Acknowledgments

This book would not have been possible without the efforts of many dedicated people. Thanks to Andrew Cupp, development editor, for his guidance and special attention to detail. Thanks to Tonya Simpson, senior project editor, for her accuracy. Thanks to Brett Bartow, executive editor, for his vision. Thanks to all other Cisco Press team members who worked behind the scenes to make this a better book. A special thanks my coauthor, Steve Jordan, for stepping in and contributing four chapters in...

Addressing Digit Signaling

There are two methods for submitting analog address digits to place a call Dual-tone multifrequency (DTMF) dialing Pulse dialing uses the opening and closing of a switch at the telephone set. A rotary register at the CO detects the opening and closing of the loop. When the number 5 is dialed on a rotary phone, the dial mechanism opens and closes five times, each one-tenth of a second apart. DTMF uses two tones simultaneously to indicate the dialed number. Table 15-3 shows the phone keypad and...

Administrative Distance

On Cisco routers running more than one routing protocol, it is possible for two different routing protocols to have a route to the same destination. Cisco routers assign each routing protocol an administrative distance. When multiple routes exist for a destination, the router selects the longest match. For example, if to reach a destination of 170.20.10.1 OSPF has a route prefix of 170.20.10.0 24 and EIGRP has a route prefix of 170.20.0.0 16, the OSPF route is preferred because the 24 prefix is...

B

On VoIP networks, 527-528 WAN technology considerations, 169 BDRs (backup designated routers), 362-363 Beauty Things scenario, 577-579 Bellman-Ford algorithm, 295 best path selection BGP, 401 metrics, 300-301 bandwidth, 301 cost, 302-303 delay, 303 hop count, 301 load, 303 MTU, 304 reliability, 304 BGP (Border Gateway Protocol), 390 administrative distance, 396 attributes, 396 atomic aggregate, 399-400 community, 399 local preference, 397 MED, 398-399 next-hop, 397 origin, 398 weight, 400 best...

Best Practices for Hierarchical Layers

Each layer of the hierarchical architecture contains special considerations. The following sections describe best practices for each of the three layers of the hierarchical architecture access, distribution, and core. When designing the building access layer, you must take into consideration the number of users or ports required to size up the LAN switch. Connectivity speed for each host should be considered. Hosts might be connected using various technologies such as Fast Ethernet, Gigabit...

BGP Administrative Distance

The Cisco IOS Software assigns an administrative distance to eBGP and iBGP routes, as it does with other routing protocols. For the same prefix, the route with the lowest administrative distance is selected for inclusion in the IP forwarding table. Because iBGP-learned routes do not have metrics associated with the route as IGPs (OSPF and EIGRP) do, iBGP-learned routes are less trusted. For BGP, the administrative distances are

BGP Neighbors

BGP is usually configured between two directly connected routers that belong to different autonomous systems. Each autonomous system is under different technical administration. BGP is frequently used to connect the enterprise to service providers and to interconnect service providers, as shown in Figure 12-1. The routing protocol within the enterprise could be any interior gateway protocol (IGP). Common IGP choices include RIPv2, EIGRP, Open Shortest Path First (OSPF), and Intermediate...

BGP Summary

BGP is an exterior gateway protocol (EGP) used in routing in the Internet. It is an interdomain routing protocol. BGP is a path vector routing protocol suited for strategic routing policies. It uses TCP port 179 to establish connections with neighbors. eBGP is used for external neighbors. It is used between different autonomous systems. iBGP is used for internal neighbors. It is used within an AS. BGP uses several attributes in the routing-decision algorithm. It uses confederations and route...

Binary Numbers

The binary number system uses two digits 1 and 0. Computer systems use binary numbers. IP addresses and MAC addresses are represented by binary numbers. The number of binary 1s or 0s is the number of bits, short for binary digits. For example, 01101010 is a binary number with 8 bits. An IP address has 32 bits, and a MAC address has 48 bits. As shown in Table B-2, IPv4 addresses are usually represented in dotted-decimal format therefore, it is helpful to know how to convert between binary and...

Branch Design Considerations

For branch networks you need to consider the number and placement of APs, which depends on the location and expected number of wireless clients at the branch office. It may not be cost-justifiable to place a WLC at each branch office of an enterprise. One requirement is that the round-trip time (RTT) between the AP and the WLC should not exceed 100 ms. For centralized controllers, it is recommended that you use REAP or Hybrid REAP (H-REAP). LWAPP supports local media access control (local MAC),...

Cable

Broadband cable is a technology used to transport data using a coaxial cable medium over cable distribution systems. The equipment used on the remote-access side is the cable modem, which connects to the Cable Modem Termination System (CMTS) on the ISP side. The Universal Broadband Router (uBR) provides the CMTS services and is deployed at the cable company headend. The uBR forwards traffic upstream through the provider's WAN core or the local PSTN, depending on the services being provided. The...

Campus Design Considerations

When designing for the Cisco Unified Wireless Network, you need to be able to determine how many LWAPs to place and how they will be managed with the WLCs. Table 4-4 summarizes campus design considerations. Table 4-4 WLAN Design Considerations Table 4-4 WLAN Design Considerations The design should have enough APs to provide full RF coverage for wireless clients for all the expected locations in the enterprise. Cisco recommends 20 data devices per AP and 7 g.711 concurrent or 8 g.729 concurrent...

Campus LAN Quality of Service Considerations

For the access layer of the campus LAN, you can classify and mark frames or packets to apply quality of service (QoS) policies in the distribution or at the Enterprise Edge. Classification is a fundamental building block of QoS and involves recognizing and distinguishing between different traffic streams. For example, you distinguish between HTTP HTTPS, FTP, and VoIP traffic. Without classification, all traffic would be treated the same. Marking sets certain bits in a packet or frame that has...

CAS and CCS Signaling

Digital signaling has two major forms Channel Associated Signaling (CAS) and Common Channel Signaling (CCS). The major difference is that with CAS the signaling is included in the same channel as the voice call. With CCS the signaling is provided in a separate channel. Table 15-2 shows the common types of CAS and CCS. They are covered in the following sections. Table 15-2 Common CAS and CCS Signaling Types Table 15-2 Common CAS and CCS Signaling Types

CCDA Official Exam Certification Guide Third Edition

Anthony Bruno, CCIE No. 2738 Steve Jordan, CCIE No. 11293 Copyright 2007 Cisco Systems, Inc. Published by Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in...

Network Design Methodology

Do I Know This Already Quiz 5 Foundation Topics 8 Intelligent Information Network and Service-Oriented Network Architecture 8 IIN Framework 8 SONA 9 Network Infrastructure Layer 10 Interactive Service Layer 11 Application Layer 11 Benefits of SONA 12 Prepare, Plan, Design, Implement, Operate, and Optimize Phases 13 Prepare Phase 14 Plan Phase 14 Design Phase 14 Implement Phase 14 Operate Phase 14 Optimize Phase 15 Design Methodology Under PPDIOO 15 Identifying Customer Requirements 15...

Security Technologies and Design 463

Do I Know This Already Quiz 463 Foundation Topics 467 Cisco Self-Defending Network 467 Network Security Platforms 468 Self-Defending Network Phases 469 Trust and Identity Technologies 470 Firewall ACLs 470 NAC Framework and Appliance 471 Cisco Identity-Based Network Services 472 Identity and Access Control Deployments 473 Detecting and Mitigating Threats 474 Threat Detection and Mitigation Technologies 474 Threat Detection and Mitigation Solutions 475 Security Management Applications 476...

Traditional Voice Architectures and IP Telephony Design 497

Do I Know This Already Quiz 497 Foundation Topics 500 Traditional Voice Architectures 500 PBX and PSTN Switches 500 Local Loop and Trunks 501 Ports 503 Major Analog and Digital Signaling Types 503 Loop-Start Signaling 504 Ground-Start Signaling 504 E& M Signaling 505 CAS and CCS Signaling 506 PSTN Numbering Plan 508 Other PSTN Services 510 Centrex Services 510 Voice Mail 510 Database Services 510 IVR 510 ACD 511 Voice Terminology 511 Grade of Service 511 Erlangs 511 Centum Call Second (CCS)...

Network Structure Models

Do I Know This Already Quiz 33 Foundation Topics 36 Hierarchical Network Models 36 Benefits of the Hierarchical Model 36 Hierarchical Network Design 37 Core Layer 38 Distribution Layer 38 Access Layer 39 Hierarchical Model Examples 40 Cisco Enterprise Architecture Model 42 Enterprise Campus Module 43 Enterprise Edge Module 45 E-Commerce 45 Internet Edge 46 VPN Remote Access 47 Enterprise WAN 48 Service Provider (SP) Edge Module 49 Remote Modules 50 Enterprise Branch Module 50 Enterprise Data...

Enterprise LAN Design

Do I Know This Already Quiz 69 Foundation Topics 72 LAN Media 72 10-Mbps Fiber Ethernet Design Rules 74 100-Mbps Fast Ethernet Design Rules 74 Gigabit Ethernet Design Rules 76 1000BASE-LX Long-Wavelength Gigabit Ethernet 77 1000BASE-SX Short-Wavelength Gigabit Ethernet 78 1000BASE-CX Gigabit Ethernet over Coaxial Cable 78 1000BASE-T Gigabit Ethernet over UTP 78 10 Gigabit Ethernet (10GE) Design Rules 79 10GE Media Types 79 Fast EtherChannel 79 Token Ring Design Rules 80 LAN Hardware 80...

WAN Technologies 151

Do I Know This Already Quiz 151 WAN Defined 154 WAN Connection Modules 155 WAN Comparison 156 Dialup 157 ISDN 157 Frame Relay 159 Time-Division Multiplexing 160 SONET SDH 160 Multiprotocol Label Switching 161 Other WAN Technologies 162 Digital Subscriber Line 162 Cable 163 Wireless 164 Dark Fiber 166 Dense Wave Division Multiplexing 166 Ordering WAN Technology and Contracts 166 WAN Design Methodology 167 Response Time 168 Throughput 168 Reliability 168 Bandwidth Considerations 169 Window Size...

Routing Protocol Selection Criteria 289

Do I Know This Already Quiz 289 Routing Protocol Characteristics 292 Static Versus Dynamic Route Assignment 292 Interior Versus Exterior Routing Protocols 294 Distance-Vector Routing Protocols 295 EIGRP 296 Link-State Routing Protocols 296 Distance-Vector Routing Protocols Versus Link-State Protocols 297 Hierarchical Versus Flat Routing Protocols 297 Classless Versus Classful Routing Protocols 298 IPv4 Versus IPv6 Routing Protocols 299 Administrative Distance 299 Routing Protocol Metrics and...

Cisco Enterprise Architecture Model

The Cisco Enterprise Architecture model facilitates the design of larger, more scalable networks. It represents the focused views of the Cisco Service-Oriented Network Architecture (SONA), which concentrates on each area of the network. SONA is covered in Chapter 1, Network Design Methodology. As networks become more sophisticated, it is necessary to use a more modular approach to design than just WAN and LAN core, distribution, and access layers. The architecture divides the network into...

Cisco Identity Based Network Services

The Cisco Identity-Based Network Services solution is a way to authenticate host access based on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of VLANs on a per-user basis, guest VLANs, and 802.1X with port security. The 802.1X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network. The 802.1X protocol operates between the end-user client seeking access and an Ethernet switch or...

Cisco IOS Packaging

Cisco IOS packaging involves consolidating and organizing the IOS software using consistent and standardized naming across all router platforms. The four base service categories are as follows IP Base Entry-level IOS supporting IP data IP Voice Supports converged voice and data Advanced Security Security features and VPN Enterprise Base Enterprise Layer 3 protocols and IBM support In addition, three additional premium packages offer new IOS software features that focus on more complex...

Codec Standards

Codecs transform analog signals into a digital bit stream and digital signals back into analog signals. Figure 15-14 shows that an analog signal is digitized with a coder for digital transport. The decoder converts the digital signal into analog form. Each codec provides a certain quality of speech. A measure used to describe the quality of speech is the Mean Opinion Score (MOS). With MOS, a large group of listeners judges the quality of speech from 5 (best) to 1 (bad). The scores are then...

Comparing Hardware and Software

Table 6-4 compares the Cisco router and switch hardware platforms and their associated software families, releases, and functional descriptions. Table 6-4 Cisco Router Switch Platform and Software Comparison Table 6-4 Cisco Router Switch Platform and Software Comparison Cisco IOS T Releases 12.3, 12.4, 12.3T, and 12.4T Access routing platforms supporting fast and scalable delivery of data for enterprise applications. Delivers midrange routing services for the Enterprise and SP edge networks....

Contents at a Glance

Chapter 1 Network Design Methodology 5 Chapter 2 Network Structure Models 33 Part II LAN and WAN Design 67 Chapter 3 Enterprise LAN Design 69 Chapter 4 Wireless LAN Design 111 Chapter 5 WAN Technologies 151 Chapter 6 WAN Design 181 Part III The Internet Protocol and Routing Protocols 217 Chapter 7 Internet Protocol Version 4 219 Chapter 8 Internet Protocol Version 6 257 Chapter 9 Routing Protocol Selection Criteria 289 Chapter 10 RIP and EIGRP Characteristics and Design 317 Chapter 11 OSPF and...

Controller Redundancy Design

WLCs can be configured for dynamic or deterministic redundancy. For deterministic redundancy, the access point is configured with a primary, secondary, and tertiary controller. This requires more upfront planning but allows better predictability and faster failover times. Deterministic redundancy is the recommended best practice. N+1, N+N, and N+N+1 are examples of deterministic redundancy. Dynamic controller redundancy uses LWAPP to load-balance APs across WLCs. LWAPP populates APs with a...

Converting Binary to Decimal

To convert a binary number to decimal, multiply each instance of 0 or 1 by the power of 2 associated with the position of the bit in the binary number. The first bit, starting from the right, is associated with 20 1. The value of the exponent increases by 1 as each bit is processed, working leftward. As shown in Table B-4, each bit in the binary number 10101010 has a decimal equivalent from 0 to 128 based on the value of the bit multiplied by a power of 2 associated with the bit position. This...

Converting Decimal to Hexadecimal

First things first memorize Table B-1. There are two ways to convert larger numbers. The first method is to convert decimal to binary and then convert binary to hex. The second method is to divide the decimal number by 16 the residual is the rightmost hexadecimal digit and then keep dividing until the number is not divisible anymore. For the first method, use the schemes described in later sections. For the second method, follow the examples described here. First, divide the decimal number by...

D

Projects Agency), 624 data compression, 170 data integrity, 449 data link layer (OSI model), 621 database services, 510 data-center module, 92 datagrams, 222 DC aggregation layer, 94 DE (Discard Eligibility) bit, 159 decimal numeric system converting to binary, 633-634 converting to hexadecimal, 627 delay components on VoIP networks, 528-530 CME deployment model, 520 multisite centralized WAN call- processing deployment model, 519 multisite distributed WAN call- processing deployment model, 519...

Data Link Layer OSI Layer

This layer is concerned with the reliable transport of data across a physical link. Data at this layer is formatted into frames. Data link specifications include frame sequencing, flow control, synchronization, error notification, physical network topology, and physical addressing. This layer converts frames into bits when sending information and converts bits into frames when receiving information from the physical media. Bridges and switches operate at the data link layer. Because of the...

Dense Wave Division Multiplexing

Dense Wave Division Multiplexing (DWDM) increases fiber optic's bandwidth capabilities by using different wavelengths of light called channels over the same fiber strand. It maximizes the use of the installed base of fiber used by service providers and is a critical component of optical networks. DWDM allows for service providers to increase the services offered to customers by adding new bandwidth to existing channels on the same fiber. DWDM lets a variety of devices access the network,...

Design Goals of IP Telephony

The overall goal of IP telephony is to replace traditional TDM-based telephony by deploying IPT components on existing IP networks. IPT should be highly available and as reliable as existing voice networks. IPT should provide greater flexibility and productivity while providing lower cost QoS Enabled L2 Switch QoS Enabled L3 Switch QoS Enabled L2 Switch QoS Enabled L3 Switch of ownership by using a converged network. IPT also allows third-party software providers to develop new applications for...

Determining the Network Portion of an IP Address

Given an address and mask, you can determine the classful network, the subnetwork, and the subnetwork's broadcast number. You do so with a logical AND operation between the IP address and subnet mask. You obtain the broadcast address by taking the subnet number and making the host portion all ls. Table 7-l4 shows the logical AND operation. Notice that the AND operation is similar to multiplying bit l and bit 2 if any 0 is present, the result is 0. Table 7-14 The AND Logical Operation Table 7-14...

Dialup

Dialup technology provides connectivity over the PSTN using analog modems. Although the bandwidth is relatively low, the availability of analog is very widespread. Dialup connectivity is ideal for low-bandwidth conversations of 56 kbps or less. Despite the high availability of dialup technology over analog lines, it is generally not a viable option anymore. However, a common use of dialup is when a remote worker or teleworker uses it as a backup network solution if his or her DSL or cable...

Digital Subscriber Line

Digital Subscriber Line (DSL) is a technology that provides high-speed Internet data services over ordinary copper telephone lines. It achieves this by using frequencies that are not used in normal voice telephone calls. The term xDSL describes the various competing forms of DSL available today. Some of the DSL technologies available include asymmetric (ADSL), symmetric (SDSL), high bit rate (HDSL), very high bit rate (VDSL), rate-adaptive (RADSL) and IDSL (based on ISDN). Table 5-3 summarizes...

Distance Vector Routing Protocols Versus Link State Protocols

When choosing a routing protocol, consider that distance-vector routing protocols use more network bandwidth than link-state protocols. Distance-vector protocols generate more bandwidth overhead because of the large periodic routing updates. Link-state routing protocols do not generate significant routing update overhead but do use more router CPU and memory resources than distance-vector protocols. Generally, WAN bandwidth is a more expensive resource than router CPU and memory in modern...

Do I Know This Already

Integrated Transport, Integrated Service, and Integrated Application are the three phases of IIN. 2. A. Application, Interactive Services, and Network Infrastructure are the layers of SONA. 3. C. Virtualization services occur in the Interactive Service layer of SONA. 4. B. IPCC is a collaboration application. All the others are business applications. 6. A, B, C. The PPDIOO methodology has three steps. 7. D. The primary sources of network audits are existing documentation, management...

Do I Know This Already Quiz

The purpose of the Do I Know This Already quiz is to help you decide whether you need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The eight-question quiz, derived from the major sections in the Foundation Topics portion of the chapter, helps you determine how to spend your limited study time. Table 2-1 outlines the major topics discussed in this chapter and the Do I Know This Already quiz questions that...

Dual Stack Backbones

In this model, all routers in the backbone are dual-stack, capable of routing both IPv4 and IPv6 packets. The IPv4 protocol stack is used between IPv4 hosts, and the IPv6 protocol stack is used between IPv6 hosts. This deployment model works for organizations with a mixture of IPv4 and IPv6 applications. Figure 8-8 shows a network with a dual-stack backbone. All the WAN routers run both IPv4 and IPv6 routing protocols. The disadvantages are that the WAN routers require dual addressing, run two...

Dual Tier Design

The dual-tier design is recommended for branch offices of 50 to 100 users, with an additional access router in the WAN edge allowing for redundancy services. Typically two 2821 or 2851 routers are used to support the WAN, and separate access switches are used to provide LAN connectivity. The infrastructure components are dual-access routers, external Layer 2 Layer 3 switches, laptops, desktops, printers, and IP phones. Dual Frame Relay links are used to connect to the corporate offices via both...

EIGRP Components

EIGRP has four components that characterize it Neighbor discovery and recovery Reliable Transport Protocol (RTP) You should know the role of the EIGRP components, which are described in the following sections. EIGRP uses different modules that independently support IP, Internetwork Packet Exchange (IPX), and AppleTalk routed protocols. These modules are the logical interface between DUAL and routing protocols such as IPX RIP, AppleTalk Routing Table Maintenance Protocol (RTMP), and IGRP. The...

EIGRP for IPv4 Networks

Cisco Systems released EIGRP in the early 1990s as an evolution of IGRP toward a more scalable routing protocol for large internetworks. EIGRP is a classless protocol that permits the use of VLSMs and that supports CIDR for the scalable allocation of IP addresses. EIGRP does not send routing updates periodically, as does IGRP. EIGRP allows for authentication with MD5. EIGRP autosummarizes networks at network borders and can load-balance over unequal-cost paths. Packets using EIGRP use IP 88....

EM Signaling

E& M is an analog signaling technique often used in PBX-to-PBX tie-lines. E& M is receive and transmit, or more commonly called ear and mouth. Cisco routers support four E& M signal types Type I, Type II, Type III, and Type V. Types I and II are most popular on the American continents. Type V is used in the United States and Europe. There are also three forms of E& M dial supervision signaling to seize the E& M trunk Immediate start This is the most basic protocol. In this...

Enterprise Branch Profiles

The SONA framework has three profiles for the Enterprise Branch. They are based on the number of users located at the branch. The profiles are not intended to be the only architectures for branch offices but rather a common set of services that each branch should include. These profiles serve as a basis on which integrated services and application networking are built. The three profiles for the SONA framework enterprise branch are as follows Single-tier design Up to 50 users (small) Dual-tier...

Enterprise Campus LANs

A campus LAN connects two or more buildings within a local geographic area using a high-bandwidth LAN media backbone. Usually the enterprise owns the medium (copper or fiber). High-speed switching devices minimize latency. In today's networks, Gigabit Ethernet campus backbones are the standard for new installations. In Figure 3-10, Layer 3 switches with Gigabit Ethernet media connect campus buildings. Ensure that you implement a hierarchical composite design on the campus LAN and that you...

Enterprise Campus Module

The Enterprise Campus consists of the following submodules Figure 2-5 shows the Enterprise Campus model. The campus infrastructure consists of the campus core, building-distribution, and building-access layers. The campus core provides a high-speed switched backbone between buildings, to the server farm and to the enterprise distribution. This segment consists of redundant and fast convergence connectivity. The building-distribution layer aggregates all the closet access switches and performs...

Enterprise Data Center Infrastructure

Data centers (DC) contain different types of server technologies, including standalone servers, blade servers, mainframes, clustered servers, and virtual servers. Figure 3-14 shows the Enterprise DC. The DC access layer must provide the port density to support the servers, provide high-performance low-latency Layer 2 switching, and support dual and single connected servers. The preferred design is to contain Layer 2 to the access layer and Layer 3 on the distribution. Some solutions push Layer...

Enterprise Edge Components

When selecting Enterprise Edge hardware and software, you must keep in mind several considerations. Here are some factors to examine during the selection process Hardware selection involves the data link functions and features offered by the device. Considerations include the following Modularity (add-on hardware) Backplane and packet throughput Redundancy (CPU and or power) Expandability for future use Software selection focuses on the network performance and the feature sets included in the...

Enterprise Edge Module

As shown in Figure 2-6, the Enterprise Edge consists of the following submodules E-commerce networks and servers Internet connectivity and DMZ Figure 2-6 Enterprise Edge Module The e-commerce submodule provides highly available networks for business services. It uses the high-availability designs of the server farm module with the Internet connectivity of the Internet module. Design techniques are the same as those described for these modules. Devices located in the e-commerce submodule include...

Enterprise Teleworker Branch of One Design

At the remote edges of the network is another branch office called the Branch of One, also known as Enterprise Teleworkers. Organizations are continually trying to reduce costs and improve their employees' productivity. By working from home, employees can manage their work schedules more effectively and increase their productivity. This also results in greater job satisfaction and flexibility in the employees' work schedule. The work-from-home teleworker is an extension of the enterprise and...

Enterprise WAN Architecture

When selecting an enterprise WAN architecture, you should identify and understand the connectivity and business requirements. It is important to review sample network designs that could meet the identified requirements. Here are some common factors that influence decisions High availability Most businesses need a high level of availability, especially for their critical applications. The goal of high availability is to remove the single points of failure in the design, either by software,...

Example of Layered Communication

Suppose that you use a Telnet application. Telnet maps to the top three layers of the OSI model. In Figure B-4, a user on Host 1 enables the Telnet application to access a remote host (Host 2). The Telnet application provides a user interface (application layer) to network services. As defined in RFC 854, ASCII is the default code format. No session layer is defined for Telnet (not an OSI protocol). Per the RFC, Telnet uses TCP for connectivity (transport layer). The TCP segment is placed in an...

F

Falcon Communications scenario, 579, 581 Fast EtherChannel, network design guidelines, 79 Fast Ethernet, network design rules, 74 100BASE-FX, 75 100BASE-T, 75 100BASE-T4, 75 100BASE-TX, 75 FHSS (frequency-hopping spread spectrum), 114 fields of IPv6 header, 261-262 firewalls as Cisco Self-Defending Network technology, 470 flat routing protocols, 297 floating static routes, 58 flooding, 82 flow control, 622 flush timer (RIP), 323 forwarding information base (RIPvl), 321 forwarding information...

Features of This Book

Do I Know This Already Quizzes Each chapter begins with a quiz that helps you determine how much time you need to spend studying that chapter. If you follow the directions at the beginning of the chapter, the Do I Know This Already quiz directs you to study all or particular parts of the chapter. Foundation Topics These are the core sections of each chapter. They explain the protocols, concepts, and configuration of the topics in that chapter. If you need to learn about the topics in a...

Foundation Summary

The Foundation Summary section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CCDA exam, a well-prepared CCDA candidate should at a minimum know all the details in each Foundation Summary before taking the exam. This chapter has covered the following topics you need to master for the CCDA exam RIPv2 The enhancements in Version 2 of RIP to support network designs RIPng New RIP for IPv6 networks...

Foundation Topics

With the complexities of networks, it is necessary to use architectures and methodologies in network design to support business goals. Cisco's Intelligent Information Network (IIN) framework and Service-Oriented Network Architecture (SONA) make it possible to better align IT resources with business priorities. The Cisco Prepare, Plan, Design, Implement, Operate, and Optimize (PPDIOO) network life cycle defines a continuous cycle of phases in a network's life. Each phase includes key steps in...

Full Mesh Topology

With full-mesh topologies, each site has a connection to all other sites in the WAN cloud (any-to-any). As the number of sites grows, so does the number of spoke connections needed. Consequently, the full-mesh topology is not viable in very large networks. However, a key advantage of this topology is that it has plenty of redundancy in the event of network failures. But redundancy implemented with this approach does have a high price associated with it. Here are some issues inherent with...

Ground Start Signaling

Ground-start signaling is an analog signaling technique used to indicate on-hook and off-hook conditions. Ground-start is commonly used in switch-to-switch connections. The difference between ground-start and loop-start is that ground-start requires the closing of the loop at both locations. Ground-start is commonly used by PBXs. The standard way to transport voice between two telephone sets is to use tip and ring lines. Tip and ring lines are the twisted pair of wires that connect to your...

H

H.323, 523-524 hardware compression, 170 header fields of IPv4, 222-224 DS, 226 ToS, 225-226 of IPv6, 261-262 Hello packets EIGRP, 339 OSPF, 359 hexadecimal numeric system, 626 converting to decimal, 629-630 hierarchical LAN architecture, 36 access layer, 39-40, 86-87 core layer, 38, 88 distribution layer, 38-39, 87-88 examples of, 40 hierarchical routing protocols, 297 high-availability network designs media redundancy, 57-58 route redundancy, 55-56 server redundancy, 55 workstation-to-router...

Hierarchical Model Examples

You can implement the hierarchical model by using either routers or switches. Figure 2-2 is an example of a switched hierarchical design in the enterprise campus. In this design, the core provides high-speed transport between the distribution layers. The building-distribution layer provides redundancy and allows policies to be applied to the building-access layer. Layer 3 links between the core and distribution switches are recommended to allow the routing protocol to take care of load...

Hierarchical Network Design

As shown in Figure 2-1, a traditional hierarchical LAN design has three layers The core layer provides fast transport between distribution switches within the enterprise campus. The distribution layer provides policy-based connectivity. The access layer provides workgroup and user access to the network. Figure 2-1 Hierarchical Network Design Has Three Layers Core, Distribution, and Access Each layer provides necessary functionality to the enterprise campus network. You do not need to implement...

Hierarchical Network Models

Hierarchical models enable you to design internetworks that use specialization of function combined with a hierarchical organization. Such a design simplifies the tasks required to build a network that meets current requirements and can grow to meet future requirements. Hierarchical models use layers to simplify the tasks for internetworking. Each layer can focus on specific functions, allowing you to choose the right systems and features for each layer. Hierarchical models apply to both LAN...

Hop Count

The hop count parameter counts the number of links between routers the packet must traverse to reach a destination. The RIP routing protocol uses hop count as the metric for route selection. If all links were the same bandwidth, this metric would work well. The problem with routing protocols that use only this metric is that the shortest hop count is not always the most appropriate path. For example, between two paths to a destination network one with two 56-kbps links and another with four T1...

How This Book Is Organized

This book is divided into the following parts Part I General Network Design (Chapters 1 and 2) Part II LAN and WAN Design (Chapters 3 through 6) Part III The Internet Protocol and Routing Protocols (Chapters 7 through 12) Part IV Security, Convergence, and Network Management (Chapters 13 through 16) Part V Comprehensive Scenarios (Chapter 17) Part VI Appendixes (Appendixes A and B) The CCDA Exam Topics section describes the design topics that are covered on the CCDA exam. Before you begin...

Huband Spoke Topology

A star or hub-and-spoke topology provides a hub router with connections to the spoke routers through the WAN cloud. Network communication between the sites flows through the hub router. Significant WAN cost savings and simplified management are benefits of the hub-and-spoke topology. Hub and spoke topologies also tend to be the most popular WAN topologies. A major disadvantage of this approach is that the hub router represents a single point of failure. The hub-and-spoke topology limits overall...

Identifying Customer Requirements

To obtain customer requirements, you need to not only talk to network engineers, but also talk to business unit personnel and company managers. Networks are designed to support applications you want to determine the network services that you need to support. The steps to identify customer requirements are as follows Step 1 Identify network applications and services. Step 2 Define the organizational goals. Step 3 Define the possible organizational constraints. Step 4 Define the technical goals....

Identity and Access Control Deployments

Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines Source-specific rules with any type destinations should be applied as close to the source as possible. Destination-specific rules with any type sources should be applied as close to the destination as possible. Mixed rules integrating...

Implement Phase

New equipment is installed and configured in the Implement phase. New devices replace or augment the existing infrastructure. The project plan is followed during this phase. Planned network changes should be communicated in change control meetings, with necessary approvals to proceed. Each step in the implementation should includes a description, detailed implementation guidelines, estimated time to implement, rollback steps in case of a failure, and any additional reference information. As...

Implementing Security in the Campus

Security for the campus begins with remembering that you need to implement security throughout your network. Several technologies, protocols, solutions, and devices work together to provide the secure campus. Network security should be implemented in the core, distribution, and access layers and can be grouped into four broad categories Identity and access control 802.1X, NAC, ACLs, and firewalls Threat detection and mitigation NetFlow, Syslog, SNMP, RMON, CS-MARS, NIPS, and HIPS Infrastructure...

Implementing Security in the Enterprise Edge and WAN

The Enterprise Edge and WAN provide connectivity to other parts of your network over both private and public networks. It is important to consider the available security options when transferring data between locations and over WAN and Internet transports. Here are some potential risk areas to keep in mind when moving data between locations Attackers obtain access to the network and compromise the confidentiality and integrity of sensitive information with eavesdropping or data manipulation....

Integrity Violations and Confidentiality Breaches

When attackers change sensitive data without the proper authorization, this is called an integrity violation. For example, an attacker might access financial data and delete critical information. The effect of this change may not be felt for some time or until a significant loss has occurred. Integrity attacks like this are considered by many companies to be one of the most serious threats to their business. Furthermore, identifying these attacks can be very difficult, and the effects can be...

Interior Versus Exterior Routing Protocols

Routing protocols can be categorized as interior gateway protocols (IGP) or exterior gateway protocols (EGP). IGPs are meant for routing within an organization's administrative domain in other words, the organization's internal network. EGPs are routing protocols used to communicate with exterior domains. Figure 9-2 shows where an internetwork uses IGPs and EGPs with multiple autonomous administrative domains. BGP exchanges routing information between the internal network and an ISP. IGPs...

IP Multicast

Table 12-4 summarizes IP multicast protocols. Internet Group Management Protocol. Used by IP hosts to report their multicast group memberships to routers. Cisco Group Management Protocol. Used to control multicast traffic at Layer 2. Another method used to control multicast traffic at Layer 2. Protocol Independent Multicast. IP multicast routing protocol. Distance-Vector Multicast Routing Protocol. Primary multicast routing protocol used in the MBONE. Table 12-5 summarizes IP multicast...

Pv4 Address Subnets

Subnetting plays an important part in IPv4 addressing. The subnet mask helps determine the network, subnetwork, and host part of an IP address. The network architect uses subnetting to manipulate the default mask to create subnetworks for LAN and WAN segments. These subnetworks provide enough addresses for LANs of different sizes. Point-to-point WAN links usually get a subnet mask that allows for only two hosts because only two routers are present in the point-to-point WAN link. You should...

Pv4 Header

The best way to understand IPv4 is to know the IPv4 header and all its fields. Segments from TCP or the User Datagram Protocol (UDP) are passed on to IP for processing. The IP header is appended to the TCP or UDP segment. The TCP or UDP segment then becomes the IP data. The IPv4 header is 20 bytes in length when it uses no optional fields. The IP header includes the addresses of the sending host and destination host. It also includes the upper-layer protocol, a field for prioritization, and a...

Pv4 Versus IPv6 Routing Protocols

With the increasing use of the IPv6 protocol, the CCDA must be prepared to design networks using IPv6 routing protocols. As IPv6 was defined, routing protocols needed to be updated to support the new IP address structure. None of the IPv4 routing protocols support IPv6 networks, and none of the IPv6 routing protocols are backward-compatible with IPv4 networks. But both protocols can coexist on the same network, each with their own routing protocol. Devices with dual stacks recognize which...

Pv6 Address Types and Address Allocations

This section covers the major types of IPv6 addresses. IPv4 addresses are unicast, multicast, or broadcast. IPv6 maintains each of these address functions, except that the IPv6 address types are defined a little differently. A special all-nodes IPv6 multicast address handles the broadcast function. IPv6 also introduces the anycast address type. Also important to understand are the IPv6 address allocations. Sections of the IPv6 address space are reserved for particular functions, each of which...

Pv6 Anycast Address

The IPv6 anycast (one-to-nearest) address identifies a set of devices. An anycast address is allocated from a set of unicast addresses. These destination devices should share common characteristics and are explicitly configured for anycast. You can use the anycast address to identify a set of routers or servers within an area. When a packet is sent to the anycast address, it is delivered to the nearest device as determined by the routing protocol. An example of the use of anycast addresses is...

Pv6 Comparison with IPv4

This section provides a summary comparison of IPv6 to IPv4. Become knowledgeable about the characteristics summarized in Table 8-5. The use of 128 bits over 32 bits is an obvious change. The upper-layer protocol is identified with the next header field in IPv6, which was the protocol type field used in IPv4. ARP is replaced by IPv6 ND. Table 8-5 IPv6 and IPv4 Characteristics Table 8-5 IPv6 and IPv4 Characteristics Stateless autoconfiguration or stateful DHCP EIGRPv6, OSPFv3, RIPng, IS-IS for...

Pv6 Multicast Address

The IPv6 multicast (one-to-many) address identifies a set of hosts. The packet is delivered to all the hosts identified by that address. This type is similar to IPv4 multicast (Class D) addresses. IPv6 multicast addresses also supersede the broadcast function of IPv4 broadcasts. You use an all-nodes multicast address instead. FF01 0 0 0 0 0 0 1 Indicates all-nodes address for interface-local scope. FF02 0 0 0 0 0 0 2 All-routers address for link-local.

Pv6 Multicast Addresses

IPv6 retains the use and function of multicast addresses as a major address class. IPv6 prefix FF00 8 is allocated for all IPv6 multicast addresses. IPv6 multicast addresses are described in RFC 2373. EIGRP for IPv6, OSPFv3, and RIPng routing protocols use multicast addresses to communicate between router neighbors. The format of the IPv6 multicast address is described in Chapter 8, Internet Protocol Version 6. The common multicast addresses are repeated in Table 12-3. Table 12-3 Well-Known...

Pv6 over Dedicated WAN Links

In this deployment model, all nodes and links use IPv6 hierarchy, addressing, and protocols. It is not a transition model, but a new, separate deployment of IPv6. The WAN in this model uses IPv6. The disadvantage of this model is that additional costs are incurred when separate links are used for IPv6 WAN circuits during the transition to using IPv6 exclusively. As shown in Figure 8-6, a company needs both IPv6 and IPv4 networks in sites A and B during the IPv6 deployment and transition. The...

Pv6 over IPv4 Tunnels

In this deployment model, pockets of IPv6-only networks are connected using IPv4 tunnels. With tunneling, IPv6 traffic is encapsulated within IPv4 packets so that they are sent over the IPv4 WAN. The advantage of this method is that you do not need separate circuits to connect the IPv6 networks. A disadvantage of this method is the increased protocol overhead of the encapsulated IPv6 headers. Tunnels are created manually, semiautomatedly, or automatically using 6to4. RFC 3056 specifies the 6to4...

Isdn

Integrated Services Digital Network (ISDN) is an all-digital phone line connection that was standardized in the early 1980s. ISDN allows both voice and data to be transmitted over the digital phone line instead of the analog signals used in dialup connections. ISDN provides greater bandwidth and lower latency compared to dialup analog technology. ISDN comes in two service types Basic Rate Interface (BRI) and Primary Rate Interface (PRI). ISDN is comprised of digital devices and reference...

ISIS Operation and Design

This subsection discusses IS-IS areas, designated routers, authentication, and the NET. IS-IS defines areas differently from OSPF area boundaries are links and not routers. IS-IS has no BDRs. Because IS-IS is an OSI protocol, it uses a NET to identify each router. To configure the IS-IS routing protocol, you must configure a NET on every router. Although configuring NET is not a CCDA test requirement, this information is included for extra credit. Although you can configure IS-IS to route IP,...

ISR Security Hardware Options

The Cisco Integrated Services Routers have additional hardware options that enhance the routers' security capabilities. Here are some of the available hardware options Built-in VPN Acceleration is hardware-based encryption that offloads VPN processing from the router's internal CPU to improve VPN throughput. High-Performance AIM is a VPN encryption advanced integration module used to terminate large numbers of VPN tunnels such as with DMVPN. The module supports 3DES and AES, which increases the...

LAN Media

This section identifies some of the constraints you should consider when provisioning various LAN media types. It covers the physical specifications of Ethernet, Fast Ethernet, and Gigabit Ethernet. It also covers the specifications for Token Ring, because you may find this technology on existing networks. You must also understand the design constraints of wireless LANs in the campus network. Specifications for wireless LANs are covered in Chapter 4, Wireless LAN Design.

Large Building LANs

Large-building LANs are segmented by floors or departments. The building-access component serves one or more departments or floors. The building-distribution component serves one or more building-access components. Campus and building backbone devices connect the data center, building-distribution components, and the Enterprise Edge-distribution component. The access layer typically uses Layer 2 switches to contain costs, with more expensive Layer 3 switches in the distribution layer to provide...

Local Loop and Trunks

Depending on the dialed digits, a call routes through the local loop, one or more trunks, and the destination local loop to reach the destination phone. The local loop is the pair of wires that runs from the CO to the home or business office. Trunks connect two switches. The type of trunk depends on the function of the switches the trunk is connecting. The term tie-line is frequently used instead of trunk to describe a dedicated line connecting two telephone switches within a single...

Local Management Interface

Frame Relay uses a signaling protocol between the Frame Relay router and the Frame Relay switch called the Local Management Interface (LMI). The LMI protocol sends periodic keepalive messages and notifications of additions or removals of PVCs. Three types of LMI protocols are available. The service provider usually informs you on which one to use. LMI also offers a number of features or extensions, including global addressing, virtual circuit status messages, and multicasting. By default, Cisco...

Loop Start Signaling

Loop-start signaling is an analog signaling technique used to indicate on-hook and off-hook conditions in the network. It is commonly used between the telephone set and the CO, PBX, or FXS module. As shown in Figure 15-3, with loop-start the local loop is open when the phone is on-hook. When the phone is taken off-hook, a -48 direct current (DC) voltage loops from the CO through the phone and back. Loop-start signaling is used for residential lines.

Loss of Availability

Denial-of-service (DoS) attacks try to block or deny access to impact the availability of network services. These types of attacks can interrupt business transactions, cause considerable loss, or damage the company's reputation. DoS attacks are fairly straightforward to carry out, even by an unskilled attacker. Distributed DoS (DDoS) attacks are initiated by multiple source locations within the network to increase the attack's size and impact. DDoS attacks occur when the attacker takes...

Low Latency Queuing

Low-Latency Queuing (LLQ) adds a strict priority queue to CBWFQ. The strict priority queue allows delay-sensitive traffic such as voice to be sent first, before other queues are serviced. That gives voice preferential treatment over the other traffic types. Without LLQ, CBWFQ would not have a priority queue for real-time traffic. The additional classification of other traffic classes is done using the same CBWFQ techniques. LLQ is the standard QoS method of choice for Voice over IP networks.

Lwapp

Lightweight Access Point Protocol (LWAPP) is a draft Internet Engineering Task Force (IETF) standard for control messaging for setup, authentication, and operations between access points (AP) and wireless LAN controllers (WLC). With Cisco's UWN Split-MAC operation, the control and data messages are split. Lightweight Access Points (LWAP) communicate with the WLCs using control messages over the wired network. LWAPP data messages are encapsulated and forwarded to and from wireless clients. The...

Media Redundancy

In mission-critical applications, it is often necessary to provide redundant media. In switched networks, switches can have redundant links to each other. This redundancy is good because it minimizes downtime, but it can result in broadcasts continuously circling the network, which is called a broadcast storm. Because Cisco switches implement the IEEE 802.1d spanning-tree algorithm, you can avoid this looping in Spanning Tree Protocol (STP). The spanning-tree algorithm guarantees that only one...

Multicast Traffic Considerations

Internet Group Management Protocol (IGMP) is the protocol between end workstations and the local Layer 3 switch. IGMP is the protocol used in multicast implementations between the end hosts and the local router. RFC 2236 describes IGMP version 2 (IGMPv2). RFC 1112 describes the first version of IGMP. IP hosts use IGMP to report their multicast group memberships to routers. IGMP messages use IP protocol number 2. IGMP messages are limited to the local interface and are not routed. RFC 3376...

Multiprotocol Label Switching

MPLS is technology for the delivery of IP services using labels (numbers) to forward packets. In normal routed environments, packets are forwarded by the router performing a Layer 3 destination address lookup and rewriting the Layer 2 addresses. MPLS functions by encapsulating packets with headers that include the label information. As soon as packets are marked with a label, specific paths through the network can be designed to correspond to that distinct label. MPLS labels can be based on...