A

ABRs (area border routers), 362 access control, 446 access layer of hierarchical LAN architecture, 39-40 best practices, 86-87 access point modes (LWAPP), 122-123 access VPNs, 188 ACD, 511 global unicast addresses, 267 IPv4-compatible addresses, 267 link-local addresses, 267 loopback addresses, 266 multicast addresses, 268-269 site-local addresses, 268 unspecified addresses, 266 reserving subnets for VoIP devices, 239 address assignment methods for IPv6, 273 address classes (IPv4), 228-229...

Access Control

Access control is a security mechanism for controlling admission to networks and resources. These controls enforce the security policy and employ rules about which resources can be accessed. Access control ensures the confidentiality and integrity of the network resources. The core of network access control consists of the following Authentication establishes the user's identity and access to the network resources. Authorization describes what can be done and what can be accessed. Accounting...

Acknowledgments

This book would not have been possible without the efforts of many dedicated people. Thanks to Andrew Cupp, development editor, for his guidance and special attention to detail. Thanks to Tonya Simpson, senior project editor, for her accuracy. Thanks to Brett Bartow, executive editor, for his vision. Thanks to all other Cisco Press team members who worked behind the scenes to make this a better book. A special thanks my coauthor, Steve Jordan, for stepping in and contributing four chapters in...

Address Assignment and Name Resolution

IP addresses, subnet masks, default gateways, and DNS servers can be assigned statically or dynamically. You should statically assign most shared network systems, such as routers and servers, but dynamically assign most client systems. This section covers the protocols you use to dynamically assign IP address parameters to a host, which are the Bootstrap Protocol (BOOTP) and the Dynamic Host Configuration Protocol (DHCP). This section also covers DNS and ARP, which are two significant protocols...

Addressing Digit Signaling

There are two methods for submitting analog address digits to place a call Dual-tone multifrequency (DTMF) dialing Pulse dialing uses the opening and closing of a switch at the telephone set. A rotary register at the CO detects the opening and closing of the loop. When the number 5 is dialed on a rotary phone, the dial mechanism opens and closes five times, each one-tenth of a second apart. DTMF uses two tones simultaneously to indicate the dialed number. Table 15-3 shows the phone keypad and...

Administrative Distance

On Cisco routers running more than one routing protocol, it is possible for two different routing protocols to have a route to the same destination. Cisco routers assign each routing protocol an administrative distance. When multiple routes exist for a destination, the router selects the longest match. For example, if to reach a destination of 170.20.10.1 OSPF has a route prefix of 170.20.10.0 24 and EIGRP has a route prefix of 170.20.0.0 16, the OSPF route is preferred because the 24 prefix is...

Analogto Digital Signal Conversion

The steps involved in converting from analog-to-digital signaling are filtering, sampling, and digitizing. First, signals over 4000 Hz are filtered out of the analog signal. Second, the signal is sampled at 8000 times per second using Pulse Amplitude Modulation (PAM). Third, the amplitude samples are converted to a binary code. The digitizing process is divided further into two subprocesses Companding This term comes from compressing and expanding. The analog samples are compressed into...

Application Layer OSI Layer

The application layer gives the user or operating system access to the network services. It interacts with software applications by identifying communication resources, determining network availability, and distributing information services. It also provides synchronization between the peer applications residing on separate systems. Examples of application layer specifications are File Transfer Protocol (FTP) Simple Mail Transfer Protocol (SMTP) Simple Network Management Protocol (SNMP)...

B

On VoIP networks, 527-528 WAN technology considerations, 169 BDRs (backup designated routers), 362-363 Beauty Things scenario, 577-579 Bellman-Ford algorithm, 295 best path selection BGP, 401 metrics, 300-301 bandwidth, 301 cost, 302-303 delay, 303 hop count, 301 load, 303 MTU, 304 reliability, 304 BGP (Border Gateway Protocol), 390 administrative distance, 396 attributes, 396 atomic aggregate, 399-400 community, 399 local preference, 397 MED, 398-399 next-hop, 397 origin, 398 weight, 400 best...

Bandwidth

The bandwidth parameter uses the interface bandwidth to determine a best path to a destination network. When bandwidth is the metric, the router prefers the path with the highest bandwidth to a destination. For example, a Fast Ethernet (100 Mbps) is preferred over a DS-3 (45 Mbps). As shown in Figure 9-3, a router using bandwidth to determine a path would select Path 2 because of the larger bandwidth, 1.5 Mbps over 56 kbps. If a routing protocol uses only bandwidth as the metric and the path...

Bandwidth Considerations

Table 5-4 compares a number of different WAN technologies, along with the speeds and media types associated with them. Table 5-4 Physical Bandwidth Comparison Table 5-4 Physical Bandwidth Comparison Frame Relay, Ethernet, DSL, cable, T3 Gigabit Ethernet, 10Gigabit Ethernet, ATM, SONET SDH, POS, dark fiber The WAN designer must engineer the network with enough bandwidth to support the needs of the users and applications that will use the network. How much bandwidth a network needs depends on the...

Benefits of the Hierarchical Model

The benefits of using hierarchical models for your network design include the following After adopting hierarchical design models, many organizations report cost savings because they are no longer trying to do everything in one routing or switching platform. The model's modular nature enables appropriate use of bandwidth within each layer of the hierarchy, reducing the provisioning of bandwidth in advance of actual need. Keeping each design element simple and functionally focused facilitates...

Best Practices for Hierarchical Layers

Each layer of the hierarchical architecture contains special considerations. The following sections describe best practices for each of the three layers of the hierarchical architecture access, distribution, and core. When designing the building access layer, you must take into consideration the number of users or ports required to size up the LAN switch. Connectivity speed for each host should be considered. Hosts might be connected using various technologies such as Fast Ethernet, Gigabit...

Bgp

This section covers BGP theory and design concepts. The current version of BGP, Version 4, is defined in RFC 1771 (March 1995). BGP is an interdomain routing protocol. What this means is that you use BGP to exchange routing information between autonomous systems. The primary function of BGP is to provide and exchange network-reachability information between domains or autonomous systems. BGP is a path vector protocol that is suited for setting routing policies between autonomous systems. In the...

BGP Administrative Distance

The Cisco IOS Software assigns an administrative distance to eBGP and iBGP routes, as it does with other routing protocols. For the same prefix, the route with the lowest administrative distance is selected for inclusion in the IP forwarding table. Because iBGP-learned routes do not have metrics associated with the route as IGPs (OSPF and EIGRP) do, iBGP-learned routes are less trusted. For BGP, the administrative distances are

BGP Neighbors

BGP is usually configured between two directly connected routers that belong to different autonomous systems. Each autonomous system is under different technical administration. BGP is frequently used to connect the enterprise to service providers and to interconnect service providers, as shown in Figure 12-1. The routing protocol within the enterprise could be any interior gateway protocol (IGP). Common IGP choices include RIPv2, EIGRP, Open Shortest Path First (OSPF), and Intermediate...

BGP Summary

BGP is an exterior gateway protocol (EGP) used in routing in the Internet. It is an interdomain routing protocol. BGP is a path vector routing protocol suited for strategic routing policies. It uses TCP port 179 to establish connections with neighbors. eBGP is used for external neighbors. It is used between different autonomous systems. iBGP is used for internal neighbors. It is used within an AS. BGP uses several attributes in the routing-decision algorithm. It uses confederations and route...

Binary Numbers

The binary number system uses two digits 1 and 0. Computer systems use binary numbers. IP addresses and MAC addresses are represented by binary numbers. The number of binary 1s or 0s is the number of bits, short for binary digits. For example, 01101010 is a binary number with 8 bits. An IP address has 32 bits, and a MAC address has 48 bits. As shown in Table B-2, IPv4 addresses are usually represented in dotted-decimal format therefore, it is helpful to know how to convert between binary and...

Border Gateway Protocol Route Manipulation and IP Multicast

This chapter covers the Border Gateway Protocol (BGP), which is used to exchange routes between autonomous systems. It is most frequently used between enterprises and service providers. The Route Manipulation section covers route summarization and redistribution of route information between routing protocols. The CCDA should know where redistribution occurs when required by the network design. This chapter also reviews policy-based routing (PBR) as a method to change the destination IP address...

Branch Design

It is important to characterize the existing network and gather requirements to develop a suitable design for the branch. Here are some questions you should ask How many locations and existing devices are there (network devices, servers, users) What amount of scalability and growth is expected What level of high availability and or redundancy is required Is specific server or network protocol support needed Will the network management and or support be centralized or distributed Are there any...

Branch Design Considerations

For branch networks you need to consider the number and placement of APs, which depends on the location and expected number of wireless clients at the branch office. It may not be cost-justifiable to place a WLC at each branch office of an enterprise. One requirement is that the round-trip time (RTT) between the AP and the WLC should not exceed 100 ms. For centralized controllers, it is recommended that you use REAP or Hybrid REAP (H-REAP). LWAPP supports local media access control (local MAC),...

Bridges

Bridges connect separate segments of a network. They differ from repeaters in that bridges are intelligent devices that operate in the data link layer of the OSI model. Bridges control the collision domains on the network. Bridges also learn the MAC layer addresses of each node on each segment and on which interface they are located. For any incoming frame, bridges forward the frame only if the destination MAC address is on another port or if the bridge is unaware of its location. The latter is...

Cable

Broadband cable is a technology used to transport data using a coaxial cable medium over cable distribution systems. The equipment used on the remote-access side is the cable modem, which connects to the Cable Modem Termination System (CMTS) on the ISP side. The Universal Broadband Router (uBR) provides the CMTS services and is deployed at the cable company headend. The uBR forwards traffic upstream through the provider's WAN core or the local PSTN, depending on the services being provided. The...

Campus Design Considerations

When designing for the Cisco Unified Wireless Network, you need to be able to determine how many LWAPs to place and how they will be managed with the WLCs. Table 4-4 summarizes campus design considerations. Table 4-4 WLAN Design Considerations Table 4-4 WLAN Design Considerations The design should have enough APs to provide full RF coverage for wireless clients for all the expected locations in the enterprise. Cisco recommends 20 data devices per AP and 7 g.711 concurrent or 8 g.729 concurrent...

Campus LAN Quality of Service Considerations

For the access layer of the campus LAN, you can classify and mark frames or packets to apply quality of service (QoS) policies in the distribution or at the Enterprise Edge. Classification is a fundamental building block of QoS and involves recognizing and distinguishing between different traffic streams. For example, you distinguish between HTTP HTTPS, FTP, and VoIP traffic. Without classification, all traffic would be treated the same. Marking sets certain bits in a packet or frame that has...

CAS and CCS Signaling

Digital signaling has two major forms Channel Associated Signaling (CAS) and Common Channel Signaling (CCS). The major difference is that with CAS the signaling is included in the same channel as the voice call. With CCS the signaling is provided in a separate channel. Table 15-2 shows the common types of CAS and CCS. They are covered in the following sections. Table 15-2 Common CAS and CCS Signaling Types Table 15-2 Common CAS and CCS Signaling Types

Catalyst 6500 Services Modules

The Catalyst 6500 switching platform supports additional security services and functionality through the use of services modules. Several modules enable firewall, IDS, SSL, and network analysis services, in addition to IPsec VPN connectivity and anomaly traffic support. Catalyst 6500 service modules include the following Firewall Services Module (FWSM) is a high-speed firewall module for use in the Cisco Catalyst 6500 and Cisco 7600 series routing platforms. Up to four FWSMs can be installed in...

CCDA Official Exam Certification Guide Third Edition

Anthony Bruno, CCIE No. 2738 Steve Jordan, CCIE No. 11293 Copyright 2007 Cisco Systems, Inc. Published by Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in...

Network Design Methodology

Do I Know This Already Quiz 5 Foundation Topics 8 Intelligent Information Network and Service-Oriented Network Architecture 8 IIN Framework 8 SONA 9 Network Infrastructure Layer 10 Interactive Service Layer 11 Application Layer 11 Benefits of SONA 12 Prepare, Plan, Design, Implement, Operate, and Optimize Phases 13 Prepare Phase 14 Plan Phase 14 Design Phase 14 Implement Phase 14 Operate Phase 14 Optimize Phase 15 Design Methodology Under PPDIOO 15 Identifying Customer Requirements 15...

RIP and Eigrp Characteristics and Design 317

Do I Know This Already Quiz 317 Foundation Topics 320 RIPvl 320 RIPvl Forwarding Information Base 321 RIPvl Message Format 321 RIPvl Timers 322 Update Timer 322 Invalid Timer 323 Flush Timer 323 Holddown Timer 323 RIPvl Design 323 RIPvl Summary 324 RIPv2 324 MD5 Authentication 325 RIPv2 Forwarding Information Base 325 RIPv2 Message Format 326 RIPv2 Timers 327 RIPv2 Design 327 RIPv2 Summary 327 RIPng 328 RIPng Timers 328 Authentication 328 RIPng Message Format 329 RIPng Design 330 RIPng Summary...

OSPF and ISIS 355

Do I Know This Already Quiz 355 Foundation Topics 358 OSPFv2 358 OSPFv2 Concepts and Design 358 OSPFv2 Metric 359 OSPFv2 Adjacencies and Hello Timers 359 OSPFv2 Areas 360 OSPF Router Types 361 OSPF DRs 362 LSA Types 363 OSPF Stub Area Types 364 Virtual Links 366 OSPFv2 Router Authentication 366 OSPFv2 Summary 366 OSPFv3 367 OSPFv3 Changes from OSPFv2 367 OSPFv3 Areas and Router Types 368 OSPFv3 Link State Advertisements 368 OSPFv3 Summary 371 IS-IS 371 IS-IS Metrics 372 IS-IS Operation and...

Security Management 427

Do I Know This Already Quiz 427 Foundation Topics 431 Network Security Overview 431 Security Legislation 432 Security Threats 432 Reconnaissance and Port Scanning 433 Vulnerability Scanners 433 Unauthorized Access 434 Security Risks 434 Targets 435 Loss of Availability 435 Integrity Violations and Confidentiality Breaches 436 Security Policy and Process 437 Security Policy Defined 438 Basic Approach of a Security Policy 438 Purpose of Security Policies 439 Security Policy Components 439 Risk...

Security Technologies and Design 463

Do I Know This Already Quiz 463 Foundation Topics 467 Cisco Self-Defending Network 467 Network Security Platforms 468 Self-Defending Network Phases 469 Trust and Identity Technologies 470 Firewall ACLs 470 NAC Framework and Appliance 471 Cisco Identity-Based Network Services 472 Identity and Access Control Deployments 473 Detecting and Mitigating Threats 474 Threat Detection and Mitigation Technologies 474 Threat Detection and Mitigation Solutions 475 Security Management Applications 476...

Traditional Voice Architectures and IP Telephony Design 497

Do I Know This Already Quiz 497 Foundation Topics 500 Traditional Voice Architectures 500 PBX and PSTN Switches 500 Local Loop and Trunks 501 Ports 503 Major Analog and Digital Signaling Types 503 Loop-Start Signaling 504 Ground-Start Signaling 504 E& M Signaling 505 CAS and CCS Signaling 506 PSTN Numbering Plan 508 Other PSTN Services 510 Centrex Services 510 Voice Mail 510 Database Services 510 IVR 510 ACD 511 Voice Terminology 511 Grade of Service 511 Erlangs 511 Centum Call Second (CCS)...

Comprehensive Scenarios 569

Scenario One Pearland Hospital 569 Scenario One Questions 570 Scenario One Answers 571 Scenario Two Big Oil and Gas 574 Scenario Two Questions 575 Scenario Two Answers 576 Scenario Three Beauty Things Store 577 Scenario Three Questions 578 Scenario Three Answers 579 Scenario Four Falcon Communications 579 Scenario Four Questions 580 Scenario Four Answers 580 Appendix A Answers to Chapter Do I Know This Already Quizzes and Q& A Sections 585 Appendix B The OSI Reference Model, TCP IP...

Network Structure Models

Do I Know This Already Quiz 33 Foundation Topics 36 Hierarchical Network Models 36 Benefits of the Hierarchical Model 36 Hierarchical Network Design 37 Core Layer 38 Distribution Layer 38 Access Layer 39 Hierarchical Model Examples 40 Cisco Enterprise Architecture Model 42 Enterprise Campus Module 43 Enterprise Edge Module 45 E-Commerce 45 Internet Edge 46 VPN Remote Access 47 Enterprise WAN 48 Service Provider (SP) Edge Module 49 Remote Modules 50 Enterprise Branch Module 50 Enterprise Data...

Enterprise LAN Design

Do I Know This Already Quiz 69 Foundation Topics 72 LAN Media 72 10-Mbps Fiber Ethernet Design Rules 74 100-Mbps Fast Ethernet Design Rules 74 Gigabit Ethernet Design Rules 76 1000BASE-LX Long-Wavelength Gigabit Ethernet 77 1000BASE-SX Short-Wavelength Gigabit Ethernet 78 1000BASE-CX Gigabit Ethernet over Coaxial Cable 78 1000BASE-T Gigabit Ethernet over UTP 78 10 Gigabit Ethernet (10GE) Design Rules 79 10GE Media Types 79 Fast EtherChannel 79 Token Ring Design Rules 80 LAN Hardware 80...

Wireless LAN Design 111

Do I Know This Already Quiz 111 Foundation Topics 114 Wireless LAN Technologies 114 Wireless LAN Standards 114 ISM and UNII Frequencies 115 Summary of Wireless LAN Standards 116 Service Set Identifier (SSID) 116 WLAN Layer 2 Access Method 116 WLAN Security 116 Unauthorized Access 117 WLAN Security Design Approach 117 IEEE 802.1X-2001 Port-Based Authentication 118 Dynamic WEP Keys and LEAP 118 Controlling WLAN Access to Servers 118 Cisco Unified Wireless Network 119 Cisco UWNArchitecture 119...

WAN Technologies 151

Do I Know This Already Quiz 151 WAN Defined 154 WAN Connection Modules 155 WAN Comparison 156 Dialup 157 ISDN 157 Frame Relay 159 Time-Division Multiplexing 160 SONET SDH 160 Multiprotocol Label Switching 161 Other WAN Technologies 162 Digital Subscriber Line 162 Cable 163 Wireless 164 Dark Fiber 166 Dense Wave Division Multiplexing 166 Ordering WAN Technology and Contracts 166 WAN Design Methodology 167 Response Time 168 Throughput 168 Reliability 168 Bandwidth Considerations 169 Window Size...

Internet Protocol Version 4 219

Do I Know This Already Quiz 219 Foundation Topics 222 IPv4 Header 222 ToS 225 IPv4 Fragmentation 227 IPv4 Addressing 228 IPv4 Address Classes 229 Class A Addresses 230 Class B Addresses 230 Class C Addresses 230 Class D Addresses 230 Class E Addresses 231 IPv4 Private Addresses 231 NAT 232 IPv4 Address Subnets 233 Mask Nomenclature 234 IP Address Subnet Design Example 235 Determining the Network Portion of an IP Address 236 VLSMs 237 VLSM Address-Assignment Example 237 Loopback Addresses 239 IP...

Internet Protocol Version 6 257

Do I Know This Already Quiz 257 IPv4-Compatible IPv6 Addresses 263 IPv6 Prefix Representation 264 IPv6 Address Types and Address Allocations 264 IPv6 Unicast Address 265 IPv6 Anycast Address 265 IPv6 Multicast Address 265 IPv6 Address Allocations 265 Unspecified Address 266 Loopback Address 266 IPv4-Compatible IPv6 Address 267 Global Unicast Addresses 267 Link-Local Addresses 267 Site-Local Addresses 268 Multicast Addresses 268 IPv6 Mechanisms 270 ICMPv6 270 IPv6 Network Discovery (ND) Protocol...

Routing Protocol Selection Criteria 289

Do I Know This Already Quiz 289 Routing Protocol Characteristics 292 Static Versus Dynamic Route Assignment 292 Interior Versus Exterior Routing Protocols 294 Distance-Vector Routing Protocols 295 EIGRP 296 Link-State Routing Protocols 296 Distance-Vector Routing Protocols Versus Link-State Protocols 297 Hierarchical Versus Flat Routing Protocols 297 Classless Versus Classful Routing Protocols 298 IPv4 Versus IPv6 Routing Protocols 299 Administrative Distance 299 Routing Protocol Metrics and...

Characteristics and Design

This chapter reviews distance-vector routing protocols. It covers both versions of the Routing Information Protocol (RIP). Although RIPvl is no longer a test subject, it is included for reference and because it is still seen on some enterprise networks. This chapter also covers Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP). Cisco's IGRP is also included although it is no longer a test subject. This chapter also covers the routing protocols for IPv6 RIPng and EIGRP for IPv6. The...

Cisco Enterprise Architecture Model

The Cisco Enterprise Architecture model facilitates the design of larger, more scalable networks. It represents the focused views of the Cisco Service-Oriented Network Architecture (SONA), which concentrates on each area of the network. SONA is covered in Chapter 1, Network Design Methodology. As networks become more sophisticated, it is necessary to use a more modular approach to design than just WAN and LAN core, distribution, and access layers. The architecture divides the network into...

Cisco Enterprise MANWAN

The Cisco Enterprise MAN WAN architecture uses several technologies that work together in a Here is the list of Cisco Enterprise MAN WAN architectures Private WAN (optional encryption) Private WAN with self-deployed MPLS ISP service (Internet with site-to-site and remote-access VPN) Service provider-managed IP MPLS VPN These architectures provide integrated QoS, security, reliability, and ease of management that is required to support enterprise business applications and services. As you can...

Cisco Identity Based Network Services

The Cisco Identity-Based Network Services solution is a way to authenticate host access based on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of VLANs on a per-user basis, guest VLANs, and 802.1X with port security. The 802.1X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network. The 802.1X protocol operates between the end-user client seeking access and an Ethernet switch or...

Cisco IOS Packaging

Cisco IOS packaging involves consolidating and organizing the IOS software using consistent and standardized naming across all router platforms. The four base service categories are as follows IP Base Entry-level IOS supporting IP data IP Voice Supports converged voice and data Advanced Security Security features and VPN Enterprise Base Enterprise Layer 3 protocols and IBM support In addition, three additional premium packages offer new IOS software features that focus on more complex...

Cisco Security Appliances

Cisco Security Appliances provide robust security services and protection, including IPsec VPNs and stateful packet filtering. The following is an overview of Cisco Security Appliances Adaptive Security Appliance (ASA) The ASA is a high-performance multifunction security appliance that offers a comprehensive set of services for securing network environments. The services are customized through product editions tailored for firewall, IPS, anti-X, and VPN. The ASA is a critical component of the...

Cisco Self Defending Network

The Self-Defending Network is Cisco's strategy for securing an organization's business by identifying, preventing, and adapting to security threats. This level of protection allows organizations to make better use of their network resources, thus improving business processes and increasing revenue. Operational management and policy control serves as a component of the Self-Defending Network to establish security policies that in turn enforce security access levels. In addition, this serves as...

Class Based Weighted Fair Queuing

Class-Based Weighted Fair Queuing (CBWFQ) extends WFQ capabilities by providing support for modular user-defined traffic classes. CBWFQ lets you define traffic classes that correspond to match criteria, including ACLs, protocols, and input interfaces. Traffic that matches the class criteria belongs to that specific class. Each class has a defined queue that corresponds to an output interface. After traffic has been matched and belongs to a specific class, you can modify its characteristics,...

Classless Versus Classful Routing Protocols

Routing protocols can be classified based on their support of VLSM and CIDR. Classful routing protocols do not advertise subnet masks in their routing updates therefore, the configured subnet mask for the IP network must be the same throughout the entire internetwork. Furthermore, the subnets must, for all practical purposes, be contiguous within the larger internetwork. For example, if you use a classful routing protocol for network 130.170.0.0, you must use the chosen mask (such as...

Codec Standards

Codecs transform analog signals into a digital bit stream and digital signals back into analog signals. Figure 15-14 shows that an analog signal is digitized with a coder for digital transport. The decoder converts the digital signal into analog form. Each codec provides a certain quality of speech. A measure used to describe the quality of speech is the Mean Opinion Score (MOS). With MOS, a large group of listeners judges the quality of speech from 5 (best) to 1 (bad). The scores are then...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows Bold indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), bold indicates commands that are manually input by the user (such as a show command). Italic indicates arguments for which you supply actual values. Vertical bars (I)...

Comparing Hardware and Software

Table 6-4 compares the Cisco router and switch hardware platforms and their associated software families, releases, and functional descriptions. Table 6-4 Cisco Router Switch Platform and Software Comparison Table 6-4 Cisco Router Switch Platform and Software Comparison Cisco IOS T Releases 12.3, 12.4, 12.3T, and 12.4T Access routing platforms supporting fast and scalable delivery of data for enterprise applications. Delivers midrange routing services for the Enterprise and SP edge networks....

Comprehensive Scenarios

Your CCDA exam will probably contain questions that require you to analyze a scenario. This chapter contains four case studies that are similar in style to the ones you might encounter on the CCDA exam. Read through each case study and answer the corresponding questions. You will find the answers to the case study questions at the end of each scenario. Sometimes more than one solution can satisfy the customer's requirements. In these cases, the answers presented represent recommended solutions...

Confederations

Another method to reduce the iBGP mesh within an AS is BGP confederations. With confederations, the AS is divided into smaller, private autonomous systems, and the whole group is assigned a confederation ID. The private AS numbers or identifiers are not advertised to the Internet but are contained within the iBGP networks. The routers within each private AS are configured with the full iBGP mesh. Each private AS is configured with eBGP to communicate with other semiautonomous systems in the...

Contents at a Glance

Chapter 1 Network Design Methodology 5 Chapter 2 Network Structure Models 33 Part II LAN and WAN Design 67 Chapter 3 Enterprise LAN Design 69 Chapter 4 Wireless LAN Design 111 Chapter 5 WAN Technologies 151 Chapter 6 WAN Design 181 Part III The Internet Protocol and Routing Protocols 217 Chapter 7 Internet Protocol Version 4 219 Chapter 8 Internet Protocol Version 6 257 Chapter 9 Routing Protocol Selection Criteria 289 Chapter 10 RIP and EIGRP Characteristics and Design 317 Chapter 11 OSPF and...

Continuous Security

As requirements change and new technology is developed, the network security policy should be updated to reflect the changes. Four steps are used to facilitate continuing efforts in maintaining security policies Step 1 Secure Identification, authentication, ACLs, stateful packet inspection (SPI), encryption, and VPNs Step 2 Monitor Intrusion and content-based detection and response Step 3 Test Assessments, vulnerability scanning, and security auditing Step 4 Improve Security data analysis,...

Controller Redundancy Design

WLCs can be configured for dynamic or deterministic redundancy. For deterministic redundancy, the access point is configured with a primary, secondary, and tertiary controller. This requires more upfront planning but allows better predictability and faster failover times. Deterministic redundancy is the recommended best practice. N+1, N+N, and N+N+1 are examples of deterministic redundancy. Dynamic controller redundancy uses LWAPP to load-balance APs across WLCs. LWAPP populates APs with a...

Converting Binary to Decimal

To convert a binary number to decimal, multiply each instance of 0 or 1 by the power of 2 associated with the position of the bit in the binary number. The first bit, starting from the right, is associated with 20 1. The value of the exponent increases by 1 as each bit is processed, working leftward. As shown in Table B-4, each bit in the binary number 10101010 has a decimal equivalent from 0 to 128 based on the value of the bit multiplied by a power of 2 associated with the bit position. This...

Converting Binary to Hexadecimal

To convert binary numbers to hex, put the bits in groups of 4, starting with the right-justified bits. Groups of 4 bits are often called nibbles. Each nibble can be represented by a single hexadecimal digit. A group of two nibbles is an octet, 8 bits. Examples follow. Conversion Example B-9 Convert 0010011101 to Hex Conversion Example B-10 Convert 0010101001011001000010110001 to Hex 0010 1010 0101 1001 0000 1011 0001 Answer 2A590B1h

Converting Decimal to Hexadecimal

First things first memorize Table B-1. There are two ways to convert larger numbers. The first method is to convert decimal to binary and then convert binary to hex. The second method is to divide the decimal number by 16 the residual is the rightmost hexadecimal digit and then keep dividing until the number is not divisible anymore. For the first method, use the schemes described in later sections. For the second method, follow the examples described here. First, divide the decimal number by...

Converting Hexadecimal to Decimal

To convert a hex number to decimal, take the rightmost digit and convert it to decimal (for example, 0xC 12). Then add this number to the second rightmost digit times 16 and the third rightmost digit times 256. Don't expect to convert numbers larger than 255 on the CCDA exam, because the upper limit of IP addresses in dotted-decimal format is 255 (although Token Ring numbers reach 4096). Some examples follow. Conversion Example B-5 Convert 177h to Decimal 1 x 256 256 7x 16 112 7x 1 _7 375d...

Cost

Cost is the name of the metric used by OSPF and IS-IS. In OSPF on a Cisco router, a link's default cost is derived from the interface's bandwidth. Cisco's implementation of IS-IS assigns a default cost of 10 to all interfaces. The formula to calculate cost in OSPF is 108 BW where BW is the interface's default or configured bandwidth. For 10-Mbps Ethernet, cost is calculated as follows BW 10 Mbps 10 * 106 10,000,000 107 cost (Ethernet) 108 107 10 The sum of all the costs to reach a destination...

D

Projects Agency), 624 data compression, 170 data integrity, 449 data link layer (OSI model), 621 database services, 510 data-center module, 92 datagrams, 222 DC aggregation layer, 94 DE (Discard Eligibility) bit, 159 decimal numeric system converting to binary, 633-634 converting to hexadecimal, 627 delay components on VoIP networks, 528-530 CME deployment model, 520 multisite centralized WAN call- processing deployment model, 519 multisite distributed WAN call- processing deployment model, 519...

Dark Fiber

Dark fiber is fiber-optic cable that has been installed in the ground or where right-of-way issues are evident. To maintain signal integrity and jitter control over long distances, signal regenerators are used in some implementations. The framing for dark fiber is determined by the enterprise, not the provider. The edge devices can use the fiber just like within the enterprise, which allows for greater control of the services provided by the link. Dark fiber is owned by service providers in...

Data Compression

Compression reduces the packet to a smaller size that can be transmitted and then decompressed on the other side of the WAN link. More CPU or hardware time is required to compress and decompress the data, but in return this saves bandwidth and reduces delay on the WAN link. Compression is available in both software and hardware. Hardware data compression aids the main CPU by offloading the compression and decompression tasks by using the hardware CPU instead. The hardware compression modules...

Data Integrity

Cryptographic protocols protect data from tampering by employing secure fingerprints and digital signatures that can detect changes in data integrity. Secure fingerprints function by appending a checksum to data that is generated and verified with the secret key. The secret key is known only to those who are authorized. An example of secure fingerprints is Hash-based Message Authentication Code (HMAC), which maintains packet integrity and the authenticity of the data protected. Digital...

Data Link Layer OSI Layer

This layer is concerned with the reliable transport of data across a physical link. Data at this layer is formatted into frames. Data link specifications include frame sequencing, flow control, synchronization, error notification, physical network topology, and physical addressing. This layer converts frames into bits when sending information and converts bits into frames when receiving information from the physical media. Bridges and switches operate at the data link layer. Because of the...

Delay Components

The ITU's G.114 recommendation specifies that the one-way delay between endpoints should not exceed 150 ms to be acceptable commercial voice quality. In private networks, somewhat longer delays might be acceptable for economic reasons. Delay components are one of two major types fixed delay and variable delay. Propagation delay is how long it takes a packet to travel between two points. It is based on the distance between the two endpoints. You cannot overcome this delay component. The speed of...

Dense Wave Division Multiplexing

Dense Wave Division Multiplexing (DWDM) increases fiber optic's bandwidth capabilities by using different wavelengths of light called channels over the same fiber strand. It maximizes the use of the installed base of fiber used by service providers and is a critical component of optical networks. DWDM allows for service providers to increase the services offered to customers by adding new bandwidth to existing channels on the same fiber. DWDM lets a variety of devices access the network,...

Design Document

The design document describes the business requirements old network architecture network requirements and design, plan, and configuration information for the new network. The network architects and analysts use it to document the new network changes, and it serves as documentation for the enterprise. The design document should include the following sections Introduction describes the project's purpose and the reasons for the network design. Design Requirements lists the organization's...

Design Goals of IP Telephony

The overall goal of IP telephony is to replace traditional TDM-based telephony by deploying IPT components on existing IP networks. IPT should be highly available and as reliable as existing voice networks. IPT should provide greater flexibility and productivity while providing lower cost QoS Enabled L2 Switch QoS Enabled L3 Switch QoS Enabled L2 Switch QoS Enabled L3 Switch of ownership by using a converged network. IPT also allows third-party software providers to develop new applications for...

Detecting and Mitigating Threats

The use of threat detection and mitigation techniques enables early detection of and notifications about unwanted malicious traffic. The goals are to detect, notify, and help stop unforeseen and unauthorized traffic. These techniques help increase the network's availability, particularly against unidentified and unexpected attacks. Threat detection and mitigation solutions include the following Endpoint protection Viruses and worms can create havoc by propagating infections from host to host...

Determining the Network Portion of an IP Address

Given an address and mask, you can determine the classful network, the subnetwork, and the subnetwork's broadcast number. You do so with a logical AND operation between the IP address and subnet mask. You obtain the broadcast address by taking the subnet number and making the host portion all ls. Table 7-l4 shows the logical AND operation. Notice that the AND operation is similar to multiplying bit l and bit 2 if any 0 is present, the result is 0. Table 7-14 The AND Logical Operation Table 7-14...

Dialup

Dialup technology provides connectivity over the PSTN using analog modems. Although the bandwidth is relatively low, the availability of analog is very widespread. Dialup connectivity is ideal for low-bandwidth conversations of 56 kbps or less. Despite the high availability of dialup technology over analog lines, it is generally not a viable option anymore. However, a common use of dialup is when a remote worker or teleworker uses it as a backup network solution if his or her DSL or cable...

Digital Subscriber Line

Digital Subscriber Line (DSL) is a technology that provides high-speed Internet data services over ordinary copper telephone lines. It achieves this by using frequencies that are not used in normal voice telephone calls. The term xDSL describes the various competing forms of DSL available today. Some of the DSL technologies available include asymmetric (ADSL), symmetric (SDSL), high bit rate (HDSL), very high bit rate (VDSL), rate-adaptive (RADSL) and IDSL (based on ISDN). Table 5-3 summarizes...

Discard Eligibility

The Discard Eligibility (DE) bit is used in Frame Relay to identify whether a frame has lower importance than other frames. The DE bit is part of the Frame Relay header and can have a value of 1 or 0. Routers or DTE devices can set the value of the DE bit to 1 to indicate that the frame has lower importance than frames marked with a 0. During periods of congestion, the Frame Relay network discards frames marked with the DE bit of 1 before those marked with 0. This reduces the chance of critical...

Distance Vector Routing Protocols

The first IGP routing protocols introduced were distance-vector routing protocols. They used the Bellman-Ford algorithm to build the routing tables. With distance-vector routing protocols, routes are advertised as vectors of distance and direction. The distance metric is usually router hop count. The direction is the next-hop router (IP address) toward which to forward the packet. For RIP, the maximum number of hops is 15, which can be a serious limitation, especially in large nonhierarchical...

Distance Vector Routing Protocols Versus Link State Protocols

When choosing a routing protocol, consider that distance-vector routing protocols use more network bandwidth than link-state protocols. Distance-vector protocols generate more bandwidth overhead because of the large periodic routing updates. Link-state routing protocols do not generate significant routing update overhead but do use more router CPU and memory resources than distance-vector protocols. Generally, WAN bandwidth is a more expensive resource than router CPU and memory in modern...

Dns

DNS servers return destination IP addresses given a domain name. DNS is a distributed database. Separate, independent organizations administer their assigned domain name spaces and can break their domains into a number of subdomains. For example, given www.cisco.com, DNS returns the IP address 198.133.219.25. DNS was first specified by RFCs 882 and 883. The current specifications are specified in RFCs 1034 and 1035. DNS was implemented to overcome the limitations of managing a single text-host...

Do I Know This Already

Integrated Transport, Integrated Service, and Integrated Application are the three phases of IIN. 2. A. Application, Interactive Services, and Network Infrastructure are the layers of SONA. 3. C. Virtualization services occur in the Interactive Service layer of SONA. 4. B. IPCC is a collaboration application. All the others are business applications. 6. A, B, C. The PPDIOO methodology has three steps. 7. D. The primary sources of network audits are existing documentation, management...

Do I Know This Already Quiz

The purpose of the Do I Know This Already quiz is to help you decide whether you need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now. The eight-question quiz, derived from the major sections in the Foundation Topics portion of the chapter, helps you determine how to spend your limited study time. Table 2-1 outlines the major topics discussed in this chapter and the Do I Know This Already quiz questions that...

Dual Stack Backbones

In this model, all routers in the backbone are dual-stack, capable of routing both IPv4 and IPv6 packets. The IPv4 protocol stack is used between IPv4 hosts, and the IPv6 protocol stack is used between IPv6 hosts. This deployment model works for organizations with a mixture of IPv4 and IPv6 applications. Figure 8-8 shows a network with a dual-stack backbone. All the WAN routers run both IPv4 and IPv6 routing protocols. The disadvantages are that the WAN routers require dual addressing, run two...

Dual Tier Design

The dual-tier design is recommended for branch offices of 50 to 100 users, with an additional access router in the WAN edge allowing for redundancy services. Typically two 2821 or 2851 routers are used to support the WAN, and separate access switches are used to provide LAN connectivity. The infrastructure components are dual-access routers, external Layer 2 Layer 3 switches, laptops, desktops, printers, and IP phones. Dual Frame Relay links are used to connect to the corporate offices via both...

E

E& M (Ear and Mouth) signaling, 503, 505 E.164 standard, 508 eBGP, 391 E-Commerce submodule (Enterprise Edge Module), 45 edge distribution module for campus LANs, 91 EGPs (exterior gateways protocols), 294 BGP. See BGP EIGRP (Enhanced IGRP), 296, 334 neighbor discovery and recovery, 335-336 network design, 340 packets, 339 protocol-dependent modules, 335 RTP, 336 timers, 337 encryption, 447 encryption keys, 447 enhanced features of IPv6, 260-261 Enterprise Branch architecture, 200 SONA...

EIGRP Components

EIGRP has four components that characterize it Neighbor discovery and recovery Reliable Transport Protocol (RTP) You should know the role of the EIGRP components, which are described in the following sections. EIGRP uses different modules that independently support IP, Internetwork Packet Exchange (IPX), and AppleTalk routed protocols. These modules are the logical interface between DUAL and routing protocols such as IPX RIP, AppleTalk Routing Table Maintenance Protocol (RTMP), and IGRP. The...

EIGRP Design

When designing a network with EIGRP, remember that it supports VLSMs, CIDR, and network summarization. EIGRP allows for the summarization of routes in a hierarchical network. EIGRP is not limited to 16 hops as RIP is therefore, the network diameter can exceed this limit. In fact, the EIGRP diameter can be 225 hops. The default diameter is 100. EIGRP can be used in the site-to-site WAN and IPsec VPNs. In the enterprise campus, EIGRP can be used in data centers, server distribution, building...

EIGRP for IPv4 Networks

Cisco Systems released EIGRP in the early 1990s as an evolution of IGRP toward a more scalable routing protocol for large internetworks. EIGRP is a classless protocol that permits the use of VLSMs and that supports CIDR for the scalable allocation of IP addresses. EIGRP does not send routing updates periodically, as does IGRP. EIGRP allows for authentication with MD5. EIGRP autosummarizes networks at network borders and can load-balance over unequal-cost paths. Packets using EIGRP use IP 88....

EIGRP for IPv4 Summary

The characteristics of EIGRP follow Hybrid routing protocol (a distance-vector protocol that has link-state protocol characteristics). Uses IP protocol number 88. Classless protocol (supports VLSMs). Default composite metric of bandwidth and delay. You can factor load and reliability into the metric. Sends route updates to multicast address 224.0.0.10. Sends partial route updates only when there are changes. Support for MD5 authentication and fast convergence. Uses DUAL for fast convergence and...

EIGRP for IPv6 Design

Use EIGRP for IPv6 in large geographic IPv6 networks. EIGRP's diameter can scale up to 255 hops, but this network diameter is not recommended. EIGRP authentication can be used instead of IPv6 authentication. EIGRP for IPv6 can be used in the site-to-site WAN and IPsec VPNs. In the enterprise campus, EIGRP can be used in data centers, server distribution, building distribution, and the network core. EIGRP's DUAL algorithm provides for fast convergence and routing loop prevention. EIGRP does not...

EIGRP for IPv6 Networks

Cisco has developed EIGRP support for IPv6 networks to route IPv6 prefixes. EIGRP for IPv6 is configured and managed separately from EIGRP for IPv4 no network statements are used. EIGRP for IPv6 retains all the same characteristics (network discovery, DUAL, modules) and functions as EIGRP for IPv4. The major themes with EIGRP for IPv6 are as follows Implements the protocol-independent modules. Does EIGRP neighbor discovery and recovery. Implements the DUAL algorithm for a loop-free topology....

EIGRP for IPv6 Summary

The characteristics of EIGRP for IPv6 are as follows Uses the same characteristics and functions as EIGRP for IPv4. Hybrid routing protocol (a distance-vector protocol that has link-state protocol characteristics). Uses Next Header protocol 88. Default composite metric uses bandwidth and delay. You can factor load and reliability into the metric. Sends partial route updates only when there are changes. Supports EIGRP MD5 authentication. Uses DUAL for loop prevention and fast convergence. By...

EIGRP Metrics

EIGRP uses the same composite metric as IGRP, but the BW term is multiplied by 256 for finer granularity. The composite metric is based on bandwidth, delay, load, and reliability. MTU is not an attribute for calculating the composite metric. EIGRP calculates the composite metric with the following formula EIGRPmetric k1 * BW + (k2 * BW) (256 - load) + k3 * delay * k5 (reliability + k4) In this formula, BW is the lowest interface bandwidth in the path, and delay is the sum of all outbound...

EIGRP Packet Types

Hello EIGRP uses hello packets in the discovery of neighbors. They are multicast to 224.0.0.10. By default, EIGRP sends hello packets every 5 seconds (60 seconds on WAN links with 1.544 Mbps speeds or less). Acknowledgment An acknowledgment packet acknowledges the receipt of an update packet. It is a hello packet with no data. EIGRP sends acknowledgment packets to the unicast address of the sender of the update packet. Update Update packets contain routing information for destinations. EIGRP...

EIGRP Summary

The characteristics of EIGRP follow Hybrid routing protocol (a distance-vector protocol that has link-state protocol characteristics). Uses IP protocol number 88. Classless protocol (supports VLSMs). Default composite metric uses bandwidth and delay. You can factor load and reliability into the metric. Sends partial route updates only when there are changes. Supports MD5 authentication. Uses DUAL for loop prevention and fast convergence. By default, equal-cost load balancing. Unequal-cost load...

EIGRP Timers

EIGRP sets updates only when necessary and sends them only to neighboring routers. There is no periodic update timer. EIGRP uses hello packets to learn of neighboring routers. On high-speed networks, the default hello packet interval is 5 seconds. On multipoint networks with link speeds of T1 and slower, hello packets are unicast every 60 seconds. The holdtime to maintain a neighbor adjacency is 3 times the hello time 15 seconds. If a router does not receive a hello within the holdtime, it...

EM Signaling

E& M is an analog signaling technique often used in PBX-to-PBX tie-lines. E& M is receive and transmit, or more commonly called ear and mouth. Cisco routers support four E& M signal types Type I, Type II, Type III, and Type V. Types I and II are most popular on the American continents. Type V is used in the United States and Europe. There are also three forms of E& M dial supervision signaling to seize the E& M trunk Immediate start This is the most basic protocol. In this...

Encryption Fundamentals

Cryptography uses encryption to keep data private, thus protecting its confidentiality. The encapsulated data is encrypted with a secret key that secures the data for transport. When the data reaches the other side of the connection, another secret key is used to decrypt the data and reveal the message transmitted. The encryption and decryption can be used only by authorized users. Most encryption algorithms require the user to have knowledge of the secret keys. IPsec is an example of a...

Encryption Keys

An encryption session between two endpoints needs a key to encrypt the traffic and a key to decrypt the traffic at the remote endpoint. There are two ways to send a key to the remote endpoint shared secrets and Public-Key Infrastructure (PKI) Both sides can use the same key or use a transform to create the decryption key. The key is placed on the remote endpoint out of band. This is a simple mechanism, but it has security issues because the key does not change frequently enough. It relies on...