Cisco Certified Internetwork Expert

BrainBuzz
Cramsession

Notice: While every precaution has been taken in the preparation of this material, neither the author nor BrainBuzz.com
assumes any liability in the event of loss or damage directly or indirectly caused by any inaccuracies or incompleteness of
the material contained in this document. The information in this document is provided and distributed “as-is”, without any
expressed or implied warranty. Your use of the information in this document is solely at your own risk, and Brainbuzz.com
cannot be held liable for any damages incurred through the use of this material. The use of product names in this work is
for information purposes only, and does not constitute an endorsement by, or affiliation with BrainBuzz.com. Product
names used in this work may be registered trademarks of their manufacturers. This document is protected under US and
international copyright laws and is intended for individual, personal use only. For more details,

visit our legal page

Last updated November, 2000.
Click

here

for updates.

Click

here

to see additional

documents related to this study
guide.

Contents

Contents .............................. 1

Cisco Device Operation........... 2

General Networking Theory .... 5

Bridging & LAN Switching ....... 8

IP Routing Protocols..............17

Desktop Protocols.................26

Performance Management .....28

WAN ...................................29

LAN ....................................33

Security ..............................35

TACACS (Terminal Access
Controller Access Control
System) ..............................35

Multiservice .........................36

Cramsession™ for
Cisco Certified

Internetwork Expert

Abstract:

This Cramsession will help you to
prepare for Cisco exam #350-001, the
CCIE written exam. Exam topics include,
Cisco Device Operation, General
Networking Theory, Bridging & LAN
Switching, Internet Protocol, IP Routing
Protocols, Desktop Protocols,
Performance Management, WAN, LAN,
Security, and Multiservice.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Cisco Device Operation

Router Components

ROM (Read-Only Memory) – Hosts the basic commands of the router and
sometimes a limited version of the IOS (Internet Operating System). ROM is non-
volatile, meaning it is hard-coded and does not change. Contains power-on
diagnostics, a bootstrap program, and operating system software.

RAM (Random Access Memory) – Contains the running version of the IOS and the
current running configuration. This is extremely volatile; when the router is
shutdown, anything in RAM is lost. Stores routing tables, ARP cache, fast-switching
cache, packet buffering (shared RAM), and packet hold queues.
NVRAM (Non-Volatile Random Access Memory) - As the name implies, files can
be written to this memory and will not be lost when the system is powered down.
This is where the startup version of the router configuration is stored.

Flash memory (EEPROM – Electronic Erasable Programmable Read Only
Memory) – This is where the IOS version for the router is stored. It is important
when determining what version of IOS to load on a router, that you ascertain how
much flash is installed. Different versions of IOS require more flash to be loaded.
Flash memory holds the operating system image and microcode.

Ways to Configure a New Router

•

By connecting to the console port and using TFTP to download a configuration
file that has been created ahead of time.

•

By connecting to the console port and running the Setup dialog.

•

By connecting to the console port and directly typing in configuration
commands.

•

Using bootp in conjunction with SLARP/RARP to download a configuration file
that has been created ahead of time.

Determine Hardware Configuration

The EXEC commands that will show hardware configuration of a Cisco router are
“show hardware” and “show version”

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Mode Prompts

Monitor mode

rommon 1 >

User mode

router>

Privileged mode

router#

Global configuration mode

router(config)#

Interface configuration mode

router(config-if)#

Sub-interface configuration mode

router(config-subif)#

Line configuration mode

router(config-line)#

Router configuration mode

router(config-router)#

IPX router configuration mode

router(config-ipx-router)#

Really Delete Files from Flash

When you delete a file from flash, it is not removed from flash, and you will not
regain the space - it is simply marked for deletion. Once a file is marked for
deletion, issuing the “squeeze” command will perform a function similar to a hard
drive defrag and move the files on flash to reclaim the space occupied by the
“deleted” file.

Passwords

Things to know:

•

The user mode password is the only one that cannot be created in the setup
dialogue.

•

All passwords can be encrypted.

•

A password can be set for individual lines.

•

If no password is set on the vty lines there is no telnet access into this router.

•

Router(config)# service password-encryption – encrypts all passwords in the
configuration file.

Procedure to Recover a Lost Password:

•

Reboot the router

•

Issue the break command in the first 60 seconds (CTRL-Break)

•

Enter the appropriate register value (0x2142)

•

Reboot the router again

•

Avoid the startup script

•

Copy startup to running configuration

•

Change the passwords

•

Copy running to startup configuration

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Types of passwords:

•

Exec – used to restrict access to the EXEC mode, the basic console on the
router.

•

Enable – used to restrict access to the privileged EXEC mode where changes
to the router configuration can be made.

•

Enable Secret – Similar to the Enable password, but they are encrypted so
they cannot be read.

Setting different types of passwords:

•

Console password – used with the routers console port.

router(config)# line con 0

router(config-line)#

router(config-line)# password {password}

•

Auxiliary password - used for the router’s auxiliary port.

router(config)#

line

aux

router(config-line)#

router(config-line)# password {password}

•

Virtual terminal password – used for telnet sessions to router.

router(config)# line vty 0 4

router(config-line)#

router(config-line)# password {password}

•

Enable password – used when enable secret is not configured or software
revision

too

old.

router(config)# enable password {password}

•

Enable secret password – encrypted password that provides enable privileges.

router(config)# enable secret {password}

Register Values

•

0x2102 – Default mode

•

0x2142 - The value used to recover passwords

Debug

By default, all debug information goes to the console port on a Cisco router only. To
view debug messages from a VTY session, you must issue the “terminal monitor”
command.
Router# debug serial interface - monitors keepalives on an interface.
To reduce the impact of a debug command on the CPU of the router, use the
scheduler-interval command and be sure to use the debug command as specifically
as possible.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

SNMP (Simple Network Management Protocol)

SNMP is a standard method for Network Management Stations (such as CiscoWorks)
to gather information about networked devices. This UDP-based protocol uses MIBs
(Management Information DataBases) defined for each type of device to interpret
the information provided by the SNMP enabled equipment

To enable SNMP on a router the command is "snmp-server community"

General Networking Theory

OSI Model

The OSI is a common tool for conceptualizing how network traffic is handled. In the
CCIE track, we will be interested primarily in the lower three levels. Just a reminder,
that you can use the old mnemonic “All People Seem To Need Data Processing” as a
way to help remember the sequence.

7. Application – User interface tools (such as Telnet, SMTP, FTP, etc.)
6. Presentation – Encoding/Decoding (such as ASCII, MPEG, GIF, JPEG, etc.)
5. Session – Creating, managing and terminating Presentation layer
4. Transport – Error checking and recovery, flow control and multiplexing (TCP,

SPX, etc.)

3. Network – Routing (IP, IPX, etc.)
2. Data Link (LLC/MAC)

•

LLC – Manages communications

•

MAC – Manages addressing and access to the physical layer

1. Physical – Establish and maintain physical connectivity

Cisco Hierarchical Internetworking Model

•

Core – Concentrates all traffic traversing the network. The focus in on speed
and fast switching. Gigabit Ethernet and ATM are seen here.

•

Distribution – Control layer; Aggregation of traffic, access lists, compression,
encryption and other services that provide the glue between Access and Core
layers.

•

Access – The point at which users join the network. VLANs, WAN
connections, RAS services are all at this layer.

Connection-oriented vs. Connectionless Service

Connection-oriented: Similar to HDLC

•

Connection establishment and termination required

•

Sequenced, acknowledged data delivery

•

Built-in error recovery

•

Sliding window flow control

Connectionless: Data transfer without virtual circuit

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

No message sequencing

•

No delivery guarantee

•

Higher layer is responsible for error recovery, flow control, and reliability

Routing / Switching

•

Routing is defined as a Layer-3 activity.

•

Bridging is defined as a Layer-2 activity.

•

Switching is defined as a Layer-2 activity. Switching is often called micro-
segmentation, in that each switched port is basically its own bridged domain.

Routing and Routed Protocols

A routing protocol, such as BGP or OSPF communicates between routers which paths
to follow in order to get data delivered to desired destinations.
A routed protocol, such as IP or IPX is the method for passing data, and travels the
paths defined by the routing protocol.

Reliability of Protocols

•

TCP and LLC Type 2 are reliable protocols because they are layer four
protocols

•

IP, UDP, and Frame Relay are NOT reliable protocols because they are layer
three protocols

802.x Protocols

802.2

Link Layer Control (LLC)

802.3

CSMA/CD Access Method (Ethernet)

802.4

Token Ring Bus

802.5 Token

Ring

802.6

MAN (Metropolitan Area Network)

802.7 Broadband

802.8

Fiber-optic LANs

802.9

Integrated Voice & Data

802.10 LAN/MAN

Security

802.11 Wireless

802.12 VGAnyLAN

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Passive Interface

When enabled on an interface this command allows the interface to hear routing
updates, but not repeat them. This helps to control routing updates.
Example: Router(config-router)# passive-interface s0

Connectivity

(Diagram A-1)

Bridged Environment (Refer to Diagram A-1)

In a bridged environment, a Cisco router will not modify the layer-2 MAC address of
a frame when bridging. In other words, a packet retains the true source and
destination MAC addresses when crossing a bridge.
For example, if in the diagram above Devices B and C were bridges, packets sent
from Host A to Host B would have the Source MAC Address of Host A’s Ethernet
adapter and the Destination MAC Address of Host B’s Ethernet adapter, regardless of
what segment they were passing through.
If a packet were to be lost anywhere between Host A and Host D, the originator
would rebroadcast.

Routed Environment (Refer to diagram A-1)

In a routed environment, when a host sends a packet it has the Source MAC Address
of either the originating host (if on the first segment) or the last router port it was
processed by. It would have the Destination MAC Address of the next hop router port
or the destination host, if on the final segment.

In other words, a host sending a packet to a router for processing to a remote
destination will have the routers local port as a destination address; a host receiving
a packet from the router will see a source address of the local router port.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

For example, if in the devices in diagram A-1 were routers:

•

Packet from Host A to Host D will have source MAC address of Host A and
destination MAC address of Router B’s local Ethernet port on Segment 1.

•

Packet from Host A to Host D will have source MAC address of Router B’s
Serial port and destination MAC address of Router C’s local Serial port on
Segment 2.

•

Packet from Host A to Host D will have source MAC address of Router C’s
Ethernet port and a destination MAC address of Host D on Segment 3.

If a packet sent from Host A to Host D were to be lost:

•

On segment 1, Host A would rebroadcast

•

On segment 2, Router B would rebroadcast

•

On segment 3, Router C would rebroadcast

Bridging & LAN Switching

A View of Bridging

When non-routable protocols, such as NetBEUI, LAT or SNA were developed all
devices on a network resided locally. As networks matured and bridges were
introduced to segment LANs there was the need for these devices to communicate
across networks, especially WAN links. Because these protocols did not have the
mechanisms to allow this connectivity, bridging techniques were developed to allow
the communication between devices at the Data Link Layer (layer 2 of the OSI
model).
By default, bridging is disabled on all Cisco routers. However, these services are still
an important component of the real-world networks you will be asked to deal with in
your professional life. For the purposes of the current discussion, you will also need
to know them for the CCIE certification exams, both written and lab.
Keep in mind that many non-routable protocols, most importantly SNA, are very
time sensitive, and delays can cause loss of data or session connectivity. It is also
important to understand that bridging techniques are broadcast intensive, and that
this can flood slower WAN links.

Bridging techniques
Transparent Bridging (TB)

– As the name implies, this type of bridging is

transparent to the end devices. The end devices are unaware that when they
communicate they are not local to one another. This functionality is not enabled by
default on Cisco routers, but can be turned on when needed.

When a device wishes to communicate, it will send out a broadcast to search for the
requested destination address. When a Transparent Bridge sees the first broadcast
from a device, it extracts the MAC address from the packet and enters it into its
forwarding table, the list of devices on each interface. This process of determining
what devices exist on each of the bridge’s ports is called learning.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

If the bridge receives a broadcast with a destination address that is in its forwarding
table it forwards the broadcast only to that one interface. If it is not in the table, it
repeats the broadcast out of all of its interfaces (except the one on which it was
received). This process is called flooding.

Source-Route Bridging (SRB)

– Source routing is called that because

instead of an intermediate device determining a path, the originating device creates
its own.

Routing Information Fields (RIF) are used to define paths for SRB frames to traverse
a network. They are easy to read if you understand their function. For the current
discussion it’s important that you understand how to understand how a RIF works.
Later we’ll come back to how to rip ‘um up and read ‘um.
When an SNA device needs to access a remote unit, it sends out a test frame that
attempts to find the destination. You can think of this as a broadcast in the IP
world; it isn’t, but that will help you to conceptualize.

If the destination is not found, the source device sends out a single-route or all-
routes explorer frame. Any bridges that the frame comes across in its travels add
their local bridge and ring numbers to the RIF.  Eventually the frame either finds its
target or dies on the vine.  IBM bridges support 8 rings and 7 bridges; IEEE 802.5
bridges support 14 bridges and 13 rings.
Once one of the explorer frames finds the destination, it returns to its creator to
announce its success.  If multiple frames return, the source device takes the route of
the first frame to return, assuming this is the best path.  Think of it as a race in a
maze; the first one to grab the cheese and get home first, wins.

Ripping up a RIF

This will seem complicated, but once you understand how RIFs are defined, simple
practice will drive home the necessary techniques

The first bit of the first byte of the source address is the Routing Information
Indicator (RII), which is exactly what it sounds like; it indicates that what follows is a
RIF. If this bit is a 1, the frame is a RIF; if the bit is a 0, it is not.
Here are the component parts of the first 2 bytes of a RIF, called the RCF (Routing
Control Field):
1. The first 3 bits define what kind of RIF is being examined:

•

0xx – single route frame

•

10x – all-routes explorer frame

•

11x – spanning explorer frame

2. The next 5 bits show the length of the RIF. This indicates how many bytes of

bridge/ring numbers follow.

3. The next single bit shows direction:

•

0 – read from left-to-right

•

1 – read from right-to-left

4. The last 3 bits indicate the maximum frame length

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

000 – up to 512 bytes

•

001 – up to 1,500 bytes

•

010 – up to 2,052 bytes

•

011 – up to 4,472 bytes

•

100 – up to 8,144 bytes

•

101– up to 11,407 bytes

•

110 – up to 17,800 bytes

•

111 – broadcast frame

5. The last four bits are not relevant. They are reserved for future use.

Here’s an example of a RIF: 0810.0011.0023.0040
Translating the first two bytes (0810) to binary gives us: 0000.1000.0001.0000

Rip it up to define:

Type RIF

Length Direction

Frame

Length Not

used

000 01000

000

0000

From this we know:

•

The RIF type is: single route frame

•

The RIF Length: 8 bytes (01000 binary = 8 decimal)

•

Direction to read the RIF: right-to-left

•

The maximum frame length: up to 512 bytes

The rest of the RIF is called the RDF (Route Descriptor Field) and reading it is easy.
The first three digits of each two-byte grouping are the ring number (in
hexadecimal). The last digit is the bridge number (again, in hex). A zero in the
bridge number designation indicates that the destination ring has been reached.
Notice that since only four bits are used for the ring number, and zero is already
taken, the only bridge numbers available are hex 1 through F (1 to 15 in decimal).

Looking at our example again (0810.0011.0023.0040), (remember that the 0x
indicates that the number that follows is in Hex) we find that the path is:

•

Ring 0x1 to bridge 0x1

•

Ring 0x2 to bridge 0x3

•

Ring 0x4 to the destination

Taking another example: 0A10.0021.00B1.0101.0020

Translating the first two bytes (0A10) to binary gives us: 0000.1010.0001.0000

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Rip it up to define:

Type RIF

Length Direction Frame

Length Not

used

000 01010

001

0000

From this we know:

•

The RIF type is: single-route

•

The RIF Length: 10 bytes (01010 binary = 10 decimal)

•

Direction to read the RIF: right-to-left

•

The maximum frame length: up to 512 bytes

Following the rest of the RIF

•

Ring 0x2 to bridge 0x1

•

Ring 0xB to bridge 0x1

•

Ring 0x10 to bridge 0x1

•

Ring 0x2 to the destination

Tricky RIF (Common errors when reviewing RIFs)
The Apples-to-Oranges rule

: If you see 0x before a number, remember that

what follows is a hexadecimal. For example, what’s the difference between ring
0x14 and ring 14? Since decimal 14 is 0xE, they’re obviously not the same ring
designation.

The Nice-try rule:

SRB only runs on Token Ring networks, so Ethernet devices

do not use RIFs. If you are looking at a network diagram and see that one of the
hosts is on an Ethernet segment, remember that RIFs are irrelevant.

The Roadblock rule:

In a DLSw environment the RIF is terminated at the DLSw

router (the definition of DLSw occurs later in this document).

Source-Route Transparent Bridging (SRT)

Since you now have an understanding of both TB and SRB, this next technique will
come easy. An SRT bridge looks at each frame to see if it finds a RIF (looking for the
RII). If there’s an RII, the frame is processed like SRB; if not, like TB. Some
devices, such as Windows 95 workstations do not support RIFs. SRT allows them to
communicate through bridges between LAN segments. This all takes place on Token
Ring devices. The next technique will address Ethernet translations.

Source-Route Translational Bridging (SR/TLB)

This Cisco proprietary bridging technique allows bridging to take place between
Ethernet domains and Token Ring domains. Ethernet frames are not capable of
supporting RIFs. This bridging method, when enabled on Cisco routers, handles the

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

conversion from Ethernet frames to Token Ring frames (bit ordering); adjusts the
MTU sizes (default for Token Ring is 4,464 bytes, Ethernet 1.500 bytes); and adds
and removes RIFs, as necessary. To the Token Ring devices the Ethernet segment
looks like an SRB domain using a pseudo ring.

Remote-Source Route Bridging (RSRB)

An advanced bridging technique that allows legacy protocols, predominantly SNA, to
communicate over large bridged environments using IP tunnels as a transport
mechanism.

Frames from Token Ring networks are encapsulated and sent over the IP network.
The methods of encapsulation are:

•

Direct Encapsulation – This method uses HDLC (High-Level Data Link Control)
and adds little overhead, but lacks reliability. This is usually used over a
single network connection between two routers attached to Token Ring
networks.

•

Fast-Sequenced Transport (FST) – This method uses IP encapsulation, which
adds some overhead, but is still connectionless.

•

Transport Control Protocol (TCP) – This method uses TCP connection, which
adds significant overhead, but ensures reliable transport.

The IP network being traversed is considered one hop, using the concept of a virtual
ring. Though RIFs pass through the network, they are calculated as if the entire IP
network is one hop using this concept, and all acknowledgements are local,
conserving valuable WAN bandwidth.
Ethernet networks can be traversed as long as the local router is running SR/TLB.

Data-Link Switching Plus (DLSw+)

DLSw was developed as an advanced tool for the transport of SNA and other non-
routable protocols over IP backbones. DLSw+ is Cisco’s enhanced version of DLSw,
and provides additional functionality over previous versions. DLSw+ has more
options and greater functionality then RSRB.
The methods of encapsulation include:

•

Fast-Sequenced Transport (FTS) – This method uses IP encapsulation, which
adds some overhead, but is still connectionless. (Same as RSRB).

•

Transport Control Protocol (TCP) – This method uses TCP connection, which
adds significant overhead, but ensures reliable transport. (Same as RSRB).

•

Frame Relay

RIFs are generally terminated at the DLSw router. DLSw+ can support Ethernet
without SR/TLB being loaded.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Additional tools available with DLSw+ include: Dynamic peers, peers on demand,
backup peers and the ability to load balance connections.

Encapsulated Bridging

Used to bridge over an IP Backbone or FDDI Backbone.

IRB (Integrated Routing and Bridging)

A BVI (Bridged Virtual Interface) is created that acts as a member of a bridge-group
to allow traffic to be routed. The BVI number must match the bridge-group number.

CRB (Concurrent Routing and Bridging)

Concurrent routing of one group of interfaces, while bridging another.

LAN Switching

All nodes on an Ethernet network can transmit at the same time, so the more nodes
you have the greater the possibility of collisions happening, which can slow the
network down.

LAN Segmentation: breaking up the collision domains by decreasing the number of
workstations per segment.
Switching – examines MAC address. Works like a massive multiport bridge. Switching
types:

•

Store-and-Forward – copies entire frame into buffer, checks for CRC errors.
Higher latency. Used by Catalyst 5000 switches

•

Cut-Through – reads only the destination address into buffer, and forwards
immediately. Low latency

Spanning Tree and Root Bridge

Developed to prevent routing loops. The STA (Spanning-Tree Algorithm) is used by
the STP (Spanning Tree Protocol) to calculate a loop-free network topology.

•

There is one root bridge for Ethernet and switching environments.

•

There is one root bridge per VLAN, with 1 for all VLANs.

•

Route bridge calculation is determined by lowest MAC address.

VLAN (Virtual LAN)

Broadcast domains defined on Cisco switches. Since each VLAN is a separate
domain, routing must be enabled between them if data is to be passed. If multiple
VLANs exist on a switch, a trunk can be setup on a Fast or Gigabit Ethernet port to
pass the separated data between network devices. A trunk passes data from device
to device; it does not route data between VLANs. Trunking encapsulations include:

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

ISL – Used with Ethernet, and is Cisco Proprietary

•

802.1Q – Used with Ethernet and is IEEE standard

VTP (VLAN Transport Protocol)
VLANs definitions can span switches. VTP is the method for communicating these
definitions. Switches can be defined as:

•

Server – Listens to, stores and broadcasts VLAN configurations. Can create

and delete VLANs.

•

Client – Listens to configurations. Can assign ports to participating VLANs.

•

Transparent – Forwards VTP traffic, but doesn’t participate in the VLANs.

CDP (Cisco Discovery Protocol)

A proprietary Data Link layer protocol used between Cisco devices to pass
information about local conditions. CDP uses a data-link, multicast address with no
protocol ID or network layer field, and cannot be filtered.

The only way to prevent their being passed is to configure “no cdp enable” on those
interfaces on which you do not want to run CDP. You can configure a MAC-layer filter
to deny a multicast address as an alternative method to block these packets.

Internet Protocol (IP)

IP is a layer-3 routed protocol that provides addressing, fragmentation and
reassembly. The minimum and maximum packet headers are 20 and 24 bytes,
respectively.
An IP address is 32 bits long, and the network and host sections are defined by the
subnet mast associate with the address.

An IP address can be bound to a host name on a router using the “ip host” command
Example: Router(config)# ip host my-example 10.10.10.1 10.10.10.2 – binds name
to both addresses

IP Routing Protocols

•

Static Routes

•

OSPF

•

ISIS

•

EIGRP

•

RIP

•

IGRP

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Common IP Ports

20/21 FTP

23 Telnet

25 SMTP

37 Time

Service

49 TACACs

53 DNS

68 BootP

Client

67 BootP

Server

69 TFTP

161 SNMP

DHCP (Dynamic Host Configuration Protocol)

To get away from statically configuring workstations addresses (which is a royal pain
in the tuchis), a DHCP server can be configured which will allocate addresses
dynamically.

To configure a router to pass bootp packets (DHCP requests) you can use the “ip
helper-address x.x.x.x” command.

NAT (Network Address Translation)

Used to translate one set of IP network numbers to another. The primary use for
NATing is to translate external valid IP addresses to internal private addresses when
connecting a network to the Internet. It can also be used to temporarily merge two
networks that have different addressing schemes.

Addressing issues
CIDR

- Classless Inter-domain Routing, CIDR used by BGP ver4.

Route Summarization

Reducing the number of networks being advertised between routers simplifies the
routing table, reduces memory and CPU requirements, and makes the network more
logical. This results in enhancing network performance and reclaiming bandwidth
that would otherwise be used to pass routes back and forth.

Access Lists

Used to permit or deny traffic based on the source network/subnet/host address.
Things to know:

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

The wildcard mask, which looks like a reversed subnet mask, defines which
bits of the address are used for the access list decision-making process.

•

Lists are processed top-down. In other words, the first matching rule
preempts further processing.

•

Only one access list is allowed per port/per direction/per protocol.

•

Remember that there is an implicit deny at the end of all access lists.

•

The last configured line should always be a permit statement.

•

Standard lists will most likely be placed close to the destination.

•

Extended lists will most likely be placed close to the source.

•

If the access-group command is configured on an interface and there is no
corresponding access-list created, the command will be executed and permit
all traffic in and out.

•

An Access Class limits VTY (telnet) access.

•

A Distribution List filters incoming or outgoing routing updates.

Access Lists Numbers

1-99

standard

100-199 Extended

200-299 Protocol

type-code

300-399 DECNet

400-499 XNS

standard

500-599 XNS

extended

600-699 AppleTalk

700-799

48-bit Mac Address

800-899 IPX

standard

900-999 IPX

extended

1000-1099 IPX

Sap

1100-1199

Extended 48-bit Mac
Address

1200-1299

IPX Summary Address

HSRP (Hot Standby Routing Protocol)

Provides a means of having two default gateways to protect against an equipment
failure locking out a group of users from the wider internetwork.
The default priority for each router is 100, but can be change to give one priority as
the most likely default gateway (if say, one unit were faster than another).

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

IP Routing Protocols

Methods for avoiding routing loops
Holddowns

– Learned routes are held incommunicado for a period of time to

prevent updates advertising networks that are misbehaving.

Triggered updates

– Configuring routing updates to occur after a triggering

event, such as a topology change. This allows quicker convergence.

Split horizon

– If a router has received a route advertisement from another

router, it will not re-advertise it back to the sending router. Think of this as a
sphincter - things are not sent back to where they came from (gross, but you won’t
forget it, and that’s the point).

Poison reverse

– Similar to split horizon, but instead of ignoring the update, the

route is advertised back to the originating interface as a poisoned reverse update.
The originating router gets its own route back, but with the time-to-live field
exceeded, so the route is removed from the table. When the routers re-converge,
the holddown timers have expired. This helps to more quickly clear bad routes from
the list being passed back and forth between the routers.

Administrative Distance

Determines the level of trust each routing protocol will be given when a route is
advertised from more than one. The primary AD’s are:

Directly Connected

Static

EBGP

EIGRP (Internal)

IGRP 100

OSPF 110

ISIS 115

RIP 120

EGP 140

EIGRP (External)

170

IBGP 200

BGP Local

200

Unknown 255

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

RIP

There are two versions of RIP - version 1 and 2. RIPv2 is classless and supports a
variable subnet mask.  Both use hop count as the only metric and have a time to live
of 15 hops. A hop is basically one pass through a router.  Updates include the entire
routing table, and are sent out every 30 seconds.
RIP requires neither an AS or Process ID number.
Example: Router(config)# router rip

Configuring a default route in RIP:
Example: Router(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1

OSPF (Open Shortest Path First)
OSPF Areas Types:

•

Backbone (transit area) - Always labeled area “0”, it accepts all LSAs and is
used to connect multiple areas. All other areas must connect to this area in
order to exchange and route information. When interconnecting multiple
areas, the backbone area is the central entity to which all other areas must
connect.

•

Standard - Accepts internal and external LSAs and also summary information.

•

Stub - Refers to an area that does not accept Type-5 LSAs to learn of external
ASs. If routers need to route to networks outside the autonomous system,
they use a default route (0.0.0.0).

•

Totally Stub - Further reduces routing tables by blocking external Type-5
LSAs and summary (Type-3-and-4) LSAs. Intra-area routes and the default of
0.0.0.0 are the only routes known to this area. Cisco proprietary.

Peer Relationships:

OSPF hello packet information must be the same on all routers in an area for peering
relationships to be formed. This information includes:

•

Hello/Dead Interval

•

Area ID

•

Authentication Password

•

Stub Area Flag

Router Types:

•

Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in
the same area. They have identical link-state databases and run single copies
of the routing algorithm.

•

Backbone Routers (LSA Type 1 or 2) – Routers that have at least one
interface connected to area 0.

•

Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached
to multiple areas. They maintain separate link-state databases for each area.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

Autonomous System Boundary Router (LSA Type 5) – Routers that have at
least one interface into an external internetwork, such as a non-OSPF
network. These routers can redistribute non-OSPF network information to
and from an OSPF network.

Connection to area 0

- The main dictate in OSPF is that multiple areas all

connect directly to the backbone area. The connection to the backbone area is via
an ABR, which is resident in both areas and holds a full topological database for each
area. A remote network can connect to area 0 via a virtual link, essentially a tunnel
through the ABR in the intermediate area. From the viewpoint of OSPF, it has a
direct connection.

Packets designated to a different AS (Autonomous System) are forwarded to an ABR,
which sends the packet through the backbone area (area 0) to the destination
network ABR, which forwards it to the appropriate host. All packets that pass
between ASs must pass through the backbone area when being forwarded from one
area to another. The ABRs have the responsibility for maintaining the routing
information between areas.
To set a designated router in an OSPF network, you can set the priority or use the
router with the highest loopback address. Setting the priority to 0 makes the router
ineligible to become the DR. To make an OSPF router the designated router, set the
priority with the highest value:
Example: Router(config)# ip ospf priority 100

Recalculating the database:

•

Calculate routes within the local AS using Type-1 and Type-2 LSAs.

•

Calculate routes to other ASs (inter-area routes) using Type-3 and Type-4
summary LSAs. Remember that a totally stubby area will not accept
summary LSAs.

•

Calculate routes to external networks using Type-5 LSAs. Remember that
stub and totally stubby areas will not accept Autonomous system LSAs.

Stub and Totally Stubby Area Similarities:

•

Inter-area routing is based on a default route (0.0.0.0).

•

The backbone area cannot be a stub area.

•

There can only be one exit point for a stub or totally stubby area - a single
ABR.

•

Routers within the area must be configured as stub routers or they will not
form neighbor adjacencies.

•

The area cannot be used for a transit area for virtual links to the backbone.

•

An ASBR cannot be internal to a stub area.

•

Typically used in a hub and spoke topology, with the spokes being remote
offices set-up as stub or totally stubby areas.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Stub and Totally Stubby Area Differences:

•

Both reduce the size of routing tables, although more so with totally stubby
areas.

•

Both will not accept Type-5 (autonomous system entries), and totally stubby
will also not accept Summary LSAs either (Type-3 and Type-4).

•

Totally stubby is Cisco proprietary.

•

Totally stubby area is preferable, since it increases stability and scalability
while reducing the routing information that must be maintained. Remember
that you cannot use totally stubby areas if there is a mixture of Cisco and
non-Cisco routers.

LSA Types:

•

Router link entry - This is a Type 1 LSA. Broadcast only in a specific area.
Contains all the default link state information. Generated by each router for
each area to which it belongs. It describes the states of the router’s link to
the area. These are only flooded within a particular area. The link status and
cost are two of the descriptors provided.

•

Network entry - This is a Type 2 LSA. Multicast to all area routers in a multi-
access network by the DR (Designated Router). Contains network specific
information. They describe the set of routers attached to a particular network
and are flooded only within the area that contains the network.

•

Summary entry - Type 3 LSAs have route information for the internal
networks and are sent to the backbone routers. Type 4 LSAs have information
about the ASBRs. This information is broadcast by the ABR, and it will reach
all the backbone routers.

•

Autonomous system entry - This is a Type 5 LSA. It come from the ASBR and
has information relating to the external networks.

No special commands are required to turn a router into an ABR or ASBR. The router
takes on this role by virtue of the areas to which it is connected. As a reminder, the
basic OSPF configuration steps are as follows and you would simply add another
network statement for the ABR or ASBR to cover another area.

To configure OSPF, do the following:

1. Enable global configuration mode

2. Enable OSPF on the ABR or ASBR router
3. Identify the ip networks and their areas

Enable OSPF on the router

Router(config)# router ospf process-id

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Remember that OSPF has a process ID (BGP, EIGRP and IGRP have AS numbers; RIP
requires neither)

Example: Router (config)# router ospf 1

Identify which IP networks on the router are part of the OSPF
network

Router(config-router)# network address wildcard-mask area area-id

Configuring Stub and Totally Stubby Areas (remember that an

ASBR cannot be internal to a stub area)

Configure a stub network
Router(config-router)# area area-id stub

Configure a totally stub network

Router(config-router)# area area-id stub no-summary

BGP (Border Gateway Protocol)

BGP is the routing protocol of the Internet. It comes in two flavors, internal and
external.

When to use BGP:

•

Connecting to two or more ISPs.

•

Multi-homing network that connects to more than one AS.

•

When you’re a monstrously huge ISP.

Attributes of BGP

•

Routers are considered to be peers or neighbors whenever they open up a
TCP session to exchange routing information.

•

When routers communicate for the first time, they exchange their entire
routing table. From then on, they send only incremental updates.

•

Uses TCP as its transport protocol, via port 179.

Configuring BGP

Enable BGP using a local BGP AS number assigned by InterNIC:
Router(config)# router bgp <AS-number>

Remember that BGP, EIGRP and IGRP have AS numbers (OSPF has a process ID, RIP
requires neither). Example: Router (config)# router bgp 1

All networks you want to advertise:
Router(config)# network <network-number>

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Specify BGP neighbors and peers (peers use the local BGP AS-number):
Router(config)# neighbor <address> remote-as <AS-number>

Clear the BGP information when you make a BGP configuration
change:

Router# clear ip bgp *.

Path Selection:

BGP will select one path as the best path. This path is put into the BGP routing table
and then propagated to its neighbors. The criteria for selecting the path for a
destination is:

•

If the path specifies a next hop that is not accessible the update is dropped.

•

The path with the largest weight is preferred.

•

If the weights are the same, the path with larger local preference is preferred.

•

If the local preference is the same, then prefer the path that originated on
this router.

•

If no route originated on this router, then prefer the one with shortest
AS-path.

•

If they have the same AS_path, then prefer the path with the lowest origin
path.

•

If the origin codes are the same, then prefer the path with the lowest MED.

•

If the MED is the same, then prefer an external path to an internal path.

•

If these are the same, then prefer a path through the closest IGP (Interior
Gateway Protocol) neighbor.

•

Lastly, prefer path with the lowest IP address, as specified by the BGP router
ID.

Three ways to set the weight of updates

•

Access lists

•

Neighbor weight command

•

Route map

BGP peering functions

A BGP peer group is a defined group of BGP neighbors that are configured to share
the same update policies. Instead of defining the same policies for each individual
neighbor, you define a peer group name and assign policies to the peer group itself.

IBGP

•

Exchanges information within the same AS between routers.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

Is more flexible, scalable, and more efficient for controlling the exchange of
information within an AS.

•

Shows a consistent view of the AS to external neighbors.

EBGP

•

Used when routers belong to different ASs and exchange BGP updates.

•

BGP Synchronization rule:

If an AS provides transit service to another AS, then BGP should not
advertise the route until all of the routers within this AS have learned
the route through the IGP.

•

When to disable synchronization:

Your AS does not transfer traffic from one AS to another.

All the transit routers on your AS are running BGP.

BGP synchronization

BGP must be synchronized with the IGP (Interior Gateway Protocol, such as OSPF or
EIGRP). To do this it waits until the IGP has propagated routing information across
the autonomous system before advertising transit routes to other ASs.

Scalability problems associated with internal BGP

Autonomous systems consisting of hundreds of routing nodes can pose a serious
routing management problem for network administrators. There are two good
methods for dealing with this situation; confederations and route reflectors.

Confederations

Confederations eliminate the need to fully mesh BGP communications by splitting a
single AS into what amount to sub-AS’s and using EBGP between them; although to
external AS’s the entire confederation grouping looks like a single AS.

Route Reflectors

Defined central points of distribution for routers within an AS. In other words, it
receives data and distributes it to other routers. This eliminates the need for a fully
meshed BGP environment.

Policy Routing

Policy routing is a means of controlling routes. It relies on the source, or source and
destination, of traffic rather than destination alone. Policy routing can be used to
control traffic inside an AS as well as between ASs. Policy routing is a glorified form
of static routing, and has many of the same types of problems.

Route Dampening Policy

A BGP feature that attempts to minimize the propagation of flapping routes (up,
down, up, down, etc.) across an internetwork. Penalties are assigned for each flap
and when the accumulated penalty reaches a specified limit, BGP suppresses further
advertisement of that route, even if it is back up. The accumulated penalty is
reduced over time and eventually the route is trusted again.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

EIGRP (Enhanced Interior Gateway Routing Protocol)

EIGRP is a stable and scalable Cisco proprietary protocol that combines the
advantages of link state and distance vector routing protocols. It supports automatic
route summarization and VLSM addressing.

EIGRP was designed to overcome scaling limitations of IGRP. This was achieved by
implementing:

•

The Diffusing Update Algorithm (DUAL)

•

Loop-free networks

•

Incremental updates

•

The holding of information about neighbors as opposed to the entire network

Types of Successors

•

Successor - A route selected as the primary route to use to reach a
destination. Successors are the entries kept in the routing table.

•

Feasible Successor - A backup route. Multiple feasible successors for a
destination can be retained, kept in topology table.

Features of EIGRP

•

Neighbor Discovery/Recovery: Routers dynamically learn of other routers on
their directly attached networks by sending a 'Hello Packet'. As long as the
neighbor receives these packets the router is assumed to be 'alive'.

•

Reliable Transport: Ordered delivery of EIGRP packets to neighbors is
guaranteed. For better efficiency, reliable transport is provided only when it is
needed.

•

DUAL (Diffusing Update Algorithm): Tracks all the routes advertised by all
neighbors. DUAL will use the metric to select an efficient path. It selects
routes to be inserted into the routing table based on feasible successors.

•

Protocol Dependent Modules: These are responsible for the network layer.
The IPX EIGRP module is responsible for sending and receiving EIGRP packets
that are encapsulated in IPX.

Tables

Neighbor table – The current state of all the router’s immediately adjacent
neighbors.

Topology table - This table is maintained by the protocol dependent modules and is
used by DUAL. It has all the destinations advertised by the neighbor routers.
Routing table - EIGRP chooses the best (successor) routes to a destination from the
topology table and places these routes in the routing table. The routing table
contains:

•

How the route was found

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

Destination network address and the subnet mask in prefix format

•

Administrative Distance: This is the metric or cost from the neighbor
advertising that particular route

•

Metric Distance: This is the cost or the metric from the router

•

The address of the next hop

•

How old the route is

•

Outbound interface designation

Choosing routes

DUAL selects primary and backup routes based on the composite metric and ensures
that the selected routes are loop free. The primary routes are then moved to a
routing table. The rest (up to 6) are stored in the topology table.

EIGRP uses the same composite metric as IGRP to determine the best path. The
default criteria used are:

•

Bandwidth - the smallest bandwidth cost between source and destination

•

Delay - cumulative interface delay along the path

•

Reliability - worst reliability between source and destination based on
keepalives

•

Load - load on a link between source and destination based on bits per
second on its worst link

•

MTU - the smallest Maximum Transition Unit

Configure Enhanced IGRP

Configure EIGRP for IP
Enable EIGRP and define the autonomous system
Router(config)# router eigrp autonomous-system-number

Remember that BGP, EIGRP and IGRP have AS numbers (OSPF has a process ID, RIP
requires neither). Example: Router (config)# router eigrp 1

Indicate which networks are part of the EIGRP autonomous system
Router(config-router)# network network-number

Define bandwidth of a link
Router(config-if)# bandwidth kilobits

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Desktop Protocols

IPX (Internet Packet Exchange)

IPX is Novell’s network layer protocol. An IPX address consists of two parts, the
network ID followed by a host ID taken from the MAC address of the device.
The default Cisco encapsulation type are:

•

Ethernet - Novell-Ether, the Novell-specific version of IEEE 802.2 standard

•

Token Ring – SAP

•

FDDI – SNAP

Other Ethernet Encapsulation Types and their Cisco

Equivalents.

Novell Frame Type

Cisco IOS Encapsulation Name

Ethernet_II

arpa

Ethernet_802.2 SAP

Ethernet_802.3 novell-ether

Ethernet_SNAP SNAP

Things to know:

•

The Cisco router does not forward SAP broadcasts, but constructs its own SAP
table and broadcasts that every 60 seconds (by default).

•

Only one encapsulation type is allowed per network. You can have several
networks running on the same wire, but they must have different network
addresses.

•

The IPX address is 80 bits long; 32 for network bits, 48 for host bits.

•

To load balance you must use the “ipx maximum-paths {number}” command
and all parallel paths must have the same tick count and the same hop counts
as the tick and hop counts are used by IPX as a metric.

To configure IPX routing you must:

1. Enable IPX routing
2. Assign IPX network numbers to interfaces

Example:

Router(config)# ipx routing
Router(config)# interface E0
Router(config-if)#ipx network badbed (network name in hexadecimal)

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Routing IPX

IPX can use these routing protocols:

•

Static Routes

•

IPX RIP – Similar to IP RIP

•

IPX EIGRP – The IPX version of Cisco’s proprietary routing protocols (see later

in this document)

•

IPX NLSP – An IPX link-state routing protocol

•

IPXWAN - A protocol that negotiates end-to-end options for new links before

IPX traffic can traverse the WAN link

IPX Split Horizon is not supported in any of the IPX feature sets
IPX supports load balancing; though not default, it must be configured

SAP (Service Advertisement Protocol)

Used when a server needs to advertise its availability. SAP updates can carry a
maximum default of seven services.

SAP entries are dependent on having a routing table entry. If a SAP entry has no
routing table reference, it will not be sent.

AppleTalk

The proprietary protocol stack developed by Apple Computer. Designed to be easy
to use for the end-user, it has often been seen as the bane of the Network Engineer.
Besides being complicated to configure, it is very chatty (a bandwidth hog).
AppleTalk can run over most physical media:

•

EtherTalk = running over Ethernet

•

TokenTalk = running over Token Ring

•

FDDITalk = running over, you guessed it, FDDI

There are two versions of AppleTalk:

•

Phase 1 – a limit of 254 nodes on a network and non-extended networks.

•

Phase 2 – created in 1989, overcomes the 254-node limit and runs over
extended networks. Cable ranges were added with a numbering scheme that
allows sequential network numbers acting as a single network.

AppleTalk Protocols

•

DDP (Datagram Delivery Protocol) – Layer 3 protocol. AppleTalk equivalent

to IP or IPX.

•

AARP (AppleTalk Address Resolution Protocol) – Equivalent to DHCP in the IP

world.

•

RTMP (Routing Table Maintenance Protocol) – A distance vector routing

protocol in which routes are exchanged only with immediate neighboring
routers. Sends routing table information every 10 seconds.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

AURP – (AppleTalk Update-based Routing Protocol) – An extension of RTMP

that enables tunneling of AppleTalk traffic through IP networks using
external routers that counts as one hop. Sends routing table information
every 30 seconds.

•

AppleTalk EIGRP – A version of the Cisco proprietary routing protocol for

AppleTalk.

Addressing

AppleTalk addresses are made up of 16-bit network numbers, 8-bit node numbers,
and 8-bit socket numbers.
Zone – A logical grouping of AppleTalk nodes.

Multicasting

PIM (Protocol Independent Multicast) – Used to forward multicast packets through a
network.

Other important Multicast protocols:

•

IGMP (Internet Group Management Protocol) – Standard protocol to manage
if multicast transmissions are passed to routed ports. One of the problems
with this is if a VLAN on a switch is set to receive, all the workstations on that
VLAN will get the multicast stream.

•

CGMP (Cisco Group Management Protocol) – Cisco proprietary protocols to
control the flow of multicast streams to individual VLAN port members. Solves
the problem sited above. Requires IGMP to be running on the router.

Performance Management

Queuing Methods
Weighted Fair Queuing (WFQ)

– Most basic queuing option that gives high-

volume traffic a lower priority than lower-volume traffic. For example, a time
sensitive SNA conversation would have a higher priority then a file transfer where
latencies will probably not be noticed. WFQ is enabled by default on all Cisco routers
with link speeds of less than E1 (2.048MB).

Priority Queuing

– Provides the software tools to define a hierarchy of need

between different types of traffic. There are four types of queues; high, medium,
normal and low. You can configure up to four of each type on a router, for a total of
16 queues. Unless otherwise defined, all traffic is normal. The person who
configures that queue can determine higher or lower levels of priority for different
types of traffic based on protocol or port number and data passing through the
router. Medium queue traffic will not be passed until high queue has been cleared;
the normal queue traffic will not be passed until medium queue traffic has been
cleared; etc. This can create a situation where a higher-level queue can monopolize
a link to the exclusion of lower level data and packets will be dropped.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Custom Queuing

– 16 queues are configured that operate in a round-robin

fashion. Each queue is allocated 1,500 bytes by default, although this can be
changed. When the appropriate number of bytes has been sent, the next queue is
addressed. If the byte count has been reached and a packet has not been
completely sent, it will continue to be sent; a packet will not be fragmented. In this
way it is possible to allocate a percentage of the bandwidth to a specific protocol. For
example, 50% of the bandwidth is reserved for IP, 25% for IPX and the remainder
for miscellaneous traffic. Because of the nature of Custom Queuing, no one queue
can monopolize the link to the exclusion of other queues.

WAN

Serial line conditions:

•

Serial 0 line is down, line protocol is down - No cable or modem is connected.

•

Serial 0 line is up, line protocol is up - The WAN service is working fine and
keepalives from the remote site are being sent and received.

•

Serial 0 line is up, line protocol is down - A cable is plugged into the router,
but no keepalives are being received from the remote router.

•

Serial 0 is administratively down, line protocol is down - The interface has to
have been enabled by the administrator.

ISDN

Provides digital service that runs over existing telephone networks. Normally used to
support applications requiring high-speed voice, video, and data communications for
home users, remote offices, etc.

Protocols standards

•

E specifies ISDN on existing telephone technology.

•

I specify concepts, terminology and services.

•

Q specifies switching and signaling.

Graphic 2
            TE1---|---S/T-----NT1---U---LT---V---ET
                   |
  TE2---R---TA--|

Equipment

•

TA – Terminal adapter converts from RS-232, V.35, and other signals into
BRI.

•

TE1|2 - Terminal equipment 1 (integrated TA, understands ISDN) or 2 (needs
TA, predates ISDN).

•

NT1 - Network termination type 1 – equipment that connects the subscription
4 wires to the 2 wire local loop.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

NT2 – Network termination type 1 – equipment that performs protocol
functions of the data link and network layers.

•

LT – Local Termination – portion of the local exchange that terminates the
local loop.

•

ET – Exchange Termination – portion of the exchange that communicates with
the ISDN components.

Reference Points

•

R reference points define the hand-off from non-ISDN equipment and the TA.

•

S reference points define hand-off from user terminals to an NT2.

•

T reference points define hand-off between NT1 and NT2.

•

U reference points define hand-off between NT1 and line-termination
equipment in a carrier network. (Only US/Japan, where NT1 not provided by
carrier).

Channels

•

B(earer) channel: Used for data transfer (voice or data).

•

D(ata) channel: Used for control/signaling information using LAPD.

Types of Equipment

•

CPE – Customer Premise Equipment (on-site).

•

DCE – Data Communications Equipment. The devices and connections that
make up the network end of the user-to-network interface.

•

DTE – Data Terminal Equipment. The devices and connections that make up
the user end of the user-to-network interface. Terminals, PCs, and routers
would be examples.

Flavors of ISDN

•

BRI – 2B /1D (D = 16kb)

•

PRI (T1) – 23B / 1D (D = 64kb)

•

E1 (Europe) – 30B / 1D (D = 64kb)

Things to Know

•

Encapsulation can be PPP, HDLC or LAPD, with the default encapsulation
method being HDLC. CHAP authentication is associated with PPP.

•

A SPID is similar to a telephone number and is provided by Telco.

ISDN Switch Types

•

basic-5ess – AT&T basic rate switches (USA)

•

basic-dms100 – NT DMS-100 (North America)

•

basic-nil – National ISDN-1 (North America)

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

basic-Itr6 – German ITR6 ISDN switches

•

basic-nwnet3 – Norwegian Net3 switches

•

basic-nznet3 – New Zealand Net3 switches

•

basic-ts013 - Australian TS013 switches

•

basic-net3 – Switch type for Net3 in UK and Europe

•

ntt – NTT ISDN switch (Japan)

•

vn3 – French VN3 ISDN switches

•

none – No specific switch specified

Frame-Relay

Frame-relay is a simple and streamlined layer2, connection-oriented access protocol,
meaning it only defines signaling and data formats between the DTE and the Frame
Relay Switch. It is closely related to X.25, but without the error correction and
retransmission overhead.

Things to Remember:

•

LMI - Local Management Interface - control protocol for PVC setup and
management. Frame-relay LMI types used in Cisco routers are ansi, cisco and
q933a (default is cisco).

•

The encapsulation types for frame-relay are cisco and Ietf (default is cisco).

•

Data-Link Connection Identifiers (DLCI’s), are assigned by the carrier.

•

Wide range of speeds from 56K over T1 (1.5Kbps) to DS3 (45Mbps)

•

FCS - Frame Check Sequence, similar to CRC. Appended to every frame for
simple error checking.

•

Frame Relay can use ISDN/LAPD, HDLC, and PPP.

These Provide Congestion Information:

•

Backward Explicit Congestion Notification (BECN) – Bit set by a frame relay
network in frames traveling in opposite direction of frames encountering a
congested path. DTE receiving frames with the BECN bit set can request
higher level protocols take flow control action.

•

Forward Explicit Congestion Notification (FECN) – Bit set by a frame relay
network to inform DTE receiving frame that congestion was experienced in
the path from source to destination.

•

Discard Eligible bit (DE) – A bit set by either the DTE or frame-relay switch
that marks this frame as a likely candidate to drop if there is congestion on
the line.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Likely Problems on a Frame Relay config:

•

LMI – Does not have to match end to end (default is Cisco), however, it must
match what the frame-relay cloud is using. This defines the parameters of
communication between the router and the frame-relay switch.

•

Encapsulation – Needs to match end to end (default is Cisco).

•

Frame map statement – The IP address here needs to be the next hop
address, and the DLCI number needs to be the local DLCI.

•

If you are able to see remote sites from a central site, but the remote sites
cannot see each other, poison reverse should be disabled on split horizon.

ATM (Asynchronous Transfer Mode)

Developed as a compromise between voice and data needs, ATM is commonly found
either on large telecom networks or built into networks that have a strong need for
QoS (Quality of Service) needs.
ATM uses Cells that are uniform in size - 53 bytes; 5 bytes for a header, and 48
bytes for payload. This allows a great deal of control over traffic and allows for Qos,
but is wasteful in that the header is a greater percentage of the traffic then in other
methods.
ATM is connection-oriented with traffic traveling from end-to-end over either:

•

SVC (Switched Virtual Circuits) – Dynamically created on-demand circuits.

•

PVC (Permanent Virtual Circuits) – Permanently allocated circuits that are
always established and active.

There are two types of interfaces:

•

NNI (Network-to-Network) – connections within the network cloud between
two ATM devices.

•

UNI (User-to-Network) – connects a workstation to an ATM switch.

There are four major layers in the ATM reference model (equivalent to the OSI
Model)

•

Higher layers – ATM signaling, addressing and routing.

•

AAL (ATM Adoption Layer) – Converts from higher level to ATM cells.

•

ATM – Defines ATM cell relaying and multiplexing.

•

Physical – Defines the physical network media and framing.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

LAN

Token Ring

Token Ring is an older technology that is still prevalent in modern day networking,
and should be reviewed carefully when preparing for the CCIE certification track,
both written and lab.

TR is defined in both the original IBM specification and IEEE 802.5 and comes in two
speeds, the original 4 Mbps and later 16 Mbps versions. Token Ring is installed as a
physical star configuration in that all stations are attached to a MAU (Multi-station
Access Unit, similar to a hub in Ethernet); but a logical ring in that the token which
provides permission to speak travels from node to node.

Token Ring Operation

1. A token frame is passed from station to station through the ring.
2. When a device has a need to transmit data, it must wait until the token can

be seized. A data frame is attached to the token and both the A and C bits are
set to 0.

3. The Token continues on its path from station to station until it reaches the

destination MAC address. The data frame is copied and the A and C bits are
changed to 1.

4. The Token once again resumes its travels and eventually returns to the

source device, which analyzes the A and C bits, and releases the token.

To review again the function of the control bits:

•

A-bit - Address Recognized (as a mnemonic device, think of this as the
acknowledgement bit, even though it isn’t). That the destination sets this bit
to 1 tells the source device that the destination machine was found.

•

C bit – Copy bit. That the destination changed this bit to 1 tells the source
device that the data frame was copied.

When the token returns, these bits will tell the sender that the destination received
the token and copied the data from the token. For example, if the A bit is set (1) and
the C bit is not (0), that would mean that the destination or receiving station is
recognized, but cannot copy the data from the frame.

Collisions are impossible in a Token Ring network that is functioning normally. The
only time you might see them is when an error condition exists.
Early token release can be enabled in the TR configuration. This allows the token to
be available as soon as the data has been delivered.

Token Ring Error Detection

The most common error condition in TR is a Beacon, which indicates a major
problem such as a cable break or a defective NIC.
One of the devices on the ring will be selected as the Active Monitor, which removes
orphaned data frames from the ring and regenerates tokens.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

Ethernet

Ethernet is the most common LAN technology currently available, and provides for
CSMA/CD, which will be explained later in this document. There are two flavors of
Ethernet: 802.3 and Ethernet version II. Both standards support multiple physical
media types. The primary differences are:

Ethernet II

•

Specifies a type field, which contains a two-byte field to indicate protocol type
of the contents of the data (IP, IPX, DEC, etc.).

•

Supports both layer 1 and 2 of the OSI model.

•

Supports only 10Mb.

802.3

•

Specifies a length field.

•

Does not contain any information about protocol type.

•

Has this information in the DSAP and SSAP (Destination Service Access
Protocol and Source Service Access Protocol) fields.

•

Supports all of the OSI layer 1 functionality, and parts of layer 2.

•

Supports 10Mb, 100Mb, and 1,000Mb (Gigabit Ethernet).

CSMA/CD

Since only one device can “talk” on an individual Ethernet segment, CSMA/CD is
used anytime two or more stations share the same segment and, by extension,
available bandwidth. CSMA/CD listens before transmitting. If a collision occurs it
backs off the clear line, waits a random period of time, and attempts to transmit
again.

EtherChannel

EtherChannel is a Cisco proprietary method for aggregating the bandwidth of up to
four Fast Ethernet channels on a switch and having them appear to be one logical
connection. The requirements are that all the ports be in the same VLAN, have the
same speed and duplex settings, and if the switch is not a Cat6000, that contiguous
ports be used. Besides increasing the bandwidth available between devices, this also
adds a level of protection, because if one of the links within the EtherChannel were
to go down, the traffic would continue to pass at the reduced rate without
interruption.

FDDI (Fiber Data Distributed Interface)

FDDI, and its copper cousin, CDDI represent an older technology that was the
standard for backbone connectivity for some years. It is still found in many legacy

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

networks, and is still relevant in both real-life situations and in preparation for the
CCIE track.

It is based on a token-passing scheme similar to Token Ring, but with dual counter-
rotating rings that provide redundancy in the event of a fiber (or copper in the case
of CDDI) cut. The primary ring carries traffic; the secondary is the backup link. The
rings have a speed of 100Mbps, which was perfectly acceptable in the backbone until
the introduction of inexpensive Fast Ethernet and Gigabit Ethernet.
There are two types of devices on the network:

•

DAS (Dual-Attached Station) – which would be attached directly to both rings.

•

SAS (Single-Attached Station) - which would be connected to a concentrator.

Security

AAA (Authentication, Authorization and Accounting)

A standard feature set of software security tools that identify when users are logged
into a router; control each user’s authority level; and monitor user activity to provide
accounting information.

TACACS (Terminal Access Controller Access Control System)

•

A centralized validation service that accepts or rejects user name and
password pairs.

•

TACACS+ uses TCP for transport and the entire body of TACACS+ packets is
encrypted if a there is a shared key on the router and server.

•

TACACS+ can log every command that is entered at the router exec
command.

•

Works with PPP or CHAP authentication.

•

Transmits passwords in clear text.

•

TACACS+ can pass caller ID or called party values from NAS to the server.

•

TACACS+ requires AAA, although earlier versions, TACACS and Extended
TACACS did not work with AAA.

RADIUS (Remote Authentication Dial-In User Service)

•

A client-server based protocol that accepts or rejects a user name and
password pairs.

•

Works with PPP or CHAP authentication.

•

Transmits passwords encrypted by MD5 algorithm when they are sent across
the data network.

•

Server component can run on a Microsoft NT or Unix host.

•

Used with AAA to enable authentication, authorization and accounting.

BrainBuzz Cramsession: Cisco Certified Internetwork Expert

More study guides and information available at

www.cramsession.brainbuzz.com

•

User names and passwords are encrypted.

PIX (Private Internet Exchange) Firewall

A Cisco hardware and software platform that prevents unauthorized connections
between two networks based on a defined security policy. It most commonly sits
between a company’s internal network and the Internet.

Multiservice

Voice/Video Protocols
Erlang B

– A traffic model used by telephone system designers to estimate

the number of lines required for trunks.

H.323

– Standard for real-time multimedia communications and conferencing over

packet-based networks.

SS7 (Signaling System 7)

– International standard for common channel

signaling between PSTN (Public Switch Telephone Network) switches. This standard
provides for out-of-band signaling and is responsible for routing, link status, and
connection control. 1-800 calls, local phone number portability, in-network phone
mail and portable phone roaming all are defined by SS7.

RTP (Real-time Transport Protocol)

– Provides support for applications

with real-time properties such as video or voice over IP.

Compression

The compress {predictor | stac} command can be used to enhance service on slow
point-to-point links using HDLC, PPP, and LAPB. This will cause an increase in CPU
utilization on the router.

Special Thanks to

Dennis Laganiere

for

contributing this Cramsession. Make sure

to visit his site at:

http://www.routedpacket.com

Document Outline