Network Warrior by Gary A. Donahue Publisher: O'Reilly Pub Date: June 01, 2007 Print ISBN-10: 0-596-10151-1 Print ISBN-13: 978-0-59-610151-0 Pages: 598
--read online at Safari Books Online via SPL
Part I: Hubs, Switches, and Switching
Chapter 1. What Is a Network?
Local Area Network (LAN)
A LAN is a network that is confined to a limited space, such as a building or floor. It uses short-range technologies such as Ethernet, Token Ring, and the like. A LAN is usually under the control of the company or entity that requires its use.
Wide Area Network (WAN)
A WAN is a network that is used to connect LA Ns by way of a third-party provider. An example would be a frame-relay cloud (provided by a telecom provider) connecting corporate offices in New York, Boston, Los Angeles, and San Antonio.
Campus Area Network (CAN)
A CAN is a network that connects LA Ns and/or buildings in a discrete area owned or controlled by a single entity. Because that single entity controls the environment, there may be underground conduits between the buildings that allow them to be connected by fiber. Examples include college campuses and industrial parks.
Metropolitan Area Network (MAN)
A MAN is a network that connects LA Ns and/or buildings in an area that is often larger than a campus. For example, a MAN might be used to connect a company's various offices within a metropolitan area via the services of a telecom provider. Again, be careful of absolutes. Many companies in Manhattan have buildings or data centers across the river in New Jersey. These New Jersey sites are considered to be in the New York metropolitan area, so they are part of the MAN, even though they are in a different state.
Chapter 2. Hubs and Switches
2.1. Hubs
A broadcast domain is the area of an Ethernet network where a broadcast will be propagated. Broadcasts stay within a layer-3 network (unless forwarded), which is usually bordered by a layer-3 device such as a router. Broadcasts are sent through switches (layer-2 devices), but stop at routers.
2.2. Switches
Running the show mac-address-table command on an IOS-based switch displays the table of MAC addresses and the ports on which they can be found. Multiple MAC addresses on single port usually indicate that the port in question is a connection to another switch or networking device:
sho mac-address-table | include 0013.bada.d1ca (for example) - shows only the one mac address and its associated port - for IOS
show cam 00-00-13-ba-da-d1-ca --for Cat OS
fixed configuration switches (like 2900 series) have let backplane capacity (backplane is the total throughput on a given circuit board). 32gb/s vs up to 720gb/s for some modular switches
Chapter 3. Auto-Negotiation
If I had to list the most common problems I've seen during my years in the field, auto-negotiation issues would be in the top five, if not number one.
3.1. What Is Auto-Negotiation?
Auto-negotiation is the feature that allows a port on a switch, router, server, or other device to communicate with the device on the other end of the link to determine the optimal duplex mode and speed for the connection. The driver then dynamically configures the interface to the values determined for the link.
Speed: rate of the interface (mbps or gbps)
Duplex: half=only transmit or receive, not both simultaneously (like walkie-talkie), full=send and receive at same time (like telephone)
For autonegotiation to work both ends must be using it (it is a protocol, so it doesn't just match the other side)
3.3. When Auto-Negotiation Fails When auto-negotiation fails on 10/100 links, the most likely cause is that one side of the link has been set to 100/full, and the other side has been set to auto-negotiation. This results in one side being 100/full, and the other side being 100/half.
3.5. Configuring Auto-Negotiation
#config t (config)#int fa 0/1 (0/1 is an example) (config-if)#duplex ? or speed ? --must configure speed before duplex
Chapter 4. VLA Ns
Virtual LA Ns, or VLA Ns, are virtual separations within a switch that provide distinct logical LA Ns that each behave as if they were configured on a separate physical switch. Before the introduction of VLA Ns, one switch could serve only one LAN. VLA Ns enabled a single switch to serve multiple LA Ns. Assuming no vulnerabilities exist in the switch's operating system, there is no way for a frame that originates on one VLAN to make its way to another.
Trunks are links that carry frames for more than one VLAN.
If you need to connect two vlans you need to use a router even if they are on the same switch. The exception is if you have a layer-3 switch. It handles the routing between the vlans internally
4.2. Configuring VLA Ns
2950-IOS# conf t Enter configuration commands, one per line. End with CNTL/Z. 2950-IOS(config)# vlan 10 2950-IOS(config-vlan)# name Lab-VLAN
2950-IOS:show vlan --shows which ports are assigned to a given vlan
Assigning ports to VLA Ns: 2950-IOS(config)# int f0/1 2950-IOS(config-if)# switchport access vlan 10 2950-IOS(config-if)# int f0/2 2950-IOS(config-if)# switchport access vlan 10
Chapter 5. Trunking
trunking is only a layer-2 protocol. TCP doesn't support trunking neither does ethernet. for 2 switches to use trunking they must agree on a protocol either cisco's ISL or IEEE std 802.1Q
Different trunks can use different protocols (a given trunk uses the same protocol on each end)
Chapter 6. VLAN Trunking Protocol
VTP allows VLAN configurations to be managed on a single switch. Those changes are then propagated to every switch in the VTP domain. A VTP domain is a group of connected switches with the same VTP domain string configured. Interconnected switches with differently configured VTP domains will not share VLAN information. A switch can only be in one VTP domain; the VTP domain is null by default.
Chapter 7. Ether Channel
Ether Channel is the Cisco term for the technology that enables the bonding of up to eight physical Ethernet links into a single logical link. --difficult to use in practice --load balancing is difficult and depends on usage type --actual throughput is not just sum of each link
Chapter 8. Spanning Tree
Spanning Tree Protocol (STP) prevents layer-2 loops
Looping causes broadcast storms which slow down networks as each packet is rebroadcast indefinitely
8.1. Broadcast Storms
1000 bits/sec = 2-3 packets/sec
show info about an interface: show interface f0/2 (for port 2)
A useful tool when troubleshooting a broadcast storm is the 'show processes cpu history'' command. This command displays an ASCII histogram of the CPU utilization over the past 72 hours. It produces three graphs:
8.2. MAC Address Table Instability
looping causes the mac address table to updated constantly often with wrong info (eg, a locally connected switch being marked as on another switch)
8.3. Preventing Loops with Spanning Tree
Spanning tree elects a root bridge (switch) in the network. The root bridge is the bridge that all other bridges need to reach via the shortest path possible. Spanning tree calculates the cost for each path from each bridge in the network to the root bridge. The path with the lowest cost is kept intact, while all others are broken. Spanning tree breaks paths by putting ports into a blocking state.
Every bridge on the network that supports spanning tree sends out frames called bridge protocol data units (BPD Us) every two seconds.
Always configure a switch to be the root bridge. Letting the switches configure themselves is dangerous because they will choose the switch with the lowest MAC address, which will usually be a switch other than the one it should be. As a general rule, you should not let networking devices make critical decisions using default values. It will cause your network to behave in unexpected ways, and will cause you to fail higher-level certification exams, which are designed to catch you in exactly this way. Usually, the device that should be the root bridge will be obvious. The root bridge should generally be one of the core switches in your design.
show spanning-tree (brief|summary|
An excellent command in IOS is show spanning-tree root, which shows you the information regarding the root bridge for every VLAN
8.5.1. Port Fast
Port Fast is a feature on Cisco switches that allows a port to bypass all of the other spanning tree states (see Figure 8-5) and proceed directly to the forwarding state. Port Fast should be enabled only on ports that will not have switches connected. Spanning tree takes about 30 seconds to put a normal port into the forwarding state, which can cause systems using DHCP to time out and not get an IP address (on a Windows machine, a default IP address may be used). Enabling the Port Fast feature on a port alleviates this problem, but you should be very careful when using this feature. If a switch were to be connected to a port configured with Port Fast active, a loop could occur that would not be detected.
config-if#spanning-tree portfast ==turn it on
config-if#no spanning-tree portfast -==turn it off
8.6. Common Spanning Tree Problems
If there is a duplex mismatch the spanning tree protocol won't work properly. the full duplex side will send info to half duplex side, but not the other way around
With fiber it may be possible that one pair is damaged so it can only talk in one direction.
Physical layer first! Always suspect that something physical is wrong when diagnosing connectivity problems. It can save you hours of headaches, especially if all the other clues don't seem to add up to anything substantial. Also, don't assume that it works today just because it worked yesterday. It doesn't take much for someone to crush a fiber strand when closing a cabinet door.
8.7.1. Use Routing Instead of Switching for Redundancy
Part II: Routers and Routing
Chapter 9. Routing and Routers
Gateways - handle traffic traveling to/from local network (a router basically)
Routers tend to be WAN-centric, while switches tend to be LAN-centric. If you're connecting T1s, you probably want a router. If you're connecting Ethernet, you probably want a switch.
9.1. Routing Tables
In a Cisco router, the routing table is called the route information base (RIB). When you execute the command show ip route, the output you receive is a formatted view of the information in the RIB
Each routing protocol has its own table of information
Routes with the lowest metric win (within the same protocol). If the same route is learned within more than one protocol the protocol with the lowest administrative distance wins. The administrative distance is the value assigned to each routing protocol to allow the router to prioritize routes learned from multiple sources.
Route type Administrative distance Connected interface 0 Static route 1 Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5 External Border Gateway Protocol (BGP) 20 Internal EIGRP 90 Interior Gateway Routing Protocol (IGRP) 100 Open Shortest Path First (OSPF) 110 Intermediate System-Intermediate System (IS-IS) 115 Routing Information Protocol (RIP) 120 Exterior Gateway Protocol (EGP) 140 On Demand Routing (ODR) 160 External EIGRP 170 Internal BGP 200 Unknown 255
When a router receives a packet it determines if it needs to be sent to another network. If it does it goes to the RIB, if no match then it goes to the default gateway (it it exists) otherwise it is dropped
9.2. Route Types
9.3. The IP Routing Table
sho ip route - shows routing information and includes default route
Chapter 10. Routing Protocols
collect information about other equipment to determine the best means of directing traffic
Routing protocols are applications that reside at layer seven in the OSI model.
A floating static route is a route that becomes active only if another static route is removed from the routing table. One route has a metric of 1 while the other has a metric of 2 for example. The second will never be used unless the first is removed because it has the lower metric
10.1. Communication Between Routers
old routing protocols (like RIP) used broadcasts which can swamp large networks. New protocols use multicast addresses which send to predetermined sets of I Ps
BGP doesn't find it's own neighbors, instead you must set it up manually
The Internet Assigned Numbers Authority (IANA) shows all multicast addresses in use at http://www.iana.org/assignments/multicast-addresses. Some of the more common multicast addresses include:
224.0.0.0 Base Address (Reserved) [RFC 1112,JBP] 224.0.0.1 All Systems on this Subnet [RFC 1112,JBP] 224.0.0.2 All Routers on this Subnet [JBP] 224.0.0.4 DVMRP Routers [RFC 1075,JBP] 224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC 2328,JXM 1] 224.0.0.6 OSPFIGP OSPFIGP Designated Routers [RFC 2328,JXM 1] 224.0.0.9 RIP 2 Routers [RFC 1723,GSM 11] 224.0.0.10 IGRP Routers [Farinacci] 224.0.0.12 DHCP Server / Relay Agent [RFC 1884] 224.0.0.18 VRRP [RFC 3768] 224.0.0.102 HSRP [Wilson]
10.2. Metrics and Protocol Types
ways of determining best route
RIP -- # of hops (routers between networks) (only 15 hops if you get 16 it drops route entirely) (rip2 is 255 hops before dropping at 256)
OSPF -- calculates bandwidth of all links in the network (100mbps =1, 10mbps = 10, 1.5mbps = 64)
EIGRP -- calculates bandwidth and delays of all links
10.3. Administrative Distance
determine which protocol will be used for a given route
10.4. Specific Routing Protocols
An internal gateway protocol, or IGP, is designed to maintain routes within an autonomous system. An autonomous system is any group of devices controlled by a single entity. An example might be a company or a school, but the organization does not need to be that broad—an autonomous system could be a floor in a building or a department in a company. Examples of IG Ps include RIP, EIGRP, and OSPF.
An external gateway protocol, or EGP, is designed to link autonomous systems together. The Internet is the prime example of a large-scale EGP implementation. The autonomous systems—groups of devices controlled by individual service providers, schools, companies, etc.—are each self-contained. They are controlled internally by IG Ps, and are interconnected using an EGP (in the case of the Internet, BGP).
10.4.1. RIP
Routing Information Protocol (RIP)
10.4.2. RI Pv 2
10.4.3 EIGRP
10.4.4. OSPF