Learning network fundamentals is essential to your Cisco CCNA exam success. Let’s start our CCNA journey by looking at some internetworking basics. If you have previously studied for the CompTIA Network+ exam, then this should already be familiar to you.
Overview of Networking Equipment
The earlier versions of the CCNA exam did not focus on basic networking concepts and theory, but this has changed now. Cisco expects you to have a good working knowledge of general networking, LAN and WAN topologies, and equipment (hence my suggestion to read a good Network+ labs or study guide). We will cover some of the basics in this book, but I’ll presume that this is just a recap for you. Please also check out the CompTIA Network+ page.
A computer network can be as small as two computers connected by a single cable (or wirelessly) to the largest network in the world—the Internet. To connect a large number of PCs, specialized equipment and protocols have been designed to carry out tasks such as segmenting domains, preventing broadcast storms, and moving packets from one part of the network to the other as efficiently as possible.
Hub
The most rudimentary piece of networking equipment is a hub. Hubs are fairly rare nowadays, but we will refer to them later on because they explain why we needed to change the way traffic is sent across a Local Area Network (LAN).
A hub simply allows several networking devices to communicate. Each device plugs into a port on the hub using a network cable (more on these cables later). The simplest network you can build is a few PCs connected to a hub. Hubs have no memory or hard drive, so they can never remember which device is plugged into which port. When a hub receives data on one port, it just forwards it to all the other ports. This causes a lot of unnecessary traffic to pass through the network.
FIG 1.1 – Every frame is received by every device when a hub is used
Switch
One drawback of using hubs is that, because they have no memory, they can never keep a record of which PC is plugged into which port. For this reason, every time one PC wants to speak to another, every single PC plugged into the hub gets a copy of the information (contained within a frame) sent out on the wire. Every time a PC receives this information, it has to use processing power to determine whether it is the intended recipient. As you can imagine, this is very inefficient and can become a major problem as more and more devices are connected to the hub.
A data frame sent to every device on a network segment at the same time is referred to as a broadcast. Too many broadcasts in a network can cause delays and dramatically reduce performance. A high number of broadcasts causes an enormous amount of traffic to traverse the network at any one time. A broadcast is usually sent when a data frame is trying to find a host in the network and doesn’t know its current location.
Switches operate by building a list of which PCs are connected to which ports, allowing the available bandwidth to be used a lot more efficiently. If a PC wants to send data to another PC via a switch, the switch will forward the traffic only to the port to which the intended recipient is connected. If it doesn’t know the port, it will send out a broadcast to find out where in the network the PC is. Switches and hubs are designed to forward broadcast traffic as data frames addressed to every device in the network.
FIG 1.2 – Switches forward frames only to the relevant port
Because switches only forward broadcast information when the destination is unknown, they are used to create smaller collision domains. A collision domain consists of an area in the network that a data frame will reach if there is a collision. In earlier implementations of Ethernet, all the devices were in the same collision domain because they were on the same wire or they were all connected to a hub.
A collision occurs when a data frame, traveling along a network cable, collides with another frame. The collision causes the data inside the frame to become corrupted. This corrupted frame is received by every device within the collision domain. Smaller collision domains mean that traffic will move faster throughout the network.
It’s very important to be able to recognize collision domains in the CCNA exam because you could be presented with a diagram showing routers, switches, and hubs and asked how many collision and broadcast domains have been created. Figure 1.3 below demonstrates a network hub that has created one collision domain (it’s also one broadcast domain because there are no VLANs or routers present). If you ever see a hub in a network diagram referring to collision and broadcast domains, remember that the hub does not increase the number of collision domains or reduce the number of broadcast domains.
FIG 1.3 – Hubs are in one collision domain
If you swapped the hub for a switch, you would have four collision domains (one per port used). All devices would still be in the same broadcast domain though.
FIG 1.4 – Each switch port creates a collision domain
We will cover this in more detail later, but it’s worth noting that if you created two VLANs on the switch, you would have two broadcast domains. More VLANs equal more broadcast domains.
FIG 1.5 – VLANs create broadcast domains
We will cover collision domains in more detail in the next chapter.
Modern network standards have all but eliminated collisions in the network, but you still need to understand them in case you need to troubleshoot them on your network. Figures 1.6 and 1.7 illustrate the problem caused when frames collide on the wire.
FIG 1.6 – Frames can collide on the wire
FIG 1.7 – A corrupted frame is heard by every device in a collision domain
You may have read about network bridges in older networking manuals. A bridge is similar to a switch; however, they usually have only two ports, whereas a switch has several ports. A switch is basically a multiport bridge.
Cisco Systems offers a large range of network switches to service small offices all the way up to large service providers. It would be well worth your time to visit Cisco.com and browse the available models and features. At the time of writing this guide, the switch used in the exam was the 2960 model.
FIG 1.8 – Cisco 2960 Switch
Using layer 2 switches to create fewer users per segment is known as microsegmentation. Microsegmentation creates dedicated network segments (i.e., one user per segment). Each user receives instant access to the full bandwidth and therefore does not have to contend for available bandwidth with other users. The outcome is that collisions (commonplace when using hubs) no longer occur (provided you are using full-duplex).
Switches offer another advantage over hubs. Most can store frames in the buffer memory, allowing them to be stored and then forwarded sequentially when the wire is clear.
Router
A router is designed to store a directory of networks. Rather than concerning itself with which PC is where, a router’s job is to find out where different networks are. It then sends the traffic via the best path. This path could be the fastest, most reliable, or shortest, or a combination of these features, depending on how you want traffic to be sent as the network administrator. If the router does not know how to get traffic to its intended destination, it will either drop the packet or forward it to another router that should know how to get it there (we will cover default gateways later).
It is important to remember that by default, routers do not forward broadcasts. If they did, you would find that most networks, including the Internet, would be extremely slow because of all the broadcasts passing across them.
FIG 1.9 – Cisco 1900 Series Router
Because they do not forward broadcast information, routers are used to create broadcast domains. Broadcasts in the network will stop at the router (unless you configure it to forward them, which isn’t recommended). We’ll put all of this together when we revisit collision domains later.
For the exam, remember that switches segment collision domains. Every port on the switch is a separate collision domain, which means a collided frame won’t travel past the port. Remember also that routers segment broadcast domains, and every port on the router is a separate broadcast domain. Finally, all the ports in a hub are in ONE collision domain, while all the ports in a switch are in the same broadcast domain.
The Open Systems Interconnection Model
In the 1980s, there was a huge increase in the number of companies producing networking equipment and protocols. It was very difficult to connect networks together and almost impossible to do so using different vendors’ equipment. The job of standardizing networking fell on the International Organization for Standardization (ISO). The ISO created a model for every company to follow when designing networking hardware and software. This model was named the Open Systems Interconnection model, more commonly known as the OSI model.
The OSI model not only serves as a reference—there is also a practical value in using it. There must be some way to order things so we know which devices do which job. What if your company wants to buy switches from a different vendor than the one it buys their routers from—how can it be sure that the equipment will work together?
Advantages of using the OSI model include the following:
- Allows different vendors’ equipment to work together
- Allows different types of network hardware and software to communicate
- A change made in one layer does not affect any of the other layers
The OSI model consists of seven different layers, and each layer is responsible for a specific function or set of functions. We always refer to the model in the order below, starting with layer 7:
- Application (layer 7)
- Presentation (layer 6)
- Session (layer 5)
- Transport (layer 4)
- Network (layer 3)
- Data link (layer 2)
- Physical (layer 1)
![]() |
The application layer is also known as layer 7; it is never called layer 1. The physical layer is always known as layer 1, and so on. |
An easy way to remember the order of the layers is to use the acronym APSTNDP (All People Seem To Need Data Processing).
Encapsulation
As data passes down each OSI layer, a new header is added to it; this process is called encapsulation. The header contains information about how the data should be treated by the receiver. As data is encapsulated while moving down the layers, it will be known by a different name. This is necessary because each layer requires a different set of information and addressing to work properly. When the data is received at the destination, it is then de-encapsulated, a process that removes each header, and then the information is passed up to the next layer.
As shown in Figure 1.10 below, the order of data encapsulation is data, segment, packet, frame, and bit. An easy way to remember the order of data encapsulation is to use the acronym DSPFB (Don’t Some People Fry Bacon).
FIG 1.10 – Five steps of data encapsulation
Data turns into a segment at the transport layer, which turns into a packet at the network layer, which turns into a frame at the data link layer, which turns into a bit at the physical layer. Any exam question that refers to a data frame or packet and asks which OSI layer it applies to can be easily answered if you remember the acronym for the five steps of data encapsulation above.
An easy way to see the division of the various layers is by examining a packet capture from software such as Wireshark. We will be looking at packet captures throughout this guide, so download your own free copy at https://www.wireshark.org/ (if you downloaded the GNS3 virtual machine, packet capture software is included).
FIG 1.11 – OSI as seen inside Wireshark
If you are using Wireshark, you can use another view via Protocol Hierarchy Statistics, which will display the used OSI layers, as shown in Figure 1.12 below:
FIG 1.12 – Protocol hierarchy statistics inside Wireshark
Application Layer
The application layer is where most users interact with the network. It establishes whether the destination is available to communicate and determines whether sufficient resources are available to do so.
There are many services that operate at the application layer. Some of them include:
- World Wide Web (WWW) – connects millions of users to servers and provides multimedia functions such as text, graphics, and sound
- E-mail (SMTP, POP) – the standard used to send and receive e-mail all over the world
- File Transfer Protocol (FTP) – provides a means to upload and download large files over networks (imagine having to e-mail a colleague a 20 Mb file!)
- Telnet – used to connect to networking devices remotely (many network engineers connect to their networking equipment many miles away from the actual physical location)
In the exam, you might be expected to explain how you would test whether all seven OSI layers are working correctly on your network. The answer would be that you could telnet or FTP to another host.
Presentation Layer
The function of the presentation layer is to present data to the application layer. It converts coded data into a format the application layer can understand. It is also responsible for data encryption, data decryption, and, finally, data compression.
The presentation layer converts many multimedia functions for the application layer, including:
- JPEG (Joint Photographic Experts Group) – a widely used image format
- MPEG (Moving Pictures Experts Group) – the format used for video compression and coding
- QuickTime – manages audio and video for Macs and iPads
- ASCII (American Standard Code for Information Interchange) – the standard format for text and data
![]() |
Aside from what is listed as Graphic Image File (GIF), Bitmap (BMP), MP3, and EBCIDIC (or mainframe language), any protocol that will change the look of the data operates at the presentation layer. |
Session Layer
In the session layer, sessions or dialogs between applications are set up, managed, and eventually terminated. A session is coordinated and synchronized to prevent different applications’ data from becoming mixed up during transfer.
Some of the protocols that operate at the session layer include:
- Network File System (NFS) – developed by Sun/IBM for use with TCP/IP and UNIX to allow transparent remote access to resources
- Structured Query Language (SQL) – provides a simple means of accessing system information on local or remote systems
- Remote Procedure Call (RPC) – procedures created on a client and performed on a server
Transport Layer
In this layer, end-to-end data transport services are provided to the upper OSI layers. The transport layer takes data from the upper layers, breaks it into smaller units called segments, and adds logical transport information in the header.
Before communication can take place, an end-to-end logical connection called a virtual circuit has to be established. The transport layer includes several protocols, the most common being Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are a part of the TCP/IP (Internet Protocol) suite of protocols. The TCP/IP suite is the standard suite on which most of the Internet operations are based.
TCP is considered a reliable connection-oriented protocol. It uses reliable mechanisms to initiate and terminate connections. It also has flow control and congestion avoidance mechanisms to ensure that data gets to its destination safely. Many application layer protocols use TCP as the transport protocol. Some of them include Telnet, HTTPS (Hypertext Transfer Protocol Secure), and FTP (although they sit at the application layer, they do use TCP).
In TCP, a logical end-to-end connection is achieved by each end-system agreeing that a connection is about to be initiated. This process is known as a three-way handshake. The handshake can be seen if the packets on the wire are read and can be identified by fields in the packet marked SYN, SYN ACK, and ACK. This handshake process will be further detailed in a following section.
FIG 1.13 – The three-way handshake
You can see this process happening with a packet capture. We will also touch on this process later on.
FIG 1.14 – Packet capture of a three-way handshake
Data transfer using TCP as the transport protocol is considered to be reliable. This means that there is a guarantee that the data sent will reach the intended destination. This is accomplished by using three methods:
- Flow control
- Windowing
- Acknowledgments
Flow Control
FIG 1.15 – Flow control
If the receiver is sent more information than it can process, it will ask the sender to stop for a short while. An example of when this can occur is when both sides are using different speeds (e.g., one side is using broadband while the other is using a dial-up modem). The packet sent to stop the sender is known as a source quench message.
Windowing
The TCP window is the amount of data that can be sent before an acknowledgment is required from the receiver. The sender and receiver agree on the window size, and this can be scaled up and down as required.
FIG 1.16 – Windowing
Acknowledgments
Acknowledgments are messages indicating the successful receipt of TCP segments. If a sender does not receive acknowledgments for the segments sent after a certain period, then it knows there is something wrong.
FIG 1.17 – Acknowledgments
UDP, on the other hand, is a connectionless protocol. In other words, it does not care about sequencing or acknowledgments, and it does not have all the fancy mechanisms that TCP uses to ensure that its segments reach their destination safely. This means that applications using UDP must be responsible for their own reliability.
Why is UDP used at all? Unlike TCP, UDP is lightweight. Because it does not have to initiate a connection using a three-way handshake, UDP can be used for applications where speed and bandwidth are a concern. In some cases, these issues are more important than the reliability that TCP provides. Protocols carried on UDP include SNMP (Simple Network Management Protocol) and TFTP (Trivial File Transfer Protocol).
Network Layer
The role of the network layer is to determine the best path or route for data to take from one network to another. Data from the session layer are assembled into packets at this layer, and this is where the end-to-end delivery of packets occurs.
Because networks need some way of identifying themselves, logical addressing also takes place at the network layer. The most popular form of network addressing today is IP addressing using IPv4 or IPv6.
Table 1-1: Router B best-path routing table
Destination Network | Next Hop | Number of Hops Away |
Network 1 | None | Directly connected |
Network 2 | None | Directly connected |
Network 3 | Router A | 1 |
Network 3 | Router C | 1 |
Network 4 | Router A | 1 |
Network 4 | Router C | 2 |
The best path is decided at the network layer. Each router stores a table of which networks are directly connected and how to get to the networks that are not. You can see the routing table for Router B in Table 1-1 above.
FIG 1.18 – Best path is decided at the network layer
Routers operate exclusively at the network layer of the OSI model. When a packet arrives at a router interface, the router looks at the destination network address and decides whether that network is directly connected. If it is not, the router looks at its routing table to see which exit interface it should leave by.
Network Layer Addressing
Logical addressing for TCP/IP uses 32 binary bits to make up a network address (if using IPv4 addressing). Binary is written out in decimal to make it easier to read and understand. An example of a logical address for TCP/IP is 192.168.2.3, where 192.168.2 identifies the network, and 3 belongs to a host in that network. IP addressing is covered in more detail in Chapter 6 of this study guide.
FIG 1.19 – Hosts in a network
Network layer protocols include IP, IPX, and AppleTalk, although the last two are now obsolete.
Data Link Layer
The data link layer is divided into two sublayers—LLC and MAC—as shown in Figure 1.20 below:
FIG 1.20 – The data link layer
The data link layer takes packets from the network layer and divides them into smaller units known as frames. Frames are then transported across a physical medium (i.e., wires). The data link layer has its own way of addressing known as hardware addressing. While the network layer determines where networks are located, the data link layer determines where hosts are located on a particular network.
Logical Link Control Sublayer (IEEE 802.2)
The LLC sublayer interfaces with the network layer and provides Service Access Points (SAPs); these allow the MAC sublayer to communicate with the upper layers of the OSI model.
Media Access Control Sublayer (IEEE 802.3)
The MAC layer directly interfaces with the physical layer. This is where the physical address of the interface or device is stored. A MAC address is a 48-bit address expressed as 12 hexadecimal digits. This address identifies both the manufacturer of the device and the specific host.
FIG 1.21 – MAC address on a PC: 60-A4-4C-41-33-77
The best example of MAC addressing is the address hard-coded onto the network interface card (NIC) in a PC or server. You can see the MAC address (shown as the physical address) of your network card by typing ipconfig/all after the command prompt on your Windows PC. You can use /sbin/ifconfig on the terminal if you are using a MAC or a Linux machine.
In Figure 1.21 above, the first three bytes identify the vendor for the NIC (60-A4-4C). This is known as the Organizationally Unique Identifier (OUI), which is assigned to manufacturers by the Institute of Electrical and Electronics Engineers (IEEE). The next three bytes (41-33-77) are assigned by the vendor and must be unique to prevent the same address from being used twice. Some shady manufacturers do not follow these rules, so always buy vendor-approved equipment to avoid problems.
The MAC address allows devices to have a unique layer 2 address and allows communication to take place at layer 2. Switches and bridges operate at the data link layer of the OSI model. A table of MAC addresses and the port they are connected to is maintained by both devices.
Data Link Protocols
There are many protocols operating at the data link layer. Protocols are an agreed format through which devices in a network communicate with one another. The reason why protocols operate at the data link layer is twofold. First, a connection has to take place before network layer communication can start. Second, data link layer communication is a lot faster than network layer communication because there is far less overhead involved in data link layer networking.
Data link protocols operate on both LANs and WANs and include Ethernet, PPP, Frame Relay, and many more. We will address the protocols pertinent to the CCNA exam in the relevant chapters.
FOR THE EXAM: Because you are using packets at the network layer and frames at the data link layer, remember that you ROUTE PACKETS and FORWARD FRAMES.
Physical Layer
The physical layer takes frames from the data link layer and converts them into bits. The physical layer has to use bits (binary digits) since data on a wire can be sent only as a pulse of electricity or light—that is, only as one of two values, either a 1 or a 0.
The physical layer deals with the physical characteristics of the medium, such as the number of pins and their uses. Physical layer specifications include IEEE 802.3, FDDI, Ethernet, RJ-45, and many more.
Hubs operate at the physical layer of the OSI model. Hubs take the bits, strengthen the signal if it has been degraded, and send them out to every device connected to the ports.
FIG 1.22 – Hubs and repeaters strengthen the signal on the wire
Summary—The OSI Model
The OSI model can be summarized as shown in Table 1-2 below:
Table 1-2: The OSI model summarized
Layer | Encapsulation | Function | Services | Device |
7 Application | Data | Establishes availability of resources | FTP, SMTP, Telnet, POP3 | Hosts/Firewalls |
6 Presentation | Data | Compression, encryption, and decryption | JPEG, GIF, MPEG, ASCII | Hosts/Firewalls |
5 Session | Data | Establishes, maintains, and terminates sessions | NFS, SQL, RPC | Hosts/Firewalls |
4 Transport | Segment | Establishes end-to-end connection; uses virtual circuits, buffering, windowing, and flow control | TCP, UDP | Hosts/Firewalls |
3 Network | Packet | Determines best path for packets to take | IP | Router |
2 Data Link (LLC, MAC) | Frame | Transports data across a physical connection; error detection | Frame Relay, PPP, HDLC | Switch/Bridge |
1 Physical | Bits | Puts data onto the wire | Hub/Cables |
FOR THE EXAM: A thorough knowledge of the OSI model is vital for the exam. Know each level, encapsulation formats, and which device sits where.
The TCP/IP Model
There are different models of representation for internetworking. After the OSI model, comes the TCP/IP model in terms of popularity. The TCP/IP model, which is loosely outlined in RFC 1122 as a four-layer model, does not map directly to the OSI model. RFCs are Requests for Comments, which are documents proposing network protocols and services.
Table 1-3: The OSI and TCP/IP models
OSI | TCP/IP |
Application |
Application |
Presentation | |
Session | |
Transport | Transport/Host-to-Host |
Network | Internet |
Data Link |
Network Access/Network Interface |
Physical |
Unfortunately, there are a variety of TCP/IP models that use different terms for the layers or have five layers instead of four, as shown below. The lowest TCP layer can be referred to as the physical layer, the link layer, or the network interface.
Application |
Transport |
Network |
Data Link |
Physical |
The Cisco Network Academy course book refers to the TCP/IP model as having four layers (see Mark A. Dye, Rick McDonald, and Antoon W. Rufi. Network Fundamentals: CCNA Exploration Companion Guide. 2007. ISBN 1-58713-208-7), while Douglas E. Comer’s highly regarded textbook Internetworking with TCP/IP: Principles, Protocols and Architecture (2005. Pearson Prentice Hall. ISBN 0-13-187671-6) refers to the TCP/IP model as having five layers.
TCP/IP Application Layer
The application layer in the TCP/IP model covers the functionality of the session, presentation, and application layers in the OSI model. Various protocols can be used in this layer, including:
- SMTP, POP3 – used to provide e-mail services
- HTTP – World Wide Web browser content delivery protocol
- FTP – used in file transfer
- DNS – used in domain name translation
- SNMP – network management protocol
- DHCP – used to automatically assign IP addresses to network devices
- Telnet – used to manage and control network devices
The TCP/IP application layer does not provide the actual services; it does, however, define the services the applications require. An example would be your web browser requesting HTTP services from the network. The application layer would provide the interface for this to take place.
Confusingly for many students, some routing protocols such as Border Gateway Protocol (BGP) and Routing Information Protocol (RIP) reside at the TCP/IP application layer; for example, BGP uses TCP to transport its messages, whereas RIP uses UDP. However, for other protocols such as Open Shortest Path First (OSPF), this isn’t the case because they encapsulate messages within IP packets.
TCP/IP Transport/Host-to-Host Layer
The protocols that operate at and control the transport/host-to-host layer are specified in this layer. The TCP/IP transport layer controls the end-to-end logical connection between two devices. Both the TCP/IP transport and Internet layer demonstrate considerable differences compared to the corresponding OSI layers. The transport layer is based on two protocols:
- TCP – This provides connection-oriented communication. This means the path on which the data travels in the network is reliable because the endpoints establish a synchronized connection before sending the data. Every data packet is acknowledged by the receiving host and includes a Checksum field to check for error detection. FTP is an example of a protocol that uses TCP.
- UDP – This provides unreliable, connectionless communication between hosts. Unlike TCP, UDP does not check the segments that arrive at the destination to ensure that they are valid and in the proper order. This means that the integrity verifications and the error connection process will occur in the application layer. In fact, unlike TCP, UDP doesn’t set up a connection between the sender and the recipient. On the other hand, UDP has a smaller overhead than TCP because the UDP header is much smaller. TFTP is an example of a protocol that uses UDP.
The TCP and UDP protocol data units are segments. Each segment contains a number of fields that carry different information about the data, as shown in Figure 1.23 below (we will cover some of the individual fields later in this manual):
FIG 1.23 – UDP and TCP segment fields
The TCP header is larger than the UDP header because of all the extra fields needed to ensure a reliable connection.
Applications that are dependent on TCP and UDP use specific port numbers to operate. Port numbers can take values up to 65535. Most of the common applications are assigned well-known port numbers, which are numbers up to 1023. Port numbers 1024 through 49151 are registered port numbers, and the range 49152 through 65535 defines dynamic port numbers (automatically assigned by network devices). Port numbers are used to distinguish between applications running on the same device. Examples of well-known port numbers include:
- HTTP – TCP port 80
- FTP – TCP port 20 (data) and 21 (control)
- TFTP – UDP port 69
- POP3 – TCP port 110
- SMTP – TCP port 25
- DNS – TCP and UDP port 53
- SNMP – UDP port 161/162
- Telnet – TCP port 23
You’ve already seen that when a TCP connection is established, it follows a process called a three-way handshake. This process uses SYN and ACK bits in the code bits in the TCP segment’s Sequence and Acknowledgment Number fields. Figure 1.24 below illustrates an example of this process during a TCP operation:
FIG 1.24 – TCP operation
In the example depicted above, Host A tries to establish a TCP connection with Host B. Host A sends a segment with the SYN bit set, letting the other device know that it wants to synchronize. The segment includes the initial sequence number 5 that Host A is using. Host B accepts, establishes a session, and sends back a segment with the SYN bit set. Host B also sets the ACK bit to acknowledge that it has received the initial segment sent by Host A.
The acknowledgment number represents the next segment it expects to receive, 6 in this example (this is also called an expectational acknowledgment). The new segment includes the initial sequence number from Host B, 14 in this example. Host A replies with an ACK segment that contains sequence number 6, because this is what Host B is expecting, and acknowledgment number 15, informing Host B that it can send the next segment. This concludes the TCP session establishment phase.
The window size informs the remote host about the number of bytes a device will accept before it must send an acknowledgment. The window sizes may not match on the two endpoints. Host A has a window size of 2, and Host B has a window size of 3. When Host A sends data, it can send 3 bytes before waiting for an acknowledgment; however, Host B can send only 2 bytes before receiving an ACK.
NOTE: The window size specifies the number of bytes (octets) a device will accept; not the number of segments.
After all the data is sent between the two hosts, the session can be closed. Host A sends a segment with the FIN bit set, letting Host B know that it wants to end the TCP session. The segment includes the sequence number Host B is using at that specific moment (341 in this example). Host B acknowledges the request and sets the ACK bit to acknowledgment number 342 to confirm that it received number 341.
The segment also includes the current sequence number of Host B (125 in this example). Host B sends a new segment with the FIN bit set, announcing that the application it is running also requests to close the session. The last step before the session is closed is Host A sending an ACK segment number 126 to confirm that it received number 125 from Host B.
TCP/IP Internet/Network Layer
The Internet layer in the TCP/IP model corresponds to OSI layer 3 (network layer). This layer is responsible for routing data, including addressing and packet format, and uses the following protocols:
- IP (Internet Protocol) – This connectionless protocol offers the best-effort delivery of packets in the network. It relies on transport layer protocols like TCP to ensure a reliable connection. IP addresses are assigned to each network device or interface in the network. IP comes in two flavors: IPv4 and IPv6. These aspects will be covered in detail later in this book.
- ICMP (Internet Control Message Protocol) – This protocol sends messages and error reports through the network. The most-used application that relies on ICMP is ping, which sends an ICMP echo message to the destination and expects an ICMP echo reply to ensure that the destination can be reached and to give information about the delay between the two endpoints. (We will look at ICMP in more detail shortly.)
As mentioned, IP packets can be either in IPv4 format or in IPv6 format. An IPv4 packet, as defined in RFC 791, contains the following fields:
FIG 1.25 – IPv4 packet fields
If you want to read up on the individual fields in detail, then please refer to the Requests for Comments (RFCs) at https://www.rfc-editor.org/. We will mention some of these fields below and later in this guide as they become relevant, but it’s unlikely that you would be tested on the individual fields at the CCNA level. Having said this, I strongly recommend that you take a Wireshark Certified Network Analyst (WCNA) course at some point if you want to be a successful network engineer. The course will give you a very thorough understanding of TCP and the mechanics of internetworking, as well as make you much more confident in your day-to-day role.
The Version field in the packet identifies the IP version; for IPv4, the value would be 0100, which is 4 in binary, and for IPv6, it would be 0110, which is 6 in binary. We will cover binary math in the IP addressing chapter.
The Time to Live (TTL) field is populated with a number when the packet is generated. Pings, for example, start at 255 and decrement down. As the packet traverses each router, the number will decrement by one. If the number reaches zero, the packet will be discarded to prevent packets from endlessly circulating in the network. Note that this facility is unavailable for Ethernet frames, but other mechanisms have been created to address this problem. We will revisit TTL later.
The Protocol field is populated with the protocol number. There are a number of protocols available, such as EIGRP (88), OSPF (89), UDP (17), and TCP (6), and we will discuss some of these protocols as we progress through this guide.
An IPv6 packet contains the following fields:
FIG 1.26 – IPv6 packet fields
The size of an IPv6 address is four times the size of an IPv4 address (i.e., an IPv4 address is 32 bits, while an IPv6 address is 128 bits). More details will be provided on this subject in the IPv6 addressing chapter.
TCP/IP Network Access Layer
The network access layer maps to the OSI data link layer and physical layer, and it has the same functionality as those layers.
A common protocol used at the network access layer is ARP (Address Resolution Protocol), which requests the MAC addresses of a host with a known IP address. This works by sending a broadcast message to all the hosts on a subnet and asking for the MAC address of the host that has the IP address. The host with that IP address responds with its MAC address and the sender caches this in its memory for a period of time. Once the MAC address is known, it is used as a destination address in the frames sent in that specific direction.
TCP/IP Services
If you have had any interest in computer networking, you may have already heard of some of the services to follow. Most novice users don’t know (or care) that they all come under the umbrella of TCP/IP. We’ll be covering many of these in greater detail throughout the book, but for now, here is a brief overview.
File Transfer Protocol
FTP is an application layer protocol that is used to reliably transfer files from a source to a destination. To ensure reliability, FTP uses TCP as its transport protocol.
On Cisco devices, the debug ip ftp command can be used to debug FTP traffic that is destined to the device. Debugs are Cisco troubleshooting tools that display information that you can use to troubleshoot various protocols and services. We will discuss debugs later in this guide because they will be an important part of your troubleshooting tool bag, but they must be used with caution.
FTP uses TCP ports 20 and 21. A control connection is made from the client to the FTP server on port 21. A second data connection is then made from either the FTP server on port 20 (in active FTP) or a random port on the client to port 20 on the FTP server (in passive FTP).
Trivial File Transfer Protocol
TFTP provides an alternative file transfer method that is faster but less reliable than FTP. TFTP uses UDP as its transport protocol and operates on port 69. When using TFTP, you need to specify the exact directory the file is located in because you cannot list the directories.
TFTP can be used to backup and copy router configurations. You will need a TFTP client (which can be the router) and a TFTP service (which can be either another router that has the files stored locally or a server in the network) to accomplish this task. If you are using a server, you need to have TFTP server software installed on the client.
We will demonstrate TFTP again later.
Simple Mail Transfer Protocol
SMTP defines how e-mails are sent to the e-mail server from the client, and it uses TCP as its transport protocol. E-mails can be retrieved from an SMTP server in different ways depending on the e-mail client. One of the protocols for e-mail retrieval is POP3, and another popular e-mail retrieval protocol is IMAP.
Hypertext Transfer Protocol
HTTP is found in the application layer, and it is used to communicate between web servers and clients on TCP port 80. For secure communication, HTTP can be encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). This secure HTTP (HTTPS) uses TCP port 443.
A Cisco router or switch can be connected to via a web browser. You can debug HTTP traffic destined for a Cisco device with the debug ip http command.
Telnet
Telnet is used for remote connections to network devices, and it operates on TCP port 23. Traffic sent using Telnet is in clear text, therefore, it is insecure. A more secure method to remotely access devices is Secure Shell (SSH).
Troubleshooting Tip: Telnet is a good utility to validate that the seven layers of the OSI model are working correctly.
To set up Telnet on a Cisco router, a password should be set on virtual terminal (VTY) lines. To disconnect from a Telnet session, simply type exit or disconnect. To break out of a Telnet session, you can press Ctrl+Shift+6 together, release, and then press x to quit.
On Cisco devices, you can debug Telnet using the debug telnet command. We will use the telnet command several times throughout this guide; however, here is some output from the debug telnet command for a router receiving an incoming Telnet request:
R2#debug telnet
Incoming Telnet debugging is on
R2#
*Mar 1 00:58:58.035: Telnet98: 1 1 251 1
*Mar 1 00:58:58.039: TCP98: Telnet sent WILL ECHO (1)
*Mar 1 00:58:58.039: Telnet98: 2 2 251 3
*Mar 1 00:58:58.039: TCP98: Telnet sent WILL SUPPRESS-GA (3)
Secure Shell
SSH is a cryptographic network protocol used for secure remote command-line login. SSH is often used for remote command executions, such as configuring routers and switches. Your first introduction to SSH may well be using a Telnet/SSH client program such as PuTTY, which enables you to remotely connect to network devices.
We will be looking at remotely connecting to network devices using SSH and Telnet (via PuTTY) later in this book.
SSH File Transfer Protocol
SFTP was devised by the Internet Engineering Task Force (IETF). SFTP provides the same service as FTP (i.e., file access, transfer, and management) but does so securely. The underlying security features and the fact that it can work with an SSH connection make it preferable in secure environments. SFTP is packaged with SSH but is usually integrated into graphical FTP tools such as FileZilla.
FIG 1.27 – SFTP connection manager
SFTP presumes that it is being run over a secure channel (such as SSH), that the client has been authenticated by the server, and that the identity of the client is available to the protocol. It uses port 22 (as does SSH).
Secure Sockets Layer and Transport Layer Security
Both SSL and its replacement, TLS, are application layer cryptographic protocols created to provide secure communication over a computer network. SSL was created by Netscape to provide HTTPS access for its Navigator browser.
TLS is an IETF standard protocol based on SSL, and currently, version 1.3 is in the draft mode. TLS ensures privacy between application users (such as e-mails) by preventing tampering or eavesdropping.
The server and the client authenticate each other using the TLS Handshake Protocol, which then allows them to negotiate an encryption algorithm and cryptographic keys before the exchange of data. Typically, the client remains unauthenticated, and only the server is authenticated and its identity ensured.
Internet Control Message Protocol
As mentioned earlier, the ping utility uses ICMP to test network connectivity by sending ICMP messages. In some cases, it has actually been used by hackers to attack networks by sending lots of ICMP traffic and exhausting network resources. This is called a denial-of-service (DoS) attack.
ICMP is defined in RFC 792, and it is used to detect and report problems in an IP network. It is also used for diagnostic and control purposes. When there is an error in an IP message in the network, the IP packet is dropped, and an ICMP error message is sent back to the sender.
The most common use of ICMP is the ping command to test connectivity between two devices. When a ping command is issued, an ICMP echo request is sent to the destination. If the packet makes it successfully to the destination, the destination replies with an ICMP echo reply. Other information can be derived from a ping, such as the round-trip time (the amount of time it takes for information to get to the device and back). An example of a ping command and output on a Windows machine is shown below:
C:\] ping cisco.com
Pinging cisco.com [72.163.4.161] with 32 bytes of data:
Reply from 72.163.4.161: bytes=32 time=147ms TTL=240
Reply from 72.163.4.161: bytes=32 time=153ms TTL=240
Reply from 72.163.4.161: bytes=32 time=148ms TTL=240
Reply from 72.163.4.161: bytes=32 time=151ms TTL=240
Ping statistics for 72.163.4.161:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round-trip times in milli-seconds:
Minimum = 147ms, Maximum = 153ms, Average = 149ms
Let’s examine the ping output in more detail. You can see that the reply is 32 bytes long, it takes about 150 ms, and the Time to Live is 240. TTL is the value that tells you how many hops (or devices) are between the source and the destination devices. When a packet is sent, it has a TTL of 255. This number is decreased by 1 as the packet goes from one device to another. If the TTL gets to 0, then the packet is dropped, and an ICMP error message is sent. In this case, the TTL is 240, which tells you that you are 15 hops away from cisco.com.
![]() |
The TTL value varies according to the destination OS: Windows = 128 Linux, iOS = 64 Cisco = 255 Solaris = 255 |
Cisco routers have an extended ping feature that allows you to specify some ICMP and IP parameters in the ping. You can access this feature by typing ping and pressing Enter, as shown below:
Router#ping – Press Enter here
Protocol [ip]: – Press Enter here
Target IP address: 172.16.1.1
Repeat count [5]:
Datagram size [100]: 1200
Timeout in seconds [2]:
Extended commands [n]: yes
Source address:
Type of service [0]:
Set DF bit in IP header? [no]: yes
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Sending 5, 1000-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
U U U U U
Success rate is 0% percent, round-trip min/avg/max = 4/6/12 ms
Cisco uses several notations to represent the response the ping packet receives:
- ! – Successful reply
- . – Request timed out
- U – Destination unreachable
- N – Network unreachable
- P – Protocol unreachable
- Q – Source quench message
- M – Could not fragment
- ? – Unknown packet type
You can interrupt a ping session by pressing the Ctrl+Shift+6 keys together.
ICMP packet types are defined in RFC 1700. Learning all of the code numbers and names is outside the scope of the CCNA syllabus (check before you take your exam though).
You can debug ICMP traffic sourced from or destined to a Cisco router with the debug ip icmp command.
Traceroute
Traceroute is another widely utilized ICMP utility that is used to determine the path that a packet will take to reach its destination. Traceroute works by sending UDP packets (or ICMP packets) with a TTL of 1 and then increasing the TTL for the next packet until the entire path from source to destination is determined. At each hop, the TTL is decremented, and if it gets to 0, an ICMP error (time exceeded) message is sent back to the sender. The sender of these time-exceeded packets is displayed to the user (the hops taken to reach the destination).
Cisco routers (and all other UNIX-based devices) use the traceroute command, whereas Windows PCs use tracert. Please remember this difference for the exam.
C:\>tracert cisco.com
Tracing route to cisco.com [72.163.4.161]
over a maximum of 30 hops:
1 [1 ms [1 ms [1 ms 192.168.10.1
2 59 ms 21 ms 9 ms cm-80.111.156.001.ntlworld.ie [80.111.156.1]
3 11 ms 8 ms 10 ms cm-80.111.156.001.ntlworld.ie [80.111.156.1]
4 8 ms 8 ms 11 ms 188-141-127-1.dynamic.upc.ie [188.141.127.1]
5 87 ms 86 ms 86 ms 84.116.238.54
6 89 ms 85 ms 89 ms 84.116.137.74
7 148 ms 132 ms 136 ms 84.116.137.34
8 90 ms 87 ms 85 ms 84.116.135.98
9 86 ms 91 ms 85 ms xe-0-0-0 [204.148.20.177]
10 149 ms 152 ms 148 ms 0.ae2.XT3.DFW9.ALTER.NET [140.222.225.55]
11 153 ms 149 ms 152 ms TenGigE0-4-0-0.GW15.DFW9.ALTER.NET [152.63.98.10]
12 149 ms 147 ms 149 ms cisco-gw.customer.alter.net [157.130.134.190]
13 * * * Request timed out.
14 149 ms 148 ms 150 ms rcdn9-cd2-dmzdcc-gw2-por1.cisco.com [72.163.0.182]
15 149 ms 149 ms 148 ms rcdn9-16b-dcz05n-gw2-por2.cisco.com [72.163.2.110]
16 151 ms 148 ms 149 ms www1.cisco.com [72.163.4.161]
Trace complete.
The fields of the traceroute output are similar to the fields of the ping response shown earlier.
Address Resolution Protocol
Different addressing formats are used to identify network hosts at various layers of the OSI model, including URLs, NICs, and device interfaces. At layer 3, the IP address is used to identify hosts. To communicate with hosts in the same network, the IP address needs to be mapped to the layer 2 address of the hosts. On Ethernet networks, the layer 2 addresses are known as MAC addresses. The protocol used to determine MAC addresses from IP addresses is the Address Resolution Protocol (ARP).
When a host needs to communicate with another host, it sends an ARP request for the MAC address of the host. This request is a broadcast, and all hosts in the network segment receive it. The host with the relevant IP address responds with its MAC address and layer 2 communication begins.
FIG 1.28 – A host broadcasts for another host’s MAC address
You can debug ARP with the debug arp command.
Mini-lab – Checking the ARP Cache
If you have no experience configuring Cisco routers, then feel free to come back to this lab later because we have to add interface addressing. For a simple check of the ARP process, you can connect two routers together with a switch or directly with a crossover cable as per Figure 1.29 below. Add the IP addresses (of course, your MAC addresses will differ from mine so issue a show interface X command to see what your MAC is, as shown below).
Here is the configuration I added to Router 1. On Router 2, change the IP address to 192.168.1.2 and configure the hostname R2.
Router#conf t
Router(config)#hostname R1
R1(config)#int f0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut
On Router 1, I can issue a show arp command to check the ARP cache. (Note that the MAC address starts with c201 for R1 and c202 for R2.) I actually used GNS3 for this lab because it’s much easier to access, and it works really well with Wireshark, which is free. A device will store its own ARP entry for a connected interface, but in the Age column there will be a “–” which indicates that it will never time out.
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 – c201.07f6.0000 ARPA Fa0/0
Router 1 Fast Ethernet 0/0 interface has MAC address c201.07f6.0000, which can be seen above and below. I have added 192.168.1.1 as an IP address.
R1#show int f0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is c201.07f6.0000 (bia c201.07f6.0000)
Internet address is 192.168.1.1/24
Router 2 has the MAC address c202.07f6.000 and the IP address 192.168.1.2 as shown below:
R2#show int f0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is c202.07f6.0000 (bia c202.07f6.0000)
Internet address is 192.168.1.2/24
If R1 wants to ping R2, it must establish the layer 2 address (MAC) to encapsulate the packet correctly. When I issue the ping 192.168.1.2 command, R1 will ARP for the device that is configured with this IP address. The ARP packet will be sent BEFORE the ping, which is why you will often see the first ping fail. Bear in mind that several devices could be on this segment of the network.
FIG 1.29 – ARP broadcast
Figure 1.30 below shows a packet capture of the ARP broadcast using Wireshark. You will see that the R1 MAC address starting with source c201 is set as the source MAC. The Destination field is unknown, so it is set to be a broadcast, which in hexadecimal is all Fs.
FIG 1.30 – ARP packet capture
If you examine the ARP packet, you will see the following:
FIG 1.31 – ARP packet with destination MAC field unpopulated
The target MAC is a broadcast, but the sending host knows the target IP address (because I typed it in at the command prompt), so the reply is unicast.
FIG 1.32 – ARP response
You can also see the host 192.168.1.2 reply that this IP address is using MAC c202.07f6.0000:
FIG 1.33 – ARP response packet capture
And in particular, the ARP fields:
FIG 1.34 – Sender MAC address field is populated
Finally, you can see that the ARP table on R1 is now populated. If you need to send packets to R2 again, there will be no need to ARP for the MAC Address. The ARP table will eventually clear if no traffic is sent to R2.
R1#show arp
Protocol Address Age(min) Hardware Addr Type Interface
Internet 192.168.1.1 – c201.07f6.0000 ARPA FastEthernet0/0
Internet 192.168.1.2 15 c202.07f6.0000 ARPA FastEthernet0/0
It’s worth noting the Age field, which indicates how long the entry has been known. The MAC address for 192.168.1.2 was learned 15 minutes ago, according to the output above. If the entry was learned less than one minute ago, the entry would be 0. The dash after 192.168.1.1 indicates a directly attached entry, so it won’t be flushed. These seemingly insignificant details are very important to note for the exam.
If for any reason, you wanted to flush the ARP table on the router, you would issue the clear arp command. If you want to examine the ARP cache on a Windows PC, the command is arp –a. Bear in mind that network hosts will usually store the IP address and MAC address for the default gateway, which it will use to reach any device on another segment or network.
[END OF MINI-LAB]Proxy ARP
Proxy ARP is a mechanism for a router to send a reply (on behalf of another device but containing its own MAC address). Because routers do not forward broadcasts, an ARP request from one segment to another segment cannot reach the intended recipient. To facilitate communication, the router responds with its own MAC address, and then forwards the packet to the correct destination when it receives it. This mechanism is defined in RFC 1027.
FIG 1.35 – Proxy ARP in action
You may hear Proxy ARP referred to as promiscuous ARP in some circles.
Proxy ARP is turned on in Cisco routers by default. It can be turned on/off using the [no] ip proxy arp command. The function of Proxy ARP is summarized above in Figure 1.35. The router responds to the ARP request with the MAC address nearest to the requesting host. This allows the sending host to encapsulate the layer 2 Destination field in the packet, and the router will then correctly address the packet before sending it to the destination host. Note that the sending host’s ARP cache shows the router MAC address mapping to the destination host’s IP address 10.0.0.1.
Proxy ARP is a hot exam topic, so let’s go into some more detail.
Mini-lab – Discovering Proxy ARP
Figure 1.36 below shows a network with two hosts connecting to R2. Because I’ve used GNS3 for this example, it was quicker, in fact, to use two other routers as hosts (PCs). You can see that each interface has its own IP address and MAC address.
FIG 1.36 – Mini-lab: Proxy ARP
There are two networks here—192.168.1.0/24 and 172.16.1.0/16. When R1 wants to send a packet to R3, it needs to ARP for the correct MAC address for R3 so that it can encapsulate it correctly. The layer 3 address is known but not the layer 2 address. The layer 3 address can never change as the packet traverses the network, but the layer 2 address will change from host to host.
![]() |
The only time you will see the layer 3 address change is if NAT is in place. You will learn how NAT works in a later chapter. |
Please add all the IP addresses as per Figure 1.36, but you will also need to add some static routes. We don’t cover these until later, so feel free to come back to this lab after reading up on static routes and IP addressing.
After adding the IP addresses, the static routes below need to be added to both R1 and R3 (you already know how to change the hostname from the previous configuration). You don’t need to add a static route to R2 because both 192 and 172 networks are attached (so R2 already knows where they both are).
R1(config)#interface f0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
R2(config)#int fast0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#int fast 0/1
R2(config-if)#ip add 172.16.1.1 255.255.0.0
R2(config-if)#no shut
R3(config)#int f0/0
R3(config-if)#ip add 172.16.1.2 255.255.0.0
R3(config-if)#no shut
R3(config)#ip route 0.0.0.0 0.0.0.0 f0/1
R1 has no ARP entry for 172.16.1.2, so it will need to broadcast for it:
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 – c201.06f1.0001 ARPA FastEthernet0/0
If you issue a ping from R1 to reach 172.16.1.2, there will be a short delay due to the ARP broadcast and then a response. The delay causes the first few ping packets to fail due to a timeout, indicated by the exclamation point (!) in the example below. If you didn’t have the static route, R1 would have dropped the packet because there is no route to it, and routers don’t send broadcasts (by default).
R1#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
…!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 40/46/52 ms
R2 uses Proxy ARP and sends its own MAC address as the destination for R3. This allows R1 to address the packet and send it. R2 will then swap the destination MAC address for the correct one attached to the R3 interface.
You can see the ARP request from R1 in the packet capture below. Item 9 is asking “Who has 172.16.1.2?” Enable Wireshark on GNS3, if you are using it, or on your home lab.
FIG 1.37 – ARP request
The Proxy ARP reply comes from R2, and you can see that the MAC address ends in 02, which belongs to the Fast Ethernet interface connecting R2 to R1.
FIG 1.38 – Proxy ARP response
You can see that the ARP cache on R1 now has an entry for 172.16.1.2, but the MAC address is for the interface connected on R2. The fact that R2 will swap this for the correct MAC address is transparent to R1.
R1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.16.1.2 11 c201.06f1.0002 ARPA Fa0/0
Internet 192.168.1.1 – c201.06f1.0001 ARPA Fa0/0
One final point is that if you do this lab using GNS3, you might have to manually change the MAC addresses because GNS3 sometimes duplicates the same one. Here is how I did it on R3:
R3(config)#int f0/1
R3(config-if)#mac-address c201.06f1.0004
[END OF MINI-LAB]As a packet traverses the network, the source and destination IP addresses will never change in the packet (unless NAT is in use, as Dario stated). The MAC address will have to change from hop to hop though. You can see an example of this in Figure 1.39 below:
FIG 1.39 – IP address never changes
This entire process is transparent to the hosts who view the connection, as shown in Figure 1.40 below:
FIG 1.40 – How the connection appears to hosts
If you see multiple IP addresses mapping to the same MAC address in your ARP cache, this indicates that Proxy ARP is in use. Please also bear in mind that you issue a show arp command on a router, but on Windows PCs, the command is arp -a.
If you found the above configurations a little hard to follow, come back to them later when you have a bit more confidence and knowledge.
Reverse Address Resolution Protocol
Reverse ARP (RARP) is the opposite of ARP in that it maps a known MAC address to an IP address. A typical use for this protocol is thin clients obtaining their IP addresses from servers when they are booting up. RARP has been replaced by Dynamic Host Configuration Protocol (DHCP), which can supply more than just an IP address (DHCP will be covered in detail later in this book).
Gratuitous ARP
On occasion (e.g., after the link goes up or the interface gets enabled), a device might issue an ARP request with its own IP address as the target address. This type of ARP request is known as Gratuitous ARP (GARP).
GARP is used if a device wants to check whether a certain IP address is already in use in the network. If a response is received, then the IP address is in use. GARP is also used by HSRP (which will be covered later) when a router on another subnet takes over as an active router.
You can see a GARP packet capture below in Figure 1.41 (the image is copyrighted by Wireshark.org):
FIG 1.41 – GARP packet capture
Simple Network Management Protocol
SNMP is a management protocol that allows a management station to read and write specific values for different parameters of a network device. A network device can also send messages (called traps) to a management station to inform it about events such as high CPU usage, an interface fault, or other issues. You can debug SNMP traffic with the debug snmp command.
SNMP is an important CCNA exam topic that will be covered in more detail later in this manual.
Domain Name System
You’ve already learned that ARP resolves MAC addresses mapped to IP addresses. The Domain Name System (DNS) protocol uses UDP to resolve the hostnames mapped to IP addresses. This allows you to enter www.howtonetwork.com, rather than an IP address, in a Web browser. Every Internet Service Provider (ISP) has its own DNS servers that list the most common hostnames and their corresponding IP addresses. If the IP address of the hostname you want is not there, then the ISP will pass the request on to a DNS root server.
If you are using DHCP on your network, you are usually allocated an IP address for your nearest DNS server. If you are using a home network, the IP address will often be that of your router, which then passes the DNS Query on to your hosting company.
FIG 1.42 – ipconfig /all output
You can configure a hostname mapped to an IP address on a router with the command ip host [name] [ip address]. See the mini-lab below for more information. We will cover DNS and DHCP in more detail later in this guide.
Mini-lab – Pinging Hostnames
As hostnames are much easier to remember than a long list of IP addresses, mapping a hostname to an IP address can be accomplished by using the hostname facility. Please add the IP addresses as per Figure 1.43 below (you learned how to do this in the earlier mini-labs). In this case, you won’t need any static routes because the network is directly connected.
FIG 1.43 – Mini-lab: Pinging hostnames
Add a hostname to the IP address mapping on Router A:
RouterA(config)#ip host RouterB 192.168.1.2
You can then ping the hostname:
RouterA#ping routerb ï Not case sensitive
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
[END OF MINI-LAB]You can specify one or more servers to act as DNS servers to resolve IP addresses mapped to hostnames. To do this, you need to use the ip name-server [server-address 1] [server-address 2] command. Type the command below on Router A:
RouterA(config)#ip name-server 192.168.1.1 172.16.1.1
One problem you will no doubt encounter is the fact that routers automatically try to resolve an entry to a hostname if it is not an IOS command. If the router does not know what the hostname is, it tries to translate it. Type out the following on your router:
RouterA#tggt
Translating tggt…domain server (255.255.255.255) ï Broadcast packet
Translating tggt…domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
RouterA#
Your output may differ depending on your IOS or whether you are using Packet Tracer or GNS3. This can be very frustrating because you have to wait for several seconds while the router tries to resolve the hostname. You can disable name resolution using the no ip domain-lookup command:
RouterA#config terminal
RouterA(config)#no ip domain-lookup
RouterA(config)#^z
RouterA#tggt
Translating tggt
% Unknown command or computer name, or unable to find computer address
RouterA#
Your IOS release may already have the no ip domain-lookup command configured by default. The output of a show run command on my router shows which commands are on by default:
RouterA#sh run
Building configuration…
Current configuration: 951 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
ip cef
!
no ip domain lookup
Router as a DNS Client
From the router command prompt, you can enter DNS servers and use fully qualified domain names (FQDN). Let’s add a public DNS server to the IOS and ping a website by name. You will need access to a public DNS server to get this to work, but please do type the commands out regardless.
Router(config)#ip name-server 4.2.2.2
Router(config)#exit
Router#ping www.cisco.com
Translating www.cisco.com;
% Unrecognized host or address, or protocol not running
Next, tell the router to use DNS (remember, you disabled it a few outputs ago) by enabling domain-lookups:
Router(config)#ip domain-lookup
Router#ping www.cisco.com
Translating www.cisco.com;…domain server (4.2.2.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 198.133.219.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5)
If you look closer at the output above, you can see that the router queried the DNS server at 4.2.2.2, and it responded back with the IP address 198.133.219.25. You could, of course, enter your private DNS servers, and you would be able to ping your internal names from your network equipment. This is only for internal network management (the management plane). In the next section, we’ll look at using IOS for hosting DNS solutions.
Router as a DNS Proxy
There are occasions where your router provides DHCP services, and it would make life easier if that same router could forward DNS services too. Well, it can! Let’s take a look at how to do that. Just like above, you have to tell the router where to find a DNS server and enable the router to provide a DNS service:
Router(config)#ip name-server 4.2.2.2
Router#ping www.howtonetwork.com
Translating www.howtonetwork.com
% Unrecognized host or address, or protocol not running.
Router(config)#ip domain-lookup
Next, enable DNS on the router with the following command:
Router(config)#ip dns server
That is it! Now clients can use the router as a DNS server. Figure 1.44 below helps explain this process. But what if you need the router to resolve an internal address? You can now add DNS records directly on the router:
Router(config)#ip host server1.mydomain.com 10.10.10.5
From a host, let’s set the DNS server on the router to look up the server1 DNS name:
F:\]nslookup
Default Server: dns-p1.mydomain.com
Address: 10.10.10.11
> server 10.10.10.254 – Set the system to use the DNS server
Default Server: [10.10.10.254]
Address: 10.10.10.254
> server1.mydomain.com – Query for the name server1.mydomain.com
Server: 10.10.10.254 – The FQDN for the DNS server
Address: 10.10.10.254
Name: server1.mydomain.com – The response from the router running DNS
Address: 10.10.10.5 – The IP address of server1.mydomain.com
FIG 1.44 – Public DNS server
It is recommended that you do not use a router as a DNS server. A router is meant to route packets, and that is what it does best. The previous scenario was for demonstration purposes and should be avoided when possible.
You can debug DNS traffic with the debug domain command.
It’s worth noting that DNS for IPv4 and IPv6 are very similar in that they resolve hostnames mapped to IP addresses. One difference, however, is the name used for IPv4 and IPv6 DNS records. For IPv4, they are known as A records (made from 32 bits), whereas for IPv6, they are known as AAAA records (made from 128 bits). “A” simply stands for address.
There is a large amount of information to learn about DNS server hierarchy and zone transfers; however, this is more typically expected for a Network+ exam, not for the CCNA exam. We will revisit DNS later in this guide to address some more syllabus-specific points.
Cisco Discovery Protocol
CDP is a Cisco proprietary protocol designed to collect information about neighboring network devices. CDP is on by default on Cisco devices.
Because of its always-on feature, it presents a security risk to the network, but it is a very useful troubleshooting tool. For these reasons, we will cover CDP again in more detail later in this guide. CDP has always been an exam favorite.
It’s worth noting that CDP only runs on Cisco devices (as mentioned), but it doesn’t run on hubs, so even if one is connected, you can’t use CDP to find it. This is why you might see MAC addresses recorded on your switch, but no switch connected via CDP.
FIG 1.45 – CDP in operation
Switch1#show cdp neighbor
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge, S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone
Device ID Local Intrface Holdtime Capability Platform Port ID
Switch Fas0/1 136 S 2960 Fas0/1
Router Gig1/1 139 R C1900 Gig0/0
Mini-lab – Checking for CDP Neighbors
In Figure 1.46 below, we have a simple Ethernet connection between R1 and R2. Please add the IP addresses to the relevant interfaces.
FIG 1.46 – Mini-lab: Checking for CDP neighbors
The show cdp command will display basic CDP protocol information for your device. Of course, your output may differ if you have different router models and IOS releases because Cisco changes things over time.
R1#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
You can see a basic CDP output with the show cdp neighbor command (note the U.S. spelling). I’ve shortened the command slightly because this is how you will use the commands in the real world.
R1#show cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge, S – Switch, H – Host, I – IGMP, r – Repeater
Device ID Local Intrface Holdtime Capability Platform Port ID
R2 Fas0/0 170 R S I 3725 Fas0/0
Next, you will see how powerful a tool CDP can be for troubleshooting and how it can present a security vulnerability when you add the detail tag to the command to reveal far more information:
R1#show cdp neighbors detail
————————-
Device ID: R2.lab.local
Entry address(es):
IP address: 192.168.1.2
Platform: Cisco 3725, Capabilities: Router Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime: 161 sec
Version:
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 15.1(15)T7, RELEASE SOFTWARE (fc3)
advertisement version: 2
VTP Management Domain: ”
Duplex: half
R1 can see the remote IP address of R2 (192.168.1.2), the IOS release (15.1(15)T7), the platform (C3725), and the interface on which R1 learned this information (FastEthernet0/0). I’ve often used the above commands when called in to troubleshoot an unfamiliar network. With these commands, you can quickly work out the physical topology, as well as where to try to telnet to and ping.
[END OF MINI-LAB]Link-Layer Discovery Protocol
LLDP is an open-standard version of CDP. For all intents and purposes, LLDP and CDP are one in the same. LLDP is the open standard version defined in IEEE 802.1AB. You would use it if you were supporting non-Cisco devices or connecting Cisco to non-Cisco.
As with CDP, LLDP is used by devices to advertise and exchange information over the data-link layer. LLDP supports attributes which are used to discover neighbor devices. These attributes contain type, length, and value descriptions, and you have heard of the TVL exchange before. This information can include configurations, device capabilities, port details, and other parameters.
Depending upon your IOS and device model, management TLVs can include port description, system name, system capabilities, management address, and system description.
Default LLDP settings include:
- LLDP global state – Disabled
- LLDP holdtime (before discarding) – 120 seconds
- LLDP timer (packet update frequency) – 30 seconds
- LLDP reinitialization delay – 2 seconds
- LLDP tlv-select – Enabled to send and receive all TLVs.
- LLDP interface state – Enabled
- LLDP receive – Enabled
- LLDP transmit – Enabled
LLDP is enabled in global configuration mode with the lldp run command.
It’s well worth noting some of the timers you can set globally for LLDP.
- lldp holdtime [seconds] – (Optional) Specifies the amount of time a receiving device should hold the information sent by your device before discarding it. The range is 0 to 65535 seconds; the default is 120 seconds.
- lldp reinit – (Optional) Specifies the delay time in seconds for LLDP to initialize on any interface. The range is 2 to 5 seconds; the default is 2 seconds.
- lldp timer [seconds] – (Optional) Sets the transmission frequency of LLDP updates in seconds. The range is 5 to 65534 seconds; the default is 30 seconds.
A sample configuration would be:
Switch#configure terminal
Switch(config)#lldp holdtime 130
Switch(config)#lldp reinit 3
Switch(config)#lldp timer 30
Switch(config)#end
This example illustrates how to configure a holdtime of 130 seconds, a delay time of 3 seconds, and an update frequency of 30.
Mini-lab – Discovering Devices with LLDP
For all intents and purposes, LLDP and CDP are one in the same. LLDP is the open standard version defined in IEEE 802.1AB. Only later IOS releases and certain platforms support LLDP. For labs, it will be easiest to complete them using Packet Tracer.
FIG 1.47 – Discovering devices with LLDP
You may find that (unlike CDP) LLDP is disabled by default:
Router0#show lldp neighbors
% LLDP is not enabled
Router0(config)#lldp run
Router0(config)#end
You need to enable LLDP on all devices and no shut any interfaces. There is no need to add any IP addresses because LLDP runs at Layer 2:
Router0#show lldp nei
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
Switch Gig0/0 120 B Gig0/1
Total entries displayed: 1
Router0#
Switch#show lldp nei
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
Router0 Gig0/1 120 R Gig0/0
Router1 Gig0/2 120 R Gig0/0
Total entries displayed: 2
You can also disable or enable LLDP per interface:
Router0(config)#int g0/0
Router0(config-if)#lldp ?
receive Enable LLDP reception on interface
transmit Enable LLDP transmission on interface
There are other LLDP show commands, but these are not supported on PT:
show lldp entry
show lldp interface
show lldp neighbors detail
show lldp traffic
debug lldp
You can disable LLDP by configuring no lldp run globally or no lldp transmit/receive per interface.
[END OF MINI-LAB]Network Topologies
The network topologies featured in early versions of the CCNA exam were dropped after Cisco decided that students taking the CCNA exam already had around 18 months of networking experience and were already at the CompTIA Network+ or similar level of knowledge. Network topologies are now back in the exam, presumably after feedback from various Cisco customers.
The network topology is usually decided during the design phase, and will usually be limited by technology, which always comes down to a balance between cost, reliability, scalability, and security. It is fairly rare for a company to have unlimited funds, so compromises have to be made in certain areas.
Figure 1.48 below is from our Cisco CCDA Simplified study guide and demonstrates some of the factors to be considered during the network planning phase:
FIG 1.48 – Cisco network design considerations
Cisco has a very advanced network planning model, and if a company’s budget is big enough, Cisco will engage a network design architect for assistance. Cisco also offers a range of network design certifications that are highly regarded, from CCDA to CCDP and CCDE (although the first two are now retired).
The Cisco network planning model can be summarized as follows:
- Top-down approach recommended for medium to large campus designs
- Big-picture down to small details
- Starting at layer 7 and moving down to layer 1
- Quick-fix method, which is the bottom-up approach (however, this leads to rollbacks and errors)
Figure 1.49 below represents the top-down approach at a high level:
FIG 1.49 – Cisco top-down approach to design
As Figure 1.49 shows, the design planning sub-projects include:
- Choosing the technology, acquisitioning, and provisioning
- Physical topology design (placing the design at different layers)
- Addressing the design scheme, including NAT solutions
- Routing selection and design
- Quality of Service design (traffic management)
- Security design
- IP Multicast design (for video and audio streaming)
- IPv6 provisioning design
There are many topology choices and, as stated above, it all boils down to available technology and a company’s particular requirements, budget, and the future plans for growth (such as acquiring other companies). Cisco only mentions star, mesh, and hybrid in the syllabus; however, there are a few others in the exam and, of course, in the real world, which include:
- Point-to-point
- Point-to-multipoint
- Ring
- Star
- Bus
- WAN-specific – hub-and-spoke/full-mesh/partial-mesh
Point-to-Point
Point-to-point networks are a direct link between two devices. They are most often used in WAN topologies such as T1/E1. A common exam question asks about the advantages of this topology, and one advantage is that such a link usually requires only two IP addresses (/30 address).
FIG 1.50 – Point-to-point link
Point-to-Multipoint
Point-to-multipoint networks are very popular today and are commonly used in wireless networks. With this topology, multiple devices communicate with a central device/interface. End devices may not necessarily be able to communicate, which means that extra configuration commands may have to be added to overcome this issue.
You will learn more about configuring routing protocols such as EIGRP over point-to-multipoint networks in the CCNP exams.
FIG 1.51 – Point-to-multipoint topology
Ring
Ring networks were common in the 1980s and 1990s when token ring was the typical topology for LANs. The name stems from the fact that all network nodes are connected in a ring fashion. One advantage is that if one node fails, a connection is still possible. If the router fails, however, then the entire network will experience an outage. The ring topology is still used in Metro Area Networks but with dual rings for redundancy.
FIG 1.52 – Ring topology
Star
The star topology is the most commonly used topology in modern networks. It may not look like a star when you see it racked up but, in this topology, all nodes directly connect to a central device (usually a switch). The star topology is used in Ethernet networks.
FIG 1.53 – Star topology
Bus
The bus topology was used in early implementations of Ethernet with coaxial cables. These were thick wires that had to be physically pierced and were notoriously difficult to work with and troubleshoot. A break in a cable would bring the entire network down.
FIG 1.54 – Bus topology
WAN-specific
There are a few options when it comes to the WAN topology, and there may be some limitations depending on where in the world a company is based and what their service providers can offer.
Options includes hub-and-spoke, full-mesh, and partial-mesh, among others. The full-mesh topology is the most fault-tolerant since there is a connection from every device to every other device. As shown in Figure 1.55 below, full-mesh requires each node to be connected to every other node:
FIG 1.55 – Full-mesh
If you want to work out the number of connections required, the formula is n*(n-1)/2 connections, so 5 nodes = 10 connections (5 x 4 /2 = 10).
The hub-and-spoke topology is shown in Figure 1.56 below:
FIG 1.56 – WAN hub-and-spoke topology
Hybrid topologies vary depending on a company’s needs. They can combine mesh, partial-mesh, bus, star, point-to-multipoint, etc., and they can grow over time if requirements change. Figure 1.57 below shows an example of a hybrid topology:
FIG 1.57 – Hybrid topology
End of Chapter Questions
Please visit www.howtonetwork.com/ccnasimplified to take the free Chapter 1 exam.
Chapter 1 Labs
Lab 1: Basic Lab – Router Modes and Commands
There is no physical topology for this lab. Just use any Cisco router.
Purpose
Any person new to configuring Cisco routers needs to feel comfortable navigating around the various router features and modes. This lab will be a great icebreaker for a budding CCNA. We cover how to use a console cable with a router later (if you are a beginner), so follow those steps before you start or come back to this lab later if you wish. It will still be here waiting for you.
Your output and interfaces may differ from mine if you are using a different model and IOS release.
Lab Objectives
- Connect to the console port.
- Enter privileged mode (enable mode).
- Enter global configuration mode (config mode).
- Enter the interface configuration mode.
- Enter the routing configuration mode (router mode).
- Exit to privileged mode.
- Execute some useful commands.
- Exit to user exec mode.
- Examine interface statistics.
- Change router hostname.
Lab Walk-through
- When connecting to the console of the router, you will typically see the following message. Always type no if asked if you want to enter System Configuration Dialog:
— System Configuration Dialog —
Continue with configuration dialog? [yes/no]: no
Press RETURN to get started!
Router con0 is now available
As instructed, you simply need to press the Enter key and enter the first mode of the router, user exec mode:
Router>
- Now you are in user exec mode. Next, enter privileged mode, or enable mode as it is more commonly known. To do this, type:
Router>enable
You will now be presented with a new prompt that has a hash/pound (#) sign instead of the greater than (>) sign:
Router>enable
Router#
Enable mode is used to perform all the show and debug commands, which will be explained later in the lab.
- The next mode to enter is global configuration mode, or config mode as it is more commonly known. To enter config mode, type:
Router#config terminal
As you will soon learn, all the commands in the Cisco IOS (operating system) can be abbreviated; for example, you could have entered:
Router#conf t
If you just type config and press Enter, you will receive the following output:
Router#config
Configuring from terminal, memory, or network [terminal]?
As you will see, terminal is the default (indicated by the square brackets []), so you can simply press Enter to go into config or privileged mode.
- Once in config mode, you will be prompted with the following message:
Router#config terminal
Enter configuration commands, one per line. End with Ctrl+Z.
Router(config)#
This is telling you that when you have finished in config mode, press the Ctrl+Z keys together to exit.
Once in config mode, you will notice that the prompt has changed again, this time from Router# to Router(config)#, indicating that you are in config mode. There are sublayers to config mode, but we are only interested in two of them, the first being interface configuration mode. First, you need to know which interfaces you have available:
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Fa0/0 unassigned YES unset administratively down down
Fa0/1 unassigned YES unset administratively down down
I have F0/0 and F0/1 available on my router. Your options may differ.
Router(config)#interface FastEthernet0/0 – Or use Loopback 0 if your router does not have an Ethernet interface
Router(config-if)#
If you are not sure which interfaces you have on your router, enter the show ip interface brief command at the Router# prompt. If you do not have an Ethernet interface, replace the command above with interface Loopback 0.
You will see that the prompt has changed again: the (config-if) tells you that you are now in interface configuration mode. If you aren’t sure what to type, then enter a question mark (?) at the end of what you are typing.
Router(config)#interface ?
Dot11Radio Dot11 interface
Ethernet IEEE 802.3
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Loopback Loopback interface
Serial Serial
Tunnel Tunnel interface
Virtual-Template Virtual Template interface
Vlan Catalyst Vlans
range interface range command
Router(config)#interface FastEthernet0/0
Router(config-if)#
- Another sublayer of config mode is the router configuration mode:
Router(config-if)#exit
Router(config)#router rip
Router(config-router)#
When you exit from interface configuration mode and type router rip, you enter router configuration mode. You can see that the prompt has changed again to reflect this.
- To exit config mode and go back to privileged (enable) mode, you simply need to type:
Router(config-router)#^Z – Hold down the Ctrl and Z keys (together)
Router#
When you do this, you will get the following message displayed after a few seconds:
%SYS-5-CONFIG_I: Configured from console by console
Router#
- Now that you are back in enable mode, you can use some useful show commands. The common ones to use are shown below:
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Fa0/0 unassigned YES unset administratively down down
Fa0/1 unassigned YES unset administratively down down
Router#
The benefit of this command is that it shows the status and IP addresses of all the interfaces in a table. Do not worry if your output is different from the one above.
The next command that is useful is show running-configuration, which will display the current configuration (yours may look different from the one below). The output will be cut short so that you can see it all on your monitor. You can press the Enter key to go through it line by line or press the space bar to scroll up a page at a time:
Router#show running-config
Or:
Router#show run – Abbreviated command
Building configuration…
Current configuration: 489 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
End
Type show version (or show ver for short):
Router#show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thurs 5-Jan-12 15:41 by pt_team
ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
cisco2911 uptime is 1 minutes, 35 seconds
System returned to ROM by power-on
System image file is “flash0:c2900-universalk9-mz.SPA.151-1.M4.bin”
Last reload type: Normal Reload
If you require further assistance please contact us by sending email to export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX152400KS
3 GigabitEthernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249856K bytes of ATA System CompactFlash 0 (Read/Write)
Configuration register is 0x2102
To exit to user exec mode, you simply need to type disable or exit:
Router#disable
Router>enable
Router#
- You can also examine the interface statistics with the show interface x command:
Router#show interface f0/0
FastEthernet0/0 is administratively down, line protocol is down (disabled)
Hardware is Lance, address is 0060.5cd9.8001 (bia 0060.5cd9.8001)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, Loopback not set
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router#
- You can change the hostname of the router by doing the following:
Router#config
Configuring from terminal, memory, or network [terminal]? – Press Enter
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RouterA
RouterA(config)#
- Now reload the router: Do not save any changes.
Router#reload
Lab 2: ARP, CDP, Ping, and Telnet Lab
The physical topology is shown in Figure 1.58 below. Connect two routers with a crossover cable or with a switch.
FIG 1.58 – ARP, CDP, ping, and telnet lab
Lab Exercise
Your task is to configure the network referring to Figure 1.58 above to check for an ARP entry and a CDP neighbor, and to test the ping command and the telnet command. We are using Loopback interfaces here, which only exist logically. They are a perfect way to test routing and access lists without having to plug in extra hosts and cables.
Please note that if your interfaces aren’t numbered F0/0, you will need to swap the interface ID with what you do have. Issue a show ip interface brief command to see what you have available. We will cover some of the commands here, such as static routing, which will be explained in later sections. Just copy them for now.
Purpose
This lab explores some TCP and CDP fundamentals. ARP issues are very common, and the capacity to check ARP entries will be very useful to you in your career as a Cisco engineer.
Lab Objectives
- Use the IP addressing scheme depicted in Figure 1.58 above. We are using Ethernet interfaces connected by a crossover cable or a switch for this lab.
- Set Telnet access for the router to use the local login permissions for username banbury and the password ccna.
- Configure the enable password to be cisco.
- Check the ARP entry on Router A. Ping Router B and check the ARP entry again.
- Check CDP neighbor details.
- Telnet from Router A to Router B.
Lab Walk-through
- To set the IP addresses on an interface, you will need to do the following:
Router#config t
Router(config)#hostname RouterA
RouterA(config)#interface FastEthernet0/0
RouterA(config-if)#ip address 10.0.0.1 255.0.0.0
RouterA(config-if)#no shutdown
RouterA(config-if)#interface Loopback0
RouterA(config-if)#ip address 172.16.1.1 255.255.0.0
RouterA(config-if)#interface Loopback 1
RouterA(config-if)#ip address 172.20.1.1 255.255.0.0
RouterA(config-if)#^Z
RouterA#
Router B:
Router#config t
Router(config)#hostname RouterB
RouterB(config)#
RouterB(config)#interface FastEthernet0/0
RouterB(config-if)#ip address 10.0.0.2 255.0.0.0
RouterB(config-if)#no shutdown
RouterB(config-if)#interface Loopback0
RouterB(config-if)#ip address 172.30.1.1 255.255.0.0
RouterB(config-if)#interface Loopback1
RouterB(config-if)#ip address 172.31.1.1 255.255.0.0
RouterB(config-if)#^Z
RouterB#
- To set Telnet access, you need to configure the VTY lines to allow Telnet access. You first need to check how many Telnet/VTY lines you have as each model differs, as does GNS3. To do this, type (in configuration mode):
RouterA(config)#line vty 0 ?
<1-903> Last Line number
<cr>
RouterA(config)#line vty 0 903 – Enters the VTY line configuration
RouterA(config-line)#login local – This will use local usernames and passwords for Telnet access
RouterA(config-line)#exit – Exit the VTY config mode
RouterA(config)#username banbury password ccna – Creates name and password for Telnet access (login local)
Router B:
RouterB(config)#line vty 0 903
RouterB(config-line)#login local
RouterB(config-line)#exit
RouterB(config)#username banbury password ccna
- To set the enable password, do the following:
RouterA(config)#enable secret cisco – Sets the enable password (encrypted)
Router B:
RouterB(config)#enable secret cisco
- To configure a default route, there is one simple step (in configuration mode):
RouterA(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 – For all unknown addresses send the packet out of F0/0
Router B:
RouterB(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
- To test the connection, first, you will need to check whether the link is up. To do this, use the show interface command (see below):
Make sure that Fast Ethernet 0/0 is up and line protocol is up.
RouterA#show interface FastEthernet0/0
FastEthernet0 is up, line protocol is up
Hardware is Lance, address is 0000.0c3d.d469 (bia 0000.0c3d.d469)
Internet address is 10.0.0.1/8
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, Loopback not set
Next, ping your neighbor’s Ethernet interface; this will test whether the link is OK:
RouterA#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.!!!! – The first ping failed, while the ARP reply came back from Router A
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms.
Next, check your router ARP cache:
RouterA#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.2 0 0050.5460.f1f8 ARPA F0/0
Internet 10.0.0.1 – 0010.7b80.63a3 ARPA F0/0
Your hardware address will obviously be different from the one on my routers!
- To test CDP, you simply need to enter the show cdp neighbor Bear in mind that the spelling is in U.S. English and that you will have a different output, depending on what device you are connected to. We will cover CDP in more detail later in this guide.
RouterA#show cdp neighbor
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge S – Switch, H – Host, I – IGMP, r – Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
RouterB F0/0 0 172 R 2900 F0/0
- Finally, telnet from Router A to Router B. To quit a Telnet session, hold down the Ctrl+Shift+6 keys at the same time. Then release, and press the X key. Or just type exit a few times.
RouterA#telnet 10.0.0.2
Trying 10.0.0.2 … Open
User Access Verification
Username: banbury
Password: – Won’t show as you type it
RouterB>enable
Password:
RouterB# – You are now in privileged mode on Router B
Now issue a show run command on both routers and look at the output.
Lab 3: Traceroute from Router A to Router B
FIG 1.59 – Performing a traceroute
Lab Exercise
In this lab, you will perform a traceroute From Router A to Router B using Figure 1.59 above as a reference. You wouldn’t usually use the traceroute command over two routers, but it’s an easy way to try out some commands. You configured the above network in the previous lab, so please copy all those commands.
Purpose
The traceroute command is a very valuable part of your troubleshooting toolkit. Don’t mistake this for the Windows tracert command, which won’t work on Cisco routers.
Lab Walk-through
In privileged mode, type in the Loopback address of Router B:
RouterA#traceroute 172.30.1.1
Type escape sequence to abort.
Tracing the route to 172.30.1.1
1 10.0.0.2 24 msec * 32 msec
Lab 4: Copy Startup Config Using TFTP
The physical topology is shown in Figure 1.60 below:
FIG 1.60 – TFTP lab
Lab Exercise
Your task is to configure the IP addressing specified in Figure 1.60.
Text in Courier New font indicates commands that can be entered on the router.
Purpose
Backing up the router’s configuration is a crucial part of your backup and disaster avoidance procedures. You will also need to use a TFTP server if you want to upgrade your router’s IOS. Familiarity with using a TFTP server is a fundamental skill for a Cisco engineer.
Lab Objectives
- Configure the router’s Ethernet interface.
- Put TFTP software onto your PC.
- Connect the PC and router with a crossover cable, or using a hub or switch.
- Ping across the Ethernet link.
- Copy the startup configuration from the router to the TFTP server.
Lab Walk-through
- Configure the network shown in Figure 1.60. If you need help, look at some of the other labs you have already configured.
Router#config t
RouterA(config)#interface FastEthernet0
RouterA(config-if))#ip address 10.0.0.2 255.0.0.0
RouterA(config-if)#no shut
- Install TFTP software on your PC, making it a TFTP server. You can find this software at websites such as www.solarwindsuk.net. Install the software on the root of your C drive. Alternatively, use a server inside Packet Tracer and turn on TFTP.
Make sure that both the PC and the router are in the same subnet. Change the IP address of the PC to 10.0.0.1 255.0.0.0.
Ping the PC from the router to confirm IP connectivity.
Router#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
Copy the startup configuration to the TFTP server.
Router#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router#copy start tftp:
Address or name of remote host []? 10.0.0.1
Destination filename [router-confg]?
!!
747 bytes copied in 0.256 secs
Router#
- Check the TFTP log to make sure that the file has been received.
FIG 1.61 – TFTP in action
You can look for the configuration file in Windows Explorer.
FIG 1.62 – File received
- Reload the router. You can use the copy tftp: start
Router#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router#copy tftp: start
Address or name of remote host []? 10.0.0.1
Source filename []? router-confg – Note the spelling
Destination filename [startup-config]? – Just press Enter here
Accessing tftp://10.0.0.1/router-confg…Accessing tftp://10.0.0.1/router-confg…
Loading router-confg .from 10.0.0.1 (via Ethernet0): !
[OK – 421/4096 bytes]
[OK]
747 bytes copied in 37.980 secs (11 bytes/sec)
Router#
00:18:04: %SYS-5-CONFIG_NV_I: Nonvolatile storage configured from tftp://10.0.0.1/router-confg by console
ALWAYS, ALWAYS NAME THE ROUTER’S STARTUP CONFIGURATION AS startup-config. DOING OTHERWISE WILL PREVENT THE ROUTER FROM BOOTING CORRECTLY.