Introduction

The Cisco Certified Internetwork Expert (CCIE) certification may be the most challenging and prestigious of all networking certifications. It has received numerous awards, and certainly has built a reputation as one of the most difficult certifications to earn in all of the computing world. Having a CCIE certification opens doors professionally, typically results in higher pay, and looks great on a r sum . Cisco currently offers several CCIE certifications, with several others that are no...

About the Contributing Authors

Jim Geier, author of Chapters 22 and 23, is the founder of Wireless-Nets, Ltd., (www.wireless-nets .com) and the company's principal consultant. His 25 years of experience includes the analysis, design, development, installation, and support of numerous wired and wireless network systems for cities, enterprises, airports, retail stores, manufacturing facilities, warehouses, and hospitals throughout the world. Under Wireless-Nets, Ltd., Jim founded the Independent Wireless Networking Academy...

Access Points

Similar to a radio card, an access point implements the common MAC functions and specific physical layers. In addition, the access point contains an Ethernet station and access point system functions. With Cisco enterprise access points, the system functions include enhanced management, improved security controls, and performance upgrades. The traditional access points are relatively intelligent and implement enough functions to allow the access point to interconnect with other access points...

Ad Hoc Mode Configuration

Instead of forming an infrastructure wireless LAN, the 802.11 standard allows users to optionally connect directly to each other in what is referred to as ad hoc mode, illustrated in Figure 22-3. The rationale behind this form of networking is to enable users to spontaneously set up wireless LANs. This optional mode is available to users on most radio cards. With ad hoc mode, there is no need for access points. The wireless connection is made directly between the users in a peer-to-peer...

Adding eBGP Routes to the IP Routing Table

Cisco IOS software uses simple logic when determining which eBGP routes to add to the IP routing table. The only two requirements are as follows KEY The eBGP route in the BGP table is considered to be a best route. POINT If the same prefix has been learned via another IGP or via static routes, the AD for BGP external routes must be lower than the ADs for other routing source(s). By default, Cisco IOS considers eBGP routes to have AD 20, which gives eBGP routes a better (lower) AD than any other...

Aggregatable Global Unicast Addresses

IPv6 defines several different types of unicast addresses. The format used for publicly registered addresses is called aggregatable global unicast. The term aggregatable refers to fact that these addresses can be easily aggregated to reduce the problem of large Internet routing tables. The term global refers to the fact that the address is a registered public IP address, routable through the global Internet. In short, when a company obtains a registered IPv6 prefix from a Regional Internet...

Antennas

The antenna couples radio waves between the radio card's transceiver and the air medium. The transceiver converts digital data from the computer to a radio frequency (RF) signal (and vice versa). The antenna transmits and receives RF signals that convey information between user devices. Omnidirectional antennas, which come with most access points, form a circular coverage pattern around the antenna, as part A of Figure 22-4 illustrates. In most cases, a company will install multiple access...

Application Authentication and Privacy

Many of the application layer protocols mentioned in this chapter have built-in authentication through the use of a basic password mechanism. However, many of these protocols for instance, Telnet, FTP, and TFTP send the usernames and passwords in clear text. Some of the more recently defined or updated protocols provide stronger security. For example, Secure Shell (SSH) provides an alternative to Telnet but with strong authentication and privacy. SSH was originally intended as a secure...

Architecture Overview

Traditional IP packet forwarding analyzes the destination IP address contained in the network layer header of each packet as the packet travels from its source to its final destination. A router analyzes the destination IP address independently at each hop in the network. Dynamic routing protocols or static configuration builds the database needed to analyze the destination IP address (the routing table). The process of implementing traditional IP routing also is called hop-by-hop...

Autonegotiation Speed and Duplex

By default, each Cisco switch port uses Ethernet auto-negotiation to determine the speed and duplex setting (half or full). The switches can also set their duplex setting with the duplex interface subcommand, and their speed with you guessed it the speed interface subcommand. Switches can dynamically detect the speed setting on a particular Ethernet segment by using a few different methods. Cisco switches (and many other devices) can sense the speed using the Fast Link Pulses (FLP) of the...

BGP Routing Policies

This chapter examines the tools available to define BGP routing policies. A BGP routing policy defines the rules used by one or more routers to impact two main goals filtering routes, and influencing which routes are considered the best routes by BGP. BGP filtering tools are mostly straightforward, with the exception of AS_PATH filtering. AS_PATH filters use regular expressions to match the AS_PATH path attribute (PA), making the configuration challenging. Beyond that, most of the BGP filtering...

Bidirectional PIM

PIM-SM works efficiently with a relatively small number of multicast senders. However, in cases with a large number of senders and receivers, PIM-SM becomes less efficient. Bidirectional PIM addresses this relative inefficiency by slightly changing the rules used by PIM-SM. To appreciate bidirectional PIM, a brief review of PIM-SM's normal operations is useful. While many variations can occur, the following general steps can be used by PIM-SM 1. The RP builds a shared tree, with itself as the...

Book Features

The core chapters of this book have several features that help you make the best use of your time Do I Know This Already Quizzes Each chapter begins with a quiz that helps you to determine the amount of time you need to spend studying that chapter. If you follow the directions at the beginning of the chapter, the Do I Know This Already quiz directs you to study all or particular parts of the chapter. Foundation Topics These are the core sections of each chapter. They explain the protocols,...

Building the BGP Table

The BGP topology table, also called the BGP Routing Information Base (RIB), holds the network layer reachability information (NLRI) learned by BGP, as well as the associated PAs. An NLRI is simply an IP prefix and prefix length. This section focuses on the process of how BGP injects NLRI into a router's BGP table, followed by how routers advertise their associated PAs and NLRI to neighbors. NOTE Technically, BGP does not advertise routes rather, it advertises PAs plus a set of NLRI that shares...

Building the IP Routing Table

So far, this chapter has explained how to form BGP neighbor relationships, how to inject routes into the BGP table, and how BGP routers choose which routes to propagate to neighboring routers. Part of that logic relates to how the BGP decision process selects a router's best route to each prefix, with the added restriction that the NEXT_HOP must be reachable before the route can be considered as a best route. This section completes the last step in BGP's ultimate goal adding the appropriate...

CB Marking Design Choices

The intent of CB Marking is to simplify the work required of other QoS tools by marking packets of the same class with the same QoS marking. For other QoS tools to take advantage of those markings, packets should generally be marked as close to the ingress point of the packet as possible. However, the earliest possible point may not be a trusted device. For instance, in Figure 14-5 (the figure upon which Examples 14-3 and 14-4 are based), Server1 could set its own DSCP and even CoS if its NIC...

CB Shaping to a Peak Rate

The shape average command has been used in all the examples so far. However, the command shape peak mean-rate is also allowed, which implements slightly different behavior as compared with shape average for the same configured rate. The key actions of the shape peak mean-rate command are summarized as follows KEY It calculates (or defaults) Bc, Be, and Tc the same way as the shape average command. POINT It refills Bc + Be tokens (instead of just Bc tokens) into the token bucket for each time...

Chapter

OSPF uses IP protocol 89, and does not use TCP. LSUs can be acknowledged by simply repeating the LSU or by using the LSAck packet. 2. a, c. Multipoint interfaces default to use network type nonbroadcast, so the ip ospf network non-broadcast command would not show up in the configuration. This type defaults to 30-second Hello and 120-second Dead timers. Neighbor commands are required, but only one of the neighbors on either end of a PVC needs to configure the neighbor command. Network type...

CIDR Private Addresses and NAT

The sky was falling in the early 1990s in that the commercialization of the Internet was rapidly depleting the IP Version 4 address space. Also, Internet routers' routing tables were doubling annually (at least). Without some changes, the incredible growth of the Internet in the 1990s would have been stifled. To solve the problems associated with this rapid growth, several short-term solutions were created, as well as an ultimate long-term solution. The short-term solutions included classless...

Cisco 3550 Congestion Avoidance

Catalyst 3550 Gigabit interfaces support a mutually exclusive choice of either WRED or tail-drop logic for managing drops in egress queues. 3550 Fast Ethernet interfaces do not use WRED or tail drop, but rather use a switch-specific method of managing internal buffers (which is not covered in this book). Cisco 3550 WRED has the same overall strategy as WRED as implemented in Cisco routers, but with many differences in implementation details. The key features of Cisco 3550 WRED are as follows,...

Cisco Modular QoS CLI

For many years and over many IOS releases, Cisco added QoS features and functions, each of which used its own separate set of configuration and exec commands. Eventually, the number of different QoS tools and different QoS commands got so large that QoS configuration became a big chore. Cisco created the Modular QoS CLI (MQC) to help resolve these problems, by defining a common set of configuration commands to configure many QoS features in a router or switch. MQC is not a totally new CLI,...

Cisco SWAN Hardware

When building a wireless LAN based on Cisco SWAN, a company must choose components designed to fit into the architecture. Cisco SWAN includes the components described in Table 23-2. These access points, which must run Cisco IOS Software to be part of SWAN, are a mandatory component of Cisco SWAN. They enable roaming throughout the network and interconnect wireless LAN users to the wired network. Table 23-2 Cisco SWAN Hardware (Continued) Table 23-2 Cisco SWAN Hardware (Continued) Cisco SWAN...

Cisco Wireless LAN Hardware

Cisco has a complete line of wireless LAN hardware that addresses the needs of enterprises, public networks, and homes. The following list identifies each of these devices, by category, that integrate into SWAN Cisco Aironet 1300 Series A multifunctional component that provides access point and bridge functionality for network connections within an outdoor campus area. The 1300 Series supports the 802.11b g standards. Cisco Aironet 1230AG Series Has dual antenna connectors for extending range,...

Class Based Shaping Configuration

Class-Based Shaping (CB Shaping) implements all the core concepts described so far in this chapter, plus several other important features. First, it allows for several Cisco IOS queuing tools to be applied to the packets delayed by the shaping process. At the same time, it allows for fancy queuing tools to be used on the interface software queues. It also allows for classification of packets, so that some types of packets can be shaped at one rate, a second type of packet can be shaped at...

Classification and Marking

The goal of classification and marking tools is to simplify the classification process of other QoS tools by performing complicated classification steps as few times as possible. For instance, a classification and marking tool might examine the source IP address of packets, incoming Class of Service (CoS) settings, and possibly TCP or UDP port numbers. Packets matching all those fields may have their IP Precedence (IPP) or DiffServ Code Points (DSCPs) field marked with a particular value....

Classification Using Class Maps

MQC-based tools classify packets using the match subcommand inside an MQC class map. The following list details the rules surrounding how class maps work for matching and classifying packets KEY The match command has many options for matching packets, including QoS fields, ACLs, POINT and MAC addresses. (See Table 14-10 in the Foundation Summary section for a reference.) The match protocol command means that IOS uses Network Based Application Recognition (NBAR) to perform that match. The match...

Classless and Classful Routing

So far this chapter has reviewed the basic forwarding process for IP packets in a Cisco router. The logic requires matching the packet destination with the routing table, or with the CEF FIB if CEF is enabled, or with other tables for the other options Cisco uses for route table lookup. (Those options include fast switching in routers and NetFlow switching in multilayer switches, both of which populate an optimized forwarding table based on flows, but not on the contents of the routing table.)...

Classless Interdomain Routing

CIDR is a convention defined in RFCs 1517 through 1520 that calls for aggregating routes for multiple classful network numbers into a single routing table entry. The primary goal of CIDR is to improve the scalability of Internet routers' routing tables. Imagine the implications of an Internet router being burdened by carrying a route to every class A, B, and C network on the planet CIDR uses both technical tools and administrative strategies to reduce the size of the Internet routing tables....

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Command Reference, which describes these conventions as follows Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). Italics indicate arguments for which you supply actual values. Vertical bars separate...

Comparing Wireless Security

There are many options available for security, and you will need to make a decision on which one to use. Table 22-4 compares the various security mechanisms. Table 22-4 Wireless Security Mechanisms Table 22-4 Wireless Security Mechanisms Can crack with freely available tools Static keys common to both the radio cards and access point Adequate security for most wireless LANs Unique keys automatically assigned to radio cards, and keys change periodically 814 Chapter 22 IEEE 802.11 Fundamentals...

Comparison of PIMDM and PIMSM

One of the most confusing parts of the PIM-DM and PIM-SM designs is that it appears that if sources keep sending, and receivers keep listening, there is no difference between the end results of the end-user multicast packet flow using these two options. Once PIM-SM completes its more complicated processes, the routers near the receivers have all joined the SPT to the source, and the most efficient forwarding paths are used for each (S,G) tree. Although its underlying operation is a bit more...

Configuring OSPF Authentication

One of the keys to keeping OSPF authentication configuration straight is to remember that it differs significantly with RIPv2 and EIGRP, although some of the concepts are very similar. The basic rules for configuring OSPF authentication are as follows Three types are available type 0 (none), type 1 (clear text), and type 2 (MD5). Authentication is enabled per interface using the ip ospf authentication interface subcommand. The default authentication is type 0 (no authentication). The default...

Configuring Shaping by Bandwidth Percent

The shape command allows the shaping rate to be stated as a percentage of the setting of the interface or subinterface bandwidth setting. Configuring based on a simple percentage of the bandwidth command setting seems obvious at first. However, you should keep in mind the following facts when configuring the shape command based on percentage of interface bandwidth KEY The shape percent command uses the bandwidth of the interface or subinterface under which POINT it is enabled. Subinterfaces do...

Configuring Trunking on Routers

VLAN trunking can be used on routers and hosts as well as on switches. However, routers do not support DTP, so you must manually configure them to support trunking. Additionally, you must manually configure a switch on the other end of the segment to trunk, because the router does not participate in DTP. The majority of router trunking configurations use subinterfaces, with each subinterface being associated with one VLAN. The subinterface number does not have to match the VLAN ID rather, the...

Congestion Management and Avoidance

Congestion management, commonly called queuing, refers to how a router or switch manages packets or frames while they wait to exit a device. With routers, the waiting occurs once IP forwarding has been completed, so the queuing is always considered to be output queuing. LAN switches often support both output queuing and input queuing, where input queuing is used for received frames that are waiting to be switched to the switch's output interfaces. Congestion avoidance refers to the logic used...

Connecting with a Network

After obtaining a list of potential access points via either passive or active scanning, the radio card moves forward with joining the network by tuning to the RF channel of the chosen access point. To initiate association, the radio card sends an authentication request frame, and the access point responds with an authentication response frame. This is the default authentication that 802.11 refers to as open system authentication. In most cases, this form of authentication is desirable. 802.11...

Contents

Do I Know This Already Quiz 5 Foundation Topics 8 Ethernet Layer 1 Wiring, Speed, and Duplex 8 RJ-45 Pinouts and Category 5 Wiring 8 Auto-negotiation, Speed, and Duplex 9 CSMA CD 10 Collision Domains and Switch Buffering 10 Basic Switch Port Configuration 12 Ethernet Layer 2 Framing and Addressing 14 Types of Ethernet Addresses 16 Ethernet Address Formats 17 Protocol Types and the 802.3 Length Field 18 Switching and Bridging Logic 19 Foundation Summary 25 Memory Builders 25 Fill in Key Tables...

Converged Steady State Operation

Example 8-1 shows a few details of R1's operation while all interfaces in Figure 8-1 are up and working. The example lists the basic (and identical) RIP configuration on all four routers configuration will be covered in more detail later in the chapter. As configured, all four routers are using only RIPv2, on all interfaces shown in Figure 8-1. Read the comments in Example 8-1 for explanations of the output. Example 8-1 Steady-State RIP Operation in Figure 8-1 All routers use the same three...

Convergence Extras

Convergence in Example 8-3 took a little over 4 minutes, but it could be improved in some cases. The RIP timers can be tuned with the timers basic update invalid hold-down flush subcommand under router rip, although care should be taken when changing these timers. The timers should be consistent across routers, and smaller values increase the chance of routing loops being formed during convergence. The clear ip route * command also speeds convergence by removing all routes from the routing...

Converging to a New STP Topology

STP logic monitors the normal ongoing Hello process when the network topology is stable when the Hello process changes, STP then needs to react and converge to a new STP topology. When STP has a stable topology, the following occurs 1. The root switch generates a Hello regularly based on the Hello timer. 2. Each non-root switch regularly (based on the Hello timer) receives a copy of the root's Hello on its RP. 3. Each switch updates and forwards the Hello out its Designated Ports. 4. For each...

Csmacd

The original Ethernet specifications expected collisions to occur on the LAN. The media was shared, creating a literal electrical bus. Any electrical signal induced onto the wire could collide with a signal induced by another device. When two or more Ethernet frames overlap on the transmission medium at the same instant in time, a collision occurs the collision results in bit errors and lost frames. The original Ethernet specifications defined the Carrier Sense Multiple Access with Collision...

Data Rates

The default data rate setting on access points is generally auto, which allows radio cards to use any of the data rates of the given physical layer. For example, 802.11b allows data rates of 1, 2, 5.5, and 11 Mbps. The 802.11g standard extends these data rates up to 54 Mbps. The radio card usually attempts to send data frames at the highest supported rate, such as 11 Mbps for 802.11b stations and 54 Mbps for 802.11g stations. When set to auto, the radio card automatically rate shifts to the...

Data Transfer

The exchange of data in an 802.11 network is bidirectional between the radio card and access point. As mentioned earlier, data frames in an infrastructure wireless LAN do not travel directly between wireless users. Instead, the access point relays the data. KEY A radio card or access point (802.11 station) having the destination MAC address of the data frame po NT replies with an acknowledgement (ACK) frame. This adds significant overhead to a wireless LAN as compared to an Ethernet network...

Definitions

Next, take a few moments to write down the definitions for the following terms CST, STP, MST, RSTP, Hello timer, Maxage timer, Forward Delay timer, blocking state, forwarding state, listening state, learning state, disabled state, alternate state, discarding state, backup state, Root Port, Designated Port, superior BPDU, PVST+, UplinkFast, BackboneFast, PortFast, Root Guard, BPDU Guard, UDLD, Loop Guard, LACP, PAgP Refer to the CD-based glossary to check your answers. Further Reading The topics...

Differentiated Packet Servicing

Conventional IP packet forwarding uses only the IP destination address contained within the Layer 3 header within a packet to make a forwarding decision. The hop-by-hop destination-only paradigm used today prevents a number of innovative approaches to network design and traffic-flow optimization. In Figure C-2, for example, the direct link between the San Francisco core router and the Washington core router forwards the traffic entering the network in any of the Bay Area Points-of-Presence...

Distance Vector Multicast Routing Protocol

RFC 1075 describes Version 1 of DVMRP. DVMRP has many versions. The operation of DVMRP is similar to PIM-DM. The major differences between PIM-DM and DVMRP are defined as Cisco IOS does not support a full implementation of DVMRP however, it does support connectivity to a DVMRP network. DVMRP uses its own distance vector routing protocol that is similar to RIPv2. It sends route updates every 60 seconds and considers 32 hops as infinity. Use of its own routing protocol adds more overhead to DVMRP...

Do I Know This Already Quiz

Table 23-1 outlines the major sections in this chapter and the corresponding Do I Know This Already quiz questions. Table 23-1 Do I Know This Already Foundation Topics Section-to-Question Mapping Table 23-1 Do I Know This Already Foundation Topics Section-to-Question Mapping Cisco Structured Wireless-Aware Network Applying Wireless LANs in Enterprises In order to best use this pre-chapter assessment, remember to score yourself strictly. You can find the answers in Appendix A, Answers to the 'Do...

EIGRP Configuration Example

Example 9-6 lists the configuration for R1, R2, R4, and R5 from Figure 9-4. The routers were configured based on the following design goals Configure K values to ignore bandwidth. Configure R5 as an EIGRP stub router. Ensure that R2's LAN interface uses a Hello and Hold time of 2 and 6, respectively. Configure R4 to allow 75 percent of interface bandwidth for EIGRP updates. Advertise R4's LAN subnet, but do not attempt to send or receive EIGRP updates on the LAN. Example 9-6 Basic EIGRP...

EIGRP Configuration Options That Are Similar to RIP

Although EIGRP and RIPv2 differ quite a bit in their underlying operation, several of their features are configured almost identically. This section details these features. You can refer to Chapter 8, RIP Version 2, for more information on the configuration syntax for these features. Authentication EIGRP configures authentication almost exactly like RIP. EIGRP authentication commands use a keyword of eigrp asn instead of rip, using the ASN configured by the router eigrp command. For example,...

EIGRP Convergence

Once all the EIGRP routers have learned all the routes in the network, and placed the best routes (the successor routes) in their IP routing tables, their EIGRP processes simply continue to send Hellos, expect to receive Hellos, and look for any changes to the network. When those changes do occur, EIGRP must converge to use the best available routes. This section covers the three major components of EIGRP convergence input events, local computation (which includes looking for feasible...

EIGRP Route Summarization

EIGRP provides the easiest and most straightforward rules for summarizing routes as compared with RIPv2, OSPF, and IS-IS. To summarize routes, the ip summary-address eigrp as-number network-address subnet-mask admin-distance command is placed under an interface. If any of the component routes are in that router's routing table, EIGRP advertises the summary route out that interface. The summary is defined by the network-address subnet-mask parameters. One of the more interesting features of the...

EIGRP Updates

Once routers are adjacent, they can exchange routes using EIGRP Update messages. The process follows this general sequence 1. Initially, full updates are sent, including all routes except those omitted due to split horizon. 2. Once all routes have been exchanged, the updates cease. 3. Future partial updates occur when one or more routes change. 4. If neighbors fail and recover, or new neighbor adjacencies are formed, full updates are sent. EIGRP uses the Reliable Transport Protocol (RTP) to...

Ej

DHCP Reply Use IP-B, Gateway 10.1.1.2 The following steps explain how the attacker's PC can become a man in the middle in Figure 21-6 1. PC-B requests an IP address using DHCP. 2. The attacker PC replies, and assigns a good IP mask, but using its own IP address as the default gateway. 3. PC-B sends data frames to the attacker, thinking that the attacker is the default gateway. 4. The attacker forwards copies of the packets, becoming a man in the middle. NOTE PC-B will use the first DHCP reply,...

Enabling RIP and the Effects of Autosummarization

Example 8-4 covers basic RIP configuration, the meaning and implication of the RIP network command, and the effects of the default setting for autosummarization. To examine just those functions, Example 8-4 shows the related RIP configuration on R1, R2, and R6, along with some command output. Example 8-4 Basic RIP Configuration on R1, R2, R4, and S1 First, the three lines of configuration are the same on R1 and S1 (Point 1) the version 2 command tells R1 to send and receive only RIPv2 updates,...

External Routing Information Propagation

Conventional packet forwarding within the core of an IP network requires that external routing information be advertised to all transit routing devices. This is necessary so that packets can be routed based on the destination address that is contained within the network layer header of the packet. To continue the example from previous sections, the core routers in Figure C-2 would have to store all Internet routes so that they could propagate packets between Bay Area customers and a peering...

FCC Rules

FCC does not require users to license wireless LAN products, assuming that the user does not exceed certain emission limits. The FCC uses Effective Isotropic Radiated Power (EIRP) as a factor for determining whether a wireless LAN is in compliance with regulatory rules. EIRP equals the transmit power (in dBm) minus cable and connector losses (in dB) and plus the antenna gain (in dB). For 802.11b g access points and radio cards, the EIRP can be up to 36 dBm, which includes a...

FIFO Queuing

The primary reason for queuing is that a router needs to hold a packet in memory while the outgoing interface is busy sending another packet. FIFO queuing simply provides a software queue to hold packets while they are waiting to exit an interface. Packets are scheduled to leave the interface based on when they arrived at the output interface. Because IOS defaults to use WFQ on serial interfaces with bandwidths of E1 speeds (2.048 Mbps) or less, to configure FIFO queuing, you simply need to...

Filtering with Distribute Lists and Prefix Lists

Outbound and inbound RIP updates can be filtered at any interface, or for the entire RIP process. To filter the routes, the distribute-list command is used under router rip, referencing an IP ACL or an IP prefix list. Any subnets matched with a permit clause in the ACL make it through any that match with a deny action are filtered. The distribution list filtering can be performed for either direction of flow (in or out) and, optionally, for a particular interface. If the interface option is...

Foundation Summary

This section lists additional details and facts to round out the coverage of the topics in this chapter. Unlike most of the Cisco Press Exam Certification Guides, this book does not repeat information presented in the Foundation Topics section of the chapter. Please take the time to read and study the details in the Foundation Topics section of the chapter, as well as review the items in the Foundation Topics section noted with a Key Point icon. Table 2-10 lists some of the most popular IOS...

Foundation Topics

Like Interior Gateway Protocols (IGPs), BGP exchanges topology information in order for routers to eventually learn the best routes to a set of IP prefixes. Unlike IGPs, BGP does not use a metric to select the best route among alternate routes to the same destination. Instead, BGP uses several BGP path attributes (PAs) and an involved decision process when choosing between multiple possible routes to the same subnet. BGP uses the BGP autonomous system path (AS_PATH) PA as its default metric...

Fragmentation

A radio card or access point can be set to optionally use fragmentation, which divides 802.11 data frames into smaller pieces (fragments) that are sent separately to the destination. Each fragment consists of a MAC layer header, frame check sequence (FCS), and a fragment number indicating its ordered position within the frame. Because the source station transmits each fragment independently, the receiving station replies with a separate acknowledgement for each fragment. An 802.11 station...

Frame Relay Concepts

Frame Relay remains the most commonly deployed WAN technology used by routers. A slow migration away from Frame Relay has already begun with the advent and rapid growth of IP-based VPNs and MPLS. However, Frame Relay will likely be a mainstay of enterprise networks for the fore-seeable future. Frame Relay standards have been developed by many groups. Early on, Cisco and some other companies (called the gang of four) developed vendor standards to aid Frame Relay adoption and product development....

Frame Relay Data Link Connection Identifiers

To connect two DTEs, an FR service uses a virtual circuit (VC) between pairs of routers. A router can then send an FR frame with the appropriate (typically) 10-bit Data Link Connection Identifier (DLCI) header field that identifies each VC. The intermediary FR switches forward the frame based on its DLCI, until the frame eventually exits the FR service out the access link to the router on the other end of the VC. FR DLCIs are locally significant, meaning that a particular DLCI value only...

Frame Relay Payload Compression

Cisco IOS software supports three options for payload compression on Frame Relay VCs packet-by-packet, data-stream, and Frame Relay Forum Implementation Agreement 9 (FRF. 9). FRF.9 is the only standardized protocol of the three options. FRF.9 compression and data-stream compression function basically the same way the only real difference is that FRF.9 implies compatibility with non-Cisco devices. All three FR compression options use LZS as the compression algorithm, but one key difference...

Frame Mode MPLS Data Plane Operation

There are three major steps in the propagation of an IP packet across an MPLS backbone. The Ingress Edge-LSR receives an IP packet, classifies the packet into a forward equivalence class (FEC), and labels the packet with the outgoing label stack corresponding to the FEC. For unicast destination-based IP routing, the FEC corresponds to a destination subnet and the packet classification is a traditional Layer 3 lookup in the forwarding table. Core LSRs receive this labeled packet and use label...

Frame Mode MPLS Operation

In the first section of this appendix you saw the overall MPLS architecture as well as the underlying concepts. This chapter focuses on one particular application unicast destination-based IP routing in a pure router environment (also called Frame-mode MPLS because the labeled packets are exchanged as frames on Layer 2). This section first focuses on the MPLS data plane, assuming that the labels were somehow agreed upon between the routers. The next section explains the exact mechanisms used to...

FRTS Configuration Using LLQ

FRTS supports a variety of queuing tools for managing packets it queues. The queuing tool is enabled via a command in the map class. Example 16-7 shows just such an example, with a new map class. The requirements implemented in this example are as follows Shape traffic on the two VCs (101 and 102) on s0 0 with the same settings for shaping. Use LLQ only on the VC with DLCI 101. Set Be to 0, and tune Tc to 10 ms. Note that the example does not show the configuration for policy map queue-voip....

FRTS Configuration Using the trafficrate Command

FRTS uses two main styles of configuration for the shaping parameters. The frame-relay traffic-rate average peak command configures the average and peak rate, with Cisco IOS calculating Bc and Be with an assumed Tc of 125 ms. This method is simpler to configure, but offers no ability to tune Tc or set Bc and Be. Example 16-5 uses FRTS to implement the same requirements as the first CB Shaping example shown in Example 16-1, except that it uses FIFO queuing for the interface software queues....

Further Reading

Routing TCP IP, Volume II, by Jeff Doyle and Jennifer DeHaven Carrol Cisco BGP-4 Command and Configuration Handbook, by William R. Parkhurst Internet Routing Architectures, by Bassam Halabi Troubleshooting IP Routing Protocols, by Zaheer Aziz, Johnson Liu, Abe Martey, and Faraz Shamim Most every reference reached from Cisco's BGP support page at http www.cisco.com en US Requires a CCO username password.

Gain

The components of a wireless LAN offer varying degrees of gain, which represents how much a signal changes from one point to another. The gain in dB is simply the signal level at the output of a device (in dBm) minus the signal level at the input of the device (in dBm). The decibel is a unit that represents change in signal amplitude. A signal experiences a gain of 3 dB, for example, when it increases from 50 mW (17 dBm) to 100 mW (20 dBm). An amplifier or antenna may offer this gain to the...

General Layer 2 Security Recommendations

Recall that the beginning of the Layer 2 Security section outlined the Cisco SAFE Blueprint recommendations for user and unused ports and some general recommendations. The general recommendations include configuring VTP authentication globally on each switch, putting unused switch ports in an unused VLAN, and simply not using VLAN 1. The underlying configuration for each of these general recommendations is covered in Chapter 2. Additionally, Cisco recommends not using the native VLANs on...

General Layer 3 Security Considerations

This section explains a few of the more common ways to avoid Layer 3 attacks. Smurf Attacks, Directed Broadcasts, and RPF Checks A smurf attack occurs when a host sends a large number of ICMP Echo Requests with some atypical IP addresses in the packet. The destination address is a subnet broadcast address, also known as a directed broadcast address. Routers forward these packets based on normal matching of the IP routing table, until the packet reaches a router connected to the destination...

Going Active on a Route

The second branch in the local computation logic causes the EIGRP router to ask its neighbors about their current best route to a subnet, hoping to find an available, loop-free alternative route to that subnet. When no FS route is found, the EIGRP router goes active for the route. Going active is jargon for the process of changing a route's status to active. Once the router is active, EIGRP multicasts Query messages to its neighbors, asking the neighbors if they have a valid route to the...

Hellos Neighbors and Adjacencies

After a router has been configured for EIGRP, and its interfaces come up, it attempts to find neighbors by sending EIGRP Hellos (destination 224.0.0.10). Once a pair of routers have heard each other say Hello, they become adjacent assuming several key conditions are met. Once neighbors pass the checks in the following list, they are considered to be adjacent. At that point, they can exchange routes and are listed in the output of the show ip eigrp neighbor command. KEY Must pass the...

How Multicasting Provides a Scalable and Manageable Solution

The six basic requirements for supporting multicast across a routed network are as follows A designated range of Layer 3 addresses that can only be used by multicast applications must exist. A network administrator needs to install a multicast application on a multicast server using a Layer 3 multicast address from the designated range. A multicast address must be used only as a destination IP address, and specifically not as a source IP address. Unlike a unicast IP packet, a destination IP...

How WRED Weights Packets

WRED gives preference to packets with certain IPP or DSCP values. To do so, WRED uses different traffic profiles for packets with different IPP and DSCP values. A WRED traffic profile consists of a setting for three key WRED variables the minimum threshold, the maximum threshold, and the MPD. Figure 15-10 shows just such a case, with two WRED traffic profiles (for IPP 0 and IPP 3). As Figure 15-10 illustrates, IPP 3's minimum threshold was higher than for IPP 0. As a result, IPP 0 traffic will...

Icmp

The Internetwork Control Message Protocol (ICMP) allows for testing and troubleshooting of the TCP IP internetwork layer by defining messages that can be used to determine whether the network can currently deliver packets. In fact, ICMP is a required component of every IP implementation, as described in the following brief excerpt from RFC 792 Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing. For such purposes...

ICMP Redirect

ICMP Redirect messages allow a host's default gateway router to inform local hosts of a better router to use to reach certain destinations. To do so, a router sends an ICMP Redirect to the host to tell it the IP address of the better alternative router. For example, in Figure 5-2, the PC uses RouterB as its default router, but RouterA's route to subnet 10.1.4.0 24 is a better route. Following the steps in Figure 5-2 1. The PC sends a packet, destined for subnet 10.1.4.0 24, to RouterB. 2....

ICMP Unreachable

When a device realizes that a packet cannot be delivered to its destination, the device sends an ICMP Unreachable message. To help determine the root cause of why the packet cannot be delivered, the ICMP Unreachable message includes one of five code field values to convey the reason for the failure. For instance, in Figure 5-1, assume that Fred is trying to connect to the web server, called Web. Table 5-3, following the figure, lists the key ICMP Unreachable message codes, along with an example...

IGP Route Redistribution Route Summarization and Default Routing

This chapter covers several topics related to the use of multiple IGP routing protocols. IGPs can use default routes to pull packets toward a small set of routers, with those routers having learned routes from some external source. IGPs can use route summarization with a single routing protocol, but it is often used at redistribution points between IGPs as well. Finally, route redistribution by definition involves moving routes from one routing source to another. This chapter takes a look at...

Independent Forwarding and Control

With conventional IP packet forwarding, any change in the information that controls the forwarding of packets is communicated to all devices within the routing domain. This change always involves a period of convergence within the forwarding algorithm. A mechanism that can change how a packet is forwarded, without affecting other devices within the network, certainly is desirable. To implement such a mechanism, forwarding devices (routers) should not rely on IP header information to forward the...

Info

What are required components of Cisco SWAN a. Cisco Aironet Series access points and 802.1x authentication server b. Cisco Aironet Series access points, WLSE, and Cisco Aironet client devices c. WLSE and 802.1x authentication server d. Cisco Aironet Series access points, WLSE, and 802.1x authentication server 3. Which Cisco access point is designed for outdoor campus networks 4. The Cisco Aironet 350 Series access point complies with which of the following standards 5. Which layer of the...

Infrastructure Mode Configuration

An infrastructure wireless LAN (sometimes referred to as infrastructure mode) is what most companies, public hotspots, and home users implement. An infrastructure wireless LAN, as depicted in Figure 22-1, offers a means to extend a wired network. In this configuration, one or more access points interface wireless mobile devices to the distribution system. Each access point forms a radio cell, also called a basic service set (BSS), which enables wireless users located within the cell to have...

Internet Group Management Protocol

IGMP has evolved from the Host Membership Protocol, described in Dr. Steve Deering's doctoral thesis, to IGMPvl (RFC 1112), to IGMPv2 (RFC 2236), to the latest, IGMPv3 (RFC 3376). IGMP messages are sent in IP datagrams with IP protocol number 2, with the IP Time-to-Live (TTL) field set to 1. IGMP packets only pass over a LAN, and are not forwarded by routers, due to their TTL field values. The two most important goals of IGMP are as follows KEY To inform a local multicast router that a host...

Intrusion Detection System

Cisco SWAN includes the Wireless LAN Threat Defense Solution, which includes an intrusion detection system (IDS) (refer to Figure 23-2). This safeguards the wireless LAN from malicious and unauthorized access. For example, the IDS detects and suppresses rogue access points by disallowing them to authenticate with the network, and identifies unassociated clients through MAC address association tables. The IDS integrates with the Cisco Self-Defending Network, the Cisco vision for network...

IP Addressing and Subnetting

You need a postal address to receive letters similarly, computers must use an IP address to be able to send and receive data using the TCP IP protocols. Just as the postal service dictates the format and meaning of a postal address to aid the efficient delivery of mail, the TCP IP protocol suite imposes some rules about IP address assignment so that routers can efficiently forward packets between IP hosts. This chapter begins with coverage of the format and meaning of IP addresses, with...

IP Forwarding Routing

Chapter 7 begins the largest part of the book. This part of the book, containing Chapters 7 through 13, focuses on the topics that are the most important and popular for both the CCIE Routing and Switching written and practical (lab) exams. Chapter 7 begins with coverage of the details of the forwarding plane the actual forwarding of IP packets. This process of forwarding IP packets is often called IP routing, or simply routing. Also, many people also refer to IP routing as the data plane,...

IP Multicast Routing

In Chapter 19, Introduction to IP Multicasting, you learned how a multicast router communicates with hosts and then decides whether to forward or stop the multicast traffic on a subnet. But how does a multicast router receive the group traffic How is the multicast traffic forwarded from a source so that all the group users receive it This chapter provides answers to those questions. This chapter first defines the multicast routing problem by identifying the difference between unicast and...

IP Precedence and DSCP Compared

The IP header is defined in RFC 791, including a 1-byte field called the Type of Service (ToS) byte. The ToS byte was intended to be used as a field to mark a packet for treatment with QoS tools. The ToS byte itself was further subdivided, with the high-order 3 bits defined as the IP Precedence IPP) field. The complete list of values from the ToS byte's original IPP 3-bit field, and the corresponding names, is provided in Table 14-2. Table 14-2 IP Precedence Values and Names Table 14-2 IP...

IP Version

The ultimate solution to rapidly growing Internet routing tables and IPv4 address depletion was the development of IPv6, which defines 128-bit source and destination addresses. At the risk of being derided 20 years from now, I'll venture a guess that IPv6 has more addresses than we'll ever need. IPv6 can support over a trillion, trillion IP addresses per person on the planet with plenty of publicly routable addresses for everyone. Plus, the structure is well established for CIDR-like allocation...

Pv6 Address Formats

IPv6 addresses have eight quartets of hex digits, separated by colons. Each quartet consists of four hex digits, which together represent 16 bits. The rules for encoding the actual hex values are as follows KEY Each quartet is separated by a colon ( ). POINT In a quartet, leading hex 0s can optionally be omitted. If one or more consecutive quartets are hex 0000, then the set of consecutive all-0 quartets can be represented as a null quartet ( ), no matter how many consecutive all-0 quartets are...

Pv6 Addressing Summary

Besides global addresses, other styles of IPv6 addresses exist. Table 4-14 lists and briefly describes the different types of addresses. Table 4-14 IPv6 Address Type Summary Table 4-14 IPv6 Address Type Summary Unicast IPV6 address must be globally unique. Registered unique globally routable address. Required for each IPv6 interface. Used for processes occurring only on the local link not routable. Intended for use only within a site. Included in the IPv6 definitions in RFC 3513, but deprecated...

ISL and 8021Q Concepts

If two devices are to perform trunking, they must agree to use either ISL or 802.1Q, because there are several differences between the two, as summarized in Table 2-7. Encapsulates original frame or inserts tag 1ISL originally supported only normal-range VLANs, but was later improved to support extended-range VLANs as well. 1ISL originally supported only normal-range VLANs, but was later improved to support extended-range VLANs as well. ISL and 802.1Q differ in how they add a header to the...

Joining a Group

Before a host can receive any multicast traffic, a multicast application must be installed and run on that host. The process of installing and running a multicast application is referred to as launching an application or joining a multicast group. After a host joins a group, the host software calculates the multicast MAC address and its NIC then starts listening to the multicast MAC address, in addition to its BIA. Before a host (or a user) can join a group, the user needs to know what groups...

Label Bindings and Propagation in Frame Mode MPLS

The previous section identifies the mechanisms necessary to forward labeled packets between the LSRs using framed interfaces (LAN, point-to-point links, or WAN virtual circuits). This section focuses on FEC-to-label bindings and their propagation between LSRs over framed interfaces. Cisco IOS software implements two label binding protocols that can be used to associate IP subnets with MPLS labels for the purpose of unicast destination-based routing Tag Distribution Protocol (TDP) Cisco's...

Label Switching in Frame Mode MPLS

After receiving the Layer 2 PPP frame from the San Jose router, the San Francisco router immediately identifies the received packet as a labeled packet based on its PPP Protocol field value and performs a label lookup in its Label Forwarding Information Base (LFIB). NOTE LFIB also is called Tag Forwarding Information Base (TFIB) in older Cisco documentation. The LFIB entry corresponding to inbound label 30 (and displayed in Example C-2) directs the San Francisco router to replace the label 30...

Layer 2 Security

The Cisco SAFE Blueprint document (available at http www.cisco.com go safe) suggests a wide variety of best practices for switch security. In most cases, the recommendations depend on one of three general characterizations of the switch ports, as follows Unused ports Switch ports that are not yet connected to any device for example, switch ports that are pre-cabled to a faceplate in an empty cubicle User ports Ports cabled to end-user devices, or any cabling drop that sits in some physically...

Layer 3 Security

The Cisco SAFE Blueprint also lists several best practices for Layer 3 security. The following list summarizes the key Layer 3 security recommendations from the SAFE Blueprint. KEY 1. Enable secure Telnet access to a router user interface, and consider using Secure Shell (SSH) POINT instead of Telnet. 2. Enable SNMP security, particularly adding SNMPv3 support. 3. Turn off all unnecessary services on the router platform. 4. Turn on logging to provide an audit trail. 5. Enable routing protocol...

Local Management Interface

Local Management Interface (LMI) messages manage the local access link between the router and the Frame Relay switch. A Frame Relay DTE can send an LMI Status Enquiry message to the switch the switch then replies with an LMI Status message to inform the router about the DLCIs of the defined VCs, as well as the status of each VC. By default, the LMI messages flow every 10 seconds. Every sixth message carries a full Status message, which includes more complete status information about each VC....

LSA Types and Network Types

Table 10-4 lists the LSA types and their descriptions for reference following the table, each type is explained in more detail, in the context of a working network. One per router, listing RID and all interface IP addresses. Represents stub networks as well. One per transit network. Created by the DR on the subnet, and represents the subnet and the router interfaces connected to the subnet. Created by ABRs to represent one area's type 1 and 2 LSAs when being advertised into another area....