Cisco Press - CCIE Routing and Switching Flash Cards

Embed Size (px)


Cisco Press - CCIE Routing and Switching Flash Cards

Text of Cisco Press - CCIE Routing and Switching Flash Cards

  • GeneraQuick R

    OSI Models

    This gure shows the cthe Department of Def

    DoD T




    1291_Section Page 48 Wednesday, November 3, 2004 7:49 AMl Networking Theoryeference Sheets

    lassic Open System Interconnection model and compares the model to ense oD) TCP/IP model:

    CP/IP Model




    Networking Communications Modelsss/Application

    st to Host


    ork Access




    Data Link


  • General Routing Concepts

    General Routing Concepts

    Link State Versus D

    Distance Vector

    Examples: RIPv1,

    Features periodic

    Mathematically co

    Features hop coun

    Link State

    Examples: OSPF,

    Sends local conne


    Example: EIGRP

    Features propertie

    Administrative Dist

    If a router learns of a nit uses the administrati(forwarding) table. The


    Connected Interface

    Static Route

    EIGRP Summary Route

    External BGP

    Internal EIGRP





    Exterior Gateway Proto

    On Demand Routing

    External EIGRP

    Internal BGP


    1291_Section Page 49 Wednesday, November 3, 2004 7:49 AMistance Vector

    RIPv2, IGRP

    transmission of entire routing tables to directly connected neighbors

    mpares routes using some measurement of distance

    t limitation


    ction information to all nodes in the internetwork

    s of both distance vector and link-state routing protocols


    etwork from multiple sources (routing protocols or static congurations), ve distance value to determine which route to install in the routing default administrative distance values are listed here:

    Administrative Distance










    col 140





  • General Networking Theory Quick Reference Sheets

    Administrators can create static routes that oat. A oating static route means the administra-tor increases the administrative distance of the static route to be greater than the administrative distance of the dynamiwhen the dynamic rou

    Split Horizon

    Split horizon is a technhorizon rule states thatwhich the routing infosome topologies, such


    Routing loops are disaeven worse consequencfollowing:

    Split horizon

    Awhich the routing

    Route poisoning

    the local router.

    Poison reverse

    interface from wh

    Hold-down timer

    reachability has b

    Maximum metric

    ple, Routing Info


    Summarization is the pmask to form another rrouting tables and makmake networks more schange state. Route suVariable-length subnetdynamic routing protoclassful networkwhi

    To engage in route summask that encompasse

    The following routes e = 000 = 000

    1291_Section Page 50 Wednesday, November 3, 2004 7:49 AMc routing protocol in use. This means the static route is relied upon only te does not exist.

    ique used by routing protocols to help prevent routing loops. The split an interface will not send routing information out an interface from rmation was originally received. Split horizon can cause problems in as hub and spoke Frame Relay congurations.

    strous to the health of the network. They can lead to lost packetsor es. Many mechanisms exist to prevent routing loops. These include the

    n interface will not send routing information out an interface from information was originally received.

    A directly connected network failure is advertised as unreachable by

    An exception to split horizon; the poisoned route can be sent out an ich the route was originally learned.

    A router will not listen to route updates regarding a network whose een reported as down.

    There is a metric value that is considered unreachablefor exam-rmation Protocol (RIP) uses a maximum metric of 15 hops.

    rocess in which the administrator collapses many routes with a long oute with a shorter mask. Route summarization reduces the size of es routing function more efciently. Route summarization also helps to table by reducing the number of updates that are sent when subnets mmarization makes classless interdomain routing (CIDR) possible. masking (VLSM) promotes the use of route summarization. Some cols engage in route summarization automatically for changes in major le others do not and require manual route summarization.

    marization, nd all of the leftmost bits that are in common and create a s them. Here is an example:

    xist in the routing tableall routes use a 24-bit mask:

    01010 01101100 00110000 00000000

    01010 01101100 00110001 00000000

  • Networking Standards = 00001010 01101100 00110010 00000000 = 00001010 01101100 00110011 00000000 = 000 = 000 = 000 = 000

    Notice that the rst 21The single route entry


    Tunneling refers to encso that all of that inforallowing a company tonetwork. Two popular (PPTP) and generic roIPSec also supports thesecure Tunnel mode hatravels on the network.

    Tunneling is also usedtomers in the ISP netwan additional 802.1Q h

    Networking S

    Cable Specification

    10BASE5 (Thicknet

    0.4 inch, 50 ohm c

    max. segment leng

    max. attachments

    max. network leng

    max. number of st

    10BASE2 (Thinnet)

    0.2 inch, 50 ohm c

    max. segment leng

    max. attachments

    1291_Section Page 51 Wednesday, November 3, 2004 7:49 AM01010 01101100 00110100 00000000

    01010 01101100 00110101 00000000

    01010 01101100 00110110 00000000

    01010 01101100 00110111 00000000

    bits of the subnetwork IDs are all common. These can be masked off. you can use for all of these subnetworks is as follows:

    apsulating header, trailer, and data information inside another protocol mation appears to be just data. Tunneling often involves security transmit data intended for use in the private network across a public security tunneling protocols include Point-to-Point Tunneling Protocol uting encapsulation (GRE). operation of Tunnel mode as opposed to Transport mode. The more s the ability to secure both the header and the payload of data as it

    in Metro Ethernet environments in order to separate trafc from cus-ork. Q-in-Q tunneling refers to further encapsulating 802.1Q packets in eader to distinguish the trafc.





    th is 500 m

    per segment is 100

    th is 5 segments

    ations on network 1024


    th is 185 m

    per segment is 30

  • General Networking Theory Quick Reference Sheets


    24 AWG UTP 0.4/0.6 mm cable

    max. segment length is 100 m

    1 device per cable


    100 Mbps technol

    Uses Category 5 U


    Not widely deploy

    Uses Category 3,

    Full duplex not po


    Operates over mu

    Greater distances

    Uses MIC, ST, or

    1000BASE-LX (Lon

    Uses long wave (1 Operates over mu

    max. lengths 62.5

    max. length for si

    1000BASE-SX (Sho

    Uses short wave ( Operates over mu

    max. lengths 62.5

    1000BASE-CX (GE

    Used on short run

    Used over a pair o

    max. length 25 m

    Typically used for

    1291_Section Page 52 Wednesday, November 3, 2004 7:49 AMogy

    TP or Type 1 STP wire


    4, or 5 UTP wiring


    ltimode or single-mode ber cabling

    supported compared to copper

    SC ber connectors

    g Wavelength GE)

    300 nm)ltimode or single-mode ber cabling

    um ber = 440 m; 50 um ber = 550 m

    ngle-mode ber is 10 km

    rt Wave GE)

    850 nm)ltimode ber cabling

    um ber = 260 m; 50 um ber = 550 m

    over Coaxial Cable)


    f 150-ohm balanced coaxial (twinax)

    server connections

  • Protocol Mechanics

    1000BASE-T (GE over UTP)

    Uses Category 5 4-pair UTP

    max. length is 100 m

    Protocol Mec


    Handshaking often refentities that want to co

    TCP/IP uses a three-wdomly chooses a sequereceiving. The rst hossequence number (X) a(Host B) receives the SSYN (with an ACK = Xtial sequence number (19 and expects byte 20acknowledges all bytesHost A expects to rece


    Windowing refers to aIn the case of TCP/IP,

    With TCP/IP sliding wThe window is the numan acknowledgment. Inthroughout the data traSend no data. This voutgoing TCP segmen

    In a TCP sliding-windoto send (numbered 1 toset the initial window srst 5 bytes and transm

    The receiver would resexpecting byte 6 next. The sender then wouldThe receiver would res11 next.

    1291_Section Page 53 Wednesday, November 3, 2004 7:49 AMhanics

    ers to the process of establishing a connection between two network mmunicate with each other. Consider the following example on TCP/IP.

    ay handshake mechanism to establish a connection. Each host ran-nce number used to track bytes within the stream it is sending and t (Host A) initiates a connection by sending a packet with the initial nd SYN bit set to indicate a connection request. The second host YN, records the sequence number X, and replies by acknowledging the + 1).Host B also sets the SYN indication. Host B includes its own ini-

    SEQ = Y). An ACK = 20 means the host has received bytes 0 through next. This technique is called forward acknowledgment. Host A then Host B sent with a forward acknowledgment indicating the next byte

    ive (ACK = Y + 1). Data transfer can then begin.

    protocols ability to send more data than just a single packet at a time. a concept called sliding windows is used.

    indows, the receiver species the current window size in every packet. ber of data bytes that the sender is allowed to send before waiting for itial window sizes are indicated at connection setup, but might vary

    nsfer to provide ow control. A window size of 0, for example, means, ariation during communication is set because the TCP header of every t indicates to the receiver the window size of the sender.

    w operation, for example, the sender might have a sequence of 10 bytes 10) to a receiver who has a window size of 5. Notice the receiver has ize to 5, therefore. The sender then would place a window around the it them together. It would then wait for an acknowledgment.

    pond with an ACK = 6, indicating that it has received bytes 1 to 5 and is In the same packet, the receiver would indicate that its window size is 5. move the sliding window 5 bytes to the right and transmit bytes 6 to 10. pond with an ACK = 11, indicating that it is expecting sequenced byte

  • General Networking Theory Quick Reference Sheets


    A maximum transmission unit (MTU) is the largest size packet or frame that can be sent in a network. TCP/IP uses mission. Too large an Mcannot handle that larghead and more acknow


    To support different Mtionthe process of dicussing this process insegmentation. IP fragmbe reassembled later. Tset elds, along with thused for IP fragmentat

    Excessive fragmentatiomenting and reassembing a refragmenting of 4 through Layer 7 inforectly. If the IP fragmebecause they do not cathat the original IP datcongured to allow nolter, a noninitial fragmdevices (such as Conteinformation, and if a paits policies.


    Just as the handshakiners, a termination proc

    carries a FIN bit used fsets this bit to indicate


    show Commands


    commands provitings at the time that thshould use debug com

    switch, however. As a rwith



    1291_Section Page 54 Wednesday, November 3, 2004 7:49 AMthe MTU to determine the maximum size of each packet in any trans-TU might mean retransmissions if the packet encounters a router that

    e a packet. Too small an MTU size means relatively more header over-ledgements that have to be sent and processed.

    TUs in the network, TCP/IP and other protocols engage in fragmenta-viding the data into smaller packets for transmission. When you are dis- terms of the OSI reference model, the process is known as entation involves breaking a datagram into a number of pieces that can he IP source, destination, identication, total length, and fragment off-e more fragments and dont fragment ags in the IP header, are

    ion and reassembly.

    n can become an issue due to the overhead that is involved with frag-ly. Also, lost fragments necessitate a complete retransmissioninclud-the data. Also, rewalls that lter or manipulate packets based on Layer rmation in the packet might have trouble processing IP fragments cor-nts are out of order, a rewall might block the noninitial fragments rry the information that would match the packet lter. This would mean agram could not be reassembled by the receiving host. If the rewall is ninitial fragments with insufcient information to properly match the

    ent attack through the rewall could occur. Also, some network nt Switch Engines) direct packets based on Layer 4 through Layer 7 cket spans multiple fragments, the device might have trouble enforcing

    g process begins a communication session between two TCP/IP speak-ess must also be used. The FLAGS eld of the TCP/IP packet header or connection termination. When the send has nished sending data, it this fact.

    de you with a snapshot of performance statistics or router/switch set-e command is executed. If you need to see processes as they occur, you mands instead. debug commands place more overhead on the router or esult, you will nd that almost all troubleshooting can be accomplished

  • Commands

    Some key show commands you should be familiar with are:

    show interfaces

    This command displays information about interfaces on the device. It includes the following

    Field D

    Is Up...Is Down Inin

    Line Protocol Is Inus

    Hardware In

    Internet Address IP

    MTU M

    BW B

    DLY D

    Rely R

    Load L

    Encapsulation E

    ARP Type Ty

    Loopback In

    Keepalive In

    Last Input Tpr

    Output T

    Output Hang Tto

    Last Clearing Tla

    Output Queue, Input Queue, Drops


    5 Minute Input Rate, 5 Minute Output Rate


    Packets Input To

    Bytes To

    No Buffer Nm

    Received Broadcasts


    Runts Nm

    1291_Section Page 55 Wednesday, November 3, 2004 7:49 AM information:


    dicates the physical layer status of the interface; administratively down dicates that the administrator has downed the interface

    dicates whether or not software processes (above Layer 1) consider the line able or not

    dicates the hardware type and address

    address and mask

    aximum transmission unit of the interface

    andwidth of the interface

    elay of the interface

    eliability of the interface

    oad on the interface

    ncapsulation used by the interface

    pe of ARP resolution in use

    dicates whether loopback is set or not

    dicates whether keepalives are set or not

    ime since the last packet was successfully received by an interface and ocessed locally on the router

    ime since the last packet was successfully transmitted

    ime since the interface was last reset because of a transmission that took o long

    ime at which the counters used for the show interface command were st cleared

    umber of packets in output and input queues; each number is followed by a ash, the maximum size of the queue, and the number of packets dropped cause of a full queue

    verage number of bits and packets transmitted per second in the last 5 minutes

    tal number of error-free packets received by the system

    tal number of bytes in the error-free packets received

    umber of received packets discarded because there was no buffer space in the ain system

    tal number of broadcast or multicast packets received by the interface

    umber of packets that are discarded because they are smaller than the inimum packet size of the medium

  • General Networking Theory Quick Reference Sheets

    Field Description

    Giants Number of packets that are discarded because they exceed the maximum packet si

    Input Errors In

    CRC Cinco

    Frame N

    Overrun Nhath

    Ignored Nha

    Abort N

    Watchdog N

    Multicast N

    Input Packets with Dribble Condition Detected


    Packets Output To

    Bytes To

    Underruns Nca

    Output Errors Suin

    Collisions N

    Interface resets Nbese


    Restarts N

    Babbles T

    Late Collisions Nth

    Deferred Dbe

    Lost Carrier N

    No Carrier N

    Output Buffer Failures


    1291_Section Page 56 Wednesday, November 3, 2004 7:49 AMze of the medium

    cludes runts, giants, no buffer, CRC, frame, overrun, and ignored counts

    RC failed; usually indicates noise or transmission problems on the LAN terface or the LAN bus itself; a high number of CRCs is usually the result of llisions or a station transmitting bad data

    umber of packets received incorrectly due to CRC error

    umber of times the receiver hardware was unable to hand received data to a rdware buffer because the input rate exceeded the receivers ability to handle e data

    umber of received packets ignored by the interface because the interface rdware ran low on internal buffers

    umber of packets whose receipt was aborted

    umber of times a packet was receiving with length greater than 2048

    umber of multicast packets received

    dicates that frame was received that is slightly too long

    tal number of packets sent by the system

    tal number of bytes transmitted by the system

    umber of times that the transmitter has been running faster than the router n handle

    m of all errors that prevented the nal transmission of datagrams out of the terface being examined

    umber of messages retransmitted because of an Ethernet collision

    umber of times an interface has been completely reset; often this occurs cause packets were queued for transmission but were not sent within several conds; for serial lines, this can be caused by a malfunctioning modem that is t supplying the transmit clock signal, or by a cable problem

    umber of times a Type 2 Ethernet controller was restarted because of errors

    he transmit jabber timer expiredumber of collisions that occur after transmitting the preamble; often indicates at cable runs are too long

    eferred indicates that the chip had to defer while ready to transmit a frame cause the carrier was asserted

    umber of times the carrier was lost during transmission

    umber of times the carrier was not present during the transmission

    umber of failed buffers and number of buffers swapped out

  • Commands

    show line

    to display parameters of a terminal line, you should use the show line command. It displays the following information:








    AccO, AccI




    A (or I or *)






    Baud rate (TX/RX)Status


    Modem state

    Special chars


    Session limit

    Time since activation



    DNS resolution in


    commands is

    1291_Section Page 57 Wednesday, November 3, 2004 7:49 AMDescription

    Line number

    Type of line

    Transmit/receive rate

    Indicates whether autobaud is congured

    Types of modem signals congured

    Rotary group congured

    Access list congured

    Number of connections established to or from the line since the system was restarted

    Number of times noise has been detected on the line since the system restarted

    Hardware Universal Asynchronous Receiver/Transmitter (UART) overruns or software buffer overows

    Indicates that the user is running an asynchronous interface; an I indicates that the line has an asynchronous interface available; an asterisk (*) indicates that the line is otherwise active (in character mode)Denition of the specied protocol and address of the line

    Location of the current line

    Type of line

    Length of the terminal or screen display

    Width of the terminal or screen display

    Transmit rate/receive rate of the line

    State of the line

    Current terminal capabilities

    Modem control state

    Current settings of special characters that were input by the user (or taken by default) from the following global conguration commandsCurrent settings that were input by the user

    Maximum number of sessions

    Last time start_process was run

    Whether command-line editing is enabled

    Current history list size

    Whether Open Shortest Path First (OSPF) is congured to look up Domain Name System NS) names for use in show EXEC command displays

  • General Networking Theory Quick Reference Sheets

    show diag

    Use this cRAM) and static RAM

    show version



    use; verify the uptime device; and also verifysome common naming

    show module

    This im

    devicefor example, a

    Debug Commands




    about activity on your

    You execute most


    use the


    keyword be

    To view the status of d

    all possible debugging

    By default, debug mes

    also display the output

    Field Description

    Full user help Whether full user help has been set by the user with the terminal


    Allowed input transports are

    Allowed output transports are

    Preferred transport is

    ...characters are padded dispatching characters

    IOS Feature

    IP Plus


    Enterprise Plus IPSec 5

    Enterprise Plus


    1291_Section Page 58 Wednesday, November 3, 2004 7:49 AMommand to display hardware information including dynamic RAM (SRAM) on line cards.ow version command allows you to verify the specic Cisco device in of the device; determine the amount of RAM and Flash memory in the the image in use. When examining system image lenames, here are conventions:

    portant show command details the hardware installed in a modular 6500 series switch.

    ds require a lot of overhead, they can provide you with important data router or switch as it occurs.

    g commands from privileged mode. To easily turn off the command, fore the command or use the undebug keyword as opposed to debug. ebugging on a system, use the show debugging command. To turn off you can use the commands no debug all or undebug all.

    sages are sent to the console. Use the terminal monitor command to on Telnet lines.

    EXEC command or by the administrator with the full-help line conguration command

    Current set transport method

    Current set transport method

    Current set transport method

    Current set padding

    Current dispatch character

    Filename Component



    6 jk8sjsj

  • Cisco Device Infrastructures

    You can use the


    command to direct syslog and debug messages to other destinations. For example, to direct this output to an internal buffer (the most efcient logging mechanism), you can use the command

    logging buffered


    Cisco Device


    The nonvolatile RAM This area is typically uboots.

    The commands used tostartup conguration in

    new leuse the copyg. If you want to savefollows

    copy nvram

    as using the




    Flash is a critical area operating system and o

    There are currently thrClass C systems. ComSeveral of the le syste

    les, respectively. Thememory. Often times, tem. To view the conte

    Memory and CPU

    Memory and the CPU You can obtain memormum amount of memoresources demanded by

    First, generate a list of

    command not only listsfor each running proce

    Once you have the PIDUse the command


    To display detailed CP


    command. To show

    1291_Section Page 59 Wednesday, November 3, 2004 7:49 AMInfrastructures

    (NVRAM) is an important storage location on the router or the switch. sed to store the startup conguration used when the router or switch

    interact with NVRAM include show nvram:startup-cong to view the NVRAM. You can easily replace the contents of startup-cong with a command to do thisfor example, copy source-url nvram:startup-con- the conguration to a new location, this also uses the copy command as :startup-cong destination-url. Erasing the NVRAM is as simple ram: command.

    of memory on routers and switches. This area is often used to store the ther important les.

    ee different Flash memory le system typesClass A, Class B, and mands that you use to work with these different le systems might vary. m types use the delete and undelete commands to delete and undelete

    squeeze command can be used to permanently delete les from Flash the erase command can be used to delete all les from the Flash le sys-nts of Flash memory, remember you can use the show ash command.

    resources that are available are very important on the router or switch. y and CPU usage statistics of running processes, including the maxi-ry used by the process (in bytes) and the average amount of CPU the process (in percent).

    currently running processes, using the show processes command. This the running processes on the device, but also lists the PID (Process ID) ss.

    , you can display memory and CPU utilization for a specic process. w processes pid.

    U utilization statistics (CPU use per process), use the show processes memory used, use the show processes memory command.

  • General Networking Theory Quick Reference Sheets

    Cisco IOS File System

    The Cisco IOS le system provides a single interface for all of the le systems available on the device including:



    Network le syste


    The IOS le system (IFmands can be entered idesired, this method is

    Files can now be copie

    ccccooooppppyyyy ssssoooouuuurrrrcccceeee----uuuurrrrllll ddddeeeessss

    To specify a le on a n

    ftp:[[//[username rcp:[[//[username tftp:[[//location]/

    The following exampleTransport Protocol (TFdirectory named /imag


    To specify a local le, easy it is to refer to the


    Here are some commo







    For partitioned devices


    to the second partition

    1291_Section Page 60 Wednesday, November 3, 2004 7:49 AMms (TFTP)

    S) allows for command standardization across platforms. Also, com-n a single line and prompting can be minimized. If prompting is still available.

    d using URLs. This is accomplished easily using the following syntax:


    etwork server, use one of the following forms:


    directory]/lename species the le named c7200-j-mz.112-current on the Trivial File TP) server named The le is located in the es.


    use the prex:[directory/]lename syntax. For example, this is how startup-cong le in NVRAM:


    n local prexes you should be aware of:

    , the URL prex includes the partition number. The syntax is ber: for the prex on a partitioned device. For example, ash:2: refers in Flash memory.

  • Cisco Device Infrastructures

    You should use context-sensitive help to determine which le systems are supported on your particular device. For example, using the

    copy ?

    command allows you to see the possible le systems for sourcing a

    On some systems you c

    For most commands, iftory, as specied by th

    system, you can check

    You can use the follow

    dir [/all] [lesyste

    show le informa

    show le descrip

    To display the contentsfollowing command:

    mmmmoooorrrreeee [[[[////aaaasssscccciiiiiiii



    File Transfers

    The Cisco IOS File Syto transfer images or have network access? Yfrom a local or remotemon protocols used to (TERMINAL.EXE), WWindows NT 4.0 (HypXmodem and Ymodemcommand:

    xxxxmmmmooooddddeeeemmmm [[[[----yyyy]]]] [[[[----cccc]]]] [[[[----

    The -y option uses the console port data rate.

    Configuration Regi

    The common uses of th

    Password recovery

    Enable/disable the

    Change boot beha

    Maintenance testi

    To display the current

    The conguration regis

    1291_Section Page 61 Wednesday, November 3, 2004 7:49 AM copy operation.

    an use the show le systems command to view the available le systems.

    no le system is specied, the le is assumed to be in the default direc-e cd command. If you use the cd command to change the default le the default le system with the pwd command.

    ing commands to obtain information about les:

    m:][lename]Displays a list of les on a le systemtion le-urlDisplays information about a specic le

    torsDisplays a list of open le descriptors

    of any readable le, including a le on a remote le system, use the

    rrrryyyy | ////eeeebbbbccccddddiiiicccc]]]] ffffiiiilllleeee----uuuurrrrllll

    stem section of the study sheets revealed the use of the copy command les. But what about transferring a system image to a device that does not ou can use the Xmodem or Ymodem protocols to download an image

    computer through the console port. Xmodem and Ymodem are com-transfer les and are included in applications such as Windows 3.1 indows 95 (HyperTerminal), Windows NT 3.5x (TERMINAL.EXE), erTerminal), and Linux UNIX freeware (minicom). le transfers are performed from ROM monitor with the following

    ssss ddddaaaattttaaaa----rrrraaaatttteeee]]]]

    Ymodem protocol, -c provides CRC-16 checksumming, and -s sets the


    e conguration register value on a router are as follows:

    console Break key

    vior to allow boot from Flash or ROM


    value of the conguration register, use the show version command.

    ter value is actually a 16-bit boot register; it is displayed in hexadecimal.

  • General Networking Theory Quick Reference Sheets

    The default settings of the 16 bits of the boot register are as follows:

    Notice the default hex

    The uses of the bits are

    Bits 03Boot F0xF = boot from

    Bit 4Fast Boot

    Bit 5High Spee11 and 12

    Bit 6Ignore Sta

    Bit 7OEM Bit

    Bit 8Break Key

    Bit 9Not Used

    Bit 10Netboot B

    Bits 11-12Consrates

    Bit 13Responseboot

    Bit 14Netboot S

    Bit 15Enable Dsages

    To change the congur


    To determine if the set

    sssshhhhoooowwww vvvveeeerrrrssssiiiioooonnnn

    Basic Device

    Accessing the Devi

    Most routers and switcadministrative access. iary port is for remote

    15 14 13 1

    0 0 1 0


    1291_Section Page 62 Wednesday, November 3, 2004 7:49 AMdisplay in show version is 0x2102 as shown in the preceding example.

    as follows:

    ield0x0 = boot ROM monitor; 0x1 = boot from ROM; 0x2 through Flash, boot using boot system commands, or boot from system image

    Force load through the boot system commands

    d Console1 = console operates at 19.2 or 38.4 kbps; works with bits

    rtup Cong File1 = ignore NVRAM

    1 = disables Cisco banner display

    1 = disable

    roadcast Format1 = all zeros broadcast

    ole Baud RateSee documentation for combinations and resultant

    to Netboot Failure1 = boot to ROM after failure; 0 = continue to net-

    ubnet Broadcast1 = force subnet broadcast

    iagnostic Messages1 = ignore NVRAM and display diagnostic mes-

    ation register settings on a router, use the following command:

    tings have taken effect, use the following command to view the register:



    hes feature an asynchronous serial console port and auxiliary port for The console port is for local access from a workstation, and the auxil-access via a modem.

    2 11 10 9 8 7 6 5 4 3 2 1 0

    0 0 0 1 0 0 0 0 0 0 1 0

    1 0 2

  • Basic Device Operations

    Cisco typically providecables/adapters includeadapter cable (RJ-45-toTo access the device frappropriate cable and anal) for 9600 baud, 8 dFor use of the auxiliaryrect cable and adapter.congured for the samData Carrier Detect CD

    Most routers and switcwizard-like series of p

    Once you work througprivileged mode. Addienter this mode for con

    Password Recovery

    Most Routers

    Step 1 Connect via

    Step 2 Power cycle

    Step 3 Press the B

    Step 4 Run the con

    Step 5 Answer yes

    Step 6 Reload the

    Step 7 Abort the S

    Step 8 Enter privilcopy star r

    Step 9 Run confre

    1291_Section Page 63 Wednesday, November 3, 2004 7:49 AMs cables and adapters for accessing the device via these ports. These one console adapter cable (RJ-45-to-DB-9, blue) and one modem -DB-25, black).

    om a workstation, connect the device to the console port using the dapter. Congure your PC terminal emulation software (HyperTermi-ata bits, no parity, and 2 stop bits. port with a modem, connect the modem to the AUX port using the cor-

    Make sure that your modem and the auxiliary port on the router are e transmission speed (up to 115200 bps) and hardware ow control with

    ) and data terminal ready TR) operations.hes present a Setup script following the initial boot output. This is a rompts that aids in the basic conguration of the device.

    h the Setup script or skip it, you can use the enable command to enter tional congurations are made in global conguration mode. You can gurations from the terminal using the congure terminal command.

    the console port.

    the router.

    reak key within 60 seconds of initialization.

    guration register utility by entering confreg.

    to ignore system cong info.

    router with the reset command.

    etup script.

    eged mode and copy the cong in NVRAM to RAM using the command un.

    g and restore the default conguration register values.

  • General Networking Theory Quick Reference Sheets

    Step 10 Issue no shut on interfaces.

    Step 11 Set the privileged mode password to a new value.

    Step 12 Save the new conguration with copy run star.

    Most Switches

    Step 1 Power cycle the switch.

    Step 2 As soon as

    Step 3 For the rst

    Step 4 Use the app

    Step 5 If prompted


    Simple Network Manapermits powerful moniSNMP and various oth

    At a minimum, to conas community strings iconguration and mon

    ssssnnnnmmmmpppp----sssseeeerrrrvvvveeeerrrr ccccoooommmmmmmmuuuunnnniiiissssnnnnmmmmpppp----sssseeeerrrrvvvveeeerrrr ccccoooommmmmmmmuuuunnnniiii

    Typically, you view infprovided by CiscoWor

    1291_Section Page 64 Wednesday, November 3, 2004 7:49 AMpossible, enter enable to enter privileged mode.

    30 seconds the password is the Enter key.

    ropriate command to set the new password.

    for the old password, use the Enter key.

    gement Protocol (SNMP) is a part of the TCP/IP suite of protocols. It toring capabilities for networking equipment. CiscoWorks relies upon er protocols to congure and monitor Cisco equipment.

    gure a Cisco device for SNMP, you need to assign passwordsknown n SNMP. Here are typical IOS commands for setting strings that permit itoring, respectively:

    ttttyyyy [[[[ssssttttrrrriiiinnnngggg]]]] rrrrwwwwttttyyyy [[[[ssssttttrrrriiiinnnngggg]]]] rrrroooo

    ormation obtained by SNMP using a graphical user interface, like that ks.



  • Basic Device Operations

    You should be aware of several show commands for monitoring SNMP activities on the equip-ment. Here are some examples:

    no snmp-server

    show snmp enginremote engines th

    show managemenon your routing d(MIB)

    show snmpChe

    show snmp groupthe status of the d

    show snmp pend

    show snmp sessio

    show snmp usertable


    Network analysis in a Analyzer). Trafc is manalyzer should be loc

    SPAN is available in se

    Local SPANSPdevice

    VLAN-based SPAor more ports

    Remote SPAN (Rent switches; a spin the network

    1291_Section Page 65 Wednesday, November 3, 2004 7:49 AMDisables SNMP agent operation

    eidDisplays the identication of the local SNMP engine and all at have been congured on the router

    t eventDisplays the SNMP Event values that have been congured evice through the use of the Event Management Information Base

    cks the status of SNMP communications

    Displays the names of groups on the router and the security model, ifferent views, and the storage type of each group

    ingDisplays the current set of pending SNMP requests

    nsDisplays the current SNMP sessions

    Displays information on each SNMP username in the group username

    switched Cisco environment is handled using SPAN (Switched Port irrored from source ports to a destination port on the switch; a network ated at the destination switch.

    veral forms:

    AN source port(s) and the destination port are located on the same

    N (VSPAN)The source is a virtual LAN (VLAN) as opposed to one

    SPAN)The SPAN source and destination ports are located on differ-ecial purpose VLAN carries the mirrored frames to the destination port

  • General Networking Theory Quick Reference Sheets

    The following gure demonstrates a sample RSPAN conguration.

    You should be aware o

    You can congure

    A port specied asanother SPAN ses

    A port channel int

    If you specify mu

    Destination ports


    Switch A


    2. monitor semonitor se

    RSPAN: Configuration Example

    1291_Section Page 66 Wednesday, November 3, 2004 7:49 AMf important guidelines regarding SPAN:

    destination ports as trunks to capture tagged trafc.

    a destination port in one SPAN session cannot be a destination port for sion.

    erface (an EtherChannel) cannot be a destination.ltiple ingress source ports, the ports can belong to different VLANs.

    never participate in any spanning tree instance.

    Switch DD1



    itch C

    Switch B

    C1 C2







    Destination Switch(Data Center)

    Immediate Switch(Building Distribution)

    Source Switches(Building Access)

    3. monitor session 1 source remote vlan999monitor session 1 destination interface fa4/48

    1.VTP Servervlan999remote span

    ssion 1 source interface fast ethernet 1/1 bothssion 1 destination remote vlan999

  • 1291_Section Page 67 Wednesday, November 3, 2004 7:49 AM

  • BridginQuick RData Link LayThe data link layer prodata link layer specicacteristics include the f

    Physical addressi

    Network topologdevices are to be

    Error notication

    Sequencing of fra

    Flow controlMoverwhelmed wit

    The Institute of Electriinto two sublayers:

    Logical Link Con

    Media Access Con

    1291_Section Page 104 Wednesday, November 3, 2004 7:49 AMg and LAN Switchingeference Sheets

    ervides reliable transit of data across a physical network link. Different ations dene different network and protocol characteristics. These char-ollowing:

    ngDenes how devices are addressed at the data link layer

    yConsists of the data link layer specications that often dene how physically connected, such as in a bus or a ring topology

    Alerts upper-layer protocols that a transmission error has occurredmesReorders frames that are transmitted out of sequence

    oderates the transmission of data so that the receiving device is not h more trafc than it can handle at one time

    cal and Electronic Engineers (IEEE) has subdivided the data link layer

    trol (LLC)trol (MAC)

  • Ethernet

    The Logical Link Conbetween devices over ation and supports bothprotocols. IEEE 802.2 higher-layer protocols

    The Media Access Conthe physical network maddresses enable multi

    Examples of data link pLink Control (HDLC),point-to-point connect

    EthernetEthernet refers to the fstandard. This standardprotocol. Four data rattwisted-pair cables:

    10 Mbps10BA

    100 MbpsFast

    1000 MbpsGig

    10,000 Mbps10

    Ethernet has replaced jfollowing reasons:

    It is easy to under

    It features relative

    It provides extens

    It is a standards-co


    Sublayers of the Data Link Layer

    1291_Section Page 105 Wednesday, November 3, 2004 7:49 AMtrol (LLC) sublayer of the data link layer manages communications single link of a network. LLC is dened in the IEEE 802.2 specica-

    connectionless and connection-oriented services used by higher-layer denes a number of elds in data link layer frames that enable multiple to share a single physical data link.

    trol (MAC) sublayer of the data link layer manages protocol access to edium. The IEEE MAC specication denes MAC addresses. MAC

    ple devices to uniquely identify one another at the data link layer.

    rotocols are Ethernet for local area networks and PPP, High-Level Data and Advanced Data Communications Control Protocol (ADCCP) for ions.

    amily of local-area network (LAN) products covered by the IEEE 802.3 denes the carrier sense multiple access collision detect (CSMA/CD)

    es are currently dened for operation over optical ber and

    SE-T Ethernet


    abit Ethernet

    Gigabit Ethernet

    ust about every other LAN technology because of the

    stand, implement, manage, and maintain.

    ly low costs.

    ive topological exibility.

    mpliant technology.

    ata Link Layer

    MAC Layer

    LLC Layer

  • Bridging and LAN Switching Quick Reference Sheets


    802.3 denes the original shared media LAN technology. This early Ethernet specication runs at 10 Mbps.

    Ethernet possesses theYou often see 802.3 Etunderlying media. Her





    802.3U (Fast Ethern

    Fast Ethernet refers to implies, Fast Ethernet

    While Fast Ethernet ismat, MAC mechanismyou to use existing 10BEthernet networks.

    802.3Z (Gigabit Eth

    Once again, this Ethernspeeds tenfold over Fa

    802.3AB (Gigabit E

    Gigabit Ethernet over Cexisting Fast Ethernet gory 5e/6 cabling systemake 802.3AB a highl

    10 Gigabit Etherne

    The latest in Ethernet t

    High bandwidth

    Low cost of owne

    Scalability from 1

    Long Reach Ethern

    The Cisco Long Reachexisting Category 1/2/3to 35005000 feet.

    1291_Section Page 106 Wednesday, November 3, 2004 7:49 AM capability to run over various media such as twisted pair and coaxial. hernet referred to as different terms because of the differences in the e are examples:

    rnet over Twisted Pair Media

    rnet over Fiber Media

    net over Thin Coaxial Media

    net over Thick Coaxial Media


    any one of a number of 100-Mbps Ethernet specications. As its name offers speeds ten times that of the 10BASE-T Ethernet specication.

    a much faster technology, it still preserves such qualities as frame for-s, and maximum transmission unit (MTU). These similarities permit ASE-T applications and network management tools on Fast


    et technology builds upon the foundations of the old, but increases st Ethernet to 1000 Mbps, or 1 gigabit per second (Gbps).

    thernet over Copper)

    opper (also known as 1000BASE-T) is yet another extension of the standard. 802.3AB species Gigabit Ethernet operation over the Cate-ms already installed. This reuse of the existing infrastructure helps to y cost-effective solution.


    echnologies, 10 Gigabit Ethernet provides the following features:


    0 Mbps to 10,000 Mbps

    et (LRE)

    Ethernet (LRE) networking solution delivers 515 Mbps speeds over wiring. As the name conveys, this Ethernet-like performance extends

  • Transparent Bridging

    Gigabit Interface Converter (GBIC)

    The Gigabit Interface Converter (GBIC) is a Cisco standards-based hot-swappable input/out-put device that plugs inallows you to inexpensmedia that might be in

    You can intermix GBIC1000BASE-SX, 1000Binterface technologies

    Transparent B

    IEEE/DEC Spanning

    Spanning Tree Protocorible because of no Timtable corruption, and m

    The STP Process

    The Bridge ID is a criticBridge ID consists of ais 32,768.

    Path cost is the measurlower cost.

    Conguration bridge pSwitches use a four-steport receives a better B(default), it begins senStep 1 Lowest Roo

    Step 2 Lowest Path

    Step 3 Lowest Sen

    Step 4 Lowest Por

    1291_Section Page 107 Wednesday, November 3, 2004 7:49 AMto a Gigabit Ethernet slot on a Cisco network device. This exibility ively adapt your network equipment to any changes in the physical troduced.

    s in a Cisco device to support any combination of 802.3z-compliant ASE-LX/LH, or 1000BASE-ZX interfaces. Upgrading to the latest is simple thanks to these Gigabit Interface Converters.



    l (STP) is a Layer 2 loop prevention mechanism. Layer 2 loops are ter-e to Live (TTL) value in frame. Loop can cause broadcast storm, MAC ultiple-frame copies.

    al element for the creation of the spanning-tree loop free topology. The 2-byte bridge priority and a 6-byte MAC address. The default priority

    e of distance from one bridge to another. Greater bandwidth features

    rotocol data units (BPDUs) are sent between switches for each port. p process to save a copy of the best BPDU seen on every port. When a PDU, it stops sending them. If the BPDUs stop arriving for 20 seconds

    ding them again.

    t Bridge ID (BID) Cost to Root Bridge

    der BID

    t ID

  • Bridging and LAN Switching Quick Reference Sheets

    The initial convergence process takes place in three steps:

    Step 1 Elect a Root BridgeLowest BID wins

    Step 2 Elect Root

    Step 3 Elect Desigdesignated pbridge are d

    Once convergence occ

    Ports have a port state stated in reality:



    Listening BPD



    Timers are used in the

    Hello2 secTi

    Forward Delay

    Max Age20 sec

    Default convergence tibridge.

    Topology Changes

    Topology Change NotiBPDU0x80 in Typewhen failure in networaddress tables.

    1 A bridge sends a

    a It takes a por

    b A port goes f

    TCNs go out the

    3 Upstream bridges

    4 Upstream switch BPDU it receivessending TCN BPD

    5 Upstream switch

    1291_Section Page 108 Wednesday, November 3, 2004 7:49 AMPortsEvery nonroot bridge selects one root port

    nated PortsEach segment has one designated port (the bridge with the ort is the designated bridge for that segment); all active ports on the root esignated (unless you connect two ports to each other).urs, BPDUs radiate out from the root bridge over loop-free paths.

    under 802.1D STP. They have more than just forwarding or blocking

    istratively down

    s received only (20 sec)Us sent and received (15 sec)ing table is built (15 sec)nding/receiving data

    process to control convergence.

    me between each conguration BPDU

    15 secList/learning states

    Time BPDU stored

    me is 30 to 50 seconds. Timer modication is possible from the root

    cation (TCN) BPDU is used. Type Field of BPDU signies this eld used for TCN BPDU. TCN BPDU improves convergence time k occursprimarily because it helps in a rapid updating of MAC

    TCN BPDU in two cases:

    t into forwarding, and it has at least one designated port (DP).rom Forwarding/Learning to Blocking.

    root port; sends them each Hello interval until they are acknowledged.

    process TCN on DPs.

    sets the Topology Change Acknowledgement (TCA) eld of next cong and sends downstream. This causes the downstream switch to stop


    sends TCN further upstream.

  • Transparent Bridging

    6 This continues until the root receives the TCN.

    7 Root sets TCA and Topology Change ags in the next cong BPDU.

    8 Root sets TC agswitches to age M

    Root Bridge Placem

    You should set the rooIOS command. You sh

    set spantree priority example, set spantreeIf all switches are at thnot specify a VLAN wpriority value of 200 in

    set spantree root is acand sets the priority onority is set to 8,192. To

    sssseeeetttt ssssppppaaaannnnttttrrrreeeeeeee sssseeeeccccoooonnnndddd

    This command sets the

    Remember, in a Cisco VLAN basis. This is c

    In the Cisco IOS envir

    ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn [[[[ddddiiiiaaaammmmeeeetttteeeerrrr hhhhooooppppssss [[[[hhhheeeessssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn [[[[ddddiiiiaaaammmmeeeetttteeeerrrr hhhhooooppppssss [[[[hhhheeee

    Load Balancing

    One method of load baVLANs on different sw

    Another technique is to

    sssseeeetttt ssssppppaaaannnnttttrrrreeeeeeee ppppoooorrrrttttvvvvllll

    This command allows of VLANs in the trunk

    Finally, set spantree pthe command to be entbe performed.

    The equivalent Cisco I

    ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee ppppoooorrrrtttt----ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee vvvvllllaaaannnn

    1291_Section Page 109 Wednesday, November 3, 2004 7:49 AM in all BPDUs sent for Forward Delay + Max Age. This instructs all AC table address entries faster.


    t bridge location in your network using the appropriate CatOS or Cisco ould also select a secondary root in the event the primary root fails.

    allows you to modify the priority value and rig the root election. For priority 100 1 sets the priority to 100 for VLAN 1 on the local switch. e default priority value of 32,768, the bridge becomes the root. If you do ith the set spantree command, VLAN 1 is assumed. You can use the this case on another switch to elect it as the secondary root bridge.

    tually a macro command that examines the priority of the existing root the local switch to be one less. If the default is used on the root, the pri- create a secondary root, you can use the following command:


    priority value to 16,384.

    environment, all spanning-tree mechanisms occur on a VLAN-by-alled Per-VLAN Spanning Tree (PVST+).onment, the following commands are available:

    vvvvllllaaaannnn____IIIIDDDD rrrrooooooootttt pppprrrriiiimmmmaaaarrrryyyylllllllloooo----ttttiiiimmmmeeee sssseeeeccccoooonnnnddddssss]]]]]]]]vvvvllllaaaannnn____IIIIDDDD rrrrooooooootttt sssseeeeccccoooonnnnddddaaaarrrryyyylllllllloooo----ttttiiiimmmmeeee sssseeeeccccoooonnnnddddssss]]]]]]]]

    lancing with Spanning Tree Protocol is to place the root for different itches.

    use the following command:


    you to congure load balancing by setting the port priority for a subset port.

    ortvlancost can be utilized. This is the most exible option; it allows ered and observed on the switch where the load balancing is to

    OS commands include:

    pppprrrriiiioooorrrriiiittttyyyy ppppoooorrrrtttt____pppprrrriiiioooorrrriiiittttyyyyvvvvllllaaaannnn____IIIIDDDD ccccoooosssstttt ppppoooorrrrtttt____ccccoooosssstttt

  • Bridging and LAN Switching Quick Reference Sheets

    Fast STP Convergence

    PortFast PortFast is a Cisco proprietary enhancement to the 802.1D STP implementation. You apply the command to specic ports, and that application has two effects:

    Ports coming up a

    The switch does nPortFast is going

    Therefore, consider en

    UplinkFast Congurfailure and allows for a

    When you are congur3000 to the cost of all MAC address tables fo

    BackboneFast Confailure occurs and is ingence from about 50 se


    MISTP (802.1s) is an Inumber of spanning-trogies need only a few

    You congure a set of sSpanning Tree (MST) of representing the entity with earlier IEEE im

    Follow these steps to c

    Step 1 Globally en


    Step 2 Enter MST


    Step 3 Set the MST

    nnnnaaaammmmeeee nnnnaaaammmmeeee

    Step 4 Set a cong

    rrrreeeevvvviiiissssiiiioooonnnn rrrr

    Step 5 Map your V

    iiiinnnnssssttttaaaannnncccceeee iiii

    1291_Section Page 110 Wednesday, November 3, 2004 7:49 AMre put directly into the forwarding STP mode.

    ot generate a Topology Change Notication when a port congured for up or downfor example, when a workstation power cycles.

    abling PortFast on ports that are connected to end user workstations.

    e UplinkFast on wiring closet switches. It detects a directly connected new root port to come up almost immediately.

    ing UplinkFast, the local switch has a priority set to 49,152, and it adds links. Finally, a mechanism is included that causes the manipulation of r other bridges.

    gure BackboneFast on all switches. It speeds convergence when the directly located, such as in the core of the backbone. Reduces conver-conds to about 30 seconds.

    EEE standard that allows several VLANs to be mapped to a reduced ee instances. This provides advantages over PVST+ since typical topol-spanning-tree topologies to be optimized.

    witches with the same MISTP parameters, and this becomes a Multiple region. With MISTP, you have an Internal Spanning Tree that is capable ire MST region as a Common Spanning Tree for backward compatibil-


    ongure MISTP:

    able MISTP (MSTP) on your switches:rrrreeeeeeee mmmmooooddddeeee mmmmsssstttt

    conguration submode:

    rrrreeeeeeee mmmmsssstttt ccccoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnn

    region name:

    uration revision number:


    LANs to MST instances:

    nnnntttt vvvvllllaaaannnn rrrraaaannnnggggeeee

  • LAN Switching

    You can easily verify an MISTP conguration using the following commands:

    sssshhhhoooowwww ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee mmmmsssstttt ccccoooonnnnffffiiiigggguuuurrrraaaattttiiiioooonnnnsssshhhhoooowwww ssssppppaaaannnnnnnniiiinnnngggg----ttttrrrreeeeeeee

    LAN Switchin

    VLAN Trunking


    The IEEE 802.1Q stanthe VLAN membershiService (QoS) priority

    The VLAN ID (VID) athat switches need to pbytes longer than an unand two bytes of TCI (frame are described in

    TPIDThe Tag PType set at 8100,

    PriorityThe reight (23) possiblority bits.

    CFIThe Canonswitches. CFI is uToken Ring.

    1291_Section Page 111 Wednesday, November 3, 2004 7:49 AMmmmmsssstttt vvvvllllaaaannnn____iiiidddd


    dard trunking protocol uses an extra tag in the MAC header to identify p of a frame across bridges. This tag is used for VLAN and quality of identication.

    ssociates a frame with a specic VLAN and provides the information rocess the frame across the network. Notice that a tagged frame is four tagged frame and contains two bytes of TPID (Tag Protocol Identier)

    Tag Control Information). These components of an 802.1Q tagged more detail here:

    rotocol Identier has a dened value of 8100 in hex; with the Ether-this frame is identied as carrying the IEEE 802.1Q/802.1P 3 bits of the Tag Control Information dene user priority; notice the e priority levels. IEEE 802.1P denes the operation for these 3 user pri-

    ical Format Indicator is a single-bit ag, always set to zero for Ethernet sed for compatibility reasons between Ethernet networks and


  • Bridging and LAN Switching Quick Reference Sheets

    VIDVLAN ID identies the VLAN; notice it allows the identication of 4096 (212) VLANs. Two of these identications are reserved, permitting the creation of 4094 VLANs.

    On most set-based (Cafore, you must use the

    802.1Q trunks feature which frames are not t

    The VLAN a port

    The VLAN from w

    The VLAN to whi

    To successfully trunk bmatch. The default nat

    You can control the 80purposes or load balan

    802.1Q trunks can be d


    Cisco features its own not modify the frame winformation and is, the

    The 26-byte ISL heade


    TYPE4-bit des

    USER4-bit des

    SASource addr

    LEN16-bit fram

    1291_Section Page 112 Wednesday, November 3, 2004 7:49 AMtOS) Catalyst switches, ISL trunk encapsulation is the default; there-set trunk dot1q command to use 802.1Q as your trunk protocol.a concept called the native VLAN. The native VLAN is a VLAN for agged. Here are all aspects of the native VLAN:

    is in when not trunking

    hich frames are sent untagged on an 802.1Q portch frames are forwarded if received untagged on an 802.1Q portetween two devices using 802.1Q, the native VLAN setting must

    ive VLAN in Cisco devices is VLAN 1.

    2.1Q VLAN trafc that is sent over a trunk; this is possible for security cing.

    ynamically formed using the Dynamic Trunking Protocol (DTP).

    proprietary trunking protocol called Inter-Switch Link (ISL). ISL does ith tagging as 802.1Q does; it instead encapsulates the frame with new

    refore, protocol-independent.

    r contains the following elds in an Ethernet environment:

    addressIt is a 40-bit multicast address

    criptor of the encapsulated frame type0000 for Ethernet

    criptor used to dene Ethernet priority value

    ess48-bit source MAC address

    e length descriptor

  • LAN Switching

    AAAA03SNAP 802.2 LLC header

    HSAFirst 3 bytes of the SA

    VLAN ID15-bi

    BPDU1-bit descol (CDP) frame

    INDX16-bit va


    FCS4-byte fram

    RES16-bit rese

    Just as with 802.1Q, ISload balancing.


    Dynamic Inter-Switchinterconnected Fast Ettrunk pair. This technoused to negotiate trunk(DTP), which functionDISL is a Layer 2 prottocols. The Subnetwor

    DISL offers one of ve

    OffLocally disa

    OnLocally enab

    DesirableNegoappropriate mode

    AutoPort cong


    Note that the following


    OFF No Trun

    ON No Trun

    AUTO No Trun

    DESIR. No Trun

    NONEG. No Trun

    1291_Section Page 113 Wednesday, November 3, 2004 7:49 AMt VID in which only the low 10 bits are used for 1024 possible VLANs

    criptor that identies the frame as a BPDU or a Cisco Discovery Proto-

    lue that indicates the port index

    The encapsulated data packet including its cyclic redundancy check

    e check sequence including a 32-bit CRC

    rved eld for additional information

    L supports the assignment of VLANs to trunk links for security and/or

    Link Protocol (DISL) allows the creation of an ISL trunk from two hernet devices with the administrator only conguring one link of the logy was Ciscos rst attempt at a trunk negotiation protocol. It was s for ISL only. DISL has been replaced with Dynamic Trunk Protocol s for both ISL and 802.1Q on the latest switch operating systems.ocol that uses a multicast destination address used by several Cisco pro-k Access Protocol (SNAP) value distinguishes the frame purpose. trunk modes (very similar to DTP):bles trunk and negotiates other side to disable as well

    les trunk and negotiates other side to enable if possible

    tiates with other side to enable and locally enables if the other side is in

    ured to receive a request to trunk and does so when requested

    uses local trunk, but no request is sent for trunking

    combinations are possible resulting in the trunk status shown:


    k No Trunk No Trunk No Trunk No Trunk

    k Trunk Trunk Trunk Trunk

    k Trunk No Trunk Trunk No Trunk

    k Trunk Trunk Trunk Trunk

    k Trunk No Trunk Trunk Trunk

  • Bridging and LAN Switching Quick Reference Sheets

    Dynamic trunk negotiations are not recommended in high security and/or critical/core areas of the network. Also, remember that dynamic negotiations fail if the links participate in different VLAN Trunking Proto


    VTP is a Cisco proprieinformation across all ts of VTP, your switc

    You must congucase sensitive.

    The switches mus

    The switches mus

    The same VTP pa

    Generally, you nd fou

    VTP protocol vers

    VTP message typ

    Management dom

    Management dom

    VTP has four possible

    Summary advertis

    Subset advertisem

    Advertisement req

    VTP join messageThe VTP congurationmine if a switch has stnot the switch overwriincrements each time aThe number is one frommode switches that yohigher conguration reparent mode helps to e

    You have three possibl

    ServerThis moadvertised to VTP

    ClientThis modon the local devictem(s).

    1291_Section Page 114 Wednesday, November 3, 2004 7:49 AMcol (VTP) domains.

    tary Layer 2 multicast messaging protocol that synchronizes VLAN media types and tagging methods on your switches. To enjoy the bene-hes must meet the following requirements:

    re the VTP domain name identically on each device; domain names are

    t be adjacent.t be connected with trunk links.

    ssword must be congured if used in the domain.

    r items in all VTP messages:

    ion (either 1 or 2)e

    ain name length

    ain name

    message types:




    s (used for pruning) revision number is extremely important. This value is used to deter-

    ale information regarding VLANs and ultimately controls whether or tes its VLAN database with new information. The revision number change is made to the VLAN database on a Server mode VTP system. 0 to 4,294,967,295. You must ensure when introducing new Server

    u do not inadvertently overwrite the VLAN database because of a vision number on the new switch. Introducing new switches in Trans-nsure this problem never results.

    e modes your VTP servers. These modes are as follows:

    de enables you to create, modify, and delete VLANs; these changes are Client mode systems; Catalyst switches default to this mode.

    e does not allow for the creation, modication, or deletion of VLANs e ; VLAN congurations are synchronized from Server mode sys-

  • LAN Switching

    TransparentThis mode permits the addition, deletion, and modication of VLAN information, but the information resides only locally on the Transparent device; these systems forward a

    Here is an example con

    Console> (enable) ssssVTP domain Lab_NetwConsole> (enable) ssssChanging VTP mode fVTP domain Lab_Netw

    Here is an example con

    Router# ccccoooonnnnffffiiiigggguuuurrrreeee ttttRouter(config)# vvvvttttppppSetting device to VRouter(config)# vvvvttttppppSetting VTP domain Router(config)# eeeennnnddddRouter#

    VTP Pruning

    VTP pruning allows yotion of ooded frames enable VTP pruning in

    sssseeeetttt vvvvttttpppp pppprrrruuuunnnniiiinnnngggg eeeennnnaaaa

    When you enable prunof VLAN 1). You needcally propagates. You cineligible. This is done

    cccclllleeeeaaaarrrr vvvvttttpppp pppprrrruuuunnnneeeeeeeelllliiiiggggsssseeeetttt vvvvttttpppp pppprrrruuuunnnneeeeeeeelllliiiiggggiiiibbbb

    The Cisco IOS comma

    vvvvttttpppp pppprrrruuuunnnniiiinnnnggggsssswwwwiiiittttcccchhhhppppoooorrrrtttt ttttrrrruuuunnnnkkkk pppprrrrvvvvllllaaaannnn[[[[,,,,vvvvllllaaaannnn[[[[,,,,vvvvllllaaaannnn[[[[,,


    EtherChannels allow yachieving substantial btrunks in your campusment, because ordinari

    Be aware of the follow

    All Ethernet interf

    You have a maxim

    1291_Section Page 115 Wednesday, November 3, 2004 7:49 AMdvertisements from Servers, but do not process these advertisements

    guration of VTP for a Server mode system in CatOS mode:

    eeeetttt vvvvttttpppp ddddoooommmmaaaaiiiinnnn LLLLaaaabbbb____NNNNeeeettttwwwwoooorrrrkkkkork modifiedeeeetttt vvvvttttpppp mmmmooooddddeeee sssseeeerrrrvvvveeeerrrror all featuresork modified

    guration of VTP for a Server mode system in IOS mode:

    eeeerrrrmmmmiiiinnnnaaaallll mmmmooooddddeeee sssseeeerrrrvvvveeeerrrrTP SERVER mode. ddddoooommmmaaaaiiiinnnn LLLLaaaabbbb____NNNNeeeettttwwwwoooorrrrkkkkname to Lab_Network

    u to limit the amount of trafc sent on trunk ports. It limits the distribu-to only switches that have members of the particular VLAN. You can CatOS with this command:


    ing on the switch, all VLANs are pruned by default (with the exception to congure pruning on only one VTP server, and the setting automati-an change this behavior by making select VLANs you choose prune in CatOS with the following commands:


    nds are as follows:

    uuuunnnniiiinnnngggg vvvvllllaaaannnn {{{{nnnnoooonnnneeee | {{{{{{{{aaaadddddddd | eeeexxxxcccceeeepppptttt | rrrreeeemmmmoooovvvveeee}}}} ,,............]]]]]]]]}}}}}}}}

    ou to bundle redundant links and treat them as a single link, thus andwidth benets. It is often advisable to use an EtherChannel for key design. EtherChannel is actually a Spanning Tree Protocol enhance-ly one or more of the links would be disabled to prevent a loop.

    ing guidelines regarding EtherChannel:

    aces on all modules must support EtherChannel.

    um of eight interfaces per EtherChannel.

  • Bridging and LAN Switching Quick Reference Sheets

    The ports do not need to be contiguous or on the same module.

    All ports in the EtherChannel must be set for the same speed and duplex.

    Enable all interfaces in the EtherChannel.

    An EtherChannel will not form if one of the ports is a SPAN destination.

    For Layer 3 EtherChannels, assign a Layer 3 address to the port-channel logical interface, not the physical i

    Assign all EtherCtrunk encapsulati

    The same allowed

    Interfaces with dif

    Once an EtherChaeffects the physic

    Port aggregation protopackets are sent betweNote this is very similaure the link.

    EtherChannel load baleither source, destinati

    Here is a CatOS EtherC

    Console> (enable) ssssPorts 2/2-8 left adPorts 2/2-8 joined Console> (enable)Here is an example Router# ccccoooonnnnffffiiiigggguuuurrrreeee ttttRouter(config)# iiiinnnnttttRouter(config-if)# Router(config-if)#


    Unidirectional Link Detional link occurs whenbut trafc sent from thincluding spanning-tre

    To perform UDLD, paBoth sides of the link mcopper interfaces and i

    1291_Section Page 116 Wednesday, November 3, 2004 7:49 AMnterfaces.

    hannel ports to the same VLAN or ensure they are all set to the same on and trunk mode.

    range of VLANs must be congured on all ports in an EtherChannel.

    ferent STP port path costs can form an EtherChannel.

    nnel is congured, a conguration made to the physical interfaces al interfaces only.

    col (PAgP) aids in the automatic creation of EtherChannel links. PAgP en EtherChannel-capable ports to negotiate the forming of a channel. r to DISL/DTP. Only one switch needs to be congured to fully cong-

    ancing can use MAC addresses, IP addresses, or Layer 4 port numbers; on, or both source and destination addresses.

    hannel conguration example:

    eeeetttt ppppoooorrrrtttt cccchhhhaaaannnnnnnneeeellll 2222////2222----8888 mmmmooooddddeeee ddddeeeessssiiiirrrraaaabbbblllleeeemin_group 1.admin_group 2.

    from Cisco IOS:eeeerrrrmmmmiiiinnnnaaaalllleeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 2222////2222 ----8888cccchhhhaaaannnnnnnneeeellll----ggggrrrroooouuuupppp 2222 mmmmooooddddeeee ddddeeeessssiiiirrrraaaabbbblllleeeeeeeennnndddd

    tection (UDLD) detects and disables unidirectional links. A unidirec- trafc transmitted from the local switch is received by the neighbor,

    e neighbor is not. Unidirectional links can cause a variety of problems, e loops. UDLD performs tasks that autonegotiation cannot perform.

    ckets are sent to neighbor devices on interfaces with UDLD enabled. ust support UDLD, therefore. By default, UDLD is locally disabled on

    s locally enabled on all Ethernet ber-optic interfaces.

  • Security

    The CatOS command to enable UDLD on an interface is as follows:

    sssseeeetttt uuuuddddlllldddd eeeennnnaaaabbbblllleeee mod/port

    The Cisco IOS command to enable UDLD on an interface is simply this:

    uuuuddddlllldddd eeeennnnaaaabbbblllleeee



    Cisco multilayer switc

    Router access cosable memory) ha

    Quality of Servic VLAN access con

    some platforms

    Catalyst switches, therand QoS ACLs. VACLaccess maps. If a matcthe default action is to the map. If no match cVACLs have no directiinclude an ACL with s

    VACLs support three a




    Here is an example fro

    Console> (enable) ssssIPACL1 editbuffer mConsole> (enable)Console> (enable) ssssIPACL1 editbuffer mConsole> (enable)Console> (enable) ccccACL commit in progrACL IPACL1 is commiConsole> (enable)

    1291_Section Page 117 Wednesday, November 3, 2004 7:49 AMhes support three types of access control lists (ACLs):ntrol lists (RACLs)Supported in the TCAM (ternary content-addres-rdwaree (QoS) access control listsSupported in the TCAMtrol lists (VACLs)Supported in software and hardware on

    efore, support four ACL lookups per packetinput/output, security, s follow route map conventions. In fact, they are referred to as VLAN h clause for that type of packet (IP or MAC) exists in the VLAN map, drop the packet if the packet does not match any of the entries within lause exists for that type of packet, the default is to forward the packet. on. To lter trafc in a specic direction by using a VACL, you need to pecic source or destination addresses.


    m CatOS:

    eeeetttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll iiiipppp IIIIPPPPAAAACCCCLLLL1111 ppppeeeerrrrmmmmiiiitttt aaaannnnyyyyodified. Use commit command to apply changes.

    eeeetttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll iiiipppp IIIIPPPPAAAACCCCLLLL1111 ddddeeeennnnyyyy hhhhoooosssstttt 111177771111....3333....8888....2222odified. Use commit command to apply changes.

    oooommmmmmmmiiiitttt sssseeeeccccuuuurrrriiiittttyyyy aaaaccccllll aaaalllllllless.tted to hardware.

  • Bridging and LAN Switching Quick Reference Sheets

    Here is an example from the Cisco IOS that uses an ACL, as well:

    Switch(config)# iiiipppp aaaacccccccceeeessssssss----lllliiiisssstttt eeeexxxxtttteeeennnnddddeeeedddd iiiipppp1111Switch(config-ext-nacl)# ppppeeeerrrrmmmmiiiitttt ttttccccpppp aaaannnnyyyy aaaannnnyyyy Switch(config-ext-nSwitch(config)# vvvvllllaaaaSwitch(config-accesSwitch(config-acces

    Private VLANs

    Private VLANs allow yprovider (ISP) can creanizations. These servercommunicate with a ga

    Private VLANs functioHosts that reside in the(the gateway, for examVLAN. Secondary VL

    Isolated VLANs

    Community VLAin the communityanother secondary

    The following guidelin

    All secondary VL

    Private VLANs ar

    VLAN Trunking P

    Each switch port t

    Ports must be de

    Promiscuousary VLANs (it

    HostThis pthe promiscuopromiscuous p

    Here is an example con

    Switch(config)# vvvvllllaaaaSwitch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)Switch(config-vlan)

    1291_Section Page 118 Wednesday, November 3, 2004 7:49 AMacl)# eeeexxxxiiiittttnnnn aaaacccccccceeeessssssss----mmmmaaaapppp mmmmaaaapppp____1111 11110000s-map)# mmmmaaaattttcccchhhh iiiipppp aaaaddddddddrrrreeeessssssss iiiipppp1111s-map)# aaaaccccttttiiiioooonnnn ddddrrrroooopppp

    ou to segment trafc within a VLANfor example, an Internet service te a VLAN for a server farm that consists of servers from various orga-s can be isolated from each other in the VLAN, but they can all still teway to reach clients beyond the local network.

    n by associating a primary VLAN with special secondary VLANs. secondary VLAN can communicate with ports in the primary VLAN ple), but they cannot communicate with hosts of another secondary ANs can be set up as follows:

    A port within an isolated VLAN can reach only the primary VLAN.

    NsPorts in a community VLAN can communicate with other ports VLAN and the primary VLAN; these ports cannot communicate with VLAN, however.

    es apply to the creation of private VLANs:

    ANs must be associated with one primary VLAN.

    e created using special cases of regular VLANs.

    rotocol (VTP) does not pass any information about private VLANs.hat uses a private VLAN must be congured with a VLAN association.

    ned with one of the following roles:

    This port can communicate with anything in the primary and second- is typically for the gateway device).ort is in the isolated or community VLAN; it communicates with only us port (isolated port)or with other hosts in the community and the ort (community port).guration of private VLANs in the Cisco IOS:

    nnnn 11110000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn ccccoooommmmmmmmuuuunnnniiiittttyyyy# vvvvllllaaaannnn 22220000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn ccccoooommmmmmmmuuuunnnniiiittttyyyy# vvvvllllaaaannnn 33330000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn iiiissssoooollllaaaatttteeeedddd# vvvvllllaaaannnn 111100000000# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn pppprrrriiiimmmmaaaarrrryyyy# pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 11110000,,,,22220000,,,,33330000

  • MLS

    Switch(config-vlan)# eeeexxxxiiiittttSwitch(config)# iiiinnnntttteeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////1111 2222Switch(config-if-range)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 11110000Switch(config-if-range)# iiiinnnntttteeeerrrrffffaaaacccceeee rrrraaaannnnggggeeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////4444 5555Switch(config-if-range)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 22220000Switch(config-if-range)# iiiinnnntttteeeerrrrffffaaaacccceeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 1111////3333Switch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn hhhhoooosssstttt----aaaassssssssoooocccciiiiaaaattttiiiioooonnnn 111100000000 33330000Switch(config-if)# iiiinnnntttteeeerrrrffffaaaacccceeee ffffaaaasssstttteeeetttthhhheeeerrrrnnnneeeetttt 2222////1111Switch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt mmmmooooddddeeee pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn pppprrrroooommmmiiiissssccccuuuuoooouuuussssSwitch(config-if)# sssswwwwiiiittttcccchhhhppppoooorrrrtttt pppprrrriiiivvvvaaaatttteeee----vvvvllllaaaannnn mmmmaaaappppppppiiiinnnngggg 111100000000 11110000,,,,22220000,,,,33330000


    Switching Table Ar

    Both a content-addressswitch equipment.


    The CAM is useful whAn excellent example the match must be an e

    Cat 6500Layer

    Cat 4000Layer

    With CAM table technhashing algorithm. Thithe table without produ

    Notice that the CAM aof the address as a mata 32-bit address. The Cis used in this case.

    Ternary Content-Ad

    The TCAM table has amask values, each withvalue in VMR refersassociated with the pata match on pattern andpointer to other more c

    1291_Section Page 119 Wednesday, November 3, 2004 7:49 AMchitectures

    able memory (CAM) and a TCAM can be used with modern multilayer

    le Memory Table

    enever the switch needs to do a lookup and needs to be an exact match. is a Layer 2 lookup. The switch needs to match on a MAC address and xact match. Examples of CAM table usage include the following:

    2 tables and NetFlow tables

    2 tables

    ology, the destination MAC address is the key, and this key is fed into a s hash produces a pointer into a table. This allows for fast lookups in cing a table scan.

    pproach does not help when you are interested only in a certain portion ch. For example, perhaps you want to match on only the rst 16 bits of AM does not help because it uses an exact match approach. The TCAM

    dressable Memory Table

    limited number of entries that are populated with pattern values and an associated result. These entries are referred to as VMR entries. The to the pattern that is to be matched. The mask refers to the mask bits tern. The result refers to the result or action that occurs in the case of mask. This result might be a simple permit or deny, or it might be a omplex information.

  • Bridging and LAN Switching Quick Reference Sheets

    Currently three platforms rely on the TCAM for Layer 3 switching:

    Catalyst 6500

    Catalyst 4000

    Catalyst 3550

    The TCAM table cons

    Exact-match reghost entry.

    Longest-match r

    First-match regio

    You can congure the

    Multilayer Switchin

    Two main multilayer s

    NetFlow-Based Sw

    NetFlow-based switchswitching. The rst pain the hardware forwarthe term route once-s

    1291_Section Page 120 Wednesday, November 3, 2004 7:49 AMists of these types of regions:

    ionUsed anytime an exact match entry is required for example, a

    egionUsed for routing decisions.

    nConsists of ACL entries; lookup stops after rst match of the entry.

    size of your TCAM based on your network requirements.

    g Architectures

    witching architectures are used today.


    ing is also known as ow-based, route caching, or demand-based cket in a ow is switched in software; subsequent packets are switched ding table. This is classic multilayer switching that is often known by witch many.

  • MLS

    Topology-Based Switching

    With the latest topology-based switching, a route cache approach is not used. The forwarding structures required in h

    The Cisco implementaExpress Forwarding). T

    FIB (Forwardingbased switching dtion base. The FIBthe IP routing tab

    Adjacency tablesreach each other wadjacency tables tLayer 2 next-hop

    Configuring CEF

    CEF switching is permequipped with the follo

    Supervisor Engine

    Policy Feature Ca

    Multilayer Switch

    Distributed Forwa

    You can use the no ip

    1291_Section Page 121 Wednesday, November 3, 2004 7:49 AMardware are built in advance without waiting for trafc ows.

    tion of topology-based multilayer switching is called CEF (Cisco he two main components of CEF operation are the following:

    Information Base)CEF uses an FIB to make IP destination prex-ecisions. The FIB is conceptually similar to a routing table or informa- maintains a mirror image of the forwarding information contained in


    Network nodes in the network are said to be adjacent if they can ith a single hop across a link layer. In addition to the FIB, CEF uses

    o prepend Layer 2 addressing information. The adjacency table maintains addresses for all FIB entries. This structure is built from the ARP table.

    anently enabled on the Catalyst 6500 series switches when they are wing hardware:


    rd 2 (PFC2) Feature Card 2 (MSFC2)rding Card (DFC)cef command to disable CEF on the Catalyst 4000.






  • Bridging and LAN Switching Quick Reference Sheets

    The default conguration on devices with CEF enabled is for CEF to be functional on all Layer 3 interfaces. If you disable CEF on an interface, you can enable CEF as follows:

    On the Catalyst 3550 switch, use the ip route-cache cef interface conguration command to enab

    On the Catalyst 40CEF on an interfa

    On the Catalyst 65

    Per-destination load ba

    Configuring CEF

    You can use the follow

    sssshhhhoooowwww iiiinnnntttteeeerrrrffffaaaacccceeee ttttyyyyppppeeee

    Another option for viewfollowing command:

    sssshhhhoooowwww iiiinnnntttteeeerrrrffffaaaacccceeeessss ttttyyyypppp

    To view all of the FIB

    sssshhhhoooowwww iiiipppp cccceeeeffff

    To view details from a

    sssshhhhoooowwww iiiipppp cccceeeeffff ddddeeeettttaaaaiiiillll

    Use the following com

    sssshhhhoooowwww aaaaddddjjjjaaaacccceeeennnnccccyyyy [[[[{{{{{{{{tttt ssssuuuummmmmmmmaaaarrrryyyy]]]]

    Debugging commands

    ddddeeeebbbbuuuugggg iiiipppp cccceeeeffff {{{{ddddrrrrooooppppssss pppprrrreeeeffffiiiixxxx----iiiippppcccc [[[[aaaacccccccceeeessssssssrrrreeeeccccuuuurrrrssssiiiivvvveeee

    Catalyst IOS Cisco is attempting to alyst switches. Thanksof the past might run th

    This standardization onengineers that are alrea

    While the appropriate CCIE candidate shouldconguration modes an

    1291_Section Page 122 Wednesday, November 3, 2004 7:49 AMle CEF on an interface.

    00 switch, use the ip cef interface conguration command to enable ce after it has been disabled.

    00 with PFC2, DFCs, and MSFC2, you cannot disable CEF.

    lancing is enabled by default when you enable CEF.

    ing command to display a summary of IP unicast trafc on an interface:

    ssssllllooootttt////iiiinnnntttteeeerrrrffffaaaacccceeee | bbbbeeeeggggiiiinnnn LLLL3333

    ing this information on some platforms, such as the 6500, is to use the

    eeee ssssllllooootttt////iiiinnnntttteeeerrrrffffaaaacccceeee | iiiinnnncccclllluuuuddddeeee SSSSwwwwiiiittttcccchhhheeeedddd

    entries on a multilayer switch, use the following command:

    ll of the FIB entries, use the following command:

    mand to view adjacency table information:yyyyppppeeee1111 ssssllllooootttt////ppppoooorrrrtttt}}}} | {{{{ppppoooorrrrtttt----cccchhhhaaaannnnnnnneeeellll nnnnuuuummmmbbbbeeeerrrr}}}}}}}} | ddddeeeettttaaaaiiiillll | iiiinnnntttteeeerrrrnnnnaaaallll |

    for CEF are also available. These include the following:

    [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] | rrrreeeecccceeeeiiiivvvveeee [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] | eeeevvvveeeennnnttttssss [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]] |----lllliiiisssstttt]]]] | ttttaaaabbbblllleeee [[[[aaaacccccccceeeessssssss----lllliiiisssstttt]]]]}}}} ddddeeeebbbbuuuugggg iiiipppp cccceeeeffff aaaaccccccccoooouuuunnnnttttiiiinnnngggg nnnnoooonnnn----

    Configuration Commandsstandardize on a single base operations system for its broad line of Cat- to the acquisition of several different switch vendors, Catalyst switches e CatOS (set-based) operation system or an entirely unique OS. an Cisco IOS-based operating system is a welcome switch for many dy very familiar with the operating systems found on modern routers.

    sections of these study sheets demonstrate specic commands that a be familiar with, this section covers three important Cisco IOS-based d associated commands that are not covered elsewhere.

  • Catalyst IOS Configuration Commands

    Command Modes

    The conguration modes from a router-based environment are present on the switch. In addi-tion to those, you also

    (cong-vlan)Uing vlan number

    (vlan)This is anthe vlan databas

    (if-range)Use tenter this mode u

    1291_Section Page 123 Wednesday, November 3, 2004 7:49 AMhave the following modes:

    se this mode to congure VLAN parameters; enter this mode by enter- in global conguration mode.

    alternative to VLAN conguration mode; you enter this mode using e command.

    he mode to apply a conguration to a range of interfaces on the switch; sing the interface range command.

  • IP QuicAddressing

    IPv4 Addresses

    IPv4 addresses consistcalled octets. Addresse

    Subnet masks identify portion identies a hos

    The address classes demasks:

    Class A 255.0.0

    Class B 255.25

    Class C 255.25

    Class A addresses begibegin with 10 and rang192223.


    Address Resolution PrEthernet network. A ho

    1291_Section Page 150 Wednesday, November 3, 2004 7:49 AMk Reference Sheets

    of 32 bits. These 32 bits are divided into four sections of 8 bits, each s are typically represented in dotted decimal notation. For example:

    which portion of the address identies a particular network and which t on the network.

    ned for public and private networks consist of the following subnet .0 (8 bits)5.0.0 (16 bits)5.255.0 (24 bits)n with 0 and have a rst octet in decimal of 1127. Class B addresses e from 128191. Class C addresses begin with 110 and range from

    otocol (ARP) is used to resolve IP addresses to MAC addresses in an st wanting to obtain a physical address broadcasts an ARP request onto

  • Addressing

    the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address. Once a MAC address is determined, the IP address associ-ation is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and seand replies on IEEE (InEthernet is specied by

    Reverse Address ResoRARP request packet ra RARP server on the diskless nodes that do attempts to use RARP routers can act as RAR

    Defining Static ARP

    To congure static ma

    Router(config)# arp

    Use the following com


    Setting ARP Encaps

    Cisco routers can actua(ARP), proxy ARP, anPackard Company (HPBy default, standard Eenabled on the IP interas required by your netinto 48-bit Ethernet ha

    To specify the ARP en


    Enabling Proxy ARP

    Cisco routers use proxaddresses of hosts on onot on the same networhost through other inteaddress. The host that sthem to the intended h

    To enable proxy ARP i


    1291_Section Page 151 Wednesday, November 3, 2004 7:49 AMnt over the network. Encapsulation of IP datagrams and ARP requests stitute of Electrical and