LAN Switching & Wireless
Q1. Describe the Hierarchical Network Model? Describe the benefits of the Hierarchical Network Model.
Ans: A hierarchical network model breaks the complex problem of network design into smaller, more manageable problems. Each level, or tier in the hierarchy addresses a different set of problems. This helps the designer optimize network hardware and software to perform specific roles. For example, devices at the lowest tier are optimized to accept traffic into a network and pass that traffic to the higher layers. Cisco offers a three-tiered hierarchy as the preferred approach to network design.
In the three-layer network design model, network devices and links are grouped according to three layers:
The three-layer model is a conceptual framework. It is an abstract picture of a network similar to the concept of the Open System Interconnection (OSI) reference model.
Layered models are useful because they facilitate modularity. Devices at each layer have similar and well-defined functions. This allows administrators to easily add, replace, and remove individual pieces of the network. This kind of flexibility and adaptability makes a hierarchical network design highly scalable.
At the same time, layered models can be difficult to comprehend because the exact composition of each layer varies from network to network. Each layer of the three-tiered design model may include the following:
- A router
- A switch
- A link
- A combination of these
Some networks may combine the function of two layers into a single device or omit a layer entirely.
The following sections discuss each of the three layers in detail.
The Core Layer
The core layer provides an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer switches packets as fast as possible. Devices at the core layer should not be burdened with any processes that stand in the way of switching packets at top speed. This includes the following:
- Access-list checking
- Data encryption
- Address translation
The Distribution Layer
The distribution layer is located between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including the following:
- Routing updates
- Route summaries
- VLAN traffic
- Address aggregation
Use these policies to secure networks and to preserve resources by preventing unnecessary traffic.
If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.
The Access Layer
The access layer supplies traffic to the network and performs network entry control. End users access network resources by way of the access layer. Acting as the front door to a network, the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network by way of a wide-area technology, such as Frame Relay, ISDN, or leased lines.
There are many benefits associated with hierarchical network designs.
Hierarchical networks scale very well. The modularity of the design allows you to replicate design elements as the network grows. Because each instance of the module is consistent, expansion is easy to plan and implement. For example, if your design model consists of two distribution layer switches for every 10 access layer switches, you can continue to add access layer switches until you have 10 access layer switches cross-connected to the two distribution layer switches before you need to add additional distribution layer switches to the network topology. Also, as you add more distribution layer switches to accommodate the load from the access layer switches, you can add additional core layer switches to handle the additional load on the core.
As a network grows, availability becomes more important. You can dramatically increase availability through easy redundant implementations with hierarchical networks. Access layer switches are connected to two different distribution layer switches to ensure path redundancy. If one of the distribution layer switches fails, the access layer switch can switch to the other distribution layer switch. Additionally, distribution layer switches are connected to two or more core layer switches to ensure path availability if a core switch fails. The only layer where redundancy is limited is at the access layer. Typically, end node devices, such as PCs, printers, and IP phones, do not have the ability to connect to multiple access layer switches for redundancy. If an access layer switch fails, just the devices connected to that one switch would be affected by the outage. The rest of the network would continue to function unaffected.
Communication performance is enhanced by avoiding the transmission of data through low-performing, intermediary switches. Data is sent through aggregated switch port links from the access layer to the distribution layer at near wire speed in most cases. The distribution layer then uses its high performance switching capabilities to forward the traffic up to the core, where it is routed to its final destination. Because the core and distribution layers perform their operations at very high speeds, there is less contention for network bandwidth. As a result, properly designed hierarchical networks can achieve near wire speed between all devices.
Security is improved and easier to manage. Access layer switches can be configured with various port security options that provide control over which devices are allowed to connect to the network. You also have the flexibility to use more advanced security policies at the distribution layer. You may apply access control policies that define which communication protocols are deployed on your network and where they are permitted to go. For example, if you want to limit the use of HTTP to a specific user community connected at the access layer, you could apply a policy that blocks HTTP traffic at the distribution layer. Restricting traffic based on higher layer protocols, such as IP and HTTP, requires that your switches are able to process policies at that layer. Some access layer switches support Layer 3 functionality, but it is usually the job of the distribution layer switches to process Layer 3 data, because they can process it much more efficiently.
Manage ability is relatively simple on a hierarchical network. Each layer of the hierarchical design performs specific functions that are consistent throughout that layer. Therefore, if you need to change the functionality of an access layer switch, you could repeat that change across all access layer switches in the network because they presumably perform the same functions at their layer. Deployment of new switches is also simplified because switch configurations can be copied between devices with very few modifications. Consistency between the switches at each layer allows for rapid recovery and simplified troubleshooting. In some special situations, there could be configuration inconsistencies between devices, so you should ensure that configurations are well documented so that you can compare them before deployment.
Because hierarchical networks are modular in nature and scale very easily, they are easy to maintain. With other network topology designs, manageability becomes increasingly complicated as the network grows. Also, in some network design models, there is a finite limit to how large the network can grow before it becomes too complicated and expensive to maintain. In the hierarchical design model, switch functions are defined at each layer, making the selection of the correct switch easier. Adding switches to one layer does not necessarily mean there will not be a bottleneck or other limitation at another layer. For a full mesh network topology to achieve maximum performance, all switches need to be high-performance switches, because each switch needs to be capable of performing all the functions on the network. In the hierarchical model, switch functions are different at each layer. You can save money by using less expensive access layer switches at the lowest layer, and spend more on the distribution and core layer switches to achieve high performance on the network.
Q2. Explain the key features of switches that are used in hierarchical networks?
This assignment solved by www.solvezone.in visit for better price and service
Ans: The key features of switches that are used in hierarchical networks are as follows:
Fixed Configuration Switched
Fixed configuration switches are just as you might expect, fixed in their configuration. What that means is that you cannot add features or options to the switch beyond those that originally came with the switch. The particular model you purchase determines the features and options available. For example, if you purchase a 24-port gigabit fixed switch, you cannot add additional ports when you need them. Typically, different configuration choices vary in how many and what types of ports are included.
Modular switches offer more flexibility in their configuration. Modular switches come with different sized chassis that allow for the installation of different numbers of modular line cards. The line cards contain the ports. The line card fits into the switch chassis like expansion cards fit into a PC. The larger the chassis, the more modules it can support. As you can see in Figure 1-18, you can choose from many chassis sizes. If you bought a modular switch with a 24-port line card, you could easily add an additional 24-port line card to bring the total number of ports up to 48.
Stackable switches can be interconnected using a special backplane cable that provides high bandwidth throughput between the switches. Cisco introduced Stack Wise technology in one of its switch product lines. Stack Wise allows you to interconnect up to nine switches using fully redundant backplane connections. The stacked switches effectively operate as a single larger switch. Stackable switches are desirable where fault tolerance and bandwidth availability are critical and a modular switch is too costly to implement. Using cross-connected connections, the network can recover quickly if a single switch fails. Stackable switches use a special port for interconnections and do not use line ports for inter-switch connections. The speeds are also typically faster than using line ports for connection switches.
When selecting a switch for the access, distribution, or core layers, consider the capability of the switch to support the port density, forwarding rates, and bandwidth aggregation requirements of your network.
Port density is the number of ports available on a single switch. Fixed configuration switches typically support up to 48 ports on a single device, with options for up to four additional ports for small form-factor pluggable (SFP) devices. High port densities allow for better use of space and power when both are in limited supply. If you have two switches that each contains 24 ports, you would be able to support up to 46 devices because you lose at least one port per switch to connect each switch to the rest of the network. In addition, two power outlets are required. On the other hand, if you have a single 48-port switch, 47 devices can be supported, with only one port used to connect the switch to the rest of the network, and only one power outlet needed to accommodate the single switch.
Modular switches can support very high port densities through the addition of multiple switch port line cards, as shown in Figure 1-19. For example, the Catalyst 6500 switch can support in excess of 1000 switch ports on a single device.
Large enterprise networks that support many thousands of network devices require high density, modular switches to make the best use of space and power. Without using a high density modular switch, the network would need many fixed configuration switches to accommodate the number of devices that need network access. This approach can consume many power outlets and a lot of closet space.
As illustrated in Figure 1-20, forwarding rates define the processing capabilities of a switch by rating how much data the switch can process per second. Switch product lines are classified by forwarding rates. Entry-layer switches have lower forwarding rates than enterprise layer switches. Forwarding rates are important to consider when selecting a switch. If the switch forwarding rate is too low, it cannot accommodate full wire-speed communication across all its switch ports. Wire speed is the data rate that each port on the switch is capable of attaining—either 100 Mbps Fast Ethernet or 1000 Mbps Gigabit Ethernet. For example, a 48-port gigabit switch operating at full wire speed generates 48 Gbps of traffic. If the switch supports a forwarding rate of only 32 Gbps, it cannot run at full wire speed across all ports simultaneously. Fortunately, access layer switches typically do not need to operate at full wire speed because they are physically limited by their uplinks to the distribution layer. This allows you to use less expensive, lower-performing switches at the access layer, and use the more expensive, higher-performing switches at the distribution and core layers, where the forwarding rate makes a bigger difference.
As part of bandwidth aggregation, you should determine if there are enough ports on a switch to aggregate to support the required bandwidth. For example, consider a Gigabit Ethernet port, which carries up to 1 Gbps of traffic. If you have a 24-port switch, with all ports capable of running at gigabit speeds, you could generate up to 24 Gbps of network traffic. If the switch is connected to the rest of the network by a single network cable, it can forward only 1 Gbps of the data to the rest of the network. Due to the contention for bandwidth, the data would forward more slowly. That results in 1/24th wire speed available to each of the 24 devices connected to the switch. Wire speed describes the theoretical maximum data transmission rate of a connection.
Link aggregation helps to reduce these bottlenecks of traffic by allowing up to eight switch ports to be bound together for data communications, providing up to 16 Gbps of data throughput when Gigabit Ethernet ports are used. With the addition of multiple 10 Gigabit Ethernet uplinks on some enterprise-layer switches, 160 Gbps throughput rates can be achieved. Cisco uses the term Ether Channel when describing aggregated switch ports. Keep in mind that Ether Channel reduces the number of available ports to connect network devices.
Power over Ethernet and Layer 3 Functionality
Two other characteristics you want to consider when selecting a switch are Power over Ethernet (PoE) and Layer 3 functionality. Power over Ethernet Power over Ethernet (PoE) allows the switch to deliver power to a device over the existing Ethernet cabling.
PoE ports on a switch, IP phone, access point, and wireless LAN controller look the same as any switch port. Check the model of the networking device to determine whether the port supports PoE.
PoE allows you more flexibility when installing wireless access points and IP phones because you can install them anywhere you can run an Ethernet cable. You do not need to consider how to run ordinary power to the device. You should select a switch that supports PoE only if you are actually going to take advantage of the feature because it adds considerable cost to the switch.
Layer 3 Functionality
Typically, switches operate at Layer 2 of the OSI reference model, where they deal primarily with the MAC addresses of devices connected to switch ports. Layer 3 switches offer advanced functionality that will be discussed in greater detail in the later chapters of this book. Layer 3 switches are also known as multilayer switches.
Q3.What are the benefits of VLAN? Explain different types of VLAN.
Ans: - VLAN Benefits
As we have seen, there are several benefits to using VLANs. To summarize, VLAN benefits include:
- Increased performance
- Improved manageability
- Simplification of software configurations
- Increased security options
Switched networks by nature will increase performance over shared devices in use today by reducing collisions. Grouping users into logical networks will also increase performance by limiting broadcast traffic to users performing similar functions within workgroups. Additionally, less traffic will need to be routed, and the latency added to routers will be reduced.
VLANs provide an easy, flexible, less costly way to modify logical groups in changing environments. VLANs make large networks more manageable by allowing centralized configuration of devices located in assorted locations.
Simplification of software configurations
VLANs will allow LAN administrators to "fine tune" their networks by grouping users. Software configurations can be made the same across machines with the consolidation of a department´s resources into a single subnet. IP addresses and subnet masks will be more consistent across the entire VLAN. These services can be more effectively deployed when they can span buildings within a VLAN.
Increased security options
VLANs have the ability to provide additional security not available in a shared network environment. A switched network delivers packets only to the intended recipients and packets only to other members of the VLAN. This allows the network administrator to segment users requiring access to sensitive information into separate VLANs from the rest of the general users regardless of physical location.
There are different types of VLANs. The type of network traffic they carry defines a particular type of VLAN and others derive their names due to the type or a specific function the VLAN performs. The following describes common VLAN:
At the initial boot up of the switch, All switch ports become a member of the default VLAN, which makes them all part of the same broadcast domain. This allows any network device connected to any of the switch port to communicate with other devices on other switch ports.
On Cisco switches the default VLAN is VLAN 1. VLAN 1 has all the features of any VLAN, except that you cannot rename or delete it.
A data VLAN that can also be referred to as user VLAN. This is configured to carry only user-generated traffic. The importance of separating user data from other type of VLAN is proper switch management and control.
A native VLAN is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs as well as traffic that do not come from a VLAN port places untagged traffic (traffic that does not come from a VLAN) on the native VLAN. In summary, the native VLAN observes and identifies traffic coming from each end of a trunk link.
Q4.A point-to-point connection with different vendor routers using HDLC as the Encapsulation type cannot establish a connection. When you change the encapsulation type on both routers to PPP, the connection is established. Why did the routers establish a connection with PPP and not with HDLC?.
Ans: - PPP (Point-to-Point Protocol) is a protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. For example, your Internet server provider may provide you with a PPP connection so that the provider´s server can respond to your requests, pass them on to the Internet, and forward your requested Internet responses back to you. PPP uses the Internet protocol (IP) (and is designed to handle others). It is sometimes considered a member of the TCP/IP suite of protocols. Relative to the Open Systems Interconnection (OSI) reference model, PPP provides layer 2 (data-link layer) service. Essentially, it packages your computer´s TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
HDLC (High-level Data Link Control) is a group of protocols or rules for transmitting data between network points (sometimes called nodes). In HDLC, data is organized into a unit (called a frame) and sent across a network to a destination that verifies its successful arrival. The HDLC protocol also manages the flow or pacing at which data is sent. HDLC is one of the most commonly-used protocols in what is layer 2 of the industry communication reference model called Open Systems Interconnection (OSI). (Layer 1 is the detailed physical level that involves actually generating and receiving the electronic signals. Layer 3 is the higher level that has knowledge about the network, including access to router tables that indicate where to forward or send data. On sending, programming in layer 3 creates a frame that usually contains source and destination network addresses. HDLC (layer 2) encapsulates the layer 3 frame, adding data link control information to a new, larger frame.
Q5.What are the downsides to password recovery?
Ans: - A downside might be as follows:
A fix for this can be to use a randomly generated pin or hash to act as a onetime password. It will still be going over unencrypted email, but it will only be valid until the user confirms the account and chooses his own password. If someone has access to your email client you´re hooped anyway.
There is nothing stopping an extra security conscious user from deleting the email and changing their password right away. What it does is to give a convenience to users that want to treat your service as a trial. Picking unique user names and password is too far down the developing a relationship path for me personally.
-Against knowledgeable techies, sure, you´re hosed either way. I´m talking about more casual security threats: a mischievous child, a bad breakup, a sneaky Best Buy bench tech. It´s the difference between leaving your front door unlocked, versus leaving it wide open.
Q 1 (a) Describe the benefits and purpose of VTP
Ans: - Benefits of VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol or VTP refers to a messaging protocol responsible for managing the renaming, deletion and addition of VLANs (Virtual Local Area Networks). Ciscoâ€™s VLAN Trunking Protocol lowers administration in switched networks. The following are major benefits of VLAN Trunking Protocol.
- Better network management
VTP lowers the possible inconsistencies in configuration that normally come about once modifications are made in a network. Such inconsistencies may lead to security violations since VLANs have the capability of cross connecting when matching names are utilized. Furthermore, they could possibly become disconnected internally when mapped from a certain LAN kind to the next. However, VLAN Trunking Protocol offers a good mapping scheme for seamless trunking in a network that uses mixed media.
- Maintains consistency
The VLAN Trunking Protocol offers the benefit of maintaining configuration consistency throughout the whole network. This is credited to the fact that VTP utilizes trunk frames for managing any changes made to the VLANs in that particular network. This is attained through the use of a central switch found in the server mode. In fact, VTP synchronizes all the VLAN information in any VTP domain, thereby lowering the need of configuring similar VLAN data on every switch.
- Manages Cisco switches
Another vital advantage of VLAN Trunking Protocol is that it provides an effective method of managing Cisco switches like one group for configuration purposes. This means that if the VTP has been enabled on a Cisco switch, creating a VLAN on a single switch then makes the VLAN accessible to all the switches in that VTP domain. The switch can only be a part of one VTP domain at a single time.
The key drawback of using VLAN Trunking Protocol is that looping can occur. Looping is normally very annoying as it creates duplicate emails and it may even crash the whole network.
The purpose of VTP is to provide a way to manage Cisco switches as a single group for VLAN configuration purposes. For example, if VTP is enabled on Cisco switches, the creation of a new VLAN on one switch makes that VLAN available to all switches within the same VTP management domain. A switch can be part of only one VTP management domain at a time, and is part of no VTP management domain by default.
Without VTP, the creation of a new VLAN would require you to define that new VLAN individually on all necessary switches, a process that is subject to error and that is time-consuming to say the least. Instead, with VTP, you define the VLAN once and have VTP spread the information to all other switches in the same domain automatically
The primary benefit of VTP is that in large environments it facilitates adding and deleting VLANs, as well as making changes to VLAN configurations. Without VTP you would have to add a VLAN manually to each switch; with VTP you can add a VLAN to one switch and let the switches propagate the changes throughout the VTP management domain, and all before lunch!
When a VTP management domain name is defined on each switch, the switches exchange VTP information automatically and require no further configuration or day-to-day management.
(b) Explain the purpose and operation of ACLs? Explain the filtering process?
Ans:- Access Control List (ACL) are filters that enable you to control which routing updates or packets are permitted or denied in or out of a network. They are specifically used by network administrators to filter traffic and to provide extra security for their networks. This can be applied on routers (Cisco).
ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple as permitting or denying network hosts or addresses. You can configure ACLs for all routed network protocols.
The most important reason to configure ACLs is to provide security for your network. However, ACLs can also be configured to control network traffic based on the TCP port being used.
- Order of statements is important: put the most restrictive statements at the top of the list and the least restrictive at the bottom.
- ACL statements are processed top-down until a match is found, and then no more statements in the list are processed.
- If no match is found in the ACL, the packet is dropped (implicit deny).
- Each ACL needs either a unique number or a unique name.
- The router cannot filter traffic that it, itself, originates.
- You can have only one IP ACL applied to an interface in each direction (inbound and outbound)—you can´t have two or more inbound or outbound ACLs applied to the same interface. (Actually, you can have one ACL for each protocol, like IP and IPX, applied to an interface in each direction.)
- Applying an empty ACL to an interface permits all traffic by default: in order for an ACL to have an implicit deny statement, you need at least one actual permit or deny statement.
- Remember the numbers you can use for IP ACLs.Standard ACLs can use numbers ranging 1–99 and 1300–1999, and extended ACLs can use 100–199 and 2000–2699.
- Wildcard mask is not a subnet mask. Like an IP address or a subnet mask, a wildcard mask is composed of 32 bits when doing the conversion; subtract each byte in the subnet mask from 255.
There are two special types of wildcard masks:
0.0.0.0 and 255.255.255.255
A 0.0.0.0 wildcard mask is called a host mask
255.255.255.255. If you enter this, the router will cover the address and mask to the keyword any.
A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs.
To simplify how ACL or a router uses packet filtering work, imagine a guard stationed at a locked door. The guard´s instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.
When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.
Q 2 Describe and compare the Ethernet concepts and techniques used by LAN switches.
Ans: - A switch is a device that connects LAN segments using a table of MAC addresses to determine the segment on which a frame needs to be transmitted. Both switches and bridges operate at Layer 2 of the OSI model.
Switches are sometimes called multiport bridges or switching hubs. Switches make decisions based on MAC addresses and therefore, are Layer 2 devices. In contrast, hubs regenerate the Layer 1 signals out of all ports without making any decisions. Since a switch has the capacity to make path selection decisions, the LAN becomes much more efficient. Usually, in an Ethernet network the workstations are connected directly to the switch. Switches learn which hosts are connected to a port by reading the source MAC address in frames. The switch opens a virtual circuit between the source and destination nodes only. This confines communication to those two ports without affecting traffic on other ports. In contrast, a hub forwards data out all of its ports so that all hosts see the data and must process it, even if that data is not intended for it. High-performance LANs are usually fully switched:
- A switch concentrates connectivity, making data transmission more efficient. Frames are switched from incoming ports to outgoing ports. Each port or interface can provide the full bandwidth of the connection to the host.
- On a typical Ethernet hub, all ports connect to a common backplane or physical connection within the hub, and all devices attached to the hub share the bandwidth of the network. If two stations establish a session that uses a significant level of bandwidth, the network performance of all other stations attached to the hub is degraded.
- To reduce degradation, the switch treats each interface as an individual segment. When stations on different interfaces need to communicate, the switch forwards frames at wire speed from one interface to the other, to ensure that each session receives full bandwidth.
To efficiently switch frames between interfaces, the switch maintains an address table. When a frame enters the switch, it associates the MAC address of the sending station with the interface on which it was received.
The main features of Ethernet switches are:
- Isolate traffic among segments
- Achieve greater amount of bandwidth per user by creating smaller collision domains
The first feature, isolate traffic among segments, provides for greater security for hosts on the network. Each segment uses the CSMA/CD access method to maintain data traffic flow among the users on that segment. Such segmentation allows multiple users to send information at the same time on the different segments without slowing down the network.
By using the segments in the network fewer users and/or devices are sharing the same bandwidth when communicating with one another. Each segment has its own collision domain. Ethernet switches filter the traffic by redirecting the datagrams to the correct port or ports, which are based on Layer 2 MAC addresses.
The second feature is called micro segmentation. Micro segmentation allows the creation of dedicated network segments with one host per segment. Each hosts receives access to the full bandwidth and does not have to compete for available bandwidth with other hosts. Popular servers can then be placed on individual 100-Mbps links. Often in networks of today, a Fast Ethernet switch will act as the backbone of the LAN, with Ethernet hubs, Ethernet switches, or Fast Ethernet hubs providing the desktop connections in workgroups. As demanding new applications such as desktop multimedia or video conferencing become more popular, certain individual desktop computers will have dedicated 100-Mbps links to the network.
Q3. (a) The router IOS images should be stored on a TFTP server on the network. A network TFTP server can be used to restore lost or corrupted IOS images to network devices. In your own words, answer the following questions about IOS image management. What information is required when using the copy command to upload or download a system image file?
Ans:- Upgrade or Download Router IOS image to Flash Memory
To transfer an IOS from PC to ROUTER, the following conditions must meet
* IOS image the router to have is in working condition since corrupted IOS image won´t do any good
* IOS image the router to have meets the router DRAM and flash memory size. Keep in mind that maximize router DRAM and flash memory size before IOS image upgrade is always a good idea to make sure the router can fit the IOS image file and can run any IOS image version. Check out the following FAQ to find memory specification
»Cisco Forum FAQ »Cisco equipment memory chip specification
* When the router is still running the older IOS image version, backup the older IOS image to TFTP or FTP server (the next steps explain this further). This backup should perform before any IOS image upgrade. In case of unsuccessful IOS image upgrade (due to too-small DRAM size, corrupted IOS image, etc.) it is always a good to know that you are able to reverse the change by putting back the older IOS image (the one that you backup earlier) to the router
In order to transfer an IOS image typically you need to run a TFTP program on your computer. Your computer will then become TFTP server during the IOS image transfer. A simple FREE one can be found here
»Cisco Forum FAQ »How to prepare TFTP server
Note that when the router is running newer IOS image, IOS image transfer using FTP server is also supported. Using TFTP server instead of using FTP server is more common however for image transfer. The rest of this FAQ shows the use of TFTP transfer however.
It is recommended that the PC (the TFTP server) is on the same subnet as your router. Easiest way is to assign a static IP to your machine [x.x.x.100 255.255.255.0]. If there is a switch between the PC (the TFTP server) and the router, then also make sure both PC and router are within the same VLAN or the same broadcast domain.
When your network is using hub instead of switch, then there might be some collision that severely degrade the TFTP traffic flow; hence screwing up the download or upload process. In this case, it is highly suggested to use either a switch or simply back-to-back connection using crossover cable between the router and the PC.
Next go to the privilege exec prompt and type
r1#copy tftp flash
The command will ask you of four things.
1. The IP address of your server. Enter whatever PC IP address is.
2. The name of the IOS source file. Enter the exact name of the IOS file you are trying to install (including the sub-directory name and path if the file is not in the root or current directory). If you enter incorrect name or if the file is not in the right directory, the transfer will fail.
3. It may ask you for the destination filename as well. This indicates where you like the new IOS file stored and whether you like to keep the same IOS filename. Typically you choose to keep the same IOS filename and store the IOS file in current router´s flash directory. Should you decide to store the file in different directory, you need to specify the exact directory path and name. You also need to specify the new IOS filename should you decide to have different filename.
4. It will also ask you if you wish you to erase your flash before copy.
Read This Before Proceeding:
This erase means that you will erase the entire contents of memory flash by formatting the flash. Keep in mind that you cannot recover any of those contents (including the current IOS image) once the flash is erased or formatted.
You may want to erase the flash when at least one of following meets.
* Memory flash size is too small to hold both the current and the new IOS images
* You need to use the entire flash memory space that is currently partitioned to fit the new IOS image (note: to remove the partition, There was partition in the flash that was just been removed, and you need to start fresh by reformat the flash
* There was bad sector in the flash that you want to remove by reformat the flash
* The flash memory is brand new and/or has never been used/formatted
When none of the above fits your situation, then you might not need to format the flash. Holding both current and new IOS images in the same flash is recommended whenever possible. By having both images, it would be easier to flip back to the old image when there is boot problem with the new image since by default, the router boots up using the first valid IOS image the router can find.
If you must erase the flash, then make sure that you already backup all flash contents to server; especially the current IOS image.
When everything works and you say yes when you are asked to erase the flash, then the display will look something like this.
r1#copy tftp flash
Address or name of remote host ? 10.50.50.100
Source filename ? c2600-i-mz.121-14.bin
Destination filename [c2600-i-mz.121-14.bin]?y
Erase flash: before copying? [confirm]y
Erasing the flash filesystem will remove all files! Continue? [confirm]y
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ... erased
Erase of flash: complete
Loading c2600-i-mz.121-14.bin from 10.10.10.2 (via Ethernet0/0):
[OK - 4501480/9001984 bytes]
Verifying checksum... OK (0xAC8A)
4501480 bytes copied in 56.88 secs (80383 bytes/sec)
After the IOS transfers you will need to reboot the router to active the new IOS image. The router then may ask if you want to save the router configuration. Depending on whether you changed your IP address to a new scheme or just used the same address you may or may not want to save your config.
Backup Router IOS image to TFTP Server
In order to backup an IOS from ROUTER to PC, use the similar steps. However on Step 4, you need to enter a different command. This is where you want to make sure the TFTP server can send and receive.
r1#copy flash tftp
The rest of steps are applicable still.
With anything, sometimes things don´t work as expected. In a case of the copy command does not work, one of following could be the culprit.
* Incorrect IOS image file name to use
* Incorrect TFTP software installation
* Incorrect TFTP software setting
* IOS image file is stored in different directory or folder of the TFTP server
* Cable or routing issue between router and TFTP server
* If the router and the TFTP server is not connected directly (i.e. there is a patch panel, switch or router in between), verify the intermediate device/connection
* Incorrect IP address or subnet mask of either router or TFTP server
* Buggy TFTP software
Assuming no firewall or nothing blocks ICMP echo, you could try to ping both ways from router to TFTP server and from TFTP server to router. If you could ping both ways, then at least routing between router and TFTP server is good. Should it be the case; then the problem could not be either cable or routing (not TCP/IP Layer-1, 2, or 3 issues), hence you should consider something higher up in the TCP/IP Layer such as file- or directory- related issue.
There is also a possibility of a firewall issue that disallow TFTP traffic flow. First thing to confirm is to make sure you know where the active firewall is. This firewall can be a dedicated appliance (such as Cisco ASA firewall) or simply some software firewall installed on your TFTP server. If your TFTP server is some Windows machine, make sure all Windows Firewall is turned off. Note that some antivirus software may also block TFTP traffic, hence turning off the software at least temporarily is suggested.
If for some reason you cannot deactivate the firewall, then make sure the firewall allow TFTP traffic flow between the router and the TFTP server. When there is NAT/PAT in place on the firewall, make sure you use proper IP address that the firewall understand.
(b) What happens to a router when the IOS is deleted from flash?
Ans: - As network administrator, at some point you may encounter issue where a Cisco router won´t boot up normally. When you console in to the router, you do not see IOS prompt at all; instead it is either looping or there is this ROMMON prompt. This FAQ has been brought to help those that are unfamiliar around Cisco image troubleshooting process.
Although this FAQ has been written mostly for Cisco routers, the concept applies to other Cisco devices such as switches and firewalls. This FAQ assumes some knowledge from readers such as running basic IOS commands, setting up TFTP servers, some IP network understanding, and physical/hardware troubleshooting.
Following are typical cases in regards of router inability to boot up normally.
Deleted/Corrupted/Wrong Type/No IOS image and Router goes to ROMMON mode
When you notice your router won´t boot normally and goes to ROMMON mode (showing the rommon prompt), then basically the router can´t find a valid IOS image to boot from. The cause could be either one of the following
* Valid IOS image file has gone missing, deleted, or corrupted (common case)
* Router has been configured to boot from media that does not exist (less common case)
* Router tries to boot up IOS image that is too big to fit into its DRAM (not that typical case)
* Router crashes suddenly out of the blue (rare case)
* Router has been configured not to boot up normally at all (one-in-the-million case)
Note that entering ROMMON mode immediately is considered simple situation to remedy. Actually it is a good sign when the router enters ROMMON mode since it is sign of stable router configuration and simple procedure to revive. The next case shows worse situation.
Router Crashes and/or Boot Loops
When you have installed the wrong IOS (or one that is too big to fit into the router memory), the router may crash or boot to the ROMMON (ROM Monitor) prompt. In some cases, the router crashes after being up for years and left untouched. Once the router crashes, it may not enter ROMMON mode, keeps trying to boot up normally to no avail, and keeps looping.
To revive a Cisco router that is unable to boot up normally, first the router has to be in stable condition which the router must enter ROMMON mode as first step. When the router seems unable to enter ROMMON mode by itself, you have to power cycle the router and issue the break sequence within few seconds the router restarts.
In issuing break sequence, you need to consider the following. The break sequence to enter ROMMON mode varies, depending on your Terminal Emulator software you are using and Operating System your PC is running. Check out the following link to find out proper break sequence.
Q 4 Refer to Figure 1 for all the questions in this command exercise
Figure 1 Network Topology for Questions I Through IV
Q.I Allow only Host A from the 172.16.1.0/27 subnet access to the E-Mail server. Use the last usable number in the extended list range. Host A should not have access to any of the other servers. Write all the commands
Ans:- hostname(config)# access-list OUTSIDE extended permit tcp host 188.8.131.52 host 184.108.40.206 eq wwwhostname(config)# access-list OUTSIDE extended permit tcp host 220.127.116.11 host 18.104.22.168 eq wwwhostname(config)# access-list OUTSIDE extended permit tcp host 22.214.171.124 host 126.96.36.199 eq wwwhostname(config)# access-group OUTSIDE out interface outside
Q.II Allow only Host B access to the Internet, and deny everyone else. Use an extended named ACL to accomplish this task, and name the ACL Internet. Write all the commands
Ans:- hostname(config)# access-list ANY extended permit ip any anyhostname(config)# access-list OUT extended permit ip host 188.8.131.52 anyhostname(config)# access-list OUT extended permit ip host 184.108.40.206 anyhostname(config)# access-group ANY in interface insidehostname(config)# access-group ANY in interface hrhostname(config)# access-group OUT out interface outside
The following command allows some EtherTypes through the ASA, but it denies all others:
hostname(config)# access-list ETHER ethertype permit 0x1234hostname(config)# access-list ETHER ethertype permit mpls-unicasthostname(config)# access-group ETHER in interface insidehostname(config)# access-group ETHER in interface outside
The following command denies traffic with EtherType 0x1256 but allows all others on both interfaces:
hostname(config)# access-list nonIP ethertype deny 1256hostname(config)# access-list nonIP ethertype permit anyhostname(config)# access-group ETHER in interface insidehostname(config)# access-group ETHER in interface outside
Q.III No one from the 172.16.1.0/27 subnet is allowed access to the File Server, but all other traffic should be permitted. Use an extended named ACL to accomplish this task, and name the ACL No Access. Write all the commands
Ans:- Router01>enableRouter01#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router01(config)#access-list 105 deny tcp host 172.16.1.0 host 172.20.0.5 eq 80Router01(config)#access-list 105 permit ip any anyRouter01(config)#exitRouter01#
Q.IV Allow only hosts on the R3 LAN to communicate with hosts on the R1 LAN. They are allowed access to the Internet, but deny them access to the servers on the R2 LAN. Use the first usable number in the extended IP range to accomplish this task. Write all the commands.
Enter configuration commands, one per line. End with CNTL/Z.
Router03(config-if)#ip access-group 105 in
- Which layer of the hierarchical network design model is refered to as the high-speed backbone of the internetwork, where high availability and redundancy are critical?
- access layer
- core layer
- data-link layer
- distribution layer
Ans:- core layer
- Which feature supports higher throughput in switched networks by combining multiple switch ports?
- redundant links
- link aggregation
- network diameter
Ans:- link aggregation
- Which hierarchical design model layer controls the flow of network traffic using policies and delineates broadcast domains by performing routing functions between virtual LANs (VLANs)?
- What is the likely impact of moving a conventional company architecture to a completely converged network?
- Local analog phone service can be completely outsourced to cost-effective providers.
- The Ethernet VLAN structure is less complex.
- A shared infrastructure is created resulting in a single network to manage.
- QoS issues are greatly reduced.
- There is less bandwidth competition between voice and video streams.
Ans:- A shared infrastructure is created resulting in a single network to manage.
- Configuring communication between devices on different VLANs requires the use of which layer of the OSI model?
- Layer 1
- Layer 3
- Layer 4
- Layer 5
Ans:- Layer 3
- Which layer of the OSI model does an access layer LAN switch use to make a forwarding decision?
- Layer 1
- Layer 2
- Layer 3
- Layer 4
Ans:- Layer 2
- Which hierarchical design characteristic would be recommended at both the core and distribution layers to protect the network in the case of a route failure?
- access lists
- At which hierarchical layer are switches normally not required to process all ports at wire speed?
- core layer
- distribution layer
- access layer
- entry layer
Ans:- access layer
- For organizations that are implementing a voice over IP solution, what functionality should be enabled at all three layers of the hierarchical network?
- Power over Ethernet
- quality of service
- switch port security
- inter-VLAN routing
Ans:- quality of service
10 Link aggregations should be implemented at which layer of the hierarchical network?
- core only
- distribution and core
- access and distribution
- access, distribution, and core
Ans:- access and distribution
- What statement best describes a modular switch?
- a slim-line chassis
- allows interconnection of switches on redundant backplane
- defined physical characteristics
- flexible characteristics