Lecture 8 11

Module 8: Network Layer
Introduction to Networks v7.0

(ITN)
Module 8: Topics
What will I learn to do in this module?
Topic Title Topic Objective

Network Layer Explain how the network layer uses IP protocols for reliable
Characteristics communications.
IPv4 Packet Explain the role of the major header fields in the IPv4 packet.
IPv6 Packet Explain the role of the major header fields in the IPv6 packet.
Explain how network devices use routing tables to direct packets to a

How a Host Routes
destination network.
Router Routing Tables Explain the function of fields in the routing table of a router.
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
8.1 Network Layer
Characteristics
Network Layer Characteristics
The Network Layer
• Provides services to allow end devices to exchange
data
• IP version 4 (IPv4) and IP version 6 (IPv6) are the
principle network layer communication protocols.
• The network layer performs four basic operations:
• Addressing end devices
• Encapsulation
• Routing
• De-encapsulation
IP Encapsulation
• IP encapsulates the transport layer
segment.
• IP can use either an IPv4 or IPv6
packet and not impact the layer 4
segment.
• IP packet will be examined by all
layer 3 devices as it traverses the
network.
• The IP addressing does not change
from source to destination.
Note: NAT will change addressing,
but will be discussed in a later
module.
Characteristics of IP
IP is meant to have low overhead and may be described as:
• Connectionless
• Best Effort
• Media Independent
Connectionless
IP is Connectionless
• IP does not establish a connection with the destination before sending the packet.
• There is no control information needed (synchronizations, acknowledgments, etc.).
• The destination will receive the packet when it arrives, but no pre-notifications are sent by IP.
• If there is a need for connection-oriented traffic, then another protocol will handle this
(typically TCP at the transport layer).
Best Effort
IP is Best Effort
• IP will not guarantee delivery of the
packet.
• IP has reduced overhead since there
is no mechanism to resend data that
is not received.
• IP does not expect
acknowledgments.
• IP does not know if the other device
is operational or if it received the
packet.
Media Independent
IP is unreliable:
• It cannot manage or fix undelivered or
corrupt packets.
• IP cannot retransmit after an error.
• IP cannot realign out of sequence
packets.
• IP must rely on other protocols for these
functions.
IP is media Independent:
• IP does not concern itself with the type
of frame required at the data link layer
or the media type at the physical layer.
• IP can be sent over any media type:
copper, fiber, or wireless.
Media Independent (Contd.)
The network layer will establish the
Maximum Transmission Unit (MTU).
• Network layer receives this from
control information sent by the data
link layer.
• The network then establishes the
MTU size.
Fragmentation is when Layer 3 splits the
IPv4 packet into smaller units.
• Fragmenting causes latency.
• IPv6 does not fragment packets.
• Example: Router goes from Ethernet
to a slow WAN with a smaller MTU
8.2 IPv4 Packet
IPv4 Packet
IPv4 Packet Header
IPv4 is the primary communication protocol for the network layer.
The network header has many purposes:
• It ensures the packet is sent in the correct direction (to the destination).
• It contains information for network layer processing in various fields.
• The information in the header is used by all layer 3 devices that handle the packet
IPv4 Packet
IPv4 Packet Header Fields
The IPv4 network header characteristics:
• It is in binary.
• Contains several fields of information
• Diagram is read from left to right, 4 bytes per
line
• The two most important fields are the source
and destination.
Protocols may have may have one or more

functions.
IPv4 Packet
IPv4 Packet Header Fields
Significant fields in the IPv4 header:
Function Description
Version This will be for v4, as opposed to v6, a 4 bit field= 0100
Differentiated Services Used for QoS: DiffServ – DS field or the older IntServ – ToS or Type of Service
Header Checksum Detect corruption in the IPv4 header
Time to Live (TTL) Layer 3 hop count. When it becomes zero the router will discard the packet.
Protocol I.D.s next level protocol: ICMP, TCP, UDP, etc.
Source IPv4 Address 32 bit source address

Destination IPV4 Address 32 bit destination address
8.3 IPv6 Packets
IPv6 Packets
Limitations of IPv4
IPv4 has three major limitations:
• IPv4 address depletion – We have basically run out of IPv4 addressing.
• Lack of end-to-end connectivity – To make IPv4 survive this long, private addressing and
NAT were created. This ended direct communications with public addressing.
• Increased network complexity – NAT was meant as temporary solution and creates
issues on the network as a side effect of manipulating the network headers addressing.
NAT causes latency and troubleshooting issues.
IPv6 Packets
IPv6 Overview
• IPv6 was developed by Internet
Engineering Task Force (IETF).
• IPv6 overcomes the limitations of IPv4.
• Improvements that IPv6 provides:

• Increased address space – based on
128 bit address, not 32 bits
• Improved packet handling –
simplified header with fewer fields
• Eliminates the need for NAT – since
there is a huge amount of addressing,
there is no need to use private
addressing internally and be mapped to
a shared public address
IPv6 Packets
IPv4 Packet Header Fields in the IPv6 Packet Header
• The IPv6 header is simplified,
but not smaller.
• The header is fixed at 40 Bytes
or octets long.
• Several IPv4 fields were
removed to improve
performance.
• Some IPv4 fields were removed
to improve performance:
• Flag
• Fragment Offset
• Header Checksum
IPv6 Packets
IPv6 Packet Header
Significant fields in the IPv6 header:
Function Description
Version This will be for v6, as opposed to v4, a 4 bit field= 0110
Traffic Class Used for QoS: Equivalent to DiffServ – DS field
Flow Label Informs device to handle identical flow labels the same way, 20 bit field
Payload Length This 16-bit field indicates the length of the data portion or payload of the IPv6
packet
Next Header I.D.s next level protocol: ICMP, TCP, UDP, etc.
Hop Limit Replaces TTL field Layer 3 hop count
Source IPv6 Address 128 bit source address

Destination IPV6 Address 128 bit destination address
IPv6 Packets
IPv6 Packet Header (Cont.)
IPv6 packet may also contain extension headers (EH).
EH headers characteristics:
• provide optional network layer information
• are optional
• are placed between IPv6 header and the payload
• may be used for fragmentation, security, mobility support, etc.
Note: Unlike IPv4, routers do not fragment IPv6 packets.
8.4 How a Host Routes
How a Host Routes
Host Forwarding Decision
• Packets are always created at the source.
• Each host devices creates their own routing table.
• A host can send packets to the following:

• Itself – 127.0.0.1 (IPv4), ::1 (IPv6)
• Local Hosts – destination is on the same LAN
• Remote Hosts – devices are not on the same LAN
How a Host Routes
Host Forwarding Decision (Cont.)
• The Source device determines whether the destination is local or remote
• Method of determination:
• IPv4 – Source uses its own IP address and Subnet mask, along with the destination IP
address
• IPv6 – Source uses the network address and prefix advertised by the local router
• Local traffic is dumped out the host interface to be handled by an intermediary device.
• Remote traffic is forwarded directly to the default gateway on the LAN.
How a Host Routes
Default Gateway
A router or layer 3 switch can be a default-gateway.
Features of a default gateway (DGW):
• It must have an IP address in the same range as the rest of the LAN.
• It can accept data from the LAN and is capable of forwarding traffic off of the LAN.
• It can route to other networks.
If a device has no default gateway or a bad default gateway, its traffic will not be
able to leave the LAN.
How a Host Routes
A Host Routes to the Default Gateway
• The host will know the default
gateway (DGW) either statically or
through DHCP in IPv4.
• IPv6 sends the DGW through a
router solicitation (RS) or can be
configured manually.
• A DGW is static route which will be
a last resort route in the routing
table.
• All device on the LAN will need the
DGW of the router if they intend to
send traffic remotely.
How a Host Routes
Host Routing Tables
• On Windows, route print
or netstat -r to display
the PC routing table
• Three sections
displayed by these two
commands:
• Interface List – all
potential interfaces and
MAC addressing
• IPv4 Routing Table
• IPv6 Routing Table
8.5 Introduction to Routing
Introduction to Routing
Router Packet Forwarding Decision
What happens when the router receives the frame from the host device?
IP Router Routing Table
There three types of routes in a router’s routing table:
• Directly Connected – These routes are automatically added by the router, provided the interface is
active and has addressing.
• Remote – These are the routes the router does not have a direct connection and may be learned:
• Manually – with a static route
• Dynamically – by using a routing protocol to have the routers share their information with each other
• Default Route – this forwards all traffic to a specific direction when there is not a match in the
routing table
Static Routing
Static Route Characteristics:
• Must be configured manually
• Must be adjusted manually by the

administrator when there is a change
in the topology
• Good for small non-redundant
networks
• Often used in conjunction with a
dynamic routing protocol for
configuring a default route
Dynamic Routing
Dynamic Routes Automatically:
• Discover remote networks
• Maintain up-to-date information
• Choose the best path to the

destination
• Find new best paths when there is a
topology change
Dynamic routing can also share static
default routes with the other routers.
Introduction to an IPv4 Routing Table
The show ip route command shows the
following route sources:
• L - Directly connected local interface IP
address
• C – Directly connected network
• S – Static route was manually configured
by an administrator
• O – OSPF
• D – EIGRP
This command shows types of routes:
• Directly Connected – C and L
• Remote Routes – O, D, etc.
• Default Routes – S*
Module 9: Address Resolution
(ITN)
Module Objectives
Module Title: Address Resolution
Module Objective: Explain how ARP and ND enable communication on a network.

MAC and IP Compare the roles of the MAC address and the IP address.
ARP Describe the purpose of ARP.
Neighbor Discovery Describe the operation of IPv6 neighbor discovery.
9.1 MAC and IP
MAC and IP
Destination on Same Network
There are two primary addresses assigned to a device on an Ethernet LAN:
• Layer 2 physical address (the MAC address) – Used for NIC to NIC communications
on the same Ethernet network.
• Layer 3 logical address (the IP address) – Used to send the packet from the source
device to the destination device.
Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same
network. If a destination IP address is on the same network, the destination MAC address
will be that of the destination device.
MAC and IP
Destination on Remote Network
When the destination IP address is on a remote network, the destination MAC address is
that of the default gateway.
• ARP is used by IPv4 to associate the IPv4 address of a device with the MAC address
of the device NIC.
• ICMPv6 is used by IPv6 to associate the IPv6 address of a device with the MAC
address of the device NIC.
9.2 ARP
ARP
ARP Overview
A device uses ARP to determine the
destination MAC address of a local
device when it knows its IPv4 address.
ARP provides two basic functions:

• Resolving IPv4 addresses to MAC
addresses
• Maintaining an ARP table of IPv4
to MAC address mappings
ARP
ARP Functions
To send a frame, a device will search its ARP table for a destination IPv4 address and a
corresponding MAC address.
• If the packet’s destination IPv4 address is on the same network, the device will
search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network, the device will search the
ARP table for the IPv4 address of the default gateway.
• If the device locates the IPv4 address, its corresponding MAC address is used as the
destination MAC address in the frame.
• If there is no ARP table entry is found, then the device sends an ARP request.
ARP
Removing Entries from an ARP Table
• Entries in the ARP table are not permanent and are removed when an ARP cache
timer expires after a specified period of time.
• The duration of the ARP cache timer differs depending on the operating system.
• ARP table entries can also be removed manually by the administrator.
ARP
ARP Tables on Networking Devices
• The show ip arp command displays the ARP table on a Cisco router.
• The arp –a command displays the ARP table on a Windows 10 PC.
R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.1 - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0
C:\Users\PC> arp -a
Interface: 192.168.1.124 --- 0x10

Internet Address Physical Address Type
192.168.1.1 c8-d7-19-cc-a0-86 dynamic
192.168.1.101 08-3e-0c-f5-f7-77 dynamic
ARP
ARP Issues – ARP Broadcasting and ARP Spoofing
• ARP requests are received and processed by every device on the local network.
• Excessive ARP broadcasts can cause some reduction in performance.
• ARP replies can be spoofed by a threat actor to perform an ARP poisoning attack.
• Enterprise level switches include mitigation techniques to protect against ARP attacks.
9.3 IPv6 Neighbor Discovery
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery Messages
IPv6 Neighbor Discovery (ND) protocol provides:
• Address resolution
• Router discovery
• Redirection services
• ICMPv6 Neighbor Solicitation (NS) and Neighbor Advertisement (NA)
messages are used for device-to-device messaging such as address
resolution.
• ICMTPv6 Router Solicitation (RS) and Router Advertisement (RA) messages
are used for messaging between devices and routers for router discovery.
• ICMPv6 redirect messages are used by routers for better next-hop selection.
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery – Address Resolution
• IPv6 devices use ND to resolve
the MAC address of a known
IPv6 address.
• ICMPv6 Neighbor Solicitation
messages are sent using
special Ethernet and IPv6
multicast addresses.
Module 10: Basic Router
Configuration
(ITN)
Module Objectives
Module Title: Basic Router Configuration
Module Objective: Implement initial settings on a router and end devices.

Configure Initial Router Settings Configure initial settings on an IOS Cisco router.
Configure Interfaces Configure two active interfaces on a Cisco IOS

router.
Configure the Default Gateway Configure devices to use the default gateway.
© 2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
10.1 Configure Initial Router
Settings
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname
• Secure privileged EXEC Router(config)# enable secret password

mode. Router(config)# line console 0
Router(config-line)# password password
• Secure user EXEC mode. Router(config-line)# login
• Secure remote Telnet / SSH Router(config)# line vty 0 4

access. Router(config-line)# password password
Router(config-line)# login
• Encrypt all plaintext Router(config-line)# transport input {ssh | telnet}
passwords.
Router(config)# service password encryption
• Provide legal notification and
Router(config)# banner motd # message #
save the configuration. Router(config)# end
Router# copy running-config startup-config
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config
10.2 Configure Interfaces
Configure Interfaces
Configure Router Interfaces
Configuring a router interface includes issuing the following commands:
Router(config)# interface type-and-number

Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown
• It is a good practice to use the description command to add

information about the network connected to the interface.
• The no shutdown command activates the interface.
Configure Router Interfaces Example
The commands to configure interface G0/0/0 on R1 are shown here:
R1(config)# interface gigabitEthernet 0/0/0

R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up
Configure Router Interfaces Example (Cont.)
The commands to configure interface G0/0/1 on R1 are shown here:
R1(config)# interface gigabitEthernet 0/0/1

R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,
changed state to up
Verify Interface Configuration
To verify interface configuration use the show ip interface brief and
show ipv6 interface brief commands shown here:
R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#
Configure Verification Commands
The table summarizes show commands used to verify interface configuration.
Commands Description
show ip interface brief Displays all interfaces, their IP addresses, and their current
show ipv6 interface brief status.
show ip route Displays the contents of the IP routing tables stored in
show ipv6 route RAM.
show interfaces Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.
show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router.
Configure Verification Commands (Cont.)
View status of all interfaces with the show ip interface brief and show ipv6 interface
brief commands, shown here:
R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES unset administratively down down
R1#
R1# show ipv6 interface brief

FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#
Display the contents of the IP routing tables with the show ip route and show ipv6
route commands as shown here:
R1# show ip route
< output omitted>
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1
L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1
R1#
R1# show ipv6 route

<output omitted>
C 2001:DB8:ACAD:10::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:10::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:FEED:224::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:FEED:224::1/128 [0/0]
via GigabitEthernet0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1# © 2019, 2021 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
R1# show interfaces gig0/0/0
Display statistics for all GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
interfaces with the show Description: Link to LAN
interfaces command, as Internet address is 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
shown here: reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1180 packets input, 109486 bytes, 0 no buffer
Received 84 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
<output omitted>
R1#
R1# show ip interface g0/0/0
Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
show ip interface Address determined by setup command
command, as shown here: MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
<output omitted>
R1#
R1# show ipv6 interface g0/0/0
Display IPv6 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the IPv6 is enabled, link-local address is
FE80::868A:8DFF:FE44:49B0
show ipv6 interface No Virtual link-local address(es):
command shown here: Description: Link to LAN
Global unicast address(es):
2001:DB8:ACAD:10::1, subnet is 2001:DB8:ACAD:10::/64
Joined group address(es):
FF02::1
FF02::1:FF00:1
FF02::1:FF44:49B0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds
R1#
10.3 Configure the Default
Gateway
Configure the Default Gateway
Default Gateway on a Host
• The default gateway is used
when a host sends a packet to a
device on another network.
• The default gateway address is
generally the router interface
address attached to the local
network of the host.
• To reach PC3, PC1 addresses a
packet with the IPv4 address of
PC3, but forwards the packet to
its default gateway, the G0/0/0
interface of R1.
Note: The IP address of the host and the
router interface must be in the same network.
Configure the Default Gateway
Default Gateway on a Switch
• A switch must have a

default gateway address
configured to remotely
manage the switch from
another network.
• To configure an IPv4
default gateway on a
switch, use the ip default-
gateway ip-address
global configuration
command.
Module Practice and Quiz
What did I learn in this module?
• The tasks that should be completed when configuring initial settings on a router.
• Configure the device name.
• Secure privileged EXEC mode.
• Secure user EXEC mode.
• Secure remote Telnet / SSH access.
• Secure all passwords in the config file.
• Provide legal notification.
• Save the configuration.
• For routers to be reachable, the router interfaces must be configured.
• Using the no shutdown command activates the interface. The interface must also be
connected to another device, such as a switch or a router, for the physical layer to be
active. There are several commands that can be used to verify interface configuration
including the show ip interface brief and show ipv6 interface brief, the show ip route
and show ipv6 route, as well as show interfaces, show ip interface and show ipv6
interface.
What did I learn in this module (Cont.)?
• For an end device to reach other networks, a default gateway must be configured.
• The IP address of the host device and the router interface address must be in the
same network.
• A switch must have a default gateway address configured to remotely manage the
switch from another network.
• To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-
address global configuration command.
Module 11: IPv4
Addressing
(ITN)
Module Objectives
Module Title: IPv4 Addressing
Module Objective: Calculate an IPv4 subnetting scheme to efficiently segment your network.
IPv4 Address Structure Describe the structure of an IPv4 address including
the network portion, the host portion, and the
subnet mask.
IPv4 Unicast, Broadcast, and Multicast Compare the characteristics and uses of the
unicast, broadcast and multicast IPv4 addresses.
Types of IPv4 Addresses Explain public, private, and reserved IPv4
addresses.
Network Segmentation Explain how subnetting segments a network to
enable better communication.
Subnet an IPv4 Network Calculate IPv4 subnets for a /24 prefix.
Module Objectives (Cont.)
Module Title: IPv4 Addressing
Module Objective: Calculate an IPv4 subnetting scheme to efficiently segment your network.
Subnetting a /16 and a /8 Prefix Calculate IPv4 subnets for a /16 and a /8 prefix.
Subnetting to Meet Requirements Given a set of requirements for subnetting,

implement an IPv4 addressing scheme.
Variable Length Subnet Masking (VLSM) Explain how to create a flexible addressing scheme
using variable length subnet masking (VLSM).
Structured Design Implement a VLSM addressing scheme.
11.1 IPv4 Address Structure
IPv4 Address Structure
Network and Host Portions
• An IPv4 address is a 32-bit hierarchical address that is made up of a network portion
and a host portion.
• When determining the network portion versus the host portion, you must look at the
32-bit stream.
• A subnet mask is used to determine the network and host portions.
The Subnet Mask
• To identify the network and host portions of an IPv4 address, the subnet mask is
compared to the IPv4 address bit for bit, from left to right.
• The actual process used to

identify the network and
host portions is called
ANDing.
The Prefix Length
• A prefix length is a less cumbersome method used to identify a subnet mask address.
Prefix
• The prefix length is the number Subnet Mask 32-bit Address
Length
of bits set to 1 in the subnet 255.0.0.0 11111111.00000000.00000000.00000000 /8
mask.
255.255.0.0 11111111.11111111.00000000.00000000 /16
255.255.255.0 11111111.11111111.11111111.00000000 /24

• It is written in “slash notation”
therefore, count the number of 255.255.255.128 11111111.11111111.11111111.10000000 /25
bits in the subnet mask and 255.255.255.192 11111111.11111111.11111111.11000000 /26

prepend it with a slash.
255.255.255.224 11111111.11111111.11111111.11100000 /27
255.255.255.240 11111111.11111111.11111111.11110000 /28
255.255.255.248 11111111.11111111.11111111.11111000 /29
255.255.255.252 11111111.11111111.11111111.11111100 /30

Determining the Network: Logical AND
• A logical AND Boolean operation is used in determining the network address.
• Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other
combination results in a 0.
• 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0
• 1 = True and 0 = False
• To identify the network address, the

host IPv4 address is logically
ANDed, bit by bit, with the subnet
mask to identify the network
address.
Network, Host, and Broadcast Addresses
• Within each network are three types of IP addresses:
• Network address
• Host addresses
• Broadcast address
Host
Network Portion Host Bits
Portion
Subnet mask 255 255 255 0
255.255.255.0 or /24 11111111 11111111 11111111 00000000
Network address 192 168 10 0
All 0s
192.168.10.0 or /24 11000000 10100000 00001010 00000000
First address 192 168 10 1
All 0s and a 1
192.168.10.1 or /24 11000000 10100000 00001010 00000001
Last address 192 168 10 254
All 1s and a 0
192.168.10.254 or /24 11000000 10100000 00001010 11111110
Broadcast address 192 168 10 255
All 1s
192.168.10.255 or /24 11000000 10100000 00001010 11111111
11.2 IPv4 Unicast, Broadcast,
and Multicast
IPv4 Unicast, Broadcast, and Multicast
Unicast
• Unicast transmission is sending a packet to one destination IP address.
• For example, the PC at 172.16.4.1 sends a unicast packet to the printer at

172.16.4.253.
Broadcast
• Broadcast transmission is sending a packet to all other destination IP addresses.
• For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts.
Multicast
• Multicast transmission is sending a packet to a multicast address group.
• For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group
address 224.10.10.5.
11.3 Types of IPv4
Addresses
Types of IPv4 Addresses
Public and Private IPv4 Addresses
• As defined in in RFC 1918, public IPv4 addresses are globally routed between
internet service provider (ISP) routers.
• Private addresses are common blocks of Network Address

RFC 1918 Private Address Range
addresses used by most organizations to and Prefix
assign IPv4 addresses to internal hosts. 10.0.0.0/8 10.0.0.0 - 10.255.255.255
172.16.0.0/12 172.16.0.0 - 172.31.255.255

• Private IPv4 addresses are not unique
and can be used internally within any 192.168.0.0/16 192.168.0.0 - 192.168.255.255
network.
• However, private addresses are not globally routable.
Routing to the Internet
• Network Address Translation (NAT) translates private IPv4 addresses to public IPv4
addresses.
• NAT is typically enabled

on the edge router
connecting to the internet.
• It translates the internal

private address to a public
global IP address.
Special Use IPv4 Addresses
Loopback addresses
• 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254)
• Commonly identified as only 127.0.0.1
• Used on a host to test if TCP/IP is operational.
Link-Local addresses
• 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254)
• Commonly known as the Automatic Private IP Addressing (APIPA) addresses or self-
assigned addresses.
• Used by Windows DHCP clients to self-configure when no DHCP servers are
available.
Legacy Classful Addressing
RFC 790 (1981) allocated IPv4 addresses
in classes
• Class A (0.0.0.0/8 to 127.0.0.0/8)
• Class B (128.0.0.0 /16 – 191.255.0.0 /16)
• Class C (192.0.0.0 /24 – 223.255.255.0 /24)
• Class D (224.0.0.0 to 239.0.0.0)
• Class E (240.0.0.0 – 255.0.0.0)
• Classful addressing wasted many IPv4

addresses.
Classful address allocation was replaced with

classless addressing which ignores the rules of
classes (A, B, C).
Assignment of IP Addresses
• The Internet Assigned Numbers Authority (IANA) manages and allocates blocks of
IPv4 and IPv6 addresses to five Regional Internet Registries (RIRs).
• RIRs are responsible for

allocating IP addresses to ISPs
who provide IPv4 address
blocks to smaller ISPs and
organizations.
11.4 Network Segmentation
Network Segmentation
Broadcast Domains and Segmentation
• Many protocols use broadcasts or multicasts (e.g., ARP use broadcasts to locate
other devices, hosts send DHCP discover broadcasts to locate a DHCP server.)
• Switches propagate broadcasts out all interfaces except the interface on which it was
received.
• The only device that stops

broadcasts is a router.
• Routers do not propagate
broadcasts.
• Each router interface connects
to a broadcast domain and
broadcasts are only
propagated within that specific
broadcast domain.
Problems with Large Broadcast Domains
• A problem with a large broadcast domain is
that these hosts can generate excessive
broadcasts and negatively affect the network.
• The solution is to reduce the size of the

network to create smaller broadcast domains in
a process called subnetting.
• Dividing the network address 172.16.0.0 /16

into two subnets of 200 users each: 172.16.0.0
/24 and 172.16.1.0 /24.
• Broadcasts are only propagated within the
smaller broadcast domains.
Reasons for Segmenting Networks
• Subnetting reduces overall network traffic and improves network performance.
• It can be used to implement security policies between subnets.
• Subnetting reduces the number of devices affected by abnormal broadcast traffic.
• Subnets are used for a variety of reasons including by:
Location Group or Function Device Type
11.5 Subnet an IPv4 Network
Subnet an IPv4 Network
Subnet on an Octet Boundary
• Networks are most easily subnetted at the octet boundary of /8, /16, and /24.
• Notice that using longer prefix lengths decreases the number of hosts per subnet.
Prefix Length Subnet Mask Subnet Mask in Binary (n = network, h = host) # of hosts
nnnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
/8 255.0.0.0 16,777,214
11111111.00000000.00000000.00000000
nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
/16 255.255.0.0 65,534
11111111.11111111.00000000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 254
11111111.11111111.11111111.00000000
Subnet on an Octet Boundary (Cont.)
• In the first table 10.0.0.0/8 is subnetted using /16 and in the second table, a /24 mask.
Subnet Address Host Range Subnet Address
Host Range
(256 Possible (65,534 possible hosts per Broadcast (65,536 Possible Broadcast
(254 possible hosts per subnet)
Subnets) subnet) Subnets)
10.0.0.0/16 10.0.0.1 - 10.0.255.254 10.0.255.255 10.0.0.0/24 10.0.0.1 - 10.0.0.254 10.0.0.255

10.0.1.0/24 10.0.1.1 - 10.0.1.254 10.0.1.255
10.1.0.0/16 10.1.0.1 - 10.1.255.254 10.1.255.255
10.0.2.0/24 10.0.2.1 - 10.0.2.254 10.0.2.255
10.2.0.0/16 10.2.0.1 - 10.2.255.254 10.2.255.255
… … …
10.3.0.0/16 10.3.0.1 - 10.3.255.254 10.3.255.255
10.0.255.0/24 10.0.255.1 - 10.0.255.254 10.0.255.255
10.4.0.0/16 10.4.0.1 - 10.4.255.254 10.4.255.255 10.1.0.0/24 10.1.0.1 - 10.1.0.254 10.1.0.255
10.5.0.0/16 10.5.0.1 - 10.5.255.254 10.5.255.255 10.1.1.0/24 10.1.1.1 - 10.1.1.254 10.1.1.255

10.1.2.0/24 10.1.2.1 - 10.1.2.254 10.1.2.255
10.6.0.0/16 10.6.0.1 - 10.6.255.254 10.6.255.255
… … …
10.7.0.0/16 10.7.0.1 - 10.7.255.254 10.7.255.255
10.100.0.0/24 10.100.0.1 - 10.100.0.254 10.100.0.255
... ... ...
... ... ...
10.255.0.0/16 10.255.0.1 - 10.255.255.254 10.255.255.255 10.255.255.0/24 10.255.255.1 - 10.2255.255.254 10.255.255.255
Subnet within an Octet Boundary
• Refer to the table to see six ways to subnet a /24 network.
Subnet Mask in Binary # of

Prefix Length Subnet Mask # of hosts
(n = network, h = host) subnets
nnnnnnnn.nnnnnnnn.nnnnnnnn.nhhhhhhh
/25 255.255.255.128 2 126
11111111.11111111.11111111.10000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnhhhhhh
/26 255.255.255.192 4 62
11111111.11111111.11111111.11000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnhhhhh
/27 255.255.255.224 8 30
11111111.11111111.11111111.11100000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnhhhh
/28 255.255.255.240 16 14
11111111.11111111.11111111.11110000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnhhh
/29 255.255.255.248 32 6
11111111.11111111.11111111.11111000
nnnnnnnn.nnnnnnnn.nnnnnnnn.nnnnnnhh
/30 255.255.255.252 64 2
11111111.11111111.11111111.11111100
11.6 Subnet a Slash 16 and a
Slash 8 Prefix
Subnet a Slash 16 and a Slash 8 Prefix
Create Subnets with a Slash 16 prefix
Prefix Length Subnet Mask Network Address (n = network, h = host) # of subnets # of hosts
nnnnnnnn.nnnnnnnn.nhhhhhhh.hhhhhhhh
•
/17 255.255.128.0 2 32766
The table highlights all 11111111.11111111.10000000.00000000
nnnnnnnn.nnnnnnnn.nnhhhhhh.hhhhhhhh
the possible scenarios for /18 255.255.192.0
11111111.11111111.11000000.00000000
4 16382
subnetting a /16 prefix. /19 255.255.224.0

nnnnnnnn.nnnnnnnn.nnnhhhhh.hhhhhhhh
11111111.11111111.11100000.00000000
8 8190
nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
/20 255.255.240.0 16 4094
11111111.11111111.11110000.00000000
nnnnnnnn.nnnnnnnn.nnnnnhhh.hhhhhhhh
/21 255.255.248.0 32 2046
11111111.11111111.11111000.00000000
nnnnnnnn.nnnnnnnn.nnnnnnhh.hhhhhhhh
/22 255.255.252.0 64 1022
11111111.11111111.11111100.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnh.hhhhhhhh
/23 255.255.254.0 128 510
11111111.11111111.11111110.00000000
nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
/24 255.255.255.0 256 254
11111111.11111111.11111111.00000000
/25 255.255.255.128 512 126
11111111.11111111.11111111.10000000
/26 255.255.255.192 1024 62
11111111.11111111.11111111.11000000
/27 255.255.255.224 2048 30
11111111.11111111.11111111.11100000
/28 255.255.255.240 4096 14
11111111.11111111.11111111.11110000
/29 255.255.255.248 8192 6
11111111.11111111.11111111.11111000
/30 255.255.255.252 16384 2
11111111.11111111.11111111.11111100
Create 100 Subnets with a Slash 16 prefix
Consider a large enterprise that requires at least 100
subnets and has chosen the private address
172.16.0.0/16 as its internal network address.
• The figure displays the number of subnets that can be

created when borrowing bits from the third octet and
the fourth octet.
• Notice there are now up to 14 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).
To satisfy the requirement of 100 subnets for the

enterprise, 7 bits (i.e., 27 = 128 subnets) would need to be
borrowed (for a total of 128 subnets).
Create 1000 Subnets with a Slash 8 prefix
Consider a small ISP that requires 1000 subnets for
its clients using network address 10.0.0.0/8 which
means there are 8 bits in the network portion and
24 host bits available to borrow toward subnetting.
• The figure displays the number of subnets that can be
created when borrowing bits from the second and third.
• Notice there are now up to 22 host bits that can be
borrowed (i.e., last two bits cannot be borrowed).
To satisfy the requirement of 1000 subnets for the

enterprise, 10 bits (i.e., 210=1024 subnets) would
need to be borrowed (for a total of 128 subnets)
11.7 Subnet to Meet
Requirements
Subnet to Meet Requirements
Subnet Private versus Public IPv4 Address Space
Enterprise networks will have an:
• Intranet - A company’s internal network typically
using private IPv4 addresses.
• DMZ – A companies internet facing servers.
Devices in the DMZ use public IPv4 addresses.
• A company could use the 10.0.0.0/8 and subnet

on the /16 or /24 network boundary.
• The DMZ devices would have to be configured

with public IP addresses.
Minimize Unused Host IPv4 Addresses and Maximize Subnets
There are two considerations when planning subnets:

• The number of host addresses required for each network
• The number of individual subnets needed
Subnet Mask in Binary # of

Prefix Length Subnet Mask # of hosts
(n = network, h = host) subnets
/25 255.255.255.128 2 126
11111111.11111111.11111111.10000000
/26 255.255.255.192 4 62
11111111.11111111.11111111.11000000
/27 255.255.255.224 8 30
11111111.11111111.11111111.11100000
/28 255.255.255.240 16 14
11111111.11111111.11111111.11110000
/29 255.255.255.248 32 6
11111111.11111111.11111111.11111000
/30 255.255.255.252 64 2
11111111.11111111.11111111.11111100
Example: Efficient IPv4 Subnetting
• In this example, corporate headquarters has
been allocated a public network address of
172.16.0.0/22 (10 host bits) by its ISP
providing 1,022 host addresses.
• There are five sites and therefore five internet

connections which means the organization
requires 10 subnets with the largest subnet
requires 40 addresses.
• It allocated 10 subnets with a /26 (i.e.,

255.255.255.192) subnet mask.
11.8 VLSM
VLSM
IPv4 Address Conservation
Given the topology, 7 subnets are required (i.e, four LANs and three WAN links) and the
largest number of host is in Building D with 28 hosts.
• A /27 mask would provide 8 subnets of 30 host IP addresses and therefore support
this topology.
VLSM
IPv4 Address Conservation (Cont.)
However, the point-to-point WAN links only require two addresses
and therefore waste 28 addresses each for a total of 84 unused
addresses.
• Applying a traditional subnetting scheme to this scenario is not very efficient and is
wasteful.
• VLSM was developed to avoid wasting addresses by enabling us to subnet a subnet.
VLSM
VLSM
• The left side displays the traditional subnetting scheme
(i.e., the same subnet mask) while the right side
illustrates how VLSM can be used to subnet a subnet
and divided the last subnet into eight /30 subnets.
• When using VLSM, always begin by satisfying the host

requirements of the largest subnet and continue
subnetting until the host requirements of the smallest
subnet are satisfied.
• The resulting topology with VLSM applied.
VLSM
VLSM Topology Address Assignment
• Using VLSM subnets, the LAN and inter-router networks can be addressed without
unnecessary waste as shown in the logical topology diagram.
11.9 Structured Design
Structured Design
IPv4 Network Address Planning
IP network planning is crucial to develop a scalable solution to an enterprise network.
• To develop an IPv4 network wide addressing scheme, you need to know how many subnets are
needed, how many hosts a particular subnet requires, what devices are part of the subnet, which
parts of your network use private addresses, and which use public, and many other determining
factors.
Examine the needs of an organization’s network usage and how the subnets will be
structured.
• Perform a network requirement study by looking at the entire network to determining how each
area will be segmented.
• Determine how many subnets are needed and how many hosts per subnet.
• Determine DHCP address pools and Layer 2 VLAN pools.
Structured Design
Device Address Assignment
Within a network, there are different types of devices that require addresses:
• End user clients – Most use DHCP to reduce errors and burden on network support staff. IPv6
clients can obtain address information using DHCPv6 or SLAAC.
• Servers and peripherals – These should have a predictable static IP address.
• Servers that are accessible from the internet – Servers must have a public IPv4 address, most
often accessed using NAT.
• Intermediary devices – Devices are assigned addresses for network management, monitoring,
and security.
• Gateway – Routers and firewall devices are gateway for the hosts in that network.
When developing an IP addressing scheme, it is generally recommended that you have a

set pattern of how addresses are allocated to each type of device.
What did I learn in this module?
• The IP addressing structure consists of a 32-bit hierarchical network address that identifies a
network and a host portion. Network devices use a process called ANDing using the IP
address and associated subnet mask to identify the network and host portions.
• Destination IPv4 packets can be unicast, broadcast, and multicast.
• There are globally routable IP addresses as assigned by the IANA and there are three ranges
of private IP network addresses that cannot be routed globally but can be used on all internal
private networks.
• Reduce large broadcast domains using subnets to create smaller broadcast domains, reduce
overall network traffic, and improve network performance.
• Create IPv4 subnets using one or more of the host bits as network bits. However, networks
are most easily subnetted at the octet boundary of /8, /16, and /24.
• Larger networks can be subnetted at the /8 or /16 boundaries.
• Use VLSM to reduce the number of unused host addresses per subnet.
What did I learn in this module? (Cont.)
• VLSM allows a network space to be divided into unequal parts. Always begin by satisfying
the host requirements of the largest subnet. Continue subnetting until the host requirements
of the smallest subnet are satisfied.
• When designing a network addressing scheme, consider internal, DMZ, and external
requirements. Use a consistent internal IP addressing scheme with a set pattern of how
addresses are allocated to each type of device.

Lecture 8 11

Uploaded by

Copyright:

Available Formats

Lecture 8 11

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 8 11

Uploaded by

Copyright:

Available Formats

Module 8: Network Layer

Introduction to Networks v7.0

Topic Title Topic Objective

Explain how network devices use routing tables to direct packets to a

• There is no control information needed (synchronizations, acknowledgments, etc.).

Protocols may have may have one or more

Header Checksum Detect corruption in the IPv4 header

Source IPv4 Address 32 bit source address

• IPv6 overcomes the limitations of IPv4.

• Improvements that IPv6 provides:

Traffic Class Used for QoS: Equivalent to DiffServ – DS field

Hop Limit Replaces TTL field Layer 3 hop count

Source IPv6 Address 128 bit source address

• are placed between IPv6 header and the payload

• may be used for fragmentation, security, mobility support, etc.

Note: Unlike IPv4, routers do not fragment IPv6 packets.

• Each host devices creates their own routing table.

• A host can send packets to the following:

• Remote traffic is forwarded directly to the default gateway on the LAN.

• Must be adjusted manually by the

• Maintain up-to-date information

• Choose the best path to the

Module Objective: Explain how ARP and ND enable communication on a network.

Topic Title Topic Objective

ARP Describe the purpose of ARP.

Neighbor Discovery Describe the operation of IPv6 neighbor discovery.

ARP provides two basic functions:

R1# show ip arp

Interface: 192.168.1.124 --- 0x10

Module Objective: Implement initial settings on a router and end devices.

Topic Title Topic Objective

Configure Interfaces Configure two active interfaces on a Cisco IOS

• Secure privileged EXEC Router(config)# enable secret password

• Secure remote Telnet / SSH Router(config)# line vty 0 4

Router(config)# interface type-and-number

• It is a good practice to use the description command to add

R1(config)# interface gigabitEthernet 0/0/0

R1(config)# interface gigabitEthernet 0/0/1

R1# show ip interface brief

R1# show ipv6 interface brief

The table summarizes show commands used to verify interface configuration.

R1# show ip interface brief

R1# show ipv6 interface brief

R1# show ipv6 route

• A switch must have a

Subnetting to Meet Requirements Given a set of requirements for subnetting,

• The actual process used to

255.255.255.0 11111111.11111111.11111111.00000000 /24

bits in the subnet mask and 255.255.255.192 11111111.11111111.11111111.11000000 /26

255.255.255.240 11111111.11111111.11111111.11110000 /28

255.255.255.248 11111111.11111111.11111111.11111000 /29

255.255.255.252 11111111.11111111.11111111.11111100 /30

• To identify the network address, the

• For example, the PC at 172.16.4.1 sends a unicast packet to the printer at

• Private addresses are common blocks of Network Address

172.16.0.0/12 172.16.0.0 - 172.31.255.255

• However, private addresses are not globally routable.

• NAT is typically enabled

• It translates the internal