If you want to get a certification to help you in your IT career, you could hardly go wrong with Cisco certification. Being a CCIE (the top-level Cisco certification) guarantees you a lot of prestige when you go for a job interview. (There are only 6,000 CCIEs in this world, about half of which are in the United States. Want exact figures from Cisco itself? Go to Cisco's CCIE worldwise census at http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_present.html.) And even being a CCNA (the entry-level Cisco certification) isn't bad. It shows that you know something, anyway.

Unfortunately, that is what makes it difficult. In order to gain *any* certification, you must know things. And as any student can tell you, knowing things is difficult. However, studying things (which is the simplest way to know things) can be made easier by having study resources. Thus, this web page. Yes, this page is about Cisco products, and how to utilize them to maximum benefit.

Actually, it'll just be a dump of random notes as I myself study the CCNA material. Most of my writings on computers have been done on-the-fly, written in the midst of my own explorations so other students can "enjoy" them. This place will be no different. The CCNA material will be the first thing in my life that I have ever really "studied"; Up to this point I have basically wandered, poking at various things and picking up bits of info here and there. This will be my first controlled, focused study on a particular matter. It should be interesting.

Anyway, most of the Cisco certification revolves around routers. Although Cisco sells a complete line of hubs and switches as well, hubs and switches are much simpler devices (hubs are almost entirely physical, with no logic or "smart" circuitry in them), and require much less concerted study than routers. So I might as well begin with routers, the main focus.

What is a router, and what does it do? A router is a device which routes. It takes in network traffic, and sends that traffic to its intended destination. A router is like a traffic cop in an intersection, directing traffic where to go. (Well, sort of.)

Routers are layer-3 switching devices, which means that they work at layer 3 of the OSI model. If you've never heard of the OSI model, now would be a good time to start, because it is involved in a LOT of discussion over networking. Basically, the OSI model is a 7-layer model which defines how various networking technologies operate. The 7 layers of the OSI model are:

7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data-Link
1. Physical

So what is the difference between a layer-3 device, and a switch or bridge (layer-2 devices) or a hub (layer-1 device)?

Well, as stated before, hubs are physical. This means they don't do any actual processing of any data; They just pass data along different sets of physical wires.

A switch or bridge, on the other hand, works at the data-link layer. They use hardware addresses, which are usually called MAC (Media Access Control) messages. Every computer's network interface card (NIC) has a MAC address, which is burned into the ROM on that card. (Amazing but true: Every NIC in the world has a unique MAC address programmed into it.) MAC addresses specify physical devices, and they are what layer-2 switching devices work with. Because they address physical systems, layer-2 devices are protocol-independant, and can work with IP, IPX, or any other protocol you can pull out of your hat. They send data to physical addresses, not network ones.

Routers, on the other hand, being the layer-3 (network) devices that they are, work with network addresses. If a router is using IP, and it gets a packet addressed to (for example) 115.27.89.6, it will try to get the packet to the computer with that IP address.

Although they are the devices which make up most of the framework of the Internet, receiving and sending packets on their journey through the network, routers do not actually have very many connections; In most cases, they are only directly connected to a few systems. When a router tries to send a packet to a computer, it usually doesn't send it directly there; Instead, it sends it to *another* router, one which is slightly closer to the destination. Each occurrence of a packet moving from one router to another is called a "hop". Usually packets make several hops to reach their destination.

So when a router gets a packet, how does it know where to send it to? The answer: Routing tables. A routing table is a table stored inside every router which tells it which connection it should send a packet down. As an example, take this fairly simple network:

C1--------------R1------------R2------------R3------------C2

Imagine C1 and C2 are two computers, and the three Rs are routers between them. (This is a pretty stupid network layout, but it's just being used as an example.) Each router needs to know how to reach each computer. For this, they use their routing tables. A routing table has two main fields for each entry: An address, and a connection. That is, an address of a computer on the network, and a connection for which to send packets destined for that address. I realize this isn't all that clear when you say it in words, so as an example, look at the network above. How would R1, for example, handle packets which are supposed to go to C2? Obviously, it must send them to R2. From there, R1's work is done, and R2 would in turn need to know that it must pass the packet on to R3. R1's routing table would look like this:

C1: Directly connected
C2: R2

See what I mean? The second entry indicates that packets destined for C2 are to be sent to R2. (The first entry indicates that C1 is directly connected to R1, and it should just send the packets straight there.)

By extension, R2's routing table probably looks like this:

C1: R1
C2: R3

You get the idea, I hope. This is the whole concept of routers, routing, and routing tables. Each router doesn't really know where the target computer is (unless the target computer happens to be directly connected), so it just knows where to forward that computer's data instead.

Now that you know what a routing table is and how it works... How do you view or edit the entries in it? This is where you need to know specific commands. A large amount of Cisco knowledge is just knowing the commands used on Cisco routers. Cisco routers run IOS (Internetwork Operating System), which uses a command-line interface that will make any MS-DOS user feel nostalgic. The IOS command to view the router's IP routing table is:

show ip route

In fact, show is the basic information-getting command in IOS, and it is the most-used command on Cisco routers. Anyway, the show ip route output looks something like this:

S 172.16.40.18 via 172.16.38.27
S 172.16.41.9 via 172.16.38.25
C 127.16.38.14 is directly connected

Basically, the first line states that any packets going to 172.16.40.18 should be sent from this router directly to 172.16.38.27 (which, obviously, must be a directly-connected system). The "via" indicates that packets are going to the first address via the second address. The second line is the same thing, just a different target address and a different corresponding router for it. The third line states that the system at 127.16.38.14 is already directly connected to this router, and no routing is necessary for packets destined there: Just send the packets directly to their destination.

The "C" at the beginning of the third line indicates the system is directly connected. What do the letter "S"s mean on the first two lines? They stand for "static", and indicate simply that those are static routes. What is a static route? It's one which has been manually set by some human. Static routes are so called because they usually don't change, and have been programmed by the network administrator as unchanging. What is the alternative to static routes? Dynamic routes! Dynamic routing is a way of having the routers on your network automatically keep themselves updated about changes to the network and adjust their own routing tables as appropriate! Sounds convenient, doesn't it? It is, but it comes much later, since it's not foolproof and it's really not something you can rely on until you know more about networks.

Okay, so now you know how to display a router's routing table. You know how to see exactly what systems/networks it's programmed for, and where it will send packets destined for those destinations. The next question: How do you CHANGE the routing table? It's easy. The syntax is:

(Don't worry too much about the net mask part just yet, we'll get to that in a moment.)

For example, the first line in the example routing table above would have been created using this command:

You see? Rather simple, isn't it! This is how you create entries in a routing table. You now know the basics of what you need to know to analyze, create, and maintain the routing infrastructure of a network.

(Important note: Before you can use the ip route command, you must enter configuration mode. ip route is not a normal command-line command; It must be run in what is called "global configuration mode", a special mode which lets you configure stuff. To enter GCM, type configure terminal. This will set you up at the configuration prompt. Furthermore, note that configure terminal is a privileged command, meaning not just anybody can run it; It's meant only for administrators to run. You must first turn on privileged commands by typing enable. You will be prompted for the password. So, to sum up, before you can use ip route, you must: 1. Type enable, 2. Type the password for privileged commands when prompted, and 3. Type configure terminal. As if this whole thing needed another complication.)

And that net mask thing? Well, okay, here's the promised explanation for that: So far, we've been working with the concept of making a routing table entry for every computer on the entire network. For example, we just saw a command which made an entry for the computer at 172.16.40.18. But in reality, most routing tables store information for whole networks, not just single computers. It's usually a pretty safe bet that if a router knows how to reach one system, it knows how to reach every system on that part of the network. What all this means is that it would be more efficient to make one routing table entry for the entire network of 172.16.40 than to make a separate one for every system on that network. We want our router to notice that the address begins with 172.16.40 and know where to send the packet, without having to have a separate entry for every computer. To do this, we use net masks. A net mask specifies what part of the address refers to the network, and what part of the address refers to a specific computer.

In the case of most networks, the first three octects of the IP address are the network address, and the last one is the host address. In our example, the famous computer with an IP of 172.16.40.18 is probably linked up with a bunch of other systems, each having an address beginning with 172.16.40. This network uses the first three octects for the network address. But not all networks do this. Some use only the first two. Some use only the first one. And others use bizarre schemes to use parts of an octet for the network address and the rest for the host address. (This is called "subnetting", and is a network study nightmare which many people find to be the most annoying part of learning networking.) Anyway, the bottom line is that the router needs to know how much of the address is network and how much is host. The net mask tells it just this. In the above ip route command, notice we used a netmask of 255.255.255.0. As you might guess, a 255 indicates that an octect is used for the network, and a 0 indicates that it's used for the host. This is really all you need to know about netmasks right now (until you get into subnetting later, which will require masks using numbers other than 0 and 255). For now, this is good enough. The point is that we have a system with an address of 172.16.40.18, on a network which uses the first 3 octects for the network address, and it should be reached through the router at 172.16.38.27. Now, since you know that routers usually route by entire networks, not just host-by-host, you'll want to know how to do this. You'd use the following command:

This will make the router send any packet (with a destination address beginning with 172.16.40) to 172.16.38.27.

What if this network used only the first two octets for a network address, and the last two for a host address? What then? You'd use this command:

Translation: Any address beginning with 172.16 will get forwarded to 172.16.38.27.

If this is your first exposure to IP, Cisco routers, and the concept of routing in general, I have probably thoroughly confused you by now. Sit down for a while, get something to drink (perhaps a light snack), and think about what you've read. At this point you have learned most of the really important stuff you need to know. There is much, much more to know about Cisco routers, but most of it is specialized stuff which most people don't use a lot. For now, you understand the essentials.

Ready for more? Okay. Let's move from that discussion of routing tables into a subject that's somewhat related: Access lists.

You can probably guess what access lists are just by the name. They are, quite simply, lists of who has access to what. They're security tools used to keep out people who don't need to be here, and to let in people who need to be able to get here. An access list is maintained much like a routing table on a router.

An access list doesn't take effect as soon as you create it; It must first be applied to an interface. Instead, access lists are simply stored as lists of rules which can be implemented, or not. You might compare them to laws: Laws are stored in lawbooks, but that doesn't mean they're always used. They may just sit there for a long time before anybody puts them into effect against someone. Cisco routers store access lists by groups of 100. Each group of 100 serves a different purpose. For example, all the access lists from 1 to 99 are for standard IP access lists. The numbers from 100 to 199 are for extended IP access lists. Other number ranges have other specific protocols and types. So you can make up to 100 different lists for each type, and then apply any of these lists as necessary to whichever interface you want.

A couple of things may be bugging you which should be explained here: First, what's an "interface" in reference to a router? It might be simply translated as "wire", for that's what it usually is. It just means a port or access path through which data enters (or leaves) the router through the network. Secondly, what's the difference between a "standard" access list and an "extended" one? A standard IP access list filters packets only by the source network address; That's it. An extended IP access list can filter by both source and destination network address, protocol field, and port number. (Assuming the packet has a higher-level protocol which uses ports, for IP itself is a portless protocol.) Obviously, the extended list provides more functionality, but is also a bit trickier to set up. (It's worth noting that standard IPX access lists filter by both source and destination addresses, unlike IP ones.)

Now that we have some basic understanding of access lists, let's try creating some. The command for working with access lists is, amazingly enough, access-list. The syntax is:

(NOTE: This actually applies only to standard IP access lists. We'll get to extended IP access lists later.)

listnumber is the list number you want to modify. Next, you can either type deny (to deny the specified address) or permit (to achieve the opposite effect). As an example, if there is a computer at 146.12.18.94 which you don't want to let into this section of the network, you could block it using the following command (assuming you want to use list 1, which, bear in mind, is a standard IP access list):

We're really rockin' now. Since it's good to be able to verify changes, we might want to view the access list we've just modified. You may have guessed that we use show to view access lists. Type show access-list 1 and access list 1 should be printed out.

Now all that's left is to actually put this into effect. Remember, right now the access list isn't doing anything; It's only being stored on the router as a rule, ready to be implemented. You need to actually apply it to an interface. Let's imagine we want to apply it to interface e0, which is apparently an Ethernet line (as symbolized by the e). To start this process, first type int e0, which puts you into interface configuration mode, a mode where you can configure interfaces (in this case, the interface e0). Next, just type either of the following two lines:

What's the difference? The first line applies the rule to packets going INTO the host; 146.12.18.94 will not be allowed to RECEIVE packets through this router. The second line works the other way; That host will not be allowed to SEND any packets through this router. Kind of cool, when you think about it. Although there are a bunch of access list types supported by Cisco routers, the only ones you need to remember for a CCNA test are:

1-99: Standard IP
100-199: Extended IP
800-899: Standard IPX
900-999: Extended IPX
1000-1099: IPX SAP

(SAP, in this case, is Service Advertising Protocol, a protocol used with IPX.)

Now, as promised, here's the syntax for setting up an extended IP access list:

For example, you could use this command...

...To block the IP address 187.16.92.11 from connecting to anything via port 23 (the Telnet port). This command also is an example of using the "any" keyword to mean (as you may have guessed) any host. You can also use "any" for the source address, which of course would prevent any connections from anywhere going to port 23. The eq means "equal to" port 23. You could also use gt to mean "ports greater than 23", or lt to mean "ports less than 23".

We now move to a discussion of one of the simpler protocols (in a relative sense) associated with Cisco networking equipment: Spanning-Tree Protocol, or STP. STP serves a rather specific function and doesn't have too much depth to study, but it's something you should know about because it's important in most modern-day networking setups.

STP was originally created by the legendary Digital Equipment Corporation (DEC), which was, in more recent times, bought out by (and merged with) Compaq. The IEEE, which seems to butt its nose into a lot of standards like this, created a protocol based on STP called IEEE 802.1d. All Cisco switches use IEEE 802.1d, which is not compatible with DEC's STP.

So what is STP, or rather, what does it do? Quite simply, it is a protocol designed to eliminate network loops in your network. This leads to the question: What is a network loop? It is an infinite loop created by redundant links in a network. Redundant links are important in networks. They are central to the idea of reliability. A redundant link is basically a data cable which connects systems which have already been connected through another route. This kind of setup lets data go along another path in case one path goes down for some reason. This system is what leads to the inherent reliability in a big network like the Internet: Even if one node goes down, the data can still find another way to get to its destination.

But redundant links create another problem, which should become fairly apparent if you think about it for a moment: Since switches basically act to send out everything they receive through the network, a redundant link can create a loop between two switches. As a simple example, take a look at this diagram:

/-S1-------------S2--\
|                    |
|                    |
|                    |
\--------------------/

Pretend those are two switches. Now imagine S1 gets a transmission from somewhere on the line coming in from the left side. It dutifully re-transmits the data on the line going out its right. This data passes to whatever devices are attached to that line, which, for purposes of simplicity, are not illustrated here, except for S2. S2 gets the transmission, and in its own turn, broadcasts this data out the other line. Now, this is all very well and good, but it creates an obvious problem: S1 will soon get the same transmission again, on the left line. And so it will broadcast it again, and an infinite loop is created. This is the problem with redundant links. Clearly, something must be done about this.

That's where STP comes in. STP uses a precise algorithm to eliminate active links between switches, so only one link is active at any one time, and the redundant links can be used if the active links go down. Thus you have all the problems resolved: You have extra links available for reliability, but they are not actually used until they're needed, thus eliminating network loops. It's an elegant concept, but STP is not quite as elegant a solution. Still, it works.

The first step in implementing STP is selecting a root bridge. There can only be one root bridge in any network. The root bridge is determined by two things: The device's priority setting, and its MAC address. Each switch or bridge on the network has a default priority of 32,768. You can fiddle with this, but most people don't, meaning that all the devices probably have that same default priority. So, the MAC address will probably be used to determine the root bridge. Whichever device has the lowest MAC address will be selected as the root bridge for the network.

After a root bridge has been chosen, the next step is to assign a root port for each switch or bridge on the network. Each must have exactly one root port, except for the root bridge itself, which has zero of them. Theoretically speaking, the way to determine the root port on a device is very simple: The root port is the one with the best connection to the root bridge. In practice, determining the "best" connection is tricky. It is usually determined through a combination of hops (how many hops it takes to get to the root port over that port) and bandwidth (how fast that particular link transmits).

Once the root port has been determined, you go on to define designated ports for each of the switching devices. Designated ports are ports which can transmit. (As opposed to nondesignated ports, which are ports that have been blocked by STP because they would create a network loop). Designated ports are said to exist in a forwarding state, because they forward things, while nondesignated ports are said to be in a blocking state, because they block things.

Devices using STP transmit BPDUs (Bridge Protocol Data Units) among themselves to implement STP. BPDUs contain such information as each device's bridge ID. (The bridge ID is 8 bytes long, and contains both the device's priority setting and its MAC address.) By default, BPDUs are transmitted by each device every 2 seconds. (Yes, that's right, 2 seconds.)

A port on a bridge or switch can be in four possible states, from STP's point of view: Blocking, listening, learning, and forwarding. Of these, listening and learning ports are said to be "transitory", while blocking and forwarding ports are considered "stable". Eventually listening and learning ports are to settle into being either blocking or forwarding, but they are still trying to decide which they should be. (Normally, listening or learning ports only exist when a new device has been added to the network, or when changes have been made to the network structure.)

A blocking port does nothing to the network. It only listens to BPDUs to see if it should stop being a blocking port. It will also not build an internal table of MAC addresses.

A listening port is listening to BPDUs to see if it should turn into a blocking or a forwarding port. It will decide later based on the BPDUs it receives.

A learning port will learn MAC addresses and build its own internal table of them (unlike a blocking port), but still does not forward frames.

A forwarding port forwards all data.

If you were even slightly familiar with local-area networking in the 1980s, you've almost certainly heard of IPX (Internetwork Packet Exchange), and its companion protocol SPX (Sequenced Packet Exchange, which is to IPX what TCP is to IP). IPX used to be by far the dominant protocol for LANs, until the wild upsurgence of the Internet made TCP/IP a popular protocol suite for local as well as wide-area networking. The reason IPX was so important was simple: It was the main protocol of the most popular NOS: Novell NetWare.

Today, although IPX ain't what it used to be, it is still used on many networks and it still holds a place on Cisco's testing. As such, it is important to know at least the basics of it.

If you've studied IP addressing in depth, including the different classes and subnetting, IPX addressing may spoil you, as they are dead simple in comparison. All you really need to know is this: IPX addresses are always 80 bits, and the first 32 bits comprise the network portion, while the remaining 48 bits are the host portion.

Unlike IP, IPX uses single-number network addresses, like 26 or 412. None of that dotted-decimal octet stuff. This is one case where something sounds too good to be true, but really is true. Note that these addresses (like any other IPX addresses) are considered in hexadecimal by Cisco IOS. The highest possible IPX network is FFFFFFFE. (FFFFFFFF is the IPX broadcast network address.)

The only difficult thing about using IPX with Cisco equipment is the issue of encapsulation. Therefore, it is something the tests are likely to bring up to make sure you learned about it. Basically, with IPX there are four possible types of encapsulation on Ethernet networks, two types for Token Ring, and three types for FDDI. These encapsulations, and their keywords used to designate them on the IOS command line, are:

(Keywords are in brackets)

Ethernet:

Ethernet_802.3 (novell-ether) (default)
Ethernet_802.2 (sap)
Ethernet_II (arpa)
Ethernet_snap (snap)

Token Ring:

Token-Ring (sap) (default)
Token-Ring_snap (snap)

FDDI:

Fddi_snap (snap) (default)
Fddi_802.2 (sap)
Fddi_raw (novell-fddi)

To enable IPX routing on a Cisco router, all you need to do is type ipx routing from global configuration mode.

If you thought that the information on routing tables (and how to view and modify them) was all you needed to know about routing, I have bad news: There's more. What you read before was called static routing, which is routing that is configured manually by a real human. Although static routing gives you the most control over your network's configuration, it has the very obvious problem of being more work. On a large corporate network, it is not feasible, as it would be a full-time job in itself. There are two other kinds of routing: Default routing and dynamic routing.

Default routing is used for packets with a destination network that is not in the routing table. It is basically a "path of last resort" for when the router does not know exactly where to send a packet. It's like saying "If you don't know where this goes, just send it here and hope it gets where it's going." Default routing is only possible on "stub" networks, which are networks with only one connection leading to them. (Obviously, that one connection becomes the place where the router sends those packets.)

Dynamic routing is more complicated and warrants a lengthy discussion. It basically means having the networking equipment automatically update and maintain routing tables by detecting changes in the network structure and adapting accordingly. This probably sounds really cool, the whole concept of a network running itself. It is, but it also means more to learn and know. Dynamic routing also has another drawback: It takes up some of your bandwidth.

Dynamic routing uses protocols specifically dedicated for the purpose. The CCNA exam is concerned with only two routing protocols: RIP (Routing Information Protocol) and IGRP (Interior Gateway Routing Protocol). CCNP covers EIGRP (Extended IGRP) and OSPF (Open Shortest Path First) as well. RIP and IGRP are both "distance-vector" routing protocols. They work by simply having every router send its routing table to every other router. The other routers then accept this table and adopt it without question. Periodically, the routing tables are all re-transmitted (typically every 30 seconds) to make sure everybody's up-to-date. (OSPF, incidentally, is the only major routing protocol covered by the Cisco exams that is not a distance-vector one; Rather, it is a "link-state" routing protocol.)

Routing protocols use administrative distances (ADs), which are not actually used to measure distance, but trustworthiness. An entry in a routing table has an administrative distance which can be from 0 to 255, where 0 is considered absolutely trustworthy and 255 is not trusted much at all. The idea behind all this is that a routing protocol can sometimes send inaccurate information, resulting in false routing tables; To prevent this, information received is graded and the most trustworthy information is used.

Devices which are directly connected to each other, with nothing in between, have an administrative distance of 0. Static routing table entries (ones which were created by a human) have an AD of 1. Beyond that, each routing protocol has its own default AD which it will use. ADs for common routing protocols are as follows:

EIGRP 90
IGRP 100
OSPF 110
RIP 120
External EIGRP 170
Unknown 255

("Unknown" is the equivalent of "Where the heck did this come from?" An entry with an AD of 255 will never be used.)

So how do you use these protocols? To turn on a protocol, use the router command. To turn on RIP, just type router rip. (This must be typed from global configuration mode.) This puts you in RIP configuration mode, where the only command you really need is network, which lets you specify what network to advertise. For example, to start making the router advertise network 100.10.0.0, you'd type network 100.10.0.0. So to start making RIP work for you, you only need two commands:

router rip
network x.x.x.x

You can take a look at what RIP has done for your routing table by using the show ip route command. Routes which were added with RIP are signified with an R next to them.

Turning IGRP on is similar, with one difference: You must specify an AS (autonomous system) number when enabling IGRP. The AS is basically the set of routers which communicate routing information with each other. Routers within the same AS will communicate IGRP info to each other, while routers in different ASes will not. For example, suppose you have 4 routers (let's call them R1, R2, R3, and R4). Further suppose that you want R1 and R2 to share IGRP updates, and R3 and R4 to share with each other as well, but NOT R1 with R3 or R4 and not R2 with R3 or R4. You'd put R1 and R2 into one AS, and R3 and R4 together into a different one. The AS is simply a number, so to turn on IGRP for this router and put it in AS 1, you'd type:

router igrp 1

Then, just as with RIP, you'd use a network command to specify what network to advertise. Boom, you're done. As with RIP, you can see what IGRP has done with the show ip route command. Routes which were added by IGRP are signified with an I.

Curiously, the Spanning-Tree Protocol (STP) discussed previously is only used for layer-2 switching devices, switches and bridges. It is not used in routers, which creates the possibility of routing loops, which are the same type of loop that we previously saw, except they happen at layer 3 of the OSI model instead. There is no special protocol to deal with this problem; Instead, it is solved through a variety of techniques. Some of these are listed below.

This is similar to the Time To Live (TTL) field in an IP packet's header; It is the rule that a packet will be discarded after it has taken a certain number of hops between routers, with the assumption that it is undeliverable. The RIP routing protocol has a hop count limit of 15, so any packet which makes more than 15 hops will be thrown away.

A simple and logical idea, the split horizon is simply the rule that a router must never send back data to the same interface it received it from. Makes sense, doesn't it?

Route poisoning is the immediate advertisement over the network of a route that has gone down. This helps do away with the serious problem of conflicting reports on a network, where one router thinks that the route is still good and sends out messages to this effect, while a router closer to the problem keeps (correctly) stating that the route is down.

A holddown is basically a set time limit in which a router should not change its routing tables because of turmoil over the network. If a router receives a message that a particular route has gone down, it will start a holddown timer, during which time it will not transmit any info about that route, but instead listen to the network for other reports.

What is LAN segmentation? It is the process of breaking up the LAN into pieces. In particular, it is separating the network into separate collision domains and broadcast domains.

If you are familiar with Ethernet, you know about CSMA/CD and the inherent problems it creates due to the possibility of network collisions. (If you are not familiar with this concept, you should read about it elsewhere, as this page is meant to be an explanation of concepts special to Cisco products and certification.) To minimize collisions, you want to break up the network into various parts, each of which is only affected by collisions within itself, and not by collisions in other parts. Each of these zones is called a collision domain: A domain in which collisions only affect other devices in that domain.

So how do you break up collision domains? With layer-2 switching devices. Switches and bridges are layer-2 switching devices, which means they operate at layer 2 of the OSI model. If you had one big collision domain and put a switch or bridge in the middle of it, it would split the domain into two, creating two separate collision domains.

A broadcast domain is similar, except it works at layer 3 of the OSI model. If a packet is sent to a network's broadcast address, it will resonate throughout a broadcast domain. You deal with this using routers. Routers are layer-3 devices. They break up broadcast domains. (Incidentally, most routers can also break up collision domains, but it is usually simpler just to use a switch or bridge for this purpose.)

To sum up:

Layer-3 devices (routers) separate broadcast domains and collision domains.

Layer-2 devices (bridges and switches) separate collision domains, but not broadcast domains.

Layer-1 devices are entirely physical devices, like hubs. They do not perform any processing of data, and so they do not separate either collision domains or broadcast domains.

There are three (3) basic types of switches: Store-and-forward, cut-through, and FragmentFree.

Store-and-forward switches wait until they have received an entire frame before they send it out onto the network.

Cut-through switches wait until they have received the part of the frame which contains the destination MAC address, and then they begin forwarding the frame to that address. This is faster than store-and-forward switching, because the switch does not wait until it has received the whole frame; It begins forwarding as soon as it knows where to start sending the data to.

FragmentFree switches wait for the first 64 bytes of the frame to come in, then they check those 64 bytes for errors. If there are no errors, they begin to forward the frame toward the destination address while the frame is still incoming, just as a cut-through switch would. If there is an error in a frame, it almost always is in the first 64 bytes. FragmentFree is a tad slower than cut-through switching, but only barely, and it provides improved error-checking, so most admins like FragmentFree the best.

ARP (Address Resolution Protocol) turns an IP (network) address into a hardware address (or if you prefer, MAC address or BIA (Burned-In Address)). It finds the hardware address of a computer with the given IP address.

RARP (Reverse Address Resolution Protocol), as you might guess, does the exact opposite: It turns a hardware/MAC address into an IP address.

Remember that.

ARP works by flooding the network with a broadcast saying, in effect, "What is the hardware address for this IP address?" The entire network hears the question, but only the computer with that IP address is supposed to respond. It will answer "The hardware address for that IP address is (insert hardware address here)."

RARP works in much the same way, except that while ARP is usually used to find out the MAC address for other computers, RARP is most often used by a computer to find its OWN IP address. A diskless workstation (a computer with no floppy or hard disks, and indeed no means of permanenet data storage) has no way of storing its own IP address, and so when it boots it needs to ask other systems what its IP is. Thus it sends out a broadcast saying "What is the IP address for this hardware address?" Hopefully a computer (usually the file server) will know and respond.

There are several WAN (Wide-Area Networking) technologies which you'll need to become familiar with if you want to be a networking expert, but the CCNA test is concerned with three primary WAN protocols: PPP, frame relay, and ISDN. If you're a casual computer enthusiast, you've probably heard of PPP and ISDN, and perhaps frame relay as well.

PPP (Point-to-Point Protocol) is probably the protocol you use to connect to your ISP over a phone line. PPP is not a complete protocol unto itself. It actually consists mainly of two separate protocols: LCP (Link Control Protocol), and an NCP (Network Control Protocol). LCP is responsible for establishing and configuring the point-to-point connection. Contrary to what some people seem to believe, NCP is not really an actual protocol, but a *type* of protocol encompassing several schemes to let PPP work with higher-level protocols. For example, IPCP (IP Control Protocol) is a common NCP which lets PPP use IP.

PPP can use two different kinds of authentication: PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol). To make PPP use PAP, just type the command ppp authentication pap. And to tell PPP to use CHAP, type (you guessed it) ppp authentication chap. (You must type these from interface configuration mode; The interface you're configuring will be the one to use the selected PPP authentication mode.) Of the two, PAP is simpler but less secure because it sends the password as plaintext; CHAP encrypts the password before sending using MD5, a one-way hash function.

ISDN (Integrated Services Digital Network) is a technology which everybody seems to get really excited over, just because it's meant to carry several different types of media over the same line. (That is, it can carry audio, video, data, etc.) ISDN's terminology includes the equipment used to connect to ISDN networks. These comprise the following:

TE1 (Terminal Equipment type 1) is a terminal type which was made to work with ISDN networks and can connect to them directly.

TE2 (Terminal Equipment type 2) is everything else (that is, equipment which was not made to work with ISDN). You can still use TE2 equipment on an ISDN network, but they must connect to the network through a TA (Terminal Adaptor).

NT1 (Network Termination 1) is, in most cases, the termination node where the ISDN line ends at the actual terminal which is using the network.

NT2 (Network Termination 2) is, in some networks, between the actual terminal and an NT1 node. In North America, NT1 and NT2 are usually in the same device, and this is just called NT1.

ISDN also uses four reference points to refer to refer to specific places in the network connection. These four points are all given single-letter labels. In order, from the ISDN terminal to the connection with the rest of the network, they are: R, S, T, and U.

R is the point between a piece of TE2 equipment and a TA. (If the terminal equipment is type TE1, then there is no R point.)

S is between the customer's router and an NT2, if there is an NT2 in the line; Otherwise, the S and the T points are in the same place, and are collectively called the S/T point.

T is between an NT1 and an NT2 device (if there is an NT2 device), or between NT1 and the TA (if using TE2 equipment), or just between NT1 and the terminal (if using TE1 equipment).

U is where the NT1 device meets the rest of the network. It's basically the wall jack in a home ISDN connection, the point where the line meets your home.

ISDN comes in two basic types of service: BRI (Basic Rate Interface) and PRI (Primary Rate Interface). BRI provides two B (Bearer) channels and one D (Data) channel. The B channels are 64K data channels, while the D channel is a 16K control channel. (Think of the D channel as being to ISDN what ICMP is to IP.) Thus, a BRI provides 128K of bandwidth. It is sometimes called a 2B+1D. PRI provides 23 B channels, and one D channel. (However, PRI's D channel is 64K, unlike BRI's 16K D channel.) PRI thus gives you total bandwidth of up to 1.544Mbps. Not bad. PRI is sometimes called 23B+1D. (Note that PRI only gives you 23 B channels in North America and Japan; In Europe and Australia, PRI actually provides 30 B channels.)

You should also know the ISDN protocol designations, which are basically three different protocols, each designated by a single letter. The ISDN E protocol deals with the use of ISDN on regular telephone networks. The ISDN I protocol deals with fundamental concepts and services. The ISDN Q protocol deals with switching and signaling. (Of these, Q is the most important to remember.)

Once an obscure protocol which was not given much attention, frame relay has become a hugely popular technology with an important place on the CCNA test. Frame relay is based on the older X.25 protocol. However, frame relay is designed for digital networks, while X.25 was designed for analog networks. Frame relay operates at the Physical and Data-Link layers of the OSI model.

Frame relay is famous for its suitability to "bursty" transmission; That is, it is best for connections which do not constantly transmit data, but rather which transmit large amounts in short bursts. Frame relay is fast, but somewhat unreliable, and so constant, day-in-day-out data transmission is not its strength; Get an ISDN connection for that, or better yet, a T1 or T3.

Frame relay uses FECN (Forward-Explicit Congestion Notification) and BECN (Backward-Explicit Congestion Notification) to let other systems on the network know of congestion. FECN is used to let systems ahead of you know that the network is congested and to expect slower transmissions from you; BECN is used to advise systems transmitting to you that the network is congested. BECN is a request for the sending system to slow down (similar to a "source quench" message).

Frame relay also uses something called DE (Discard Eligibility) to help control congestion. DE actually uses one bit of each frame on the network to indicate whether DE is on or off; If DE is turned on for a frame, that frame is considered disposable. When a switch on a frame relay network gets congested, frames with the DE bit turned on will be thrown away to conserve bandwidth. (See why frame relay isn't that reliable? If a switch gets too full it reacts by just throwing stuff away. This is why it's important to detect when frames are not sent properly, and to re-transmit when that happens.)

To really grok frame relay, you also need to understand virtual circuits. A frame relay network is a chaotic structure of switches and central offices, and the systems which actually use that network are separated by many hops in between. To deal with this problem, frame relay uses virtual circuits which link two systems directly through the network, so they can communicate directly with each other as if they were physically joined together. In frame relay, there are two types of virtual circuits: PVCs (Permanent Virtual Circuits) and SVCs (Switched Virtual Circuits). PVCs are maintained permanently, while SVCs are created temporarily to fill a need, and closed down when that need ends. Each PVC on a network has a unique identifying number, known as a DLCI (Data Link Connection Identifier).

You've probably heard of the OSI network model; It's *very* commonly cited in discussions about networks. This 7-layer model is the industry standard for abstraction of a network component's function. However, there are two other standards involved in Cisco certification which you should also be aware of. Neither is as well-known as the OSI model, but they have less than 7 layers, so they should be fairly easy to remember.

The Cisco hierarchical model

Cisco's networking model has only 3 layers: Core, Distribution, and Access. Basically, the Core layer is the very core of the network (what is often called the "backbone" in the real world). The Core layer's routers must be fast and have high-bandwidth connections. The Access layer is the point where people actually use the network; The workstations that users use are in the Access layer, as well as local workgroup's switches or hubs. The Distribution layer is a concept midway between the Core and the Access layers. You should know that Cisco explicitly recommends that breaking up collision domains should ONLY be done at the Access layer. Cisco gets very excited about this topic, and you may actually be quizzed about it to make sure that you know what Cisco wants.

The DoD model

The U.S. Department of Defense (DoD), the folks who originally created TCP, also created a four-layer network model which basically combines several of the OSI model layers into single layers:

The bottom layer of the DoD model is the Network Access layer. It coextends with the Physical and Data-Link layers of the OSI model.

The second layer of the DoD model is the Internet layer. It corresponds to the Network layer of the OSI model.

The third layer of the DoD model is the Host-to-Host layer. It corresponds to the Transport layer of the OSI model.

The top layer of the DoD model is the Process/Application layer. It coextends with the Session, Presentation, and Application layers of the OSI model.

A virtual LAN (VLAN) is one of those concepts which is not usually very well explained, but is actually pretty simple once you can grasp the concepts behind it. To make an analogy, if you're familiar with PC support, you're probably aware of hard disk partitioning and how it works; You can have one single physical hard disk drive in a computer, but it can be divided into separate partitions, each of which is treated as a separate "logical" or "virtual" disk drive. Even though they all exist on the same physical device, they are treated as separate entities.

A VLAN works much the same way. It is, essentially, network segmentation achieved through a single switch. You configure the switch so that some computers are connected to each other, and others are not. The result is that each connected community of computers becomes a virtual LAN, seeming to exist separately, even though they all really run through the same physical switch.

To further illustrate with a simple example: Imagine four computers (let's call them Comp1, Comp2, Comp3, and Comp4). Further suppose that you have only one switch, but you want to interconnect these computers so that Comp1 and Comp2 can communicate with each other, and Comp3 and Comp4 can communicate with each other, but Comp1 cannot communicate with Comp3 or Comp4, and neither can Comp2. This is achieved by making two VLANs, and putting Comp1 and Comp2 together in one, and Comp3 and Comp4 together in the other. After this, even though all four computers are directly connected to the same switch, they are effectively on separate networks.

VLANs create a small problem by separating computers that sometimes need to talk to each other. If, in the above example, Comp1 and Comp4 (for example) needed to share a file, they could not do so through the switch because they are on separate VLANs. You'd actually need a separate router to connect the VLANs together and let them communicate. It's ironic that computers which are connected to the same switch are impeded from communicating, but that's how it is with VLANs.

Virtual LANs are mainly organizational in their intent; They do not actually achieve anything incredibly useful other than making things a little more nicely logical and organized on the network.

Creating a VLAN is easy; Just use the vlan command from global configuration mode. The syntax is as follows:

...Where # is the number of the VLAN, and [name] is the actual name you want to give it. For example, to create VLAN number 4 and name it "Accounting" to mark it as belonging to the accounting department, you'd type:

Cisco networking equipment uses VTP (Virtual Trunking Protocol) to keep on top of what VLANs exist. VTP is like RIP for VLANs; It propagates VLAN information throughout the entire network, so you don't have to. VTP has three modes of operation: Server, Client, and Transparent. You can choose which one you want this router to be by typing vtp server, vtp client, or vtp transparent from global configuration mode.

Up to this point, I have largely skirted the issue of Cisco IOS commands, and concentrated instead on more general networking subjects which pertain to Cisco certification. However, one can't deny that knowing the command set for Cisco routers is probably the most important part of the certification tests. As such, it can't be put off for much longer, so we may as well just get started.

show is the basic information-getting command in IOS. It is used to get just about every kind of info you could want. It takes an enormous number of parameters, each of them for a different category of information. For example, if you want to know what version of IOS is installed on this router, type show version. As you might guess, show is quite possibly the most-used command in IOS. You should know that within the context of the Cisco certification exams, you are expected not only to memorize the actual show commands themselves, but also the information they display. For example, an exam question might ask "Which of the following information is shown by the show ip route command?" Obviously this is a lot to memorize and you are not expected to remember everything, but you should at least know the basics.

Below are some of the most common show commands used (listed in alphabetical order), along with the information they provide.

show access-list All the access lists stored on the router.

show access-list x (Where x is the number of a specific access list) Shows the specified access list.

show cdp CDP information.

show flash Files in flash memory (where the IOS is stored).

show frame Frame relay information.

show history The last 10 commands typed at the command prompt.

show hosts The hosts table.

show interfaces Lots of info on your interfaces.

show ip IP configuration information.

show ip access-list IP access lists.

show ip route IP routing table.

show ipx IPX configuration information.

show ipx access-list IPX access lists.

show ipx route IPX routing table.

show mac-address-table The table of MAC addresses stored in the switch.

show running-config The current configuration of the router.

show startup-config The startup configuration of the router.

show users Users currently logged into the router. Works similarly to the Unix who command.

show version Version of IOS you're using.

show vlan VLAN information.

Feeling lonely in the world of the Cisco router? If there are other users logged on, you can send them messages. However, this command's usage is rather limited since usually only network admins log onto routers; It's probably most useful if you have a large network administered by more than one person, so you can share messages with your fellow administrators like "Hey! Anyone for coffee?"

The format for send is simple:

send [con|vty|tty] [x]

You can use con, vty, or tty to refer to the console, a virtual terminal, or a TTY, respectively. If you want to pick a number, you can specify it; For example, to start sending a message to VTY 4, you'd type:

send vty 4

If you've ever used a network analyzer, you know it can be nifty to watch bits of information go by on the net. Besides being fun (if you're into that sort of thing), it can also be an important diagnostic tool. Well, Cisco routers conveniently have several commands built-in which let you watch what's going on with the network. The major ones are as follows:

debug dialer Lets you watch the ISDN dialer as it connects and disconnects.

debug frame-relay lmi Shows LMI info as it passes between the router and the Frame Relay switch.

debug ip igrp events Shows a summary of the IGRP information.

debug ip igrp transactions Shows requests for updates from neighbouring routers, and your router's responses to them.

debug ip rip Displays messages as RIP packets are sent and received.

debug ipx As you can probably guess, this lets you watch IPX traffic as it passes through the router.

debug isdn q921 Layer-2 ISDN processes.

debug isdn q931 Layer-3 ISDN processes.

You can tell what mode you're in on a Cisco router by the way the prompt looks. Below are the most common prompt markers:

> A greater-than symbol is the basic Cisco prompt, indicating you are in normal, unprivileged mode. (Technically this is called "user exec" mode.)

# A number sign indicates you are in privileged mode. In this mode, you can run commands which you couldn't run in normal mode, mostly commands which make configuration changes to the router that they don't want everybody to be able to make. It's analogous to being root on a Unix system. To enter privileged mode, type enable. (You'll be prompted for a password.) To go back to unprivileged mode, type disable. It should be noted that on newer Cisco routers, there are actually two enable passwords; One is simply called the "enable password", and one is called the "enable secret". What's the difference? The only real difference is that the enable secret uses MD5 encryption to store the password, which is stronger than the encryption used for the regular enable password. This means that it's preferable to use the enable secret, and indeed, the enable password will never be used by the router if the enable secret is set. The enable password is now only implemented in Cisco routers for backward compatibility.

(config) When you see this on the prompt, that indicates you are in "Global configuration mode", a mode in which you can make all sorts of nifty changes to the router configuration. (I call it GCM for short, but be aware that that acronym is not officially recognized by Cisco, or anybody else for that matter.) To enter this mode, you must first be in privileged mode. Then type configure terminal to enter global configuration mode. (You can type conf t for short.)

(config-if) This indicates you are in interface configuration mode. This is a mode in which you specifically make changes to the interface(s) on a router. To enter this mode, you must be in global configuration mode. Once there, type int x, where x is the interface you want to configure.

CDP (Cisco Discovery Protocol) is a relatively simple protocol for letting Cisco networking nodes find out more about each other. CDP is used to communicate basic information like what type of switching capabilities and protocols are on other switches or routers.

There are several show cdp commands that CDP uses. Just typing show cdp by itself will show how often this router or switch sends out CDP packets, and its holdtime (how long it remembers CDP packets it receives). You can change these values by typing cdp timer x to set how often it sends out CDP packets, or cdp holdtime x to set the holdtime. (In both cases, x is the amount of time in seconds.)

A more interesting command is show cdp neighbor, which shows all the directly-connected devices. This does NOT show all devices on the network, only the devices with direct connections to this one. Also shown are the platforms and capabilities of those devices. If you want even more information on your network next-door neighbors, type show cdp neighbor detail.

You can turn CDP on or off for this device with the commands cdp run and no cdp run, respectively.

First, you may ask, what *is* an "interface"? Quite simply, it is a line leading into (or from) a piece of networking equipment. If a router has two links to other parts of the network, then that router has two interfaces, and each interface is the port with which it connects to those lines. (Indeed, an interface is what a regular computer/network person unfamiliar with Cisco terminology would probably call a "port".)

Each interface has a name. Common interface names used on Cisco routers are:

(Subsequent interfaces of the same type are given incremented numbers. For example, the second Ethernet interface is E1, the third is E2, and so on.)

To configure an interface, you must perform the following steps:

1. Turn on privileged commands.
2. Enter global configuration mode.
3. Enter interface configuration mode for the interface you want to configure.

These steps must be performed in this order; You can't enter an interface configuration mode until you're in global configuration mode first, and you can't enter global configuration mode until you've turned on privileged commands. As you may recall, the command for turning on privileged commands is enable, and the command to enter global configuration mode is configure terminal (which can be shortened to just config t). So, type these commands in order:

enable
config t
int (interfacename)

Where (interfacename) is the name of the interface you want to configure. For example, to configure e0 (the first Ethernet interface), you'd type int e0. To configure s0 (the first serial interface), you'd type int s0.

(It is worth mentioning that on some models of Cisco equipment, you must also specify a slot. Most interface references, including those you've seen so far, use only one number, which represents a port on the networking equipment. Some equipment, however, has slots where you can plug in additional cards, much like the expansion slots on a PC. On these models, you must use the slot/port designation system. For example, port 3 on a card in slot 2 is 2/3, and you would begin configuring that interface by typing int e2/3, assuming it is an Ethernet interface of course.)

Now we are in interface configuration mode. You can tell you're in this mode because (config-if) is appended to the end of the command prompt. So what can we do in this mode? That's a good question. For now, we'll just focus on assigning an IP address or an IPX address to the interface, and switching it on and off.

To add an IP address to an interface (so other systems can connect to this node using IP), use the following command syntax:

ip address [address] [subnet mask]

For example, suppose you are in interface configuration mode and you want to assign an IP address of 215.27.86.3 to this interface, with the first three octets being the network portion and the last one being the host portion. (In other words, a subnet mask of 255.255.255.0) You would use this command:

ip address 215.27.86.3 255.255.255.0

Pleasantly simple, isn't it?

To make the interface accessible through IPX, use the following syntax:

ipx network networknumber encapsulation encapsulationtype

(Where networknumber is the actual network number, and encapsulationtype is the type of encapsulation you wish to use. The encapsulation part is optional. If you wish to omit it, remove the word "encapsulation" and the encapsulation type.) For example, to make this interface be on IPX network address number 14, you would type:

ipx network 14

If you further wanted to make this interface use SNAP encapsulation, you'd type:

ipx network 14 encapsulation snap

Now for actually turning on the interface so it's active. Here we come to one of the most incredibly silly quirks of Cisco's operating system design. The command to turn off an interface is shutdown. But there is no corresponding command to turn an interface on. Instead, you must use the no command; The no command serves to negate a lot of commands. In many cases it will make a command do the opposite of what it would otherwise do, and in this case, you must use it to turn on the interface by typing no shutdown. It seems amazingly silly that you have to use this command, but you do. Anyway, it's not hard to remember. To turn on the interface, type no shutdown. To turn it off, type shutdown.

The IOS copy command can be used to back up and restore the router configuration, or it can be used to back up and restore the entire IOS on the router.

The copy command uses TFTP (Trivial File Transfer Protocol, a simpler variant of the common FTP protocol) to back up file images. The syntax for the command is:

copy [source] [destination]

There are four parameters you can use with the copy command:

flash: The flash ROM on the router, which holds the IOS.
tftp: A TFTP host system.
run: Current router configuration.
start: Default startup router configuration.

For example, to back up the current IOS onto a TFTP host, you would type:

copy flash tftp

(You will be prompted for the address of the TFTP host and the filename you wish to upload the contents of the flash ROM as.) Similarly, to restore your backup from a TFTP host into flash ROM, you'd type:

copy tftp flash

The default startup configuration is stored in NVRAM (non-volatile RAM, a type of RAM which is not wiped out if the router is powered down or rebooted). On the other hand, the router's current configuration is only stored in regular DRAM, which will be lost is the router is powered down. It is therefore common practice, once you have configured the router just the way you like it, to copy the running configuration to the startup configuration, so that the router will start up configured this way whenever it is turned on. As you have hopefully guessed, you copy the current running configuration to the startup configuration with this command:

copy run start

Furthermore, if you messed up while configuring the router and would like to restore things to the way they were when it was first turned on, you don't need to reboot the entire router; You can just use this command to restore the power-on configuration:

copy start run

In addition, you can copy running-configs and startup-configs to and from TFTP hosts just as you can with flash IOS images.

It takes similar parameters to the copy command, but erase, as you've probably guessed, serves a rather different function. It simply deletes a configuration. Although you can type stuff like erase flash or erase nvram to erase the flash memory or NVRAM, the erase command's main usage is erase startup-config, which deletes the router's startup configuration so that the next time you boot it, it will go through the configuration routine from scratch. erase is a very simple command.

There are three parameters that the line command can take: aux, console, and vty.

line aux changes the auxiliary password.

line console changes the console password.

line vty changes the Telnet (Virtual TTY) password.

Cisco routers support some of the basic connection commands used on Windows and Unix operating systems. ping, telnet, and trace (which works like traceroute) are all valid Cisco IOS commands.

If you type a word which is not a valid IOS command, the router, by default, interprets this as the name of a computer which you want to establish aXTelnet session to. For example, if you type "blah" at the command prompt, the router will look for a computer called "blah" on your network, and if it finds one, it attempts to connect to it through Telnet.

The hostname command sets the name of the current router. This is only locally significant, by which I mean that it isn't actually seen by any other systems on the network. It is useful mainly for identifying which router you are currently on, since the router's hostname forms most of the command prompt. The syntax is simple:

For example, to set the router's name to "myrouter", type:

Now the command prompt will reflect this change.

There are three commands which will log you out of your current IOS session. They are: logout, exit, and quit. (Is there a difference between any of these?)

Hopefully I'll add more to this page later. In the meantime, if you don't already have a Cisco router and you are really serious about learning how to use them, I'd advise you to get one so you can try out your knowledge hands-on. Remember, the hands-on imperative is usually the best way to learn anything to do with computers. Good luck, and have fun.

Cisco is a trademark of Cisco. Novell and NetWare are trademarks of Novell. Windows is a trademark of Microsoft. Amazing, eh?

Back to the main page