present a problem for DHCP clients trying to discover a DHCP server. DHCP messages from
the connected host will not be forwarded for the 30 seconds of Forward Delay timers and the DHCP
process may timeout. The result is that an IPv4 client will not receive a valid IPv4 address.

When a switch port is configured with PortFast, that port transitions from blocking to forwarding
state immediately, bypassing the usual 802.1D STP transition states (the listening and learning
states) and avoiding a 30 second delay. PortFast is only for use on switch ports that connect to end
devices. When enabled, BPDU guard immediately puts the switch port in an errdisabled (error-
disabled) state on receipt of any BPDU. This protects against potential loops by effectively shutting
down the port.
MODULE 6: ETHERCHANNEL

EtherChannel is a link aggregation technology that groups multiple physical Ethernet links together
into one single logical link. It is used to provide fault-tolerance, load sharing, increased bandwidth,
and redundancy between switches, routers, and servers. EtherChannel configuration of one logical
interface ensures configuration consistency across the physical links in the EtherChannel.

EtherChannel technology has many advantages, including the following:

Most configuration tasks can be done on the EtherChannel interface instead of on each individual
port, ensuring configuration consistency throughout the links.

EtherChannel relies on existing switch ports. There is no need to upgrade the link to a faster and
more expensive connection to have more bandwidth.

Load balancing takes place between links that are part of the same EtherChannel. These methods
include source MAC and destination MAC load balancing, or source IP and destination IP load
balancing, across the physical links.

EtherChannel provides redundancy. the loss of one physical link within the channel does not create a
change in the topology

It has certain implementation restrictions, including the following:

Interface types cannot be mixed. For example, Fast Ethernet and Gigabit Ethernet cannot be mixed
within a single EtherChannel.

Currently each EtherChannel can consist of up to eight compatibly-configured Ethernet ports.

EtherChannel provides full-duplex bandwidth up to 800 Mbps (Fast EtherChannel) or 8 Gbps (Gigabit
EtherChannel) between one switch and another switch or host.

The Cisco Catalyst 2960 Layer 2 switch currently supports up to six EtherChannels.

The individual EtherChannel group member port configuration must be consistent on both devices.

EtherChannels can be formed through negotiation using one of two protocols, Port Aggregation
Protocol (PAgP) or Link Aggregation Control Protocol (LACP).

PAgP (pronounced “Pag - P”) is a Cisco-proprietary protocol that aids in the automatic creation of
EtherChannel links. PAgP packets are sent every 30 seconds. The modes for PAgP as follows:

On= This mode forces the interface to channel without PAgP. Interfaces configured in the on mode
do not exchange PAgP packets.

PAgP desirable =This PAgP mode places an interface in an active negotiating state in which the
interface initiates negotiations with other interfaces by sending PAgP packets.

PAgP auto =This PAgP mode places an interface in a passive negotiating state in which the interface
responds to the PAgP packets that it receives but does not initiate PAgP negotiation.
The on mode manually places the interface in an EtherChannel, without any negotiation. It works
only if the other side is also set to on. If the other side is set to negotiate parameters through PAgP,
no EtherChannel forms,

LACP is part of an IEEE specification (802.3ad) that allows several physical ports to be bundled to
form a single logical channel. The modes for LACP are as follows:

On = This mode forces the interface to channel without LACP. Interfaces configured in the on mode
do not exchange LACP packets.

LACP active = This LACP mode places a port in an active negotiating state. In this state, the port
initiates negotiations with other ports by sending LACP packets.

LACP passive = This LACP mode places a port in a passive negotiating state. In this state, the port
responds to the LACP packets that it receives but does not initiate LACP packet negotiation.
MODULE 7: DHCPV4

Dynamic Host Configuration Protocol v4 (DHCPv4) assigns IPv4 addresses and other network
configuration information dynamically. A dedicated DHCPv4 server is scalable and relatively easy to
manage. However, in a small branch or SOHO location, a Cisco router can be configured to provide
DHCPv4 services without the need for a dedicated server. The DHCPv4 service is enabled by default.

The DHCPv4 server dynamically assigns, or leases, an IPv4 address from a pool of addresses for a
limited period of time chosen by the server, or until the client no longer needs the address. When
the lease expires, the client must ask for another address, although the client is typically reassigned
the same address.

DHCPv4 works in a client/server mode.When the client boots (or otherwise wants to join a network),
it begins a four-step process to obtain a lease:

DHCP Discover (DHCPDISCOVER)= The client starts the process using a broadcast DHCPDISCOVER
message with its own MAC address to discover available DHCPv4 servers. Because the client has no
valid IPv4 information at bootup, it uses Layer 2 and Layer 3 broadcast addresses to communicate
with the server.

DHCP Offer (DHCPOFFER)= When the DHCPv4 server receives a DHCPDISCOVER message, it reserves
an available IPv4 address to lease to the client. The server also creates an ARP entry consisting of the
MAC address of the requesting client and the leased IPv4 address of the client.

DHCP Request (DHCPREQUEST)= When the client receives the DHCPOFFER from the server, it sends
back a DHCPREQUEST message. This message is used for both lease origination and lease renewal.
When used for lease origination, the DHCPREQUEST serves as a binding acceptance notice to the
selected server for the parameters it has offered and an implicit decline to any other servers that
may have provided the client a binding offer. The DHCPREQUEST message is sent in the form of a
broadcast to inform this DHCPv4 server and any other DHCPv4 servers about the accepted offer.

DHCP Acknowledgment (DHCPACK)= On receiving the DHCPREQUEST message, the server may verify
the lease information with an ICMP ping to that address to ensure it is not being used already, it will
create a new ARP entry for the client lease, and reply with a DHCPACK message. The DHCPACK
message is a duplicate of the DHCPOFFER, except for a change in the message type field.

Before the lease expires, the client sends a DHCPREQUEST message directly to the DHCPv4 server
that originally offered the IPv4 address. If a DHCPACK is not received within a specified amount of
time, the client broadcasts another DHCPREQUEST so that one of the other DHCPv4 servers can
extend the lease.

Step 1. Exclude IPv4 Addresses=The router functioning as the DHCPv4 server assigns all IPv4
addresses in a DHCPv4 address pool unless it is configured to exclude specific addresses. Excluded
addresses should be those addresses that are assigned to routers, servers, printers, and other
devices that have been, or will be, manually configured.

Step 2. Define a DHCPv4 Pool Name

Step 3. Configure the DHCPv4 Pool

Network clients are not typically on the same subnet as those servers. R1 must be configured to
relay DHCPv4 messages to the DHCPv4 server. the network administrator attempts to renew the
IPv4 addressing information with the ipconfig /renew command. Another advantage is It can provide
relay services for multiple UDP services.

There are scenarios where you might have access to a DHCP server through your ISP. In these
instances, you can configure a Cisco IOS router as a DHCPv4 client. However, in its simplest
configuration, the Ethernet interface is used to connect to a cable or DSL modem.

Home routers are typically already set to receive IPv4 addressing information automatically from the
ISP. the internet connection type is set to Automatic Configuration - DHCP. This selection is used
when the router is connected to a DSL or cable modem and acts as a DHCPv4 client, requesting an
IPv4 address from the ISP

When a Windows PC cannot communicate with an IPv4 DHCP server, the computer automatically
assigns an IP address in the 169.254.0.0/16 range.
MODULE 8: SLAAC AND DHCPV6

Host operating systems will at times show a link-local address appended with a "%" and a number.
This is known as a Zone ID or Scope ID. It is used by the OS to associate the LLA with a specific
interface. The IPv6 GUA can be assigned dynamically using stateless and stateful services

SLAAC uses ICMPv6 RA messages to provide addressing and other configuration information that
would normally be provided by a DHCP server. RA messages are sent by an IPv6 router every 200
seconds.

The default gateway address is the source IPv6 address of the RA message, which is the LLA for R1.
The default gateway can only be obtained automatically from the RA message. A DHCPv6 server
does not provide this information.

When a client is configured to obtain its addressing information automatically, it sends an RS

message to the IPv6 all-routers multicast address of ff02::2

SLAAC is a stateless process; therefore, a host has the option to verify that a newly created IPv6
address is unique before it can be used. The Duplicate Address Detection (DAD) process is used by a
host to ensure that the IPv6 GUA is unique. DAD is implemented using ICMPv6. To perform DAD, the
host sends an ICMPv6 Neighbor Solicitation (NS) message with a specially constructed multicast
address, called a solicited-node multicast address. This address duplicates the last 24 bits of IPv6
address of the host. If no other devices respond with a NA message, then the address is virtually
guaranteed to be unique and can be used by the host.

DHCPv6 is defined in RFC 3315. The host begins the DHCPv6 client/server communications after
stateless DHCPv6 or stateful DHCPv6 is indicated in the RA. Server to client DHCPv6 messages use
UDP destination port 546 while client to server DHCPv6 messages use UDP destination port 547.

The steps for DHCPv6 operations are as follows:

The host sends an RS message.

The router responds with an RA message.

The host sends a DHCPv6 SOLICIT message.= to the reserved IPv6 multicast all-DHCPv6-servers
address of ff02::2. This multicast address has link-local scope, which means routers do not forward
the messages to other networks.

The DHCPv6 server responds with an ADVERTISE message= informs the DHCPv6 client that the
server is available for DHCPv6 service.

The host responds to the DHCPv6 server.= depends on whether it is using stateful or stateless
DHCPv6:
Stateless DHCPv6 client - The client creates an IPv6 address using the prefix in the RA message and a
self-generated Interface ID. The client then sends a DHCPv6 INFORMATION-REQUEST message to the
DHCPv6 server requesting additional configuration parameters (e.g., DNS server address).

Stateful DHCPv6 client - The client sends a DHCPv6 REQUEST message to the DHCPv6 server to
obtain all necessary IPv6 configuration parameters.

The DHCPv6 server sends a REPLY message.

The stateless DHCPv6 server is only providing information that is identical for all devices on the
network such as the IPv6 address of a DNS server. Stateless DHCPv6 is enabled on a router interface
using the ipv6 nd other-config-flag interface configuration command.

The DHCPv6 pool has to be bound to the interface. The router responds to stateless DHCPv6
requests on this interface with the information contained in the pool. The O flag needs to be
manually changed from 0 to 1

A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server, such as a
router functioning as a DHCPv6 server.
MODULE 9: FHRP CONCEPTS

One way to prevent a single point of failure at the default gateway is to implement a virtual router.
To implement this type of router redundancy, multiple routers are configured to work together to
present the illusion of a single router. The ability of a network to dynamically recover from the
failure of a device acting as a default gateway is known as first-hop redundancy.

The IPv4 address of the virtual router is configured as the default gateway for the workstations on a
specific IPv4 segment. When frames are sent from host devices to the default gateway, the hosts use
ARP to resolve the MAC address that is associated with the IPv4 address of the default gateway. The
ARP resolution returns the MAC address of the virtual router. Frames that are sent to the MAC
address of the virtual router can then be physically processed by the currently active router within
the virtual router group

These are the steps that take place when the active router fails:

The standby router stops seeing Hello messages from the forwarding router.

The standby router assumes the role of the forwarding router.

Because the new forwarding router assumes both the IPv4 and MAC addresses of the virtual router,
the host devices see no disruption in service.

The table lists all the options available for FHRPs.

HSRP( Hot Standby Router Protocol) =is a Cisco-proprietary router redundancy protocol that enables
a cluster of routers to cooperate, and all routers are willing to be a default router. All the routers
within the cluster will have the same virtual IP address and virtual mac address. If the active router
goes offline, router failover will occur. These changes will not affect the hosts. The host keeps the
same IP address and MAC address setting

VRRP(Virtual Router Redundancy Protocol,)=is a vendor-neutral redundancy protocol that groups a

cluster of physical routers (two or more routers) to produce a new single virtual router. It enables
redundancy by assigning the same virtual gateway IP address and MAC address on all physical
routers within the VRRP group. The only difference is that preemption is enabled by default on
VRRP, while on HSRP, it needs to be configured manually. Master Router– It is the current default
gateway of all the hosts and Backup Router – The backup router will take the role of the master
router

Gateway Load Balancing Protocol is a bit different. With GLBP, routers within the group are allowed
to do load balancing. To put it simply, all the traffic that is transmitted to the default gateway IP
address will be load-balanced one at a time or in a round-robin manner among the routers within
the group. GLBP has the same state as HSRP, which is called active and standby
IRDP(ICMP router discovery protocol)=legacy fhrp solution. It enables ipv4 hosts to locate routers
that provide ipv4 connectivity to other networks

HSRP is used in a group of routers for selecting an active device and a standby device. In a group of
device interfaces, the active device is the device that is used for routing packets; the standby device
is the device that takes over when the active device fails, or when pre-set conditions are met. The
function of the HSRP standby router is to monitor the operational status of the HSRP group and to
quickly assume packet-forwarding responsibility if the active router fails.

By default, the router with the numerically highest IPv4 address is elected as the active router.

HSRP priority can be used to determine the active router. The router with the highest HSRP priority
will become the active router. By default, the HSRP priority is 100. The range of the HSRP priority is 0
to 255.

By default, after a router becomes the active router, it will remain the active router even if another
router comes online with a higher HSRP priority. To force a new HSRP election process to take place
when a higher priority router comes online, preemption must be enabled using the standby preempt
interface command.

With preemption disabled, the router that boots up first will become the active router if there are no
other routers online during the election process.

The table summarizes the HSRP states.

Initial=This is the beginning state. It indicates HSRP is not running. It happens when the configuration
changes or the interface is first turned on

Learn=The router has not determined the virtual IP address and has not yet seen an authenticated
hello message from the active router. In this state, the router still waits to hear from the active
router.

Listen=The router knows both IP and MAC address of the virtual router but it is not the active or
standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or
standby state will remain in listen state.

Speak=The router sends periodic HSRP hellos and participates in the election of the active or standby
router.

Standby=In this state, the router monitors hellos from the active router and it will take the active
state when the current active router fails (no packets heard from active router)

Active=The router forwards packets that are sent to the HSRP group. The router also sends periodic
hello messages

The active and standby HSRP routers send hello packets to the HSRP group multicast address every 3
seconds by default. The standby router will become active if it does not receive a hello message from
the active router after 10 seconds.
MODULE 10: LAN SECURITY CONCEPTS

A VPN-enabled router provides a secure connection to remote users across a public network and
into the enterprise network. VPN services can be integrated into the firewall.

An NGFW provides stateful packet inspection, application visibility and control, a next-generation
intrusion prevention system (NGIPS), advanced malware protection (AMP), and URL filtering.

A NAC device includes authentication, authorization, and accounting (AAA) services. The Cisco
Identity Services Engine (ISE) is an example of a NAC device.

Endpoints are particularly susceptible to malware-related attacks that originate through email or
web browsing. today endpoints are best protected by a combination of NAC, host-based AMP
software, an email security appliance (ESA), and a web security appliance (WSA). Advanced Malware
Protection (AMP) products include endpoint solutions such as Cisco AMP for Endpoints.

a phishing attack entices the user to click a link or open an attachment. 95% of all attacks on
enterprise networks are the result of a successful spear phishing attack.

The Cisco ESA is a device that is designed to monitor (SMTP). The Cisco ESA is constantly updated by
real-time feeds from the Cisco Talos, which detects and correlates threats and solutions by using a
worldwide database monitoring system. This threat intelligence data is pulled by the Cisco ESA every
three to five minutes. These are some of the functions of the Cisco ESA:

Block known threats.

Remediate against stealth malware that evaded initial detection.

Discard emails with bad links (as shown in the figure).

Block access to newly infected sites.

Encrypt content in outgoing email to prevent data loss.

The Cisco Web Security Appliance (WSA) is a mitigation technology for web-based threats. WSA
combines advanced malware protection, application visibility and control, acceptable use policy
controls, and reporting. Certain features and applications, such as chat, messaging, video and audio,
can be allowed, restricted with time and bandwidth limits, or blocked, according to the
organization’s requirements. The WSA can perform blacklisting of URLs, URL-filtering, malware
scanning, URL categorization, Web application filtering, and encryption and decryption of web
traffic.

The simplest method of remote access authentication is to configure a login and password
combination on console, vty lines, and aux ports. SSH is a more secure form of remote access. The
local database method has some limitations: User accounts must be configured locally on each
device and there is no backup method available for authentication

AAA is a way to control who is permitted to access a network (authenticate), what they can do while
they are there (authorize), and to audit what actions they performed while accessing the network
(accounting).
Local and server-based are two common methods of implementing AAA authentication

Local AAA stores usernames and passwords locally in a network device such as the Cisco router.
Users authenticate against the local database, as shown in figure. Local AAA is ideal for small
networks.

With the server-based method, the router accesses a central AAA server, as shown in figure. The
AAA server contains the usernames and passwords for all users. The router uses either the Remote
Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System
(TACACS+) protocols to communicate with the AAA server.

AAA authorization is automatic and does not require users to perform additional steps after
authentication.

AAA accounting collects and reports usage data.

The IEEE 802.1X standard is a port-based access control and authentication protocol. This protocol
restricts unauthorized workstations from connecting to a LAN through publicly accessible switch
ports.

Client (Supplicant) - This is a device running 802.1X-compliant client software, which is available for
wired or wireless devices.

Switch (Authenticator) -The switch acts as an intermediary between the client and the
authentication server. It requests identifying information from the client, verifies that information
with the authentication server, and relays a response to the client. Another device that could act as
authenticator is a wireless access point.

Authentication server -The server validates the identity of the client and notifies the switch or
wireless access point that the client is or is not authorized to access the LAN and switch services.

All MAC tables have a fixed size and consequently, a switch can run out of resources in which to
store MAC addresses. MAC address flooding attacks take advantage of this limitation by bombarding
the switch with fake source MAC addresses until the switch MAC address table is full. When this
occurs, the switch treats the frame as an unknown unicast and begins to flood all incoming traffic
out all ports on the same VLAN without referencing the MAC table. This condition now allows a
threat actor to capture all of the frames only capture traffic within the local LAN or VLAN. attack tool
macof. a Catalyst 6500 switch can store 132,000 MAC addresses in its MAC address table. A tool
such as macof can flood a switch with up to 8,000 bogus frames per second; To mitigate MAC
address table overflow attacks, network administrators must implement port security.

A VLAN hopping attack enables traffic from one VLAN to be seen by another VLAN without the aid of
a router. In a basic VLAN hopping attack, the threat actor configures a host to act like a switch to
take advantage of the automatic trunking port feature enabled by default on most switch ports. The
threat actor configures the host to spoof 802.1Q signaling and Cisco-proprietary Dynamic Trunking
Protocol (DTP) signaling to trunk with the connecting switch. If successful, the switch establishes a
trunk link with the host, as shown in the figure. Now the threat actor can access all the VLANs on the
switch. The threat actor can send and receive traffic on any VLAN, effectively hopping between
VLANs.

A threat actor in specific situations could embed a hidden 802.1Q tag inside the frame that already
has an 802.1Q tag. This tag allows the frame to go to a VLAN that the original 802.1Q tag did not
specify. A VLAN double-tagging attack is unidirectional and works only when the attacker is
connected to a port residing in the same VLAN as the native VLAN of the trunk port. The idea is that
double tagging allows the attacker to send data to hosts or servers on a VLAN that otherwise would
be blocked by some type of access control configuration

The goal of the DHCP Starvation attack is to create a DoS for connecting clients. DHCP starvation
attacks require an attack tool such as Gobbler. Gobbler has the ability to look at the entire scope of
leasable IP addresses and tries to lease them all. Specifically, it creates DHCP discovery messages
with bogus MAC addresses.

A DHCP spoofing attack occurs when a rogue DHCP server is connected to the network and provides
false IP configuration parameters to legitimate clients. The rogue server provides an invalid gateway
or the IP address of its host to create a man-in-the-middle attack. The rogue server provides an
incorrect DNS server address pointing the user to a nefarious website. The rogue server provides an
invalid IP address effectively creating a DoS attack on the DHCP client.

When a host sends a gratuitous ARP, other hosts on the subnet store the MAC address and IPv4
address contained in the gratuitous ARP in their ARP tables. The problem is that an attacker can send
a gratuitous ARP message containing a spoofed MAC address to a switch, and the switch would
update its MAC table accordingly. In a typical attack, a threat actor can send unsolicited ARP Replies
to other hosts on the subnet with the MAC Address of the threat actor and the IPv4 address of the
default gateway. There are many tools available on the internet to create ARP man-in-the-middle
attacks including dsniff, Cain & Abel, ettercap, Yersinia, and others. IPv6 uses ICMPv6 Neighbor
Discovery Protocol for Layer 2 address resolution

IP address spoofing is when a threat actor hijacks a valid IP address of another device on the subnet,
or uses a random IP address. MAC address spoofing attacks occur when the threat actors alter the
MAC address of their host to match another known MAC address of a target host. There is no
security mechanism at Layer 2 that allows a switch to verify the source of MAC addresses, which is
what makes it so vulnerable to spoofing.

Network attackers can manipulate the Spanning Tree Protocol (STP) to conduct an attack by spoofing
the root bridge and changing the topology of a network.

The Cisco Discovery Protocol (CDP) is a proprietary Layer 2 link discovery protocol. It is enabled on all
Cisco devices by default. CDP can automatically discover other CDP-enabled devices and help auto-
configure their connection. CDP information includes the IP address of the device, IOS software
version, platform, capabilities, and the native VLAN. The device receiving the CDP message updates
its CDP database. a sample Wireshark capture displays the contents of a CDP packet. CDP broadcasts
are sent unencrypted and unauthenticated. Therefore, an attacker could interfere with the network
infrastructure by sending crafted CDP frames containing bogus device information to directly-
connected Cisco devices
MODULE 11: SWITCH SECURITY CONFIGURATION

IP Source Guard (IPSG) =prevents MAC and IP address spoofing attacks

Dynamic ARP Inspection (DAI) =prevents ARP spoofing and ARP poisoning attacks

DHCP Snooping= prevents DHCP starvation and SHCP spoofing attacks

Port Security= prevents many types of attacks including MAC table overflow attacks and DHCP
starvation attacks

All switch ports (interfaces) should be secured before the switch is deployed for production use.
How a port is secured depends on its function. A simple method that many administrators use to
help secure the network from unauthorized access is to disable all unused ports on a switch

The simplest and most effective method to prevent MAC address table overflow attacks is to enable
port security. Port security limits the number of valid MAC addresses allowed on a port. When a port
configured with port security receives a frame, the source MAC address of the frame is compared to
the list of secure source MAC addresses that were manually configured or dynamically learned on
the port.

port security can only be configured on manually configured access ports or manually configured
trunk ports

If an active port is configured with the switchport port-security command and more than one device
is connected to that port, the port will transition to the error-disabled state.

The default port security value is 1. The maximum number of secure MAC addresses that can be
configured depends the switch and the IOS. In this example, the maximum is 8192.

The switch can be configured to learn about MAC addresses on a secure port in one of three ways:

Manually Configured=The administrator manually configures a static MAC address(es) by using the
following command for each secure MAC address on the port:

Dynamically Learned=When the switchport port-security command is entered, the current source
MAC for the device connected to the port is automatically secured but is not added to the startup
configuration. If the switch is rebooted, the port will have to re-learn the device’s MAC address.

Dynamically Learned – Sticky=The administrator can enable the switch to dynamically learn the MAC
address and “stick” them to the running configuration to RAM.

Port security aging can be used to set the aging time for static and dynamic secure addresses on a
port. Two types of aging are supported per port:

Absolute =The secure addresses on the port are deleted after the specified aging time.

Inactivity -=The secure addresses on the port are deleted only if they are inactive for the specified
aging time.

The parameters for the command are

Static=enables aging for static configured addresses

Time=specify the agigng time(0-1440min)

Type absolute=all addresses are deleted

Type inactivity=the addresses are out only if there is no traffic data from them after the aging time

If the MAC address of a device attached to the port differs from the list of secure addresses, then a
port violation occurs. By default, the port enters the error-disabled state.

how a switch reacts based on the configured violation mode

Shutdow= causes the interface to enter an error-disabled state (same as down state) immediately. It
then sends an SNMP trap notification/syslog messagge. The switchport will remain in this state until
manually removed. This is the default violation mode.

Restrict= drops the packets with unknown source MAC addresses untill a sufficient nr of mac
addresses will be deleted or the maximum values increases, it sends a syslog messagge and t then
causes the SecurityViolation counter to increase

Protect= drops the packets with an unknown source MAC address, no syslog messagge

What happens when the port security violation is shutdown and a port violation occurs? The port is
physically shutdown and placed in the error-disabled state, and no traffic is sent or received on that
port.

steps to mitigate VLAN hopping attacks:

Step 1=Disable DTP (auto trunking) negotiations on non-trunking ports

Step 2=Disable unused ports and put them in an unused VLAN.

Step 3=Manually enable the trunk link on a trunking port

Step 4=Disable DTP (auto trunking) negotiations on trunking ports

Step 5= Set the native VLAN to a VLAN other than VLAN 1

DHCP spoofing attacks can be mitigated by using DHCP snooping on trusted ports. DHCP snooping
determines whether DHCP messages are from an administratively configured trusted or untrusted
source. It then filters DHCP messages and rate-limits DHCP traffic from untrusted sources. Trusted
interfaces are typically trunk links and ports directly connected to a legitimate DHCP server.

A DHCP table is built that includes the source MAC address of a device on an untrusted port and the
IP address assigned by the DHCP server to that device. The MAC address and IP address are bound
together. Therefore, this table is called the DHCP snooping binding table.

Dynamic ARP inspection (DAI) requires DHCP snooping and helps prevent ARP attacks by:

Not relaying invalid or gratuitous ARP Requests out to other ports in the same VLAN.
Intercepting all ARP Requests and Replies on untrusted ports.

Verifying each intercepted packet for a valid IP-to-MAC binding.

Dropping and logging ARP Requests coming from invalid sources to prevent ARP poisoning.

Error-disabling the interface if the configured DAI number of ARP packets is exceeded.

It is generally advisable to configure all access switch ports as untrusted and to configure all uplink
ports that are connected to other switches as trusted.

DAI can also be configured to check for both destination or source MAC and IP addresses. The ip arp
inspection validate {[src-mac] [dst-mac] [ip]} global configuration command is used to configure DAI
to drop ARP packets when the IP addresses are invalid. It can be used when the MAC addresses in
the body of the ARP packets do not match the addresses that are specified in the Ethernet header.

To mitigate Spanning Tree Protocol (STP) manipulation attacks, use PortFast and Bridge Protocol
Data Unit (BPDU) Guard:

PortFast - PortFast immediately brings an interface configured as an access port to the forwarding
state from a blocking state, bypassing the listening and learning states. Apply to all end-user ports.
PortFast should only be configured on ports attached to end devices.

BPDU Guard - BPDU guard immediately error disables a port that receives a BPDU. Like PortFast,
BPDU guard should only be configured on interfaces attached to end devices.

Always enable BPDU Guard on all PortFast-enabled ports.

MODULE 12: WLAN CONCEPTS

Wireless Personal-Area Networks (WPAN) = Uses low powered transmitters for a short-range
network, usually (6 to 9 meters). Bluetooth and ZigBee based devices are commonly used in WPANs.
WPANs are based on the 802.15 standard and a 2.4-GHz radio frequency.

Wireless LANs (WLAN) = Uses transmitters to cover a medium-sized network, usually up to 300 feet.
WLANs are suitable for use in a home, office, and even a campus environment. WLANs are based on
the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency.

Wireless MANs (WMAN) = Uses transmitters to provide wireless service over a larger geographic
area. WMANs are suitable for providing wireless access to a metropolitan city or specific district.
WMANs use specific licensed frequencies.

Wireless Wide-Area Networks (WWANs)= Uses transmitters to provide coverage over an extensive
geographic area. WWANs are suitable for national and global communications. WWANs also use
specific licensed frequencies.

Wireless technology uses the unlicensed radio spectrum to send and receive data. The unlicensed
spectrum is accessible to anyone who has a wireless router and wireless technology in the device
they are using.

Bluetooth= An IEEE 802.15 WPAN standard that uses a device-pairing process to communicate over
distances up to 300 ft. (100m). It can be found in smart home devices, audio connections,
automobiles, and other devices that require a short distance connection. There are two types of
Bluetooth radios:

Bluetooth Low Energy (BLE) = This supports multiple network technologies including mesh topology
to large scale network devices.

Bluetooth Basic Rate/Enhanced Rate (BR/EDR) = This supports point to point topologies and is
optimized for audio streaming.

WiMAX (Worldwide Interoperability for Microwave Access) = WiMAX is an alternative to broadband

wired internet connections, competing with DSL and cable. However, it is typically used in areas that
are not yet connected to a DSL or cable provider. It is an IEEE 802.16 WWAN standard that provides
high-speed wireless broadband access of up to 30 miles (50 km). WiMAX operates in a similar way to
Wi-Fi, but at higher speeds, over greater distances, and for a greater number of users. It uses a
network of WiMAX towers that are similar to cell phone towers. WiMAX transmitters and cellular
transmitters may share space on the same tower, as shown in the figure.

Cellular Broadband = Cellular 4G/5G are wireless mobile networks primarily used by cellular phones
but can be used in automobiles, tablets, and laptops. Cellular networks are multi-access networks
carrying both data and voice communications. A cell site is created by a cellular tower transmitting
signals in a given area. Interconnecting cell sites form the cellular network. The two types of cellular
networks are Global System for Mobile (GSM) and Code Division Multiple Access (CDMA). GSM is
internationally recognized, while CDMA is primarily used in the US.
The 4th Generation mobile network (4G) is the current mobile network. 4G delivers speeds that are
10 times the previous 3G networks. The new 5G holds the promise of delivering 100 times faster
speeds than 4G and connecting more devices to the network than ever before

Satellite Broadband =Provides network access to remote sites through the use of a directional
satellite dish that is aligned with a specific geostationary Earth orbit satellite. It is usually more
expensive and requires a clear line of sight. Typically, it is used by rural homeowners and businesses
where cable and DSL are not available.

The best place to start is with the IEEE 802.11 WLAN standards. These standards define how radio
frequencies are used for wireless links. Most of the standards specify that wireless devices have one
antenna to transmit and receive wireless signals on the specified radio frequency (2.4 GHz or 5 GHz).
Some of the newer standards that transmit and receive at higher speeds require access points (APs)
and wireless clients to have multiple antennas using the multiple-input and multiple-output (MIMO)
technology. MIMO uses multiple antennas as both the transmitter and receiver to improve
communication performance. Up to eight transmit and receive antennas can be used to increase
throughput.

IEEE 802.11 standards:

802.11a=radio frequency 5 GHz, speeds up to 54 Mbps, small coverage area, less effectiveat
penetrating buildings, not interoperable with the 802.11b and 802.11g

802.11b= radio frequency 2.4 GHz, speeds up to11 Mbps, longer rage than 802.11a, better able at
penetrating buildings

802.11g= radio frequency 2.4 GHz, speeds up to 54 Mbps, backward compatible with 802.11b with
reduced bandwidth capacity

802.11n= radio frequency 2.4 GHz and 5 GHz, data rates range from 150 Mbps to 600 Mbps with a
distance range of up to 70 m, clients require multiple antennas using MIMO technology, backward
compatible with 802.11a/b/g devices with limiting data rates

802.11ac r.f 5 GHz, data rates ranging from 450 Mbps to 1.3 Gbps using MIMO technology, up to 8
antennas, backward compatible with 802.11a/n devices with limiting data rates

802.11ax= r.f 2.4 and 5 GHz, known as Wi-Fi 6 or HEW(high-efficiency wireless), improved power
efficiency, higher data rates, increased capacity, handles many connected devices, it will use 1 and 7
GHz.

Internationally, the three organizations influencing WLAN standards are the ITU-R, the IEEE, and the
Wi-Fi Alliance. The International Telecommunication Union (ITU) regulates the allocation of the radio
frequency spectrum and satellite orbits through the ITU-R. The IEEE specifies how a radio frequency
is modulated to carry information. The Wi-Fi Alliance is a global, non-profit, industry trade
association devoted to promoting the growth and acceptance of WLANs. It is an association of
vendors whose objective is to improve the interoperability of products that are based on the 802.11
standard by certifying vendors for conformance to industry norms and adherence to standards.
Wireless deployments require a minimum of two devices that have a radio transmitter and a radio
receiver tuned to the same radio frequencies: End devices with wireless NICs and A network device,
such as a wireless router or wireless AP

The wireless router serves as an:

Access point = This provides 802.11a/b/g/n/ac wireless access.

Switch =This provides a four-port, full-duplex, 10/100/1000 Ethernet switch to interconnect wired
devices.

Router =This provides a default gateway for connecting to other network infrastructures, such as the
internet.

The wireless router advertises its wireless services by sending beacons containing its shared service
set identifier (SSID). Devices wirelessly discover the SSID and attempt to associate and authenticate
with it to access the local network and internet. While range extenders are easy to set up and
configure, the best solution would be to install another wireless access point to provide dedicated
wireless access to the user devices

Autonomous Aps=These are standalone devices configured using a command line interface or a GUI,.
Autonomous APs are useful in situations where only a couple of APs are required in the organization.
A home router is an example of an autonomous AP

These devices require no initial configuration and are often called lightweight APs (LAPs). LAPs use
the Lightweight Access Point Protocol (LWAPP) to communicate with a WLAN controller (WLC),.
Controller-based APs are useful in situations where many APs are required in the network. As more
APs are added, each AP is automatically configured and managed by the WLC. Notice in the figure
that the WLC has four ports connected to the switching infrastructure. These four ports are
configured as a link aggregation group (LAG) to bundle them together. Much like how EtherChannel
operates, LAG provides redundancy and load-balancing. All the ports on the switch that are
connected to the WLC need to be trunking and configured with EtherChannel on. However, LAG
does not operate exactly like EtherChannel. The WLC does not support Port Aggregation Protocol
(PaGP) or Link Aggregation Control Protocol (LACP).

Omnidirectional antennas such as the one shown in the figure provide 360-degree coverage and are
ideal in houses, open office areas, conference rooms, and outside areas.

Directional antennas focus the radio signal in a given direction. This enhances the signal to and from
the AP in the direction the antenna is pointing This provides a stronger signal strength in one
direction and reduced signal strength in all other directions. Examples of directional Wi-Fi antennas
include Yagi and parabolic dish antennas.

Multiple Input Multiple Output (MIMO) uses multiple antennas to increase available bandwidth for
IEEE 802.11n/ac/ax wireless networks. Up to eight transmit and receive antennas can be used to
increase throughput.
Ad hoc mode - This is when two devices connect wirelessly in a peer-to-peer (P2P) manner without
using APs or wireless routers. Examples include wireless clients connecting directly to each other
using Bluetooth or Wi-Fi Direct. The IEEE 802.11 standard refers to an ad hoc network as an
independent basic service set (IBSS).

Infrastructure mode - This is when wireless clients interconnect via a wireless router or AP, such as in
WLANs. APs connect to the network infrastructure using the wired distribution system, such as
Ethernet.

Tethering - A variation of the ad hoc topology is when a smart phone or tablet with cellular data
access is enabled to create a personal hotspot. This feature is sometimes referred to as tethering. A
hotspot is usually a temporary quick solution that enables a smart phone to provide the wireless
services of a Wi-Fi router. Other devices can associate and authenticate with the smart phone to use
the internet connection.

Basic Service Set A BSS consists of a single AP interconnecting all associated wireless clients. Two
BSSs are shown in the figure. The circles depict the coverage area for the BSS, which is called the
Basic Service Area (BSA). If a wireless client moves out of its BSA, it can no longer directly
communicate with other wireless clients within the BSA. The Layer 2 MAC address of the AP is used
to uniquely identify each BSS, which is called the Basic Service Set Identifier (BSSID). Therefore, the
BSSID is the formal name of the BSS and is always associated with only one AP.

Extended Service Set=When a single BSS provides insufficient coverage, two or more BSSs can be
joined through a common distribution system (DS) into an ESS. An ESS is the union of two or more
BSSs interconnected by a wired DS. Each ESS is identified by a SSID and each BSS is identified by its
BSSID. Wireless clients in one BSA can now communicate with wireless clients in another BSA within
the same ESS. Roaming mobile wireless clients may move from one BSA to another (within the same
ESS) and seamlessly connect. The rectangular area in the figure depicts the coverage area within
which members of an ESS may communicate. This area is called the Extended Service Area (ESA).

All 802.11 wireless frames contain the following fields:

Frame Control =This identifies the type of wireless frame and contains subfields for protocol version,
frame type, address type, power management, and security settings.

Duration =This is typically used to indicate the remaining duration needed to receive the next frame
transmission.

From a wireless device:

Address 1 Receiver Address = MAC address of the AP.

Address 2 Transmitter Address = MAC address of the sender.

Address 3 SA/DA/BSSID = MAC address of the destination which could be a wireless device or wired
device.

From the AP:

Address 1 Receiver Address = MAC address of the sender.

Address 2 Transmitter Address= MAC address of the AP.

Address 3 SA/DA/BSSID= MAC address of the wireless destination.

Sequence Control =This contains information to control sequencing and fragmented frames.

Address4 =This usually missing because it is used only in ad hoc mode.

Payload = This contains the data for transmission.

FCS =This is used for Layer 2 error control.

A wireless client does the following:

Listens to the channel to see if it is idle, which means that is senses no other traffic is currently on
the channel. The channel is also called the carrier.

Sends a request to send (RTS) message to the AP to request dedicated access to the network.

Receives a clear to send (CTS) message from the AP granting access to send.

If the wireless client does not receive a CTS message, it waits a random amount of time before
restarting the process.

After it receives the CTS, it transmits the data.

All transmissions are acknowledged. If a wireless client does not receive an acknowledgment, it
assumes a collision occurred and restarts the process.

SSID =The SSID name appears in the list of available wireless networks on a client. In larger
organizations that use multiple VLANs to segment traffic, each SSID is mapped to one VLAN.
Depending on the network configuration, several APs on a network can share a common SSID.

Password = This is required from the wireless client to authenticate to the AP.

Network mode = This refers to the 802.11a/b/g/n/ac/ad WLAN standards. APs and wireless routers
can operate in a Mixed mode meaning that they can simultaneously support clients connecting via
multiple standards.

Security mode =This refers to the security parameter settings, such as WEP, WPA, or WPA2. Always
enable the highest security level supported.

Channel settings = This refers to the frequency bands used to transmit wireless data. Wireless
routers and APs can scan the radio frequency channels and automatically select an appropriate
channel setting. The channel can also be set manually if there is interference with another AP or
wireless device.

Wireless devices must discover and connect to an AP or wireless router. Wireless clients connect to
the AP using a scanning (probing) process. This process can be passive or active.
In passive mode, the AP openly advertises its service by periodically sending broadcast beacon
frames containing the SSID, supported standards, and security settings. The primary purpose of the
beacon is to allow wireless clients to learn which networks and APs are available in a given area. This
allows the wireless clients to choose which network and AP to use

In active mode, wireless clients must know the name of the SSID. The wireless client initiates the
process by broadcasting a probe request frame on multiple channels. The probe request includes the
SSID name and standards supported. APs configured with the SSID will send a probe response that
includes the SSID, supported standards, and security settings. Active mode may be required if an AP
or wireless router is configured to not broadcast beacon frames.

A wireless client could also send a probe request without a SSID name to discover nearby WLAN
networks. APs configured to broadcast beacon frames would respond to the wireless client with a
probe response and provide the SSID name. APs with the broadcast SSID feature disabled do not
respond.

CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple APs and WLANs.
CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between an
AP and a WLC.

CAPWAP is based on LWAPP but adds additional security with Datagram Transport Layer Security
(DTLS). CAPWAP establishes tunnels on User Datagram Protocol (UDP) ports. CAPWAP can operate
either over IPv4 or IPv6, as shown in the figure, but uses IPv4 by default.

IPv4 and IPv6 both use UDP ports 5246 and 5247. Port 5246 is for CAPWAP control messages used
by the WLC to manage the AP. Port 5247 is used by CAPWAP to encapsulate data packets traveling
to and from wireless clients. However, CAPWAP tunnels use different IP protocols in the packet
header. IPv4 uses IP protocol 17 and IPv6 uses IP protocol 136.

A key component of CAPWAP is the concept of a split media access control (MAC). The CAPWAP split
MAC concept does all of the functions normally performed by individual APs and distributes them
between two functional components: AP MAC Functions and WLC MAC Functions

DTLS is a protocol which provides security between the AP and the WLC. It allows them to
communicate using encryption and prevents eavesdropping or tampering.DTLS is enabled by default
to secure the CAPWAP control channel but is disabled by default for the data channel. Data
encryption requires a DTLS license to be installed on the WLC prior to being enabled on an AP. When
enabled, all WLAN client traffic is encrypted at the AP before being forwarded to the WLC and vice
versa.

FlexConnect is a wireless solution for branch office and remote office deployments. It lets you
configure and control access points in a branch office from the corporate office through a WAN link,
without deploying a controller in each office.

There are two modes of operation for the FlexConnect AP.

Connected mode =The WLC is reachable. In this mode the FlexConnect AP has CAPWAP connectivity
with its WLC and can send traffic through the CAPWAP tunnel, as shown in the figure. The WLC
performs all its CAPWAP functions.

Standalone mode -=The WLC is unreachable. The FlexConnect has lost or failed to establish CAPWAP
connectivity with its WLC. In this mode, a FlexConnect AP can assume some of the WLC functions
such as switching client data traffic locally and performing client authentication locally.

Wireless LAN devices have transmitters and receivers tuned to specific frequencies of radio waves to
communicate. A common practice is for frequencies to be allocated as ranges. Such ranges are then
split into smaller ranges called channels.

If the demand for a specific channel is too high, that channel is likely to become oversaturated. The
saturation of the wireless medium degrades the quality of the communication. Over the years, a
number of techniques have been created to improve wireless communication and alleviate
saturation. These techniques mitigate channel saturation by using the channels in a more efficient
way.

Direct-Sequence Spread Spectrum (DSSS) - This is a modulation technique designed to spread a

signal over a larger frequency band. Spread spectrum techniques were developed during war time to
make it more difficult for enemies to intercept or jam a communication signal. It does this by
spreading the signal over a wider frequency which effectively hides the discernable peak of the
signal, as shown in the figure. A properly configured receiver can reverse the DSSS modulation and
re-construct the original signal. DSSS is used by 802.11b devices to avoid interference from other
devices using the same 2.4 GHz frequency.

Frequency-Hopping Spread Spectrum (FHSS) - This relies on spread spectrum methods to

communicate. It transmits radio signals by rapidly switching a carrier signal among many frequency
channels. With the FHSS, the sender and receiver must be synchronized to “know” which channel to
jump to. This channel hopping process allows for a more efficient usage of the channels, decreasing
channel congestion. FHSS was used by the original 802.11 standard. Walkie-talkies and 900 MHz
cordless phones also use FHSS, and Bluetooth uses a variation of FHSS.

Orthogonal Frequency-Division Multiplexing (OFDM) - This is a subset of frequency division

multiplexing in which a single channel uses multiple sub-channels on adjacent frequencies. Sub-
channels in an OFDM system are precisely orthogonal to one another which allow the sub-channels
to overlap without interfering. OFDM is used by a number of communication systems including
802.11a/g/n/ac. The new 802.11ax uses a variation of OFDM called Orthogonal frequency-division
multiaccess (OFDMA).

A best practice for WLANs requiring multiple APs is to use non-overlapping channels. For example,
the 802.11b/g/n standards operate in the 2.4 GHz to 2.5 GHz spectrum. The 2.4 GHz band is
subdivided into multiple channels. Each channel is allotted 22 MHz bandwidth and is separated from
the next channel by 5 MHz. The 802.11b standard identifies 11 channels for North America, as
shown in the figure (13 in Europe and 14 in Japan).

Interference occurs when one signal overlaps a channel reserved for another signal, causing possible
distortion. The best practice for 2.4 GHz WLANs that require multiple APs is to use non-overlapping
channels, although most modern APs will do this automatically. If there are three adjacent APs, use
channels 1, 6, and 11,

For the 5 GHz standards 802.11a/n/ac, there are 24 channels. The 5 GHz band is divided into three
sections. Each channel is separated from the next channel by 20 MHz. The figure shows all 24
Unlicensed National Information Infrastructure (U-NNI) 24 channels for the 5 GHz band. Although
there is a slight overlap at the tails of each channel's frequency, the channels do not interfere with
one another. 5 GHz wireless can provide faster data transmission for wireless clients in heavily
populated wireless networks because of the large amount of non-overlapping wireless channels.

As with 2.4 GHz WLANs, choose non-interfering channels when configuring multiple 5 GHz APs that
are adjacent to each other

Wireless DoS attacks can be the result of:

Improperly configured devices = Configuration errors can disable the WLAN. For instance, an
administrator could accidently alter a configuration and disable the network, or an intruder with
administrator privileges could intentionally disable a WLAN.

A malicious user intentionally interfering with the wireless communication = Their goal is to disable
the wireless network completely or to the point where no legitimate device can access the medium.

Accidental interference = WLANs are prone to interference from other wireless devices including
microwave ovens, cordless phones, baby monitors, and more, as shown in the figure. The 2.4 GHz
band is more prone to interference than the 5 GHz band.

A rogue AP is an AP or wireless router that has been connected to a corporate network without
explicit authorization and against corporate policy. To prevent the installation of rogue APs,
organizations must configure WLCs with rogue AP policies, and use monitoring software to actively
monitor the radio spectrum for unauthorized APs.

In a man-in-the-middle (MITM) attack, the hacker is positioned in between two legitimate entities in
order to read or modify the data that passes between the two parties. A popular wireless MITM
attack is called the “evil twin AP” attack, where an attacker introduces a rogue AP and configures it
with the same SSID as a legitimate AP, as shown in the figure. Locations offering free Wi-Fi, such as
airports, cafes, and restaurants, are particularly popular spots for this type of attack due to the open
authentication.

To address the threats of keeping wireless intruders out and protecting data, two early security
features were used and are still available on most routers and APs: SSID cloaking and MAC address
filtering.

SSID Cloaking=APs and some wireless routers allow the SSID beacon frame to be disabled, as shown
in the figure. Wireless clients must manually configure the SSID to connect to the network.

MAC Addresses Filtering=An administrator can manually permit or deny clients wireless access based
on their physical MAC hardware address. In the figure, the router is configured to permit two MAC
addresses. Devices with different MAC addresses will not be able to join the 2.4GHz WLAN.
SIDs are easily discovered even if APs do not broadcast them and MAC addresses can be spoofed.
The best way to secure a wireless network is to use authentication and encryption systems.Two
types of authentication were introduced with the original 802.11 standard:

Open system authentication=Any wireless client should easily be able to connect and should only be
used in situations where security is of no concern, such as those providing free internet access like
cafes, hotels, and in remote areas. The wireless client is responsible for providing security such as
using a virtual private network (VPN) to connect securely. VPNs provide authentication and
encryption services. VPNs are beyond the scope of this topic.

Shared key authentication= Provides mechanisms, such as WEP, WPA, WPA2, and WPA3 to
authenticate and encrypt data between a wireless client and AP. However, the password must be
pre-shared between both parties to connect.

Home routers typically have two choices for authentication: WPA and WPA2. WPA2 is the stronger
of the two. The figure shows the option to select one of two WPA2 authentication methods:

Personal - Intended for home or small office networks, users authenticate using a pre-shared key
(PSK). Wireless clients authenticate with the wireless router using a pre-shared password. No special
authentication server is required.

Enterprise - Intended for enterprise networks but requires a Remote Authentication Dial-In User
Service (RADIUS) authentication server. Although more complicated to set up, it provides additional
security. The device must be authenticated by the RADIUS server and then users must authenticate
using 802.1X standard, which uses the Extensible Authentication Protocol (EAP) for authentication.

The WPA and WPA2 standards use the following encryption protocols:

Temporal Key Integrity Protocol (TKIP) = TKIP is the encryption method used by WPA. It provides
support for legacy WLAN equipment by addressing the original flaws associated with the 802.11
WEP encryption method. It makes use of WEP, but encrypts the Layer 2 payload using TKIP, and
carries out a Message Integrity Check (MIC) in the encrypted packet to ensure the message has not
been altered.

Advanced Encryption Standard (AES) = AES is the encryption method used by WPA2. It is the
preferred method because it is a far stronger method of encryption. It uses the Counter Cipher
Mode with Block Chaining Message Authentication Code Protocol (CCMP) that allows destination
hosts to recognize if the encrypted and non-encrypted bits have been altered.

The Enterprise security mode choice requires an Authentication, Authorization, and Accounting
(AAA) RADIUS server.

RADIUS Server IP address =This is the reachable address of the RADIUS server.

UDP port numbers = Officially assigned UDP ports 1812 for RADIUS Authentication, and 1813 for
RADIUS Accounting, but can also operate using UDP ports 1645 and 1646, as shown in the figure.

Shared key = Used to authenticate the AP with the RADIUS server.

MODULE 14: ROUTING CONCEPTS

The best path in the routing table is also known as the longest match. The longest match is a process
the router uses to find a match between the destination IP address of the packet and a routing entry
in the routing table.

For there to be a match between the destination IP address of a packet and a route in the routing
table, a minimum number of far-left bits must match between the IP address of the packet and the
route in the routing table. The prefix length of the route in the routing table is used to determine the
minimum number of far-left bits that must match

Directly connected networks =networks that are configured on the active interfaces of a router. A
directly connected network is added to the routing table when an interface is configured with an IP
address and subnet mask (prefix length) and is active (up and up).

Static routes = Added to the routing table when a route is manually configured.

Dynamic routing protocols = Added to the routing table when routing protocols dynamically learn
about the remote network. Dynamic routing protocols include Enhanced Interior Gateway Routing
Protocol (EIGRP), Open Shortest Path First (OSPF), as well as several others.

A default route specifies a next-hop router to use when the routing table does not contain a specific
route that matches the destination IP address. The default route can be entered manually as a static
route or learned automatically from a dynamic routing protocol.

A default route over IPv4 has a route entry of 0.0.0.0/0 and a default route over IPv6 has a route
entry of ::/0. The /0 prefix length indicates that zero bits or no bits need to match the destination IP
address for this route entry to be used. If there are no routes with a longer match, more than 0 bits,
then the default route is used to forward the packet. The default route is sometimes referred to as a
gateway of last resort.

three things a router can do with a packet after it has determined the best path.

Forwards the Packet to a Device on a Directly Connected Network=If the route entry indicates that
the egress interface is a directly connected network, this means that the destination IP address of
the packet belongs to a device on the directly connected network. the packet must be encapsulated
in an Ethernet frame.

To encapsulate the packet in the Ethernet frame, the router needs to determine the destination
MAC address associated with the destination IP address of the packet. The process varies based on
whether the packet is an IPv4 or IPv6 packet:

IPv4 packet = The router checks its ARP table for the destination IPv4 address and an associated
Ethernet MAC address. If there is no match, the router sends an ARP Request. The destination device
will return an ARP Reply with its MAC address. The router can now forward the IPv4 packet in an
Ethernet frame with the proper destination MAC address.

IPv6 packet = The router checks its neighbor cache for the destination IPv6 address and an
associated Ethernet MAC address. If there is no match, the router sends an ICMPv6 Neighbor
Solicitation (NS) message. The destination device will return an ICMPv6 Neighbor Advertisement
(NA) message with its MAC address. The router can now forward the IPv6 packet in an Ethernet
frame with the proper destination MAC address.

Forwards the Packet to a Next-Hop Router=If the route entry indicates that the destination IP
address is on a remote network, this means the destination IP address of the packet belongs to a
device on network that is not directly connected. Therefore, the packet must be forwarded to
another router, specifically a next-hop router. The next-hop address is indicated in the route entry.

Drops the Packet = No Match in Routing Table

The primary responsibility of the packet forwarding function is to encapsulate packets in the
appropriate data link frame type for the outgoing interface.

Routers support the following three packet forwarding mechanisms:

Process switching= When a packet arrives on an interface, it is forwarded to the control plane where
the CPU matches the destination address with an entry in its routing table, and then determines the
exit interface and forwards the packet. It is important to understand that the router does this for
every packet, even if the destination is the same for a stream of packets

Fast switching= Fast switching uses a fast-switching cache to store next-hop information. When a
packet arrives on an interface, it is forwarded to the control plane where the CPU searches for a
match in the fast-switching cache. If it is not there, it is process-switched and forwarded to the exit
interface. The flow information for the packet is also stored in the fast-switching cache. If another
packet going to the same destination arrives on an interface, the next-hop information in the cache
is re-used without CPU intervention.

Cisco Express Forwarding (CEF)= Like fast switching, CEF builds a Forwarding Information Base (FIB),
and an adjacency table. However, the table entries are not packet-triggered like fast switching but
change-triggered, such as when something changes in the network topology. Therefore, when a
network has converged, the FIB and adjacency tables contain all the information that a router would
have to consider when forwarding a packet.

L =Identifies the address assigned to a router interface. This allows the router to efficiently
determine when it receives a packet for the interface instead of being forwarded.

* = This route is a candidate for a default route.

Static routes use less bandwidth than dynamic routing protocols, and no CPU cycles are used to
calculate and communicate routes. The main disadvantage to using static routes is the lack of
automatic reconfiguration if the network topology changes.

Static routing uses a single default route to represent a path to any network that does not have a
more specific match with another route in the routing table. It routes to and from stub networks. A
stub network is a network accessed by a single route, and the router has only one neighbor.
Dynamic routing protocols are used by routers to automatically share information about the
reachability and status of remote networks. Dynamic routing protocols perform several activities,
including network discovery and maintaining routing tables.

Network discovery is the ability of a routing protocol to share information about the networks that it
knows about with other routers that are also using the same routing protocol

Pv4 was standardized in the early 1980s using the now obsolete classful addressing architecture. The
IPv4 routing table is organized using this same classful structure.

n indented entry is known as a child route. A route entry is indented if it is the subnet of a classful
address (class A, B or C network). Directly connected networks will always be indented (child routes)
because the local address of the interface is always entered in the routing table as a /32. The child
route will include the route source and all the forwarding information such as the next-hop address.
The classful network address of this subnet will be shown above the route entry, less indented, and
without a source code. That route is known as a parent route.

Cisco IOS uses what is known as the administrative distance (AD) to determine the route to install
into the IP routing table. The AD represents the "trustworthiness" of the route. The lower the AD,
the more trustworthy the route source. Because EIGRP has an AD of 90 and OSPF has an AD of 110,
the EIGRP route entry would be installed in the routing table.

Static routes are commonly used in the following scenarios:

As a default route forwarding packets to a service provider

For routes outside the routing domain and not learned by the dynamic routing protocol

When the network administrator wants to explicitly define the path for a specific network

For routing between stub networks

Dynamic routing protocols are commonly used in the following scenarios:

In networks consisting of more than just a few routers

When a change in the network topology requires the network to automatically determine another
path
For scalability.

The main components of dynamic routing protocols include the following:

Data structures = Routing protocols typically use tables or databases for their operations. This
information is kept in RAM.

Routing protocol messages =Routing protocols use various types of messages to discover
neighboring routers, exchange routing information, and other tasks to learn and maintain accurate
information about the network.

Algorithm = An algorithm is a finite list of steps used to accomplish a task. Routing protocols use
algorithms for facilitating routing information and for the best path determination.

The best path is selected by a routing protocol based on the value or metric it uses to determine the
distance to reach a network. A metric is the quantitative value used to measure the distance to a
given network. The best path to a network is the path with the lowest metric.

When a router has two or more paths to a destination with equal cost metrics, then the router
forwards the packets using both paths equally. This is called equal cost load balancing. The routing
table contains the single destination network, but has multiple exit interfaces, one for each equal
cost path. The router forwards packets using the multiple exit interfaces listed in the routing table.

Equal cost load balancing is implemented automatically by dynamic routing protocols. It is enabled
with static routes when there are multiple static routes to the same destination network using
different next-hop routers.

A default route is commonly used on the edge router of a company to connect to an ISP. A default
route is a specialized static route that uses the network number and mask of all 0s (0.0.0.0 0.0.0.0)
MODULE 15: IP STATIC ROUTING

types of static routes: Standard static route, Default static route, Floating static route, Summary
static route

When configuring a static route, the next hop can be identified by an IP address, exit interface, or
both. How the destination is specified creates one of the three following types of static route:

Next-hop route =Only the next-hop IP address is specified

Directly connected static route = Only the router exit interface is specified

Fully specified static route = The next-hop IP address and exit interface are specified

n a fully specified static route, both the exit interface and the next-hop IP address are specified. This
form of static route is used when the exit interface is a multi-access interface and it is necessary to
explicitly identify the next hop. The next hop must be directly connected to the specified exit
interface. The difference between an Ethernet multi-access network and a point-to-point serial
network is that a point-to-point serial network has only one other device on that network, the router
at the other end of the link. With Ethernet networks, there may be many different devices sharing
the same multi-access network, including hosts and even multiple routers.

If the IPv6 static route uses an IPv6 link-local address as the next-hop address, use a fully specified
static route. The reason a fully specified static route must be used is because IPv6 link-local
addresses are not contained in the IPv6 routing table.

Instead of routers storing routes for all of the networks in the internet, they can store a single
default route to represent any network that is not in the routing table. Default static routes are
commonly used when connecting an edge router to a service provider network, or a stub router (a
router with only one upstream neighbor router).

Floating static routes are static routes that are used to provide a backup path to a primary static or
dynamic route, in the event of a link failure. The floating static route is only used when the primary
route is not available. To accomplish this, the floating static route is configured with a higher
administrative distance than the primary route. The administrative distance represents the
trustworthiness of a route. If no administrative distance is configured, the default value (1) is used.

A host route is an IPv4 address with a 32-bit mask, or an IPv6 address with a 128-bit mask. The
following shows the three ways a host route can be added to the routing table:

Automatically installed when an IP address is configured on the router= A host route allows for a
more efficient process for packets that are directed to the router itself, rather than for packet
forwarding. This is in addition to the connected route, designated with a C in the routing table for
the network address of the interface. When an active interface on a router is configured with an IP
address, a local host route is automatically added to the routing table.

Configured as a static host route= A host route can be a manually configured static route to direct
traffic to a specific destination device, such as the server shown in the figure. The static route uses a
destination IP address and a 255.255.255.255 (/32) mask for IPv4 host routes, and a /128 prefix
length for IPv6 host routes.

Host route automatically obtained through other methods