Networking Fundamentals Student Guide v6.0 (Ebook)

Enterasys Educational Services
Networking Fundamentals
k
Student Guide
En
te
ra
sy
-V
irt
ua
lC
la
ss
ro
om
eB
oo
Version 6.0
Terms & Conditions of Use:

Enterasys Networks, Inc. reserves all rights to its materials and the content of the materials. No material
provided by Enterasys Networks, Inc. to a Partner (or Customer, etc.) may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopying and recording, or by any
information storage or retrieval system, or incorporated into any other published work, except for internal
use by the Partner and except as may be expressly permitted in writing by Enterasys Networks, Inc.
la
ss
ro
om
eB
oo
This document and the information contained herein are intended solely for informational use. Enterasys
Networks, Inc. makes no representations or warranties of any kind, whether expressed or implied, with
respect to this information and assumes no responsibility for its accuracy or completeness. Enterasys
Networks, Inc. hereby disclaims all liability and warranty for any information contained herein and all the
material and information herein exists to be used only on an "as is" basis. More specific information may
be available on request. By your review and/or use of the information contained herein, you expressly
release Enterasys from any and all liability related in any way to this information. A copy of the text of this
section is an uncontrolled copy, and may lack important information or contain factual errors. All
information herein is Copyright Enterasys Networks, Inc. All rights reserved. All information contained in
this document is subject to change without notice.
For additional information refer to:
En
te
ra
sy
-V
irt
ua
lC
http://www.enterasys.com/constants/terms-of-use.aspx
2014 Enterasys Networks, Inc. All rights reserved.
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In the infancy of data networking, each company developed its own method for hooking its devices
together. These proprietary protocols meant that end users were forced to choose to purchase all their
networking equipment from one vendor making purchasing decisions career-making or careerbreaking choices.
En
te
ra
sy
Companies were pretty much willing to live with this situation since they had no other option until the
advent of the Internet. Suddenly, owning a network running a proprietary protocol a protocol that
could not access the Internet, with its vast variety of resources no longer seemed wise.
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In an attempt to begin standardizing how data communications work, the networking community formed
the Internet Engineering Task Force the IETF. Organized in January, 1986, the IETF promoted and
developed the first Internet standards, a job it continues today.
En
te
ra
sy
The IETF organized itself into a large number of Working Groups. Each Working Group is taskoriented: it forms around a subject, develops an idea, and tests that idea and subjects it to public
comment. Once that process is complete, the Working Group releases its decision in the form of a
Request For Comment (RFC), then disbands. RFCs function as standards for the Internet community,
in that vendors adhere to their recommendations when they design and build networking equipment.
However, RFCs differ from Standards as published by Standards Committees (see next slide) in that
any IETF member is free to continue to comment on the RFC.
k
oo
eB
om
la
ss
ro
lC
ua
irt
Other groups of engineers organized themselves into Standards bodies. These include:
-V
Institute of Electrical and Electronics Engineers (IEEE). The IEEE formed in 1963, and is the primary
standards body for Local Area Network (LAN) standards. Ethernet is an IEEE standard (IEEE 802.3).
sy
International Telecommunications Union (ITU). The ITU is an agency of the United Nations, and is the
primary standards body for WAN standards. The standards for IPTV are under the control of the ITU-T
committee.
ra
Internet Architecture Board (IAB). The IAB oversees the Internet Engineering Task Force (IETF) and
the Internet Research Task Force (IRTF). It provides architectural oversight of their efforts.
En
te
Electronic Industries Alliance/Telecommunications Industry Association (EIA/TIA). The TIA is an

offshoot of the EIA, established in 1988. It is primarily concerned with the standards for physical
equipment: data terminals, cell towers, telephone terminals, and VoIP devices. The TIA/EIA establishes
the standards that manufacturers of Ethernet cables must meet.
International Organization for Standardization (French: Organization Internationale de normalisation)
(ISO). Founded in February, 1947, the ISO had a profound impact on networking by publishing the
Open Systems Interconnect (OSI) model.
10
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Open Systems Interconnect (OSI) Model for data communications forms the conceptual framework
for all data networking. Even though no vendor implements the entire model, data networking engineers
use OSI concepts when they write protocols and incorporate OSI concepts when they design data
networking devices.
11
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In 1978 the International Organization for Standardization (ISO) created the OSI model in ISO Standard
7498-1, in the attempt to provide a standard that would allow networking equipment from different
vendors to talk to each other. Generally speaking, before the development of the Open Systems
Interconnect (OSI) model, each vendor defined the process of data communication between devices
strictly for itself. In practice, this meant that equipment from different vendors could not communicate:
they were speaking different languages or protocols.
En
te
ra
sy
As the ISO discussed ways of standardizing data communications, they realized that it is possible to
divide the labor of communication into seven discrete tasks. Each of those tasks must occur, but each
of them is conceptually independent of the other. The genius of the ISO was to organize those seven
tasks into a hierarchy of Layers the OSI 7-Layer model. Each Layer would perform one and only one
task, and the output of any given Layer would serve as the input for the next. In addition, an engineer
could change or improve the behavior of any given Layer without affecting any of the other Layers.
12
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
When the ISO was developing the Open Systems Interconnect (OSI) model, the engineers involved
realized that every communication between two parties involves seven different decisions. Those
decisions are:
The medium you use to convey your information or idea. For example, if you have an idea you want to
communicate to other people you might choose to use words to do so. However, you could also write
some music, create a sculpture, paint a picture, or design a building.
ra
sy
The encoding you use to transmit your idea. Lets say that you live in Montreal, and you want to use
words to convey your idea. You have the choice of encoding your idea in either French or English.
En
te
How to separate your idea from other ideas. In a social setting, we have the ability to focus in on one
particular conversation out of several.
Whether to make sure the other person gets your idea. You may have experienced the difference
between two instructors: one cares about whether you understand his ideas, and checks with you
regularly to ensure you understand. The other only cares about getting through his lecture. Your
decision here determines how you speak.
13
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
How to locate the other person, and how to get your information to that person. Is the other person in
the room with you? If not, do you want to go find them? Do you want to use some form of location
service?
How to get the attention of the other person. Typically we use his or her name: John, Id like to talk
with you about the OSI model.
En
te
ra
sy
How to physically convey the information. Since you are speaking, this involves the physical actions of
inhaling, exhaling over your vocal cords and imparting vibrations to the air, and shaping those vibrations
with your lips, teeth and tongue.
14
k
oo
eB
om
la
ss
ro
lC
ua
irt
Each of these tasks corresponds to one of the seven tasks or Layers specified by the OSI model.
-V
The Application Layer, Layer 7, corresponds with your decision to use your voice to communication your
message. Much as your voice interacts with the ideas you have in your mind, the Application Layer
interacts with the actual user applications you have on your computer (such as Outlook or Firefox).
sy
The Presentation Layer, Layer 6, corresponds with your decision to use French or English to
communicate. Its in charge of formatting the information it receives in terms your computer can
understand. For example, this layer must know whether you are using a PC or a Mac.
En
te
ra
The Session Layer, Layer 5, corresponds with our ability to separate out different conversations at a
social event. The Session Layers job is to make sure that data communications dont get mixed up with
each other as they move across the network.
The Transport Layer, Layer 4, corresponds with your decision whether to make certain your listener is
receiving and understanding your ideas. For most data communications, you want to make certain all of
the information arrives at its intended destination. For some kinds of data transfer, however, its more
effective to simply send the information out and hope it arrives.
15
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The Network Layer, Layer 3, corresponds with your decision on how to locate the other person. The job
of the Network Layer is to provide the information that data networking devices need in order to transfer
packets of information all the way from one end device to another end device.
sy
The Data Link Layer, Layer 2, corresponds with your decision to use the other individuals name as a
way of getting his/her attention. The job of Layer 2 is to identify specific network devices on a hop-byhop basis as information moves through the wires.
En
te
ra
The Physical Layer, Layer 1, corresponds with your understanding of how to physically generate sound
waves and modify them with your lips, tongue, and teeth to produce words. The Physical Layer
protocols define such things as the intensity and duration of light pulses for fiber-optic communication,
the frequency of the radio waves for wireless transmission, and the voltage of the electrical pulses for
sending information over copper wires.
One common mnemonic for remembering the seven layers in order, from bottom to top, is, Please Do
Not Throw Sausage Pizza Away.
16
k
oo
eB
om
la
ss
ro
lC
ua
irt
So to describe the seven layers in technical terms:
-V
The Application layer supports application and end-user processes. It identifies communication
partners, and considers user authentication and privacy. Everything at this layer is application-specific.
This layer provides application services for file transfers, email, and other network software services.
sy
The Presentation layer translates data from applications into a machine-independent form. The
presentation layer works to transform data into the form that the application layer can accept. This layer
formats and encrypts data to be sent across a network, providing freedom from compatibility problems.
En
te
ra
The Session layer establishes, manages, and terminates connections between applications. The
session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between
the applications at each end.
The Transport layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data transfer, when that
is appropriate.
17
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The Network layer determines the path a message travels between machines. Like a traffic controller, it
handles the physical routing of data based on network conditions and the destination of the message.
The Network layer keeps track of the end-to-end addresses of the machines. As a packet moves from
one computer to another, it may cross several networks and move through several routers. The
network layer keeps track of the addresses of the end stations as the packet moves through those
networks and routers. The Network Layer provides:
sy
Address management
ra
Routing of packets/messages
Additional repackaging of messages through fragmentation, if necessary
En
te
The Data Link layer supervises the actual data transmission over the physical medium. Layer 2
protocols package the data, then label it with the encoded hardware address of the next destination
computer on the wire. They then encodes and decode data packets into bits, and put those bits out onto
the wire for delivery. It furnishes transmission protocol knowledge and management, and handles flow
control, frame synchronization, and errors in the physical layer.
The Data Link Layer has the job of tracking the next hop address. As a packet moves from one
computer to another, it may cross several networks and move through several routers. Each of those
networks is called a hop. As far as addresses go, the Network Layer is only concerned with getting the
packet to the next device along the path to the end the next hop.
The Physical layer conveys the bit stream (electrical impulse, light, or radio signal) through the network
at the electrical and mechanical level. It provides the hardware the means of sending and receiving data
on a carrier, including the definition of cables and cards.
18
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In computer-to-computer communications, each layer in the OSI stack talks to the corresponding layer
in the other computer. The layers talk to each other by adding headers to the information they
process.
sy
In our example, Host A is saving a file to the backup server, Host B. The Application layer breaks the
file up into chunks, and adds to each chunk a header that describes what it has done. The Application
layer then passes the chunk, with its header, to the Presentation layer.
En
te
ra
The Presentation layer decides whether this information is coming from a PC or a MAC, and whether it
is going to be encrypted. It adds a header describing what it has done, and passes the new chunk
comprised of its header, the Application layer header, and the original chunk of user data to the
Session layer.
This process continues all the way down the protocol stack, until the frame, consisting of the Layer 2
header, the Layer 3 header, the Layer 4 header, the Layer 5 header, the Layer 6 header, the Layer 7
header, the original chunk of user data, and a Cyclical Redundancy Check, gets sent across the wire to
Host B.
Host B receives the frame and goes through the entire process in reverse. Layer 2 reads the Layer 2
header on the receive frame, and makes sure the information is, in fact addressed to Host B. It then
passes the chunk, minus the Layer 2 header, to Layer 3. The process continues all the way up the
protocol stack, until Host B receives the original chunks of header-free information, and assembles them
into the file.
Note that, to each layer, everything it receives from the layer above or the layer below is just data to be
processed. The layer does not concern itself with the content of what it receives from above or below; it
does its job and passes the data along.
19
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
So to review, In both the OSI and the TCP/IP model, the Layer 2 application assumes that every device
in the world is on the same network. Thus, all the Layer 2 protocol cares about are the hardware
addresses that uniquely identify each device. In Ethernet, this hardware address is called the Media
Access Control address, or MAC address.
20
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Layer 3 protocols care primarily about getting information to the correct wire, and secondarily about
getting information to the correct host on that wire.
21
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The primary job of Layer 4 is to make sure the information coming across the wire gets to the correct
application. Layer 4 often also has an additional, subsidiary task.
Some applications need to receive the sent information in order to do their jobs. For example, when
you use File Transfer Protocol (FTP) to send a spreadsheet from one computer to another computer,
the entire spreadsheet has to arrive, or it is worthless to the other end user.
ra
sy
However, some applications do not need to receive all the sent information in order to do their jobs. For
example, if you are watching a YouTube video and you lose a frame in transmission, it doesnt affect
your end experience.
En
te
If you are using an application that requires all the sent information in order to do its job, then Layer 4
has the additional job of making sure all that information arrives. It will track the segments it receives
and will, if necessary, contact the sending computer to ask it to resend the segments it is missing.
22
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
However, while the OSI Model is the conceptual framework we use for talking about networking, the
TCP/IP Suite is how networking engineers actually implemented those concepts.
23
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The OSI model dictates how networking engineers think and talk about the different tasks of data
networking. However, the TCP/IP Suite describes the behavior of the applications they actually
develop.
24
k
oo
eB
om
la
ss
ro
lC
ua
irt
The TCP/IP Suite has four layers:
-V
the Application Layer, which performs the functions of the Application, Presentation, and Session Layers
in the OSI model;
the Transport Layer, which performs the functions of the Transport Layer in the OSI model;
the Internet layer, which performs the functions of the Network Layer in the OSI model; and,
En
te
ra
sy
the Network Interface Layer, which performs the functions of the Data Link and Physical Layers of the
OSI model.
25
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Application Layer of the TCP/IP Suite provides Application services, encodes data according to the
machine upon which the protocol stack is running, and tracks sessions.
26
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Transport Layer manages end-to-end delivery, tracks delivery status (if you are using TCP),
performs error checking and makes retransmission requests (if you are using TCP), and segments your
data into transmittable-size units.
27
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Internet Layer manages getting packets to the correct network wire. If you are using IPv4, it will
manage fragmenting messages, if necessary, on any given hop in the network path.
28
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Network Interface Layer specifies both how devices on the same wire transmit information to each
other, and how that information is encoded as electrical pulses, pulses of light, or radio waves, and the
physical characteristics of each of those media.
29
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
These are some of the primary components of the TCP/IP Suite. Lets examine them in some detail.
30
k
oo
eB
om
la
ss
ro
lC
ua
irt
At the Application Layer are tools that either:
-V
you the end user can use directly to interact with devices in your network (Telnet, File Transfer Protocol
(FTP), and Trivial File Transfer Protocol (TFTP)); or
sy
are used by the applications you launch in order to gain access to information (HyperText Transfer
Protocol (HTTP) and Domain Name Service (DNS), which your browser uses, Simple Mail Transfer
Protocol (SMTP), which your e-mail program uses, and Simple Network Management Protocol (SNMP),
which your network management program uses.
DHCP/DHCPv6
Dynamic Host Configuration Protocol
En
te
ra
Some other common Application Layer protocols are:

LDAP
Lightweight Directory Access Protocol
RTP
Real-time Transport Protocol
RADIUS
Remote Authentication Dial-In User Service
SIP
Session Initiation Protocol
NTP
Network Time Protocol
31
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Telnet is one of the earliest of all the IETF standards (STD 8). It allows you to connect to the CLI of a
networking device using an in-band IP address. It sends and receives all information in the clear, so
anyone listening in on the network can discover your passwords for connecting to your devices.
32
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Once it connects to a device, Telnet will negotiate with that device on how to send commands in a
format that device expects. This allows Telnet to function for you as a remote gateway into the devices
CLI.
33
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
File Transfer Protocol (FTP) transfers files from a server to a host over TCP-based networks. For FTP
to work, one machine the FTP server must be up and running, waiting for incoming requests. The
other machine the FTP client sends a request to the FTP server with a TCP destination port number
of 21. This opens a control connection between the client and the server.
En
te
ra
sy
The server then typically opens a data connection to the client with a TCP source port of 20, and a
negotiated client destination TCP port (active mode). In these cases, data transfer occurs over Port 20,
and control traffic occurs over Port 21.
34
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
35
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
36
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Defined in RFC 2616, Hypertext Transfer Protocol is the foundation for communications across the
World Wide Web. An HTTP client typically, a web browser such as Firefox, Internet Explorer, or
Chrome establishes a TCP connection to a server typically a Web server on destination port 80 at
a specific Uniform Resource Locater (URL). It then requests the information the server has available for
that URL. It formats the information in browser form, and presents it on your screen.
37
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
HyperText Transport Protocol Secure/Secure Sockets Layer (HTTPS/SSL) is encrypted HTTP. It

connects to a server at a URL over TCP destination port 443, and requests the information the server
has at that URL.
38
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Dynamic Host Configuration Protocol (DHCP) is an application that allows end devices, such as PCs, to
dynamically obtain a valid IP address from a central location, the DHCP Server. Without DHCP, the
network administrator must statically assign an IP address to every end device. The process involves
four steps:
Discover: the end device boots up and broadcasts a DHCP Discover packet, seeking a DHCP server.
ra
sy
Offer: every DHCP server that hears the DHCP Discover packet reserves an IP address for the client,
and sends the client a DHCP Offer packet containing that IP address. Typically, the client will respond
to and accept the first Offer packet it receives.
En
te
Request: the client responds to the DHCP Offer packet by sending a DHCP Request packet,
requesting the IP address the server included in the Offer. Other DHCP servers hear that request, and
release the addresses they offered back into their pools of available addresses.
Acknowledgement: the DHCP server acknowledges that it has received the DHCP Request from the
client, and finalizes the lease.
39
k
oo
eB
om
la
ss
ro
lC
ua
irt
The Domain Name System (DNS) is the distributed naming system for computers that translates IP
addresses into names that mean something to humans.
En
te
ra
sy
-V
When you launch your browser, you type in the name of a URL for example, www.google.com. Your
browser sends a DNS request, asking for the true IP address of the domain. The DNS server responds
with one or more of Googles public IP addresses for example, 64.233.167.99. Your browser then
formats an HTTP request using your computers IP address as the Source Address, and 64.233.167.99
as the Destination IP address. Off the packet goes, and Google responds.
40
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
41
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Trivial File Transfer Protocol (TFTP) is generally used to transfer configuration or boot files between
machines. It uses UDP port 69 to establish a connection, then the two devices negotiate sending and
receiving ports for the transfer of data. TFTP does not encrypt the data it sends, and does not require
user authentication.
En
te
ra
sy
TFTP was originally designed to allow workstations without any local storage to find and download their
running images from a remote server. Today it primarily serves the purpose of moving configurations
and images onto and off of networking devices.
42
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
43
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
At the Transport Layer the TCP/IP Suite provides two primary transport protocols: Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP).
En
te
ra
sy
Transmission Control Protocol has the job of correcting what can go wrong when IP sends packets
across the network. TCP will ask the sender to resend lost packets, and it will hold on to packets that
arrive out of order and re-arrange them for delivery to the Application Layer protocol. TCP is optimized
for accurate delivery rather than for timely delivery. It sometimes can incur several-second delays
while it waits for out-of-order packets or asks the sender to retransmit packets.
44
k
oo
eB
om
la
ss
ro
lC
ua
irt
The TCP header contains 10 fields, four of which are important for our purposes. They are the:
-V
TCP Source Port: two bytes long, the Source Port field identifies the Application Layer protocol that
created the PDUs that TCP is sending and keeping track of.
sy
TCP Target Port: two bytes long, the Target Port field identifies the Application Layer protocol the
sender wants to have respond to the data TCP is tracking. A web browser connecting to a web page
will send the request with at TCP Target Port of 80: Receiving machine, please give the information
this PDU contains to your HTTP application.
ra
Source Sequence Number: four bytes long, the sending machine increments this number by 1 every
time it sends a PDU to a given recipient.
En
te
Acknowledge Sequence Number: four bytes long, the receiving machine uses this number to respond to
the sender to say, The last PDU I received had a Source Sequence Number of X.
45
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
TCP establishes a session between two devices using what is called the Three-Way Handshake. That
handshake consists of three parts:
SYN: The initiating computer sends a Synchronization message to the receiving machine. It includes a
sequence number, but no acknowledge number.
sy
SYN ACK: The receiving computer acknowledges the SYN message. The SYN ACK informs the
initiating computer of the recipients own current sequence number, and acknowledges that, in this
case, it received PDU #12,222.
ra
ACK: The initiating computer acknowledges the receiving computers sequence number.
En
te
Once this process completes, the two computers know what to expect from each other for sequencing,
which enables them to keep track of the PDUs they send to each other and to request retransmissions if
necessary. They are now ready to transfer information.
46
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
Heres how that data transmission works. Lets say the user on Computer A has requested a web page
from Computer B. TCP encapsulates that request in a TCP header, establishing the Source Port
number it will be listening on, the Application Layer protocol it wants to respond by entering Port 80 in
the Target Port field, and using the sequence numbers it has agreed upon as the result of the ThreeWay Handshake. It hands that information off to IP, which encapsulates it all in an IP header. IP hands
that information off to Ethernet, which encapsulates it all in an Ethernet Frame and sends it out across
the wire.
En
te
ra
PC B receives the frame. Ethernet unpacks the Layer 2 header and sends the information up to IP. IP
unpacks the Layer 3 header and sends the information up to TCP. TCP reads the Target Port number,
and gives the segment to HTTP. When HTTP responds, TCP encapsulates that response, using 80 as
the Source Port information and incrementing the Sequence and Acknowledgement numbers.
47
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The process continues in this fashion until all the information is transferred from PC B to PC A.
48
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
TCP also allows the receiver to send a cumulative acknowledgement, which states that the receiver has
received all the segments preceding the acknowledged sequence number. In our example, PC A sends
two segments, with sequence numbers 12 and 13. PC B sends back an acknowledgement number of
14, since that is the sequence number of the next segment it expects to receive.
49
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
When a TCP client wants to open a connection to a service, it puts that services Well Known Port
Number in the Destination Port field of the TCP header.
50
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The client also generates an Ephemeral (short-lived) Port Number to uniquely identify its connection
with the server, and puts that number in the Source Port field of the TCP header.
Ephemeral port numbers last only as long as the connection exists. In our example, the PC is using
port 1095 as its source port for this Telnet connection; for its next Telnet connection it might use port
35,423.
En
te
ra
sy
Ephemeral port numbers range from 1024 through 65,535. Most commonly, applications generate
numbers in the 1024 5000 range.
51
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
TCP ends a session with what is called the Connection Termination Protocol. The process consists of
four messages:
FIN: One of the devices sends a FIN message indicating that it is finished with this connection.
ACK: The other device acknowledges the FIN message.
sy
FIN: The second device then sends a FIN message of its own to the first device.
En
te
ra
ACK: The first device acknowledges the FIN message it receives.
52
k
oo
eB
om
la
ss
ro
lC
ua
irt
In contrast, the User Datagram Protocol (UDP) header is very simple, consisting of only four fields:
-V
Source Port
Target Port
En
te
ra
sy
Header Checksum
Message Length
53
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
At the Internet Layer, the TCP/IP Suite defines several applications, two of which are of particular
interest for our purposes.
Computers use Internet Control Message Protocol (ICMP) to send error messages to each other.
Typically, those messages indicate that a device cannot be reached. We humans make use of that
ability to test network connectivity in various ways. The two ICMP tools we use most often are:
ra
sy
Ping: sends an ICMP Echo Request to a remote device, asking it to respond. A successful ping will let
you know that you can reach the remote device, and how long it took for the ICMP Echo Reply to arrive
back at your pinging device.
En
te
Traceroute: like a ping, but traceroute reports back to you on every intervening device between you and
the remote device.
Address Resolution Protocol (which we will discuss in more detail later) allows a device that knows the
IP address of another device to obtain that devices MAC address, so it can create an Ethernet frame to
send packets to that device.
54
k
oo
eB
om
la
ss
ro
lC
ua
irt
At the Network Interface Layer, some common protocols include:

Ethernet
Multi-Protocol Label Switching (MPLS)
Asynchronous Transfer Mode (ATM)
Secure Transfer Protocol (STP)
En
te
ra
sy
-V
55
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
56
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
57
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
58
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
59
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Ethernet is the most widely-used Layer 2 protocol for local area networking. A Local Area Network
(LAN) is a collection of independent devices that exchange information with each other in a limited
physical space. For example in an office setting, you usually find PCs, printers, servers, and other
devices all connected to each other.
60
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
61
k
oo
eB
om
la
ss
ro
lC
ua
irt
Metcalf et. al. made six assumptions about data transmission when they designed Ethernet:
-V
All transmissions, from every source, share the same wire. Ethernet mixes every transmission onto the
same circuit, in no particular or fixed order.
sy
Every transmission is divided into chunks, called frames. These frames can vary in size from 64 bytes
to 1518 bytes long. Once an Ethernet frame gets onto the wire, the transmitting device keeps
transmitting until the frame is finished.
En
te
ra
Each frame is treated individually there are no traffic flows in Ethernet. The devices in an Ethernet
network do not keep state information each frame is a unique event, and is handled according to the
information it contains. Thus, each frame must contain all the information necessary to deliver it to its
destination including the address of the destination device.
Ethernet is designed as a broadcast medium that is, every device on the network can hear all the
transmissions of every other device. Each device simply ignores frames that do not contain either its
own address or the broadcast address of all 1s (which every device must process).
No device has priority. Devices that are already using the network do not have priority over devices that
want to gain access to the network, once that transmission is finished.
Devices gain access to the wire in order to transmit using Carrier Sense Multiple Access with Collision
Detection (CSMA/CD). We will discuss CSMA/CD later in this unit, but briefly it means:
Each device listens to the wire to determine whether it is in use (Carrier Sense)
Each device has equal access to the wire (Multiple Access)
Each device can detect when more than one device is transmitting at the same time (Collision
Detection)
62
k
oo
eB
om
la
ss
ro
lC
ua
irt
OK, thats the technical definition; what does it mean?
-V
Imagine that everyone at your table is a workgroup; youd like to share information. And imagine that
you cant talk or gesture; all you can do is read and write.
ra
sy
So, you put a pad of paper in the center of the table. Everyone has a pen, and can write on the pad.
Everyone at the table can read whatever you write. There are some rules, however: only one person
can write on the pad at a time. If two or more people try to write at the same time, the pad makes
everyone sit down and wait a while before you can try to write again. And you can get pads and pens
that let you write at different speeds.
En
te
Thats an Ethernet LAN.
63
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Initially, the Ethernet was comprised of every device that literally shared the same physical wire. Most
early Ethernet installations used 10Base5 thick coaxial cable, or Thicknet, which was composed of four
layers. The innermost layer, a central conductor, was usually made of solid copper. The center
conductor was surrounded by a layer of polypropylene insulation, and these were then surrounded by at
least one, but sometimes several layers of copper braid. The braid was surrounded by a durable jacket,
usually made of polyvinyl, but sometimes made of Teflon.
En
te
ra
sy
The physical specification for thick coaxial Ethernet cable is 10Base5. 10Base5 networks were bus
networks with the hosts connecting to a single cable. AUI (Attachment Unit Interface) cables were used
to connect the NIC to the transceiver. There were two types of transceivers that made the attachment
between thick coaxial cable and the NIC. One was called an N-type, and was an intrusive attachment,
and the other was a non-intrusive, or vampire-tap transceiver.
On these Ethernets, if any individual device had network problems, the entire network went down.
64
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
As engineers developed networking devices over time, the fundamental assumptions of Ethernet stayed
the same. Ethernet is still a broadcast protocol: in order for it to work correctly, every device connected
to the network must be able to hear the broadcasts of every other device on the network. In terms of
our analogy, everyone in the room can see whatever you are writing on the pad of paper.
65
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Ethernet also assumes that more than one device will try to use the wire at the same time; that is,
Ethernet assumes collisions. Just as the pad in our analogy makes everyone in the room sit down for a
period of time before they try to write again, Ethernet makes all the devices on the network back off for a
random period of time before transmitting again.
66
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
To manage this behavior, Ethernet networking uses Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) which helps devices access shared bandwidth without two devices transmitting
simultaneously (resulting in data collisions and retransmission of packets) on the network medium.
En
te
ra
sy
Another good analogy of Ethernet technology is a group of people talking in a small, completely dark
room. In this analogy, the physical network medium is sound waves on air in the room, instead of
electrical signals on a coaxial cable. Each person can hear the words when another is talking (Carrier
Sense). Everyone in the room has equal capability to talk (Multiple Access), but no one gives a lengthy
speech to be polite. If a person is impolite, he is asked to leave the room (that is, thrown off the net). No
one talks while another is speaking. But if two people start speaking at the same instant, each of them
know this because each hears something they haven't said (Collision Detection). When these two
people notice this condition, they wait for a moment, and then one begins talking. The other hears the
talking and waits for the first to finish before beginning to speak. Each person has a unique name
(unique Ethernet address) to avoid confusion. Every time one of them talks, he prefaces the message
with the name of the person he is talking to and with his own name (Ethernet destination and source
address, respectively).
If the sender wants to talk to everyone he might say "everyone" (broadcast address), for example,
"Hello Everyone, this is Jack, ...blah blah blah...."
67
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
These two behaviors, broadcast and collisions, gave rise to two terms: broadcast domain and collision
domain.
sy
Every device that sees the Ethernet frame you send is in your broadcast domain. In our example, if PC
A sends a frame to PC E, every PC attached to the network will see that frame. However, only PC E
will pay attention to the frame and process it by sending it up the OSI stack. If PC A sends out a
broadcast frame, then every PC attached to the wire will both see the frame and process it.
ra
Every device that can send a frame that might collide with a frame you send is in your collision domain.
On a shared network, as in our example, every device connected to the wire is contending for
bandwidth, and all the devices are in the same collision domain.
En
te
With original Ethernet, the broadcast domain and the collision domain encompassed identical devices
they were coextensive.
68
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
This behavior limited the extent of the first Ethernet networks. Even with repeaters devices that
amplified the electrical signal across the wire because every device shared the same collision and
broadcast domains, each network was limited to five 100m wires with four repeaters. Whats more, only
three wires could host devices. This rule became known as the 5-4-3 rule.
En
te
ra
sy
In addition, each network was limited to 1024 host devices. (A host device is a device such as a PC, a
printer, or a server.) However, the practical limit was about 400 devices, since everyone on the wire
competed for bandwidth. Beyond about 400 users, constant collisions rendered the network almost
unusable.
69
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Partly to resolve this problem, engineers developed the first intelligent networking device the
transparent learning bridge. The transparent learning bridge keeps a Source Address Table of all the
devices it knows about. The table identifies each individual device, and tells the bridge which port the
device is out of. The bridge is called a learning bridge: it learns which device is out which port by
examining the Source Address field of every Ethernet frame it receives. The bridge is called
transparent because the end devices neither know nor care that the bridge is hearing the frames they
send.
70
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The bridge uses Media Access Control (MAC) addresses to track the devices it learns about. Every
Ethernet connector has a MAC address, hardcoded onto the network interface card (or NIC) by the
manufacturer.
The first 24 bits of the MAC address identifies the manufacturer. The vendors are then responsible for
placing a value in the remaining 24 bits so that the final MAC address is totally unique for every physical
interface.
ra
sy
For example, if you had a NIC with a MAC address of 00:0F:1F:E0:D2:B5, youd know it was an
Ethernet adapter from a Dell laptop (thats where we get the 00:0F:1F from).
En
te
We write the MAC address in hexadecimal notation.
71
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
72
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
When a host sends an Ethernet frame out onto the wire, it puts its MAC address in the Source Address
field of the Ethernet header. (We will discuss the Ethernet frame architecture shortly.) That frame
moves across the wire, and the bridge hears it since in Ethernet, everyone hears everything. The
bridge reads the Source Address, and checks whether it has that MAC address in its Source Address
Table. Then:
sy
If the MAC is already in the table as being out the port the frame entered, the bridge resets the aging
timer for that address.
ra
If the MAC is already in the table as being out a different port from the one the frame entered, the bridge
deletes that entry and associates the MAC with the port the frame entered.
En
te
If the MAC is not already in the table, the bridge creates a new entry, associating the MAC with the port
the frame entered.
Thus, because each MAC address is unique, the bridge knows the device with that MAC is out only one
of its ports.
73
k
oo
eB
om
la
ss
ro
lC
ua
irt
This learning behavior allows a bridge to create multiple Collision Domains.
-V
In our example, lets say that PC C wants to send a frame to PC A. It formats the frame and puts PC
As MAC address in the Destination Address field. It goes through the CSMA/CD process, and sends
the frame out onto the wire. The Frame travels across the wire and arrives at the bridge.
ra
sy
The bridge examines the Destination MAC address and checks that address against its Source Address
Table. The bridge realizes that PC A is out the same port the frame entered. Because Ethernet
assumes that everybody hears everything, the bridge does not forward the frame for PC A out any other
port; it assumes that PC A has already heard the frame and responded to it.
En
te
This bridging behavior creates multiple collision domains. PCs A, B, C, and Port 1 on the bridge all
compete with each other for access to Wire 1. Their frames can collide with each other. PCs D, E, F,
and Port 2 on the bridge all compete with each other for access to Wire 2. Their frames can collide with
each other. However, frames on Wire 1 cannot collide with frames on Wire 2.
74
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Lets say that PC C wants to send a frame to PC D. It formats the frame with PC Ds MAC address in
the Destination Address field, and sends the frame out across the wire. The frame arrives at the bridge
on Port 1.
En
te
ra
sy
The bridge checks the Destination MAC address of the frame against its Source Address Table, and
discovers that PC D is out Port 2. It forwards the frame out Port 2, assuming that PC D will hear the
frame and respond.
75
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
But what if the bridge does not know which port a particular MAC address is out of? When a bridge
receives a frame with a destination MAC address it does not have in its Source Address Table, the
bridge replicates the frame and floods it out every port except the port on which the frame entered.
Consider this example. PC B wants to send a frame to PC F. It formats the frame with PC Fs MAC
address in the Destination Address field and sends the frame out on the wire.
En
te
ra
sy
The bridge receives the frame and examines its Source Address Table but does not find PC Fs MAC
address in the table. It replicates the frame and floods a copy of the frame out every other port,
assuming that if PC F is on one of the wires the bridge is connected to, PC F will hear the frame and
respond.
76
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
PC F responds to PC B, and inserts its own MAC address into the Source Address field. The frame
arrives at the switch, which looks at the Source Address and adds PC Fs MAC into its Source Address
Table as being out Port 2.
77
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The switch checks its Source Address Table, and discovers the Destination MAC address is out Port 1.
It forwards the frame out Port 1 only, and PC B receives the frame.
78
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
However, the bridge pays no attention to its Source Address table when it receives a broadcast frame
defined by the IEEE 802.1 standard as a MAC address of all ones: FF.FF.FF.FF.FF.FF. When a bridge
receives a broadcast frame it simply replicates the frame and broadcasts it out every port. Every device
on every wire hears the broadcast, and is required to process the frame.
79
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
So a bridge creates as many collision domains as it has ports. However, every device connected to a
bridge is still in the same broadcast domain.
80
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
As engineers kept working on making networks faster and more efficient they developed a device called
a switch. Switches are simply very fast bridges with multiple ports enough ports so that every host
device can attach directly to the switch. This design provides network administrators with three
profound results:
sy
You can put every device on your network into a separate Collision Domain. Since there are only two
devices on any given network segment (the switch port and the host device), hosts never compete with
each other for access to bandwidth.
ra
You can use different cabling options that allow faster transmissions. Currently, Category 5 Unshielded
Twisted Pair (Cat-5 UTP) cabling is the defacto standard. (Well discuss cabling later in this unit.)
En
te
Cat-5 cables (among other kinds of cable) use one pair of wires to send information, and a different pair
of wires to receive information. This allows you to enable full-duplex transmission, where the switch
and the host device to both send and receive data simultaneously. Depending on your switch, this
capability can effectively double your throughput to your host devices.
81
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The original Ethernet frame was redefined under the IEEE 802.3 standard and is now the official
Ethernet standard. Within the IEEE 802.3 frame header are 5 data fields.
The preamble consists of 8 bytes (for Ethernet) or 7 bytes (for the IEEE 802.3 standard) of alternating
ones and zeros. This is a bit pattern of 1-0, 1-0, 1-0, 1-0.
sy
The preamble is recognizable by all Ethernet devices. It indicates the beginning of a frame and allows
for frame timing by enabling all transceivers on the network to synchronize themselves to the incoming
frame.
En
te
ra
For 100 and 1000 megabits per second Ethernet, constant signaling is used, but even though the
preamble is not needed it is still transmitted so that the frames structure is unchanged.
82
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Start of Frame Delimiter tells the receiving device that the Preamble is ending and the frame is
starting. It is one byte long, with a bit pattern of 10101011.
83
k
oo
eB
om
la
ss
ro
lC
ua
irt
The next field is the Destination Address field. The Destination Address field can carry one of three types of MAC
addresses:
-V
Unicast: When the device sending the frame wants to send the frame to a specific receiver, and it knows that
receivers MAC address, it puts that specific MAC address in the Destination Address field.
Dynamic Host Control Protocol (DHCP) requests: When a PC boots up it must find an IP address in order to
access the network. If you are using DHCP to dynamically assign IP addresses to your end users, then when a
PC boots up it must find a DHCP server. It does not know the IP address of the DHCP server, and it does not
know the DHCP servers MAC address. So your PC formats a DHCP request and sends it out with the
broadcast Destination MAC address. In essence your PC is saying, Help! Everybody if youre a DHCP
server I need your help! Every device on the network will hear and process the DHCP request, because of the
broadcast MAC address but only your DHCP server(s) will reply to your PC.
En
te
ra
sy
Broadcast: When the device sending the frame wants to send the frame to every device on the network, it puts the
broadcast address of FF.FF.FF.FF.FF.FF (all ones) in the Destination Address field. Every device that sees this
frame must process the frame. Some of the situations in which a host device would send a broadcast frame are:
Address Resolution Protocol (ARP) requests: When your PC knows the IP address of the device it wants to
reach, but not the MAC address of that device, it will formulate an ARP request. It sends the ARP request out
with the broadcast MAC Destination Address. In essence, your PC is saying, Help! Im looking for the device
with this IP address, but I dont know where it is located! If this is you, please respond! Every device on the
network will hear and process the ARP request, but only the device with that IP address will reply to your PC.
Multicast: When a device is sending information to a subset of all devices on the network, it will put a multicast
address in the Destination Address field. For example, you might set up a video conference over the network for
just your sales staff. The PC sending out that video stream would put the multicast address for that conference in
the Destination Address field.
84
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Source Address field is six bytes long; the sending device always puts its own MAC address in the
Source Address field.
85
k
oo
eB
om
la
ss
ro
lC
ua
irt
The Length/Type field can carry either of two pieces of information:
-V
If the value of the field is 1500 or less, it functions as a Length field. In this case, this field tells the
receiving device how much of the following data field is actual data, and how much of the data field is
padding.
sy
If the value of the field is more than 1500, it functions as a Type field. In this case, the field tells the
receiving device which protocol encoded the data field. Some sample values include:
0 - 1500 length field (IEEE 802.3 and/or 802.2)
ra
0x0800 IP(v4), Internet Protocol version 4
En
te
0x0806 ARP, Address Resolution Protocol

0x8137 IPX, Internet Packet eXchange (Novell)
0x86dd IPv6, Internet Protocol version 6
86
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The Data field is the actual information the frame is carrying. It might contain networking overhead
information as well as the application data. It must be at least 46 bytes long, and can be as long as
1500 bytes. If the sending device does not have enough information to fill the data field with the
minimum 46 bytes, it will add padding to fill the field out to the minimum length.
En
te
ra
sy
With an overhead of 18 bytes 14 bytes for the header and 4 bytes for the Frame Check Sum an
Ethernet frame can range in size from 64-1518 bytes.
87
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Finally, the sending device hashes the content of the frame to this point, and puts the result of that hash
in the trailing field, called the Frame Check Sum field. The receiving device performs the same hash on
the frame, and compares its results to the value in the FCS. If the values differ, the receiving device
assumes the frame was somehow altered/corrupted during transmission, and it discards the frame.
88
k
oo
eB
om
la
ss
ro
lC
ua
irt
Frame Subtypes:
-V
Different types of Ethernet frames can co-exist on a network. The subtypes are:
Ethernet II is also known as DIX, which stands for Digital, Intel, Xerox, the corporations responsible for
development of the frame type. DIX was the first agreed-upon frame format that served as a prestandard. The frame type is identified in the Type field.
sy
802.3 Raw is the Novell frame format. The length of the payload is carried in the Data field. The
protocol Type was always Novell.
ra
802.2 (LLC) is the IEEE standardized frame type. This frame identifies the protocol type in the DSAP
and SSAP fields (Destination and Source Service Access Ports).
En
te
SNAP (Sub-Network Access Protocol) was brought about by Apples desire to identify more protocols
than could be identified in the DSAP and SSAP fields. The SNAP ID consists of the manufacturers ID
and a two-byte protocol identifier.
The SNAP-ID field is split into two sub-fields:
OUI: The first three bytes of the SNAP ID comprise the Organizationally Unique Identifier (OUI). This
is essentially the same ID used for the first 24 bits of the 48-bit MAC (or "Ethernet") address, although it
can be set to zero.
Type: The last 2 bytes are used to represent the protocol type of each vendor. When an Ethernet II
frame is translated into this frame format, the OUI is set to zero and the Type field carries the contents
of the EtherType field.
89
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
So to pull all this information together, consider this example, where Host A sends an Ethernet Frame to
Host B. Host A creates the Frame and inserts its own MAC address in the Source MAC field of the
Ethernet header, and inserts the MAC address of Host B in the Destination MAC field in the header.
Host A then sends the frame across the wire to Switch A.
En
te
ra
sy
Switch A does not change the Ethernet header. It simply looks up the egress port for the MAC in the
Destination Address field in its Source Address Table, and forwards the frame out that port.
90
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Switch B also does not change the Ethernet header. It simply looks up the egress port for the MAC in
the Destination Address field in its Source Address Table, and forwards the frame out that port.
91
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Thus, the frame reaches Host B with the same MAC destination and source addresses with which it left
Host A.
En
te
ra
sy
Note that this behavior is different from what happens when you have to route the packet over different
IP networks. Youll learn how that behavior differs when you study routing.
92
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In 1980, the Digital, Intel, and Xerox (DIX) consortium created the original Ethernet. Ethernet_II followed
and was released in 1984. Ethernet and Ethernet II were pre-standards to the IEEE standards. The
standards setting organization, Institute of Electrical and Electronics Engineers (IEEE), 802 project was
initially divided into three groups, 802.1, 802.2, and 802.3, as shown on the slide.
sy
Digital, Intel, and Xerox pushed Ethernet, while Burroughs, Concord Data Systems, Honeywell, Western
Digital, and later General Motors and Boeing pushed 802.4. IBM worked with 802.5.
En
te
ra
The IEEE 802.3 subcommittee developed an Ethernet standard that happens to be almost identical to
the Ethernet_II version of Ethernet. The two only differ in their descriptions of the Data Link Layer:
Ethernet_II has a Type field, whereas 802.3 has a Length field. Ethernet and Ethernet_II are both
common in their Physical layer specifications, MAC addressing, and understanding of the LLC layers
responsibilities.
93
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
10BaseT uses Unshielded Twisted Pair (UTP) cable and a star topology. Category 3, 4, or 5 cable can
be used, but performance is best with category 5 cable. Category 3 is the minimum. 10BaseT/UTP
requires only 2 pairs of wire and uses RJ-45 connectors. The maximum segment length is 100 meters.
10Base-FL supports fiber-optic cable backbones of up to 4000 meters with transmission at 10
Mbits/sec. This type of cable is approved for cross-connects between campus buildings.
ra
sy
100BaseT uses Unshielded Twisted Pair (UTP) cable and a star topology. Shielded twisted pair (STP)
is not part of the 10BaseT specification. Category 5 cable is required. 100BaseT requires only 2 pairs of
wire and uses RJ-45 connectors. The maximum segment length is 100 meters.
En
te
100Base-FX supports fiber-optic cable backbones of up to 2000 meters with transmission at 100
Mbits/sec. This type of cable is approved for cross-connects between campus buildings.
1000Base-T differs from 10BaseT and 100BaseT in the way data is transmitted. 1000BASE-T uses all
four cable pairs for simultaneous transmission in both directions. . The maximum segment length is 100
meters.
1000Base-SX/LX supports multi-mode and single-mode fiber-optic cable backbones up to 5000 meters
(depending on fiber type) with transmission at 1000 Mbits/sec. This type of cable is approved for crossconnects between campus buildings. Note: 1000BASE-LX is specified to work over a distance of up to
5 km over 10 m single-mode fiber.
10GBase-SR/LR supports multi-mode and single-mode fiber-optic cable backbones up to 10,000
meters (depending on fiber type) with transmission at 10,000 Mbits/sec. This type of cable is approved
for cross-connects between campus buildings. Note: 10GBASE-LR has a specified reach of
10 kilometres (6.2 mi), but 10GBASE-LR optical modules can often manage distances of up to
25 kilometres (16 mi) with no data loss.
94
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
Fast Ethernet IEEE 802.3u is a supplement to the IEEE 802.3 specification. The 802.3 standard is for
10Mbps Ethernet. Fast Ethernet is for 100Mbps (100BaseT). Fast Ethernet is 10 times faster than
10BaseT (standard Ethernet), while retaining characteristics like MAC mechanisms, Maximum
Transmission Unit (MTU), and frame format. The authors of the 100BaseT standard took great care to
guarantee exact interoperability between the standard 10Mbps Ethernet elements and the new Fast
Ethernet elements. This makes it possible for existing 10BaseT applications and management tools to
be used on Fast Ethernet networks.
The supplement makes several additions to the base document and two amendments:
ra
Timing parameters
En
te
Auto-negotiation features
These two amendments are the key changes for Fast Ethernet.
The table in this slide provides a comparison of the parameters of standard Ethernet (10Mbps) and Fast
Ethernet (100Mbps). You can see that the parameters for both are identical except for Bit Time and
Collision Domain, which are reduced by a factor of 10 with Fast Ethernet.
95
k
oo
eB
om
la
ss
ro
lC
ua
irt
Characteristics of 100BaseTX include:
-V
100BaseTX timing parameters and encoding are based upon the ANSI developed specification FDDI
TP-PMD (Twisted Pair Physical Media Dependent), which is FDDI over twisted pair cable (copper). Fast
Ethernet borrowed some of the physical layer characteristics that had been developed for FDDI. At the
physical layer, the framing structure and encoding schemes are different from 10Mbps Ethernet.
sy
An RJ-45 connector with a pin assignment of 1,2,3,6 is used to be compatible with standard Ethernet.
This is unlike the 1,2,7,8 (crossed over) pin-out for TP-PMD.
ra
All cable plant components must be Category 5 certified (including connectors, patch panels, and
hubs/switches).
En
te
To ensure correct signal timing, a 100BaseTX segment cannot be longer than 100 meters.
96
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Unshielded Twisted Pair cabling has become the predominate medium for the physical transmission of Ethernet
signals. Compared to other forms of cabling (e.g, Shielded Twisted Pair or fiber cable) it is inexpensive, flexible,
easy to run, and easy to terminate. It provides good distance qualities Ethernet will travel up to 100 meters over
UTP.
There are different classes of UTP cable; the higher the classification, the less susceptible the cable is to crosstalk.
The most commonly used categories of UTP are:
sy
Category 3 (Cat-3): used for telephone connections. Cat-3 cable is rated for a maximum data transmission speed
of 16 Mbps; you will probably not see it used for data transmission.
En
te
ra
Category 5 (Cat-5): the most common form of cable in Ethernet deployments. Cat-5 cable has four pairs of twisted
wires, and is rated for data transmission speeds of 100 Mbps and 1000 Mbps (1 Gbps). Each pair of wires is
twisted at a slightly different rate to reduce crosstalk:
Green pair: one twist every 1.52 cm
Blue pair: one twist every 1.54 cm
Orange pair: one twist every 1.78 cm
Brown pair: one twist every 1.94 cm
Category 5e (Cat-5e): Cat-5 cable, but manufactured to stricter quality control standards.
Category 6 (Cat-6): Cat-6 has four pairs of twisted wires, and is used only for Gigabit Ethernet deployments.
Category 7 (Cat-7) has four pairs of twisted wires, and is used for Gigabit Ethernet deployments.
97
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The TIA/EIA established two specifications for terminating Cat5 cable with an RJ-45 connector: T-568A
and T-568B. A cable with one T568A terminator and one T568B terminator is called a crossover
cable. With early networking devices you had to use a crossover cable to connect similar machines.
So for example, to connect a switch to a switch, or a PC to a PC, you would use a crossover cable.
98
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
However, if you terminate a Cat5 cable with either T-568A pinouts on both ends, or T-568B pinouts on
both ends, you have created a straight-through cable. In early networking you would use a straightthrough cable to connect dissimilar devices: a switch to a router, or a switch to a PC.
99
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
With Fast Ethernet, auto-negotiation is a process that allows stations/switches to agree on a link
capability, determining the link speed and duplex mode being used (for example, 10Mbps or 100Mbps,
and half duplex or full duplex).
Both stations must have auto-negotiation logic for auto-negotiation to work.
sy
The auto-negotiation process uses priorities to set the link configuration. If both a client and a switch
port can use 100Mbps full-duplex connectivity, that would be the highest-priority ranking.
ra
Auto-negotiation uses Fast Link Pulse (FLP) bursts to maintain the link and share auto-negotiation
information. In the absence of FLP bursts, the station will operate at standard Ethernet speed (10Mbps,
half duplex).
En
te
Auto-negotiation ensures Fast Ethernet backward compatibility with standard Ethernet. Both stations
must have auto-negotiation logic for auto-negotiation to work.
Although some standard 10Mbps Ethernet devices are capable of full duplex, they will not utilize autonegotiation to determine the duplex mode. They must be manually configured via management. If not
configured, these devices will operate at the theoretical 10Mbps of bandwidth, as opposed to 20Mbps
full duplex.
Two advances made it possible to begin deploying Fast Ethernet devices into existing Ethernet
networks: Auto-MDIX, and Auto-Negotiation.
Auto-MDIX allows a switch to detect the kind of device that is on the other end of the cable, and
configure its own port to send and receive on the correct wires. In todays networks both ports on a link
typically support Auto-MDIX, and this negotiation takes less than 500 ms. For Auto-MDIX to work
correctly, the ports on both ends of the link must be set to auto-negotiate for speed and duplex.
100
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
Flow control is a method used to ensure that receiving units are not overwhelmed with data from
sending devices. Flow control is typically used when nodes (that is, network devices) of different speeds
communicate (for example, a 100Mbps server communicating with a 10Mbps end system). To provide a
comparison, one form of flow control that has been used for some time is XON-XOFF, which is typically
used by modems. When a devices receive buffer is near capacity, the XOFF message is sent to the
transmitting device. After the receive buffer has a chance to empty, the XON message is sent to resume
the transmission. Similarly, with this Ethernet flow control, a pause frame indicates that transmission
should be halted for a period of time. This allows a station to empty its buffer.
En
te
ra
The definition of pause_time from the IEEE document is: A 2-octet, unsigned integer containing the
length of time for which the receiving station is requested to inhibit data frame transmission. The field is
transmitted most-significant octet first, and least-significant octet second. The pause_time is measured
in units of pause_quanta, equal to 512 bit times of the particular implementation. The range of possible
pause_time is 0 to 65535 pause_quanta. Pause frames use the multicast address of 01-80-C2- 0-00-01.
This frame is not forwarded by the switch, because it would add unneeded traffic to the rest of the
network. Annex 31B of the 802.3, 2000 Edition, discusses the MAC control pause operation.
101
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
100BaseFX is the fiber-optic cable implementation of the Fast Ethernet standard. 100BaseFX is ideal
for building backbone connections.
The cable distance is limited to 412 meters, however if full duplex mode is used, the cable runs can be
as long as 2 kilometers. While fiber-optic cable can span longer distances, the limit is imposed for
packet round-trip timing.
sy
Fiber-optic cable is not prone to interference (thus, its advantage in areas with high electrical noise) and
it is does not emanate a signal, making it more secure (especially for wiring across public areas).
En
te
ra
Fiber-optic cable can scale up to higher transmission rates for future expansion. The minimum
recommended cable type for 100BaseFX is a cable with two strands of 62.5/125-micron fiber (meaning
the core is 62.5 microns and the core with surrounding cladding is a total of 125 microns). One strand is
used for signal transmission and the other to receive and detect collisions.
102
k
oo
eB
om
la
ss
ro
lC
ua
irt
This slide reflects the 100BaseFX connector types and segment lengths.
-V
The LC connector is a small form-factor fiber optic connector. It resembles a small SC connector.
Lucent Technologies developed the LC connector for use in TelCo environments.
En
te
ra
sy
The LC connector has been standardized as FOCIS 10 (Fiber Optic Connector Intermateability
Standards) in EIA/TIA-604-10.
103
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The 1000Mbps (1 Gigabit per second) version of IEEE 802.3 is Gigabit Ethernet, which became a
standard in the summer of 1998. Gigabit Ethernet allows an easy upgrade path to high-performance
networking while taking advantage of existing technologies and product knowledge.
sy
Gigabit Ethernet offers a speed increase of 10 times that of Fast Ethernet and 100 times that of the
standard 10BaseT Ethernet specification. Gigabit Ethernet can run in half- or full-duplex mode, although
very few vendors implement half-duplex. Most Gigabit Ethernet products being shipped are full duplex.
En
te
ra
Carrier extension is used to extend transmission length without affecting the frame format. Following the
normal Ethernet frame, an extension is used to extend the effective frame length to 512 bytes as
opposed to the normal 64-byte minimum size frame. This extension is accomplished using non-data bits
as fill. As a result, the collision domain can now be based on 512 bytes versus the 64-byte collision
domain of standard Ethernet. The obvious downside of carrier extension is that it adds overhead with
the filler bits.
Shared Gigabit Ethernet, using half-duplex and CSMA/CD, is not a widely-deployed technology
because of its collision domain considerations. In shared Gigabit Ethernet, the collision domain shrinks
to .512 microseconds (as opposed to 51.2 sec for 10BT and 5.12sec for 100BT). A means of
extending the collision domain without affecting the frame format is required to make this a viable
technology. Gigabit Ethernet supports the existing frame size and frame format of standard IEEE 802.3
Ethernet, which means it is easily integrated with existing networks. Because Ethernet networks are
sensitive to the round-trip-delay constraint of CSMA/CD, slot times are extremely important. In 10BaseT
and 100BaseT, the slot times are 512-bit times. This is not feasible for Gigabit because the slot time
would be only 20 meters in length. To make Gigabit useable on a network, the slot times were extended
to 512 bytes, which is 4096 byte times. Actually, the minimum frame size for Gigabit Ethernet is still 64
bytes, just like 10 and 100Mbps Ethernet.
104
k
oo
eB
om
la
ss
ro
lC
ua
ra
sy
-V
irt
Gigabit Ethernet auto-negotiation is a process used to determine the duplex mode and flow control type
to be used when setting a link configuration. This is different from Fast Ethernet auto-negotiation which
is used to determine link speed and duplex mode. Determining the duplex mode works the same as for
Fast Ethernet. In the continuing race between line speed and switch speed, Gigabit Ethernet has raised
the bar again. Therefore, not all switches with Gigabit ports or Gigabit clients are able to operate at full
wire speeds. This is an issue through the limitations of IEEE 802.1D transparent bridging, and the
operations of some well known protocol suites. The IEEE 802.1 specification defines the concept of a
frame lifetime where a frame will be discarded if it is held by any particular bridge for duration greater
than the maximum bridge transit delay. The specification recommends that this value be set to a value
of 1.0 seconds.
En
te
Most connection-oriented upper layer protocols use the sliding window form of flow control. While this
form of flow control is very efficient in networks with extremely low packet-loss rates, significant loss
rates (~0.1%) can result in very poor performance. These two issues combine to mean that upper-layer
throughput is severely affected when the buffers on end-stations or intermediate devices become
congested. As a workaround, the IEEE 802.3 committee has developed a pause feature. Simply put, it
is possible for a station to transmit a multicast pause frame to its neighbor, requesting that the
neighbor remain silent for a specified number of bit times. From vendor to vendor, and hardware
platform to hardware platform, the names of these modes may vary.
105
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Mini-GBICs have a smaller form factor than classic GBICs, providing the ability to populate more
Gigabit Ethernet ports. To meet each customers unique needs, Enterasys offers LC and MTRJ types of
fiber connectors.
106
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The 10 Gigabit Ethernet IEEE standard, 802.3ae, was ratified in the summer of 2002. 802.3ae is
essentially Ethernet, only faster (10 Gigabits per second, which is 10 billion bits per second) with a
wider scope. 10 Gigabit Ethernet is the same as 10Mbps Ethernet in many ways, and is basically plugand-play. The biggest change is that CSMA/CD has been eliminated. 10 Gigabit Ethernet operates only
in full-duplex mode, making collision- detection protocols unnecessary.
En
te
ra
sy
10 Gigabit Ethernet is designed for point-to-point communication in LAN, MAN, and WAN applications.
It is interoperable with other networking technologies, such as SONET.
107
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The physical interface (PHY) at Layer 1 of the OSI model is a physical layer device, a circuit block
connecting the media to the MAC layer (Layer 2). The PHY defines electrical and optical signaling,
clocking guidelines, line states, data encoding, and circuitry needed for data transmission and reception.
The 802.3ae standard defines seven unique physical interfaces (termed PHYs), all fiber, for 10 Gigabit
Ethernet connections.
sy
As you can see, the names of the three WAN interface names (WAN PHYs) end in W, for example
10GBase-SW. The other four interfaces are LAN PHYs.
ra
There are four PMDs supporting unique light frequencies:

1310 nm serial PMD, supporting at least 10 kilometers on single-mode fiber.
En
te
1550 nm serial PMD, supporting at least 40 kilometers on single-mode fiber.

850 nm serial PMD, supporting at least 65 meters on 500 Mhz *km 50/125 micron multi-mode fiber.
1310 nm WWDM PMD, supporting at least 300 meters on 160 MHz*km 62.5/125 micron multi-mode or
better.
The S, L, and E on the interface names represent short, long, and extended ranges, respectively.
Newer grades of fiber will extend these ranges. (The R on the LAN PHY names stands for range. For
the WAN PHYs, the R in the interface name is replaced by a W for WAN.)
Notice the differences in range for single-mode fiber (SMF), as opposed to multimode fiber (MMF) used
with these interfaces.
108
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
109
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
110
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
111
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
What are the methods available for configuring and managing Enterasys switches through a host data
port, either locally or remotely?
How do you control who can access, monitor, and manage a switch? How do you upgrade the firmware
on an Enterasys switch?
How do you upload and download configurations from one switch to another?
sy
This module answers these questions and includes the following major topics:
Management options, including:
ra
Local Management
En
te
WebView and Secure Socket Layer (SSL)

SNMP v1/ v2/ v3
Telnet and Secure Shell (SSH)

Network Management Station (NMS)
Firmware upgrades
Configuration upload/download
Management security
112
k
oo
eB
om
la
ss
ro
lC
ua
Local Management (LM)
WebView and SSL
ra
sy
Telnet and SSH
NetSight
-V
irt
There are various configuration and management options for Enterasys switches, which vary by switch
product family, including:
En
te
All Enterasys switch products may be managed via their console or COM port for out-of-band access to
either menu-driven management screens or to a command-line interface. This is commonly referred to
as Local Management (LM). The network administrator must be local to the device in order to manage
it.
A device IP address is not required to manage the device through LM. The console port on a device
may be either an RJ45 or a DB9 connector, which may be connected to a VT type terminal, a PC with a
terminal emulation application (such as HyperTerminal, PUTTY or Tera Term Pro), or to a modem.
113
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
114
k
oo
eB
om
la
ss
ro
lC
ua
irt
You must remember the type of port you are configuring.
En
te
ra
sy
ge.x.x
-V
If you are configuring a gigabit port that is running at 100 mbps, that port must still be referred to as
115
k
oo
eB
om
la
ss
ro
lC
ua
irt
Other examples follow:
-V
fe.1.1-10: 100 Mbps ports 1 through 10 in chassis slot 1/Unit 1

ge.3.2: 1 Gigabit port 2 in chassis slot 3/Unit 3
tg.3.1: 10 Gigabit port 1 in chassis slot 3/Unit 3
In addition to fe, ge and tg, other port types include:
sy
com for COM (console) port
ra
vlan for vlan interfaces
lag for IEEE802.3 link aggregation ports, or
En
te
lbpk for loopback interfaces

With the S and K Series, routed VLANs will be seen as vlan.0.x
116
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
One option is to set to switch to obtain the current time from a Simple Network Time Protocol (SNTP)
server. This is good management practice, since if you have all your devices pull time information from
the same server, their logs will synchronize and troubleshooting an event will be easier.
En
te
ra
sy
Logout timer can be set 60 or disabled when configuring the switch in a lab, (set logout 0) but for good
practice should be kept at a minimum.
117
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
A, B, C, D, G and I Switches
Do not support time delayed reset (Enterasys NetSight can be used for this) reset [unit]
En
te
ra
sy
Note: clear config does not clear stacking IDs and switch priorities - clear config all does.
118
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
119
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
WebView is enabled by default on all products and usually works only when it is run with Super
User/Admin rights to the managed device.
Secure Socket Layer (SSL) works by using a private key to encrypt data for the transmission of private
documents over the Internet.
En
te
ra
sy
All but the S and K series support SSL.
120
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Telnet is a terminal emulation program for TCP/IP networks. Once an Enterasys switch has a valid IP
address, you can establish a Telnet session to the device from any TCP/IP based node on the network.
You can manage your devices via the Telnet program and they will be executed as if you were entering
them via the console or COM port. The management screens seen during a Telnet session are
identical to those seen via the console or COM port.
En
te
ra
sy
An enhancement to Telnet is SSH. SSH is a protocol for secure remote login over an insecure network.
It provides a secure replacement of the Telnet feature by encrypting communications between two
hosts.
121
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Enterasys periodically provides firmware upgrades and, less frequently, Boot PROM upgrades. These
are required to:
Address software incompatibilities
Introduce and integrate new features
Address problems and issues with previous firmware versions
sy
Support new and future technologies
En
te
ra
Enterasys switches primarily support Trivial File Transfer Protocol (TFTP) or BootP server functionality.
Other methods of firmware upgrade include File Transfer Protocol (FTP) and serial connection via
zmodem.
122
k
oo
eB
om
la
ss
ro
lC
ua
irt
Background
-V
The firmware image is the operating system for any Enterasys switch. The firmware image is stored in
flash memory and runs in Local RAM. Some relevant definitions follow below.
En
te
ra
sy
NVRAM (Non-Volatile Random Access Memory): RAM that retains its contents (for example, IP
addresses) when a unit is powered off.
123
k
oo
eB
om
la
ss
ro
lC
ua
irt
Following are the steps in the normal boot-up process for Enterasys switching products:
-V
The Boot PROM comes online first and runs diagnostics on all memory areas and the Ethernet
interfaces.
The Boot PROM then checks the NVRAM settings. These settings tell the Boot PROM where to find the
firmware image to load. During a normal boot-up, the firmware image will be loaded from flash memory.
sy
The Boot PROM will start the Flash Memory Manager to uncompress the firmware image in flash
memory, and to copy the uncompressed firmware image into LRAM.
En
te
ra
Once the uncompressed firmware image is in LRAM, the main processor will begin normal operations.
SNMP is now available.
Most devices will take from 30 seconds to a minute to boot up. If the power-up sequence is interrupted
or if optional hardware has been installed or removed, a device may run an extended diagnostics
sequence that may take up to two or more minutes to complete.
124
k
oo
eB
om
la
ss
ro
lC
ua
irt
The online TFTP download process for upgrading firmware is as follows:
-V
The operating image remains in LRAM while the new image is downloaded directly to the flash memory.
sy
Once the TFTP server and settings are initialised, the device will erase the contents of the flash
memory. (Caution should be taken in this state because with no image in flash memory, the device
would require a BootP if the device were reset for any reason.) The compressed file will download
directly to the flash memory.
ra
Once the download is complete, the device will operate using the old image until such time that the
device is reset.
En
te
Upon reboot, the new image will be utilised via a normal boot up.
125
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
The S and K series allows you to download and store multiple image files. This feature is useful for
reverting back to a previous version in the event that a firmware upgrade fails to boot successfully.
When installing a new module in an existing system, the systems operating firmware image needs to be
compatible with the new module. If they are not compatible, we recommend that the system be
upgraded prior to the installation of the new module. If the system is not upgraded prior to the
installation, the new module may not complete initialisation and be operational. It will remain in a halted
state until the running chassis is upgraded to a compatible firmware version.
ra
There are three ways to download firmware to the S and K series devices:
En
te
FTP download uses an FTP server connected to the network and downloads the firmware using the
FTP protocol. This is the most robust downloading mechanism.
A TFTP download uses a TFTP server connected to the network and downloads the firmware using the
TFTP protocol.
An out-of-band download is accomplished via the serial (console) port. By typing the command
download, you send the firmware image via the ZMODEM protocol from your terminal emulation
application.
126
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
127
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
128
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Once you have configured a device, you can save that configuration to a file as backup or use
it to configure a new, similar switch. Uploading and downloading configurations is useful for
replicating configurations of switches of the same model, and for troubleshooting purposes.
This section of the module describes how each product family handles configuration uploads
and downloads.
sy
First, lets define some terms.
ra
Uploading a configuration from a switch means that the configuration is currently on the
device and is copied to a local server via the TFTP protocol.
En
te
Downloading a configuration means that you are taking a configuration file previously
uploaded from a switch and downloading it. The switch will now take the properties that had
been previously uploaded.
For best results, the switch should be physically identical to the switch that the config was
uploaded from. That is, it should be the same switch type, with the same sub-module types
installed, and should be running the same firmware.
This last bit is not an absolute rule, but is based on the fact that interpretation of configuration
files is somewhat firmware-specific.
The Enterasys recommended way to back up switch configurations is to use Inventory
Managers Archive utility.
129
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
130
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
131
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
132
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
133
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
134
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
What are VLANs? What are the benefits of VLANs? How do they work? This module provides the
answers to these questions, providing an overview of IEEE 802.1Q VLANs. Major topics of the module
are:
Benefits of VLANs
sy
VLAN Configuration
VLAN Planning and Design
En
te
GVRP
ra
Using a 1Q Trunk
135
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
A Virtual Local Area Network (VLAN) is a group of end systems based on logical connections, which
functions as a single LAN segment. VLANs allow you to establish logical workgroups within a network
regardless of physical location, and provide a means to control broadcast and multicast traffic.
A broadcast domain is the network area that a broadcast will fill. Every broadcast packet is seen by
every device on the network, regardless of whether the device needs to receive that data or not.
ra
sy
Routers (Layer 3 devices) are considered broadcast containers since they limit broadcasts to the
network from which they originate. Each interface on a router is a unique network, with broadcasts for
any given network remaining local to that segment.
En
te
In contrast, when a switch (Layer 2) device receives a broadcast on a given interface, it will forward the
broadcast out all remaining interfaces. This is why a Layer 2 switched network is typically termed a flat
network, because it is one broadcast domain. Traditionally, Layer 3 devices are used to contain Layer 2
broadcasts, forming the broadcast boundary. A broadcast storm affects all nodes within this boundary.
With the ability to create logical workgroups (broadcast boundaries) within a single switch, VLANs
effectively provide broadcast containment at Layer 2.
136
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Switches have the ability to program ports to behave as though they are a Local Area Network a LAN,
in essence a single wire. Each of these generated-in-programming Local Area Networks functions as a
single Broadcast Domain with as many Collision Domains as there are ports. This programming
virtualizes the LAN, thus creating a Virtual LAN, or VLAN.
En
te
ra
sy
By default, every switch ships from the factor with all its ports programmed to behave as though they
are in the same LAN typically, VLAN 1.
137
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
This ability to program ports to behave as if they are members of a LAN that is, to create a Virtual LAN
allows you to program your switch with multiple VLANs. Each VLAN behaves as if it is simply another
wire strung around the room, with Ethernet devices attached to it. Every VLAN is its own Broadcast
Domain and thus its own IP subnetwork.
138
k
oo
eB
om
la
ss
ro
lC
ua
irt
In order for VLANs to work, the switch follows two rules for frames.
-V
First, a frame can belong to one and only one VLAN. We will discuss situations later in this unit where a
switch might have options on which VLAN it puts the frame into but any individual frame itself can only
go into a single VLAN.
En
te
ra
sy
Second, when a frame enters a switch, that switch must put the frame into a VLAN. A switch does not
let a frame cross its backplane unless that frame belongs to a VLAN configured on the switch. If the
switch cannot put an incoming frame into a VLAN, it simply drops the frame.
139
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
There are two fundamental rules for ports in a VLAN environment. The first is that a port must belong to
at least one VLAN in order to pass traffic. Some vendors allow you to remove a port from all VLANs,
which effectively shuts the port down. With Enterasys, every port must be a member of at least one
VLAN whether it is passing traffic or not. By default, every port on an Enterasys switch is a member of
VLAN 1.
En
te
ra
sy
The second rule is that a port may belong to as many VLANs as you have configured on the switch.
This ability allows you to extend your VLANs across multiple switches and in fact, throughout your
network, if you so desire. Ports that are members of more than one VLAN are called trunk ports, we
will discuss how they behave later in this unit.
140
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The #1 benefit is broadcast (traffic) containment, which allows routers that were performing this function
to be displaced by switches that are typically less expensive and easier to configure.
VLANs simplify administrative adds, moves, and changes. Adding or moving users within a VLAN is
easily accomplished, because the VLAN is virtual.
sy
With VLANs, shared resources are not bound by physical location. For example, the Sales VLAN
members can be located in a number of buildings and still access the Sales file server that may be
located in the data center.
En
te
ra
VLANs allow bandwidth management. If user groups become too congested, new VLANs can be
created to separate traffic and redirect traffic patterns.
141
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
VLANs give you network design flexibility. You can group together individuals and the resources they
need regardless of where they are located geographically even if they are in different buildings.
142
k
oo
eB
om
la
ss
ro
lC
ua
irt
Enterasys switches are capable of supporting four different types of VLANs:
-V
Port-based VLANs in which a frame is assigned to a VLAN based on the port through which it entered
the switch
Contained to VLAN based on MAC in which a frame is assigned to a VLAN based upon the Source
MAC address
sy
Contained to VLAN based on Protocol in which a frame is assigned to a VLAN based upon the Layer
3 protocol it is carrying
En
te
ra
Contained to VLAN based on IP Subnet-based in which a frame is assigned to a VLAN based upon
the IP subnet it belongs to
143
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
As we mentioned earlier, when a frame enters a switch the switch must decide into which VLAN it will
place that frame. With a port-based VLAN the switch makes that decision based entirely on one factor:
the port through which the frame entered the switch.
sy
When you configure an Enterasys switch, you explicitly tell each port which VLANs it is a member of.
You also assign the port a Port VLAN ID (PVID). When an end station sends a frame into the switch,
the switch looks at the PVID and assigns the frame into that VLAN.
En
te
ra
Consider this example. In this graphic the upper three PCs are connected to ports in the Blue VLAN.
The switch will put all the frames they send into the Blue VLAN; these PCs will be able to communicate
with each other, but not with the PCs in the Orange VLAN. Similarly, the lower three PCs are
connected to ports in the Orange VLAN. They too, can communicate with each other, but not with the
PCs in the Blue VLAN.
Note that we have configured Port 44 to be a member of the Orange VLAN. When a PC connects to
Port 44 and sends a frame, the switch assigns that frame to VLAN Orange; we say that the PC is a
member of the Orange VLAN.
172
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
In conjunction with Policy Manager, Enterasys switches allow you to sort frames into VLANs on the
basis of the Source MAC address in the Layer 2 header. Using Policy Manager you can establish a list
of MAC addresses that belong to a specific VLAN. Then, when an end user connects to the network,
the switch will place those frames in the appropriate VLAN regardless of the port to which the user
connects.
En
te
ra
sy
Consider the example here. PC F carries a MAC address of 00.00.A4.01.AE.03. Youve configured
Policy Manager to tell the switch to put frames with that MAC Source Address into the Orange VLAN.
When PC F connects to the network, the switch will place its frames into the Orange VLAN, regardless
of the port it connects to.
145
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
basis of the Layer 3 protocol the frame is carrying. Then, when an end user connects to the network,
connects.
En
te
ra
sy
Consider the example here. PC F is using IPv6, which requires an Ethertype of 86DD. Youve
configured Policy Manager to tell the switch to put frames that have the Ethertype value of 86DD in the
Length/Type into the Orange VLAN. When PC F connects to the network, the switch will place its
frames into the Orange VLAN, regardless of the port it connects to.
146
k
oo
eB
om
la
ss
ro
lC
ua
irt
EtherType values include:

IP
IPX (802.3, 802.2, snap, Type II)
AppleTalk (Type II, snap)
DEC (LAT, other)
IBM SNA (802.2, Type II)
NetBIOS
VINES
IPv6
En
te
ra
sy
-V
147
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
basis of the IP subnet from which they originate. Using Policy Manager you can establish that frames
from a specific IP subnet belong to a specific VLAN. Then, when an end user connects to the network,
connects.
En
te
ra
sy
Consider the example here. PC F carries an IP address of 172.16.121.102/24. Youve configured Policy
Manager to tell the switch to put frames from the 172.16.121.0/24 network into the Orange VLAN.
When PC F connects to the network, the switch will place its frames into the Orange VLAN, regardless
of the port it connects to.
148
k
oo
eB
om
la
ss
ro
lC
ua
irt
So how does a switch work all this VLAN magic?
-V
The IEEE established a standard, 802.1Q, that inserts four bytes of information into the standard
Ethernet header. Those four bytes are called the 802.1Q Tag, and a frame with those four bytes is
called a tagged frame. (A frame without those four bytes is called an untagged frame.
sy
This slide displays the Ethernet DIX frame format, depicting the four bytes added as the 802.1Q frame
tag. The frame tag is used to identify VLAN membership (classifying VLANs). It is also used for 802.1D
frame classification.
ra
The Tag Protocol Identifier (TPID) field is:

Two bytes (16 bits) long
En
te
Used for Token Ring, FDDI, and SNAP encoded transmissions

Set to a value of 81-00 for Ethernet transmissions
The Tag Control Information (TIF) field is also two bytes, consisting of:
User Priority, three bits, used for frame classification
Drop Eligible Indicator (DFI) (formerly the Canonical Format Identifier), one bit, used to indicate frames
eligible to be dropped in the presence of congestion
VLAN ID (VID), twelve bits, containing the actual VLAN identity
149
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Tagging allows a single port to send and receive frames for more than one VLAN. In this example, our
two switches are connected with ports that are tagging for the red, yellow, and blue VLANs.
sy
PC A sends an untagged frame to PC D. That frame enters Switch 1 through a port in the Blue VLAN.
The switch sends the frame out the port connecting it to Switch 2, and inserts a tag in the Layer 2
header that says, This frame belongs in the Blue VLAN. Switch 2 receives the frame, and forwards it
out to PC D but without a tag.
The same process happens between PC B and PC C.
En
te
ra
Note that tagging (or not tagging) occurs as a frame leaves the switch.
150
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
151
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
152
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
153
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
154
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The VLAN ID (VID) is a unique number, between 1 and 4094, which identifies a particular VLAN. The VID is
tagged onto a frame to tell a receiving switch the VLAN of which the frame is a member. VLAN #s 0 and 4095 are
reserved. 0 = Priority tag (no VLAN information) 1 = Default VLAN
The VLAN name is used to make user-defined VLANs easier to identify and remember (easier than remembering a
number). The name can have a maximum of 32 alphanumeric characters and is associated with the VLAN ID.
ra
sy
The Port VLAN ID (PVID) is used for identifying frames on ingress that do not have a VLAN association. When you
assign an untagged VLAN membership to a port, that VLANs ID (VID) becomes the Port VLAN ID (PVID) for the
port, and the VLAN is added to the ports egress list. All end systems connecting to the port assume membership
in the PVID. If the frame already has a tag on ingress, the PVID is not applied.
En
te
The Filtering Database (FDB) is a database structure within the switch that keeps track of the association among
MAC addresses, VLANs, and Port numbers. The FDB is a lookup table referred to when a VLAN-aware switch
makes a forwarding decision on a frame.
The Filtering Database Identifier (FID) is automatically created when a VLAN is created. It is assigned the same
number as the VLAN ID (VID). Addressing information that the device learns about a VLAN is stored in the filtering
database assigned to that VLAN. The FID is also known as the Filtering Database ID (FDB ID) or as IEEE states
the Filtering Identifier.
A VLAN Tag or Tag Header is four bytes of data inserted into a frame that identifies the VLAN/classification
settings for that frame. A VLAN tag is inserted when the frame enters the switch (at the ingress port). The tag
header is inserted into the frame directly after the source MAC address field. Twelve bits of the tag header
represent the VLAN ID. Three bits of the tag header are used for priority setting.
155
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
A tagged frame is any frame that contains a tag header. A VLAN aware switch can add the tag header
to any frame it transmits.
The default VLAN is the VLAN to which all ports are assigned upon initialization. The default VLAN has
a VLAN ID of 1 and cannot be deleted or renamed.
sy
Access Port: Assigns a frame to a VLAN on ingress, based on the PVID of the port. It removes the tag
on any frame that egresses the port..
ra
Trunk Port: Passes only frames that carry 802.1Q tags. Trunk ports are used between 802.1Q
switches.
En
te
GVRP: A protocol specified as part of the 802.1Q standards suite that dynamically creates VLANs
through your network.
156
k
oo
eB
om
la
ss
ro
lC
ua
irt
Default VLAN and Number of Supported VLANs
sy
-V
By default, all ports on all Enterasys switches are assigned to VLAN ID 1, with the egress status
defaulting to untagged for all ports. How many VLANs are supported varies depending on the device.
IEEE 802.1Q specifies 4096 VLAN IDs. There is a distinction between the range of VID values (0
through 4095) that a switch vendor implements, and the maximum number of active VLANs a particular
switch can support. For example, a switch may only support 10 active VLANs, but may support VIDs
from anywhere in the full IEEE specified range.
ra
The allowable user-configurable range for VLAN IDs (VIDs) is from 2 through 4094.
En
te
VID 0 is the null VLAN ID, indicating that the tag header in the frame contains priority information rather
than a VLAN identifier. It cannot be configured as a port VLAN ID (PVID).
VID 1 is designated the default PVID value for classifying frames on ingress through a switched port. It
may be changed on a per-port basis.
VID 4095 is reserved by IEEE for implementation use.
Each VLAN ID in a network must be unique. If a duplicate VLAN ID is entered, the Enterasys switch
assumes that the administrator intends to modify the existing VLAN.
Enterasys switches use the VLAN tag information contained in a data packet for all ingress, forwarding,
and egress decisions.
157
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
158
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
When creating VLANs, first assign a VLAN ID within the supported range of the device. This is a
numeric ID. You may also assign a VLAN name to each VLAN.
159
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Before enabling VLANs for the switch, you must first assign each port to the VLAN group or groups in
which it will participate. Port VLAN IDs (PVIDs) determine the VLAN to which all untagged frames
received on one or more ports will be classified. This is a classification mechanism that associates a
port with a specific VLAN and is used to make forwarding decisions for untagged packets received by
the port.
ra
sy
For example, if port 2 is assigned a PVID of 3, then all untagged packets received on port 2 will be
assigned to VLAN 3. If no VLANs are defined on the switch, all ports are assigned to the default VLAN
with a PVID equal to 1.
En
te
You should add a port as a tagged port (that is, a port attached to a VLAN-aware device) if you want it
to carry traffic for one or more VLANs, and the device at the other end of the link also supports VLANs.
If you want a port on a switch to participate in one or more VLANs, but intermediate devices or the
device at the other end of the link do not support VLANs, then you must add the port as an untagged
port (a port attached to a VLAN-unaware device).
On Enterasys switches, ports can be assigned to multiple tagged or untagged VLANs. Each port on the
switch is therefore capable of passing tagged or untagged frames.
160
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
161
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
If you are configuring multiple VLANs, we recommend that you configure a management-only VLAN.
This allows a station connected to the management VLAN to manage the device. It also makes
management secure by preventing configuration via ports assigned to other VLANs.
En
te
ra
sy
The process of assigning a management VLAN must be repeated on every device that is connected to
the network to ensure that each device has a secure management VLAN. When configuring multiple
devices, the VLAN names can be different, but the management VLAN ID must be the same on each
device. It is not necessary to configure a physical port for management on each switch. Only those
switches that will have a management station attached need a physical port assigned to the
management VLAN.
162
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
GVRP employs three GARP timers:
Join Timer: Controls the interval between transmitting requests/queries to participate in a VLAN group.
The default value is 20 seconds.
En
te
ra
sy
Leave Timer: Controls the interval a port waits before leaving a VLAN group. It should be more than
twice the join time to ensure that the applicant can rejoin before a port actually leaves the group. The
default value is 60 seconds.
Leave All Timer: Controls the interval between sending out a LeaveAll query message for VLAN group
participants and the port leaving the group. This interval should be considerably larger that the Leave
Timer setting to minimise the amount of traffic generated by nodes rejoining the group. The default
value is 1000 seconds.
Management can prohibit ports from participating in GVRP, as well as change the timer defaults. The
default values for the GARP timers are independent of the media access method or data rate. These
values should not be changed, unless you are experiencing difficulties with GVRP
registration/deregistration. If changed, they must be changed to the same values on all switches in the
network.
163
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
164
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
165
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
166
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
167
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
168
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
169
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Redundant links between switches are a good idea because they help prevent complete network
failures in the event that one link stops working. Bridges can provide physical layer redundancy.
However, even though redundant links can be helpful, they cause tremendous problems when a
broadcast frame gets onto the network.
sy
Consider this situation where PC B wishes to send a packet to PC A. It knows PC As IP address, but
not its MAC address. Accordingly, PC B sends out an ARP request with a broadcast destination MAC
address. This begins the process that leads to a broadcast storm:
ra
Switch 4 receives the frame and floods it out all ports, including its links to Switch 2 and Switch 3.
En
te
Switches 2 and 3 receive the broadcast and flood it out all ports including their links to each other and
to Switch 1.
Switch 1 receives the broadcast on two ports and floods both broadcasts out its connection to PC A. It
also floods the broadcast it received from Switch 2 out its connection to Switch 3; it floods the broadcast
it received from Switch 3 out its connection to Switch 2.
Switch 2 receives two broadcasts: one from Switch 1 and one from Switch 3. It floods both broadcasts
out its connection to Switch 1 (shown). It also floods each of these broadcasts out its connection to the
other switch (not shown). Switch 3 does the same.
170
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Switch 4 receives four broadcasts: two from Switch 2 and two from Switch 3. It floods four broadcasts
out its connection to PC B, and two broadcasts each out its connections to Switches 2 and 3.
The entire process begins again, only this time with double the number of frames.
En
te
ra
sy
The process continues, with an increasing number of frames going around the network each cycle, until
all of the switches CPU time is taking up with processing broadcast frames, and no bandwidth is
available for any other traffic.
171
k
oo
eB
om
la
ss
ro
lC
ua
irt
This slide helps to illustrate how a network loop can cause a problem in SAT tables.
ra
sy
-V
Device A is transmitting a broadcast (ARP) frame to Device B. Devices B1 and B2 are redundant links.
If B1 and B2 have no entry for the MAC address of B, they will continue to flood the frame out all
interfaces except for the ingress port. When B1 passes the frame on the wire, B2 will see it on Port 2
and update its SAT table with Device As MAC address. The SAT entries in each bridge will continually
change, as they will continue receiving the information about A from a different LAN segment each
time the frame is forwarded. This condition, known as thrashing the MAC table, will exist until B
sources a frame, because a network loop has been created.
Other problems caused by network loops include the following:
En
te
Without a loop avoidance scheme in place, switches will endlessly flood broadcasts through the
internetwork. This is known as a broadcast storm.
Multiple copies of the same frame arriving from multiple segments simultaneously can occur because
the frame is arriving from different segments at the same time.
Multiple loops generating throughout an internetwork. This can be one of the biggest problems
because loops can occur within other loops. In this situation, if a broadcast storm were to occur, the
network could not perform packet switching.
172
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
To resolve these problems, Radia Perlman developed the Spanning Tree algorithm. Using Spanning
Tree, the bridges in your network negotiate amongst themselves to create a single loop-free path
through the network by blocking data transmissions on certain ports. The bridges exchange Bridge
Protocol Data Units (BPDUs) containing the information they need to decide between themselves which
ports to block in order to eliminate loops at Layer 2. The bridges elect a bridge to serve as the root of
the spanning tree, and calculate non-redundant paths from each bridge back to the root.
173
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
When bridges/switches are creating the topology of spanning tree on a network, they compare values of
the list items below in a particular order:
Root Bridge ID
Path Cost to Root
sy
Designated Bridge ID
ra
Designated Port ID
En
te
Root Port ID
174
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 1: Electing the Root Bridge
-V
The root bridge is used as the reference point for the topology. Upon boot up, Spanning Tree bridges
will begin to circulate BPDUs to determine if there are other bridges in the topology. By comparing
Bridge ID values held in the Configuration BPDUs, the bridges determine which bridge will become the
root bridge. The bridge with the lowest bridge ID becomes the root. The bridge ID consists of two
elements:
sy
The bridge priority value
ra
A two-byte field
Enterasys bridges/switches default to 0x80 00
En
te
Bridge priority is configurable

The bridge MAC address -- the base (lowest) MAC address on the bridge
In the example shown above, the root bridge is circled. 80-00:1 is the root bridge because it has the
lowest bridge ID in this example.
175
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 2: Assigning Path Costs
-V
Each LAN segment is assigned a path cost. Path cost is a value associated with each link and its
relative cost to traverse that link. The value is relative to bandwidth rate (port speed).
sy
Using the above network diagram, the Path Cost to Root Bridge from each respective Bridge ID is as
follows:
Bridge ID: 80-00:2 has path cost of 4 (directly connected to root bridge)
ra
Bridge ID: 80-00:3 has path cost of (4 + 19)= 23 (must go thru Bridge ID:80-00:2 to get to Root Bridge)
En
te
Bridge ID: 80-00:4 has path cost of 4 (directly connected to root bridge)
Bridge ID: 80-00:5 has path cost of (4 + 19)= 23 (must go thru Bridge ID:80-00:2 to get to Root Bridge)
Note: Bridge ID: 80-00:5 could have gone thru Bridge ID:80-00:4 to get to the Root Bridge but the path
cost would be (4 + 100=104) which is not the most efficient path to the Root Bridge.
Bridge ID: 80-00:6 has path cost of (4 + 19 + 100)= 123 (must go thru Bridge ID:80-00:2 & Bridge
ID:80-00:3 to get to Root Bridge)
Note: Bridge ID: 80-00:5 has two additional paths that it could take to the Root Bridge but both paths
have a higher path cost than 123 or Bridge ID
176
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 3: Determining the Designated Bridge
-V
For all bridges connects to a single LAN, STA calculates a designated bridge, which is the bridge
offering the lowest path cost to the root bridge. If path costs are equal, the designated bridge is the one
with the lower bridge ID. Each bridge is serviced by only one designated bridge. The root bridge serves
as the designated bridge for all bridges to which it is directly attached.
En
te
ra
sy
For each bridge, STA calculates all possible paths back to the root bridge. If the path cost is equal from
multiple paths, the designated bridge will be determined by the lowest bridge ID. With point-to-point
bridge connections, the designated bridge for a single LAN is the upstream bridge.
177
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 4: Identifying Root Ports and Designated Ports
-V
The next step is to identify the root port and the designated port on each bridge.
Root port: The bridge port that provides the best path to root.
Designated port: A port that provides forwarding of configuration BPDUs from the root bridge.
sy
If a bridge is elected as the designated bridge for other downstream devices, then the ports that connect
to these downstream devices is denoted as designated ports.
ra
Root ports and designated ports are determined using the following parameters:
Path cost to root
En
te
Designated bridge ID
Designated bridge port ID

Root ports and designated ports must be left in the forwarding state.
178
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 5: Resolving Network Loops
En
te
ra
sy
-V
Once the root and designated ports have been determined, redundant ports will be put into the blocking
state. The resultant topology should be a loop-free logical subset of the physical topology. Ports in the
blocking state will not forward data onto the LAN segment to which they are connected. BPDUs will
continue to be forwarded across all ports.
179
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 6: Maintaining the Topology
-V
The last step is to maintain the topology by continuing to circulate BPDUs and ensuring no loops occur. The
Spanning Tree Algorithm uses certain timers to establish and then maintain the logical topology. These timers are
dictated by the elected root bridge and can be manually configured. The timers include:
Hello timer (default = 2 seconds): Time interval between generation of BPDUs by any bridge
Max Age timer (default = 20 seconds):
sy
Length of time a bridge will wait to receive a BPDU.
ra
Once this timer expires, a Topology Change Notification BPDU will be transmitted.
Forward Delay timer (default = 15 seconds): Length of time the bridge will remain in each port state.
En
te
Spanning Tree port states are described above. Additionally, an administrator can put a port in a disabled state, or
if a failure with the port occurs, the switch will put the port in a disabled state. Disabled means the port is not
participating in frame transmission or Spanning Tree. Typically, switch ports are either in blocking or forwarding
state. A forwarding port is a port that has the lowest path cost to the root bridge. A port will never be placed in
forwarding state unless there are no redundant links and it is determined that it is the best path to the root bridge.
If the network topology changes (for example, due to a failed link or an addition of a new switch to the network), the
ports on a switch will be in listening and learning states. Blocking ports are used to prevent network loops. Once a
switch determines the best path to the root bridge, all other ports will be in blocking state. Blocked ports do not
forward frames, but they still receive BPDUs. If a switch determines that a blocked port should now be the
designated port, it will go into listening state. It will check all the BPDUs to make sure a loop will not be created
once the port goes to forwarding state.
Convergence
Convergence occurs when bridges and switches have transitioned to either the forwarding or blocking state.
Convergence is required to ensure that all devices have the same database. All devices must be updated before
data can start to be forwarded.
180
k
oo
eB
om
la
ss
ro
lC
ua
irt
Step 1: Electing the Root Bridge
-V
An example is 80-00-00-E0-63-12-34-56 (where 0x80-00, or 32768 base10, is the bridge priority value,
and 00-E0-63-12-34-56 is the bridge MAC address).
In the example shown above, the root bridge is indicated in red, italicized text. 80-00:1 is the root bridge
because it has the lowest bridge ID in this example.
sy
Step 2: Assigning Path Costs
Black colored links are 1000Mbps so path cost is 4
ra
Light Blue colored links are 100Mbps so path cost is 19
En
te
Green colored links are 10Mbps so path cost is 100

Step 3: Determining the Designated Bridge
Bridge 1 is the designated bridge for Bridge 2, Bridge 4
Bridge 2 is the designated bridge for Bridge 3, Bridge 5
Bridge 3 is the designated bridge for Bridge 6
Bridge 4, Bridge 5, and Bridge 3 are the designated bridges for all respective downstream links
Step 4: Identifying Root Ports and Designated Ports
Step 5: Resolving Network Loops
181
k
oo
eB
om
la
ss
ro
lC
ua
irt
IEEE 802.1D (1998 edition) defines the Spanning Tree Protocol (STP) and the Spanning Tree Algorithm
(STA). The Spanning Tree Protocol uses the Spanning Tree Algorithm.
En
te
ra
sy
-V
The Spanning Tree Algorithm is the solution for resolving network loops. STAs main task is to stop
network loops from occurring on your Layer 2 network (bridges or switches). STA monitors the network
to find all links, making sure that no loops occur by shutting down any redundant links. STA creates a
Spanning Tree topology database to keep track of all links. With STA, frames are only forwarded on
STA-selected links.
182
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
IEEE 802.1w, Rapid Reconfiguration Spanning Tree (RSTP), is built upon the original IEEE 802.1D
Spanning Tree Protocol parameters. When a network fails in a traditional spanning tree topology, twoway communication may not recover for up to 50 seconds. The same recovery can happen almost
immediately in an RSTP environment. Rapid reconfiguration ensures that an end-user is insulated from
dropped sessions or inaccessible resources.
En
te
ra
sy
IEEE 802.1w and IEEE 802.1D Spanning Tree algorithms will interoperate. An RSTP switch detects
when it is connected to an 802.1D STP switch. When the RSTP port is initialized, it transmits RSTP
Bridge Protocol Data Units (BPDUs) for three seconds, then transitions to sending STP BPDUs when
received from the STP switch. When a RSTP capable switch is connected to a STP switch, 802.1D
Spanning Tree rules apply for that connection. It is important to remember when running both 802.1w
and 802.1D in the same network that, depending on where the respan or link failure occurs, either
802.1w or 802.1D rules will apply. This will affect forward transition times and network recovery times.
802.1w provides all the mechanisms needed for a rapid transition whether it be in a "failover" condition
or a "failback" condition. These accelerated respans are done with an explicit handshake agreement
and a new root port detection process. However, the handshake process can only be performed on a
point-to-point LAN segment (full duplex); shared LAN segments are prohibited from this handshake.
183
k
oo
eB
om
la
ss
ro
lC
ua
irt
Distributed algorithm to elect a single Root Bridge.
-V
Root Bridge transmits Bridge Protocol Data Units (BPDUs).
En
te
ra
sy
BPDUs are generally passed downstream.

Bridges compare their received BPDUs to calculate their shortest path to the Root.
184
k
oo
eB
om
la
ss
ro
lC
ua
irt
RSTP assigns roles to individual ports on a bridge as follows:
-V
Whether the port is to be part of the active topology connecting the Bridge to the Root Bridge (a
Root Port)
Whether the port is connecting a LAN through the Bridge to the Root Bridge (a Designated Port)
sy
Whether the port is an Alternate or Backup Port that may provide connectivity if other Bridges,
Bridge Ports, or LANs fail or are removed.
En
te
ra
State machines associated with the Port Roles maintain and change the Port States that control the
processing and forwarding of frames by a MAC Relay Entity. A Port State of Discarding, Learning, or
Forwarding is assigned to support and maintain the quality of the MAC Service. Port states are also
used to reduce the probability of data loops and the duplication and mis-ordering of frames to a
negligible level.
185
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
RSTP works on a Point-to-Point link. Point-to-Point is defined as any link that is Full Duplex or configured as a
Trunk. A port that has EdgePort=true means that the port is configured as a user port. It will transition into
Forwarding rapidly upon link up to a non-Bridge device. It will not propagate any topology change information.
Bridge A has a Designated Port that is not forwarding. It is connected to Bridge B via a point-to-point link.
Bridge A transmits an RST PDU with the propose flag set within the RST PDU Flags field. (Denoted with a double
headed arrow in the diagram.)
ra
sy
Upon reception of the proposal, Bridge B becomes proposed. Its Root Port will assert its synch variable for all
other ports of the bridge. By asserting synch, it is requesting that all of its Designated Ports that are not Edge Ports
revert to the Discarding State.
En
te
Once Bridge Bs Designated Port is Discarding, it asserts its synched variable. Alternate, Backup Ports, and
Designated Ports that are Edge Ports assert their synced variables immediately. The Root Port is monitoring
these ports for their synced variable state. Once all of the ports have asserted their synched variables, the Root
Port asserts its synched variable. It will now transmit an RST PDU back to Bridge As Designated Port with the
Agreement flag set within the RST PDU Flags field. (Denoted with a double headed open arrow in the diagram.)
Once Bridge A receives the RST BPDU with the Agreement flag set and a Port Role of Root Port it will assert its
agreed variable. When the agreed variable is asserted, the Designated Port knows that Bridge B has confirmed
and that it can now proceed to the Forwarding State without further delay. The process starts all over again with
Bridge B proposing to its neighboring Bridge(s).
The Designated Port(s) of downstream Bridges,can in turn request permission of their neighboring Bridge(s) to
rapidly transition to Forwarding using the same mechanism as described above. The effect of this handshake is
that a cut in the active topology is propagated from the original Designated Port through all Bridges on the subtree
below it until the cut reaches the edge of the Bridged LAN. This process contains the new Spanning Tree
information to a local area of the network until all neighboring bridges agree on the topology. This prevents stale
information from being propagated through out the LAN and avoids data loops.
186
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
In the example shown above, the port roles of the switch shown in blue is analyzed. It has two
designated ports that provide connectivity back to the root bridge for downstream bridges. Furthermore,
it has a root port which provides the shortest path back to the root bridge. Its alternative port, which is
not forwarding traffic, is providing an alternative path back to the root bridge. Therefore, if its root port
fails, the bridge can use the alternative port shortening the re-convergence time of the spanning tree.
Also, a backup port exists, which is not forwarding traffic, providing redundant downstream connectivity
to an adjacent bridge.
En
te
ra
Connectivity through a bridge for the Spanning Tree occurs between its Root Port and Designated
Ports. Once Spanning Tree decides (by using State Machines) the Port Role for a given port, the
proper Port State is selected. In other words, PORT ROLES DICTATE THE PORT STATES .
187
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
With that said, RSTP ensures that every link connecting a Root Port and a Designated Port transition to
the Forwarding Port States as quickly as possible. This is the goal of RSTP.
Discarding
This state can be entered from any other port state
Discards received data frames
sy
No additions are made to the Filtering Database
ra
BPDUs are processed upon reception

BPDUs can be transmitted out this port (unlike STA)
En
te
This applies to Root Ports and Designated Ports
Learning
This state can only be entered from the Discarding State

Discards received data frames
Additions are made to the Filtering Database

BPDUs are processed upon reception and can be transmitted out this port
Forwarding
This state can only be entered from the Learning State
Data Frames are accepted and can be transmitted
Additions are made to the Filtering Database
BPDUs are processed upon reception and can be transmitted out this port.
188
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Switches exchange Bridge Protocol Data Unit (BPDU) messages with other switches to detect loops,
and then remove loops by shutting down selected switch interfaces. BPDUs are used to send
configuration information about multicast frames. The bridge ID of each device is sent to other devices
using BPDUs. BPDUs are used to select the root bridge (switch), as well as for subsequent
configuration of the network.
En
te
ra
sy
BPDUs use the multicast address 01-80-C2-00-00-00.
189
k
oo
eB
om
la
ss
ro
lC
ua
irt
With 802.1D, only two BPDU flags were defined:
-V
Topology Change (TC)
Topology Change Acknowledgment (TCA).

However, RSTP uses all six remaining bits of the flag byte to:
Encode the port role and port state of the BPDU.
En
te
ra
sy
Handle proposal/agreement. The sending switch sets the proposal flag in the RSTP BPDU to propose
itself as the designated switch on that LAN. The port role in the proposal message is always set to the
designated port. The sending switch sets the agreement flag in the RSTP BPDU to accept the previous
proposal. The port role in the agreement message is always set to the root port.
Remember that RSTP does not have a separate topology change notification (TCN) BPDU, as does
STP. Instead, it uses the topology change (TC) flag to show the topology changes. However, for
interoperability with 802.1D switches, the RSTP switch processes and generates TCN BPDUs. The
learning and forwarding flags are set according to the state of the sending port.
Basically, the RSTP BPDU format is the same as that of the 802.1D BPDU format. However, one
important change is the protocol version is set to 2. A new one-byte, version 1, Length field is set to
zero, which means that no version 1 protocol information is present. Legacy bridges must drop the new
BPDU due to this version setting. This property makes it easy for an 802.1w bridge to detect connected
legacy bridges.
190
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Improvement in the propagation of topology change information: With RSTP, topology change
information does not have to be propagated all the way to the root bridge and back before unwanted
source address information is flushed from the filtering databases.
191
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
802.1D defined four different port states (blocking, listening, learning, and forwarding), as well as a
disabled state. In 802.1D, the port roles are root port and designated port. With 802.1D, the port state
(basically whether it blocks or forwards traffic) and the ports role in the active topology (root port or
designated port) are coupled, causing confusion at times.
ra
sy
For example, operationally there really is no difference between a port in blocking state and in listening
state. Both must discard frames and do not learn MAC addresses. The real difference between these
two states is the role assigned to the port. You can assume that a port in listening state has a port role
of either root port or designated port, and that it is on its way to the forwarding state. However, once the
port is in forwarding state, you cannot infer from the port state whether the port is root or designated.
En
te
RSTP decouples the role and state of a port. With RSTP, there are only three port states:
Discarding
Learning
Forwarding
The 802.1D disabled, blocking, and listening states are merged into the discarding state in 802.1w.
RSTP has more port roles than STP. The root port and designated port roles remain, but the backup
and alternate port roles are added. A fifth role, disabled port, identifies a port as having no role within
the operation of Spanning Tree. In RSTP, the alternate and backup port roles correspond to the
blocking state in 802.1D. A blocked port is defined as not being the designated or the root port.
192
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
The original 802.1D standard treats the overall topology as a single network, while switches treat
VLANs as completely separate networks. Some of the benefits of configuring multiple VLANs are
sacrificed with this compromise. IEEE 802.1s is a supplement to IEEE 802.1Q that adds the facility for
VLAN switches to use multiple spanning trees, providing for traffic belonging to different VLANs to flow
over potentially different paths within the LAN. 802.1s allows network administrators to assign VLAN
traffic to unique paths. Some or all of the switches in a LAN participate in two or more spanning trees
with each VLAN belonging to one of the spanning tree instances.
En
te
ra
An advantage of MST is that MST is built on top of 802.1w Rapid Reconfiguration with its decreased
time for re-spans within the network.
193
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Where only 802.1d or 802.1w is running, with no failure there is no bandwidth utilization between
switches 2 and 3.
En
te
ra
sy
With 802.1s it is possible to make each switch a root bridge for different spanning tree groups and then
associate a different VLAN with each spanning tree instance. This way we are reducing the likely hood
of a link being over utilised.
194
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
195
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
196
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
In this module, we discussed both 802.1D Spanning Tree Protocol and 802.1w Rapid Spanning Tree
Protocol and the differences between them. We also examined the benefits of Span Guard.
197
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
198
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
199
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
IP is probably the world's single most popular network protocol. Data travels over an IP-based network
in the form of packets; each IP packet includes both a header (that specifies source, destination, and
other information about the data) and the message data itself.
ra
sy
Internet Protocol (IP) technology was developed in the 1970s to support some of the first research
computer networks. Today, IP has become a worldwide standard for home and business networking as
well. Our network routers, Web browsers, email programs, instant messaging software - all rely on IP or
other network protocols layered on top of IP.
En
te
IP supports protocol layering as defined in the OSI reference model. Popular higher-level protocols like
HTTP, TCP, and UDP are built directly on top of IP. Likewise, IP can travel over several different lowerlevel data link interfaces like Ethernet and ATM. IP originated with UNIX networking in the 1970s.
200
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Two versions of IP technology exist today. Essentially all home computer networks use IP version 4
(IPv4), but an increasing number of educational and research institutions have adopted the next
generation IP version 6 (IPv6).
En
te
ra
sy
Because each byte contains 8 bits, each octet in an IPv4 address ranges in value from a minimum of 0
to a maximum of 255.
201
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
IP addresses consist of 32 bits, generally written as a group of four octets separated by periods, in a
format called dotted-decimal notation. The maximum value of any octet is 255 (all bits set to 1), and
certain values (such as 255) are reserved. To assign IP addresses, it is often necessary to understand
the binary value of each octet. This can be done by converting the value of each octet into its binary
equivalent.
202
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
203
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
A Network Layer address identifies both the network a host resides on and the host itself. In most
cases it is not derived from the hardware MAC address in any way. Routers use only the network
address (until the last hop), so they mask off the host portion, leaving only the network identifier. Once
the packet reaches the destination network, some form of address resolution is required to derive the
hosts MAC address so that the packet can be sent to the appropriate Network Interface Card (NIC).
(The NIC is what allows the computer to connect to the network. In modern computers, the port you
plug your Ethernet cable into is one form of a NIC.)
En
te
ra
The first part of a typical Network Layer address identifies the network on which the host resides. This
part is the network number. The second part identifies the device, or host. This part is the node
number. This graphic illustrates the address format used by IP.
Each packet contains an IP address for both the source and the destination. Routers use only the
destination address. The destination host uses the source address in order to send a reply back and
establish a connection or session between end-stations. Routers have no role in creating the
connection; they simply forward datagrams between the hosts.
204
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The IP standards define several classes of IP addresses with different default mask values. Organizations wishing
to connect to the global Internet (that is, nearly all modern enterprises) request one or more network addresses for
their company. These addresses are administered by a central authority to avoid duplication.
Here are the most common IP network classes:
Class A - Used for the largest networks
Default Mask of 8 bits
Network address ranges from 1.0.0.0/8 to 126.0.0.0/8
16,777,214 hosts
The most significant bit (MSB) is set to zero.
ra
sy
En
te
Class B - Used for large and medium-sized networks
65,534 hosts
The first two MSBs equal 10.
Class C - Used for small networks
254 hosts
The first three MSBs equal 110.
205
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
With a few special exceptions explained later, the values of the leftmost four bits of an IPv4 address
determine its class. All Class C addresses, for example, have the leftmost three bits set to '110', but
each of the remaining 29 bits may be set to either '0' or '1' independently (as represented by an x in
these bit positions):
110xxxxx xxxxxxxx xxxxxxxx xxxxxxxx
sy
Converting the above to dotted decimal notation, it follows that all Class C addresses fall in the range
from 192.0.0.0 through 223.255.255.255.
En
te
ra
The IPv4 networking standard defines Class E addresses as reserved, meaning that they should not be
used on IP networks. Some research organizations use Class E addresses for experimental purposes.
However, nodes that try to use these addresses on the Internet will be unable to communicate properly.
The IPv4 networking standard defines Class D addresses as reserved for multicast. Multicast is a
mechanism for defining groups of nodes and sending IP messages to that group rather than to every
node on the LAN (broadcast) or just one other node (unicast). As with Class E, Class D addresses
should not be used by ordinary nodes on the Internet.
206
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Hosts on the Internet or any other IP network are assigned a network number. Network numbering
allows a group of hosts (peers) to communicate efficiently with each other. Hosts on the same network
may be computers located in the same facility or all computers used by a workgroup, for example. Multihomed hosts, that contain multiple network adapters (NICs), can belong to multiple networks, but each
adapter is assigned exactly one network number.
En
te
ra
sy
Network numbers look very much like IP addresses, but the two should not be confused. Consider for
example the host IP address 10.0.0.1, an address commonly used on private networks. Because it is a
Class A address, with no subnetting employed, its leftmost byte (eight bits) by default refer to the
network address and all other bits remain set at zero. Thus, 10.0.0.0 is the network number
corresponding to IP address 10.0.0.1.
The portion of the IP address that does not refer to the network refers instead to the host address literally, the unique identifier of the host on that network.
207
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
208
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
127.0.0.1 is the loopback address in IP. Loopback is a test mechanism of network adapters the
components that connect a device to a network. Messages sent to 127.0.0.1 do not get delivered to the
network. Instead, the adapter intercepts all loopback messages and returns them to the sending
application. IP applications often use this feature to test the behavior of their network interface. As with
broadcast, IP officially reserves the entire range from 127.0.0.0 through 127.255.255.255 for loopback
purposes. Nodes should not use this range on the Internet, and it should not be considered part of the
normal Class A range.
En
te
ra
As with the loopback range, the address range from 0.0.0.0 through 0.255.255.255 should not be
considered part of the normal Class A range. 0.x.x.x addresses serve no particular function in IP, but
nodes attempting to use them will be unable to communicate properly on the Internet
The IP standard defines specific address ranges within Class A, Class B, and Class C reserved for use
by private networks (intranets). The table above lists these reserved ranges of the IP address space.
Nodes are effectively free to use addresses in the private ranges if they are not connected to the
Internet, or if they reside behind firewalls or other gateways that use Network Address Translation
(NAT).
209
k
oo
eB
om
la
ss
ro
lC
ua
irt
Two problems resulted from the previously defined IPv4 Address space partitioning by the IETF:
-V
The lack of support for mid-sized organization. If an organization was assigned a class B address to
use, they could support 64k hosts which may be far to many hosts for the organization. Therefore, a
piece of the IPv4 address space would be wasted if this assignment was made. If an organization was
assigned a class C address, only 254 hosts could be supported which may be too few hosts.
En
te
ra
sy
Route table size was getting too large in Internet routers slowing down packet transmission. Internet
routers need to have complete knowledge of the network topology and must store routes to all networks.
Considering class C addresses alone, this is 2 million network entries, a large number to support in a
route table.
The SOLUTION: Subnetting and VLSM, Variable Length Subnet Masking, and Route Aggregation
(Supernetting)
210
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
A network mask neither works like an IP address, nor does it exist independently from them. Instead,
network masks accompany an IP address and the two values work together.
Applying the network mask to an IP address splits the address into two parts, an "extended network
address" and a host address. All valid network masks contain two parts: the left side with all mask bits
set to '1' (the extended network portion) and the right side with all bits set to '0' (the host portion).
sy
In this example, we know we have a class B address because the leading bits of the address are 10.
The classful network mask is, therefore, two bytes long.
En
te
ra
Logically ANDing the IPv4 address with the classful network results in the classful network address.
211
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The Variable Length Subnet Mask is also a 32-bit number. The number is divided into four octets and
represented in dotted-decimal notation. The rules for applying a subnet mask are as follows:
If the bit value is 1, that bit position is part of the network address.
If the bit value is 0, that bit position is part of the host address.
En
te
ra
sy
As you extend the mask into a given octet, its value changes. A mask that is one bit long has a value of
128; a mask that is two bits long has a value of 192; etc. All the bits of the subnet mask must be
contiguous, reading from left to right.
212
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
In essence, the subnet mask adds a second tier of subnetworks to the existing Class A, B, and C
networks. This allows you, as network administrator, to divide up the IP address the IANA assigns you
into smaller, more efficient subnetworks.
213
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Imagine that you are the network administrator for a company with four buildings, as seen here. Say
you are assigned a Class B address of 130.17.0.0/255.255.255.0 by the IANA. This gives you plenty of
host addresses for your company 65,534 but no way to allocate those host addresses efficiently
across your buildings.
sy
You decide to implement Variable Length Subnet Masking to create four networks. This means you
must extend the network mask by 2 bits, to 255.255.192.0. This gives you four network addresses:
130.17.0.0/255.255.192.0
ra
130.17.64.0/255.255.192.0
En
te
130.17.128.0/255.255.192.0
130.17.192.0/255.255.255.0
Which allows you to put each building on its own IP network.
214
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
By assigning two additional bits to the network portion of the address we gain the ability to create four
subnets, since 22 equals 4. As we increment those two bits a bit at a time, it results in the octet values
you see here.
215
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
216
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
217
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
218
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
IPv6 addresses may be written in any of the full, shorthand or mixed notation illustrated above.
219
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
So how do IP addresses and MAC addresses work together? Consider this example, where Host A and
Host B are on different IP networks.
sy
When the source and destination subnetworks are different, the sending device must send the packet to
its destination via an IP router its default gateway. The sending device creates an L2 header with its
MAC address as the source MAC address and the IP routers MAC address as the destination MAC
address. The IP header contains the source and destination IP address.
En
te
ra
The IP router removes the MAC header and Cyclic Redundancy Checking (CRC), examines the IP
header for the destination address and compares this address to the routers IP routing table. If the
destination network is located or a default route is discovered, the IP router forwards the packet out the
interface towards the final IP destination. The router adds to the packet a new MAC header whose
destination MAC is either the next router down the line or the MAC of the final destination.
These graphics illustrate this process.
The IP Layer on Host A accepts a User Datagram Protocol (UDP) packet destined for Host B and
encapsulates the packet in an IP datagram that includes a source address of 192.168.10.20 and a
destination address of 172.16.20.10.
The Data Link Layer on Host A encapsulates the IP datagram in an Ethernet frame and transmits the
frame to Router A. Note that it places its own MAC address in the Source MAC Address field, and the
MAC address of the router in the Destination MAC address field.
220
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Upon receiving the Ethernet frame, Router A strips off the Layer 2 header and reads the IP address. It
consults its routing table and realizes it must forward this packet to Router B across the 192.168.11.0
network. Router A then encapsulates the packet in an Ethernet frame with its own MAC address, 0000-A2-00-80-08, as the source address; and with Router Bs MAC address, 00-00-A2-00-45-13 as the
destination address. Router A then sends the frame out on the network to Router B.
221
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
Router B receives the Ethernet frame, strips off the Layer 2 information, and reads the Layer 3 address.
Consulting its routing table, Router B notes that it is directly connected to Host Bs network, the
172.16.20.0 network. Router B encapsulates the packet in an Ethernet frame with its own MAC
address, 00-00-A2-00-00-B1, as the source address; and with Host Bs MAC address, 08-00-2B-00-5201, as the destination address. Router B then transmits the Ethernet frame to Host B.
En
te
ra
Note that throughout this process, the Layer 3 information stays the same. Note, too, that the Layer 2
information changes at every hop.
222
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
How do the switches know which Layer 2 address to put in the Ethernet header? You will recall that L2
relies on the hardware MAC address to deliver data to an end-station. Each NIC is programmed to
accept data sent to its address, as well as broadcasts. However, when the last-hop router receives an
IP packet heading for a device on one of its directly connected networks, it does not always know the
MAC address of that device. It may only know that the IP address in the Destination IP field is on a
network it controls.
ra
sy
In this case, the router uses Address Resolution Protocol (ARP) to find out the MAC address of the
destination device. ARP allows stations on a flat network to communicate, even if they initially only
know each others IP address.
En
te
In this example Router B receives a packet destined for the host at 172.16.20.10. It checks its ARP
cache for a MAC address for that IP address but the ARP cache has no entry.
Router B then, using Ethernet, formats and broadcasts a request for the MAC address of station
172.16.20.10, which is the destination end-stations IP address. If the destination node uses the same
Network Layer protocol and is in the same broadcast domain, it monitors the broadcast, recognizes its
Network Layer address in the request, and responds with its MAC address. The sender can now
address a frame directly to the destination NIC. Generally, senders maintain a translation table or
cache of resolved MAC addresses to avoid repeatedly sending the same request every time it has
another packet.
223
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Host B picks up the broadcast and recognizes its IP address in the ARP request. It formulates an ARP
reply, using its own MAC address as the Source MAC, and the routers MAC address as the destination
MAC.
En
te
ra
sy
When the router receives the ARP reply, it now knows the MAC address of 172.16.20.10, and updates
its ARP Cache. Router B can now send the data packet directly to Host A.
224
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
This combination of behaviors stripping off the Layer 2 header of every frame it receives and
processes, and ARPing for a specific MAC address means that the router creates separate Broadcast
Domains out each of its interfaces.
En
te
ra
sy
So for example, if PC C wants to learn PC Ds MAC address and sends an ARP request which is a
broadcast frame the router will hear the frame, strip off the Layer 2 header, and deal with the resulting
packet on the basis of what is contained in the Layer 3 header. Unlike a bridge or switch, the router will
not replicate the frame and forward it onto your other networks.
225
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
226
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
227
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
228
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
229
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
230
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
231
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
232
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
233
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
234
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Most networks consist of multiple routers, sometimes connected over great distances using wide area
networks, or WANs. Routers can only forward packets toward the networks they know about, so a
method is needed for routers to learn about each others networks. This exchange of destination
network information is performed by routing protocols.
235
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
236
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
A routing protocol is a language routers talk to tell each other what they know about the network. In
terms of our analogy, a router gets the information to the correct wire; routing protocols are how
routers tell each other where the wires are and how to get information to them.
A routing protocol is a Layer 3 protocol that determines the route a packet takes within the routed
network. For example, a router port can be configured for IP/RIP or IP/OSPF.
En
te
ra
sy
Routing protocols dynamically exchange information about the internetwork. When a new network is
connected, the protocol advertises its existence and location to the adjacent routers, which in turn readvertise it to their neighbors, until every router has a corresponding routing table entry for the new
destination. In complex networks, there may be many different paths to a given network. The protocol
is responsible for choosing the optimum (generally the shortest) path for each destination.
There are two basic types of routing protocols in common use today:
Distance vector protocols:
Distance vector routing protocols count the distance, normally in hops, to remote networks.
This class of protocol does not usually distinguish between high-speed and low-speed network
connections. A distance-vector protocol usually requires neighboring routers to exchange most
or all of their routing tables at regular intervals. When learning, the router simply increments
each routes cost and stores it.
Link state protocols

Link state protocols exchange information about the network topology, and each router then
computes the optimum paths. Such protocols consume less bandwidth because they only readvertise when network conditions change.
237
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Distance vector is the older and simpler of the two main types of interior routing protocols. A distancevector protocol requires that each router periodically broadcast its entire routing table. When a router
receives such a broadcast, it processes the information and updates its own routing table. The router
may then have to wait until its timer causes it to broadcast its updated routing table.
En
te
ra
sy
The process by which a change in topology is propagated throughout an internetwork is called

convergence. Because of the size of the broadcasts, the potential delays, and the amount of processing
involved, it may take a fair amount of time for convergence to be achieved in an internetwork containing
many routers and WAN links. Also, if changes to the network topology are major and frequent, the
proliferation of routing protocol broadcasts can seriously degrade the performance of a network.
238
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Routing Information Protocol is the most common Distance Vector protocol in IP networks. RIP is easy
to configure you simply turn it on and it works. Each RIP router sends out its entire routing table every
30 seconds; every receiving router examines that table and updates its routing table accordingly.
How RIP works:
IP RIP maximum hop = 15, updates every 30 seconds
sy
IP RIP2 maximum hop = 126, updates every 30 seconds

IPX RIP maximum hop = 15, updates every 60 seconds
ra
Convergence:
En
te
Convergence is the process of agreement, by all routers, on optimal routes. A network route becomes
unavailable. Routing updates permeate the network, resulting in recalculation of routes and eventually
causing all routers to agree on these routes. Routing loops cause slow convergence.
Customer Benefits:
Simple and easy to configure
Good for smaller networks

Industry popularity - original method; therefore, most prominent
239
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
RIP assumes that all links run at the same speed, and only counts hops the number of wires you
have to cross to get from one network to another. For example, consider the network in this graphic.
When PC B wants to send a packet to PC A, Router D will consult its routing table. With RIP, Router D
will put its direct connection to Router A in the routing table it is the shortest distance in terms of hops
and will send the packet from PC B over that direct connection toward PC A, even though the pate to
Router A through Routers B and C is much faster.
240
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Routing Information Protocol (RIP) is a distance vector protocol makes its routing decisions based
solely on distance (hops). RIP does not take into consideration such things as congestion, line speed,
and cost.
A list of routes presently known by a router is broadcast out each RIP-enabled interface every 30
seconds.
sy
RIP allows a maximum of 15 router hops between networks because of the time it takes for all routers to
converge (stabilize their routing tables).
En
te
ra
There are two versions of RIP. Version 1 uses network classes as a basis for mask determination. A
RIP v1 router uses the mask associated with an interface and applies this mask to all received routes to
determine the network portion. RIP v2, on the other hand, does not need to infer this information, since
it includes the network in every route advertisement.
241
k
oo
eB
om
la
ss
ro
lC
ua
irt
The format of the RIP message is:
Command - Specifies either (1) a request for routing information or (2) a response that contains
network-distance pairs from the senders routing table
Version - Contains current protocol version number. The receiver uses this number to verify that
messages are interpreted correctly.
Family of Net 1 - Identifies the protocol family under which the network address is to be interpreted.
IP addresses are assigned a value of 2.
Route Tag (v2) - An attribute assigned to a route that must be preserved and re-advertised with a
route. The intended use of the Route Tag is to provide a method of separating internal RIP routes
(routes for networks within the RIP routing domain) from external RIP routes, which may have been
imported from an external gateway protocol (EGP) or another internal gateway protocol (IGP).
En
te
ra
sy
-V
Subnet Mask (v2) - The subnet mask that is applied to the IP address to yield the non-host portion of
the address. If this field is zero, then no subnet mask has been included for this entry.
Next Hop (v2) - The immediate next hop IP address to which packets to the destination specified by
this route entry should be forwarded. Specifying a value of 0.0.0.0 in this field indicates that routing
should be via the originator of the RIP advertisement.
IP Address of Net 1 - IP address of the first network in the senders routing table
Distance to Net 1 - The number of gateway hops to the network. Values are limited to the range of 1
through 15; 16 is used to signify infinity.
Each RIP message can contain as many as 25 routes.
242
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
How do you decide on a routing protocol for an IP network? The choice for a standards-based protocol
is between RIP and OSPF. Each of these protocols has a place for an Autonomous System. The
secret is to use the one that best fits into the your network.
RIP
This table summarizes the attributes of RIPv2.
En
te
ra
sy
In general, RIP is an easy-to-use routing protocol in small to modest-sized networks that have stable
links. It requires minimal protocol expertise or up-front design effort to function well. However, since
RIP broadcasts entire routing tables, its overhead may be unacceptable in larger enterprises. Also, it
does not adapt to failed network links quickly enough for some mission-critical environments.
243
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Link state routing protocols are designed to overcome the problems that have been experienced using
the older routing protocols in large, rapidly changing internetworks. Link state routing protocols include
the following:
For OSIIntermediate System-Intermediate System (IS-IS)
For IPOpen Shortest Path First (OSPF)
En
te
ra
sy
A router using a link state routing protocol does not have to make any periodic general broadcasts of its
routing table. Instead, it only has to multicast information about changes to its links to other routers.
Because the amount of information sent and processed is so much smaller, updates to network
topology can occur much more quickly, and less broadcast overhead is generated.
244
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
OSPF is the most common Link State Protocol. OSPF is classified as an Interior Gateway Protocol (IGP). This means that it
distributes routing information between routers belonging to a single Autonomous System (AS). The OSPF protocol is based on
link-state information and Shortest Path First (SPF) route computation. This is a departure from the Bellman-Ford basis used by
traditional Transmission Control Protocol/Internet Protocol (TCP/IP) routing protocols such as RIP.
ra
General Features
sy
The OSPF protocol was developed by the OSPF working group of the Internet Engineering Task Force. It has been designed
expressly for the TCP/IP Internet environment, including explicit support for Classless Inter-Domain Routing (CIDR) and the
tagging of externally derived routing information. OSPF also provides for the authentication of routing updates, and utilizes IP
multicast when sending/receiving the updates. OSPF responds quickly to topology changes, yet involves small amounts of
routing protocol traffic.
En
te
Created specifically for use in large IP internetworks, OSPF is one of a number of link state protocols. NLSP and IS-IS are
examples of other link state protocols.
Metric is based on cost. There is no unreachable metric.
Designed to support Classless Inter-domain Routing (CIDR)
Supports numbered and unnumbered point-to-point networks
Equal Cost Multipath (ECMP)
Converges more quickly than RIP. In an OSPF environment, LSAs, not networks, are exchanged. These advertisements
reflect actual network topology information. Distribution of LSAs is triggered by any change in the network and flooded to all
routers.
Can be CPU-intensive, particularly when OSPF is recalculating new routes. Link state database and SPF tree consume
additional memory.
Requires more planning and careful use of network address assignments to use its best features. RIP is plug-and-play.
Uses Dijkstras SPF algorithm
Request for Comment (RFC) 1583/2178/2328 (OSPF version 2) represents the present standard.
245
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
A router running OSPF begins creating its routing table by learning about links, and by putting
the links in a Link State Database (LSDB). Each router begins by creating a database on all
the links to which it is directly connected. For each network to which it is directly connected,
the router generates a network link. For each router that is directly connected to a directlyconnected network, the router generates a router link.
ra
sy
Each OSPF router then begins to send out Link State Advertisements (LSAs) describing the
links it knows about. In a multi-access network, such as Ethernet, the router sends these
LSAs to a Designated Router, which redistributes them to all the other OSPF routers.
En
te
When every router has an identical LSDB, each router runs a routine called Dijkstras
Algorithm that lets it calculate the fastest path from itself to any netowrk it knows about. The
complete set of paths is called the shortest path first tree (SPF tree). Every OSPF router in
the Autonomous System will generate a different SPF tree from the same LSDB.
After the router creates the SPF tree, it builds its routing table. If OSPF is the only routing
protocol the router is running, all of the SPF paths will go into the routing table. If the router is
also running another routing protocol such as RIP or Border Gateway Protocol version 4
(BGPv4), the router will put into the routing table the best known path. OSPF always
assumes it generates the best path. A router running OSPF will default to placing the OSPF
path into the routing table unless you configure it otherwise.
246
k
oo
eB
om
la
ss
ro
lC
ua
irt
This graphic illustrates the basic components of OSPF.
-V
Routers using link state protocols, such as OSPF, do not exchange routing information. They exchange
link state information, which each router maintains in a database describing the domains topology. This
database is called the Link State Database (LSDB), and has the following features:
The database is often displayed in technical literature as a diagram with a graph composed of nodes
and edges.
The Link State Database is a data structure containing Link State Advertisements, or LSAs. Each
participating router has an identical database. Each advertisement in the LSDB was built by one of
the routers in the OSPF domain and sent to every other OSPF (flooding) router.
Using Dijkstras SPF algorithm, and working from the LSDB, each router constructs a tree of shortest
paths with itself as the root (called the SPF tree). All routers run this algorithm in parallel. The SPF
tree gives the route to each destination in the autonomous system. A best OSPF route can be
derived from the SPF tree.
The LSDB does not contain the best routes. The SPF tree derived from this LSDB contains the best
OSPF route.
En
te
ra
sy
247
k
oo
eB
om
la
ss
ro
lC
ua
irt
In a large enterprise with many routers and networks, the Link State Database (LSDB) and routing tables become
large. This is not advantageous because:
Large routing tables consume memory and result in more central processing unit (CPU) cycles being needed to
make a forwarding decision.
Large LSDBs consume memory.
The processing of Link State Advertisements (LSAs) is CPU-intensive.
-V
sy
Dividing the network into OSPF areas can reduce these undesirable side effects.
ra
When a network is broken up into areas:

Routers maintain a separate LSDB for each area.
Routers internal to the area maintain only the LSDB for the area to which they belong.
Area border routers (ABRs) must maintain an LSDB for each area to which they belong.
Networks outside an area are advertised into the area.
En
te
Some advantages of implementing OSPF areas are as follows:
Routers internal to the area incur less overhead.
The impact of a topology change is localized to the area in which it occurs. Although the change is advertised
outside the area, the processing of LSAs and the consequent modification of the SPF tree requires less CPU
overhead.
With careful network address planning, networks within an area can be advertised in the form of a summary.
This reduces the amount of processing on all routers external to the area, and the size of the routing table.
248
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
There are four types of OSPF routers.

Internal Routers
Area Border Routers
Backbone Routers
Autonomous System Boundary Routers
ra
sy
Internal Routers
An internal router is a router with all directly connected networks belonging to the same area. Routers
with only backbone interfaces also belong to this category. These routers run a single copy of the basic
routing algorithm and maintain one SPF for that area.
En
te
Area Border Routers (ABRs)

An ABR is a router with interfaces in multiple areas. ABRs maintain multiple LSDBs, one copy for each
attached area, including the backbone. Note: ABRs must be connected to the backbone.
Backbone Routers
A backbone router is a router with an interface to the backbone. This router can also be an ABR or an
internal router. ABRs are, by definition, also backbone routers.
Autonomous System Boundary Routers (ASBRs)
OSPF views non-OSPF networks as outside its AS and, therefore, external to it. An OSPF router
connected to such networks - Routing Information Protocol (RIP) or Border Gateway Protocol (BGP) - is
an Autonomous System Boundary Router (ASBR). This router has AS external routes that are
advertised throughout the OSPF domain. Every router in the OSPF domain knows the path to each
ASBR router.
249
k
oo
eB
om
la
ss
ro
lC
ua
irt
Dividing the network into OSPF areas offers several benefits.
-V
A router maintains an LSDB for the area it is in. Dividing your network into areas means that internal
routers have smaller LSDBs than they would otherwise.
En
te
ra
sy
Areas allow you to create an IP addressing scheme that you can summarize. If you create summary
routes for each area, and advertise those summary routes into other areas, then topology changes in
one area do not propagate into other areas.
250
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
When you create an OSPF network, you must create at least one area, and designate that area as the
backbone. If you create more than one area, you must designate one area as the Backbone Area and
give it an Area ID of 0. Your non-backbone areas must connect to the backbone area and only to the
backbone area; non-backbone areas must not connect to each other. Packets flowing from one nonbackbone area to another cannot go directly to the destination area; they must cross the backbone first.
251
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
A Virtual Backbone Link allows you to keep to the rules of OSPF areas, but connect geographically
distant areas to the backbone. In our example, a bank in New York already has a physical link between
its area in London and its Backbone Area in New York. It acquires a bank in Paris. Rather than
creating a new physical connection between Paris and New York, the IT department implements a
Virtual Link through the London area that uses the physical London-to-New York connection. Packets
that leave Area 3, in Paris, flow across the Virtual Link to the Backbone Area. If those packets are
destined for networks in Area 1, they flow from Area 3 across the Virtual Link to Area 0, then back into
Area 1.
252
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
253
k
oo
eB
om
la
ss
ro
lC
ua
irt
Link State Advertisements
-V
The six types of LSAs represent a piece of the OSPF network:

The Router links advertisement - Type 1
Describes a routers links to the network. It is passed only within an area.
The Link state ID of an LSA Type 1 = The originating routers router ID.
sy
The Network links advertisement - Type 2

Describes a multi-access network. It is passed only within an area.
ra
The Link state ID of an LSA Type 2 = The IP interface address of the networks designated router (DR).
En
te
The Summary link advertisement - Type 3

Describes networks within an area. It is passed between areas.
The Link state ID of an LSA Type 3 = The destination networks IP address.
The AS summary link advertisement - Type 4

Describes a path to the AS boundary router (ASBR). It is passed between areas.
The Link state ID of an LSA Type 4 = The router ID of the described ASBR.
AS external link advertisement - Type 5
Describes external destinations originated on an ASBR. It is passed between areas.
AS external link advertisements in NSSA - Type 7
Describes external destinations originated on an ASBR in an NSSA. Type 7 links are translated at ABRs
into Type 5 advertisements.
254
k
oo
eB
om
la
ss
ro
lC
ua
irt
Why Form Adjacencies Between Routers?
-V
OSPF creates adjacencies between neighboring routers to exchange LSDB information.
Forming an Adjacency
It uses the Hello protocol to determine if two routers are to become adjacent. The Hello protocol verifies that both
routers are in the same area, have the same interface timers and network mask, and their router capabilities
match. If all of these tests are passed, the routers may then exchange link state information.
sy
The general process that OSPF routers use to form an adjacency is described below. For more detailed
information about this process refer to RFC 2328.
En
te
ra
Routers A and B exchange hello packets. Based on the contents, A and B decide whether to become fully
adjacent.
Routers A and B compare LSDBs by exchanging database description packets. These packets do not provide
enough detail to actually update the database, only enough detail to find out which LSAs are not yet in the local
database and which LSAs presently in the database are out of date.
Each router updates its database by transmitting a link state request to the other router. The request is considered
fulfilled when a link state update is received containing the requested LSAs. Each router updates its database with
information it considers better than what it already has. A sequence number contained in each LSA determines
what constitutes better information. The receipt of each LSA is acknowledged by using the link state ACK packet.
When this process is complete, the adjacency is formed, the link state databases are synchronized, and the
Neighbor State is Full.
The two routers continue to exchange Hello messages, maintaining their adjacency. Any LSA learned by a router
is propagated to its neighbors, otherwise the link is quiescent.
255
k
oo
eB
om
la
ss
ro
lC
ua
irt
This graphic illustrates neighbor states.
-V
The conversation between neighboring routers has defined states. On the router, you see some
of these states when you view the log or trace file. The states that can exist between neighboring
routers are:
sy
Down - This is the initial state of a neighbor conversation. There has been no recent information
received from the neighbor. This appears only for statically configured neighbors.
ra
Attempt - This state only occurs on non-broadcast networks. It indicates that no recent
information has been received from a neighbor.
En
te
Init - A hello packet is seen from the neighbor but bi-directional communication is not established
with the neighbor.
Two-Way - Communication between the two routers is bi-directional. This occurs when router A
receives router Bs hello and sees itself listed as a neighbor.
ExStart - This is the first step in creating an adjacency. A master or slave relationship is
negotiated, governing the subsequent message exchange.
Exchange - The router is describing its entire LSDB by sending database description packets to
the neighbor. The router with the highest router ID becomes the master.
Loading - Link state request packets are sent to the neighbor asking for more recent
advertisements that were learned but not received, and link state updates are sent in response.
Full - The neighboring routers are fully adjacent, and the LSDBs are identical.
256
k
oo
eB
om
la
ss
ro
lC
ua
irt
Adjacencies in a Broadcast Network
-V
An adjacency is an agreement to exchange database information. Forming an adjacency can be bandwidthintensive and resource-intensive.
In a multi-access environment such as an Ethernet network, having all routers maintain adjacencies with all other
routers within a broadcast domain requires unnecessary overhead.
sy
In this graphic, if Router A is adjacent to Routers B, C, and D, their LSDBs are identical. Therefore, there is no
need to form adjacencies between Routers C and D, B and D, or B and C.
Multi-Access Networks and the Designated Router
En
te
ra
To reduce overhead in multi-access environments, a Designated Router (DR) is elected using information
contained in the same hello messages used to form an adjacency.
In the Hello message, the highest router priority parameter value dictates which router becomes the DR. In the
case of equal router priorities, the router with the highest router ID (a global OSPF parameter) becomes the DR.
When a routers interface is initialized, it checks for a DR. If one already exists, the router defers to it, regardless of
its configured priority.
The DR maintains adjacencies to all routers on the same physical network. This router sends link state updates to
the multicast AllSPFRouters address (224.0.0.5). This eliminates the need to send a separate update to the
address of each adjacent router.
Non-DR Routers and a Backup Designated Router (BDR)
Routers that are not the DR send updates to the AllDRouters address (224.0.0.6).
A router can be prevented from becoming the DR by setting its router priority value to 0.
A Backup Designated Router (BDR) is also elected in case the DR fails. All routers, including the DR, become
adjacent with a BDR.
257
k
oo
eB
om
la
ss
ro
lC
ua
irt
Routers Forming an Adjacency
-V
A router attempts to form an adjacency in the pattern below:

On a point-to-point network, it forms an adjacency with the router at the other end of the network.
En
te
ra
sy
On a multi-access network, it forms an adjacency with the designated router (DR) and the backup
designated router (BDR).
258
k
oo
eB
om
la
ss
ro
lC
ua
irt
OSPF
-V
This table summarizes the attributes of OSPF.
In general, OSPF is better suited to larger enterprise networks. The ability of OSPF to restrict the effect
of topology changes to a single area, its use of metrics reflecting the true speed of a link, and its greater
control over summarization, route importing, etc., make it a clear winner in large networks.
En
te
ra
sy
OSPF does require more planning, and experienced network management teams to monitor its
performance. These requirements may lead to higher implementation costs.
259
k
oo
eB
om
la
ss
ro
lC
ua
irt
The Border Gateway Protocol (BGP) is an inter-domain routing protocol that provides loop-free inter-domain
routing either between autonomous systems or within an autonomous system (AS).
-V
Once configured, BGP systems exchange network layer reachability information (NLRI) with other BGP systems
for the purpose of constructing a graph of AS connectivity. BGP uses this information to prune routing loops and
enforce AS-level policy decisions.
sy
BGP RFCs
BGP provides features that allow you to consolidate routing information and to control the flow of BGP updates.
RFC1771: A Border Gateway Protocol (BGP-4)
RFC1772: Application of the Border Gateway Protocol in the Internet
RFC1773: Experience with the BGP-4 protocol
En
te
ra
RFC1774: BGP-4 Protocol Analysis
RFC1965: Autonomous System Confederations for BGP (Updated by RFC3065)
RFC1966: BGP Route Reflection (alternative to full mesh IBGP)
RFC1997: BGP Communities Attribute
RFC2270: Using a Dedicated AS for Sites Homed to a Single Provider
RFC2385: Protection of BGP sessions via the TCP MD5 signature option
RFC2439: BGP Route Flap Damping
RFC2858: Multiprotocol Extensions for BGP-4 (obsoletes RFC2283)
RFC2918: Route Refresh Capability for BGP-4
RFC1745: BGP-4/IDRP for IP/OSPF interaction
260
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Primary difference in IGP and EGP protocols is how the best possible path is determined for a given
route IGP determines best route by established metric for the complete path. RIP utilizes hop count as a
metric to determine the best route. OSPF can utilize metrics such as various interface costs to
determine the best route.
sy
EGP directs a path from source AS to destination AS without complete path knowledge (through the
AS):
Cannot advertise a default route
ra
Cannot advertise subnets

Must be able to handle very large routing tables
En
te
EBGP BGP peers reside within separate Autonomous Systems.

IBGP BGP peers reside within the same Autonomous System.
Advertising rules
Routes learned by an EBGP neighbor can advertise Network Layer Reachability Information
(NLRI) to an IBGP neighbor.
Routes learned by an IBGP neighbor can advertise NLRI to an EBPG neighbor.
Routes learned by an EBGP neighbor can advertise NLRI to another EBGP neighbor.
Routes learned by an IBGP neighbor cannot advertise NLRI to another IBGP neighbor.
261
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
BGP Path Vector Protocol:
Similar to Distant Vector protocols however, BGP utilizes a list of AS numbers to describe the path that
a packet should take rather than the one with the least amount of hop counts.
En
te
ra
sy
Routing loops are avoided since the router would see its AS in the packet and would reject it.
262
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
The Border Gateway Protocol (BGP), documented in RFC 4271, is the standard protocol for routing
between administrative domains. BGP refers to an administrative domain as an Autonomous System
(AS). BGP is an exterior gateway routing protocol (EGP). BGP exchanges routing information among
neighboring routers in different autonomous systems. An autonomous system is a set of routers under a
single administration. AS numbers supported are 1 to 4294967295. An AS typically uses a single
Interior Gateway Protocol (IGP), such as OSPF, to propagate routing information among its routers. A
BGP system establishes sessions with neighboring routers, or peers, and maintains a database of
network reachability information that it exchanges with its neighbors via update messages.
263
k
oo
eB
om
la
ss
ro
lC
ua
sy
-V
irt
A Autonomous System (AS) is collection of networks with the same routing policy, Usually running a
single routing protocol (IGP) within the interior. Typically under a single ownership and administration.
Originally identified by a unique AS numbers (1-65535) As of January 2009 expanded to
4,294,967,296. (See RFC 4893, BGP Support for Four-octet AS Number Space) AS numbers 64512
through 65534 are designated for private use.
En
te
ra
The above topology would be managed by a single entity such as a large service provider or private
corporation. The organization that owns the AS would determine which Interior Gateway Protocols
(IGPs) were run in the interior, and how the AS interfaced with other Autonomous Systems.
264
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Interfacing two Autonomous Systems typically involves the use of BGP. When routers from two different
Autonomous Systems peer using the BGP protocol, the connection is referred to as an External Border
Gateway Protocol or EBGP session. Typically, the routers will share a common subnet and physical
connection for EBGP peering purposes.
265
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
266
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
267
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
268
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
269
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The purpose of network management is to automate the process of monitoring and adjusting the
performance of a network, and to provide reports about network activity. Network management focuses
on managing the devices that allow the different types of connections to happen on the networkhubs,
bridges, switches, routers, and gateways. Network managers are concerned with keeping the network
up and running and optimizing performance.
En
te
ra
sy
Once a network is installed, the process of managing the network immediately begins. Network
management requires balancing a number of different tasks, from physical hardware configuration to
planning, reporting, and troubleshooting. Fortunately, network managers have a variety of tools at their
disposal to facilitate this process, including software built into network systems, network management
software tools, and network analyzers, among others.
270
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The network manager can learn a lot about his or her network from the information that is found on the
devices. There is information in the devices that will tell a manager about the traffic on the network,
letting him know when peak usage times are, or where bottlenecks are, and so on.
En
te
ra
sy
The network manager can also learn how the equipment is functioning, what ports are active or inactive, what is connected to what, who the users are that are on the network, and so on. All of this
information helps a manager run his or her network more proactively, and therefore more efficiently.
Having the right information allows a network manager to respond to problems as they occur, or even in
some cases before they occur.
271
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
A good network management system must provide the kind of information a network administrator
needs to complete each of these kinds of tasks.
272
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Network management software monitors the operation of the entire network. During monitoring, the
network management software collects operating information from individual devices on the network.
For instance, it may track the amount of data a router is passing. The network management software
organizes this data and presents it in a chart, graph, or gauge so it is easy for the network administrator
to analyze.
Operations management has these benefits:
En
te
ra
sy
After receiving the performance data for the router, the network administrator can determine when that
router is becoming overloaded before users experience delays on the network. The administrator can
take steps, such as adding a Layer 2/Layer 3 switch, so the router doesnt cause poor network
performance.
The network administrator can anticipate and resolve problems before they impact users. This keeps
network users working at their most productive, and improves user confidence in the network.
Because the management system collects operations data automatically, the network administrator
does not spend hours monitoring and recording that data manually.
The administrator can monitor the entire network without leaving the office.
273
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Databases built into the network management software track device location and configuration. In some
cases, these databases can be updated automatically by the network management system when a
configuration changes.
These databases streamline asset and configuration tracking in these ways:
Asset tracking is done from a console, rather than walking around with a clipboard.
sy
As assets move, the network management system automatically updates the asset database.
ra
A network administrator can track assets and configurations in remote locations without leaving
his office.
En
te
For instance, if a company decides to upgrade all copies of its software package to the next version, the
network administrator can search the database for a list of all that software on the network. This list
simplifies locating all the software for the upgrade, saving the administrator time and the company
money.
274
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Consider a model where we have users on one side trying to get to resources on the other side, with
some sort of infrastructure in the middle, we can plug into this model the main components of a network
management system.
There is the Network Management Station,where the management application resides. This workstation
is the network managers window into the network.
sy
The Network Management Station is connected to the network, and utilizes the network to reach the
resources it needs to reach, or the network devices.
En
te
ra
The equipment represents the network devices, things such as hubs, switches, or routers. It could be
any sort of hardware that the manager might want to gather information about.
275
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
All network management tools are trying to do the same general things. The three things any network
management systems do are:
1. Collect dataThe network management station has to be able to gather data from the
equipment that is out on the network.
sy
2. Transport dataOnce data has been acquired, the data needs to be moved from the devices
where it resides, through the network, and back to the network management station where the
manager can view it.
En
te
ra
3. Present resultsThe data that has been collected and transported back to the management
station must be presented in some way that the manager knows what he is being told about the
state of his hardware. In some cases, this step may also include some analysis of the data.
This is similar to the way information is communicated in a small company. The staff people collect
information about their particular responsibilities. They analyze that information and take it to a meeting
with the company president.
276
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Management station or consoleThe management station is connected to the network like any other
device. It is usually a PC or UNIX workstation that is dedicated to the management function. The
management stations main job is to provide the network manager(s) an interface that allows them to
view and act upon the information that is gathered by the management system.
En
te
ra
sy
Management AgentThe management agent is usually a small piece of software or firmware that
resides in the device that is to be managed. It makes the attributesthe characteristics and current
state of the managed deviceavailable to the management station. When the management station
requests information about a managed device, the agent references a list of items or objects about
which it can gather information. The collection of these objects is called the management information
base.
Management Information BaseThe MIB is like a laundry list of information that the agent can collect.
The agent references the MIB to know what attributes or objects can be gathered about it. For example,
lets say the network administrator wants to see how many active links are on a hub. From his/her
screen the administrator will make a request for information. This request will travel to the managed
devices agent via the Simple Network Management Protocol (SNMP). The agent will reference its MIB
to see if it can gather the requested information; it can, so it gets the information and sends it to the
management console via the SNMP protocol.
277
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The components in any network management system always interact in the same general way. They
relate to each other in what is known as a Manager/Client relationship, where the management station
with the management application is the manager requesting information, and the agents are the clients,
who respond to the requests made by the management station.
ra
sy
The network devices have components called agents and Management Information Bases (MIBs). The
Network Management Station (NetSight in the Enterasys environment) has something inside it called a
MIB browser-something that allows NetSight to read and interpret the MIB information delivered to it
from the agents.
En
te
Responding to a request for information from NetSight, the agent goes to the appropriate MIBs and
collects the information, and passes it back to NetSight. The MIB browser in the management
application has dictionaries that allow it to interpret what those MIBs say, and then display that
information in the form of a text message that the network manager can read.
The entire process has allowed the management station to request information from devices, have that
information delivered, then interpreted, and then displayed in what might be a text message or even the
form of a GUI. The network manager now has his window into the network.
278
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Once the agent has collected data in the MIB, that data is available for use by the management system.
The data is transported between the device, agents, and the management system according to a set of
rules. This set of rules is the protocol called Simple Network Management Protocol (SNMP).
En
te
ra
sy
SNMP is the most efficient and widely used protocol for network management in personal computer
networks. There are other network management protocols, but they are more complex and powerful
than what is needed for local and wide area networks.
279
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
Lets look at this information that is being passed from the equipment back to the manager. These MIBs
are what the manager wants to get because they are databases of information on certain attributes of
the device. Looking closer at these MIBs though, there are some different kinds, standard or
proprietary.
ra
sy
If the management station has a standard MIB browser, then it will be able to read and interpret all the
standard MIBs on a device. Standard MIBs are a group of MIBs that are shared among many different
devices, even if they are made by different vendors. An example would be the Remote MONitoring
(RMON) MIBs, which contain information specifically about network traffic.
En
te
Some MIBs are proprietary, which means that they contain information that is particular to that
companys devices. For example, we might have a MIB that allows you to find out how long a certain
module has been running in a certain slot on one of our chassis devices. If a management stations MIB
browser doesnt support that MIB, it can get the MIB but wont be able to interpret it, or convert the
information contained in it into a text or graphical message. In this case, the network manager may
need to go to that companys website to try do download that MIB if it is available.
280
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
An example of a standard MIB is MIB II. MIB II is a collection of objects, or attributes, that are contained
on any device that is MIB II compliant, no matter who the vendor is. This means that any management
system that includes MIB II will be able to get information on the attributes contained in MIB II from our
piece of hardware.
281
k
oo
eB
om
la
ss
ro
lC
ua
irt
SNMP has two major components used for network management:
-V
Management Information Base (MIB)

Object Identifiers (OIDs)
sy
In order for the SNMP agent to provide information to the manager when it is requested, both the
manager and the agent need to know what kind of information the agent collects. The totality of what the
agent knows about the device on which it resides in contained in a Management Information Base, or
MIB.
En
te
ra
A Management Information Base (MIB) is defined in SNMP. A MIB is a data file that contains a
complete collection of all the objects that are managed in a network. A particular device will have many
objects that describe it. Objects are defined as variables that hold information about the state of some
process running on a device or that include textual information about the device (such as name and
description). This information is strictly defined to enable different management systems to access and
manage the information.
282
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
To obtain device information from the management information base, the manager requests the specific
information it wants using the objects addressthat is, its Objective Identifier (OID). Since each branch
and node in the MIB hierarchy has an associated number, it is easy to calculate an OID for a specific
object. For example, if the manager requested information on the devices uptime, it would send a Get
command to the agent using the OID string 1.3.6.1.2.1.1.3 which tells the agent to move down the MIB
tree in the following fashion: iso(1).org(3).dod(6).internet(1).mgmt(2).mib-II(1).system(1).sysUpTime(3)
283
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
Out-of-band management is effective if you happen to be in close range of the device you want to
monitor. Checking multiple devices in a network can be very time consuming, especially if the network
devices span buildings. With out-of-band management, each vendors device has to have a proprietary
console cable from the console management port to the management terminal. Thus, not only do you
have to be physically at every device, a cable to fit every device is needed as well.
284
k
oo
eB
om
la
ss
ro
lC
ua
irt
SNMP provides in-band management via the network, allowing you to monitor the network from one
common interface. With SNMP:
-V
A network administrator can access and manage network devices remotely, over the network, without
having to physically be at the device.
You can manage multiple network elements at once.
sy
You can have one or more managers (management stations).
En
te
ra
SNMP enables network administrators to manage network performance, find and solve network
problems, and plan for network growth.
285
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
SNMP communities are similar to the concept of user groups. An SNMP community is the relationship
between the agent and one or more managers used to control access to the device.
sy
Read Only (RO)
If the community name is known by the agent, then the sender (manager) is authenticated as a member
of the community. SNMP uses simple authentication mechanisms. The community name is placed in
the SNMP request without security coding. There are three access levels:
Read Write (RW)
ra
Superuser (SU)
En
te
The slide shows an example of an agent community names table. The community names included are:
Public, with access level Read Only (RO)
Diagnostic, with access level Read Only (RO)
Admin, with access level Read Write (RW)
In this example, the Public and Diagnostic communities will not send traps; the Admin community will
send traps.
286
k
oo
eB
om
la
ss
ro
lC
ua
irt
SNMPv1 is a simple request-response protocol. It is termed simple because there are only five basic
commands involved in SNMP operation:
-V
Management to agent commands
Get: Used by the manager to retrieve object instance vlaues from an agent.
Get-Next: Used by the manager to retrieve subsequent instances after the first instance.
sy
Set: Used by the manager to change values for object instances within an agent; no response is
required from the agent.
ra
Agent to manager commands
En
te
Get Response: Response from agent to manager with information requested via the Get command.
Trap: An agent can send a trap to a manager. This is an unsolicited message, rather than a polling
response. A trap contains information about an event, which is an operational irregularity, such as a
variable exceeding an acceptable value or range.
287
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The evolution to SNMPv2 was stimulated by the Internet communitys need for an upgrade to SNMPv1 that
provided authenticated security and addressed the performance and functionality needs of distributed networks (in
which devices could act as both manager and agent for manager-to-manager communications). Although the
standard for authenticated security was not implemented until SNMPv3, the release of the SNMPv2 standard
provided many enhancements over SNMPv1, including, but not limited to:
Improving the efficiency of gathering management information from devices
sy
Defining standards for SNMP trap controls and proxy: two areas that suffered from non-interoperable approaches
in SNMPv1
En
te
ra
One other key change implemented in SNMPv2 was the ability for systems to act as both manager and agent. In
its agent role, such a system will accept commands from a superior management system; these commands may
deal with access to information stored locally at the intermediate manager or may require the intermediate
manager to provide summary information about agents subordinate to itself. In addition, an intermediate manager
can issue trap information to a superior manager.
As shown, two new PDUs were implemented to improve information gathering efficiency and trap controls: GetBulk
and InformRequest.
The GetBulk operator improves the efficiency of gathering management information from devices, both in the size
of information that can be retrieved (such as router tables) and the efficiency with which the information can be
retrieved. It has been reported that SNMPv2c requests are 10-20% faster than SNMPv1. GetBulk operates just like
a GetNext request but allows the manager to request much larger sets of information with a minimal number of
protocol exchanges.
The InformRequest acts like a confirmed trap, sending trap type information from one manager system to another.
Whereas a trap is sent just once, a device acting as a manager will send trap type information to a network
management station and wait for acknowledgement that NetSight has received the notification. It will continue to
resend the event notification until NetSight responds with an acknowledgement receipt.
288
k
oo
eB
om
la
ss
ro
lC
ua
-V
irt
The security deficiency of both SNMPv1 and SNMPv2 was finally fixed with the release of the SNMPv3
standard. Designed to enable better support of the complex networks being deployed in recent years
and additional requirements of applications used in networked environments, SNMPv3 defined
standards for both enhanced security and administration.
ra
sy
The most noteworthy enhancement in SNMPv3 is the strong security protection it provides for remote
management, protecting SNMP itself from being used to automate exploiting cascading vulnerabilities.
As defined in RFCs 2571-2575, SNMPv3 added robust user-level authentication, message integrity
checking, message encryption, and role-based authorization.
En
te
To understand how these security enhancements are implemented, we need to take a look at the
architecture of SNMPv3.
289
k
oo
eB
om
la
ss
ro
lC
ua
En
te
ra
sy
-V
irt
SNMP is the most widely-used network management protocol on TCP/IP-based networks. SNMP
versions 1 and 2, however, lack the security features (notably authentication and privacy) that are
required to fully exploit SNMP. All Enterasys Networks switches support SNMP versions 1, 2,3 (SNMP
v1/v2). In RFC 2274 (User-based Security Model for SNMPv3), the implementation of the Message
Processing Model within the Message Processing Subsystem and its interaction with the Security
Subsystem for SNMPv3 is defined, named User-Based Security Model (USM). The main idea is that
we use the traditional concept of a user, identified by a user name, with which to associate security
information. For packet transmission, Message Processing Subsystem accepts SNMP PDUs from
application layer, and encapsulates them in SNMP messages by inserting configured security-related
parameters in the Message Processing Model header If the Message Processing Model is specified to
be USM, a USM message header is also added after the Message Processing Model header for the
specification of attributes for message authentication and encryption. For packet reception, USM
processes received security-related parameters indicated in the Message Processing Models header,
and USM header if specified, for security validation purposes .
290
k
oo
eB
om
la
ss
ro
lC
ua
irt
The User-Based Security Model (USM) is designed to secure against the following principal threats:
-V
Modification of Information :Alteration of in-transit message content

Masquerading :- Authorized access attempt by spoofing source
Message Stream Manipulation:- Manipulation of in-transit message delivery
Disclosure:- Compromising of data confidentiality
sy
USM is not intended to secure against the following two threats:
ra
Denial of Service:- Prevention of data exchanges between a manager and an agent

Traffic Analysis:- Observation the general pattern of traffic between managers and agents
En
te
An SNMPv3 user can manage a device under one of three Security Levels:
noAuthnoPriv - no authentication, no privacy
authNoPriv - authentication, no privacy
authPriv - authentication and privacy
Creating a new user may involve the assignment of passwords, so it should be accomplished
via a secure method. A new user can be created using the CLI.
In RFC 2275 an implementation of the Access Control Subsystem for SNMPv3 is defined, named Viewbased Access Control Model (VACM). VACM defines mechanisms for determining whether access to a
managed object by a remote principal should be allowed. VACM has the responsibility for checking
whether a specific type of access (read, write, or notify) to a particular object (instance) is allowed.
291
k
oo
eB
om
la
ss
ro
lC
ua
irt
Once an SNMPv3 user/community name is created, it must be associated with a VACM group and one of three Security Models:
For SNMPv1 and SNMPv2, a community name is associated to either the SNMPv1 or SNMPv2 security models
-V
For SNMPv3, an SNMPv3 user is associated to the USM security model

All users in a VACM group have the same access rights for an indicated Security Level, which allows for logical categories of
users.
The following command associates an SNMPv3 user to a VACM group and a SNMP Security Model.
sy
For SNMPv1 and SNMPv2, the community string is associated to a group

C3(switch-rw)-> set snmp group groupname user user security-model {v1 | v2c | usm} [volatile |nonvolatile]
ra
Setting Security Access Rights for a VACM Group/Security Level/Security Model
En
te
A new VACM group must be initialized with access rights.Access rights for a VACM group/Security Model/Security
Level are specified by a read view, write view, and notify (traps) view, defined by:
Security model which must be used
Security level (minimum) which must be used
Read view name the set of MIBs that can be read
Write view name the set of MIBs that can be modified
Notify view name the set of traps that can be received
The following command specifies access rights for a VACM group/model/level
C3(switch-rw)-> set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication |
privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile]
Set the attributes of a view by defining the view tree family

A view is configured with one or more rules that either include or exclude a MIB subtree
A subtree is defined as the set of all MIB objects with the same OID prefix
Also, a mask can be defined for a subtree as a wildcard feature
292
k
oo
eB
om
la
ss
ro
lC
ua
irt
1. Setting SNMP Target Parameters for SNMP Notification Message Generation
-V
A named set of security/authorization criteria used to generate a SNMP notification

message to a target.
SNMP notifications are SNMP v1 and v2 traps or SNMPv3 inform messages

transmitted to all configured management targets.
ra
sy
A target parameter entry can be bound to a target IP address to which SNMP

notification messages are sent using the set snmp targetaddr command
En
te
The following commands configures SNMP target parameters used in the formatting of
generated SNMP notification messages
C3(switch-rw)-> set snmp targetparams paramsname user user security-model
{v1 | v2c | usm} message-processing {v1 | v2c | v3} [noauthentication |
authentication | privacy] [volatile | nonvolatile]
2. Setting SNMP Target Addresses for SNMP Notification Message Generation

An SNMP target address configuration entry is linked to SNMP target parameters
(such as timeout, retry count, and UDP port) by configuring an SNMP target parameter
entry for the formatting of generated SNMP notification messages
293
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
294
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
295
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
296
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
297
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
298
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
299
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
300
k
oo
eB
om
la
ss
ro
lC
ua
irt
-V
s
sy
ra
En
te
301

Networking Fundamentals Student Guide v6.0 (Ebook)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Networking Fundamentals Student Guide v6.0 (Ebook)

Uploaded by

Copyright:

Available Formats

Enterasys Educational Services

Terms & Conditions of Use:

For additional information refer to:

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

Electronic Industries Alliance/Telecommunications Industry Association (EIA/TIA). The TIA is an

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

So to describe the seven layers in technical terms:

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

The TCP/IP Suite has four layers:

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

At the Application Layer are tools that either:

Dynamic Host Configuration Protocol

Some other common Application Layer protocols are:

Lightweight Directory Access Protocol

Real-time Transport Protocol

Remote Authentication Dial-In User Service

Session Initiation Protocol

Network Time Protocol

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

HyperText Transport Protocol Secure/Secure Sockets Layer (HTTPS/SSL) is encrypted HTTP. It

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

ACK: The other device acknowledges the FIN message.

ACK: The first device acknowledges the FIN message it receives.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

2014 Enterasys Networks, Inc. All rights reserved.

At the Network Interface Layer, some common protocols include:

Multi-Protocol Label Switching (MPLS)