This chapter covers the following topics that you will need to master as a CCNA:

•

The TCP/IP protocol suite is very important in networks today.

This section covers several portions of the protocol suite, including TCP, UDP, ARP,

ICMP, FTP, and TFTP.

•

IP addressing is absolutely the most important

topic on the CCNA exam. This section takes a detailed look at IP addressing and

outlines five different types of questions the CCNA exam uses to test your knowledge.

•

This section covers the configuration commands required for IP

addressing and name resolution on a Cisco router.

•

The Novell NetWare protocol suite is the other

major protocol suite covered in detail on the CCNA exam. This section covers IPX

addressing and routing and also discusses the concepts and parameters used for the

varied IPX encapsulation options.

•

This section covers the IOS commands used for configuration

of IPX features.

TCP/IP is the most important protocol covered on the CCNA exam and is the protocol used

most often in networks today. This chapter covers the TCP/IP protocols as well as IP

addressing and subnetting. Cisco expects CCNAs not just to know IP addressing and

routing, but also to know the concepts behind many other TCP/IP protocols. In addition,

CCNAs should be able to easily recall the commands used to examine the details of IP

processing in a router. Of course, Cisco also requires you to continually prove your

understanding of IP subnetting on the CCNA exam and on almost all other Cisco exams.

This chapter also covers Novell’s NetWare protocols. NetWare protocols have been well

established and widely implemented for more than a decade. Very few changes that affect

the router’s role in forwarding NetWare traffic have been made in the last four years.

Routing is straightforward; if you understand IP routing, then you likely will find IPX

routing easy to grasp. Of course, this book also assumes that you have completed the ICND

course or have logged equivalent experience, so the text is written under the assumption that

NetWare protocols are not new to you. This chapter briefly reviews the main concepts,

clarifies the trickiest details, and helps you refine your retention and recall with questions

and scenarios.

By taking the following steps, you can make better use of your study time:

•

Keep your notes and the answers for all your work with this book in one place, for

easy reference.

•

Take the “Do I Know This Already?” quiz, and write down your answers. Studies

show that retention is significantly increased through writing down facts and

concepts, even if you never look at the information again.

•

Use the diagram in Figure 5-1 to guide you to the next step.

Chapter 5: Network Protocols

The purpose of the “Do I Know This Already?” quiz is to help you decide what parts of this

chapter to use. If you already intend to read the entire chapter, you do not necessarily need to

answer these questions now.

This 16-question quiz helps you determine how to spend your limited study time. The quiz is

sectioned into four smaller four-question “quizlets,” which correspond to the four major

headings in the chapter. Figure 5-1 outlines suggestions on how to spend your time in this

chapter. Use Table 5-1 to record your score.

1 TCP/IP Protocols 1 to 4

2 IP Addressing and Subnetting 5 to 8

3 IP Configuration 9 to 12

4 IPX Addressing and Routing

IPX Configuration

13 to 16

All questions 1 to 16

“Do I Know This Already?” Quiz

What do TCP, UDP, IP, and ICMP stand for? Which protocol is considered to be

Layer 3-equivalent when comparing TCP/IP to the OSI protocols?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Describe how TCP performs error recovery. What role do the routers play?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Does FTP or TFTP perform error recovery? If so, describe the basics of how error

recovery is performed.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

How many TCP segments are exchanged to establish a TCP connection? How many

are required to terminate a TCP connection?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Given the IP address 134.141.7.11 and the mask 255.255.255.0, what is the subnet

number?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Chapter 5: Network Protocols

Given the IP address 134.141.7.11 and the mask 255.255.255.0, what is the subnet

broadcast address?

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

Given the IP address 200.1.1.130 and the mask 255.255.255.224, what are the

assignable IP addresses in this subnet?

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

Given the IP address 220.8.7.100 and the mask 255.255.255.240, what are all the

subnet numbers if the same (static) mask is used for all subnets in this network?

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

Create a minimal configuration enabling IP on each interface on a 2501 router (two

serial, one Ethernet). The NIC assigned you network 8.0.0.0. Your boss says that you

need, at most, 200 hosts per subnet. You decide against using VLSM. Your boss says

to plan your subnets so that you can have as many subnets as possible, rather than

allow for larger subnets later. You decide to start with the lowest numerical values for

the subnet number you will use. Assume that point-to-point serial links will be

attached to this router and that RIP is the routing protocol.

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

Describe the question and possible responses in setup mode when a router wants to

know the mask used on an interface. How can the router derive the correct mask

from the information supplied by the user?

__________________________________________________________________

__________________________________________________________________

__________________________________________________________________

“Do I Know This Already?” Quiz

Define the purpose of the

command. What type of messages does it send, and

what type of ICMP messages does it receive?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

What causes the output from an IOS

command to display “UUUUU?”

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

How many bytes comprise an IPX address?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Give an example of an IPX network mask used when subnetting.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Create a configuration enabling IPX on each interface, with RIP and SAP enabled

on each as well, for a 2501 (two serial, one Ethernet) router. Use networks 100, 200,

and 300 for interfaces S0, S1, and E0, respectively. Choose any node values.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

What

command lists the IPX address(es) of interfaces in a Cisco router?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

Chapter 5: Network Protocols

The answers to this quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’

Quizzes and Q&A Sections,” on page 724. The suggested choices for your next step are as

follows:

•

—Read the entire chapter. This includes the “Foundation Topics”

and “Foundation Summary” sections, the Q&A section, and the scenarios at the end of the

chapter.

•

—Review the subsection(s) of the “Foundation Topics” part of

this chapter, based on Table 5-1. Then move into the “Foundation Summary” section, the

Q&A section, and the scenarios at the end of the chapter.

•

—Begin with the “Foundation Summary” section, and then go to the

Q&A section and the scenarios at the end of the chapter.

•

—If you want more review on these topics, skip to the

“Foundation Summary” section, and then go to the Q&A section and the scenarios at the

end of the chapter. Otherwise, move to the next chapter.

TCP/IP Protocols

CCNAs work with multiple protocols on a daily basis; none of these is more important than

TCP/IP. This section examines the TCP, UDP, ICMP, and ARP protocols in detail. TCP and

UDP are the two transport layer (Layer 4) protocols most often used by applications in a

TCP/IP network. ICMP and ARP are actually parts of the network layer (Layer 3) of TCP/IP

and are used in conjunction with IP. As you’ll see on the exam, IP addressing is something that

all CCNAs must master to confidently pass the exam. Due to the importance of IP, IP addressing

will be covered in great detail in the next section of this chapter.

One common feature of routing is to discard packets for a variety of reasons. For instance, no

route might match the packet, or there may not be enough buffer space in the router to store

the packet until the next link is available. Layer 3 protocols do not typically provide for

retransmission; a typical commentary is, “That’s done by some higher-layer protocol.”

To pass the CCNA exam, you must understand how one popular “higher-layer” protocol does

error recovery—namely, the Transmission Control Protocol (TCP). Defined in RFC 793, TCP

performs error recovery as well as other features, including these:

•

Data transfer

•

Multiplexing

•

Error recovery (reliability)

•

Flow control using windowing

•

Connection establishment and termination

TCP accomplishes these goals via mechanisms at the endpoint computers. TCP relies on IP for

end-to-end deliveries of the data, including routing issues. In other words, TCP performs only

part of the functions necessary to deliver the data between applications.

Figure 5-2 shows the fields in the TCP header. Not all the fields will be described in this text,

but several fields will be referred to in this section. The Internetworking Technologies

Multimedia (ITM) CD, which is a suggested prerequisite for the exam, lists the fields with a

brief explanation, as does the Cisco Press book on which ITM is based:

.

Chapter 5: Network Protocols

Ordered Data Transfer

As with other functions in any protocol stack, TCP provides service for the next-higher layer.

The TCP/IP protocol stack has only four layers, so TCP’s next-higher layer is the application

layer. Therefore, TCP data transfer implies delivering data from one application to another.

(The TCP/IP application layer performs functions similar to the upper three layers of the OSI

model.) Applications use TCP services by issuing programmatic calls to TCP, supplying the

data to be sent, the destination IP address, and a port number that identifies the application that

should receive the data. The port number, along with the destination IP address and the name

of the transport layer protocol (TCP), form a socket.

TCP accomplishes data transfer by establishing a connection between a socket on each of the

endpoint computers.

A socket source/destination pair uniquely identifies a

relationship between two applications in a network. TCP manages the ordered transfer of data

between these two sockets, using IP services to deliver the data.

Multiplexing

In this context, multiplexing refers to the choices made upon receipt of data. TCP’s

multiplexing task is to decide which application layer process to give the data to, after the data

is received. For example, in Figure 5-3, Larry is a multiuser system in which two users have

TCP/IP Protocols

telnetted to Curly. The socket used by the Telnet server on Curly consists of an IP address, the

transport layer protocol in use, and a port number—in this case, 10.1.1.3, TCP, 23. Because data

coming from both Telnet clients is sent to that socket, Curly cannot distinguish which client has

sent data to the Telnet server based on only Curly’s socket. For the Telnet server to know which

connection the data is coming over, the combination of the socket at the server and the socket

at the client is used to uniquely identify connection. For example, Client 1 uses socket 10.1.1.1,

TCP, 1027; Client 2 uses socket 10.1.1.1, TCP, 1028. Now Curly can distinguish between the

two clients. So, TCP uses the socket connection between the two sockets to perform

multiplexing.

Port numbers are a vital part of the socket concept. Well-known port numbers are used by

servers; other port numbers are used by clients. Applications that provide a service, such as FTP,

Telnet, and Web servers, open a socket using a well-known port and listen for connection

requests. Because these connection requests from clients are required to include both the source

and the destination port numbers, the port numbers used by the servers must be well known.

Therefore, each server has a hard-coded well-known port number, as defined in the well-known

numbers RFC. On client machines, where the requests originate, any unused port number can

be allocated. The result is that each client on the same host uses a different port number, but a

server uses the same port number for all connections. For example, 100 Telnet clients on the

same host would each use a different port number, but the Telnet server, with 100 clients

connected to it, would have only one socket and therefore only one port number. The

combination of source and destination sockets allows all participating hosts to distinguish

the source and destination of the data. (Look to www.rfc-editor.org to find RFCs such as

the well-known numbers RFC 1700.)

Chapter 5: Network Protocols

Table 5-2 summarizes the socket connections as shown in Figure 5-3.

In this context, multiplexing is defined as the process of choosing which application receives

the data after it is received by lower-layer protocols. Consider that definition with the four

socket connections in Table 5-2, for packets destined to the server (Curly). All destination

socket information is for 10.1.1.3, with TCP, but the use of different port numbers allows Curly

to choose the correct service to which to pass the data. Also notice that the port numbers do not

have to be unique. The FTP client on Moe and the Telnet Client 1 on Larry both use port 1027,

but their sockets are unique because each uses a different IP address. Also, when the Telnet

servers send data back to Clients 1 and 2, Larry knows how to multiplex to the correct client

application because each uses a unique port number on Larry.

Error Recovery (Reliability)

Reliable data transfer is one of the most important and most typically remembered features

of TCP. To accomplish reliability, data bytes are numbered using the sequence and acknowledgment

fields in the TCP header. TCP achieves reliability in both directions, using the

sequence number field of one direction combined with the acknowledgment field in the

opposite direction. Figure 5-4 shows the basic operation.

Telnet client 1 to server (10.1.1.1, TCP, 1027) (10.1.1.3, TCP, 23)

Telnet client 2 to server (10.1.1.1, TCP, 1028) (10.1.1.3, TCP, 23)

FTP client to FTP server (10.1.1.2, TCP, 1027) (10.1.1.3, TCP, 21)

Web client to Web server (10.1.1.2, TCP, 1029) (10.1.1.3, TCP, 80)

In Figure 5-4, the acknowledgment field in the TCP header sent by the Web server implies the

next byte to be received; this is called

. The sequence number reflects

the number of the first byte in the segment. In this case, each TCP segment is 1000 bytes in

length; the sequence and acknowledgment fields count the number of bytes.

TCP/IP Protocols

Figure 5-5 depicts the same scenario, but the second TCP segment was lost or in error. The Web

server’s reply has an ACK field equal to 2000, implying that the Web server is expecting byte

number 2000 next. The TCP function at the Web client could then recover lost data by resending

the second TCP segment. The TCP protocol allows for resending just that segment and then

waits, hoping that the Web server will reply with an acknowledgment that equals 4000. TCP

also allows the resending host to begin with a segment in error and resend all TCP segments.

Flow Control Using Windowing

TCP implements flow control by taking advantage of the sequence and acknowledgment fields

in the TCP header, along with another field called the

field. This window field implies

the maximum number of unacknowledged bytes outstanding at any instant in time. The window

starts small and then grows until errors occur. The window then “slides” up and down based on

network performance. When the window is full, the sender will not send, which controls the

flow of data. Figure 5-6 shows windowing, with a current window size of 3000. Each TCP

segment has 1000 bytes of data.

Notice that the Web client must wait after sending the third segment because the window is

exhausted. When the acknowledgment has been received, another window can be sent. Because

there have been no errors, the Web server grants a larger window to the client, so now 4000

bytes can be sent before an acknowledgment is received by the client. In other words, the

window field is used by the receiver to tell the sender how much data it can send before the next

acknowledgment. As with other TCP features, windowing is symmetrical—both sides send and

receive, and in each case the receiver grants a window to the sender using the window field.

Chapter 5: Network Protocols

Windowing does not require that the sender stop sending in all cases, as is shown in Figure

5-6. If an acknowledgment is received before the window is exhausted, the sender continues to

send data until the current window is exhausted. With no errors or congestion, the sender can

send continually after the initially small window has been increased.

Connection Establishment and Termination

Connection establishment is the last TCP function reviewed in this section, but it occurs before

any of the other TCP features can begin their work. Connection establishment refers to the

process of initializing sequence and acknowledgment fields and agreeing to the port numbers

used. Figure 5-7 shows an example of connection establishment flow.

TCP/IP Protocols

This three-way connection establishment flow must complete before data transfer can begin.

The connection exists between the two sockets, although there is no single socket field in the

TCP header. Of the three parts of a socket, the IP addresses are implied based on the source and

destination IP addresses in the IP header. TCP is implied because a TCP header is in use, as

implied by the protocol field value in the IP header. Therefore, the only parts of the socket that

need to be encoded in the TCP header are the port numbers.

Two single-bit portions of the flags field of the TCP header are used to signal the three-step

process for connection establishment. Called the SYN and ACK flags, these bits have a

particularly interesting meaning. SYN means, “Synchronize the sequence numbers,” which is

one necessary component in initialization for TCP. The ACK field means “the acknowledgment

field is valid in this header.” Until the sequence numbers are initialized, the acknowledgment

field cannot be very useful. Also notice that in the initial flow in Figure 5-7, no acknowledgment

number is shown—this is because that number is not valid yet. Because the ACK field must be

present in all the ensuing segments, the ACK bit will continue to be set until the connection is

terminated.

The sequence and acknowledgment number fields are initialized to any number that fits into

the 4-byte fields; the actual values shown in Figure 5-7 are simply example values. The

initialization flows are each considered to have a single byte of data, as reflected in the

acknowledgment number fields in the example.

Figure 5-8 shows TCP connection termination.

This four-way termination sequence is straightforward and uses an additional flag, called the

FIN bit. (FIN is short for “finished,” as you might guess.) One interesting note: Before the

device receiving the first FIN segment sends the third flow in the sequence, TCP notifies the

application that the connection is coming down. TCP waits on an acknowledgment from the

application before sending the segment. That’s why the second flow is required: To

acknowledge the first so that the side taking down the connection doesn’t start resending the

first TCP segment.

TCP Function Summary

Table 5-3 summarizes TCP functions.

The CCNA exam requires that you be able to compare and contrast the User Datagram Protocol

(UDP) with TCP. UDP was designed to provide a service for applications in which messages

could be exchanged. Unlike TCP, UDP provides no reliability, no windowing, and no function

to ensure that the data is received in the order in which it was sent. However, UDP provides

some functions of TCP, such as data transfer and multiplexing, and it does so with fewer bytes

of overhead in the UDP header.

UDP multiplexes use port numbers in an identical fashion to TCP. The only difference in UDP

(compared to TCP) sockets is that instead of designating TCP as the transport protocol, the

transport protocol is UDP. An application could open identical port numbers on the same host

but use TCP in one case and UDP in the other. This is not typical but certainly is allowed.

Servers that allow use of TCP and UDP reserve the use of the same port number for each, as

shown in the assigned numbers RFC (currently RFC 1700—www.isi.edu/in-notes/rfc1700.txt).

UDP data transfer differs from TCP in that no reordering or recovery is accomplished.

Applications using UDP are tolerant of the lost data, or they have some application mechanism

to recover lost data. For example, Domain Name System (DNS) requests use UDP because the

user will retry an operation if the DNS resolution fails. The Network File System (NFS)

performs recovery with application layer code, so UDP features are acceptable to NFS.

Data transfer Continuous stream of ordered data.

Multiplexing Function that allows receiving hosts to decide the

correct application for which the data is destined,

based on the port number.

Error recovery (reliability) Process of numbering and acknowledging data

with sequence and acknowledgment header fields.

Flow control using windowing Process that uses window sizes to protect buffer

space and routing devices.

Connection establishment and termination Process used to initialize port numbers and

sequence and acknowledgement fields.

Table 5-4 contrasts typical transport layer functions as performed (or not performed) by UDP

or TCP.

Figure 5-9 shows TCP and UDP header formats. Note the existence of both source and

destination port number fields in the TCP and UDP headers, but the absence of sequence

acknowledgment fields in the UDP header, as shown in Figure 5-9. UDP does not need these

fields because it makes no attempt to number the data for acknowledgments or resequencing.

Data transfer Continuous stream of ordered

data

Message (datagram) delivery

Multiplexing Receiving hosts decide the

correct application for which the

data is destined, based on port

number

Receiving hosts decide the

correct application for which the

data is destined, based on port

number

Reliable transfer Acknowledgment of data

using the sequence and

acknowledgment fields in the

TCP header

Not a feature of UDP

Flow control Process used to protect buffer

space and routing devices

Not a feature of UDP

Connections Process used to initialize port

numbers and other TCP header

fields

UDP is connectionless

UDP gains some advantages over TCP by not using the sequence and acknowledgment fields.

The most obvious advantage of UDP over TCP is that there are fewer bytes of overhead. Not as

obvious is the fact that UDP does not require waiting on acknowledgments or holding the data

in memory until it is acknowledged. This means that UDP applications are not artificially

slowed by the acknowledgment process, and memory is freed more quickly.

One common problem that CCNAs deal with on a regular basis is this: Given some Layer 3

address, what is its corresponding Layer 2 address? Address Resolution Protocol (ARP) is the

process by which this question is answered for an IP host on a LAN.

ARP is needed because to send an IP packet across some LAN, the data link header and trailer

(which encapsulate the packet) must first be created. The source MAC address in this new

header is known, but the destination MAC is not known in advance; ARP is the method IP uses

to discover the destination MAC address. Figure 5-10 shows an example of the ARP process.

The ARP reply includes Barney’s MAC address in this example. An ARP cache holds the ARP

entries (IP address and MAC address in each entry) for each interface. If packets are flowing in

and out the interface from and to the IP address, the cache entry stays fresh. After a period of

disuse for an entry, the entry in the table is removed. Any need to send packets to that IP address

out that same interface after the ARP entry times out will require another ARP exchange.

From an architecture perspective, ARP is a Layer 3 function and is defined in RFC 826. From

a programming perspective, ARP calls the LAN data link layer code, which is indicative of a

Layer 3 protocol. Note the location of ARP in the architectural model in Figure 5-11.

The CCNA exam requires that you know both the general concepts and several specifics about

the name—ICMP helps control and manage the work of IP and therefore is considered to be

part of TCP/IP’s network layer. RFC 792 defines ICMP and includes the following excerpt,

which describes the protocol well:

Occasionally a gateway or destination host will communicate with a source host, for

example, to report an error in datagram processing. For such purposes this protocol, the

Internet Control Message Protocol (ICMP), is used. ICMP uses the basic support of IP as

if it were a higher level protocol; however, ICMP is actually an integral part of IP, and

must be implemented by every IP module.

Several ICMP messages are in use in even the smallest IP network, so Cisco requires CCNAs

to be familiar with several of these messages. Table 5-5 lists several ICMP messages, with the

ones most likely to be on the exam noted with an asterisk. Not surprisingly, these are the same

messages used most often. The Destination Unreachable, Time Exceeded, and Redirect

messages will be described in more detail following Table 5-5.

*Destination Unreachable This tells the source host that there is a problem delivering a

packet.

*Time Exceeded The time it takes a packet to be delivered has become too long; the

packet has been discarded.

Source Quench The source is sending data faster than it can be forwarded; this

message requests that the sender slow down.

* More likely to be on the CCNA exam.

Each ICMP message contains a Type field and a Code field, as shown in Figure 5-12. The Type

field implies the message types from Table 5-5. The Code field implies a subtype; serial

subtypes will be shown in the following examples.

*Redirect The router sending this message has received some packet for

which another router would have had a better route; the message

tells the sender to use the better router.

Parameter Problem This is used to identify a parameter that is incorrect.

Timestamp This is used to measure roundtrip time to particular hosts.

Address Mask Request/Reply This is used to inquire about and learn the correct subnet mask to

be used.

Router Advertisement and

Selection

This is used to allow hosts to dynamically learn the IP addresses

of the routers attached to the subnet.

Destination Unreachable ICMP Message

unreachable message. All five code types pertain directly to some IP, TCP, or UDP feature and

are better described by using Figure 5-13 as an example network.

Assume that Fred is trying to connect to the Web server, which uses TCP as the transport layer

protocol. Three of the ICMP unreachable codes would possibly be used by Routers A and B.

The other two codes would be used by the Web server. These ICMP codes would be sent to Fred

as a result of the packet originally sent by Fred.

A code meaning “Network Unreachable” would be used by Router A if Router A did not have

a route to 10.1.2.0/24. The message would be sent by Router A to Fred, in response to Fred’s

packet destined to 10.1.2.14.

Host Unreachable is a code used if that single host is unavailable. If Router A had a route to

10.1.2.0/24, the packet would get to Router B. However, if the Web server is down, Router B

will not get an ARP reply from Web; Router B will send an unreachable back to Fred, with the

Host Unreachable code field.

Can’t Fragment is the third unreachable code that is likely to be sent by a router. If Router A or

Router B needed to fragment the packet, but the Do Not Fragment bit was set in the IP header,

the router would send an unreachable back to Fred with the Can’t Fragment value in the code

field.

If the packet successfully arrives at the Web server, two other unreachable codes are possible.

One implies that the protocol above IP, typically TCP or UDP, is not running on that host. This

is highly unlikely today. If true, this host would reply with an unreachable with the code field

value implying Protocol Unavailable. The final code field value is more likely today. If the

server was up but the Web server software was not running, the TCP/IP code on the server

would reply with an unreachable with the code field implying Port Unavailable. In other words,

the Web server software has not opened a listening socket connection using the Web server

well-known port of 80.

Cisco IOS documentation and configuration commands sometimes treat each different code

something like an “ICMP host unreachable” message. There is no such message, but there is a

“destination unreachable” with the Host Unreachable code set. The exam probably will not

expect you to know that there is no Host Unreachable message, though.

Table 5-6 summarizes the ICMP unreachable codes.

Network

Unreachable

There is no match in a routing table for the destination of the

packet.

Router

Host Unreachable The packet can be routed to a router connected to the

destination subnet, but the host is not responding.

Router

Time Exceeded ICMP Message

The CCNA exam requires that you understand how routing protocols avoid creating routing

loops. However, if a loop occurs, the Time To Live (TTL) field in the IP header is used to time

out looping packets so that the packets do not loop forever.

The Time Exceeded ICMP message is used in conjunction with the IP TTL header field. One

of the two codes for Time Exceeded will be described here—namely, the Time To Live (TTL)

code option.

ceremony in which they were cremated; the reason was for population control. Logan turned 30

and decided that he did not like the rules—so he ran.

counter expires, so does the packet. Each router decrements the TTL field in each packet header.

(The router does not actually calculate a time that should be decremented; it just decrements by

The TTL exceeded option is used in a message generated by the router that discards the packet

when TTL expires. The router sends the “ICMP Time Exceeded, code Time To Live Exceeded”

message to the originator of the discarded packet. TTL is used to ensure that packets that are

looping do not do so forever. TTL exceeded lets the originating host know that a routing loop

may be occurring.

sending IP packets (with a UDP transport layer) with TTL set to 1, an “ICMP Time Exceeded”

message is returned by the first router in the route. That’s because that router decrements TTL

command learns the IP address of the first router by receiving the “TTL exceeded” message

Can’t Fragment The packet has the Don’t Fragment bit set, and a router must

fragment to forward the packet.

Router

Protocol

Unreachable

The packet is delivered to the destination host, but the

transport layer protocol is not available on that host.

Endpoint host

Port Unreachable The packet is delivered to the destination host, but the

destination port has not been opened by an application.

Endpoint host

router forwards these packets, but the second router discards it and sends a “TTL exceeded”

message as well. Eventually, a set of packets is delivered to the destination, which sends back

use a destination port number that is very unlikely to be used so that the destination host will

return the “port unreachable” message. The “ICMP port unreachable” message signifies that the

packets reached the true destination host, without having TTL exceeded. Example 5-1 shows a

The commands were performed in the network in Figure 5-13.

Redirect ICMP Message

ICMP redirect messages provide a very important element in routed IP networks. Many hosts

are preconfigured with a default router IP address. When sending packets destined to subnets

other than the one to which they are directly connected, these hosts send the packets to their

default router. If there is a better local router to which the host should send the packets, an ICMP

redirect can be used to tell the host to send the packets to this different router.

For example, in Figure 5-14, the PC uses Router B as its default router. However, Router A’s

route to subnet 10.1.4.0 is a better route. (Assume use of mask 255.255.255.0 in each subnet in

Figure 5-14.) The PC sends a packet to Router B (Step 1 in Figure 5-14). Router B then

forwards the packet based on its own routing table (Step 2); that route points through A, which

has a better route. Finally, Router B sends the ICMP redirect message to the PC (Step 3), telling

it to forward future packets destined for 10.1.4.0 to Router A instead. Ironically, the host can

ignore the redirect and keep sending the packets to Router B.

In summary, ICMP defines several message types and several subtypes, called codes. Popular

use of terminology treats each differing code as a different message; the exam is likely to treat

these codes as different messages as well, although it is unlikely that the level of granularity

will be important toward getting the right answer. Pay particular attention to the messages

denoted with asterisks in Table 5-5. Finally, RFC 792 is a short and straightforward RFC to read

if you want more information.

Type escape sequence to abort.

Tracing the route to 10.1.2.14

1 10.1.3.253 8 msec 4 msec 4 msec

2 10.1.2.14 12 msec 8 msec 4 msec

RouterA#

___________________________________________________________________________

RouterB#

ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)

ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)

ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)

ICMP Echo Request and Echo Reply

when people say that they sent a ping packet, they really mean that they sent an ICMP Echo

Request. These two messages are very much self-explanatory. The Echo Request simply means

that the host to which it is addressed should reply to the packet. The Echo Reply is the ICMP

message type that should be used in the reply. The Request includes some data, which can be

Echo Reply.

destination address, and it also enables you to set other fields in the IP header. Example 5-6,

File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) are two popularly used

file transfer protocols in a typical IP network. Most users use FTP, whereas router and switch

administrators use TFTP. Which is “better” depends partially on what is being done. A more

important question may typically be, “Which is supported on the devices that need to transfer

the file?” Given a choice today, most users will choose FTP because it has many more robust

features. TFTP is a favorite of router administrators, however, because the IOS does not support

FTP as an application.

FTP

FTP is a TCP-based application that has many options and features, including the capabilities

to change directories, list files using wildcard characters, transfer multiple files with a single

command, and use a variety of character sets or file formats. More important in this context is

the basic operation of FTP. Figures 5-15 and 5-16 show a typical FTP connection—or, better

stated, connections:

client) asks to connect to an FTP server, a TCP connection is established to the FTP server’s

well-known port (21). The connection is established like any other TCP connection. The user

is typically required to enter a user name and password, which the server uses to authenticate

the files available to that user for read and write permissions. This security is based on the file

security on the server’s platform. Access to files on the client side is implied by the environment

from which the client created the FTP connection; again, this is dependent on the operating

system on the client platform. All the commands used to control the transfer of a file are sent

across this connection—hence the name FTP control connection.

At this point, the user has a variety of commands available to enable settings for transfer, change

connection process.

As shown in Figure 5-16, another TCP connection is established, this time to well-known port

20. Using this convention, a file can be transferred without getting in the way of the control

connection. If many files are to be transferred rather than make a single control/data connection

for each file, the control connection is made once. The environment is defined using the control

connection, and these settings affect the functioning of the data connection. For instance, the

default directory to use in future transfers can be defined using commands on the control

connection, as well as the type of data (binary or ASCII). The control connection stays up until

the user breaks it. While the control connection is up, a separate data connection is established

for each file transfer.

An additional step helps prevent hackers from breaking in and transferring files, as shown in

Figure 5-16. Rather than just creating a new connection, the client tells the server with an

application layer message what port number will be used for the new connection. The server

will not transfer the file (zzz, in this case) over any other data connection except the one to the

correct socket—the one with the client’s IP address, TCP, and the port number declared to the

server (1031, in this case).

TFTP

Trivial File Transfer Protocol (TFTP) is a UDP-based application with very basic features. One

of the reasons that such an application is needed (when the more robust FTP is available) is that

TFTP takes little memory to load and takes little time to program. With the advent of extremely

low-cost memory and processing, such advantages seem trivial. Practically speaking, if you

intend to transfer files frequently from your PC, FTP is probably what you will use. However,

to transfer files into and out of IOS-based routers and switches, Cisco supports TFTP, not FTP.

TFTP uses UDP, so there is no connection establishment and no error recovery by the transport

layer. However, TFTP uses application layer recovery by embedding a small header between

the UDP header and the data. This header includes codes—for instance, read, write, and

acknowledgment—along with a numbering scheme that numbers 512-byte blocks of data.

These block numbers are used to acknowledge receipt and resend the data. TFTP sends one

block and waits on an acknowledgment before sending another block—essentially, the

equivalent of a window size of 1.

Table 5-7 summarizes some features of TFTP and FTP.

Uses TCP Uses UDP

Uses robust control commands Uses simple control commands

Sends data over a separate TCP connection from

control commands

Uses no connections, due to UDP

Requires more memory and programming effort Requires less memory and programming effort

Is not supported as an application in IOS Is supported as an application in IOS

Probably no one reading this would be shocked to hear that IP addressing is one of the most

important topics on the CCNA exam. A comfortable, confident understanding of IP addressing

and subnetting is required for success on any Cisco certification. For CCNA, questions directly

ask for your interpretation of an address, its network number, its subnet number, the other IP

addresses in the same subnet, the broadcast address, and the other subnets that could be used if

the same mask were in use. In other words, you had better know subnetting!

This section of the book provides two key functions. First, you will find an extensive review of

IP addressing and subnetting. Second, this section takes a structured look at how to answer

CCNA IP addressing questions. No other topic will be covered as extensively as IP addressing

and subnetting on the exam. This section helps you prepare for answering those questions

confidently and quickly.

IP addressing. This terminology can sometimes get in the way of a good understanding of IP

addressing. Table 5-8 lists the IP terms used in the upcoming sections.

IP address 32-bit number, usually written in dotted decimal form, that uniquely

identifies an interface of some computer.

Host address Another term for IP address.

Network The concept of a group of hosts.

Network number A 32-bit number, usually written in dotted decimal form, that represents

a network. This number cannot be assigned as an IP address to an

interface of some computer. The host portion of the network number has

a value of all binary 0s.

Network address Another name for network number.

Broadcast address A 32-bit number, usually written in dotted decimal form, that is used to

address all hosts in the network. The host portion of the broadcast

address has a value of all binary 1s. Broadcast addresses cannot be

assigned as an IP address.

Subnet The concept of a group of hosts, which is a subdivision of a network.

Subnet number A 32-bit number, usually written in dotted decimal form, that represents

all hosts in a subnet. This number cannot be used as an IP address for

some computer’s interface.

Subnet address Another term for subnet number.

Classes of Networks

Class A, B, and C networks provide three network sizes. By definition, all addresses in the same

network have the same numeric value network portion of the addresses. The rest of the address

is called the host portion of the address. Individual addresses in the same network all have a

different value in the host parts of the addresses but have identical values in the network part.

Class A networks have a 1-byte-long network part. That leaves 24 bits for the rest of the address,

Similarly, Class B networks have a 2-byte-long network part, leaving 16 bits for the host portion

Subnetting The process of subdividing networks into smaller subnets. This is

jargon—for example, “Are you subnetting your network?”

Network mask A 32-bit number, usually written in dotted decimal form. The mask is

used by computers to calculate the network number of a given IP

address by performing a Boolean AND of the address and mask. The

mask also defines the number of host bits in an address.

Mask A generic term for a mask, whether it is a default mask or a subnet

mask.

Address mask Another term for a mask.

Default Class A mask The mask used for Class A networks when no subnetting is used. The

value is 255.0.0.0.

Default Class B mask The mask used for Class B networks when no subnetting is used. The

value is 255.255.0.0.

Default Class C mask The mask used for Class C networks when no subnetting is used. The

value is 255.255.255.0.

Subnet mask A non-default mask used when subnetting.

Network part or network

field

Term used to describe the first part of an IP address. The network part is

8, 16, or 24 bits for Class A, B, and C networks, respectively.

Host part or host field Term used to describe the last part of an IP address. The host part is 24,

16, or 8 bits for Class A, B, and C networks, respectively, when

subnetting is not used. When subnetting, the size of the host part

depends on the subnet mask chosen for that network.

Subnet part of subnet field Term used to describe the middle part of an IP address. The subnet part

is variable in size, based on how subnetting is implemented.

networks have a 3-byte-long network part, leaving only 8 bits for the host part, which implies

and C networks.

* There are two reserved host addresses per network.

For example, Figure 5-17 shows a small network with addresses filled in. Network 8.0.0.0 is a

Class A network; Network 130.4.0.0 is a Class B network; Network 199.1.1.0 is a Class C

network.

Network numbers look like addresses (in dotted decimal format), but they are not assignable to

any interface as an IP address. Conceptually, network numbers represent the group of all IP

addresses in the network. Numerically, the network number is built with a nonzero value in the

network part but with all 0s in the host part of the network number. Given the three examples

from Figure 5-17, Table 5-10 provides a closer look at the numerical version of the three

network numbers: 8.0.0.0, 199.1.1.0, and 130.4.0.0.

Many different Class A, B, and C networks exist. If connecting to the Internet without using a

form of Address Translating Gateway (such as the Cisco PIX), then your firm must use

registered, unique network numbers. To that end, the Network Information Center (NIC)

assigns networks so that uniqueness is achieved. Table 5-11 summarizes the possible network

numbers, the total number of each type, and the number of hosts in each Class A, B, and C

network.

* Valid Network Numbers column shows actual network numbers. There are several reserved cases. For example,

network 0.0.0.0 (available for use as a broadcast address) and 127.0.0.0 (available for use as the loopback address)

are reserved. Networks 128.0.0.0, 191.255.0.0, 192.0.0.0, and 223.255.255.0 are also reserved.

Classifying a network as Class A, B, or C should become an instantaneous process before you

take the test. Memorize the ranges in the second column of Table 5-11. Also memorize the

number of octets in the network part of Class A, B, and C addresses, as shown in Table 5-9.

Masks and IP Address Formats

One common task that CCNAs run into is the interpretation of a network or subnet mask. This

mask is used for several purposes. One key purpose is to define the number of host bits in an

address. This mask also is used by computers when calculating the network or subnet number

of which that address is a member.

A 1 to 126 1.0.0.0 to

126.0.0.0

special cases

special cases

B 128 to 191 128.1.0.0 to

191.254.0.0

special cases

special cases

C 192 to 223 192.0.1.0 to

223.255.254.0

special cases

special cases

To fully appreciate what the mask is used for, you must understand the format of an IP address.

Consider Figure 5-18, which shows the format of Class A, B, and C addresses when no

subnetting is used.

Notice that there are only two portions of the address—namely, the network part and the host

part. The only variable is whether the address in question is in a Class A, B, or C network.

The default mask used with each class of network defines the number of host bits. The mask

has binary 0 for each corresponding bit position in the address that is considered to be part of

the host portion of the address. Similarly, it appears that the mask implies the size and position

of the network part of the address; however, the network part is actually already implied by the

class of network. Table 5-12 summarizes the default masks and reflects the sizes of the two parts

of an IP address.

When subnetting, a third part of an IP address appears—namely, the subnet part of the address.

This field is created by “stealing” bits from the host part of the address. Figure 5-19 shows the

format of addresses when subnetting.

Three portions of the address now exist: network, subnet, and host. The network part size is

determined by the class (A, B, or C). The host part is determined by the subnet mask in use—

the number of bits of value 0 in the subnet mask define the number of host bits. The remaining

bits define the size of the subnet part of the address. For instance, a mask of 255.255.255.240,

used with a Class C network, implies four host bits. As shown in Figure 5-19, a Class C network

has 24 network bits. (The mask can be more easily converted to decimal using the table in

Appendix B.) The mask has four binary 0s at the end, implying 4 host bits.

A 8 24 255.0.0.0

B 16 16 255.255.0.0

C 24 8 255.255.255.0

two special reserved cases, is the number of assignable IP addresses in a network or subnet.

Similarly, the number of subnets of a network, assuming that the same mask is used on all

of that network. Two special cases, the “zero subnet” and “broadcast subnet,” were reserved in

years past but are now usable.

Some definitions help summarize the concepts behind the address formats:

their address and have different values in their host parts.

their address, identical values in the subnet part of their address, and different values in

their host parts.

identical values in the network part of their address and have different values in the subnet

part of their address.

assignable IP addresses in the network have the same value in the network part of their

addresses.

addresses.

IP Grouping Concepts and Subnetting

Cisco requires that CCNAs exhibit a thorough understanding of IP subnetting. Almost every

organization with a network uses IP, and almost every one of these organizations uses

subnetting. Subnetting is simply the process of treating subdivisions of a single Class A, B, or

C network as if it were a network itself. By doing so, a single Class A, B, or C network can be

subdivided into many nonoverlapping subnets.

The needs for subnetting are both technical and administrative, as documented in the following

list:

required to use IP networks registered with the NIC.

be separated by an IP router.

separate groups.

then the organization can subdivide those networks into subnets of more usable sizes.

An example drives these points home. Consider all network interfaces in Figure 5-20, and note

which ones are not separated by a router.

In Figure 5-20, six groupings exist, each of which is a Class B network. Four networks are more

obvious, those being the set of all interfaces attached to each of the four LANs. In other words,

the LANs attached to Routers A, B, C, and D are each a separate network. Additionally, the two

serial interfaces composing the point-to-point serial link between Routers C and D are both in

the same network because they are not separated by a router. Finally, the three router interfaces

composing the Frame Relay network with Routers A, B, and C would not be separated by an IP

router and would compose the sixth network.

If building this network today, the NIC would not assign six separate Class B network numbers,

as shown in Figure 5-20. Instead, you might get one or two Class C networks assigned by the

NIC, with the expectation that you would use subnetting.

book to denote subnetting examples for which the math is easy. More advanced subnetting is

covered later in this section.)

In the example in Figure 5-21, Class B network 150.150.0.0 is used (possibly assigned by the

NIC). The IP network designer has chosen a mask of 255.255.255.0, the last octet of which

implies 8 host bits. Because it is a Class B network, there are 16 network bits. Therefore, there

are 8 subnet bits, which happen to be bits 17 through 24—in other words, the third octet. Notice

that each subnet number in the figure shows a different value in the third octet, representing

each different subnet number.

Binary View of Subnetting

The benefit of a binary definition of subnetting is that it is exact. For a full understanding of

subnetting—particularly more advanced subnetting topics—as well as other IP addressing and

routing topics beyond the scope of this book, an exact definition is required. If your job will

include planning subnet number assignment or troubleshooting, this binary understanding will

be useful.

A review of some basic concepts relating to networks without subnetting can be used as a

comparison to networks with subnetting. When not subnetting, the default mask defines the

number of host bits. The mask accomplishes this by simply using binary 0 for each bit position

in the mask that corresponds to the host part of the address in question. For example, the mask

255.255.0.0 (Class B) has a value of all binary 0s in the last 16 bits. This implies 16 host bits at

the end of the address. The following list summarizes basic concepts when not using subnetting:

address.

example, 130.1.1.1 and 130.1.1.2 are in the same network but can be assigned to two

different network interfaces.)

using network 150.150.0.0 again, assume that you want a third field called the subnet field.

Several assertions are true in this case:

24 bits, respectively.

The subnet part of an address identifies the different subdivisions of this network. An address

with a different value in the subnet field, as compared with a second address, is considered to

be in a different subnet. For example, examine the following three IP addresses that are part of

Table 5-13 and are valid addresses in Figure 5-21:

The example shows that the subnet field consists of bits 17 through 24 (the entire third byte).

150.150.2.1 and 150.150.2.2 are in the same subnet because they are in the same Class B

different subnet of the same Class B network because the subnet field has a different value than

the first two addresses (0000 0100). 150.150.4.2 must be physically located with at least one IP

router between itself and 150.150.2.1 and 150.150.2.2.

CCNAs deal with IP addressing concepts from many different perspectives every day. To pass

the CCNA exam, you’ll need to demonstrate the ability to think about IP addressing from each

of the following perspectives:

subnet?

many subnets?

This section provides both a decimal and a binary algorithm for each perspective on IP

addressing. The decimal processes will help you find the answers more quickly; the binary

algorithms will help you more fully understand IP addressing.

Given an IP Address and Mask, What Is the Network/Subnet Number?

Both people and computers need to think about the question, “Which network is a particular

address a member of?” Humans care because it is useful in troubleshooting, planning, and

address assignment; computers need to know because the answer is a vital part of routing.

Decimal Algorithm for Deriving the Network Number, No Subnetting in Use

When no subnetting is in use, the decimal algorithm is as follows:

decimal numbers of the address, based on whether the address is

a Class A, B, or C address, respectively.

value 0.

Table 5-14 shows some examples for deriving the network number (no subnetting in use) based

on the steps in the preceding list.

8.1.4.5 8 8.0.0.0

130.4.100.1 130.4 130.4.0.0

199.1.1.4 199.1.1 199.1.1.0

172.100.2.2 172.100 172.100.0.0

Binary Algorithm for Deriving the Network Number, No Subnetting in Use

When a computer needs to answer this same question, it performs a Boolean math operation

called AND between the address in question and the mask. The result of the AND operation is

that the host bits are masked out—that is, changed to binary 0s. The binary process, with no

subnetting, is as follows:

in binary, beneath the binary IP address from Step 1.

To perform the Boolean AND, each bit is examined in the address and is compared to the

corresponding bit in the mask. The AND operation results in a binary 1 if both the address and

the mask bits are also 1; otherwise, the result is 0. The Boolean AND for the addresses in Table

5-14 is shown in the following IP address table examples.

Consider the second example using address 130.4.100.1, mask 255.255.0.0. The binary mask

shows 16 binary 1s; any other binary value ANDed with binary 1 yields the original binary

value. In other words, any 16-bit number ANDed with 16 binary 1s yields the same number you

started with. So, the result shows 1000 0010 0000 0100 for the first 16 bits, which literally could

Address (Step 1) 8.1.4.5 0000 1000 0000 0001 0000 0100 0000 0101

Result (Steps 3 and 4) 8.0.0.0 0000 1000 0000 0000 0000 0000 0000 0000

Address (Step 1) 130.4.100.1 1000 0010 0000 0100 0110 0100 0000 0001

Result (Steps 3 and 4) 130.4.0.0 1000 0010 0000 0100 0000 0000 0000 0000

Address (Step 1) 199.1.1.4 1100 0111 0000 0001 0000 0001 0000 0100

Result (Steps 3 and 4) 199.1.1.0 1100 0111 0000 0001 0000 0001 0000 0000

Address (Step 1) 172.100.2.2 1010 1100 0110 0100 0000 0010 0000 0010

Result (Steps 3 and 4) 172.100.0.0 1010 1100 0110 0100 0000 0000 0000 0000

be copied from the binary version of the address. The last 16 bits of the mask are all binary 0s;

any value ANDed with a binary 0 yields a 0. So, no matter what value is in the last 16 bits of

the address, once ANDed with the mask, the result will be all binary 0s, as shown in the example

Decimal Algorithm for Deriving the Subnet Number, Basic Subnetting

The decimal algorithm, when basic subnetting is in use, is as follows:

decimal numbers of the address, based on whether the subnet

mask is 255.0.0.0, 255.255.0.0, or 255.255.255.0, respectively.

value 0.

This algorithm is very similar to the algorithm that is used when there is no subnetting. The only

difference is in Step 2. In fact, this later version of the algorithm would work fine when there is

no subnetting in use. Table 5-15 lists several examples.

* The third column of Table 5-15 can be thought of as Step 2 in the decimal algorithm.

** This example shows a Class C address, with default mask. No subnetting is in use in this case.

Binary Algorithm for Deriving the Subnet Number, Basic Subnetting

The binary algorithm to determine the subnet number, when using basic subnetting, is

practically identical to the algorithm used when there is no subnetting. Again, the key is in

knowing what subnet mask is in use. The binary process, with basic subnetting, is as follows:

beneath the binary IP address from Step 1.

8.1.4.5 255.255.0.0 8.1 8.1.0.0

130.4.100.1 255.255.255.0 130.4.100 130.4.100.0

199.1.1.4 255.255.255.0 199.1.1 199.1.1.0**

172.100.2.2 255.255.255.0 172.100.2 172.100.2.0

17.9.44.3 255.255.255.0 17.9.44 17.9.44.0

Repeating the same samples from Table 5-15, using the Boolean AND delivers the following

results:

An example network will be used as a backdrop to discuss this binary view of subnetting.

Figure 5-22 illustrates six different subnets. Table 5-16 provides the list of subnet numbers.

Address (Step 1) 8.1.4.5 0000 1000 0000 0001 0000 0100 0000 0101

Result (Steps 3 and 4) 8.1.0.0 0000 1000 0000 0001 0000 0000 0000 0000

Address (Step 1) 130.4.100.1 1000 0010 0000 0100 0110 0100 0000 0001

Result (Steps 3 and 4) 130.4.100.0 1000 0010 0000 0100 0110 0100 0000 0000

Address (Step 1) 199.1.1.4 1100 0111 0000 0001 0000 0001 0000 0100

Result (Steps 3 and 4) 199.1.1.0 1100 0111 0000 0001 0000 0001 0000 0000

Address (Step 1) 172.100.2.2 1010 1100 0110 0100 0000 0010 0000 0010

Result (Steps 3 and 4) 172.100.2.0 1010 1100 0110 0100 0000 0010 0000 0000

Address (Step 1) 17.9.44.3 0001 0001 0000 1001 0010 1100 0000 0011

Result (Steps 3 and 4) 17.9.44.0 0001 0001 0000 1001 0010 1100 0000 0000

Ethernet off router in Barnaul 255.255.255.0 180.4.1.0

Ethernet off router in Nova 255.255.255.0 180.4.3.0

Token Ring off router in Gorno 255.255.0.0 8.7.0.0

Serial link between Barnaul and

Nova

255.255.255.0 180.4.2.0

Serial link between Barnaul and

Gorno

255.255.255.0 180.4.4.0

Serial link between Nova and

Gorno

255.255.255.0 180.4.6.0

Keep in mind that all the addresses on the same data link must be in the same subnet. For

example, Ivan and Anna must be in the same subnet, so performing either the easy decimal

algorithm or the more involved binary algorithm on either address will yield the same subnet

number, 180.4.3.0. If the answers are unclear, do several of these using the algorithm used by

computers. For example, using Ivan, the results will be as follows:

For additional practice, you may want to go to the scenarios section at the end of the chapter,

specifically to Scenarios 5-2 and 5-3.

Binary Algorithm for Deriving the Subnet Number, Difficult Subnetting

255s and 0s. The decimal algorithm for calculating the subnet, when basic subnetting is in use,

is more challenging. In fact, several math tricks come in handy so that the result can be

calculated without thinking about binary math. However, starting with the binary algorithm is

helpful.

process of examining these addresses (in case you are taking a timed test), memorizing the

decimal and binary numbers in Table 5-17 will be useful.

Address (Step 1) 180.4.3.3 1011 0100 0000 0100 0000 0011 0000 0011

Result (Steps 3 and 4) 180.4.3.0 1011 0100 0000 0100 0000 0011 0000 0000

0 0000 0000

128 1000 0000

192 1100 0000

224 1110 0000

240 1111 0000

248 1111 1000

252 1111 1100

254 1111 1110

255 1111 1111

The binary algorithm to determine the subnet number, when using difficult subnetting, is

identical to the algorithm used when there is no subnetting or basic subnetting. Again, the key

is in knowing what subnet mask is in use. The binary algorithm is as follows:

beneath the binary IP address from Step 1.

The biggest obstacle to understanding this algorithm is failing to realize this one fact: Binarydecimal-

binary conversion is independent of the size of the network, subnet, and host fields.

Conversion always is from one decimal number to eight binary digits, and vice versa.

Typically, an example usually helps. Consider the following binary example:

Ignoring the decimal numbers on the left, a slow examination of the binary address, mask, and

Boolean AND result shows that the conversion to binary and AND are correct as shown. The

typical difficulty is the step of conversion. Many people want to convert the 12-bit host field to

a decimal number and the 4-bit subnet field to a decimal number. Instead, for the last step

(conversion to decimal), convert the first 8-bit set to decimal (0000 1000 converted to decimal

8). Likewise, convert the second 8-bit set (the second byte) to decimal (0000 0001 converted to

decimal 1). Then convert the entire third byte to decimal (0110 0000 converted to decimal 96).

Finally, convert the entire last byte to decimal (0000 0000 converted to decimal 0). The third

byte contains the entire subnet field and part of the host field; the binary-to-decimal conversion

ignores the subnet/host boundaries, always using byte boundaries.

The following examples are shown as additional examples of deriving the subnet number when

a more difficult mask is used:

Address 8.1.100.5 0000 1000 0000 0001 0110 0100 0000 0101

Mask 255.255.240.0 1111 1111 1111 1111 1111 0000 0000 0000

Result 8.1.96.0 0000 1000 0000 0001 0110 0000 0000 0000

Address (Step 1) 130.4.100.129 1000 0010 0000 0100 0110 0100 1000 0001

Mask (Step 2) 255.255.255.128 1111 1111 1111 1111 1111 1111 1000 0000

Result (Steps 3 and 4) 130.4.100.128 1000 0010 0000 0100 0110 0100 1000 0000

Address (Step 1) 199.1.1.4 1100 0111 0000 0001 0000 0001 0000 0100

Mask (Step 2) 255.255.255.224 1111 1111 1111 1111 1111 1111 1110 0000

Result (Steps 3 and 4) 199.1.1.0 1100 0111 0000 0001 0000 0001 0000 0000

Decimal Algorithm for Deriving the Subnet Number, Difficult Subnetting

The decimal algorithm that I like best for difficult subnetting works well. However, this

algorithm is not very helpful for understanding subnetting. So, if you understand subnetting and

are willing to use the more time-consuming binary algorithm on the exam for the difficult cases,

you may want to skip this section to avoid getting confused. The algorithm is as follows:

255 or 0; otherwise, this would not be considered to be a difficult

case. The octet with the non-255, non-0 value is considered to be

the “interesting” octet. The other three are considered “boring.”

Write down the number (1, 2, 3, or 4) of the interesting octet. (For

example, mask 255.255.240.0 has an interesting third octet.)

octets’ values onto your paper, leaving space for the remaining

octets. This will be where you record your subnet number.

value 0 in your subnet number. One of the four octets should still

be empty—the interesting octet.

the number. Write down this interesting multiple of the multiplier

into the interesting octet of the subnet number.

For those of you in doubt, examine the examples that follow. In each case, the steps in the

algorithm are shown. The crux of the algorithm is to search for the integer multiple of the

Address (Step 1) 172.100.201.2 1010 1100 0110 0100 1100 1001 0000 0010

Mask (Step 2) 255.255.254.0 1111 1111 1111 1111 1111 1110 0000 0000

Result (Steps 3 and 4) 172.100.200.0 1010 1100 0110 0100 1100 1000 0000 0000

Address (Step 1) 17.9.44.70 0001 0001 0000 1001 0010 1100 0100 0110

Mask (Step 2) 255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000

Result (Steps 3 and 4) 17.9.44.64 0001 0001 0000 1001 0010 1100 0100 0000

Address (Step 1) 130.4.101.129

Mask (Step 2) 255.255.252.0

Interesting octet (Step 3) 3

Multiplier (Step 4) 256 – 252 = 4

Subnet (boring octets to the left) (Step 5) 130.4.____._____

Subnet (boring octets to the right) (Step 6) 130.4._____.0

Subnet (Step 7) 130.4.100.0

Address (Step 1) 199.1.1.4

Mask (Step 2) 255.255.255.224

Interesting octet (Step 3) 4

Multiplier (Step 4) 256 – 224 = 32

Subnet (boring octets to the left) (Step 5) 199.1.1.____

Subnet (boring octets to the right) (Step 6) 199.1.1._____

Subnet (Step 7) 199.1.1.0

Address (Step 1) 172.100.201.2

Mask (Step 2) 255.255.254.0

Interesting octet (Step 3) 3

Multiplier (Step 4) 256 – 254 = 2

Subnet (boring octets to the left) (Step 5) 172.100.____.____

Subnet (boring octets to the right) (Step 6) 172.100.____.0

Subnet (Step 7) 172.100.200.0

Address (Step 1) 17.9.44.70

Mask (Step 2) 255.255.255.192

Interesting octet (Step 3) 4

Multiplier (Step 4) 256 – 192 = 64

Subnet (boring octets to the left) (Step 5) 17.9.44.____

Subnet (boring octets to the right) (Step 6) 17.9.44.____

Subnet (Step 7) 17.9.44.64

Given an IP Address and Mask, What Is the Network/Subnet Broadcast Address?

CCNAs are expected to be able to derive the valid, assignable addresses in any subnet;

calculation of the broadcast address of the subnet is a vital part of the process. As mentioned

earlier, there are two reserved numbers in each network or subnet. One number is the network

number or subnet number, which is used to represent the entire network or subnet. The other

addresses in the network or subnet. The broadcast address is used when a packet must be sent

to all hosts in a network or subnet. All hosts receiving the packet should notice that the packet

is destined for their own network or subnet broadcast address and then process the packet.

The broadcast address for a network is particularly important when planning an IP addressing

structure for a network. Take a look at the following definition:

The network/subnet number is the lowest value numerically in that network/subnet. The

assignable addresses in that network are the numbers between the network/subnet number

and the broadcast address.

Decimal Algorithm for Deriving the Broadcast Address, No Subnetting or Basic

Subnetting

The algorithms, both binary and decimal, for deriving the broadcast addresses are similar to the

same algorithms for deriving the subnet numbers. The algorithms used for basic subnetting are

used as a basis for the following algorithms for deriving the broadcast addresses. First, the

decimal algorithm is as follows:

decimal numbers of the address, based on whether the subnet

mask is 255.0.0.0, 255.255.0.0, or 255.255.255.0, respectively.

255.

The only difference between this algorithm and the one to derive the subnet number is that Step

3 directs you to plug in 255 instead of 0. Some examples follow in Table 5-18.

8.1.4.5 255.255.0.0 8.1 8.1.255.255

130.4.100.1 255.255.255.0 130.4.100 130.4.100.255

199.1.1.4 255.255.255.0 199.1.1 199.1.1.255*

* This example shows a Class C address, with default mask. The broadcast address in that case is a network

broadcast, not a subnet broadcast address.

Binary Algorithm for Deriving the Broadcast Address

The binary algorithm to determine the broadcast address when using no subnetting or basic

subnetting is a little trickier than the similar algorithm for finding the subnet number. The

algorithm shown here is not really what computers use, but it is more instructive about how

broadcast addresses are structured. It starts by repeating the binary algorithm for computing the

subnet number and then adding two short steps. The algorithm is as follows:

beneath the binary IP address from Step 1.

(This is the subnet number.)

the next line. This is the beginning of the broadcast address.

address.

As usual, a few examples will help:

172.100.2.2 255.255.255.0 172.100.2 172.100.2.255

17.9.44.3 255.255.255.0 17.9.44 17.9.44.255

Address (Step 1) 8.1.4.5 0000 1000 0000 0001 0000 0100 0000 0101

Boolean AND (Step 3) 8.1.0.0 0000 1000 0000 0001 0000 0000 0000 0000

Address (Step 1) 130.4.100.1 1000 0010 0000 0100 0110 0100 0000 0001

Boolean AND (Step 3) 130.4.100.0 1000 0010 0000 0100 0110 0100 0000 0000

Decimal Algorithm for Deriving the Broadcast Address, Difficult Subnetting

The decimal algorithm for deriving the broadcast address when difficult subnetting is used is

shown next. When in doubt, use the binary algorithm. However, the following decimal

algorithm will yield the correct results:

255 or 0; otherwise, this would not be considered to be a

“difficult” case. The octet with the non-255, non-0 value is

considered to be the “interesting” octet. The other three are

considered “boring.” Write down the number (1, 2, 3, or 4) of the

interesting octet. (For example, mask 255.255.240.0 has an

interesting third octet.)

octets from the subnet onto a new line on your paper, leaving

space for the remaining octets. This line will be where you record

the broadcast address.

Address (Step 1) 199.1.1.4 1100 0111 0000 0001 0000 0001 0000 0100

Boolean AND (Step 3) 199.1.1.0 1100 0111 0000 0001 0000 0001 0000 0000

Address (Step 1) 172.100.2.2 1010 1100 0110 0100 0000 0010 0000 0010

Boolean AND (Step 3) 172.100.2.0 1010 1100 0110 0100 0000 0010 0000 0000

Address (Step 1) 17.9.44.3 0001 0001 0000 1001 0010 1100 0000 0011

Boolean AND (Step 3) 17.9.44.0 0001 0001 0000 1001 0010 1100 0000 0000

value of 255 in the broadcast address (the same number as in Step

5.) One of the four octets should still be empty—the interesting

octet.

than the number. Subtract 1 from this multiple. Write down this

value (1 less than the integer multiple of the multiplier) in the

interesting octet of the broadcast address.

For those of you in doubt, examine the examples that follow. In each case, the steps in the

algorithm are shown. The crux of the algorithm is to search for the integer multiple of the

2 130.4.101.129

Mask (Step 2) 255.255.252.0

Interesting octet (Step 3) 3

Multiplier (Step 4) 256 – 252 = 4

Broadcast address (boring octets to the left) (Step 5) 130.4.____._____

Broadcast address (boring octets to the right) (Step 6) 130.4._____.255

Broadcast address (104 is the closest multiple of 4 and is greater than 101;

104 – 1 = 103) (Step 7)

257

Address (Step 1) 199.1.1.5

Mask (Step 2) 255.255.255.224

Interesting octet (Step 3) 4

Multiplier (Step 4) 256 – 224 = 32

Broadcast address (boring octets to the left) (Step 5) 199.1.1.____

Broadcast address (boring octets to the right) (Step 6) 199.1.1._____

Broadcast address (32 is the closest multiple of 32 and is greater than 4;

32 – 1 = 31) (Step 7)

199.1.1.31

Address (Step 1) 172.100.201.2

Mask (Step 2) 255.255.254.0

Interesting octet (Step 3) 3

Multiplier (Step 4) 256 – 254 = 2

Given an IP Address and Mask, What Are the Assignable IP Addresses in That Network/

Subnet?

CCNAs deal with the question, “What IP addresses are in this subnet?” on a regular basis. This

section describes how to answer this question if you know how to derive the subnet and

broadcast addresses. Simply put, the valid IP addresses that are available for assignment in a

subnet are those numerically between the subnet number and the broadcast address.

There is little else to be considered. Certainly, no decimal or binary algorithm needs to be

considered for such a simple concept, right? Table 5-19 shows some familiar IP addresses and

the corresponding IP addresses in the same subnet.

The ranges seem obvious. However, look at the 172.100.200.0 subnet. How many assignable

IP addresses are in that subnet, and what are those addresses? Is 172.100.200.255 valid? What

about 172.100.201.0? In fact, both are valid IP addresses when using 255.255.254.0 as the

Broadcast address (boring octets to the left) (Step 5) 172.100.____.____

Broadcast address (boring octets to the right) (Step 6) 172.100.____.255

Broadcast address (202 is the closest multiple of 2 and is greater than 201;

202 – 1 = 201) (Step 7)

172.100.201.255

Address (Step 1) 17.9.44.70

Mask (Step 2) 255.255.255.192

Interesting octet (Step 3) 4

Multiplier (Step 4) 256 – 192 = 64

Broadcast address (boring octets to the left) (Step 5) 17.9.44.____

Broadcast address (boring octets to the right) (Step 6) 17.9.44.____

Broadcast address (128 is the closest multiple of 64 and is greater than 70;

128 – 1 = 127) (Step 7)

17.9.44.127

130.4.100.0 255.255.252.0 130.4.103.255 130.4.100.1 to 130.4.103.254

199.1.1.0 255.255.255.224 199.1.1.31 199.1.1.1 to 199.1.1.30

172.100.200.0 255.255.254.0 172.100.201.255 172.100.200.1 to

172.100.201.254

17.9.44.64 255.255.255.192 17.9.44.127 17.9.44.65 to 17.9.44.126

mask. The rule is that the subnet numbers (and also the broadcast addresses) are not usable as

an IP address. Otherwise, the addresses are assignable to an interface.

Given a Network Number and a Static Subnet Mask, What Are the Valid Subnet Numbers?

One of the reasons you find so many different slants on IP addressing in this chapter is that the

CCNA exam questions you about IP in many different ways. The question in the heading of this

section is unlikely to be the exact question, however. You should expect to see something like,

“Which of the following are valid subnets of network X, using mask Y?,” followed by the

suggested answers. If you can figure out all the subnets of that network, you should be able to

answer the multiple-choice exam question easily.

A few additional facts will help you in thinking about the possible subnet numbers:

network part of the subnet numbers.

subnet part of the subnet numbers.

In other words, the only thing that is different about two different subnets of the same network

is the subnet part of the subnet number. The network and host parts are identical. An example

helps in this case. Examine Figure 5-23, which shows a familiar network with six subnets.

Figure 5-23 shows six subnets of network 150.150.0.0. Subnet mask 255.255.255.0 is used,

implying two network octets, one subnet octet, and one host octet. The subnets already used in

this example are as follows:

As long as you can find another value not already used in the third byte, you can find another

subnet number. In fact, simply counting sequentially, subnet numbers continue—150.150.7.0,

150.150.8.0, and so on, up through 150.150.254.0. That gives a total of 254 subnets, assuming

that the zero and broadcast subnets are not used.

Decimal Algorithm for Deriving the Valid Subnets with Basic Subnetting

Time counts when taking the CCNA exam, so it’s a good idea to take advantage of the easier

decimal algorithms to derive facts about subnetting. The algorithm for deriving the subnet

numbers of a network, given a static, basic mask, is extremely intuitive. Two cases for the

decimal algorithm will be examined here: a Class A network subnetted using mask 255.255.0.0,

and a Class B network subnetted using mask 255.255.255.0:

octet.

case of Class B) of 0 after the one-octet space left in Step 2,

leaving a number with three octets written and an open space in

the subnet part of the number.

Continue repeating these steps until you reach 254.

A similar algorithm is used when a Class A network is subnetted, using mask 255.255.255.0,

although that is not shown here.

The number of valid subnets is an important concept when deriving the actual subnet numbers.

How many should you expect to find? The formula is very straightforward, with a few twists on

the real answer. First, the formula:

The previous example in Figure 5-23 provides a good context in which to consider the

formula. A Class B network 150.150.0.0 is used, so there are 16 network bits. The mask is

From the previous example, 150.150.0.0 is the first subnet, and 150.150.255.0 was the last,

which is consistent with the formula.

Two previously reserved cases, 150.150.0.0 and 150.150.255.0, were not used in the example.

configuration.

subnet. There are still two reserved addresses in each subnet that cannot be assigned to any

interface as an IP address. Those two numbers are the numbers used for the subnet number itself

and the broadcast address for the subnet.

Binary Algorithm for Deriving the Valid Subnets with Basic and Difficult

Subnetting

This section details a binary algorithm you can use to derive the subnet numbers. With basic

subnetting, you probably would not want to go through this much trouble. However, with

difficult subnetting, the binary algorithm will be useful, at least until you become comfortable

with the decimal algorithm. The following binary algorithm is valid for basic subnetting as well.

other. Also leave space between each nibble and byte on each line

for better readability.

in binary, on each line.

result in a long list of binary numbers, with the subnet bits

unrecorded at this point.

number in the list. This is the first subnet number, in binary. This

result in the subnet field of the next line.

subnet number, which is also the broadcast subnet.

time. IGNORE THE BOUNDARIES BETWEEN THE SUBNET

AND HOST FIELDS—do the conversion 8 bits at a time.

As usual, an example is better than a generic algorithm. First, a repeat of the 150.150.0.0,

255.255.255.0 example will be shown. Then network 150.150.0.0, with a different mask

of 255.255.248.0, will be shown. Table 5-20 shows the first several iterations of 150.150.0.0,

mask 255.255.255.0, but with a few of the intermediate subnet numbers not shown.

Step 2 (only one line shown) 1001 0110 1001 0110

Step 3 (only one line shown) 1001 0110 1001 0110 0000 0000

As Table 5-20 shows, the same 256 subnet numbers are derived with the binary algorithm as

with the decimal algorithm. The second example shows one not-so-obvious (at least in decimal)

case with difficult subnetting (Table 5-21).

subnets. Examining the third octet of the decimal subnet numbers, with a little imagination, the

150.150.0.0, and 150.150.248.0 is the broadcast subnet.

Decimal Algorithm for Deriving the Valid Subnets with Basic and Difficult

Subnetting

CCNAs will need to derive the valid subnets of a network on a regular basis, so a decimal

algorithm to derive the valid subnets—even when difficult subnetting is used—proves

invaluable. With some practice, you can use the following algorithm without pen and paper or

a calculator. This algorithm works only if the subnet field is less than 8 bits. If the subnet field

is larger, you can use a similar algorithm (which is not shown) once you understand this specific

algorithm. The algorithm is as follows:

byte. (Having all subnet bits in 1 byte is an assumption used for

this algorithm.) This is the “interesting” byte. Write down which

byte is the interesting byte. The other 3 octets/bytes are considered

“boring.”

Step 2 (only one line shown) 1001 0110 1001 0110

Step 3 (only one line shown) 1001 0110 1001 0110 000 0000 0000

copies of the decimal network number. However, leave the

interesting octet blank. This will become the list of subnet

numbers.

decimal 0. This is the first (zero) subnet.

to the previous entry’s interesting octet value, and record that

value in the interesting octet.

completed the list of subnet numbers.

Two examples of the nonbinary algorithm will be shown. First, Table 5-22 shows the familiar

150.150.0.0, mask 255.255.248.0

Step 1 Interesting byte is 3

Step 3 150.150.____.0

150.150.____.0

150.150.____.0

150.150.____.0

150.150.____.0 and so forth

Step 6 150.150.256.0 (This one is invalid)

For one other example, Table 5-23 shows network 128.1.0.0, with mask 255.255.252.0.

Given a Network Number and a Static Subnet Mask, How Many Hosts per Subnet, and

How Many Subnets?

Finally, one more way the exam is likely to test your knowledge of IP addressing and subnetting

is to ask which subnet masks will meet a set of requirements. This last type of question would

be phrased as something like, “If you need at least 30 hosts in each subnet and only 4 subnets,

and if you are using network 192.1.1.0, which of the following masks meet your requirements?”

To answer these types of questions confidently, you must have a good understanding of the three

parts of an IP address. Figure 5-19 earlier in the chapter shows the network, subnet, and host

parts of an address. These fields and their sizes are important because they identify the number

of subnets possible and the number of hosts per subnet.

The number of hosts per subnet is defined by this formula:

The number of host bits in an address is equal to the number of binary 0s in the subnet mask.

Step 1 Interesting byte is 3

Step 3 128.1.____.0

128.1.____.0

128.1.____.0

128.1.____.0

128.1.____.0 and so forth

Step 6 128.1.256.0 (This one is invalid)

The number of subnets per network is defined by this formula:

The number of subnet bits is based on the mask and class of address. The number of subnet bits

is:

32 – (number of network bits) – (number of host bits)

two reserved cases. These two cases are no longer reserved, however, and can be used.

An algorithm may help, along with some samples.

C rules.

of binary 0s in the mask.

subnet bits should total 32.

per subnet.

this network.

Table 5-24 lists several examples. If the choices for the number of host and subnet bits is

confusing, convert the mask to binary and mark off the network bits based on class rules. Then

mark off the 0s at the end of the mask. The bits in between are the subnet bits.

10.0.0.0, 255.255.240.0 8 12 12 4094 4096

150.150.0.0,

255.255.248.0

16 11 5 2046 32

When connecting to the Internet, using a registered network number or several registered

network numbers is a very straightforward and obvious convention. With registered network

numbers, no other organization connected to the Internet will have conflicting IP addresses. In

fact, this convention is part of the reason the global Internet functions well.

In the early and mid-1990s, concern arose that the available networks would be completely

assigned so that some organizations would not be capable of connecting to the Internet. This

one fact was the most compelling reason for the advent of IP Version 6 (IPv6). (The version

discussed in this book is Version 4. Version 5 was defined for experimental reasons and was

never deployed.) Version 6 calls for a much larger address structure so that the convention of all

organizations using unique groupings (networks) of IP addresses would still be reasonable—

the numbers of IPv6-style networks would reach into the trillions and beyond. That solution is

still technically viable and possibly one day will be used because IPv6 is still evolving in the

marketplace.

Three other functions of IP have been used to reduce the need for IP Version 4 (IPv4) registered

network numbers. Network Address Translation (NAT), often used in conjunction with Private

Addressing, allows organizations to use unregistered IP network numbers and still communicate

well with the Internet. Classless interdomain routing (CIDR) is a feature used by Internet

service providers (ISPs) to reduce the waste of IP addresses in networks so that more

organizations can be serviced by a single registered network number.

CIDR

CIDR is a convention, defined in RFC 1817 (www.ietf.org/rfc/rfc1817.txt), that calls for

aggregating multiple network numbers into a single routing entity. CIDR was actually created

to help the scalability of Internet routers—imagine a router in the Internet with a route to every

Class A, B, and C network on the planet! By aggregating the routes, fewer routes would need

to exist in the routing table. For instance, consider Figure 5-24. Class C networks 198.0.0.0

through 198.255.255.0 (they may look funny, but they are valid Class C network numbers) are

registered networks for an ISP. All other ISPs’ routing tables would have a separate route to

192.1.1.0,

255.255.225.224

24 5 3 30 8

128.1.0.0,

255.255.255.252

16 2 14 2 16384

routers will have a single route to 198.0.0.0/8—in other words, a route to all hosts whose IP

address begins with 198. More than 2 million Class C networks alone exist, but CIDR has

helped Internet routers reduce their routing tables to a more manageable size, in the range of

70,000 routes at the end of 1999.

By using a routing protocol that exchanges the mask as well as the subnet/network number, a

“classless” view of the number can be attained. In other words, treat the grouping as a math

problem, ignoring the bourgeois Class A, B, and C rules. For instance, 198.0.0.0/8 (198.0.0.0,

mask 255.0.0.0) defines a set of addresses whose first 8 bits are equal. This route is advertised

by ISP #1 to the other ISPs, who need a route only to 198.0.0.0/8. In its routers, ISP #1 knows

which Class C networks are at which customer sites. This is how CIDR gives Internet routers a

much more scalable routing table, by reducing the number of entries in the tables.

Historically speaking, ISPs then found ways to use CIDR to allow better use of the IP Version

4 address space. Imagine that Customer #1 and Customer #3 need 10 and 20 IP addresses—

ever. Each customer has only a router and a single Ethernet. Each customer could register its

own Class C network, but if both did so, it would not be in the range already registered to the

ISP.

So, to help CIDR work in the Internet, ISP #1 wants its customers to use IP addresses in the

subnet 198.8.3.16/28, with assignable addresses 198.8.17 to 198.8.30. To Customer #3, who

needs 20 addresses, ISP #1 suggests 198.8.3.32/27, with 30 assignable addresses (198.8.3.33 to

198.8.3.62). (Feel free to check the math with the IP addressing algorithms listed earlier.)

case, the mask implied with prefix /27 would be 255.255.255.224.)

The need for registered IP network numbers is reduced through CIDR. Instead of the two

customers consuming two whole Class C networks, each consumes a small portion of a single

network. The ISP gets customers to use its IP addresses in a convenient range of values, so

CIDR works well and enables the Internet to grow.

Private Addressing

A legitimate need exists for IP addresses that will never be used in the interconnected IP

networks called the Internet. So, when designing the IP addressing convention for such a

network, an organization could pick any network number(s) it wanted and use it, and all would

be well. Of course, that’s true until the organization decides to connect to the Internet—but that

will be covered later.

When IP addresses that aren’t connected to the Internet are needed, they can also be pulled from

a set of IP networks called private Internets, as defined in RFC 1918, “Address Allocation for

Private Internets” (www.ietf.org/rfc/rfc1918.txt). This RFC defines a set of networks that will

never be assigned to any organization as a registered network number. Table 5-25 shows the

private address space defined by RFC 1918.

In other words, any organization can use these network numbers. However, no organization is

allowed to advertise these networks as routes into the Internet.

The IP Version 4 address space is conserved if all organizations use private addresses in cases

for which there will never be a need for Internet connectivity. So, the dreaded day of exhausting

the registered IP Version 4 network numbers has been delayed again, in part by CIDR and in

part by private addressing.

10.0.0.0 to 10.255.255.255 A 1

172.16.0.0 to 172.31.255.255 B 16

192.168.0.0 to 192.168.255.255 C 256

Private addressing’s requirement that the privately addressed hosts cannot communicate with

others through the Internet can be a particularly onerous restriction. The solution: private

addressing with the use of Network Address Translation (NAT).

Network Address Translation

Network Address Translation (NAT) is an RFC-defined function implemented in IOS that

allows a host that does not have a valid registered IP address to communicate with other hosts

through the Internet. The hosts may be using private addresses or addresses assigned to another

organization; in either case, NAT allows these addresses that are not Internet-ready to continue

to be used but still allow communication with hosts across the Internet.

NAT achieves its goal by using a valid address in some registered IP network to represent the

invalid address to the rest of the Internet. The NAT function changes the IP addresses as

necessary inside each IP packet, as shown in Figure 5-25.

Notice that the packet’s source IP address is changed when leaving the private organization, and

the destination address is changed each time a packet is forwarded back into the private

network. Network 200.1.1.0 has been registered as a network owned by Cisco in Figure 5-25,

with address 200.1.1.1 configured as part of the NAT configuration. The NAT feature,

configured in the router labeled NAT, performs the translation. As you might expect, NAT

certainly requires more processing than simply routing the packet. Cisco does not recommend

using NAT for a large volume of different hosts.

NAT also can be used when the private organization is not using private addressing but is

instead using a network number registered to another company. (A client company of mine had

originally done just that—ironically, the company was using a network number registered to

Cabletron, which my client saw used in a presentation by an ex-Cabletron employee who then

worked at 3COM. The 3COM SE explained IP addressing using the Cabletron registered

network number; my client liked the design and took him at his word—exactly.) If one company

inappropriately uses the same network number that is registered appropriately to a different

company, NAT can be used, but both the source and the destination IP addresses will need to be

translated. For instance, consider Figure 5-26, with Company A using a network that is

registered to Cisco (170.1.0.0):

In this case, the client in Company A couldn’t send a packet to 170.1.1.1—or, at least, if it did,

the packet would never get to the real 170.1.1.1 in Cisco’s network. That is because there is a

very reasonable possibility that the private network has a route matching 170.1.1.1 in its routing

table that points to some subnet inside the private company. So, when the DNS reply comes

back past the NAT router, the DNS reply is changed by NAT so that the client in Company A

thinks www.cisco.com’s IP address is 192.168.1.1. NAT not only translates the source IP

address in outgoing packets, but it also translates the destination. Likewise, packets returning

to Company A have both the source and the destination IP addresses changed.

NAT uses terminology to define the various IP addresses used for translation. Table 5-26

summarizes the terminology and meaning.

Inside local Address of the host in the private network. When NAT is

needed, this address is typically a private address or an

address in a network registered to another organization.

170.1.1.10

Inside global The Internet (global network) view of the inside local

address. This address is in a network registered to the

company responsible for the NAT router.

200.1.1.1

Outside global The Internet (global network) view of the address of the

host correctly attached to the Internet.

170.1.1.1

Configuration of TCP/IP in a Cisco router is straightforward. Table 5-27 and Table 5-28

summarize many of the most common commands used for IP configuration and verification.

Two sample network configurations, with both configuration and EXEC command output,

follow. The Cisco IOS documentation is an excellent reference for additional IP commands; the

are not able to attend the instructor-led version of the class.

Outside local When the private company reuses a network number

registered to someone else, the outside local address

represents the outside global address in the local (private)

network. Because this address is used only in the private

organization, it can be any IP address.

192.168.1.1

Global

Global

Global

Interface mode

Global

Collectively, Figure 5-27 and Example 5-2, Example 5-3, and Example 5-4 show three sites,

each with two serial links and one Ethernet. The following site guidelines were used when

choosing configuration details:

attached subnets; use a mask of 255.255.255.0.

addresses

per interface

addresses

is entered

commands

connectivity

values, to verify the current route to a host

Building configuration...

Current configuration:

!

version 11.2

hostname Albuquerque

!

enable secret 5 $1$skrN$z4oq6OHfB6zu1WG4P/6ZY0

!

ip name-server 10.1.1.100

ip name-server 10.1.2.100

!

interface Serial0

ip address 10.1.128.251 255.255.255.0

!

interface Serial1

ip address 10.1.130.251 255.255.255.0

!

interface Ethernet0

ip address 10.1.1.251 255.255.255.0

!

no ip classless

banner motd ^C

Should’ve taken a left turn here! This is Albuquerque... ^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.1.0 is directly connected, Ethernet0

C 10.1.130.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0 255.255.255.0 is subnetted, 3 subnets

C 10.1.1.0 is directly connected, Ethernet0

C 10.1.130.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Albuquerque#

Building configuration...

Current configuration:

!

version 11.2

hostname Yosemite

!

enable secret 5 $1$.Iud$7uHqWzDYgvJN09V7HSkLZ/

!

ip name-server 10.1.1.100

ip name-server 10.1.2.100

!

interface Serial0

ip address 10.1.128.252 255.255.255.0

no fair-queue

!

interface Serial1

ip address 10.1.129.252 255.255.255.0

!

interface Ethernet0

ip address 10.1.2.252 255.255.255.0

!

no ip classless

banner motd ^C

This is the Rootin-est Tootin-est Router in these here parts! ^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

Interface IP-Address OK? Method Status Protocol

Serial0 10.1.128.252 YES manual up up

Serial1 10.1.129.252 YES manual up up

Ethernet0 10.1.2.252 YES manual up up

Yosemite#

Building configuration...

Current configuration:

!

version 11.2

!

hostname Seville

!

enable secret 5 $1$ZvR/$Gpk5a5K5vTVpotd3KUygA1

!

ip name-server 10.1.1.100

ip name-server 10.1.2.100

!

interface Serial0

ip address 10.1.130.253 255.255.255.0

no fair-queue

!

interface Serial1

ip address 10.1.129.253 255.255.255.0

!

Ethernet0

ip address 10.1.3.253 255.255.255.0

!

no ip classless

banner motd ^C

Take a little off the top, Wabbit! (Elmer) ^C

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.3.0 is directly connected, Ethernet0

C 10.1.130.0 is directly connected, Serial0

C 10.1.129.0 is directly connected, Serial1

Serial1 is up, line protocol is up

Internet address is 10.1.129.253/24

Broadcast address is 255.255.255.255

Address determined by nonvolatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP fast switching on the same interface is enabled

IP Fast switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Probe proxy name replies are disabled

Policy routing is disabled

Network address translation is disabled

Web Cache Redirect is disabled

BGP Policy Mapping is disabled

Serial0 is up, line protocol is up

Hardware is HD64570

Internet address is 10.1.130.253/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Last input 00:00:05, output 00:00:04, output hang never

Last clearing of “show interface” counters never

Queuing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

273 packets input, 18621 bytes, 0 no buffer

Received 215 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

309 packets output, 20175 bytes, 0 underruns

0 output errors, 0 collisions, 23 interface resets

one common oversight is that you are looking at the configuration in NVRAM, not in RAM.

configuration.

subnet bits. For example, 10.1.4.0/24 means 24 network and subnet bits, leaving 8 host bits with

formatting, as seen in Example 5-2.

the IP address and MAC address of another host on the Ethernet. The timer value of 0 implies

that the entry is very fresh—the value grows with disuse. One entry is shown for the router’s

Ethernet interface itself, which never times out of the ARP table.

command is a very dangerous command—it could crash almost any production router due to

the added overhead of processing the debug messages. Notice that the output shows both the

source and destination IP addresses.

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.1.3.102 0 0060.978b.1301 ARPA Ethernet0

Internet 10.1.3.253 - 0000.0c3e.5183 ARPA Ethernet0

IP packet debugging is on

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.130.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/81/84 ms

Seville#

00:09:38: IP: s=10.1.130.251 (local), d=10.1.130.251 (Serial1), len 100, sending

00:09:38: IP: s=10.1.130.251 (Serial1), d=10.1.130.253 (Serial1), len 100, rcvd 3

00:09:38: IP: s=10.1.130.253 (local), d=10.1.130.251 (Serial1), len 100, sending

00:09:38: IP: s=10.1.130.251 (Serial1), d=10.1.130.253 (Serial1), len 100, rcvd 3

00:09:38: IP: s=10.1.130.253 (local), d=10.1.130.251 (Serial1), len 100, sending

00:09:38: IP: s=10.1.130.251 (Serial1), d=10.1.130.253 (Serial1), len 100, rcvd 3

00:09:38: IP: s=10.1.130.253 (local), d=10.1.130.251 (Serial1), len 100, sending

00:09:38: IP: s=10.1.130.251 (Serial1), d=10.1.130.253 (Serial1), len 100, rcvd 3

00:09:38: IP: s=10.1.130.253 (local), d=10.1.130.251 (Serial1), len 100, sending

00:09:38: IP: s=10.1.130.251 (Serial1), d=10.1.130.253 (Serial1), len 100, rcvd 3

Seville#

The routing table in Example 5-4 does not list all subnets because the routing protocol

the new configuration was added.

ip route 10.1.2.0 255.255.255.0 10.1.128.252

ip route 10.1.3.0 255.255.255.0 10.1.130.253

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 5 subnets

S 10.1.3.0 [1/0] via 10.1.130.253

S 10.1.2.0 [1/0] via 10.1.128.252

C 10.1.1.0 is directly connected, Ethernet0

C 10.1.130.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.128.252, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

! Note: the following extended ping command will result in some debug messages

! on Yosemite in Example 5-7.

Protocol [ip]:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.2.252, timeout is 2 seconds:

. . . . .

Success rate is 0 percent (0/5)

Albuquerque#

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.2.0 is directly connected, Ethernet0

C 10.1.129.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.128.251, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.251, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ICMP packet debugging is on

Yosemite#

Generic IP:

ICMP packet debugging is on

Yosemite#

!command issued on Albuquerque in Example 5-6;

!these messages are generated by Yosemite!

ICMP: echo reply sent, src 10.1.2.252, dst 10.1.1.251

ICMP: echo reply sent, src 10.1.2.252, dst 10.1.1.251

ICMP: echo reply sent, src 10.1.2.252, dst 10.1.1.251

ICMP: echo reply sent, src 10.1.2.252, dst 10.1.1.251

ICMP: echo reply sent, src 10.1.2.252, dst 10.1.1.251

Examples 5-6 and 5-7:

Echo Request to which it is responding.

Request from 10.1.1.251 (Albuquerque’s Ethernet) to 10.1.2.252 (Yosemite’s Ethernet); no

response was received by Albuquerque. Normally, the echoes are sourced from the IP address

IP address of the echo packet can be changed. It appears that the ICMP Echo Requests were

received by Yosemite because the debug messages on Yosemite imply that it sent ICMP Echo

Replies back to 10.1.1.251. Somewhere between Yosemite creating the ICMP echo replies and

Albuquerque receiving them, a problem occurred.

An examination of the steps after the echo replies were created by Yosemite is needed to

understand the problem in this example. ICMP asks the IP software in Yosemite to deliver the

packets. The IP code performs IP routing table lookup to find the correct route for these packets,

shows that Yosemite has no route to subnet 10.1.1.0. It seems that Yosemite created the Echo

Reply messages but failed to send them because it has no route to 10.1.1.0/24. This is just one

example in which the route in one direction is working fine, but the route in the reverse direction

is not.

along with the amount of data to send in the echo, so that the MTU for the entire route can be

discovered through experimentation. Echo packets that are too large to pass over a link due to

MTU restrictions will be discarded because the DF bit is set. The timeout value can be set so

will receive a reply. Furthermore, not only can a single size for the ICMP Echo be set, but a

range of sizes can be used to give a more realistic set of packets.

command uses to signify the various responses it can receive. Table 5-29 lists the various codes

As a CCNA, Cisco expects you to be comfortable and familiar with IP address planning issues.

One such issue involves what to do when there are no more unassigned IP addresses in a subnet.

One alternative solution is to change the mask used on that subnet, making the existing subnet

larger. However, changing the mask could cause an overlap. For example, if 10.1.4.0/24 is

running out of addresses and you make a change to mask 255.255.254.0 (9 host bits, 23

network/subnet bits), an overlap can occur. 10.1.4.0/23 includes addresses 10.1.4.0 to

10.1.5.255; this is indeed an overlap with subnet 10.1.5.0/24. If subnet 10.1.5.0/24 already

exists, using 10.1.4.0/23 would not work. Another alternative for continued growth is to place

all the existing addresses in the mostly full subnet in another larger subnet. There must be a

valid subnet number that is unassigned, that does not create an overlap, and that is larger than

the old subnet. However, this solution causes administrative effort to change the IP addresses.

In either case, both solutions that do not use secondary addressing imply a strategy of using

different masks in different parts of the network. Use of these different masks is called variablelength

subnet masking (VLSM), which brings up another set of complex routing protocol

issues.

This same issue can be solved by the use of IP secondary addressing. Secondary addressing

uses multiple subnets on the same data link. Secondary IP addressing is simple in concept.

Because more than one subnet is used on the same medium, the router needs to have more than

one IP address on the interface attached to that medium. For example, Figure 5-27 has subnet

10.1.2.0/24; assume that the subnet has all IP addresses assigned. Assuming secondary

addressing to be the chosen solution, subnet 10.1.7.0/24 could also be used on the same

Ethernet. Example 5-8 shows the configuration for secondary IP addressing on Yosemite.

! ICMP Echo Reply received

. Nothing received

U ICMP unreachable (destination) received

N ICMP unreachable (network) received

P ICMP unreachable (port) received

Q ICMP source quench received

M ICMP can’t fragment message received

? Unknown packet received

The router has routes to subnets 10.1.2.0/24 and 10.1.7.0/24, so it can forward packets to each

subnet. The router also can receive packets from hosts in one subnet and can forward the

packets to the other subnet using the same interface.

Frame Relay configuration can be accomplished with or without the use of subinterfaces. If

subinterfaces are not used, then all router interfaces attached to this same Frame Relay cloud

should be configured with IP addresses in the same subnet. In other words, treat the Frame

Relay cloud as any other multiaccess medium (such as a LAN). However, Frame Relay

configuration without subinterfaces introduces some routing protocol issues when there is not

a full mesh of virtual circuits (VCs) between each pair of routers. Subinterfaces allow distance

vector routing protocols to work well because individual VCs can be considered as separate

interfaces. This allows the routing protocol to maintain its split-horizon feature to defeat routing

loops.

Hostname Yosemite

ip domain-lookup

ip name-server 10.1.1.100 10.1.2.100

interface ethernet 0

ip address 10.1.7.252 255.255.255.0 secondary

ip address 10.1.2.252 255.255.255.0

interface serial 0

ip address 10.1.128.252 255.255.255.0

interface serial 1

ip address 10.1.129.252 255.255.255.0

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets

C 10.1.2.0 is directly connected, Ethernet0

C 10.1.7.0 is directly connected, Ethernet0

C 10.1.129.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Yosemite#

Chapter 8, “WAN Protocols and Design,” covers issues relating to the design choices of when

to use subinterfaces and what type to use. This current section discusses how to assign IP

addresses after those choices are made.

The use of subinterfaces and the type of subinterface implies the number of subnets used for

Frame Relay. A point-to-point subinterface terminates one VC and has an IP address assigned

to it; the router on the other end of the VC uses an IP address in the same subnet. These two IP

addresses are the only two addresses in the subnet. Each separate instance of a pair of routers

on opposing ends of a VC, each with a point-to-point subinterface configuration, implies the

use of yet another subnet, with only two host addresses in the subnet.

The use of no subinterfaces and the use of multipoint subinterfaces are identical from the

perspective of how to assign IP addresses. Multipoint subinterfaces are used when multiple VCs

terminate at the subinterface; this subinterface, along with all subinterfaces on other routers at

the other end of these VCs, are configured to be in the same subnet. With no subinterfaces used,

all the routers attached to the Frame Relay network are also considered to be in the same subnet.

Most often, point-to-point subinterfaces are used when a partial mesh of VCs is used.

Conversely, multipoint subnets are used when a full mesh is used. However, both types of

subinterface are allowed in the same router. Figure 5-28 shows a Frame Relay configuration

requiring three different subnets over a Frame Relay cloud.

Example 5-9, Example 5-10, and Example 5-11 show the configurations on Routers A, B, and

E, respectively.

For a more complete review of the concepts behind IP addressing over Frame Relay, refer to

Chapter 8.

hostname routerA

interface serial 0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 150.10.1.250 255.255.255.0

frame-relay interface-dlci 40

description this is for the VC to site B

!

interface serial 0.2 point-to-point

ip address 150.10.2.250 255.255.255.0

frame-relay interface-dlci 41

description this is for the VC to site C

!

interface serial 0.3 multipoint

ip address 150.10.3.250 255.255.255.0

interface-dlci 42

interface-dlci 43

description this is for the VC’s to sites D and E

hostname routerB

!

interface serial 0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 150.10.1.251 255.255.255.0

frame-relay interface-dlci 44

description this is for the VC to site A

hostname routerE

!

interface serial 0

encapsulation frame-relay

!

interface serial 0.3 multipoint

ip address 150.10.3.254 255.255.255.0

frame-relay interface-dlci 44

description this is for the VC to site A

The maximum transmission unit (MTU) is a concept that implies the largest Layer 3 packet that

can be forwarded out an interface. The maximum MTU value allowed is based on the data link

protocol; essentially, the maximum size of the data portion of the data link frame (where the

packet is placed) is the maximum setting for the MTU on an interface. The default MTU value

is 1500.

If an interface’s MTU is smaller than a packet that must be forwarded, fragmentation is

performed by the router. Fragmentation is the process of simply breaking the packet into

smaller packets, each of which is less than or equal to the MTU value. For instance, consider

Figure 5-29, with a point-to-point serial link whose MTU has been lowered to 1000.

As Figure 5-29 illustrates, Koufax threw a 1500-byte packet toward Router LA. LA removed

the Ethernet header but could not forward the packet because it was 1500 bytes and the HDLC

link supported only an MTU of 1000. So, LA fragmented the original packet into two packets.

After forwarding the two packets, Boston receives the packets and does not reassemble them—

reassembly is done by the endpoint host, which in this case is Clemens.

The IP header contains fields useful for reassembly to the fragments into the original packet.

The IP header includes an ID value that is the same in each fragmented packet, as well as an

offset value that defines which part of the original packet is held in each fragment. So,

fragmented packets arriving out of order can be identified as part of the same original packet

and can be reassembled into the correct order using the offset field in each fragment.

MTU for all Layer 3 protocols; unless there is a need to vary the setting per Layer 3 protocol,

value used for IP.

A few nuances relate to the two MTU-setting commands. If both are configured on an interface,

Names are never important to the process of routing IP packets. However, most human users

prefer to use names instead of IP addresses, for obvious reasons. So, the process of using

names—and, most frequently, using a Domain Name System (DNS) to identify the IP address

that corresponds to a name—is important for end users.

Router and switch administrators like to use names in many cases, for the same reason that end

users like to use names. When the administrator uses a PC or workstation, that person can open

up a variety of windows and Telnet to various routers and switches. This short section is not

concerned with naming in that case.

When a router or switch administrator is logged in to the router or switch, a variety of

parameter is the IP address or host name of that with which you want to trace, ping, or telnet.

This section describes the use of host names on an IOS-based device. Along the way, some

nuances of the use of Telnet are covered.

The IOS can use statically configured names as well as refer to one or more DNSs. Example

5-12 shows some names statically configured, with configuration pointing to two different

DNSs.

hostname Cooperstown

!

ip host Mays 10.1.1.1

ip host Aaron 10.2.2.2

ip host Mantle 10.3.3.3

!

ip domain-name lacidar.com

ip name-server 10.1.1.200 10.2.2.200

ip domain-lookup

Default domain is lacidar.com

Name/address lookup uses static mappings

Host Flags Age Type Address(es)

Mays (perm, OK) 0 IP 10.1.1.1

Aaron (perm, OK) 0 IP 10.2.2.2

Mantle (perm, OK) 0 IP 10.3.3.3

Seville#

Three names are statically configured in this case—Mays, Aaron, and Mantle. When logged

into Cooperstown, any command referring to Mays, Aaron, or Mantle will resolve into the IP

DNS configuration is shown toward the end of the configuration. For names that do not include

command. Up to six DNSs can be listed; they are searched for each request sequentially based

function.

tells this device what its own name is; any command referring to a host name and with

resolution for Cooperstown for the command to work.

implies that the entry is static.

Telnet on the IOS

router or switch at the same time. If you prefer, you could open more windows on your desktop

and Telnet to the various routers and switches. However, if you log in to one router and then

want to Telnet to others, this subsection provides you with some interesting capabilities of the

IOS Telnet client and server.

Each IOS runs a Telnet server automatically. Just like other Telnet servers, it listens on port 23.

devices, not just another router or switch. So, many of the same assumptions you make about

Telnet are true for the IOS-based Telnet client and server.

The convenient use of the suspend function of the Telnet client is one of the best features of the

Telnet client. For this discussion, you will need to refer to the network diagram in Figure 5-30.

In the figure, the router administrator is using Bench to Telnet into the Cincy router. Once in

Cincy, the user Telnets to Milwaukee. Once in Milwaukee, the user suspends the Telnet by

pressing Ctrl+Shift+6, followed by pressing the letter x. The user then Telnets to NewYork and

again suspends the connection. Example 5-13 shows an example output:

Trying Milwaukee (10.1.4.252)... Open

User Access Verification

Password:

Milwaukee>

Milwaukee>

Milwaukee>

(Note: User pressed CTL-SHIFT-6, then x)

Trying NewYork (10.1.6.253)... Open

User Access Verification

Example 5-13 begins with the Cincy command prompt that would be seen in Bench’s Telnet

window because the user at Bench Telnetted into Cincy first. After Telnetting to Milwaukee, the

Telnet connection was suspended. Then, after Telnetting to NewYork, that connection was

same output.)

Password:

NewYork>

NewYork>

NewYork>

NewYork>

(Note: User pressed CTL-SHIFT-6, then x)

Conn Host Address Byte Idle Conn Name

1 milwaukee 10.1.4.252 0 0 milwaukee

* 2 NewYork 10.1.6.253 0 0 NewYork

Conn Host Address Byte Idle Conn Name

1 milwaukee 10.1.4.252 0 0 milwaukee

* 2 NewYork 10.1.6.253 0 0 NewYork

[Resuming connection 1 to milwaukee ... ]

Milwaukee>

Milwaukee>

Milwaukee>

(Note: User pressed CTL-SHIFT-6, then x)

Cincy#

[Resuming connection 1 to milwaukee ... ]

(Note: User, when at Cincy, just pressed return)

Milwaukee>

Milwaukee>

Milwaukee>

(Note: User pressed CTL-SHIFT-6, then x)

Closing connection to milwaukee [confirm]

Cincy#

[Resuming connection 2 to NewYork ... ]

(Note: User, when at Cincy, just pressed return)

NewYork>

NewYork>

NewYork>

(Note: User pressed CTL-SHIFT-6, then x)

Closing connection to NewYork [confirm]

Cincy#

The interesting and potentially dangerous nuance here is that if a Telnet session is suspended

occasionally to clear some of the clutter from the screen. With a suspended Telnet connection,

you also just happened to reconnect to another router. This is particularly dangerous when you

are changing the configuration or using potentially damaging EXEC commands—be careful

about what router you are actually using when you type the command.

Default route processing can be useful in several situations. Default route processing is a

general term that refers to the choices that the router can make when no match exists between

the routing table and the destination address of a packet. Without any default routes, a packet

whose destination is not matched in the routing table is discarded.

Figure 5-31 shows a typical case in which some form of default route would be useful. R1, R2,

and R3 are connected to the rest of this network only via R1’s Token Ring interface. If R2 and

R3 could forward packets meant for unknown destinations to R1, and if R1 knew to send them

to router Dist1, then all three routers could deliver packets to the rest of the network without

actually needing to route to all the other networks subnets in their routing tables.

By coding a default route on R1 that points to router Dist1 in Figure 5-31, the default routing

can be accomplished. R1 advertises the default route to R2 and R3. Examples 5-14 and 5-15,

along with Figure 5-31, show an example of a default route on R1.

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is 168.13.1.101 to network 0.0.0.0

168.13.0.0/24 is subnetted, 4 subnets

C 168.13.1.0 is directly connected, TokenRing0

R 168.13.3.0 [120/1] via 168.13.100.3, 00:00:05, Serial0.1

R 168.13.2.0 [120/1] via 168.13.100.2, 00:00:21, Serial0.1

C 168.13.100.0 is directly connected, Serial0.1

S* 0.0.0.0/0 [1/0] via 168.13.1.101

R1#

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is 168.13.100.1 to network 0.0.0.0

168.13.0.0/24 is subnetted, 4 subnets

R 168.13.1.0 [120/1] via 168.13.100.1, 00:00:13, Serial0.1

C 168.13.3.0 is directly connected, Ethernet0

R 168.13.2.0 [120/1] via 168.13.100.2, 00:00:06, Serial0.1

C 168.13.100.0 is directly connected, Serial0.1

R* 0.0.0.0/0 [120/1] via 168.13.100.1, 00:00:14, Serial0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 168.13.200.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R3#

Enter configuration commands, one per line. End with CNTL/Z.

The default route shows up in the routing tables in R1, R2, and R3. The default route is defined

destinations.

mean “best match in the same network as the destination of the packet.” In other words, the

destination (168.13.200.1) is in Class B network 168.13.0.0. Because there is no match between

168.13.200.1 and the known subnets of 168.13.0.0, then the destination is not matched by R3

R1), the routing logic is changed to “best match in the entire routing table.” In other words, the

router ignores class rules when routing. Because the route to 0.0.0.0 is a match for any

pretty desperate feature. There are worse things than having to discard a packet in a router, but

this phrase simply references the current default route. It is possible that several default routes

have been configured and then distributed with a routing protocol; the Gateway of last resort is

the currently used default on a particular router. Be careful—multiple defaults can cause a

routing loop.

command is used most typically when you want to reach other Class A, B, or C networks by

default, but all the subnets of your own network are expected to be in your own routing tables.

For instance, imagine that the cloud next to Dist1 in Figure 5-31 has subnets of network 10.0.0.0

in it, as well as other networks. (Dist1 could be an ISP router.) The network in Figure 5-31 is

and advertises this route as a default route to other routers. Examples 5-16 and 5-17 show

several details on R1 and R3.

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 168.13.200.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/88/112 ms

R3#

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is 168.13.1.101 to network 10.0.0.0

168.13.0.0/24 is subnetted, 5 subnets

R 168.13.200.0 [120/1] via 168.13.1.101, 00:00:12, TokenRing0

C 168.13.1.0 is directly connected, TokenRing0

R 168.13.3.0 [120/1] via 168.13.100.3, 00:00:00, Serial0.1

R 168.13.2.0 [120/1] via 168.13.100.2, 00:00:00, Serial0.1

C 168.13.100.0 is directly connected, Serial0.1

R* 10.0.0.0/8 [120/1] via 168.13.1.101, 00:00:12, TokenRing0

R1#

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is 168.13.100.1 to network 0.0.0.0

168.13.0.0/24 is subnetted, 5 subnets

R 168.13.200.0 [120/2] via 168.13.100.1, 00:00:26, Serial0.1

R 168.13.1.0 [120/1] via 168.13.100.1, 00:00:26, Serial0.1

C 168.13.3.0 is directly connected, Ethernet0

R 168.13.2.0 [120/1] via 168.13.100.2, 00:00:18, Serial0.1

C 168.13.100.0 is directly connected, Serial0.1

R 10.0.0.0/8 [120/2] via 168.13.100.1, 00:00:26, Serial0.1

R* 0.0.0.0/0 [120/2] via 168.13.100.1, 00:00:26, Serial0.1

Type escape sequence to abort.

Tracing the route to 168.13.222.2

1 168.13.100.1 68 msec 56 msec 52 msec

2 168.13.1.101 52 msec 56 msec 52 msec

Type escape sequence to abort.

Tracing the route to 10.1.222.2

Both R1 and R3 have default routes, but they are shown differently in their respective routing

tables. R1 shows a route to network 10.0.0.0 with an *, meaning that it is a candidate to be the

default route. In R3, 0.0.0.0 shows up in the routing table as the candidate default route. The

reason that R3 shows this information differently is that RIP advertises default routes using

network number 0.0.0.0. If IGRP or EIGRP were in use, there would be no route to 0.0.0.0 on

R3, and network 10.0.0.0 would be the candidate default route. That’s because IGRP and

EIGRP would flag 10.0.0.0 as a candidate default route in their routing updates rather than

advertise the special case of 0.0.0.0.

The default route on R3 is used for destinations in network 168.13.0.0, 10.0.0.0, or any other

routers had been present in the network of Figure 5-31, then these routers could have shown up

Cisco requires a thorough knowledge of two protocol stacks for the CCNA exam—TCP/IP and

Novell NetWare. Novell’s NetWare protocol stack defines Internetwork Packet Exchange (IPX)

as a network layer equivalent protocol, as seen in Figure 5-32. IPX will be the focus of this

initial section.

IPX defines the 80-bit address structure, which uses a 32-bit network part and a 48-bit node

part. As with IP and AppleTalk, all interfaces attached to the same data link use addresses in the

same network. Table 5-30 lists four features of IPX addressing. The features listed in Table

5-30 are the same features used to generically describe a well-designed Layer 3 addressing

scheme in Chapter 3, “OSI Reference Model & Layered Communication.”

1 168.13.100.1 68 msec 56 msec 52 msec

2 168.13.1.101 48 msec 56 msec 52 msec

Type escape sequence to abort.

Tracing the route to 1.1.222.2

1 168.13.100.1 68 msec 56 msec 52 msec

2 168.13.1.101 48 msec 56 msec 52 msec

R3#

IPX routing works just like routing, as described in the section “Routing” in Chapter 3. The

logic from the routing algorithm in Chapter 3 is shown here in Figure 5-33 for reference, with

changes made to reflect IPX terminology.

Size of a group IPX addresses use a 48-bit node part of the address, giving

values), which should be big enough.

Unique addresses IPX calls for the LAN MAC address to be used as the node

part of the IPX address. This allows for easy assignment and

little chance of duplication. Ensuring that no duplicates of

the network numbers are made is the biggest concern

because the network numbers are configured.

Grouping The grouping concept is identical to IP, with all interfaces

attached to the same medium using the same network

number. There is no equivalent of IP subnetting.

Dynamic address assignment Client IPX addresses are dynamically assigned as part of the

protocol specifications. Servers and routers are configured

with the network number(s) on their physical interfaces.

Servers can choose to automatically generate an internal

network number at installation time.

Cisco requires that CCNAs understand encapsulation, particularly with IPX. It is always

Cisco’s desire that the professional certifications prove that the candidate knows how to make

networks that work rather than to certify individuals who are willing to memorize just for the

sake of passing the test. However, IPX encapsulation is one area in which memorization is

important once the base concepts are understood. Table 5-32, later in this section, lists several

terms you should remember.

Encapsulation is best understood in the context of two additional and important concepts

related to routing, as seen using Figure 5-34. NetWare servers use internal network numbers.

Also, clients, servers, and routers all must be configured to use the correct encapsulation.

Routing will also be reviewed using the same figure.

Client 1 has already logged in to Server 1 and is busily sending packets. Because NetWare

servers use an internal network number, the destination of packets from Client 1 to Server 1 is

1000.0000.0000.0001. The source address of these packets is Client 1’s IPX address

(1.0200.1111.1111, in this case). Of course, the routers need network 1000 in their IPX routing

tables. For example, Table 5-31 shows the contents of the IPX routing table of R3:

R3 learned the routes to Network 3 and Network 4 because they are directly attached. The other

four routes were learned via a routing protocol, which can be RIP, EIGRP, or NLSP. (NLSP is

not covered on the CCNA exam.) Server 1 and Server 2 send RIP updates advertising networks

1000 and 1001, respectively. That is one reason why NetWare servers send RIP updates even if

they have only one interface, as is the case with Server 1.

So, servers’ internal network numbers must be in the routing tables of the routers because their

internal addresses are used as the destination address of packets.

Encapsulation is the term used by Cisco to describe the type of data link header built in the

routing algorithm illustrated in Figure 5-33. Encapsulation is also a source of confusion for

many people when considering IPX, particularly when Ethernet is in use. Consider the IPX

packet sent by Client 1 to Server 1 in Figure 5-34. Each successive router discards the data link

header of the incoming frame and builds a new data link header according to the type of

interface. However, Novell supports four different styles of Ethernet header that can be built at

R3. The types of encapsulating Ethernet headers are shown in Figure 5-35 and are listed in

Table 5-32. First, here’s a brief summary of encapsulation:

Data link encapsulation defines the details of data link headers and trailers created by a

router and placed around a packet, before completing the routing process by forwarding

the frame out an interface.

1 s0 3.0200.0000.2222

2 s0 3.0200.0000.2222

3 s0 —

4 E0 —

1000 E0 4.0200.AAAA.AAAA

1001 E0 4.0200.BBBB.BBBB

Ethernet_II ARPA One way to help correlate the two names is to

remember that ARPA was the original agency that

created TCP/IP and that Ethernet_II is the older

version of Ethernet; remember that the “old” names

go together.

Ethernet_802.3 Novell-ether Novell’s name refers to the final header before the

IPX header, in this case. There are no suggestions

on easier ways to recall the IOS name Novell-ether.

This setting is Novell’s default on NetWare 3.11

and prior releases.

Ethernet_802.2 SAP Novell’s name refers to the final header before the

IPX header, in this case. Novell’s name refers to the

committee and complete header that defines the

SAP field; Cisco’s name refers to the SAP part of

the 802.2 header. (The SAP field denotes that an

IPX packet follows the 802.2 header.) This setting

is Novell’s default on NetWare 3.12 and later

releases.

Ethernet_SNAP SNAP Novell’s name refers to the final header before the

IPX header, in this case. Cisco’s name refers to this

same header.

The key for remembering the Novell encapsulation names is that each name refers to the header

that directly precedes the IPX packet. This can help you recall header formats as well.

Remembering the names in the order in this book can also help because the size of the headers

increases with the third and fourth options, as compared with the first two options (see Figure

5-35).

The same encapsulation issue exists on Token Ring and FDDI interfaces. Table 5-33 outlines

the options.

One or more encapsulations are needed per Ethernet interface. If all NetWare clients/servers on

the Ethernet use the same encapsulation, just that single encapsulation is needed. However, if

more than one encapsulation is used, then multiple encapsulations are needed on the router. To

configure multiple encapsulations in the IOS, multiple IPX network numbers must be used on

the same Ethernet, one per encapsulation.

Two methods of configuration can be used to create two IPX networks on the same link. The

first method uses IPX secondary addresses, and the other uses subinterfaces. Both require one

IPX network number per encapsulation type per physical interface. Both methods cause the

same protocol flows to occur. The subinterface style of configuration allows the use of NLSP,

whereas secondary interface configuration does not. (Sample configurations are shown in the

next section of this chapter.)

FDDI_Raw Novell-fddi The IPX packet follows directly after the FDDI

header. No Type field of any kind is used.

FDDI_802.2 SAP The IPX packet follows the 802.2 header. Novell’s

name refers to the committee and complete header

that defines the SAP field; Cisco’s name refers to the

SAP part of the 802.2 header.

FDDI_SNAP SNAP Novell’s name refers to the final header before the

IPX header, in this case. Cisco’s name refers to this

same header.

Token-Ring SAP The IPX packet follows the 802.2 header. Novell’s

name refers to the committee and complete header

that defines the SAP field; Cisco’s name refers to the

SAP part of the 802.2 header.

Token-Ring_SNAP SNAP Novell’s name refers to the final header before the

IPX header. Cisco’s name refers to this same header.

Figure 5-36 illustrates the concept of IPX secondary addressing. Server 1 uses Novell-ether, and

Server 2 uses SAP encapsulation. Network 4 devices use Novell-ether, and Network 5 devices

use SAP.

The router’s choice of encapsulation for forwarding packets is relatively straightforward. If the

route refers to a next router in Network 4, the router uses Novell-ether encapsulation. If the

route refers to a next router in Network 5, the router uses SAP encapsulation. For RIP and

SAP updates, the router sends updates on to both IPX networks, using the two different

encapsulations, respectively. This is also true if the subinterface style of supporting multiple

encapsulations is used instead of secondary addressing.

Troubleshooting can be more challenging because clients or servers using only a single

encapsulation cannot communicate directly if they are using different encapsulations. Also,

clients and servers on the same LAN that happen to use different encapsulations will require

that their packets be routed by the router so that the encapsulation is changed. Therefore, there

are many advantages to not using multiple encapsulations.

Configuration of IPX and IPX RIP on a Cisco router is relatively straightforward. Hands-on

experience is the best way to fully learn the details of configuration. In lieu of that, this section

lists commands, provides examples, and points out any tricky features. Table 5-34 and Table

5-35 summarize the more popular commands used for IPX configuration and verification. Two

configuration samples follow. The Cisco IOS documentation serves as an excellent reference

an excellent reference, particularly if you are not able to attend the instructor-led version of the

class.

The first sample is a basic configuration for the network in Figure 5-37. Example 5-18, Example

5-19, and Example 5-20 provide the configuration.

IPX. However, to Telnet to the routers to issue commands, IP must be configured. In fact, in

almost every network with Cisco routers, IP is indeed configured. Therefore, the IPX examples

generally include IP configuration.

Interface mode

per interface

ipx routing

!

interface serial0

ip address 10.1.12.1 255.255.255.0

ipx network 1012

bandwidth 56

!

interface serial1

ip address 10.1.13.1 255.255.255.0

ipx network 1013

!

interface ethernet 0

ip address 10.1.1.1 255.255.255.0

ipx network 1

Enabling IPX routing globally as well as on each interface is all that is required to route IPX in

into and out of each interface and enable RIP and SAP on each interface, respectively.

The IPX addresses are not completely defined, however. Only the network number is

configured. The full IPX network number is created by adding the MAC address of each

interface to the configured IPX network number. For non-LAN interfaces, the MAC address of

a LAN interface is used by default. However, for easier troubleshooting, a MAC address to be

used as the node part of the IPX address on non-LAN interfaces can be configured. Notice the

ipx routing 0200.bbbb.bbbb

!

interface serial0

ip address 10.1.12.2 255.255.255.0

ipx network 1012

bandwidth 56

!

interface serial1

ip address 10.1.23.2 255.255.255.0

ipx network 1023

!

interface ethernet 0

ip address 10.1.2.2 255.255.255.0

ipx network 2

ipx routing 0200.cccc.cccc

!

interface serial0

ip address 10.1.13.3 255.255.255.0

ipx network 1013

!

interface serial1

ip address 10.1.23.3 255.255.255.0

ipx network 1023

!

interface ethernet 0

ip address 10.1.3.3 255.255.255.0

ipx network 3

difference in the two commands in Example 5-21. The first is on Albuquerque, and the second

is on Seville:

Serial0 is up, line protocol is up

IPX address is 1012.0000.0ccf.21cd [up]

Delay of this IPX network, in ticks is 6 throughput 0 link delay 0

IPXWAN processing not enabled on this interface.

IPX SAP update interval is 1 minute(s)

IPX type 20 propagation packet forwarding is disabled

Incoming access list is not set

Outgoing access list is not set

IPX helper access list is not set

SAP GNS processing enabled, delay 0 ms, output filter list is not set

SAP Input filter list is not set

SAP Output filter list is not set

SAP Router filter list is not set

Input filter list is not set

Output filter list is not set

Router filter list is not set

Netbios Input host access list is not set

Netbios Input bytes access list is not set

Netbios Output host access list is not set

Netbios Output bytes access list is not set

Updates each 60 seconds, aging multiples RIP: 3 SAP: 3

SAP interpacket delay is 55 ms, maximum size is 480 bytes

RIP interpacket delay is 55 ms, maximum size is 432 bytes

Watchdog processing is disabled, SPX spoofing is disabled, idle time 60

IPX accounting is disabled

IPX fast switching is configured (enabled)

RIP packets received 39, RIP packets sent 44

SAP packets received 27, SAP packets sent 29

Albuquerque#

Serial0 is up, line protocol is up

IPX address is 1013.0200.cccc.cccc [up]

Delay of this IPX network, in ticks is 6 throughput 0 link delay 0

IPXWAN processing not enabled on this interface.

IPX SAP update interval is 1 minute(s)

IPX type 20 propagation packet forwarding is disabled

Incoming access list is not set

Outgoing access list is not set

IPX helper access list is not set

SAP GNS processing enabled, delay 0 ms, output filter list is not set

SAP Input filter list is not set

SAP Output filter list is not set

SAP Router filter list is not set

Input filter list is not set

Output filter list is not set

Router filter list is not set

complete IPX address. In this case, you can see that the node part of Seville’s IPX address is

easily recognizable, whereas Albuquerque’s is not. Seville’s node address is 0200.cccc.cccc

Albuquerque (refer to Example 5-18), the router chooses a MAC on one of the LAN interfaces

to use as the node portion of the IPX addresses on non-LAN interfaces.

In other words, even if Albuquerque’s configuration were typed as in Example 5-18, the node

when viewing the configuration in the future.

Several nuances are involved in how the node parts of the addresses are assigned. The first is

that if the node part of the IPX address on WAN interfaces is derived from the MAC of a LAN

interface, and if there is more than one LAN interface, then the IOS must choose one MAC

address to use. The algorithm uses the MAC address of the “first” Ethernet interface—or the

first Token Ring interface, if no Ethernet exists, or the first FDDI interface, if no Ethernet or

Token Ring exists. The lowest numbered interface number is considered to be “first.” The next

be configured, or IPX routing will not work on a WAN interface. The final nuance is that the

The second sample network (illustrated in Figure 5-38) uses Frame Relay with point-to-point

subinterfaces. Example 5-22, Example 5-23, Example 5-24, and Example 5-25 show the

configuration for this network.

Netbios Input host access list is not set

Netbios Input bytes access list is not set

Netbios Output host access list is not set

Netbios Output bytes access list is not set

Updates each 60 seconds, aging multiples RIP: 3 SAP: 3

SAP interpacket delay is 55 ms, maximum size is 480 bytes

RIP interpacket delay is 55 ms, maximum size is 432 bytes

Watchdog processing is disabled, SPX spoofing is disabled, idle time 60

IPX accounting is disabled

IPX fast switching is configured (enabled)

RIP packets received 51, RIP packets sent 51

SAP packets received 2, SAP packets sent 28

Seville#

ipx routing 0200.aaaa.aaaa

!

interface serial0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 140.1.1.1 255.255.255.0

ipx network 1

frame-relay interface-dlci 52

!

interface serial 0.2 point-to-point

ip address 140.1.2.1 255.255.255.0

ipx network 2

frame-relay interface-dlci 53

!

interface serial 0.3 point-to-point

ip address 140.1.3.1 255.255.255.0

ipx network 3

frame-relay interface-dlci 54

!

interface ethernet 0

ip address 140.1.11.1 255.255.255.0

ipx network 11

ipx routing 0200.bbbb.bbbb

!

interface serial0

encapsulation frame-relay

!

interface serial 0.1 point-to-point

ip address 140.1.1.2 255.255.255.0

ipx network 1

frame-relay interface-dlci 51

!

interface ethernet 0

ip address 140.1.12.2 255.255.255.0

ipx network 12

ipx routing 0200.cccc.cccc

!

interface serial0

encapsulation frame-relay

!

interface serial 0.2 point-to-point

ip address 140.1.2.3 255.255.255.0

ipx network 2

frame-relay interface-dlci 51

!

interface ethernet 0

ip address 140.1.13.3 255.255.255.0

ipx network 13

ipx routing 0200.dddd.dddd

!

interface serial0

encapsulation frame-relay

!

interface serial 0.3 point-to-point

The configuration is very similar to the point-to-point network of Figure 5-37. The biggest

difference is that each point-to-point subinterface is a different IPX network, as seen in Figure

subcommand. SAP and RIP updates are sent out each subinterface—this means that Atlanta

will replicate and send three copies of the RIP update and three copies of the SAP update on its

serial0 interface, one per subinterface, every 60 seconds.

Configuration when using multiple Ethernet encapsulations is the final configuration option to

be reviewed. In Figure 5-38, assume that Gary is an old NetWare client running NetWare

version 3.11 client software and using the Ethernet_802.3 Novell encapsulation. Stephanie is

newer and uses the Ethernet_802.2 encapsulation. Two IPX networks are used on Nashville’s

Ethernet 0 interface in this case.

Gary will be in Network 13, and Stephanie will be in Network 23. Example 5-26 shows just the

Ethernet configuration for the Nashville network, with a secondary IPX network on Ethernet 0.

Example 5-26 also shows an alternative configuration using subinterfaces.

commands. The network in Figure 5-39 was used to gather the sample output.

ip address 140.1.3.4 255.255.255.0

ipx network 3

frame-relay interface-dlci 51

!

interface ethernet 0

ip address 140.1.14.4 255.255.255.0

ipx network 14

ipx routing 0200.cccc.cccc

!

interface ethernet 0

ipx network 13 encapsulation novell-ether

ipx network 23 encapsulation sap secondary

! Or instead of the previous 3 lines, use the following 4 lines:

interface ethernet 0.1

ipx network 13 encapsulation novell-ether

interface ethernet 0.2

ipx network 23 encapsulation sap

Codes: C - Connected primary network, c - Connected secondary network

S - Static, F - Floating static, L - Local (internal), W - IPXWAN

R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate

s - seconds, u - uses, U - Per-user static

9 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.

No default route known.

C 3 (NOVELL-ETHER), Et0

C 5 (FRAME-RELAY), Se0.2

C 6 (FRAME-RELAY), Se0.1

R 1 [07/01] via 6.0200.aaaa.aaaa, 51s, Se0.1

R 2 [07/01] via 5.0200.bbbb.bbbb, 40s, Se0.2

R 4 [07/01] via 5.0200.bbbb.bbbb, 40s, Se0.2

R 11 [08/03] via 6.0200.aaaa.aaaa, 51s, Se0.1

R 22 [08/03] via 6.0200.aaaa.aaaa, 51s, Se0.1

R 200 [08/02] via 6.0200.aaaa.aaaa, 51s, Se0.1

Seville#

IPX routing events debugging is on

01:04:03: IPXRIP: 5 FFFFFFFF not added, entry in table is static/connected/internal

01:04:12: IPXRIP: positing full update to 6.ffff.ffff.ffff via Serial0.1

(broadcast)

01:04:14: IPXRIP: 6 FFFFFFFF not added, entry in table is static/connected/internal

01:04:14: IPXRIP: positing full update to 5.ffff.ffff.ffff via Serial0.2

(broadcast)

01:04:20: IPXRIP: positing full update to 3.ffff.ffff.ffff via Ethernet0

(broadcast)

01:05:03: IPXRIP: 5 FFFFFFFF not added, entry in table is static/connected/internal

01:05:11: IPXRIP: positing full update to 6.ffff.ffff.ffff via Serial0.1

(broadcast)

01:05:14: IPXRIP: 6 FFFFFFFF not added, entry in table is static/connected/internal

01:05:14: IPXRIP: positing full update to 5.ffff.ffff.ffff via Serial0.2

(broadcast)

01:05:20: IPXRIP: positing full update to 3.ffff.ffff.ffff via Ethernet0

(broadcast)

IPX routing debugging is on

Seville#

01:07:02: IPXRIP: update from 6.0200.aaaa.aaaa

01:07:02: IPXRIP: 5 FFFFFFFF not added, entry in table is static/connected/internal

01:07:02: 5 in 2 hops, delay 13

01:07:02: 200 in 2 hops, delay 8

01:07:02: 11 in 3 hops, delay 8

01:07:02: 22 in 3 hops, delay 8

01:07:02: 1 in 1 hops, delay 7

01:07:02: 2 in 2 hops, delay 13

01:07:02: 4 in 1 hops, delay 7

01:07:10: IPXRIP: positing full update to 6.ffff.ffff.ffff via Serial0.1

(broadcast)

01:07:10: IPXRIP: Update len 64 src=6.0200.cccc.cccc, dst=6.ffff.ffff.ffff(453)

01:07:10: network 3, hops 1, delay 7

01:07:10: network 4, hops 2, delay 13

01:07:10: network 2, hops 2, delay 13

01:07:10: network 5, hops 1, delay 7

01:07:13: IPXRIP: positing full update to 5.ffff.ffff.ffff via Serial0.2

(broadcast)

01:07:13: IPXRIP: Update len 80 src=5.0200.cccc.cccc, dst=5.ffff.ffff.ffff(453)

01:07:13: network 1, hops 2, delay 13

01:07:13: network 22, hops 4, delay 14

01:07:13: network 11, hops 4, delay 14

01:07:13: network 200, hops 3, delay 14

01:07:13: network 3, hops 1, delay 7

01:07:13: network 6, hops 1, delay 7

01:07:13: IPXRIP: update from 5.0200.bbbb.bbbb

01:07:13: IPXRIP: 6 FFFFFFFF not added, entry in table is static/connected/internal

01:07:13: 6 in 2 hops, delay 13

01:07:13: 22 in 4 hops, delay 14

01:07:13: 11 in 4 hops, delay 14

01:07:13: 200 in 3 hops, delay 14

01:07:13: 1 in 2 hops, delay 13

01:07:13: 2 in 1 hops, delay 7

01:07:13: 4 in 1 hops, delay 7

Notice that the number of hops to the server is shown, as is the type of service and the server

All possible debugging has been turned off

Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail

U - Per-user static

4 Total IPX Servers

Table ordering is based on routing and server info

Type Name Net Address Port Route Hops Itf

P 4 SVR1 200.0000.0000.0001:0452 8/02 3 Se0.1

P 4 SVR2 200.0000.0000.0001:0452 8/02 3 Se0.1

P 7 SVR1 200.0000.0000.0001:0452 8/02 3 Se0.1

P 7 SVR2 200.0000.0000.0001:0452 8/02 3 Se0.1

IPX service debugging is on

Seville#

00:13:21: IPXSAP: Response (in) type 0x2 len 288 src:6.0200.aaaa.aaaa

dest:6.ffff.ffff.ffff(452)

00:13:21: type 0x4, “SVR2“, 200.0000.0000.0001(452), 3 hops

00:13:21: type 0x4, “SVR1“, 200.0000.0000.0001(452), 3 hops

00:13:21: type 0x7, “SVR2“, 200.0000.0000.0001(452), 3 hops

00:13:21: type 0x7, “SVR1“, 200.0000.0000.0001(452), 3 hops

00:13:27: IPXSAP: positing update to 6.ffff.ffff.ffff via Serial0.1 (broadcast)

(full)

00:13:27: IPXSAP: suppressing null update to 6.ffff.ffff.ffff

Seville#

Seville#

00:13:30: IPXSAP: Response (in) type 0x2 len 288 src:5.0200.bbbb.bbbb

dest:5.ffff.ffff.ffff(452)

00:13:30: type 0x7, “SVR1“, 200.0000.0000.0001(452), 4 hops

00:13:30: type 0x7, “SVR2“, 200.0000.0000.0001(452), 4 hops

00:13:30: type 0x4, “SVR1“, 200.0000.0000.0001(452), 4 hops

00:13:30: type 0x4, “SVR2“, 200.0000.0000.0001(452), 4 hops

undebug all

All possible debugging has been turned off

Seville#

The Foundation Summary is a collection of tables and figures that provides a convenient review

of many key concepts in this chapter. For those of you already comfortable with the topics in

this chapter, this summary could help you recall a few details. For those of you who just read

this chapter, this review should help solidify some key facts. For any of you doing your final

prep before the exam, these tables and figures will hopefully be a convenient way to review the

day before the exam.

Table 5-36 lists the IP addressing terms used in this chapter.

IP address 32-bit number, usually written in dotted decimal form, that uniquely

identifies an interface of some computer.

Host address Another term for IP address.

Network The concept of a group of hosts.

Network number A 32-bit number, usually written in dotted decimal form, that represents

a network. This number cannot be assigned as an IP address to an

interface of some computer. The host portion of the network number

has a value of all binary 0s.

Network address Another name for network number.

Broadcast address A 32-bit number, usually written in dotted decimal form, that is used to

address all hosts in the network. The host portion of the broadcast

address has a value of all binary 1s. Broadcast addresses cannot be

assigned as an IP address.

Subnet The concept of a group of hosts, which is a subdivision of a network.

Subnet number A 32-bit number, usually written in dotted decimal form, that represents

all hosts in a subnet. This number cannot be used as an IP address for

some computer’s interface.

Subnet address Another term for subnet number.

Subnetting The process of subdividing networks into smaller subnets. This is

jargon—for example, “Are you subnetting your network?”

Network mask A 32-bit number, usually written in dotted decimal form. The mask is

used by computers to calculate the network number of a given IP

address by performing a Boolean AND of the address and mask. The

mask also defines the number of host bits in an address.

Table 5-37 summarizes NAT terminology.

Mask A generic term for a mask, whether it is a default mask or a subnet

mask.

Address mask Another term for a mask.

Default Class A mask The mask used for Class A networks when no subnetting is used.

The value is 255.0.0.0.

Default Class B mask The mask used for Class B networks when no subnetting is used.

The value is 255.255.0.0.

Default Class C mask The mask used for Class C networks when no subnetting is used.

The value is 255.255.255.0.

Subnet mask A nondefault mask used when subnetting.

Network part or network

field

Term used to describe the first part of an IP address. The host part is 8,

16, or 24 bits for Class A, B, and C networks, respectively.

Host part or host field Term used to describe the last part of an IP address. The network part is

24, 16, or 8 bits for Class A, B, and C networks, respectively, when

subnetting is not used. When subnetting, the size of the host part

depends on the subnet mask chosen for that network.

Subnet part of subnet field Term used to describe the middle part of an IP address. The subnet part

is variable in size, based on how subnetting is implemented.

Inside local Address of the host in the private network. When NAT is

needed, this address is typically a private address or an

address in a network registered to another organization.

170.1.1.10

Inside global The Internet (global network) view of the inside local

address. This address is in a network registered to the

company responsible for the NAT router.

200.1.1.1

Outside global The Internet (global network) view of the address of the

host correctly attached to the Internet.

170.1.1.1

Outside local When the private company reuses a network number

registered to someone else, the outside local address

represents the outside global address in the local

(private) network. Because this address is used only in

the private organization, it can be any IP address.

192.168.1.1

Table 5-38 contrasts typical transport layer functions as performed (or not performed) by UDP

or TCP.

Table 5-39 summarizes the ICMP unreachable codes.

Data transfer Continuous stream of ordered data Message (datagram) delivery

Multiplexing Process that allows receiving hosts to

decide the correct application for

which the data is destined, based on

port number

Process that allows receiving hosts to

decide the correct application for

which the data is destined, based on

port number

Reliable transfer Acknowledgment of data using the

sequence and acknowledgment fields

in the TCP header

Not a feature of UDP

Flow control Process used to protect buffer space

and routing devices

Not a feature of UDP

Connections Process used to initialize port numbers

and other TCP header fields

UDP is connectionless

Network

Unreachable

No match exists in a routing table for the destination of the

packet.

Router

Host Unreachable The packet can be routed to a router connected to the

destination subnet, but the host is not responding.

Router

Can’t Fragment The packet has the Don’t Fragment bit set, and a router must

fragment to forward the packet.

Router

Protocol

Unreachable

The packet is delivered to the destination host, but the

transport layer protocol is not available on that host.

Endpoint host

Port Unreachable The packet is delivered to the destination host, but the

destination port has not been opened by an application.

Endpoint host

Table 5-40 summarizes some of the features of TFTP and FTP.

Figure 5-40 shows the types of encapsulating Ethernet headers that are listed and described in

Table 5-42.