edit · history · print

Network Warrior by Gary A. Donahue Publisher: O'Reilly Pub Date: June 01, 2007 Print ISBN-10: 0-596-10151-1 Print ISBN-13: 978-0-59-610151-0 Pages: 598

--read online at Safari Books Online via SPL

Part I: Hubs, Switches, and Switching

Chapter 1. What Is a Network?

Local Area Network (LAN)

    A LAN is a network that is confined to a limited space, such as a building or floor. It uses short-range technologies such as Ethernet, Token Ring, and the like. A LAN is usually under the control of the company or entity that requires its use.

Wide Area Network (WAN)

    A WAN is a network that is used to connect LA Ns by way of a third-party provider. An example would be a frame-relay cloud (provided by a telecom provider) connecting corporate offices in New York, Boston, Los Angeles, and San Antonio.

Campus Area Network (CAN)

    A CAN is a network that connects LA Ns and/or buildings in a discrete area owned or controlled by a single entity. Because that single entity controls the environment, there may be underground conduits between the buildings that allow them to be connected by fiber. Examples include college campuses and industrial parks.

Metropolitan Area Network (MAN)

    A MAN is a network that connects LA Ns and/or buildings in an area that is often larger than a campus. For example, a MAN might be used to connect a company's various offices within a metropolitan area via the services of a telecom provider. Again, be careful of absolutes. Many companies in Manhattan have buildings or data centers across the river in New Jersey. These New Jersey sites are considered to be in the New York metropolitan area, so they are part of the MAN, even though they are in a different state.

Chapter 2. Hubs and Switches

2.1. Hubs

A broadcast domain is the area of an Ethernet network where a broadcast will be propagated. Broadcasts stay within a layer-3 network (unless forwarded), which is usually bordered by a layer-3 device such as a router. Broadcasts are sent through switches (layer-2 devices), but stop at routers.

2.2. Switches

Running the show mac-address-table command on an IOS-based switch displays the table of MAC addresses and the ports on which they can be found. Multiple MAC addresses on single port usually indicate that the port in question is a connection to another switch or networking device:

sho mac-address-table | include 0013.bada.d1ca (for example) - shows only the one mac address and its associated port - for IOS

show cam 00-00-13-ba-da-d1-ca --for Cat OS

fixed configuration switches (like 2900 series) have let backplane capacity (backplane is the total throughput on a given circuit board). 32gb/s vs up to 720gb/s for some modular switches

Chapter 3. Auto-Negotiation

If I had to list the most common problems I've seen during my years in the field, auto-negotiation issues would be in the top five, if not number one.

3.1. What Is Auto-Negotiation?

Auto-negotiation is the feature that allows a port on a switch, router, server, or other device to communicate with the device on the other end of the link to determine the optimal duplex mode and speed for the connection. The driver then dynamically configures the interface to the values determined for the link.

Speed: rate of the interface (mbps or gbps)
Duplex: half=only transmit or receive, not both simultaneously (like walkie-talkie), full=send and receive at same time (like telephone)

For autonegotiation to work both ends must be using it (it is a protocol, so it doesn't just match the other side)

3.3. When Auto-Negotiation Fails When auto-negotiation fails on 10/100 links, the most likely cause is that one side of the link has been set to 100/full, and the other side has been set to auto-negotiation. This results in one side being 100/full, and the other side being 100/half.

3.5. Configuring Auto-Negotiation

#config t (config)#int fa 0/1 (0/1 is an example) (config-if)#duplex ? or speed ? --must configure speed before duplex

Chapter 4. VLA Ns

Virtual LA Ns, or VLA Ns, are virtual separations within a switch that provide distinct logical LA Ns that each behave as if they were configured on a separate physical switch. Before the introduction of VLA Ns, one switch could serve only one LAN. VLA Ns enabled a single switch to serve multiple LA Ns. Assuming no vulnerabilities exist in the switch's operating system, there is no way for a frame that originates on one VLAN to make its way to another.

Trunks are links that carry frames for more than one VLAN.

If you need to connect two vlans you need to use a router even if they are on the same switch. The exception is if you have a layer-3 switch. It handles the routing between the vlans internally

4.2. Configuring VLA Ns

2950-IOS# conf t Enter configuration commands, one per line. End with CNTL/Z. 2950-IOS(config)# vlan 10 2950-IOS(config-vlan)# name Lab-VLAN

2950-IOS:show vlan --shows which ports are assigned to a given vlan

Assigning ports to VLA Ns: 2950-IOS(config)# int f0/1 2950-IOS(config-if)# switchport access vlan 10 2950-IOS(config-if)# int f0/2 2950-IOS(config-if)# switchport access vlan 10

Chapter 5. Trunking

trunking is only a layer-2 protocol. TCP doesn't support trunking neither does ethernet. for 2 switches to use trunking they must agree on a protocol either cisco's ISL or IEEE std 802.1Q

Different trunks can use different protocols (a given trunk uses the same protocol on each end)

Chapter 6. VLAN Trunking Protocol

VTP allows VLAN configurations to be managed on a single switch. Those changes are then propagated to every switch in the VTP domain. A VTP domain is a group of connected switches with the same VTP domain string configured. Interconnected switches with differently configured VTP domains will not share VLAN information. A switch can only be in one VTP domain; the VTP domain is null by default.

Chapter 7. Ether Channel

Ether Channel is the Cisco term for the technology that enables the bonding of up to eight physical Ethernet links into a single logical link. --difficult to use in practice --load balancing is difficult and depends on usage type --actual throughput is not just sum of each link

Chapter 8. Spanning Tree

Spanning Tree Protocol (STP) prevents layer-2 loops

Looping causes broadcast storms which slow down networks as each packet is rebroadcast indefinitely

8.1. Broadcast Storms

1000 bits/sec = 2-3 packets/sec

show info about an interface: show interface f0/2 (for port 2)

A useful tool when troubleshooting a broadcast storm is the 'show processes cpu history'' command. This command displays an ASCII histogram of the CPU utilization over the past 72 hours. It produces three graphs:

  • CPU percent per second (last 60 seconds)
  • CPU percent per minute (last 60 minutes)
  • CPU percent per hour (last 72 hours)

8.2. MAC Address Table Instability

looping causes the mac address table to updated constantly often with wrong info (eg, a locally connected switch being marked as on another switch)

8.3. Preventing Loops with Spanning Tree

Spanning tree elects a root bridge (switch) in the network. The root bridge is the bridge that all other bridges need to reach via the shortest path possible. Spanning tree calculates the cost for each path from each bridge in the network to the root bridge. The path with the lowest cost is kept intact, while all others are broken. Spanning tree breaks paths by putting ports into a blocking state.

Every bridge on the network that supports spanning tree sends out frames called bridge protocol data units (BPD Us) every two seconds.

Always configure a switch to be the root bridge. Letting the switches configure themselves is dangerous because they will choose the switch with the lowest MAC address, which will usually be a switch other than the one it should be. As a general rule, you should not let networking devices make critical decisions using default values. It will cause your network to behave in unexpected ways, and will cause you to fail higher-level certification exams, which are designed to catch you in exactly this way. Usually, the device that should be the root bridge will be obvious. The root bridge should generally be one of the core switches in your design.

show spanning-tree (brief|summary|

An excellent command in IOS is show spanning-tree root, which shows you the information regarding the root bridge for every VLAN

8.5.1. Port Fast

Port Fast is a feature on Cisco switches that allows a port to bypass all of the other spanning tree states (see Figure 8-5) and proceed directly to the forwarding state. Port Fast should be enabled only on ports that will not have switches connected. Spanning tree takes about 30 seconds to put a normal port into the forwarding state, which can cause systems using DHCP to time out and not get an IP address (on a Windows machine, a default IP address may be used). Enabling the Port Fast feature on a port alleviates this problem, but you should be very careful when using this feature. If a switch were to be connected to a port configured with Port Fast active, a loop could occur that would not be detected.

config-if#spanning-tree portfast ==turn it on
config-if#no spanning-tree portfast -==turn it off

8.6. Common Spanning Tree Problems

If there is a duplex mismatch the spanning tree protocol won't work properly. the full duplex side will send info to half duplex side, but not the other way around

With fiber it may be possible that one pair is damaged so it can only talk in one direction.

  Physical layer first! Always suspect that something physical is wrong when diagnosing connectivity problems. It can save you hours of headaches, especially if all the other clues don't seem to add up to anything substantial. Also, don't assume that it works today just because it worked yesterday. It doesn't take much for someone to crush a fiber strand when closing a cabinet door.

8.7.1. Use Routing Instead of Switching for Redundancy

  • layer 3 switches are as fast as layer 2 now and have fewer issues in maintenance
  • if you do decide to go with routing still use spanning tree it will help if someone plugs in a switch they aren't supposed to
  • always configure the root bridge (don't let it be done automatically)

Part II: Routers and Routing

Chapter 9. Routing and Routers

Gateways - handle traffic traveling to/from local network (a router basically)

Routers tend to be WAN-centric, while switches tend to be LAN-centric. If you're connecting T1s, you probably want a router. If you're connecting Ethernet, you probably want a switch.

9.1. Routing Tables

In a Cisco router, the routing table is called the route information base (RIB). When you execute the command show ip route, the output you receive is a formatted view of the information in the RIB

Each routing protocol has its own table of information

Routes with the lowest metric win (within the same protocol). If the same route is learned within more than one protocol the protocol with the lowest administrative distance wins. The administrative distance is the value assigned to each routing protocol to allow the router to prioritize routes learned from multiple sources.

Route type Administrative distance Connected interface 0 Static route 1 Enhanced Interior Gateway Routing Protocol (EIGRP) summary route 5 External Border Gateway Protocol (BGP) 20 Internal EIGRP 90 Interior Gateway Routing Protocol (IGRP) 100 Open Shortest Path First (OSPF) 110 Intermediate System-Intermediate System (IS-IS) 115 Routing Information Protocol (RIP) 120 Exterior Gateway Protocol (EGP) 140 On Demand Routing (ODR) 160 External EIGRP 170 Internal BGP 200 Unknown 255

When a router receives a packet it determines if it needs to be sent to another network. If it does it goes to the RIB, if no match then it goes to the default gateway (it it exists) otherwise it is dropped

9.2. Route Types

Host Route
A host route is a route to a host. In other words, the route is not to a network. Host routes have a subnet mask of, and a prefix length of /32.
A subnet is a portion of a major network. The subnet mask is used to determine the size of the subnet. ( is a subnet.
Summary (group of subnets)
A summary route is a single route that references a group of subnets. ( would be a summary, provided that subnets with longer masks (such as existed.
Major network
A major network is any classful network, along with its native mask. ( is a major network.
Supernet (group of major networks)
A supernet is single route that references a group of major networks. is a supernet that references and
Default route
A default route is shown as ( This route is also called the route of last resort. This is the route that is used when no other route matches the destination IP address in a packet.

9.3. The IP Routing Table

sho ip route - shows routing information and includes default route

Chapter 10. Routing Protocols

collect information about other equipment to determine the best means of directing traffic

Routing protocols are applications that reside at layer seven in the OSI model.

A floating static route is a route that becomes active only if another static route is removed from the routing table. One route has a metric of 1 while the other has a metric of 2 for example. The second will never be used unless the first is removed because it has the lower metric

10.1. Communication Between Routers

old routing protocols (like RIP) used broadcasts which can swamp large networks. New protocols use multicast addresses which send to predetermined sets of I Ps

BGP doesn't find it's own neighbors, instead you must set it up manually

The Internet Assigned Numbers Authority (IANA) shows all multicast addresses in use at http://www.iana.org/assignments/multicast-addresses. Some of the more common multicast addresses include: Base Address (Reserved) [RFC 1112,JBP] All Systems on this Subnet [RFC 1112,JBP] All Routers on this Subnet [JBP] DVMRP Routers [RFC 1075,JBP] OSPFIGP OSPFIGP All Routers [RFC 2328,JXM 1] OSPFIGP OSPFIGP Designated Routers [RFC 2328,JXM 1] RIP 2 Routers [RFC 1723,GSM 11] IGRP Routers [Farinacci] DHCP Server / Relay Agent [RFC 1884] VRRP [RFC 3768] HSRP [Wilson]

10.2. Metrics and Protocol Types

ways of determining best route
RIP -- # of hops (routers between networks) (only 15 hops if you get 16 it drops route entirely) (rip2 is 255 hops before dropping at 256)

OSPF -- calculates bandwidth of all links in the network (100mbps =1, 10mbps = 10, 1.5mbps = 64)

EIGRP -- calculates bandwidth and delays of all links

10.3. Administrative Distance

determine which protocol will be used for a given route

10.4. Specific Routing Protocols

An internal gateway protocol, or IGP, is designed to maintain routes within an autonomous system. An autonomous system is any group of devices controlled by a single entity. An example might be a company or a school, but the organization does not need to be that broad—an autonomous system could be a floor in a building or a department in a company. Examples of IG Ps include RIP, EIGRP, and OSPF.

An external gateway protocol, or EGP, is designed to link autonomous systems together. The Internet is the prime example of a large-scale EGP implementation. The autonomous systems—groups of devices controlled by individual service providers, schools, companies, etc.—are each self-contained. They are controlled internally by IG Ps, and are interconnected using an EGP (in the case of the Internet, BGP).

Classful routing protocol
A classful routing protocol is one that has no provision to support subnets. The natural state of the network is always advertised. For example, the network will always be advertised with a subnet mask of (/8), regardless of what subnet mask is actually in use. RI Pv 1 and IGRP are classful routing protocols.
Classless routing protocol
A classless routing protocol is one that includes subnet masks in its advertisements. All modern protocols are classless. EIGRP and OSPF are classless routing protocols.
Poison reverse
If a router needs to tell another router that a network is no longer viable, one of the methods employed is route poisoning. Consider RI Pv 1 as an example. Recall that a metric of 16 is considered unreachable. A router can send an update regarding a network with a metric of 16, thereby poisoning the entry in the routing table of the receiving router. When a router receives a poison update, it returns the same update to the sending router. This reflected route poisoning is called poison reverse. Distance-vector routing protocols (including the hybrid protocol EIGRP) use route poisoning, while link-state protocols such as OSPF do not.
Split horizon
Split horizon is a technique used by many routing protocols to prevent routing loops. When split horizon is enabled, routes that the routing protocol learns are not advertised out the same interfaces from which they were learned. This rule can be problematic in virtual circuit topologies, such as frame relay or ATM. If a route is learned on one permanent virtual circuit (PVC) in a frame-relay interface, chances are the other PVC needs the update, but will never receive it because both PV Cs exist on the same physical interface. Frame-relay subinterfaces are often the preferred method of dealing with split horizon issues.
A network is said to be converged when all of the routers in the network have received and processed all updates. Essentially, this condition exists when a network is stable. Any time a link's status changes, the routing protocols must propagate that change, whether through timed updates, or triggered updates. With timed updates, if updates are sent, but no changes need to be made, the network has converged.

10.4.1. RIP

Routing Information Protocol (RIP)

  • Rip broadcasts the info about all the routers it is aware of every 30 seconds
  • does not use triggered updates (updates that are sent out when the network changes)
  • classful (subnet masks are not advertised)

10.4.2. RI Pv 2

  • classless routing
  • max hop is 255
  • uses multicast

10.4.3 EIGRP

  • Enhanced Internal Gateway Routing Protocol
  • classless enhancement to the Internal Gateway Routing Protocol (IGRP)
  • Cisco only protocol

10.4.4. OSPF

  • In a nutshell, the premise of the Open Shortest Path First (OSPF) routing protocol is that the shortest or fastest path that is available is the one that will be used.
  • use when you have non cisco equipment
  • you need to segment into areas or zones
  • use to avoid proprietary protocols
edit · history · print
Page last modified on February 11, 2008, at 03:55 AM