Cisco Is Easy

Lesson 1 - Connecting to Cisco Console Port with MINICOM

Cisco is easy. If I could learn it, anybody can! If you are a linux user user you must learn how to connect to your Cisco router or switch using rollover cable (the cable that comes with your device). Step1 - Installing Minicom Linux users will use application called 'minicom'. If you are Ubuntu user you can install it using either 'Synaptic Package Manager' or type in the following in your terminal window: $ sudo apt-get install minicom Once it is installed, you must configure the 'minicom' to communicate with the console port of your router/switch. Step 2 - Connection to Console Port Power up your router/switch and connect the roll-over cable to your computer's serial port (DB-9) and to the 'console' port of your router/switch (RJ-45). Step 3 - Configure Minicom Open your Terminal window (Applications ==> Accessories ==> Terminal) and type in: $ minicom -s Scroll down to 'Serial Port Setup' and hit Enter: Pic. 1

Choose 'A' to set up the serial port of your computer (here the first serial port is referenced as ttyS0) so it reads as highlighted below. Then hit Enter again to accept the change: Pic. 2

Next, press 'E' and then 'C' again to access the transmission speed and change it to '9600' value (no apostrophies). You should see values like highlighted below: Pic. 3

Then hit Enter twice to get back to the first screen (Pic.1) The last thing is to save this configuration (you can choose 'dfl' to be the default template or with some other name). Pic. 4

If you chose 'dflp and then, 'Exit from Minicom', you can try out your work now. Type in: $ minicom and hit Enter You should see the console prompt of your router/switch. If you want to leave the minicom use CTRLA keystroke and then type 'x' and confirm you want to leave the application.

Lesson 2 - Navigating in Cisco IOS

Once, you have connected to your Cisco switch or router console port, and power up the device you will see some information displayed during the start of the device. If the device has no initial configuration you are presented with: Pic. 1 - System Configuration Dialog

You can safely cancel this request as its capability to configure the device is not very impressive. Instead, you are going to do things all professionals do: command after command. What follows is bunch of messages sent to the screen and after hitting the Enter key few times you get something like this (here is the router, but a switch would introduce itself as ... Switch> ): Router>

IOS Modes (contexts)

This prompt of the device tells you in which 'context' you are, and the one above with the '>' character is known as 'user exec mode' or 'privilege level 1 mode'. You can't configure much in this mode of operation. It is designed as a 'monitoring' mode not a 'configuration' one. Also, the monitoring capability is limited. For instance, you can't see the running configuration of the device. Type in the following command: Router>enable Router# The prompt changes to '#' which is called 'privileged exec mode', 'enabled mode' or sometimes 'privilege level 15 mode'. I would like to draw your attention to two things here. Both modes of operation (or contexts, if you like) have two things in common:

1. 2.

They are used primarily to monitor the device (you will be using 'show' and 'debug' commands in those modes). They are context for immediate execution of your commands. If the syntax is correct, system executes the command immediately.

Those two modes differ from one another as well: 1. 2. User Exec Mode - is limited in terms of what information will be available. Enabled Exec Mode - gives the operator ALL information (like root or Administrator account on a computer).

Question Mark
As the commands take many attributes your best friend is the question mark '?'. This help is known as the 'context-sensitive help'. This means that depending on which context you use, while typing a question mark (?) the system is going to list the commands that can be executed in that particular mode of operation. See more in the attached video.

Configurations
In order to configure things in Cisco IOS (except for some minor changes), you must enter the ' global configuration mode' first which is characterized by the following prompt: Router(config)# This context can be accessed by typing the following command in the ' privileged exec mode': Router#configure terminal Whatever you configure this particular mode it is going to be applied to the device as a whole unit (e.g. hostname, default gateway on a switch etc.). If you want to enter the context of the interface to configure it with some parameters like ip address, speed, duplex, description etc. , you must enter that interface from the global configuration mode like the one below: Router(config)#interface fastethernet1/0 If you do not know what interfaces your device has, type the following command in the enabled mode: Router#show ip interface brief As you see, in the 'global configuration mode' I did the following actions in order to access the context of the interface: 1. 2. 3. Entered the interface type (here: Fast Ethernet). Referenced the module number (here: 1) Referenced the port number in the module 1 (here: 0)

Please, note that routers count ports starting from 0, switches starting from 1. You'll learn other contexts as we go through numerous labs and video presentations.

Abbreviations
You don't have to type in the full words of the commands and certain attributes that follow the commands. For instance, instead of typing:

Router#configure terminal Router(config)# You can type: Router#conf t Router(config)# As long as the abbreviation uniquely describes which command you want to use, the system has no problem accepting it.

Shortcuts And Keystrokes

When you type enough of the characters that uniquely identify the command in a given context you can use 'tab' key and the system is going to complete the command on the screen for you (just like in Linux). I often use the following keystrokes while editing the commands: CTRL-z - takes the cursor back to the 'enabled exec' mode from any other context CTRL-a - takes the cursor to the beginning of the line CTRL-e - takes the cursor to the end of the line CTRL-k - erases everything to the right of the cursor CTRL-u - erases everything to the left of the cursor Upper Arrow or CTRL-P - displays previous command from the history buffer Lower Arrow or CTRL-N - displays next command from the history buffer

System keeps the record of up to ten (default) commands you typed in. You can increase/decrease the history buffer up to 256 commands. If you want to check the history buffer size, type in: Router#show terminal | include history Changing the buffer size can be accomplished with the following command in the 'enabled mode' Router#terminal history size 256 The above command will increase the size of the history buffer to 256 commands. If you want to see the buffer (which commands were typed) use this command: Router#show history Please, take a look at the video I posted below to see most of those things in action. Practice them until you are confident with the content of this lesson before you proceed to the next one. Next lesson is going to be about creating an initial configuration of our router and/or switch.

Lesson 3 - Initial Configuration of Cisco Switch and Router

Understanding technologies requires a skill. Even though not mine, but the best definition of what a skill is, could be summarized in five words: knowledge and one thousand repetitions. In this lesson, there is no real technology to explain. Instead, you will get familiar with some useful commands we use very often while configuring our routers and switches. This

practical exercise however, is going to help hone your skills obtained in the previous lesson. Take a look at our simple topology first:

Switch/router/computer icons designed by: Andrzej Szoblik - http://www.newo.pl

And here's our plan for the initial configuration. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Configure the host names on both the switch and the router (SW1 and R1 respectively). When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution. Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password. Encrypt the password with 'over-shoulder' algorithm. Protect the access to the console port 0. Use 'cisco_console' as your password. Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness. Configure the console port 0 such, that system messages sent to the screen, do not interfere with what you are typing. After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password. On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1. Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network. Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address. Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/30. Enable the remote access to your devices via telnet. Use password 'cisco_remote'. After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that. Save the configuration on both switch and the router so it is available after reload/power cycle.

Solution:
1. Configure the host names on both the switch and the router (SW1 and R1 respectively).

Most of the steps are identical on a switch and a router. That is why I'm presenting, router's configuration only. You have to repeat them on the switch yourself. If the configuration of the switch is different, it is presented as well (step 9 and step 10). If your prompt shows the user mode '>' you must enter the privileged mode first by typing 'enable': Router>enable Router# Then, in order to set the host name on the router you must enter the 'config mode' (you can abreviate the command to 'conf t'): Router#configure terminal Router(config)# Finally, you type in: Router(config)#hostname R1 R1(config)# NOTICE! The commands take effect immediately as long as their syntax is correct. 2. When you mistype the command in the 'enabled mode' the IOS is trying to resolve this name to ip address. Disable that name resolution. R1(config)#no ip domain-lookup 3. Protect the 'privileged exec mode' with clear text password. Use 'cisco_enable' as your password. R1(config)#enable password cisco_enable 4. Encrypt the password with 'over-shoulder' algorithm. R1(config)#service password-encryption 5. Protect the access to the console port 0. Use 'cisco_console' as your password. In order to do that you have to change the context from 'config mode' to 'line console 0' mode. Pay attention to the prompt! The 'login' keyword is going to prompt the user for the password. NOTICE! the 'no login' command would allow the user to access the console 0 WITHOUT asking for the password even if one was configured. R1(config)#line console 0 R1(config-line)#password cisco_console R1(config-line)#login 6. Configure the console port 0, so it disconnects you after 5 min. 30 sec. of idleness. We're still in console 0 prompt so, we can continue configuring console 0. R1(config-line)#exec-timeout 5 30

R1(config-line)# If you wanted the console line 0 to never disconnect you during the time of idleness, you would use: exec-timeout 0 0. 7. Configure the console port 0 such, that system messages sent to the screen, do not interfere with what you are typing. By default, all system messages are sent to the console 0 and they may interfere with what you are currently typing on the console 0 line. If you are accessing the device via telnet/ssh (remotely), you do not see any messages. If you want to see them on the vty lines (remote connection via telnet/ssh), you must type in: 'terminal monitor' in the 'enabled mode'. Here is the command to satisfy the step 7 in our design: R1(config-line)#logging synchronous 8. After careful consideration you decide to use the most secure access to the 'privileged exec mode'. Disable the previous method and configure the same password using MD5 algorithm to encrypt the password. As we are still in the line console 0 context (look at the prompt), we need to step back to the 'config mode', and then remove the previous 'enable' password. Next we will proceed with md5 password configuration. If you did not remove the previous 'enable password', system is going to use the more secure one anyway. R1(config-line)#exit R1(config)#no enable password R1(config)#enable secret cisco_enable 9. On the switch assign ip address (use: 192.168.1.253/24) on the management interface Vlan 1. I assume that you have completed the steps 1-8 on BOTH router and switch. The commands and prompts will be identical. Now, you can assign ip address on Vlan 1 interface. SW1>enable SW1#conf t SW1(config)#interface vlan 1 SW1(config-if)#ip address 192.168.1.253 255.255.255.0 SW1(config-if)#no shutdown 10. Configure the switch to use the default-gateway (address of the default gateway: 192.168.1.254/24) in case it is managed remotely from another subnet or network. We need to step back to 'config mode' from interface Vlan1 mode to accomplish the task. SW1(config-if)#exit SW1(config)#ip default-gateway 192.168.1.254 11. Enable the router's interface FastEthernet1/0. Use 192.168.1.254/24 address. R1(config)#interface f1/0 R1(config-if)#ip address 192.168.1.254 255.255.255.0 R1(config-if)#no shutdown 12. Enable the interface facing the Internet Serial0/1 (we pretend it is the public interface). Use ip address 172.31.1.1/24. Even though we are currently in F1/0 interface context (look at the prompt), we can jump directly towards s0/1 without typing 'exit' first. If you use real routers (not dynamips), one end of the

connection must use DCE cable and the other DTE cable. They are connected back-to-back and DCE interface must be set up with the clock rate. R1(config-if)#interface s0/1 R1(config-if)#ip address 172.31.1.1 255.255.255.252 R1(config-if)#no shutdown 13. Enable the remote access to your devices via telnet. Use password 'cisco_remote'. Remote access connections are service by special, virtual lines called vty. Here, we will use vty lines 0 through 4, allowing only five concurrent connections via telnet. R1(config-if)#line vty 0 4 R1(config-if)#password cisco_remote R1(config-if)#login 14. After careful consideration you decide to use ssh as the remote access method rather than telnet. Configure that. This is going to be the most complex part in our lab. Below are four steps need to complete the task. a) Configure system domain-name. Without the domain name, IOS cannot generate rsa keys used for encryption and decryption (public/private). The domain name can be any name you choose to use (here: ccna.local) but company's real name is a good idea. R1(config-line)#exit R1(config)#ip domain-name ccna.local R1(config)# b) When you type the below command the system will ask you what should be the length of the keys. Choose 1024 value. IOS will take a few seconds to generate them and automatically start SSH server. Wait till it's done. R1(config)#crypto key generate rsa R1(config)# c) Create a user account that will be used for ssh access (here: user=admin, password=S3cr3t). R1(config)#username admin password cisco_remote R1(config)# d) Enable ssh protcol and disable telnet on vty lines 0 4. Make sure that ssh will use locally created user (admin) for ssh connections. This is done using 'login local' command. R1(config)#line vty 0 4 R1(config-line)#transport input ssh R1(config-line)#login local R1(config-line)#end R1# 15. Save the configuration on both switch and the router so it is available after reload/power cycle. R1#copy running-config startup-config

Lesson 4 - Introduction to TCP/IP Layers

In this lesson we take a sneak peek at the fundamentals regarding TCP/IP. This is one of the most important aspects to understand in order to follow the upcoming lessons. It is not my ambition to explain everything here as this would turn into a hefty book to read. You can find a lot of them on the market anyway. Instead, I will try to focus on some basic aspects of TCP/IP. They will constitute the minimum knowledge to help us understand how computers communicate. If you feel the urge to learn more on TCP/IP right now please visit the following site: http://www.tcpipguide.com/free/t_toc.htm NOTICE! Familiarize yourself with ALL terms in red. They will be used throughout the classes. Introduction Computer communication follows some well defined rules and guidelines which we call protocols. In order for the computers to exchange data they have to agree on using the same rules, otherwise they become incompatible. That was the case in the past. This was one of the reasons to create a common model for communication. It was called OSI Model ( Open Systems Interconnection). This was an attempt to make different vendor's computers exchange data easily. This way IBM machines could talk to DEC machines and so on. Today however, it is the TCP/IP model that is all-pervasive. This protocol suite is derived from OSI model and somewhat loosely follows its rules and terminology. This is going to be the focus of our discussion and the main topic of this lesson. Note! Remember that TCP/IP model does not follow OSI model exactly. OSI model is now used as a reference. What's described in this blog is TCP/IP model, not OSI or IPX/SPX model. Look at the comparison below:

TCP/IP Layers The designers decided to break down the whole complexity of data exchange and created five layers of functions to accomplish the goal. This approach helps develop and modify certain layers of code without touching other layers. For instance, if you are an application programmer, you will be writing a code in the 'application layer' which allows you to use already written code dealing with the transport of data between computers. You do not even have to learn how this transport is done. It has already been written for you. This way, you focus on the application you're creating, what it does and how it works rather than learning about network adapter drivers, signaling and other gory, hardware details.

TCP/IP model divides the functions related to data transmission by using five distinct layers of responsibility. Below area these layers. Layer 5-7 - Application This is where the data's journey begins. Everyday, you use many applications that rely on network services. Those applications are classified to be layer 5 code. Your web browser and web server, mail client and mail server, ssh client and ssh server etc. You may have noticed the term client and server often used in the above description. Pretty much all applications use this architecture. Client, is an application that requests some services from the server application. Server application is providing a client with what they want. A common example of that architecture is your Firefox or Internet Explorer web browser (client application) requesting a page from Apache or IIS web server (server application). Applications, in general, provide a User Interface (UI) which offloads us from a burden of knowing how a computer does things internally. So, once your application formed the request, that one is sent down to the layer 4 (transport layer) asking for the delivery to the host somewhere in the network. Layer 4 - Transport This layer accepts all requests coming from the upper layer (application layer) and tries to organize the transport of that request across the network. In TCP/IP model this layer of software is responsible for: Breaking down big files that are sent across into smaller chunks called segments. There are technology limitations that do not allow our computers to send large files in one piece. It would not be a good idea anyway as any small change of the data during transmission would make the sender re-transmit the whole file again instead of the smaller chunk only. That of course, would take more time and resources to successfully transmit the data. As your computer uses many applications that will transmit something across the network at the same time, the system must know how to mark those request such that they are delivered to the right receiver applications. And once the replies are coming back, they should be delivered back to the same process that initiated them. The concept of the port number has been introduced to deal with that. Source and destination ports ensure that all requests and replies are delivered to the appropriate processes on the computers exchanging data. More on that later in the upcoming lessons. This layer also allows the application to use connection-oriented or connectionless services. The former, establishes communication with the receiving computer (or more generally: destination host) before data can be exchanged, the latter will send data without ensuring that the destination application is running and willing to receive anything. This form of transmission is used primarily for voice and video applications. This layer will also give applications some options in terms of the reliability. Depending on which layer 4 protocol the application is designed to use, the reception of data can be verified or not. That creates reliable versus unreliable transport respectively. In the reliable transport any data that has not been delivered will be retransmitted, unlikely the unreliable transport. One other function of layer 4 could be to moderate the transmissions so that the receiving host is neither swamped by the excess of packets coming in nor is it waiting and doing nothing because the sender's speed of transmission is too slow. Majority of the functions above are performed by TCP protocol, not UDP as applications choose one of them to use.

Once all aspects and functions in this layer have been taken care of, layer 4 sends the data it received from layer 5 down to the layer 3 requesting its service. Layer 3 - Internet Upon receiving a request from layer 4, this code is going to process the incoming information. Since, typically we have more than one path between the sender (source) and the receiver (destination), the function of this layer is to find the best path between them. In order to accomplish that there are two concepts I need to introduce here. Firstly, we need to know how computers find themselves in the network. This is accomplished by using specially designed, layer 3 addresses uniquely identifying computers in any network. The addresses

used by this layer consist of four bytes delimited by the dots (e.g. 10.1.1.1) which are followed by a, so called, 'netmask' also consisting of four bytes with the dot used as the delimiter (e.g. 255.255.255.0). The whole IP address can look like this: 10.1.1.1 255.255.255.0. More on those later. Secondly, because the destination of our data can be outside of our own network, a device called router has been introduced to find the optimal paths between the different networks in which the computers reside. The data processed by layer 3 is called a packet or datagram. This layer also uses a mapping to the upper layer 4 that has requested its services. This is due to the fact that there are more than one protocols available in layer 4 (TCP or UDP). This information (which layer 4 protocol is sending the data) is going to be useful when the data arrives at the destination and the destination's layer 3 process needs to send the content to the appropriate layer 4 protocol for processing. It has to be the SAME protocol that the sender used in layer 4. Layer 2 - Network Interface (Data Link in OSI model) There is a great variety of technologies that handle data transmission on media such as copper and fiber optics cables or air (wireless). In order to offload the layer 3 protocols from learning all possible signaling methods, layer 2 was created. Thus, layer 3 can focus on finding the best path between the source and the destination, and the layer 2 functions will handle the details of preparing the data to be placed on the actual media (copper wire, fiber, air etc.). The piece of information processed at this layer is called a frame. This layer will also use specially designed addressing scheme to recognize the next device which a computer is sending the data to. For instance, in the commonly used layer 2 technology called Ethernet, this address uniquely identifying hosts in the same network is called MAC Address. The reason why we use different addressing schemes: layer 3 and layer 2, will become clearer when we get into some details of the actual data exchange. Please, bear with me till we reach the right lesson that explains it in more detail. The device that is capable of understanding the structure of a frame and delivers the data between the hosts in the SAME network is called bridge, or switch. As of the time of writing this, switches are very popular devices and bridges can be found mostly in museums. Once the layer 2 has prepared the data which layer 3 requested to send, (the process is called 'framing'), layer 2 will send the request to layer 1 asking for the data to be placed onto the wire/fiber/air using the appropriate signaling method. Layer 1 - Network Interface (Physical Layer in OSI) This layer receives requests from layer 2 (data traveled from layer 5 to layer 1 now). The physical layer is going to encode data received from layer 2 software and place them in the form of bits (1s and 0s) on the medium. This way, ones and zeros travel across the media to deliver them to their receipient. The bits can traverse multiple devices as they go across such as hubs, switches, routers. What type of devices will forward those bits depends on the design of the network. The devices referred to as layer 1 devices are hubs, cables, network adapters, connectors, transceivers etc. Also the data processed by this layer is called bits. This layer defines low level aspects of the transmission such as cables used, maximum distance the cable can reliably sent bits across, types of the connectors, speed of the transmissions etc. NOTICE! The names given to the data at each of the layers described above (segment, packet, frame, bits) are taken from the OSI model terminology. They are referred to as: Protocol Data Unit (PDU). Understanding the terminology and the concepts presented in this lesson are the pre-requisites to understand the next lesson. Please, make sure that you read carefully this lesson before proceeding to lesson 5 in which I am going to show you some details regarding the protocols and headers used in TCP/IP transmissions.

Lesson 5 - Encapsulation and Deenapsulation Process

Assuming that you have read my previous lesson about TCP/IP Layers, it's a good idea to take a closer look at the vertical transmissions between layers occurring on the sender host and the reverse process occurring at the receiving end. So, the main topic of this lesson, is going to be encapsulation and deencapsulation process.

NOTICE! The terminology used in this and subsequent lessons is defined in Lesson 4.

Remember that TCP/IP model does not follow OSI model exactly. OSI model is now used as a reference. What's described in this blog is TCP/IP model, not OSI or IPX/SPX model. Look at the comparison below:

Application Layer ==> Transport Layer

All transmissions start at the application Layer (layer 5; keep in mind, that here we're talking about TCP/IP model NOT OSI model which uses 7 layers; just the answer to a comment I got). The application on the local computer (client) initiates a request destined for the application installed on some other remote host (server). That request CANNOT be sent directly on to the wire (layer 1). Instead, it must be processed by ALL the layers in between (layers 4 through 2) before it reaches the media. This way, the request from the application is sent down to the transport layer (layer 4) for processing. Application will choose one of the two common protocols used in the layer 4: either TCP, for reliable connections, or UDP for un-reliable connections. Transport Layer ==> Internet Layer The transport layer, upon receiving the request from the application layer, will process it according to what it has been designed to do, and is going to stick a so called header to the incoming data (for the details regarding all headers please, see the next lesson). This header will be understood and processed by the layer 4 at the receiving host (remote computer). This segment (as we call it a 'segment' now), is sent down to layer 3 for processing. Internet Layer ==> Network Interface (Data-Link Layer) The internet layer will process the incoming data from the layer 4 (which now consists of data or payload from layer 5 + layer 4 header) and will stick its own, layer 3 header, to the payload coming from the upper layers. Once it's done, it will send the packet (as we call it a 'packet' at this layer) down to the layer 2 for processing. Data-Link Layer ==> Network Interface (Physical Layer) The Layer 2, similarly to the previous layers (layer 4 and layer 3), is going to process the incoming packet according to the functions designed for this layer. Then, it will attach its own layer 2 header, and is going to send the frame (the name given to the layer 2 protocol data unit) down to the layer 1. Physical Layer = Signaling The layer 1 is going to transmit bits, 1s and 0s. Bits is the name given to protocol data unit at this layer according to the OSI model which is the reference for all models). Technically, Layer 1 is common for any networking model and follows IEEE specifications. The process described above, attaching the controlling information in the forms of the headers, is called encapsulation.

Once the bits arrive at the destination computer (host), the reverse

process takes place which is called de-encapsulation. Network Interface (Physical Layer) ==> Data-Link Layer The layer 1 is going to accept incoming bits and send them up to the layer 2 for processing. Network Interface (Data-Link Layer) ==> Internet Layer The layer 2 piece of software can properly interpret the header information (control information) initially attached by the sender's layer 2 process. So, it reads the layer 2 header, then strips this off, and the content of the frame (without the layer 2 header it's called a packet now), is sent up to the layer 3 for processing. Internet Layer ==> Transport Layer The layer 3 is going to perform similar actions that the layer 2 just did. It reads and processes the layer 3 header in the packet. Notice, that only layer 3 process understands the layer 3 header. Then, it removes the layer 3 header and sends the content of the packet (data without layer 2 and layer 3 headers is called a segment) up to the layer 4. Transport Layer ==> Application Layer I'm sure you have already guessed what is going to happen next. Yes, the transport layer will read the layer 4 header, which consists of the instructions what to do next. Then, uppon stripping off the layer 4 header it will send what was originally created (data request from the client software) to the appropriate process/application at the receiving host (server application). When the server sends the reply back to the client, the whole encapsulation process will occur again. The client receives the reply from the server, and de-encapsulates the incoming data like explained above. And this whole process is repeated back and forth until all data has been exchanged. This process is presented with the below graphics for better understanding of this lesson.

Click the picture to enlarge it. In the next lesson, we will take a look at the content of those headers and go over and discuss few important fields. This will help us understand the basic communication process using TCP/IP model.

Lesson 6 - Example of TCP/IP Traffic Flow

In the lesson 4 I discussed the TCP/IP model and the terminology that is commonly used in the networking field. Lesson 5, focused on explaining the process of encapsulation and de-encapsulation that computers apply in order to send and receive data across a network. Those concepts are the minimum knowledge we need to posses to understand this lesson. In this lesson, you will get to see the bare bones. I am going to show you more details regarding the headers used in encapsulation and de-encapsulation process. Also, we will consider a typical transmission to shed more light on somewhat 'dry' content of the previous two lessons. As mentioned before, the application layer on the client computer is sending some data (request that will look differently depending on the applications used) destined to the application on the server computer. A detailed explanation of what happens during the transmission can be found in the free, online 'TCP/IP Guide' book. The link is available below. However, the above guide is a hefty book. If you want to stick to the basics please, keep on reading. http://www.tcpipguide.com/free/t_toc.htm All transmissions use similar process so, as an example, I'm going to show you a typical web client to web server transmission step-by-step. The methodology is almost identical for all other types of data exchange. Before I do that though, please familiarize yourself with the headers that will be used during the encapsulation (sender) and de-encapsulation (receiver) process. Do NOT dwell on those, or try to understand all the mentioned fields. Instead, take a brief look, and refer to them while reading the lesson.

Transport Layer Headers (layer 4) Pic. 1 - UDP Header (used mostly in voice/video transmissions/dns queries, etc.)

Pic. 2 - TCP Header (used when reliable transport is required)

Internet Layer Header (layer 3) Pic. 3 - IP Header

Data-Link Layer Header (layer 2) Pic. 4 Ethernet Header (most commonly used technology in our LAN networks)

Click on the pictures to enlarge them. NOTICE! The following discussion has been simplified in order to help you understand the general process. Keep in mind that in reality, it is much more complex process than the explanation presented below. Web Client to Web Server Transmission Step-by-Step The best way to learn the theory is to see things working in practice. That is why, I am going to capture the web traffic initiated by my client computer destined to my web server. Before you delve into analyzing the details, please familiarize yourself with my client and server addresses first.

Web Client Details: IP Address: 192.168.1.13 255.255.255.0 MAC Address: 00:24:e8:fa:07:1a Web Server Details: IP Address: 192.168.1.1 255.255.255.0 MAC Address: 00:50:bf:9c:45:6a Step 1 In the URL field of my web browser I'm typing in the address of the server using HTTP protocol (Layer 5 protocol used as an example). This will tell the application what the address of the server is. I accept it by hitting the 'Enter' key. Pic. 5 - URL Address of the web server

Step 2 The client computer realizes that the address of the recipient (web server) is in the same layer 3 network (the first 24 bits of the both source and destination address are the same). More on this, you will learn in the upcoming lessons. As a result of that, the client needs to obtain the MAC address of the web server first. Recall from the previous lesson that IP packet is encapsulated in layer 2 header, which in our case uses source and destination MAC addresses. Normally, the client computer is going to check the local 'arp cache' to find out if the mapping of the destination IP address to its MAC address is there. If not, like in my example, the client is going to issue 'ARP Request' message (Address Resolution Protocol) to learn the destination's computer MAC address. This request is propagated to ALL local machines in the network 192.168.1.0/24. Pay attention to the highlighted lines in the picture. The destination MAC address in the query is the Ethernet broadcast address: FF:FF:FF:FF:FF:FF. In the ARP request the client computer asks 192.168.1.1 for its MAC address (which, as of right now, is all 0s; see the below pic. 6). Pic. 6 - ARP Request

NOTICE! The ARP request is considered a layer 2 protocol. It is directly encapsulated in the Ethernet II frame. Its header is presented in the second line in the middle panel (under the 'Frame 3').

Step 3 There is only one computer with its unique address of 192.168.1.1 in the network. This one replies to the query with the 'ARP Reply' message back to the sender of the request, telling it what the MAC address it uses. The address is seen in the middle of the pic. 7 (highlighted) belongs to web server. The address reads: 00:50:bf:9c:45:6a Pic. 7 - ARP Reply

Step 4 The MAC address of the web server was the missing piece of information the client needed to proceed with the TCP session establishment. TCP, being a session-oriented and reliable transport protocol, must establish the mutual communication with the web server first, before it is allowed to send the data from the web browser. This is known as the 3-way handshake. Let us look at the details of the first TCP segment in this session establishment phase. 1. The client (192.168.1.13) sends an 'empty' TCP segment (i.e. with no data from the application included in it). It chooses a random source port number first. In the transmission presented the TCP SrcPort: 51504 is chosen. Also it uses the Dst-Port: 80 which identifies web server destination application. This pair of ports will uniquely identify this particular transmission, as the client can initiate multiple transmissions at the same time. Those two ports (source and destination port numbers) allow multiple transmissions without a risk of 'mixing up' which reply from the servers should be sent back to which inititiating that request process. This way, the process that initiated transmission is going to receive the right reply. I need to add here that TCP and UDP ports are divided into two major groups: 'well-known ports' which are ports between 11023 (always destination ports for the client initiating transmissions), and 'ephemeral ports' between 1024-65535 numbers. The latter ones, clients choose randomly to mark the source process for their transmissions. Sequence Number in the segment = 0. If the web server (destination) receives this segment and replies to it, it will put a value of 1 in the Acknowledgment field. That is an indication for the client, that the first segment did arrive successfully at the server. The SYN flag = 1, and all the rest of the flags are set to 0. It means,that this is the first handshake in the exchange. It is the client's request to establish session with the server.

NOTICE! The layer 4 segment has been encapsulated in the layer 3 header (pic. 8: 'Internet Protocol') and further encapsulated in the Ethernet frame (pic. 8: Ethernet II). The first line in the middle section of the picture, is what is seen on the wire. Pic. 8 - TCP Syn Segment

2. The next segment captured (pic. 9) comes from the web server and is the reply for the ' SYN' message sent by the web client. Now, please compare both pictures (pic. 8 and pic. 9). Pay attention to the source and the destination TCP port numbers, and the source and destination addresses used in the layer 3 (IP header) and the layer 2 (Ethernet header). Did you notice they are reversed now? TCP port numbers are now reversed (TCP Src-port=80, Dst-port=51504) in order to send the reply directly to the port that initiated the request). The server's segment has the Sequence number=0, but the Acknowledgement number=1. It is what we expected. This means that the delivery of the client's first segment was successful). The flag ACK=1, which is the acknowledgement for the SYN flag from the client. The server also wants to synchronize the transmission with the client. That is why it sets its own SYN=1 in this segment.

Pic. 9 - Server's response SYN, ACK

3. The client needs to reply to the server's SYN message with its ACK=1 to finalize the session establishment (see the pic. 10). Here's what you find in the third handshake from the web client: Src-port=51504, Dst-port=80. Acknowledgement=1, which is to tell the server that its segment sequence=0 has arrived successfuly. Sequence=1, which means that it is the second segment sent to the server. That's what the server expects to receive (in the next reply from the server, it should see Acknowledgment=2). The flag ACK=1, which is the response to the SYN=1 flag received from the server.

This way, the 3-way handshake is complete! Pic. 10 - Final ACK from the server

Step 5 The client has established session with the server, so now it sends the first DATA packet (GET request), asking the server for its main page (look at pic. 11).

Pic. 11 - Request from the client web browser

NOTICE! The data from the client (GET) is encapsulated in the layer 4 header, this in turn is encapsulated in the layer 3 header, and the whole thing further encapsulated in the layer 2 header. It is what I described in the lesson 5. See the details in the pic. 11. Step 6 Finally, the reply comes back from the server to the client with the html page (see the pic. 12). Pic. 12 - Reply from the web server

One last thing, I would like to bring up here. Since the appropriate layer understands its header (TCPtalks-to-TCP, IP-talks-to-IP, Ethernet-talks-to-Ethernet), we have two different inter-layer communications taking place:

1. 2.

Vertical communication occurs when the upper layer is sending something to the lower layer and vice versa. Horizontal (virtual) communication between hosts when the destination host reads the appropriate header encapsulated by the sender.

Both are depicted in the picture below: Pic. 13 - Horizontal and vertical inter-layer communication.

The content of this lesson is very simplified, just to get the juices flow. Below I present a short video which walks you through the whole process again. You might find it useful to fully understand the content of this lesson. If you caught the idea, please proceed to the next lesson.

Lesson 7 - Building a Home Network

"Dad! What are you doing?" - My son Mattie is looking over my shoulder while I'm connecting three old computers to the hub I'v salvaged from a certain death. "I'm building a small, home network." - I reply surprised at his sudden interest. "What do you need to build a small network?" - There's this little sparkle in his eyes only kids his age have. "And how do you do it?". There's nothing I can do but explain to him how it's done! We will need few components to build this network. First of all, we'll need computers, running some operating system that can talk across the network (like Mac OS, Windows, Linux). Pic. 1 - Computers.

Computers are already equipped with NICs (Network Interface Cards) by the manufacturer. "What does the NIC look like dad?" - He interrupts. Nine years old kids can be very tenacious, almost obsessive. They are not easily dismissed. They won't stop unless they're fully satisfied with the answer. So, I'm taking one NIC out of the computer and explain that it is plugged in to the PCI slot in order to work. "PCI slot is connected to the motherboard of the computer and the operating system uses a special piece of software to talk to the NIC. It's called a driver. The driver translates between an operating system and the NICs hardware. The NIC sends bits down to the wire and knows what to do when bits come back from the network". Bits are small pieces of information (1s and 0s) which in software make data like music, pictures, text documents etc. Pic. 2 - NIC (Network Interface Card).

"Okay." - Mattie says, "But what else will you need? "I will need Unshielded Twisted Pair cables (UTP). One, for each computer. The cables (sometimes referred to as Ethernet cables), use RJ-45 connectors that the most commonly used nowadays." - I reply. "Here's the cable without the connector: Pic. 3 - UTP cable without RJ-45 termination

"Mattie's looking at the cable and I know what's going to happen next. "Dad, why does it have so many wires and why are those twisted like that?" One pair of the wires (two wires) are used to transmit data. Another pair, is used to receive data from the network. Other wires can be used to carry the power to some types of the devices (PoE devices) or to accomplish faster speeds (1Gbps etc.). They are twisted like that on purpose. The guy who invented that concept was Graham Bell. He invented it for the telephony purposes and patented that in 1881. He discovered that twisting wires (conductors) minimized or canceled Electromagnetic Interference (EMI) from external sources and, so called, cross talk from the neighboring wires. The cable must be terminated at both ends with RJ-45 type of connector, like the one depicted below: Pic. 4 - RJ-45 Connector.

Below is the cable with the connectors. Pic. 5 - UTP cable with RJ-45 connectors.

The UTP cables can have different category numbers (CAT 1-6). The higher the category number is, the better quality of the cable, the faster, and better transmissions are going to be. Also, the UTP cables can be terminated in two different ways like explained below. Straight-Through Cable In straight through cable the transmitting pair of wires are 1 and 2, the receiving pair of are wires 3 and 6. There are two major standards (ways) of using the colored wires, but important thing is, that the colors on the both ends of the cable are terminated identically. Please, look at the picture below. Pic. 6 - Straight Through Cable.

Cross-over Cable In the cross-over cable, the position of the wires is changed such that the sending pair is terminated at the receiving pair on the other side of the cable. It is illustrated below. Pic. 7 - Cross-over Cable

My son Mattie's holding both types of cable, looking at them and I know I cannot dismiss him with that explanation. So, I continue. If you connected two computers together and the NICs are wired identically, you would connect the sending pair (pins 1 and 2) to the sending pair on the other end. This obviously would not work. You must connect sending pair on one end (pins 1 and 2) to the receiving pair (pins 3 and 6) on the other end. For instance, if you connect the following devices together, you'll need cross-over cable:

computer-to-computer switch-to-switch hub-to-hub computer-to-router (directly)

NOTICE! Modern NICs can 'sense' the type of cable and adjust the operation regardless of the cable used. But this is not always the case. Devices such as hubs and switches, are designed such way they can use straight-through cables. The cross between the transmitting and receiving pairs is done in their port controllers. So, the following device connections will use straight-through cable: computer-to-hub computer-to-switch router-to-hub router-to-switch

Now, all we have to do is to connect the cables to the the hub, configure IP addresses on the NICs and voila! They can talk to one another. Ethernet Hub It is a simple device that allows to connect a few computers together. Look at the typical, cheap hub you can buy for home purposes: Pic. 8 - An Ethernet Hub.

"How does the hub work then?" - I can tell my son got some interest by now. "Well, that is the topic of our next lesson." - I say smiling. ;)

Lesson 8 - Ethernet and Hub Operations

After my last conversation with my son about building the home network I promised I'd explain to him how a hub worked. And now, he's showing at the door... . So, like in the previous lessons I'll focus on the most important aspects regarding CCNA level. In order to explain how hub works, let me talk about the Ethernet technology first. Ethernet sets the rules regarding how data coming down from the upper layers (Layers 5 through 3) should be placed on the media. It defines such transmission aspects like the maximum speed, cable type and length, connector types, how frame should be structured etc. In other words, Ethernet defines both the layer 2 and the layer 1 of our OSI model. The reason the layer 3 cannot send data directly onto the media is that there are different, disparate media types and technological limitations related to them. For instance, there will be different way of transmitting data between Ethernet switches and two computers using modems to communicate. That is why, we need the layer 2 as a "translator" so the layer 3 protocol can use different types of media without re-writing its functions. Besides Ethernet, there were other protocols in use such as Token-Ring, but today Ethernet seems to be the most commonly used solutions in local area networks (LANs). Initially, Ethernet used coaxial cable that was terminated on both ends, and the computers were attached to the cable using so called 'Tconnectors'. They shared the media, and as a result of that, they shared the available bandwidth. Today, coaxial cable is not used that often. Instead, we use UTP cable (details in the Lesson 7). But the logic of operation in both cases is quite similar. Ethernet, using a coaxial or a UTP cable (with the hub as concentrator connecting hosts), is based on the idea that only ONE computer can transmit something at a time. Other computers will ALL receive this signal and have to wait for their turn if they have something they want to transmit (Pic 1). Pic1. Ethernet transmissions in bus (coaxial cable) and star topology (UTP cable + hub).

Switch/router/computer icons designed by: Andrzej Szoblik - http://www.newo.pl

There is no arbiter to decide who can talk in a given time. Instead, the devices have a mechanism allowing them to 'sense' the wire to see if there is any transmission in progress. If not, they can use the media. However, if a host is already transmitting and, some other hosts "thinks" the medium is not used and starts transmitting as well, this phenomenon is called a collision. In that case, both senders will stop their transmission and wait a specified by the algorithm time before they try again. How long they have to wait is determined by so called back off algorithm. Needles to say, the more collisions occur the longer the hosts have to wait before they retransmit corrupted bits. The mechanism of checking the wire before transmission, detecting and reacting to collisions is known as CSMA/CD (carrier sense, multiaccess with collision detection). Carrier Sense - "listen" to the wire to see if you can transmit. Multiple Access - multiple hosts share the bandwidth and only one computer can send or receive bits but not both at the same time (half-duplex). Collision Detection - in case other computer(s) started transmitting while other transmission is in progress, detect it and use back off algorithm. The major downsides of this approach are the security (everyone "hears" everyone else), and the fact that only one computer can send data across the network at a time. What's worse, it can either transmit or receive bits (half duplex). The more computers you throw in the network, the harder is for them to get a chance to send something. Also, the chances for collisions are higher. In fact, collisions are imminent and

make the system perform poorly. HUB A hub is a simple type of concentrator used to connect multiple computers, servers, printers etc., together. It is considered a layer 1 device due to the fact that it does not understand any headers. All it recognizes are electrical signals representing 1s and 0s. Hub operation is very simple. If signals appears on one port (interface), it is replicated on to all other active interfaces like depicted in picture 1 (right hand side). Since hubs follow Ethernet rules in which there can be only one sender at a time, and because they transmit bits out of all remaining ports, they maintain one single collision domain. Pic. 2 - Hubs maintain one single collision domain.

Switch/router/computer icons designed by: Andrzej Szoblik - http://www.newo.pl

A collision domain could be defined as any group of devices which can receive transmissions from other hosts. So, hubs are not seriously considered to be a proper solution in medium/large networks. The problem with the collisions, typical in hub-based networks, has been solved by introducing another type of concentrators called bridge (old, software-based device) and switch (modern, hardware-based device) equipment used in the layer 2 of OSI mode. Discussion on bridges and switches though, are the topic I reserve for the next lesson.