Bab1 Compressed

NETWORK
1
CHAPTER
INFRASTRUCTURE
DESIGN
Chapter Outline
Introduction 1-4 Routed Network
1-1 Physical Network Design Summary
1-2 IP Subnet Design Questions and Problems
1-3 VLAN Network
Objectives
• Understand the purpose of the three layers • Understand the process of configuring a
of a campus network design VLAN
• Understand the issue of data flow and select- • Understand the issues of configuring the
ing the network media Layer 3 routed network
• Develop techniques for IP allocation and sub-
net design
Key Terms
core show interface status show ip interface brief (sh
distribution layer trunk port ip int br)
access layer Inter-Switch Link (ISL) no switchport
CIDR Switchport mode trunk secondary IP address
ISP switchport trunk encapsu- InterVLAN routing
intranets lation dot1q router on a stick
NAT switchport trunk encapsu- SVI
PAT lation isl DS
Overloading switchport trunk allowed CSU/DSU
vlan vlan_id AMI
supernet
show interfaces trunk B8ZS
gateway
network address Minimum Ones Density
broadcast domain
logical address HDLC
flat network
router interface PPP
VLAN (virtual LAN)
routing table WIC
port-based VLAN
subnet, NET VWIC
tag-based VLAN
multilayer switch (MLS) service-module t1
protocol-based VLAN
wire speed routing show controller t1 slot/
VLAN ID
routed network port
802.1Q
Layer 3 network ATM
static VLAN
SONET Virtual Path Connection
dynamic VLAN
WAN (VPC)
show vlan
terminal monitor (term Virtual Channel Connection
vlan database
mon) (VCC)
vlan vlan_id
terminal no monitor SVC
show vlan name vlan-name
(term no mon) VPI
interface vlan 1
VCI
3
INTRODUCTION
The objective of this chapter is to examine the computer networking issues
that arise when planning a campus network. The term campus network applies
to any network that has multiple LANs interconnected. The LANs are typi-
cally in multiple buildings that are close to each other and interconnected
with switches and routers. This chapter looks at the planning and designs of
a simple campus network, including network design, IP subnet assignment,
VLAN configuration, and routed network configuration.
The basics of configuring the three layers of a campus LAN (core, distribu-
tion, and access) are first examined in Section 1-1. This section also ad-
dresses the important issues of data flow and selecting the proper network
media. Section 1-2 examines IP allocation and subnet design. Section 1-3
discusses the VLAN network, including a step-by-step process of how to con-
figure a VLAN, which provides an introduction to the basic switch commands
and the steps for configuring a static VLAN. Section 1-4 examines the Layer 3
routed network. This section explores the functions of the router and includes
configuration examples in different scenarios.
1-1 PHYSICAL NETWORK DESIGN

Most campus networks follow a design that has core, distribution, and access
layers. These layers, shown in Figure 1-1, can be spread out into more layers or
compacted into fewer, depending on the size of these networks. This three-layer
network structure is incorporated in campus networks to improve data handling and
routing within the network. The issues of data flow and network media are also ex-
amined in this section.
* Layer 3 switches
Switch A Switch B
Core
Router A ge-0/3/0 Router B ge-0/1/0 Router C
ge-1/2/0 ge-0/0/0 ge-0/2/0 ge-0/0/0

Distribution
fa0/1 fa0/1 fa0/0 fa0/0
segment segment
10.10.20.0 NET 10.10.10.0 NET 10.10.1.0 NET 10.10.5.0 NET
Access LAN A LAN B LAN C LAN D
Switch Switch Switch Switch
A1 A2 B1 B2 C1 C2 D1 D2
FIGURE 1-1 The core, distribution, and access layers of a campus network
4 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

Core
The network core usually contains high-end Layer 3 switches or routers. The core
Core
is the heart, or backbone, of the network. The major portion of a network’s data
traffic passes through the core. The core must be able to quickly forward data to The Backbone of the
Network
other parts of the network. Data congestion should be avoided at the core, if pos-
sible. This means that unnecessary route policies should be avoided. An example of
a route policy is traffic filtering, which limits what traffic can pass from one part of
a network to another. Keep in mind that it takes time for a router to examine each
data packet, and unnecessary route policies can slow down the network’s data
traffic.
High-end routers and Layer 3 switches are typically selected for use in the core.
Of the two, the Layer 3 switch is the best choice. A Layer 3 switch is essentially a
router that uses electronic hardware instead of software to make routing decisions.
The advantage of the Layer 3 switch is the speed at which it can make a routing de-
cision and establish a network connection.
Another alternative for networking hardware in the core is a Layer 2 switch. The
Layer 2 switch does not make any routing decisions and can quickly make network
connection decisions based on the network hardware connected to its ports. The ad-
vantage of using the Layer 2 switch in the core is cost. The disadvantage is that the
Layer 2 switch does not route data packets; however, high-speed Layer 2 switches
are more affordable than high-speed routers and Layer 3 switches.
An important design issue in a campus network and the core is redundancy. Redun-
dancy provides for a backup route or network connection in case of a link failure.
The core hardware is typically interconnected to all distribution network hardware,
as shown in Figure 1-1. The objective is to ensure that data traffic continues for the
entire network, even if a core networking device or link fails.
Each layer beyond the core breaks the network into smaller networks with the final
result being a group of networks that are capable of handling the amount of traffic
generated. The design should thus incorporate some level of redundancy.
Distribution Layer
The distribution layer in the network is the point where the individual LANs con-
nect to the campus network routers or Layer 3 switches. Routing and filtering poli- Distribution Layer
cies are more easily implemented at the distribution layer without having a negative Point where the
individual LANs connect
impact on the performance of the network data traffic. Also, the speed of the net-
together.
work data connections at the distribution layer is typically slower than at the core.
For example, connection speeds at the core should be the highest possible, such as
1 or 10 gigabits, where the data speed connections at the distribution layer could be
100 Mbps or 1 gigabit. Figure 1-1 shows the connections to the access and core lay-
ers via the router’s Ethernet interfaces.
1-1: PHYSICAL NETWORK DESIGN 5

Access Layer
The access layer is where the networking devices in a LAN connect together. The
Access Layer network hardware used here is typically a Layer 2 switch. Remember, a switch is
Where the networking a better choice because it forwards data packets directly to destination hosts con-
devices in a LAN connect nected to its ports, and network data traffic is not forwarded to all hosts in the net-
together.
work. The exception to this is a broadcast where data packets are sent to all hosts
connected to the switch.
NOTE
Hubs are not recommended at all in modern computer networks.
Data Flow
An important networking issue is how data traffic flows in the core, distribution,
and access layers of a campus LAN. In reference to Figure 1-1, if computer A1
in LAN A sends data to computer D1 in LAN D, the data is first sent through the
switch in LAN A and then to Router A in the distribution layer. Router A then for-
wards the data to the core switches, Switch A or Switch B. Switch A or Switch B
then forwards the data to Router C. The data packet is then sent to the destination
host in LAN D.
The following are some questions often asked when setting up a network that im-
plements the core, distribution, and access layers:
• In what layer are the campus network servers (web, email, DHCP, DNS,
and so on) located? This varies for all campus networks, and there is not a
definitive answer. However, most campus network servers are located in the
access layer.
• Why not connect directly from Router A to Router C at the distribution
layer? There are network stability issues when routing large amounts of net-
work data traffic if the networks are fully or even partially meshed together.
This means that connecting routers together in the distribution layer should be
avoided.
• Where is the campus backbone located in the layers of a campus net-
work? The backbone of a campus network carries the bulk of the routed data
traffic. Based on this, the backbone of the campus network connects the dis-
tribution and the core layer networking devices.
Selecting the Media

The choices for the media used to interconnect networks in a campus network are
based on several criteria. The following is a partial list of things to consider:
• Desired data speed
• Distance for connections
• Budget

The desired data speed for the network connection is probably the first consider-
ation given when selecting the network media. Twisted-pair cable works well at 100
Mbps and 1 Gbps and is specified to support data speeds of 10-gigabit data traffic.
Fiber-optic cable supports LAN data rates up to 10 Gbps or higher. Wireless net-
works support data rates up to 200+ Mbps.
The distance consideration limits the choice of media. CAT 6/5e or better have a
distance limitation of 100 meters. Fiber-optic cable can be run for many kilometers,
depending on the electronics and optical devices used. Wireless LAN connections
can also be used to interconnect networks a few kilometers apart.
The available budget is always the final deciding factor when planning the design
for a campus LAN. If the budget allows, fiber-optic cable is probably the best
overall choice, especially in the high-speed backbone of the campus network. The
cost of fiber is continually dropping, making it more competitive with lower-cost
network media, such as twisted-pair cable. Also, fiber cable will always be able to
carry a greater amount of data traffic and can easily grow with the bandwidth re-
quirements of a network.
Twisted-pair cable is a popular choice for connecting computers in a wired LAN.
The twisted-pair technologies support bandwidths suitable for most LANs, and the
performance capabilities of twisted-pair cable is always improving.
Wireless LANs are being used to connect networking devices together in LANs
where a wired connection is not feasible or mobility is the major concern. For ex-
ample, a wireless LAN could be used to connect two LANs in a building together.
This is a cost-effective choice if there is not a cable duct to run the cable to inter-
connect the LANs or if the cost of running the cable is too high. Also, wireless con-
nections are playing an important role with mobile users within a LAN. The mobile
user can make a network connection without having to use a physical connection or
jack. For example, a wireless LAN could be used to enable network users to con-
nect their mobile computers to the campus network.
1-2 IP SUBNET DESIGN

Once the physical infrastructure for a network is in place, the next big step is to
plan and allocate IP space for the network. Take time to plan the IP subnet design,
because it is not easy to change the IP subnet assignments once they are in place.
It is crucial for a network engineer to consider three factors before coming up with
the final IP subnet design. These three factors are
1. The assigned IP address range
2. The number of subnetworks needed for the network
3. The size or the number of IP host addresses needed for the network
The final steps in designing the IP subnet is to assign an IP address to the interface
that will serve as the gateway out of each subnet.
1-2: IP SUBNET DESIGN 7

IP Address Range
The IP address range defines the size of the IP network you can work with. In
CIDR some cases, a classless interdomain routing (CIDR) block of public IP addresses
Classless Interdomain might be allocated to the network by an ISP. For example, the block of IP address
Routing 206.206.156.0/24 could be assigned to the network. This case allocates 256 IP ad-
ISP dresses to the 206.206.156.0 network. In another case, a CIDR block of private
Internet service provider: IP addresses, like 10.10.10.0/24, could be used. In this case, 256 IP addresses are
An organization that assigned to the 10.10.10.0 network. For established networks with an IP address
provides Internet access range already in use, the network engineer generally has to work within the existing
for the public. IP address assignments. With a brand new network, the engineer has the luxury of
creating a network from scratch.
In most network situations, an IP address block will have been previously assigned
to the network for Internet use. The public IP addresses are typically obtained from
the ISP (Internet service provider). This IP block of addresses could be from Class
A, B, or C networks, as shown in Table 1-1.
TABLE 1-1 Address Range for Each Class of Network
Class Address Range

Class A 0.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255
Intranets
Internetwork that Today, only public Class C addresses are assigned by ISPs, and most of them are
provides file and not even a full set of Class C addresses (256 IP addresses). A lot of ISPs partition
resource sharing. their allotted IP space into smaller subnets and then, in turn, provide those smaller
portions to the customers. The bottom line is the limited number of public IP ad-
NAT dresses are now a commodity on the Internet, and it is important to note that there
Network Address are fees associated with acquiring an IP range from an ISP.
Translation. A technique
used to translate an Not many institutions or businesses have the luxury of using public IP addresses
internal private IP inside their network anymore. This is because the growing number of devices being
address to a public IP used in a network exceeds the number of public IP addresses assigned to them. The
address. solution is that most networks are using private IP addresses in their internal net-
PAT work. Private addresses are IP addresses set aside for use in private intranets. An
Port Address Translation. intranet is an internal internetwork that provides file and resource sharing. Private
A port number is addresses are not valid addresses for Internet use, because they have been reserved
tracked with the client for internal use and are not routable on the Internet. However, these addresses can
computer’s private be used within a private LAN (intranet) to create the internal IP network.
address when translating
to a public address. The private IP addresses must be translated to public IP addresses using techniques
like NAT (Network Address Translation) or PAT (Port Address Translation) before
Overloading being routed over the Internet. For example, computer 1 in the home network (see
Where NAT translates the Figure 1-2) might be trying to establish a connection to an Internet website. The
home network’s private wireless router uses NAT to translate computer 1’s private IP address to the public
IP addresses to a single IP address assigned to the router. The router uses a technique called overloading,
public IP address.
where NAT translates the home network’s private IP addresses to the single public

IP address assigned by the ISP. In addition, the NAT process tracks a port number
for the connection. This technique is called Port Address Translation (PAT). The
router stores the home network’s IP address and port number in a NAT lookup ta-
ble. The port number differentiates the computer that is establishing a connection to
the Internet because the router uses the same public address for all computers. This
port number is used when a data packet is returned to the home network. This port
number identifies the computer that established the Internet connection, and the
router can deliver the data packet back to the correct computer. An example of this
conversion is provided in Figure 1-3. This example shows three data connections
originating from the home network of 192.168.0.0/24. A single 128.123.246.55 IP
address is used for the Internet connection. Port address translation is being used to
map the data packet back to the origination source. In this case, the port numbers
are 1962, 1970, and 1973.
The wireless computers (1 and 2) will use

private IP addresses that are assigned
3 by the wireless router.
to ISP
2
Wireless Router
(Access Point/Switch/
Broadband Modem)
FIGURE 1-2 An example of a home computer connecting to the ISP
192.168.0.64 128.123.246.55 : 1962
192.168.0.65 128.123.246.55 : 1970
Router
192.168.0.66 192.168.0.1 128.123.246.55 : 1973
FIGURE 1-3 This example shows the three data connections originating from the home
network of 192.168.0.0/24
Determining the Number of Subnetworks Needed for the Network

The use of private IP addresses is a viable technique for creating a large amount of
IP addresses for intranet use. Obviously, there is a big difference when designing
an IP network for a single network than there is when designing an IP network for
multiple networks. When designing an IP network for one single network, things

are quite simple. This type of configuration is typically found in the home, small of-
fice, or a small business environment where one IP subnet is allocated and only one
small router is involved.
For situations requiring multiple networks, each network must be sized accordingly.
Therefore, the subnet must be carefully designed. In addition, networks with mul-
tiple subnets require a router or multiple routers with multiple routed network in-
terfaces to interconnect the networks. For example, if the network engineer is using
private addresses and needs to design for three different networks, one possibility is
to assign 10.10.10.0/24 for the first network, 172.16.0.0/24 for the second network,
and 192.168.1.0/24 for the third network. Is this a good approach? Technically, this
can be done, but it is probably not logically sound. It makes more sense to group
these networks within the same big CIDR block. This will make it easier for a net-
work engineer to remember the IP assignments and to manage the subnets. A better
design is to assign 10.10.10.0/24 to the first network, 10.10.20.0/24 to the second
network, and 10.10.30.0/24 to the third network. All three networks are all in the
same “10” network, which makes it easier for the network engineer to track the IP
assignments. The term subnet and network are used interchangeably in multiple
network environments. The term subnet usually indicates a bigger network address
is partitioned and is assigned to smaller networks or subnets.
Another design factor that the network engineer must address is the network size.
Two questions that a good network engineer must ask are
• How many network devices must be accommodated in the network? (Current
demand)
• How many network devices must be accommodated in the future? (Future
growth)
Simply put, the IP network must be designed to accommodate the current demand,
and it must be designed to accommodate future growth. Once the size of a network
is determined, a subnet can be assigned. In the case of a single network, the design
is not too complicated. For example, if the network needs to be able to accommo-
date 150 network devices, an entire Class C address, like 192.168.1.0/24, can be
assigned to the network. This will handle the current 150 network devices and leave
enough room for growth. In this example, 104 additional IP address will be avail-
able for future growth.
When allocating IP address blocks, a table like Table 1-2 can be used to provide the
CIDR for the most common subnet masks and their corresponding number of avail-
able IP addresses.
TABLE 1-2 CIDR—Subnet Mask-IPs Conversion
CIDR Subnet Mask IPs

/16 255.255.0.0 65534
/17 255.255.128.0 32768
/18 255.255.192.0 16384

CIDR Subnet Mask IPs
/19 255.255.224.0 8192
/20 255.255.240.0 4096
/21 255.255.248.0 2048
/22 255.255.252.0 1024
/23 255.255.254.0 512
/24 255.255.255.0 256
/25 255.255.255.128 128
/26 255.255.255.192 64
/27 255.255.255.224 32
/28 255.255.255.240 16
/29 255.255.255.248 8
/30 255.255.255.252 4
/31 255.255.255.254 2
/32 255.255.255.255 1
Even with a much smaller network, like the home network, where only a handful
of network computers and peripherals are present, an entire Class C private address
is generally allocated to the home network. In fact, most home routers are precon-
figured with a private Class C address within the 192.168.0.0–192.168.0.255 range.
This technique is user friendly and easy to use and sets aside private IP addresses
for internal network use. This technique virtually guarantees that users will never
have to worry about subnetting the CIDR block.
For a bigger network that must handle more than 254 network devices, a supernet
can be deployed. A supernet is when two or more classful contiguous networks Supernet
are grouped together. The technique of supernetting was proposed in 1992 to Two or more classful
eliminate the class boundaries and make available the unused IP address space. contiguous networks are
Supernetting allows multiple networks to be specified by one subnet mask. In grouped together.
other words, the class boundary could be overcome. For example, if the network
needs to be able to accommodate 300 network devices, two Class C networks, like
192.168.0.0/24 and 192.168.1.0/24, can be grouped together to form a supernet
of 192.168.0.0/23, which can accommodate up to 510 network devices. As shown
in Table 1-2, a /23 CIDR provides 512 available IP addresses. However, one IP is
reserved for the network address and another one is reserved for the network broad-
cast address. Therefore, a /23 CIDR yields 512 – 2 = 510 usable host IP addresses.
Determining the Size or the Number of IP Host Addresses

Needed for the Network
The problem with randomly applying CIDR blocks to Class A, B, and C addresses
is that there are boundaries in each class, and these boundaries can’t be crossed. If a
boundary is crossed, the IP address maps to another subnet. For example, if a CIDR

block is expanded to include four Class C networks, all four Class C networks need
to be specified by the same CIDR subnet mask to avoid crossing boundaries. The
following example illustrates this.
Example 1-1
Figure 1-4 shows three different networks with different size requirements. The
needed capacity (number of devices) for each network is specified in the figure.
Your task is to determine the CIDR block required for each network that will
satisfy the number of expected users. You are to use Class C private IP addresses
when configuring the CIDR blocks.
Interconnect LAN B1
Capacity: 800 devices
RouterA RouterB
LAN B2
LAN A Server Network
Capacity: 300 devices No more than 80 servers
FIGURE 1-4 Three different networks
Solution:
For LAN A, a CIDR block that can handle at least 300 networking devices must
be provided. In this case, two contiguous Class C networks of 192.168.0.0/24 and
192.168.1.0/24 can be grouped together to form a 192.168.0.0/23 network. Refer-
ring to Table 1-2, a /23 CIDR with a subnet mask of 255.255.254.0 provides 512
IP addresses which more than satisfies the required 300 networking devices.
The next question is to determine what the network address is for LAN A. This can
be determined by ANDing the 255.255.254.0 subnet mask with 192.168.0.0 and
192.168.1.0.
192. 168. 0. 0 192. 168. 1. 0
255. 255. 254. 0 (/23) 255. 255. 254. 0 (/23)
192. 168. 0. 0 192. 168. 0. 0
This shows that applying the /23 [255.255.254.0] subnet mask to the specified IP
address places both in the same 192.168.0.0 network. This also means that this
CIDR block does not cross boundaries, because applying the subnet mask to each
network address places both in the same 192.168.0.0 network.

For LAN B1, the requirement is that a CIDR block that can handle 800 network
devices must be provided. According to Table 1-2, a /22 CIDR yields 1,022 usable
host IP addresses and is equivalent to grouping four Class C networks together.
Therefore, a /22 CIDR can be used.
The next decision is selecting the group of IP addresses to create the CIDR block
and decide where the IP addresses should start. Recall that the 192.168.0.0 and
192.168.1.0 networks are being used to create the LAN A CIDR block. Should
LAN B1 start from 192.168.2.0/22, which is the next contiguous space? The an-
swer is no. The 192.168.2.0/22 is still within the boundary of the 192.168.0.0/23
network. Remember, the requirement is that a CIDR block that can handle 800 net-
work devices must be provided and that boundaries cannot be crossed, and the de-
signer must be careful not to overlap the networks when assigning subnets to more
than one network. In this case, when the /22 subnet mask (255.255.252.0) is applied
to 192.168.2.0, this yields the network 192.168.0.0. The AND operation is shown:
192. 168. 2. 0
255. 255.252. 0 (/22)
192. 168. 0. 0
This happens to be the same network address as when the /23 CIDR subnet mask
(255.255.254.0) is applied to any IP within the range of 192.168.0.0-192.168.1.255,
as shown:
192. 168. 0. 0 192. 168. 1. 255
255. 255. 254. 0 (/23) 255. 255. 254. 0 (/23)
192. 168. 0. 0 192. 168. 0. 0
There is an overlap between 192.168.0.0/23 and 192.168.2.0/22. Moving to the next

contiguous Class C of 192.168.3.0/22, we still find that it’s still in the 192.168.0.0:
192.168.3.0
255.255.252.0 (/22)
192.168.0.0 is still in the same subnet.
Based on this information, the next Class C range 192.168.4.0/22 is selected. This
yields a nonoverlapping network of 192.168.4.0, so the subnet 192.168.4.0/22 is a
valid for this network:
192.168.4.0
255.255.252.0 (/22)
192.168.4.0 is not the same subnet; therefore, this is an acceptable CIDR block.
Recall that the CIDR for LANB1 is a /22 and is equivalent to grouping four Class C
networks. This means that LANB1 uses the following Class C networks:
192.168.4.0
192.168.5.0
192.168.6.0
192.168.7.0

The IP subnet design gets more complicated when designing multiple networks
with different size subnets. This generally means that the subnet mask or the CIDR
will not be uniformly assigned to every network. For example, one network might
be a /25 network or /22, while another is a /30 network.
The next requirement is that a CIDR block that can handle 800 network devices
must be tasked to assign a CIDR block to LAN B2. This LAN is a server network
that houses a fixed number of servers. The number is not expected to grow beyond
80 servers. One easy approach is to assign a /24 CIDR to this network.
This means that the next network is 192.168.8.0/24, which is the next nonoverlap-
ping CIDR block after 192.168.4.0/22. The /24 CIDR gives 254 host IP addresses,
but only 80 IP addresses are required. Another approach is to size it appropriately.
According to Table 1-2, a good CIDR to use is a /25, which allows for 126 host IP
addresses. Therefore, a network 192.168.8.0/25 can be used for this network.
Assigning a 192.168.8.0/24 CIDR, which can accommodate 254 hosts, seems like a
waste, because the network is expected to be a fixed size, and it will house no more
than 80 servers. By assigning a 192.168.8.0/25 CIDR, enough room is left for an-
other contiguous CIDR, 192.168.8.128/25. Obviously, this is a more efficient way
of managing the available IP space.
Last but not least is the interconnection shown in Figure 1-4. This is the
router-to-router link between Router A and Router B. The interconnection usually
gets the least attention, but it exists everywhere in the multiple networks environ-
ment. Nonetheless, a CIDR block has to be assigned to it. Because there are always
only two interface IP addresses involved plus the network and broadcast address,
giving an entire Class C address would definitely be a waste. Typically, a /30 CIDR
is used for this type of connection. Therefore, a CIDR block for the interconnection
between Router A and Router B can be 192.168.9.0/30. This yields two IP host ad-
dresses: one for Router A and one for Router B.
The complete subnet assignment for Example 1-1 and Figure 1-4 is provided in
Table 1-3.
TABLE 1-3 Completed Design of Subnets for Figure 1-4
Network Subnet CIDR Subnet Mask

LAN A 192.168.0.0 /23 255.255.254.0
LAN B1 192.168.4.0 /22 255.255.252.0
LAN B2 192.168.8.0 /24 or /25 255.255.255.0 or 255.255.255.128
Interconnect 192.168.9.0 /30 255.255.255.252

IP Assignment
The next task requirement is that a CIDR block that can handle 800 network de-
vices must be required to assign an IP address to each routed interface. This ad- Gateway
dress will become the gateway IP address of the subnet. The gateway describes the Describes the networking
device that enables
networking device that enables hosts in a LAN to connect to networks (and hosts)
hosts in a LAN to
outside the LAN. Figure 1-5 provides an example of the gateway. Every network
connect to networks
device within its subnet (LAN) will use this IP address as its gateway to commu- (and hosts) outside the
nicate from its local subnet to devices on other subnets. The gateway IP address is LAN.
preselected and is distributed to a network device by way of manual configuration
or dynamic assignment.
Gateway
Data Data
enter LAN exit
FIGURE 1-5 The gateway for a network
For LAN A in Example 1-1, the IP address 192.168.0.0 is already reserved as the
network address, and the IP address 192.168.0.255 is reserved as the broadcast
address. This leaves any IP address within the range 192.168.0.1–192.168.0.254
available for use for the gateway address. Choosing the gateway IP address is not
an exact science. Generally, the first IP address or the last IP address of the avail-
able range is chosen. Whatever convention is chosen, it should apply to the rest of
the subnets for the ease of management. Once the gateway IP address is chosen,
this IP address is reserved and is not to be used by any other devices in the subnet.
Otherwise, an IP conflict will be introduced. The following is an example of how
the gateway IP addresses could be assigned to the LANs in Example 1-1.
Network Gateway
LAN A 192.168.0.1
LAN B1 192.168.4.1
LAN B2 192.168.8.1

1-3 VLAN NETWORK
This section examines the function of using a switch in a VLAN within the campus
network. The terminology and steps for implementing VLANs will be presented
first. The second part examines basic Cisco switch configuration and provides an
introduction to the commands needed for configuring the VLAN. The third part of
Section 1-3 demonstrates the commands needed to set up a static VLAN. Next is a
discussion on VLAN tagging using 802.1Q. The section concludes with a look at
configuring an HP Procurve switch.
LANs are not necessarily restricted in size. A LAN can have 20 computers, 200
computers, or even more. Multiple LANs also can be interconnected to essentially
create one large LAN. For example, the first floor of a building could be set up as
one LAN, the second floor as another LAN, and the third floor another. The three
LANs in the building can be interconnected into essentially one large LAN using
switches, with the switches interconnected, as shown in Figure 1-6.
Is it bad to interconnect LANs this way? As long as switches are being used to
Broadcast Domain
interconnect the computers, the interconnected LANs have minimal impact on net-
Any broadcast sent out work performance. This is true as long as there are not too many computers in the
on the network is seen
LAN. The number of computers in the LAN is an issue, because Layer 2 switches
by all hosts in this
domain.
do not separate broadcast domains. This means that any broadcast sent out on the
network (for example, the broadcast associated with an ARP request) will be sent
to all computers in the LAN. Excessive broadcasts are a problem, because each
computer must process the broadcast to determine whether it needs to respond; this
essentially slows down the computer and the network.
Switch 3rd floor

Closet
2nd floor
1st floor
FIGURE 1-6 Three floors of a building interconnected using switches to form one large LAN

A network with multiple LANs interconnected at the Layer 2 level is called a flat
network. A flat network is where the LANs share the same broadcast domain. The Flat Network
use of a flat network should be avoided if possible for the simple reason that the A network where the
network response time is greatly affected. Flat networks can be avoided by the use LANs share the same
broadcast domain.
of virtual LANs (VLAN) or routers. Although both options can be used to separate
broadcast domains, they differ in that the VLAN operates at the OSI Layer 2, while
routers use Layer 3 networking to accomplish the task. The topic of a virtual VLAN
is discussed next.
Virtual LAN (VLAN)

Obviously, if the LANs are not connected, then each LAN is segregated only to a
switch. The broadcast domain is contained to that switch; however, this does not VLAN (Virtual LAN)
scale in a practical network, and it is not cost effective because each LAN requires A group of host
computers and servers
its own Layer 2 switches. This is where the concept of virtual LAN (VLAN) can
that are configured
help out. A VLAN is a way to have multiple LANs co-exist in the same Layer 2
as if they are in the
switch, but their traffic is segregated from each other. Even though they reside on same LAN, even if they
the same physical switch, they behave as if they are on different switches (hence, reside across routers in
the term virtual). VLAN compatible switches can communicate to each other and separate LANs.
extend the segregation of multiple LANs throughout the entire switched network. A
switch can be configured with a VLAN where a group of host computers and serv-
ers are configured as if they are in the same LAN, even if they reside across routers
in separate LANs. Each VLAN has its own broadcast domain. Hence, traffic from
one VLAN cannot pass to another VLAN. The advantage of using VLANs is the
network administrator can group computers and servers in the same VLAN based
on the organizational group (such as Sales, Engineering) even if they are not on the
same physical segment—or even the same building.
There are three types of VLANs: port-based VLANs, tag-based VLANs, and
protocol-based VLANs. The port-based VLAN is one where the host computers con- Port-Based VLAN
nected to specific ports on a switch are assigned to a specific VLAN. For example, Host computers
assume the computers connected to switch ports 2, 3, and 4 are assigned to the connected to specific
ports on a switch are
Sales VLAN 2, while the computers connected to switch ports 6, 7, and 8 are as-
assigned to a specific
signed to the Engineering VLAN 3, as shown in Figure 1-7. The switch will be con-
VLAN.
figured as a port-based VLAN so that the groups of ports [2,3,4] are assigned to the
sales VLAN while ports [6,7,8] belong to the Engineering VLAN. The devices as- Tagged-Based VLAN
signed to the same VLAN will share broadcasts for that LAN; however, computers Used VLAN ID based on
that are connected to ports not assigned to the VLAN will not share the broadcasts. 802.1Q.
For example, the computers in VLAN 2 (Sales) share the same broadcast domain Protocol-Based VLAN
and computers in VLAN 3 (Engineering) share a different broadcast domain. Connection to ports is
based on the protocol
being used.
VLAN 2 VLAN 3
Ports 2,3,4 Ports 6,7,8
FIGURE 1-7 An example of the grouping for port-based VLANs
1-3: VLAN NETWORK 17

In tag-based VLANs, a tag is added to the Ethernet frames. This tag contains the
VLAN ID VLAN ID that is used to identify that a frame belongs to a specific VLAN. The ad-
Used to identify that dition of the VLAN ID is based on the 802.1Q specification. The 802.1Q standard
a frame belongs to a defines a system of VLAN tagging for Ethernet frames. An advantage of an 802.1Q
specific VLAN.
VLAN is that it helps contain broadcast and multicast data traffic, which helps
802.1Q minimize data congestion and improve throughput. This specification also provides
This standard defines a guidelines for a switch port to belong to more than one VLAN. Additionally, the
system of VLAN tagging tag-based VLANs can help provide better security by logically isolating and group-
for Ethernet frames. ing users.
In protocol-based VLANs, the data traffic is connected to specific ports based on
the type of protocol being used. The packet is dropped when it enters the switch if
the protocol doesn’t match any of the VLANs. For example, an IP network could be
set up for the Engineering VLAN on ports 6,7,8 and an IPX network for the Sales
VLAN on ports 2,3, and 4. The advantage of this is the data traffic for the two net-
works is separated.
There are two approaches for assigning VLAN membership:
Static VLAN
Basically, a port-based • Static VLAN: Basically a port-based VLAN. The assignments are created
VLAN. when ports are assigned to a specific VLAN.
Dynamic VLAN • Dynamic VLAN: Ports are assigned to a VLAN based on either the computer’s
MAC address or the username of the client logged onto the computer. This
Ports are assigned to a
VLAN based on either means that the system has been previously configured with the VLAN as-
the computer’s MAC signments for the computer or the username. The advantage of this is the
address or the username username and/or the computer can move to a different location, but VLAN
of the client logged onto membership will be retained.
the computer.
VLAN Configuration
This section demonstrates the steps for configuring a static VLAN. In this example,
the ports for VLAN 2 (Sales) and VLAN 3 (Engineering) will be defined. This re-
quires that VLAN memberships be defined for the required ports. The steps and the
commands will be demonstrated.
The show vlan command can be used to verify what ports have been defined for the
show vlan switch. By default, all ports are assigned to VLAN 1. An example using the show
Used to verify what vlan command is provided next.
ports have been defined
for the switch. SwitchA# show vlan
VLAN Name Status Ports

---- -------------------------- --------- ---------------------------
--
1 default active Fa0/1, Fa0/2,
Fa0/3, Fa0/4
Fa0/5,
Fa0/6, Fa0/7, Fa0/8
Fa0/9,
Fa0/10

This shows that all the FastEthernet interfaces on the switch are currently assigned
to VLAN 1, which is a default VLAN. In the next step, two additional VLANs vlan database
will be created for both Sales and Engineering. The two new VLANs will have the The command used on
VLAN ID of 2 and 3 respectively, and each VLAN will be assigned a name associ- older Cisco switches to
enter the VLAN database.
ated to it. This is accomplished by modifying the VLAN database using the vlan
database command, as shown in the next steps.
SwitchA#vlan database
SwitchA(vlan)#vlan 2 name Sales

VLAN 2 modified:
Name: Sales
SwitchA(vlan)#vlan 3 name Engineering
VLAN 3 modified:
Name: Engineering
On newer Cisco switches, users will get the following message that the command
vlan database is being deprecated:
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Cisco has moved away from the VLAN database-style command to an IOS global
command. Similarly to other IOS global commands, the switch must be in the con-
figuration mode (config)#. However, the concept remains the same that a VLAN
must be created for it to be activated and ready for use. The steps for creating the
VLAN on newer Cisco switches are as follows:
SwitchA# conf t
SwitchA(config)#vlan 2
SwitchA(config-vlan)#name Sales
SwitchA(config-vlan)#vlan 3
SwitchA(config-vlan)#name Engineering
SwitchA(config-vlan)#exit
SwitchA(config)#exit
To start configuring a VLAN, one must specify which VLAN needs to be config-
vlan [vlan_id]
ured using the vlan [vlan_id] command. If the specific VLAN does not exist, this
command will create the VLAN as well. As shown in the preceding example, the The IOS global command
used to create VLAN ID.
command vlan 2 is entered to configure vlan 2 and then the command name Sales
is entered to configure the name associated to the VLAN. The similar steps are
done for VLAN 3 with the name Engineering.

The rest of the VLAN commands are almost identical in the older switches and
newer switches. The next step is used to verify that the new VLANs have been cre-
ated using the show vlan command:
Switch#show vlan

---- -------------------------- --------- ---------------------------
--
1 default active Fa0/1, Fa0/2, Fa0/3,
Fa0/4
Fa0/5, Fa0/6,
Fa0/7, Fa0/8
Fa0/9, Fa0/10
2 Sales active
3 Engineering active
This shows that both the Sales and Engineering VLANs have been created. In the
next steps, ports will be assigned to the newly created VLANs. This requires that
the configuration mode be entered and each FastEthernet interface (port) must be
assigned to the proper VLAN using the two commands switchport mode access
and switchport access vlan vlan-id. An example is presented for FastEthernet in-
terface 0/2 being assigned to VLAN 2 on a Cisco switch:
SwitchA#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchA(config)#int fa 0/2
SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 2
SwitchA(config-if)#end
The next step is used to verify that FastEthernet 0/2 has been assigned to the Sales
VLAN (VLAN2). This can be verified using the show vlan brief command, as
shown. This command only displays the interfaces assigned to each VLAN:
SwitchA#sh vlan brief

---- ----------------------------- --------- ------------------------
---
1 default active Fa0/1, Fa0/3, Fa0/4,
Fa0/5
Fa0/6, Fa0/7,
Fa0/8, Fa0/9
Fa0/10
2 Sales active Fa0/2
The next steps are to assign ports 3 and 4 to the Sales VLAN (VLAN 2) and ports
6,7,8 to Engineering (VLAN 3). Once this is completed, the port assignments can
be verified using the show vlan command, as shown:

SwitchA#show vlan

---- ---------------------------- --------- -------------------------
---
1 default active Fa0/1, Fa0/5,
Fa0/9, Fa0/10
2 Sales active Fa0/2, Fa0/3,

Fa0/4
3 Engineering active Fa0/6, Fa0/7, Fa0/8
You can look specifically at the assignments for only one of the VLANs by entering
the command show vlan name vlan-name, where vlan-name is the name assigned show vlan name vlan-
name
to the VLAN. Note that the name is case-sensitive. You can also use the number of
The command to look
the VLAN instead of using the command show vlan id vlan-id. Examples of both
specifically at only one
are presented:
of the VLANs.
SwitchA#show vlan name Engineering

---- -------------------------------- --------- ---------------------
---
3 Engineering active Fa0/6, Fa0/7,
Fa0/8
Switch#show vlan id 3

---- -------------------------------- --------- ---------------------
---
3 Engineering active Fa0/6, Fa0/7,
Fa0/8
On Layer 2 switches, an IP address can be assigned to a VLAN interface. This

merely assigns an IP address to a switch, so that a switch can communicate with interface VLAN 1
other network devices on the same VLAN and vice-versa. The IP VLAN interface The default vlan for the
does not perform any routing functions when running as a layer 2 switch. As a mat- switch.
ter of fact, the IP VLAN interface is not required in order for a switch to start for-
warding packets and perform its other Layer 2 functions. By default, the interface
VLAN 1 is automatically created. The following command sequence demonstrates
how to assign the IP address to the VLAN interface:
SwitchA(config)# interface VLAN 1
SwitchA(config-if)# ip address 192.168.1.1 255.255.255.0
SwitchA(config-if)# no shutdown
Note that the IP address is being set for VLAN 1. The interface for the switch is
also enabled at this same point using the no shutdown command, as shown. In
order for the interface VLAN to be up, at least one switch port in the VLAN must

be up or have a physical link. The status of a switch port can be verified with the
show interface status command show interface or, better yet, with the command show interface status.
Used to verify the status Although the command show interface shows detailed information of individual
of a switchport. interface one at a time, the command show interface status displays the status of
all the switch ports including their speed, duplex, and VLAN, as shown. This gives
a quick and precise look of the port status of a switch where port density is high.
SwitchA#show interface status
Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 1 a-full a-100
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
10/100BaseTX
The overall configuration of the switch can be viewed using the show running-
config (sh run) command, as shown. (Only a part of the configuration is dis-
played.)
Switch#sh run - -
Building configuration...
Current configuration : 1411 bytes

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id

!
interface FastEthernet0/1
!-
switchport access vlan 2
switchport mode access
. .
. .
. .
. .
!
switchport access vlan 3
switchport mode access
!
!
!
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
line vty 0 15
login
end
The running-configuration for the switch shows that the FastEthernet interfaces
have been assigned to the proper VLANs. Additionally, this shows that an IP ad-
dress has been assigned to the default interface VLAN1.
This portion of the text has demonstrated the steps for creating a static VLAN. Both
Sales and Engineering VLANs were created, and specific ports on the switch were
assigned to the respective VLANs. Unassigned ports remained as part of the default
VLAN 1.
VLAN Tagging
This section explores the concept of VLAN tagging (802.1Q) and demonstrates
the steps required for this configuration. The concept of VLAN tagging can be ex-
plained using the example network shown in Figure 1-8. In this network, the Sales
team is spread out in two different buildings. Therefore, the Sales VLAN network
must be available in both buildings. Each building has its own network switch, and
both switches are connected via one physical link.

Building A Switch Building B Switch
802.1Q/Trunk Port
Default VLAN Sales VLAN Engineering Default VLAN Sales VLAN

VLAN
FIGURE 1-8 An example of a scenario with two VLANS spread across two buildings
In a scenario like this, not only is it necessary to have the same Sales VLAN run-
Trunk Port ning on both building switches, it is also important to have members of the same
A switch interface or VLAN being able to communicate with each other across buildings and to adhere
port configured to carry to the same VLAN restrictions. To accomplish this, a technique called VLAN tag-
multiple VLANs.
ging is used. VLAN tagging is a technique deployed on a switch interface to carry
Inter-Switch Link Ethernet frames of multiple VLANs. The interface must connect to another switch
(ISL) port, router port, or network device that understands VLAN tagging, and both sides
The Cisco proprietary must agree on the VLAN tagging protocol.
VLAN tagging protocol.
The standard protocol for VLAN tagging is IEEE 802.1Q. This standard protocol
is widely supported by every switch manufacturer, as well as Cisco. A switch inter-
face or port configured to carry traffic for multiple VLANs is often referred to as
a trunk port. The term was made famous by Cisco, and it is used explicitly as the
VLAN tagging command in Cisco switches. Note that Cisco has its own proprietary
VLAN tagging protocol called Inter-Switch Link (ISL). The big difference between
ISL and 802.1Q is how the frame is treated. In ISL, every Ethernet frame is encap-
sulated within a 26-Byte header containing the VLAN ID and a 4 Byte CRC at the
end. This makes the size of an ISL frame bigger than an 802.1Q frame, as discussed
next.
To accomplish the VLAN tagging of the Ethernet frames, IEEE 802.1Q simply
inserts additional data to the Ethernet frame header, as shown in Figure 1-9. An
802.1Q tag is a 4-Byte tag field that is inserted between the Source Address field
and the Ethernet Type/Length field. By inserting an additional 4-Byte field, the
Ethernet frame size is increased. Its minimum frame size is now increased from 64
Bytes to 68 Bytes, and its maximum frame size is now increased from 1,518 Bytes
to 1,522 Bytes. Figure 1-9 also provides a detailed calculation of the Ethernet frame
size. Because of the additional tag field and the increased frame size, it is important
that both sides of the link be compatible. Otherwise, the tagged Ethernet frames
will not be understood and, therefore, the frames will be dropped by a non-802.1Q-
compliant interface.

e
er th nc
et ng q ue
lim /L
e Se p
De p e Ethernet II Frame k Ga
m e on Ty ec me
le ra at
i t Ch a
mb t F stin rce r ne e r Fr
ea ar u he am te
Pr St De So Et Payload Data Fr In
56 bits 8 bits 48 bits 48 bits 8 bits 46 Bytes – 1500 Bytes 16 bits 96 bits
(8 Bytes) (2 B) (6 Bytes) (6 Bytes) (2 B) (4 Bytes) (12 Bytes)
Preamble Smallest Ethernet Frame Size

Alternating 1’s and 0’s 6 Bytes (S) + 6 Bytes (D) + 2 Bytes (Ethernet Type) + 46 Bytes of minimum data + 4 Bytes (FCS)
Media Access Control (MAC) = 64 Bytes
Source and destination address Biggest Ethernet Frame Size
Ethernet Type 6 Bytes (S) + 6 Bytes (D) + 2 Bytes (Ethernet Type) + 1500 Bytes of maximum data + 4 Bytes (FCS)
Higher Level Protocol = 1518 Bytes
0x0800 IPv4
0x0806 ARP
0x8100 802.1Qtag
Frame Check Sequence (FCS)
CRC-32 complete check of complete frame
e
er th nc
et ng ue
lim Le eq p
De pe
/ Ethernet II Frame with 802.1Q ck
S
Ga
e n g Ty e e
ble ra
m tio
a Ta et Ch ra
m
m t F stin ce 1Q rn e rF
ea ar ur 2. he am te
Pr St De So 80 Et Payload Data Fr In
56 bits 8 bits 48 bits 48 bits 16 bits 8 bits 46 Bytes – 1500 Bytes 16 bits 96 bits
(8 Bytes) (2 B) (6 Bytes) (6 Bytes) (4 Bytes) (2 B) (4 Bytes) (12 Bytes)
802.1P C 802.1Q Vlan ID
802.1P Smallest Ethernet Frame Size w/802.1Q

Class of Service (Cos) 6 Bytes (S) + 6 Bytes (D) + 2 Bytes (Ethernet Type) + 4 Bytes of 802.1Q Tag + 46 Bytes of minimum data + 4 Bytes (FCS)
Values: 0-7 = 68 Bytes
Canonical (C) Biggest Ethernet Frame Size w/802.1Q
Always 0 6 Bytes (S) + 6 Bytes (D) + 2 Bytes (Ethernet Type) + 4 Bytes of 802.1Q Tag + 1500 Bytes of maximum data + 4 Bytes (FCS)
802.1QVlan ID = 1522 Bytes
Values: 1-4096
FIGURE 1-9 Typical Ethernet frame versus Ethernet frame with 802.1Q tag
802.1Q Configuration switchport mode

This section demonstrates the steps for configuring 802.1Q VLAN tagging. The trunk
802.1Q VLAN tagging is configured at the switch interface that interconnects to Turns on trunking.
another network switch. In this case, interface FastEthernet 0/1 of Switch A is se-
switchport trunk
lected as a 802.1Q VLAN tagging port or a trunk port. The following demonstrates encapsulation dot1q
how to configure an interface as a trunk port on a Cisco switch.
This command defines
First, the interface is assigned as a trunk port by the command switchport mode that 802.1Q tagging
trunk. This essentially turns on trunking. The next step is to define the tagging pro- protocol is being used.
tocol, which is 802.1Q, in this case. The command switchport trunk encapsulation switchport trunk
dot1q is used. If ISL is used, the command would be switchport trunk encapsula- encapsulation isl
tion isl. The next command, switchport trunk allowed vlan vlan-id, is optional, but This command defines
it is useful in limiting VLANs that can be carried across the link. that the tagging
SwitchA#conf t protocol is ISL.
Enter configuration commands, one per line. End with CNTL/Z. switchport trunk
SwitchA(config)#int fa 0/1 allowed vlan vlan-id
SwitchA(config-if)#switchport mode trunk This command is used
SwitchA(config-if)#switchport trunk encapsulation dot1q to limit the VLANs that
SwitchA(config-if)#switchport trunk allowed vlan 1,2 can be carried across the
SwitchA(config-if)#end link.

By default, all configured VLANs are allowed across the trunk port. In order for
show interfaces VLAN tagging to work properly, it is important to configure the same commands
trunk
on SwitchB’s trunk port. To verify the 802.1Q configuration, the command show
This command is used interfaces trunk can be used:
to verify the 802.1Q
configuration. SwitchA#sh interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/1 1,2
Port Vlans allowed and active in management domain

Fa0/1 1,2
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,2
Networking Challenge: Static VLAN Configuration

Use the Net-Challenge Simulator Software included with the text’s companion CD-ROM to demonstrate
that you can perform basic switch and static VLAN configuration and set up a trunk connection. Place
the CD-ROM in your computer’s drive. Open the Net-Challenge folder, and click NetChallengeV3-2.
exe. After the software is running, click the Select Challenge button. This opens a Select Challenge
drop-down menu. Select the Chapter 1 - Static VLAN Configuration challenge to open a checkbox
that can be used to verify that you have completed all the tasks. Do the following:
1. Enter the privileged EXEC mode on the switch (password: Chile).
2. Enter the switch’s configuration mode: Router(config).
3. Set the hostname of the switch to switch-A.
4. Configure the IP address for VLAN 1 interface with the following:
IP address: 10.10.20.250
Subnet mask: 255.255.255.0
5. Enable the VLAN 1 interface.
6. Use the command to display the current VLAN settings for the switch.
7. Issue the command that lets you modify the VLAN database.
8. Create a VLAN 2 named Sales.
9. Verify that a new Sales VLAN has been created.
10. Issue the command to enter the fa0/2 interface configuration mode.
11. Enter the sequence of commands that are used to assign interface fa0/2 to the Sales VLAN.
12. Enter the command that enables you to display the interface assigned to each VLAN.

13. Enter the command that enables you to view specifically the assignments for the Sales VLAN.
14. Issue the command that allows you to view the switch’s running-configuration.
15. Issue the command to turn on trunking for SwitchA.
16. Issue the command to set trunk encapsulation to 802.1Q.
17. Issue the command that enables VLAN 1 and VLAN 2 to be carried across the link.
Configuring the HP Procurve Switch

This should not come as a surprise to learn that many switch manufacturers fol-
low a similar configuration path as the Cisco switches. A similar Cisco-styled
command-line interface (CLI) is deployed by those manufacturers as well. The fol-
lowing is an example of how to configure an HP Procurve switch. The first step is
to enter the configuration mode using the command configure. Next, the VLAN #
is entered using the vlan 2 command. Finally, the VLAN is assigned a name from
the (vlan-2) prompt using the command name-Sales:
SwitchHP# configure
SwitchHP(config)#vlan 2
SwitchHP(vlan-2)#name Sales
The command show vlan also exists on the HP switches, but the output result is
different than the one produced from Cisco switches. The HP’s show vlan com-
mand does not provide ports with VLAN membership, while the Cisco command
does:
SwitchHP# show vlan
Status and Counters - VLAN Information
Maximum VLANs to support : 8

Primary VLAN : DEFAULT_VLAN
Management VLAN :
802.1Q VLAN ID Name Status Voice Jumbo

-------------- ------------ ------------ ----- -----
1 DEFAULT_VLAN Port-based No No
2 Sales Port-based No No
On a Cisco switch, the VLAN membership is configured at the interface level. On

an HP switch, it is configured at the VLAN level, where each VLAN contains its
port members. This example shows how a VLAN membership is assigned on an HP
switch:
SwitchHP# configure
SwitchHP(config)#vlan 2
SwitchHP(vlan-2)#untagged 48

In VLAN 2, port 48 is configured as an untagged member. This means that the port
is not a tagged VLAN port. It is essentially just a port-based VLAN. It was men-
tioned earlier that the HP’s command show vlan does not give much detail. To get
more VLAN details, one must specify the VLAN ID. The show vlan 2 command
can be used to verify that port 48 has been assigned to the Sales VLAN (VLAN2):
SwitchHP# show vlan 2
Status and Counters - VLAN Information - Ports - VLAN 2
802.1Q VLAN ID : 2
Name : Sales
Status : Port-based Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status

------------------- -------------------- ---------- ---------
48 Untagged Learn Up
On HP switches and other switch manufacturers, the command syntax for enabling
a port to carry 802.1Q tagged frames is basically the same. On HP switches, there is
not a trunk command. The step is to simply assign tagging ability to the switch port
by issuing the command tagged port_number. Because this is a non-Cisco switch,
802.1Q is the only VLAN tagging protocol that can be used. The following com-
mand sequence demonstrates how to configure an interface port 24 on an HP switch
as a 802.1Q VLAN tagging port:
SwitchHP# conf
SwitchHP(config)# vlan 1
SwitchHP(vlan-1)# tagged 24
SwitchHP(vlan-1)# exit
SwitchHP(config)# vlan 2
SwitchHP(vlan-2)# tagged 24
SwitchHP(vlan-2)# exit
Unlike Cisco switches where an 802.1Q is configured at the interface level, the tag-
ging configuration is done at the VLAN level on HP switches. Port 24 is designated
as tagged port for both VLAN 1 and VLAN 2, which enables it to carry VLAN
1 and VLAN 2 frames. Generally, untagged ports belong to one specific VLAN,
while tagged ports can belong to one or more VLANs.
1-4 ROUTED NETWORK

This section examines the Layer 3 network and how data is routed in the network.
This section also introduces another Layer 3 device, the multilayer switch. You
need to understand the advantages and disadvantages of this device. This section
also introduces interVLAN configuration, which enables VLANs to communicate

across networks. The section concludes with a look at both serial and ATM configu-
rations. Some network engineers will argue that the serial and ATM technologies
are a dying technology and are now considered obsolete. However, being obso-
lete does not mean they are nonexistent. These technologies are still being used
throughout the world, and it is still an important topic.
Router
The router is a powerful networking device used to interconnect LANs. The router
is a Layer 3 device in the OSI model, which means the router uses the network ad- Network Address
dress (Layer 3 addressing) to make routing decisions regarding forwarding data Another name for the
packets. In the OSI model, the Layer 3, or network, layer responsibilities include Layer 3 address.
handling of the network address. The network address is also called a logical ad- Logical Address
dress, rather than being a physical address (such as the MAC address, which is em- This describes the IP
bedded into the network interface card [NIC]). The logical address describes the IP address location of the
address location of the network and the address location of the host in the network. network and the address
location of the host in
Essentially, the router is configured to know how to route data packets entering or the network.
exiting the LAN. This differs from the bridge and the Layer 2 switch, which use the
Ethernet address for making decisions regarding forwarding data packets and only
know how to forward data to hosts physically connected to their ports.
Routers are used to interconnect LANs in a campus network. Routers can be used
to interconnect networks that use the same protocol (for example, Ethernet), or they Router Interface
can be used to interconnect LANs that are using different Layer 2 technologies, The physical connection
such as an Ethernet, ATM, T1, and so on. Routers also make it possible to intercon- where the router
connects to the network.
nect to LANs around the country and the world and interconnect to many different
networking protocols. The router ports are bidirectional, meaning that data can en-
ter and exit the same router port. Often, the router ports are called the router inter-
face, which is the physical connection where the router connects to the network.
The network provided in Figure 1-10 is an example of a simple three-router campus
network. This configuration enables data packets to be sent and received from any
host on the network after the routers in the network have been properly configured.
For example, computer A1 in LAN A could be sending data to computer D1 in
LAN D. This requires that the IP address for computer D1 is known by the user
sending the data from computer A1. The data from computer A1 will first travel
to the switch where the data is passed to Router A via the FA0/0 FastEthernet data
port. Router A will examine the network address of the data packet and use con-
figured routing instructions stored in the router’s routing tables to decide where
to forward the data. Router A determines that an available path to Router C is via
the FA0/2 FastEthernet port connection. The data is then sent directly to Router C.
Router C determines that the data packet should be forwarded to its FA0/0 port to
reach computer D1 in LAN D. The data is then sent to D1. Alternatively, Router
A could have sent the data to Router C through Router B via Router A’s FA0/1
FastEthernet port.
1-4: ROUTED NETWORK 29

10.10.100.0 NET
segment
RouterA E2 RouterB RouterC E2
10.10.200.0 NET 10.10.150.0 NET
E1 E2 E3 E1
E0 E0 E1 E0
segment segment
10.10.20.0 NET 10.10.10.0 NET 10.10.1.0 NET 10.10.5.0 NET

LAN A LAN B LAN C LAN D
Hub Switch Switch Hub
A1 A2 B1 B2 C1 C2 D1 D2
RouterA Port Addresses (LAN A) RouterB Port Addresses (LAN B) RouterB Port Addresses (LAN C) RouterC Port Addresses (LAN D)
Ethernet 0 10.10.20.250 Ethernet 0 10.10.10.250 Ethernet 1 10.10.1.250 Ethernet 0 10.10.5.250

(Gateway Address) (Gateway Address) (Gateway Address) (Gateway Address)
LAN A Computers LAN B Computers LAN C Computers LAN D Computers
Computer A1 10.10.20.1 Computer B1 10.10.10.1 Computer C1 10.10.1.1 Computer D1 10.10.5.1

Computer A2 10.10.20.2 Computer B2 10.10.10.2 Computer C2 10.10.1.2 Computer D2 10.10.5.2
Subnet Mask 255.255.255.0 Subnet Mask 255.255.255.0 Subnet Mask 255.255.255.0 Subnet Mask 255.255.255.0
FIGURE 1-10 The three-router campus LAN
Delivery of the information over the network was made possible by the use of an IP
Routing Table address and routing table. Routing tables keep track of the routes used for forward-
Keeps track of the routes ing data to its destination. RouterA used its routing table to determine a network
to use for forwarding data path so computer A1’s data could reach computer D1 in LAN D. After the data
data to its destination.
packet arrived on Router C, an ARP request is issued by Router C to determine the
MAC address of computer D1. The MAC address is then used for final delivery of
the data to computer D1.
If Router A determines that the network path to Router C is down, Router A can
route the data packet to Router C through Router B. After Router B receives the
data packet from Router A, it uses its routing tables to determine where to forward
the data packet. Router B determines that the data needs to be sent to Router C.
Router B will then use its FA0/3 FastEthernet port to forward the data to Router C.
Gateway Address
As previously discussed, the term gateway is used to describe the address of the
networking device that enables the hosts in a LAN to connect to networks and hosts
outside the LAN. For example, the gateway address for all hosts in LAN A will be
10.10.20.250. This address is configured on the host computer, as shown in Figure
1-11. Any IP packets with a destination outside the LAN A network will be sent to
this gateway address. Note that the destination network is determined by the subnet
mask. In this case, the subnet mask is 255.255.255.0.

FIGURE 1-11 Network settings configuration for the default gateway
Network Segments
The network segment defines the networking link between two LANs. There is
a segment associated with each connection of an internetworking device (for ex-
ample, router-hub, router-switch, router-router). For example, the IP address for the
network segment connecting LAN A to the router is 10.10.20.0. All hosts connected
to this segment must contain a 10.10.20.x, because a subnet mask of 255.255.255.0
is being used. Subnet masking is fully explained in Network Essentials Chapter 6,
“TCP/IP.”
Routers use the information about the network segments to determine where to for-
ward data packets. For example, referring to Figure 1-10, the network segments that
connect to Router A include
10.10.20.0
10.10.200.0
10.10.100.0
The segment is sometimes called the subnet or NET. These terms are associated
Subnet, NET
with a network segment address, such as 10.10.20.0. In this case, the network is
called the 10.10.20.0 NET. All hosts in the 10.10.20.0 NET will have a 10.10.20.x Other terms for the
segment.
IP address. The network addresses are used when configuring the routers and defin-
ing which networks are connected to the router.
According to Figure 1-11, all the computers in LAN A must have a 10.10.20.x ad-
dress. This is defined by the 255.255.255.0 subnet mask. For example, computer
A1 in LAN A will have the assigned IP address of 10.10.20.1 and a gateway ad-
dress of 10.10.20.250. The computers in LAN B (see Figure 1-10) are located in the

10.10.10.0 network. This means that all the computers in this network must contain
a 10.10.10.x IP address. In this case, the x part of the IP address is assigned for each
host. The gateway address for the hosts in LAN B is 10.10.10.250. Notice that the
routers are all using the same .250 gateway address. Remember, any valid IP ad-
dress can be used for the gateway address, but it is a good design procedure to use
the same number for number for all routers. In this case, .250 is being used. In other
cases, it could be .1 or .254.
The subnet mask is used to determine whether the data is to stay in the LAN or is
to be forwarded to the default gateway provided by the router. The router uses its
subnet mask to determine the destination network address. The destination network
address is checked with the router’s routing table to select the best route to the
destination. The data is then forwarded to the next router, which is the next hop ad-
dress. The next router examines the data packet, determines the destination network
address, checks its routing table, and then forwards the data to the next hop. If the
destination network is directly connected to the router, it issues an ARP request to
determine the MAC address of the destination host. Final delivery is then accom-
plished by forwarding the data using the destination host computer’s MAC address.
Routing of the data through the networks is at Layer 3, and the final delivery of
data in the network is at Layer 2.
Multilayer Switch
So far, the topic of network switches revolves around their Layer 2 functionalities.
Multilayer Switch Today, the scope of operations has changed for switches. Newer switch technolo-
(MLS) gies are available to help further improve the performance of computer networks.
Operates at Layer 2, but This new development started with Layer 3 switches and now there are multilayer
functions at the higher
switches. The term used to describe these switches that can operate above the OSI
layers.
Layer 2 is multilayer switches (MLS). An example is a Layer 3 switch. Layer 3
Wire Speed Routing switches still work at Layer 2, but additionally work at the network layer (Layer 3)
Data packets are of the OSI model and use IP addressing for making decisions to route a data packet
processed as fast as they in the best direction. The major difference is that the packet switching in basic rout-
arrive. ers is handled by a programmed microprocessor. The multilayer switch uses appli-
cation specific integrated circuits (ASIC) hardware to handle the packet switching.
The advantage of using hardware to handle the packet switching is a significant re-
duction in processing time (software versus hardware). In fact, the processing time
of multilayer switches can be as fast as the input data rate. This is called wire speed
routing, where the data packets are processed as fast as they are arriving. Multilayer
switches can also work at the upper layers of the OSI model. An example is a Layer
4 switch that processes data packets at the transport layer of the OSI model.
Through this evolution, the line between routers and multilayer switches is getting
more and more blurry. Routers were once considered the more intelligent device,
but this is no longer true. With new developments, the multilayer switches can do
almost everything the routers can. More importantly, most of the Layer 3 switch
configuration commands are almost identical to the ones used on the routers. Rout-
ers tend to be more expensive when it comes to cost per port. Therefore, most of the
traditional designs have a router connecting to a switch or switches to provide more
port density. This can be expensive depending on the size of the network. So, there
has been a shift toward deploying multilayer switches in the network LAN environ-
ment in place of routers. In this case, the routers and switches in Figure 1-10 then

could all be replaced with multilayer switches. This also means there will be less
network equipment to maintain, which reduces the maintenance cost and makes this
a more cost-effective solution. With its greater port density, a multilayer switch can
serve more clients than a router could. However, there is a common drawback for
most multilayer switches: These devices only support Ethernet. Other Layer 2 tech-
nologies, such as ATM, DSL,T1, still depend on routers for making this connection.
Layer 3 Routed Networks

As discussed previously, the hosts are interconnected with a switch or hub. This
allows data to be exchanged within the LAN; however, data cannot be routed to Routed Network
other networks. Also, the broadcast domain of one LAN is not isolated from an- Uses Layer 3 addressing
other LAN’s broadcast domain. The solution for breaking up the broadcast domains for selecting routes to
forward data packets.
and providing network routing is to incorporate routing hardware into the network
design to create a routed network. A routed network uses Layer 3 addressing for Layer 3 Network
selecting routes to forward data packets, so a better name for this network is a Layer Another name for a
3 network. routed network.
In Layer 3 networks, routers and multilayer switches are used to interconnect the
networks and LANs, isolating broadcast domains and enabling hosts from different
LANs and networks to exchange data. Data packet delivery is achieved by hand-
ing off data to adjacent routers until the packet reaches its final destination. This
typically involves passing data packets through many routers and many networks.
An example of a Layer 3 network is shown in Figure 1-10. This example has four
LANs interconnected using three routers. The IP address for each networking de-
vice is listed.
The physical layer interface on the router provides a way to connect the router
to other networking devices on the network. For example, the FastEthernet ports Synchronous Optical
on the router are used to connect to other FastEthernet ports on other routers or Network (SONET)
switches. Gigabit and 10-gigabit Ethernet ports are also available on routers to con- Used to interconnect the
nect to other high-speed Ethernet ports (the sample network shown in Figure 1-10 router and the network
to other WANs.
includes only FastEthernet ports). Routers also contain other types of interfaces,
such as serial interfaces and Synchronous Optical Network (SONET) interfaces. WAN
These interfaces were widely used to interconnect the router and the network to Wide-area network.
other wide-area networks (WAN). For example, connection to WANs requires the
use of a serial interface or SONET interface to connect to a communications carrier,
such as Sprint, AT&T, Century Link, and so on. The data speeds for the serial com-
munication ports on routers can vary from slow (56 kbps) up to high-speed DS3
data rates (47+ Mbps), and the SONET could range from OC3 (155 Mbps), OC12
(622 Mbps), or even OC192 (9953 Mbps).
Routed Port Configuration

Routers can have Ethernet (10 Mbps), Fast Ethernet (100 Mbps), Gigabit Ethernet
(1,000 Mbps), and 10 gigabit (10 GB), Serial, and ATM interfaces. These routers

can have multiple interfaces, and the steps for configuring each interface are basi-
cally the same. Each interface is assigned a number. For example, a router could
have three FastEthernet interfaces identified as
FastEthernet 0/0
FastEthernet 0/1
FastEthernet 0/2
The notation 0/0 indicates the [interface-card-slot/port].

On Cisco’s routers, a routed port can be configured simply by assigning an IP ad-
dress to the interface. Once an IP address and its subnet mask are assigned to the
interface and the interface is enabled, a Layer 3 network is created. The interface IP
address becomes the gateway for that network. To program the interface, the router
must be in the configuration mode. The following demonstrates how to configure a
router’s FastEthernet 0/0 port (FastEthernet 0/0, also listed as fa0/0 and FA0/0) as a
routed interface.
Router(config)# int fa0/0
Router(config-if)# ip address 10.10.20.250 255.255.255.0
Router(config-if)#no shut
2w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
Notice that the router prompts you that the line protocol on interface FastEthernet
terminal monitor 0/0 changed state to up. These log messages are always displayed when connecting
(term mon) via the console port. However, they are suppressed when it is a remote terminal ses-
Displays log messages on sion, like Telnet or SSH. To display log messages on the remote terminal, issue the
the remote terminal.
command terminal monitor or term mon at the router prompt:
Router# term mon
The log messages can be useful when bringing up a new connection. Sometimes,
terminal no monitor they can be annoying if the router is logging too many events. To disable the log-
(term no mon) ging to the terminal, the command is terminal no monitor or term no mon. One
Disables the logging to would think the command syntax would start with no, like typical Cisco command,
the terminal. but it is not so in this case:
Router# term no mon
The command show ip interface brief (sh ip int brief) entered at the enable
show ip interface prompt (Router#) can be used to verify the status of the router interfaces. The fol-
brief (sh ip int lowing is an example:
brief)
Verifies the status of the Router# sh ip int brief
router interfaces. Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.10.20.250 YES manual up up
FastEthernet0/1 unassigned YES manual administratively down
down
FastEthernet0/2 unassigned YES manual administratively down
down
The output shows that the interface FastEthernet0/0 was configured with the IP ad-
dress and its status is up. Because the FastEthernet0/1 and FastEthernet0/2 were not

yet configured, their IP addresses are shown as unassigned and their interfaces are
still administratively shut down.
Also, a routed port can be assigned to a multilayer switch. This configuration is
simple and the same as configuring a router port. The first step is to convert the na- no switchport
tive switch port to a router port. This is accomplished by issuing the command no Converts the native
switch port to a router
switchport on the desired switch interface. Then, the IP address and other configu-
port.
ration can be applied to the interface just like a typical router port:
SwitchA(config)# interface FastEthernet0/1
SwitchA(config-if)# no switchport
One concept that is worth exploring is secondary IP address. The primary address is
Secondary IP Address
the IP address that is assigned to the interface. The secondary IP address is a way to
Allows multiple Layer 3
support multiple IP addresses per router interface. Hence, it allows multiple Layer 3
networks to reside on
networks to reside on the same physical link. Secondary IP addresses can be useful
the same physical link.
when you want to add more networks without having to disturb the existing network
or to use it as a transitional network for network migration. Some people might just
want to run multiple logical subnets on one physical subnet. To add a secondary IP
address to the interface, the command is ip address [ip_address] [subnet_mask] sec-
ondary. The keyword secondary is used to specify the secondary IP address. The
secondary IP address configuration is as follows:
Router(config)# interface FastEthernet0/0
Router(config-if)# ip address 10.10.20.250 255.255.255.0
Router(config-if)# ip address 172.16.1.1 255.255.255.0 secondary
In order to configure the secondary IP address, the primary IP address must exist
first. There can be as many secondary IP addresses as needed. The secondary IP
address cannot be verified with the show int or show ip int brief command. The
results will only display the primary IP address information.
InterVLAN Routing Configuration

As previously discussed in Section 1-3, “VLAN Network,” each VLAN is its own
broadcast domain. It cannot forward traffic across its VLAN boundaries. However, InterVLAN routing
it is almost impractical in today’s applications for a VLAN not to be able to com- Enables communications
municate beyond itself. To enable communications among VLANs, InterVLAN among VLANs.
routing is required. router on a stick
The most logical solution to route traffic between different VLANs is to introduce Eliminates connecting a
or create a Layer 3 routed network between them. One traditional way is to con- link from each VLAN to a
router port by utilizing a
nect each VLAN to a router interface. Then, each router interface is configured as
trunk or 802.1Q port.
a different Layer 3 network. This enables VLANs to communicate and pass traffic
via the Layer 3 IP network. For a few VLANs, this does not present an issue, but
for a large number of VLANs, this could create some issues. This means that every
VLAN will require a physical connection to a router port. Router ports are expen-
sive, and this design can be costly as the number of VLANs increases and more
physical links are required. A more common and popular design is to implement
a router on a stick. The router on a stick design eliminates connecting a link from

each VLAN to a router port by utilizing a trunk or 802.1Q port. A single trunk port
is connected to a router, and it passes the tagged VLAN traffic to the router, as de-
picted in Figure 1-12.
802.1Q/Trunk Port
Building A Switch Building B Switch
802.1Q/Trunk Port
Default VLAN Sales VLAN Engineering Default VLAN Sales VLAN

VLAN
FIGURE 1-12 Router on a stick topology
This design requires that the router must be configured to accept the tagged
VLANs. A Layer 3 network is then assigned to each VLAN coming to the router.
To accomplish this, subinterfaces are created under the router interface at which the
switch trunk port is terminated. The subinterface is a virtual interface, and its nota-
tion is a dot followed by the subinterface number. In the example provided, the sub-
interfaces are listed as FastEthernet0/0.1, 0.2, and 0.3. For the ease of programming,
it is recommended to keep the subinterface number the same as the VLAN ID.
Recall that the default VLAN is 1, the Sales VLAN is 2, and the Engineering VLAN
is 3. The next step is to define the VLAN tagging encapsulation. In this case, it is
dot1q, which essentially is 802.1Q. With the encapsulation, the appropriate VLAN
ID is specified. Next, the IP address is assigned creating a routed Layer 3 network
for a VLAN. The following example demonstrates how to configure a Cisco router
for a 802.1Q interVLAN routing:
Router(config)#interface FastEthernet0/0
Router(config-if)#no ip address
Router(config-if)#interface FastEthernet0/0.1
Router(config-if)#description Default VLAN
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 172.16.10.1 255.255.255.0
Router(config-subif)#interface FastEthernet0/0.2
Router(config-subif)#description Sales VLAN
Router(config-subif)#interface FastEthernet0/0.3
Router(config-subif)#description Engineering VLAN

As mentioned in Section 1-3, an IP address can be assigned to a VLAN interface
for management purposes. The IP VLAN interface does not perform any routing SVI
functions when running as a Layer 2 switch. However, this concept is changed Switched virtual
in multilayer switching. Different virtual interfaces can be created on each of the interfaces.
VLANs. These interfaces are called SVIs (switched virtual interfaces). When an
SVI is created and the IP address is assigned, the multilayer switch that has routing
enabled can start routing VLANs. Thus, an SVI acts like a virtual router interface.
The SVI is another way to route VLANs. SVI’s deployment is common in multi-
layer switches. The following example demonstrates how to configure an SVI:
SwitchA(config)# ip routing

The command ip routing is entered to ensure the routing is enabled on a multilayer

switch. After that, the switched virtual interfaces are created for every VLAN that
we want to route. Then, the IP address is assigned to each SVI interface. By default
the SVI interface is not enabled, hence the command no shutdown needs to be is-
sued. The preceding example shows the steps on how to enable configuring an SVI
for VLAN 1 and VLAN2.
Serial and ATM Port Configuration

As mentioned in the previous section, routers can have different types of interfaces,
such as a serial and Asynchronous Transfer Mode (ATM) interfaces. At one time,
these interfaces were the standard of WAN connection technologies. Now, they are
being replaced by Ethernet WAN based technology. Some network engineers will
argue that the serial and ATM technologies are a dying technology and are now
considered to be obsolete. However, being obsolete does not mean they are nonex-
istent. Many of the rural networks in America and around the world still use these
technologies for their WAN connection and rely on these technologies to deliver
services to people’s homes and businesses. Therefore, it is still beneficial to have a
basic understanding of these legacy technologies and how they operate. After all,
knowledge is always a commodity.
Serial technology provides communications data rates for end users in the form of
DS-0 to DS-3 and T1 to T3. The T1/DS-1 and T3/DS-3 designations are actually DS
the same data rates and the terms are used interchangeably. The Bell system T car- Digital signal.
riers were established in the 1960s primarily for transporting digitized telephone
conversations. In the early 1980s, the digital signal (DS) subscriber lines became
available. Table 1-4 lists the data rates for the T/DS carriers. The DS0 designation
is for the base rate of the digital signal lines, basically the data rate of a digitized
telephone call. The DS0 channels can be multiplexed together to provide more
transmission bandwidth. For example, the T1 line is capable of carrying 24 DS-0
transmissions, which provide the data rate of 1.544 Mbps.

TABLE 1-4 Data Rates for the T and DS Carriers
Designation Data Rate

DS-0 64 kbps
T1 (DS-1) 1.544 Mbps
T2 (DS-2) 6.312 Mbps
T3 (DS-3) 44.736 Mbps
The communications carrier will require the serial data connection be made through
CSU/DSU a CSU/DSU (channel service unit/data service unit). The CSU/DSU provides the
Channel service unit/ hardware data interface to the carrier. This includes adding the framing information
data service unit. for maintaining the data flow, storing performance data, and providing line manage-
ment. The T1 data stream is broken into frames. Each frame consists of 24 voice
channels (8 kbps)—8 bits per channel plus one framing bit, for a total of 193 bits.
There are two framing techniques used in T1: D4 and ESF. D4, sometimes known
as SF (Super Frame), is the original framing technique. Later on, ESF (Extended
AMI Super Frame) was introduced as an improvement in data performance over D4
Alternate mark framing.
inversion. A fundamental
line coding scheme Along with Framing, T1 requires line coding. The data connection to the commu-
developed for nications carrier requires that the proper data encoding format be selected for the
transmission over T1 CSU/DSU. Data are encoded in such a way that timing information of the binary
circuits. stream is maintained and the logical 1s and 0s can still be detected. A fundamental
B8ZS coding scheme that was developed for transmission over T1 circuits is alternate
mark inversion (AMI). The AMI code provides for alternating voltage level pulses
Bipolar 8 zero
substitution. A data
V(+) and V(-) to represent the 1s. With AMI, a long string of 0s can produce a loss
encoding format of timing and synchronization. This deficiency can be overcome by the transmis-
developed to improve sion of the appropriate start, stop, and synchronizing bits, but this comes at the
data transmission over price of adding overhead bits to the data transmission and consuming a portion
T1 circuits. of the data communication channel’s bandwidth. The bipolar 8 zero substitution
(B8ZS) data encoding format was developed to improve data transmission over T1
Minimum Ones
Density circuits. T1 circuits require that a minimum ones density level be met so that the
timing and synchronization of the data link is maintained. Maintaining a minimum
A pulse is intentionally
sent in the data stream
ones density means that a pulse is intentionally sent in the data stream even if the
even if the data being data being transmitted is a series of all 0s. Intentionally inserting the pulses in the
transmitted is a series of data stream helps maintain the timing and synchronization of the data stream. B8ZS
all 0s. is sometimes referred to as clear channel by the Telecommunication engineers.
Both framing and line coding are configured at the CSU/DSU. The configuration
HDLC
must match at both ends of the connection. The CSU/DSU could be its own unit or
High-level data link it could be built into the router serial interface. Typically, AMI signaling is paired
control, a synchronous
with D4/SF, while B8ZS signaling uses frames that are grouped into ESF.
proprietary protocol.
PPP Two other serial line protocols commonly used in wide-area networking are high-
level data link control (HDLC) and Point-to-Point Protocol (PPP). Both protocols are
Point-to-Point Protocol.
A full duplex protocol
used by routers to carry data over a serial line connection, typically over direct con-
used for serial interface nections, such as with T1. PPP is used for serial interface connections, such as that
connections such as that provided by modems. PPP is a full duplex protocol and is a subset of the HDLC
provided by modems. data encapsulation.

The routers at each end must be configured with the proper data encapsulation.
Data encapsulation means the data is properly packaged for transport over a serial
communications line. The type of encapsulation depends on the hardware being
used to make the connection. The command for setting the data encapsulation is
encapsulation (encap). The options for the data encapsulation on the router can
be viewed by entering encap ? at the router’s (config-if)# prompt, as demonstrated
here:
Router(config-if)#encap ?
atm-dxi ATM-DXI encapsulation
frame-relay Frame Relay networks
hdlc Serial HDLC synchronous
lapb LAPB (X.25 Level 2)
ppp Point-to-Point protocol
smds Switched Megabit Data Service (SMDS)
x25 X.25
The following configuration example is from an older Cisco router, which has a
serial interface connecting to a CSU/DSU. The steps for setting the data encap-
sulation to HDLC and PPP on the Serial1/0 interface and configuring the serial
interface IP address are shown. The T1 encapsulation on Cisco routers is HDLC by
default, if the encapsulation is not specified. The encapsulation can be overwritten
by issuing the new encapsulation option. Finally, the interface can be enabled via
the command no shut.
Router# conf t
Router(config)# int s1/0
Router(config-if)#encap hdlc
Router(config-if)#ip address 10.10.128.1 255.255.255.0
Router# conf t
Router(config)# int s1/0
Router(config-if)#encap ppp
Router(config-if)# no shut
2w0d: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up
2w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
changed state to up
The status of the serial interfaces can be checked using the sh ip int brief com-
mand, as demonstrated here:
Router# sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 10.10.20.250 YES manual up up
FastEthernet0/1 unassigned YES manual administratively
down down
FastEthernet0/2 unassigned YES manual administratively
down down
Serial1/0 10.10.128.1 YES manual up up

The data encapsulation can be verified by using the sh int s0/0 command. The last
line in this example shows that the encapsulation is PPP:
Router#sh int s1/0
Serial0 is up, line protocol is up
Hardware is HD64570
Description: ISP Connection
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
The type of network being configured and the equipment being used to make the
direct connection determines the selection of the format for data encapsulation. For
example, Cisco routers automatically configure the serial interfaces to run HDLC,
but the Cisco routers support many data encapsulation formats. The HDLC data
encapsulation formats are implemented differently by some vendors, and there are
times when some equipment is not interoperable with other equipment even though
they both have specified the HDLC encapsulation. In that case, another encapsula-
tion format such as PPP can be used to make the direct connection.
On newer Cisco routers, there is a variety of T1 interface cards available. Most of
WIC them fall under these two types. They are either WAN interface cards (WICs) that
WAN interface cards. only provide data support or they are Voice/WAN interface cards (VWICs) that can
VWIC provide both voice and data support. These types of cards all have an integrated
Voice/WAN interface CSU/DSU, which makes it convenient for setup. In this case, a T1 connection with
cards. an RJ45 interface can be directly connected to the card. If the names WIC and
VWIC are not confusing enough, the configuration steps for these cards will cer-
service-module t1 tainly create some confusion. The configuration steps are presented next.
The router command for
configuring T1 framing, The first example shows the configuration of a router with a T1 WIC card. The T1
line coding, and the configuration, usually programmed on a CSU/DSU, is now done under a serial in-
clock source. terface. The T1 framing, line coding, and clock source are configured via command
service-module t1. In this case, ESF is selected as the framing technique, and
B8ZS is used as the line coding. The clock source line means the clock is provided
by the carrier through the T1 line. This is critical for synchronizing the T1 transmis-
sion. The timeslot defines the speed of the DS0 channel and the number of DS0
channels being used.
Router(config)#interface Serial0/1
Router(config-if)#service-module t1 timeslots 1-24 speed 64
Router(config-if)#service-module t1 framing ESF
Router(config-if)#service-module t1 linecode B8ZS
Router(config-if)#service-module t1 clock source line
Router(config-if)#encapsulation ppp

The second example shows the configuration of a router with a T1 VWIC type card.
The framing, line coding, and clock source are now defined under a T1 controller.
Next, a corresponding serial interface is created with an IP address and the T1 en-
capsulation:
Router(config)#controller T1 1/0
Router(config-controller)#framing esf
Router(config-controller)#clock source line
Router(config-controller)#linecode b8zs
Router(config-controller)#channel-group 0 timeslots 1-24 speed 64
Router(config-if)#interface Serial1/0:0
Router(config-if)#encapsulation ppp
You can verify the T1 status with the command show controller T1 slot/port. This
show controller T1
command displays the T1 status with details that one would find in a CSU/DSU.
slot/port
The output result shows the T1 is up in a good clean state. So far, there are no er-
Verifies the status of the
rors for the last 24 hours:
T1 interface.
Router#show controller T1 1/0
T1 0/1/0 is up.
Applique type is Channelized T1
Cablelength is long 0db
No alarms detected.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20090408, FPGA: 13, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Line.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (195 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail
Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail
Secs
Asynchronous Transfer Mode (ATM) is a cell relay technique designed for voice,
data, and video traffic. It uses fixed length data packets called cells. The size of ATM
each cell is 53 bytes with 5 bytes being the ATM header. The ATM protocol was Asynchronous transfer
designed for use in high-speed multimedia networking, including operation in high- mode.
speed data transmission found in SONET’s OC-1, OC-3, OC-12, OC-48, and
OC-192.

ATM is connection oriented, using two different types of connections: a virtual
Virtual Path path connection (VPC) and a virtual channel connection (VCC). A VCC is used to
Connection (VPC)
carry the ATM cell data from user to user. The virtual channels are combined to cre-
Used to connect the end ate a virtual path connection, which is used to connect the end users. Virtual circuits
users.
can be configured as permanent virtual connections (PVC) or they can be config-
Virtual Channel ured as switched virtual circuits (SVC).
Connection (VCC)
Five classes of services are available with ATM, based on the needs of the user. In
Carries the ATM cell from
user to user.
some applications, users need a constant bit rate for applications such as telecon-
ferencing. In another application, users might need only limited periods of higher
Switched Virtual bandwidth to handle bursty data traffic. Table 1-5 describes the five ATM service
Circuit (SVC) classes.
A dynamic virtual circuit
that is established on
demand by end devices TABLE 1-5 Five ATM Service Classes
through the Network-
Network Interface ATM Service Class Acronym Description Typical Use
signaling method.
constant bit-rate CBR Cell rate is constant. Telephone, video-
conferencing television
Variable bit-rate/ VBR-NRT Cell rate is variable. Email
non–real time
Variable bit-rate/ VBR-RT Cell rate is variable but can Voice traffic
real time be constant on demand.
Available bit-rate ABR Users are allowed to specify File transfers/email
a minimum cell rate.
Unspecified bit-rate UBR TCP/IP
ATM uses an 8-bit virtual path identifier (VPI) to identify the virtual circuits used to
VPI deliver cells in the ATM network. A 16-bit virtual channel identifier (VCI) is used to
Virtual path identifier. identify the connection between the two ATM stations. The VPI and VCI numbers
VCI are provided by the telco. Together, the numbers are used to create an ATM PVC
Virtual channel (permanent virtual circuit) through the ATM cloud, as demonstrated in Figure 1-13.
identifier. The VPI/VCI numbers (1/33) shown in Figure 1-13 are for the ATM PVC interface.
Router A connects to the ATM cloud via an ATM physical interface on the router.
Router B also connects to the ATM cloud via an ATM physical interface on the
router. In this example, the name for the physical interface on Router A is ATM 4/0.
This is comparable to the E0 name for the router’s Ethernet0 interface.
Router A VPI/VCI
1/33
ATM
cloud
1/33
Router B
FIGURE 1-13 An example of a connection to an ATM cloud

The following listing is from a router configured to run ATM:
Interface ATM 4/0
description net atm (1 2 3 4 5 6 7 8 9)
no ip address
atm scrambling cell-payload atm framing cbitplcp
no atm ilmi-keepalive
The first line, Interface ATM 4/0, identifies the physical interface being configured
(in this case, ATM interface 4). The second line, description net atm (1 2 3 4 5 6
7 8 9), is a description of the ATM connection. The name of the connection is net;
it is an ATM connection, and the telco circuit number is 1 2 3 4 5 6 7 8 9. The third
line, no ip address, indicates that no IP address is specified for the ATM inter-
face. The physical interface on an ATM connection is not assigned an IP address.
The two commands atm scrambling cell-payload and atm framing cbitplcp are
entries required to make the connection to the telco interface. Telco specifies the
format for these commands. The entry no atm ilmi-keepalive is used to disable the
generation of keepalive messages.
The next group of commands is used to configure the router’s subinterface:
interface ATM4/0.33 point-to-point
description PVC to CityB (1 2 3 4 5 4 3 2 1)
ip address 192.168.23.1 255.255.255.0
pvc netB 1/33
vbr-nrt 3000 3000 1 broadcast encapsulation aal5snap
The entry interface ATM 4/0.33 point-to-point indicates that the VCI number for
the subinterface is 33 and it is on the ATM 4 physical interface. It also indicates
that this is a point-to-point connection. The second line is for the description of the
subinterface. It indicates that this is a PVC for connecting to CityB’s network, and
the telco circuit number is 1 2 3 4 5 4 3 2 1. The third line specifies the IP address
for the subinterface.
The entry pvc netB 1/33 creates a PVC with a VPI of 1 and a VCI of 33. The entry
vdr-nrt 3000 3000 1 is used to configure the peak, average, and burst options for
voice traffic over the PVC. This parameter is typically specified by telco. The out-
put pcr (peak cell rate) is 3,000 kbps and the output scr (sustained cell rate) is 3000
kbps. The 1 indicates an output mbs (maximum burst size) of 1.
The entry broadcast enables broadcasts to be forwarded across the ATM PVC. The
entry encapsulation aal5snap indicates that the ATM adaptation layer 5 is to be
used to prepare the data for transmission over ATM. AAL5 encapsulation is typi-
cally specified to transport TCP/IP data traffic over ATM.
To display the ATM interfaces, enter the show atm vc router command, as demon-
strated in the following ouput:
router#sh atm vc
Interface VCD/ Peak Avg/Min Burst
Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts
2/0.32 1 1 32 PVC SNAP UBR 100000 UP
2/0.33 2 1 33 PVC SNAP UBR 3000 UP
2/0.34 6 1 34 PVC SNAP CBR 5000 DOWN

The 1/0.32 indicates this is the 1/0 physical interface and the .32 is the PVC. The
type is a PVC (permanent virtual circuit), the encapsulation is SNAP (the Subnet-
work Access Protocol), the service class is UBR, which is an unspecified bit rate
running TCP/IP. The bit rate is 100000 kbps and the status (Sts) is UP.
The next command shows how to display only a specific ATM virtual channel
(VC); the command is show atm vc interface atm1/0.33. This command only dis-
plays the atm1/0.33 virtual channel. The types of ATM interfaces typically listed
are DS3 (44.736 Mbps), OC-3 (155.52 Mbps), OC-12 (622.08 Mbps), and OC-192
(9953.28 Mbps) .
router#sh atm vc interface atm1/0.33
VCD/ Peak Avg/Min Burst
Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells
Sts
1/0.33 2 1 33 PVC SNAP UBR 3000
UP
router#
The last command examined is used to display information on the interface. The
command used is show controller atm slot/port. In this case, the information on
the atm1/0 interface is displayed. Part of the display for the atm1/0 interface is
listed:
router#sh controller atm1/0
Interface ATM1/0 is up
Hardware is ENHANCED ATM PA Plus - OC3 (155000Kbps)
Framer is PMC PM5346 S/UNI-155-LITE, SAR is LSI ATMIZER II
Firmware rev: X102, Framer rev: 0, ATMIZER II rev: 4
idb=0x638A43E0, ds=0x638AC000, vc=0x638F76E0
slot 1, unit 1, subunit 0, fci_type 0x03A9, ticks 226930
2400 rx buffers: size=512, encap=64, trailer=28, magic=4
Curr Stats:
VCC count: current=6, peak=6
AAL2 VCC count: 0
AAL2 TX no buffer count: 0
SUMMARY
The fundamentals of configuring and managing a campus network have been pre-
sented in this chapter. This has been an overview of the campus network infrastruc-
ture, and you should understand that each of the topics presented in this chapter
could easily be expanded to fill an entire textbook(s). What you should understand
from this reading is that configuring and managing a campus network is a major
task. You should appreciate the fact that configuring and managing a campus type

Bab1 Compressed

Uploaded by

Copyright:

Available Formats

Bab1 Compressed

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bab1 Compressed

Uploaded by

Copyright:

Available Formats

NETWORK

1-1 PHYSICAL NETWORK DESIGN

Router A ge-0/3/0 Router B ge-0/1/0 Router C

ge-1/2/0 ge-0/0/0 ge-0/2/0 ge-0/0/0

fa0/1 fa0/1 fa0/0 fa0/0

10.10.20.0 NET 10.10.10.0 NET 10.10.1.0 NET 10.10.5.0 NET

Access LAN A LAN B LAN C LAN D

Switch Switch Switch Switch

4 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

1-1: PHYSICAL NETWORK DESIGN 5

Selecting the Media

6 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

1-2 IP SUBNET DESIGN

1-2: IP SUBNET DESIGN 7

TABLE 1-1 Address Range for Each Class of Network

Class Address Range

8 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

The wireless computers (1 and 2) will use

FIGURE 1-2 An example of a home computer connecting to the ISP

192.168.0.64 128.123.246.55 : 1962

192.168.0.65 128.123.246.55 : 1970

Determining the Number of Subnetworks Needed for the Network

1-2: IP SUBNET DESIGN 9

TABLE 1-2 CIDR—Subnet Mask-IPs Conversion

CIDR Subnet Mask IPs

10 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

Determining the Size or the Number of IP Host Addresses

1-2: IP SUBNET DESIGN 11

FIGURE 1-4 Three different networks

12 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

There is an overlap between 192.168.0.0/23 and 192.168.2.0/22. Moving to the next

1-2: IP SUBNET DESIGN 13

TABLE 1-3 Completed Design of Subnets for Figure 1-4

Network Subnet CIDR Subnet Mask

14 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

FIGURE 1-5 The gateway for a network

1-2: IP SUBNET DESIGN 15

Switch 3rd floor

16 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

Virtual LAN (VLAN)

FIGURE 1-7 An example of the grouping for port-based VLANs

1-3: VLAN NETWORK 17

VLAN Name Status Ports

18 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

SwitchA(vlan)#vlan 2 name Sales

1-3: VLAN NETWORK 19

VLAN Name Status Ports

VLAN Name Status Ports

20 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

VLAN Name Status Ports

2 Sales active Fa0/2, Fa0/3,

3 Engineering active Fa0/6, Fa0/7, Fa0/8

VLAN Name Status Ports

VLAN Name Status Ports

On Layer 2 switches, an IP address can be assigned to a VLAN interface. This

1-3: VLAN NETWORK 21

Port Name Status Vlan Duplex Speed Type

Current configuration : 1411 bytes

22 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN