welcome to CCNA 200-301 course I'm super excited to share with you that I've decided to prepare a course for the new CCNA 200-301 exam and I can't wait to share more information with you but before I get into it I want to give you my quick background I've got a Bachelor's in computer information systems and I was pursuing my master's degree in network security and Midway I decided to drop out and instead I decided to pursue certifications because I was already working in the industry as an engineer and I thought certifications would provide better value for my money and time than a degree would and it turned out to be a great decision and that's exactly what I'm passionate about and I want to share this with you as well and hopefully you can do the same thing in your career and become extremely successful so what I ended up doing was I ended up picking an A plus certification and Security Plus certification from CompTIA along the way I picked up a couple of Cisco certifications like ccnp Enterprise which used to be called ccnp routing and switching ccdp ccnp service provider ccnp Data Center and also a couple of Microsoft search I feel blessed to have had the opportunity to work for some of the largest Fortune 500 companies and finally I've been teaching CCNA and ccnp classes for over 12 years and throughout my career I've been fortunate enough to coach and Mentor many students and Engineers who ended up achieving great success in their careers I'm humbled by this opportunity presented by God and my goal is to also help you do the same now back to the course so there are six sections of the entire course section one network fundamentals section 2 Lan wired and wireless Section 3 when routing section 4 IP services is Section 5 security fundamentals and finally Network automation this is going to be an amazing course guys I am super excited and if you're ready for your career to launch like that NASA spaceship get ready let's go Section one part one network fundamentals OSI model two things I'm going to cover in this video what is a network and we'll then do an OSI model Deep dive the four basic elements of any network are rules medium messages and devices let me explain so let's say Bob wants to talk to Alice Bob has a message like an email so this right here would cover the message elements Bob wants to send this email to Alice well Bob is using an end device right he's using a desktop in this case so that covers the device piece and what's in between Bob's computer and Alice's computer that includes the ISP in the middle and their home networks and all that that would be considered the medium and finally for all this to work seamlessly this entire thing we need rules we need a common set of language that is spoken on both sides on Bob and Alice's side for the systems to be able to understand what Bob sent and be able to decipher that message and successfully deliver it to Alice to do a little bit of a deep dive and to give you a little bit of a more real world perspective think about it at home you've got a PC that PC connects to a switch that switch connects to a router and that router connects you to your ISP which could be Comcast or atnt or whoever have you and this entire element there are a couple of components of what I'm pointing out here you got the end point right here which is the PC could be phone could be tablet whatever you got these cables in between these cables are connectivity or medium and these are important because these are the basic infrastructure element that allow communication to happen you got to have wires or some sort of Wireless signaling to be able to communicate your messages and then we also need a switch so that that's right here and we also need a router now the difference is switches create what's called a lan or a local area network and we'll talk a lot more about that momentarily and routers create what's called a Wan or a wide area network and wide area network is a collection of different lands connected together and that's what at a high level we have in a network next element OSI model also known as open systems interconnect model it was introduced by ISO the International Organization for standardization back in 1970s so it's been around a while it's a reference model that talks about how the network should behave and it's a seven layer model and you can see the layers highlighted here we have the overall model divided into two different parts you got the top layers these are called The Host layers and you got the bottom layers these are called the media layers bottom layers are the ones you're primarily concerned with as Network Engineers let's start at the bottom and work our way up at the very bottom we got a physical layer right above that we got a data link layer Network layer transport session presentation and then finally application one of the mnemonics you can use as a memory aid is if you start from top to the bottom is all people seem to need data processing in this mnemonic a stands for application P stands for presentation s stands for session T stands for transport n stands for Network d stands for data link b stands for physical so this mnemonic can help you remember the order of the OSI layers and this is very important from an exam perspective let's dig a bit deeper this time around let's look at the topmost layer what we have at the topmost layer of the OSI model is application now we're not talking about an actual application but the function that the application serves for example you might want to send an email that would be a function on an application layer or you might want to do a file transfer through FTP or perhaps a telnet that's how you log into a router remotely and be able to type commands and get feedback via CLI or HTTP you open up a browser and you want to surf web these are all different functions that are performed at the application layer a layer below that is a presentation layer this is where things like HTML comes in this is where jpeg comes in so when you go to a web browser and you open up an image whether it's going to be a JPEG or a PNG file it's determined by the presentation layer this is where MP3 comes in Avi all that good stuff layer below that session this is the inner host communication layer this is where things like Network file system and session initiation protocol comes in this is where operating system lives layer below that is a transport layer and this is responsible for end-to-end connections and reliability this is where things like TCP UDP and RTP your real-time transport protocol come into play a layer below that is called a network layer this is where path determination and IP is located so here is where IP comes in and routing protocols like rep ospf eigrp all that stuff layer below that at layer 2 we got ourselves Mac and LLC and we'll talk about those details in a moment this is where ethernet comes in this is where ARP lives for the most part but ARP is kind of unique in a sense that it's got the layer 2 functions and it does communicate with the upper layer at layer 3 because remember ARP or address resolution protocol is a mapping between an IP address and a MAC address and we'll we'll talk through those details later when we talk about layer 2 Section this is very VLAN comes in it's a layer 2 construct frame relay PPP these two are wider in it for Technologies and we'll talk more about them later in the course and finally at the physical layer which is layer one we got things like Cat5e we got multi-mode fiber we got single mode fiber so that's the OSI model on the left hand side right here on the right we got this model called TCP IP model and there's two different variations of this if you look at the old school one it was divided into four different layers but the new layer that's also highlighted in the new CCNA book is a five layer TCP IP model and that's a model we use today where application presentation and session are combined together into a single layer called application layer transport remains transport network is considered internet or we could interchangeably call it Network one below that is data link and finally physical now for exam purposes guys you guys need to keep this in mind so make sure that you guys memorize the OSI model because this is very important now the rest of this session is going into the details into the depth of OSI model so if what I just talked about didn't register with you hang in there it is going to make a lot more sense as we do a deep dive into each layer of the OSI model here's another important element you guys need to think about and that's the encapsulation process before I describe the encapsulation process another term that's important for you to understand is called pdu protocol data unit and data within the OSI model at each layer is called pdu so pdu for for layer 7 pdu for layer 6 pdu for layer five so on and so forth so that's a generic name given to data at each layer that's how it's represented the top three layers in the TCP model are combined into application this user has an email that needs to be sent to the computer on the right it's going to send data when this data gets to the transport layer or layer 4 of The OSI model is called a segment and transport layer is going to add a header to it a TCP header when it gets to the network layer it's called a packet and it's going to add an IP header when it gets to the data link layer it's going to add Ethernet header to it and finally the bits that get transported across the wire to the other side and then the other side looks at the bits looks at the Mac header removes it then sends the data upstairs goes to the LLC header which once again LLC and Mac combined are ethernet so once the ethernet header is stripped off the packet is sent to layer 3 looks up IP removes the IP header sends it upstairs to the to the transport layer transport layer looks at the TCP header removes it and finally sends the data to this guy right here who's able to read that email this is how the this communication happens now the process on the left is called encapsulation because we're putting envelopes or headers on top of the data the best analogy I can give you is the post office analogy and you take your package to the post office they stick a label on it and they provide you with the tracking number think of these headers that are added to the data as envelopes and there's a layer of envelopes that get added when the data travels from north to south from application down to the physical layer that's called encapsulation but when the bits get to the other side the other side starts to remove the matters that's called decapsulation the removal of headers and the addition of headers is called encapsulation so I just want to make sure that you guys get these two Concepts because most likely it's a good exam topic but also from a real world perspective it's good to know now what's the purpose of the OSI model for me it's three things first interoperability now that's a mouthful but what does that mean that means if I take a Cisco switch and connect it to an Arista switch when they're connected together they need to be able to talk to each other I don't want these companies using their own proprietary Technologies because then that locks me into that vendor and I do not have the ability then to do anything and as an Enterprise as a government or any type of business entity I need to have that flexibility to be able to interoperate so that's what the OSI model gives us the second thing it gives us is a common set of language that can be used by these different vendors to continue producing great networking products that operate with different set of Standards so for example layer one has its own physical layer standards and Layer Two has its own standards and layer 3 has its own standards so when you're looking at a device that operates at layer 2 for example it is only designed with layer 2 in mind it doesn't have any intelligence of layer 3 or layer 4 or any of the layers above it all it's concerned with is Layer Two so that is an important element and that's what also helps with the interoperability because that common language then allows these softer engineers and these Hardware makers to produce products that can talk to each other and integrate and interoperate and finally for me the big one is troubleshooting so let's say if you have a user who says I can't access any website well that means their internet is down right that's the first thing that comes to mind but how do we test if it's just the internet or maybe something else going on what we do is we have two different approaches one called top-down approach from a troubleshooting standpoint and the other is the opposite of that bottom-up approach and with these approaches you can what that means is top down means you start at the application layer and then you work your way down bottom up means you started with the physical layer and work your way up both approaches are valid it just depends what you are troubleshooting and based on the information that's given to you how fast you can get to the resolution of the issue that you're trying to address that's what it comes down to and as Network Engineers like I said we're primarily concerned with four layers so for us that's the focus area because layer five through seven is primarily used by software developers and programmers for Designing and writing code all right so now let's do a deep dive into the application layer so the very first thing I want to talk about from an application layer perspective is DNS so let's say you type in cisco.com in your browser the first thing that's going to happen is your local machine is going to check its local cash if that DNS entry is available it's going to use it but assuming it's not available it's going to go to What's called an IDs or internal DNS server now if you're a home user most likely you don't have a DNS server at home your IDs could be most likely your service provider a DNS server your service provider DNS server if it doesn't have an entry it's going to forward that DNS request for cisco.com over to root level domain servers there's a handful of root level domain servers on a global scale and the root level domain server is going to get that request and go well I don't know what the answer is but I do know someone who can point you in the right direction it redirects traffic to top level domain servers and these are.com dot org.gov dot mil in this case it's.com so it refers to the.com and then the top level domain servers redirect our request over to the second level domain servers they're also called authoritative servers and these are the servers responsible for hosting the actual website what's going to end up happening at that point is that the IP address for cisco.com will be provided to our internal server and eventually we're going to get that reply and we're gonna end up getting that web page now all this happens in a blink of an eye this is a very very fast process and another thing I want to talk about kind of taking a step back is why have a DNS process to begin with well guys if you get if you think about it computers only understand zeros and ones binary code whereas as human beings we're good with names more than numbers so for me it's a lot easier to remember cisco.com then remembering let's say 208.11.2 dot 22. okay it's gonna be a lot harder for me to memorize this and then let alone all the different websites dozens of websites that I surf in a day it's just not humanely possible so what we do instead is we have created this domain names system or DNS system that Maps names to IP addresses and this whole process that I just finished talking about let me go back to it is the whole mapping process and all these servers are responsible for redirecting traffic if you don't happen to have that information in our local cache in most of the instances if you're pointing to your local service provider DNS with all the millions of requests coming into them most likely they will have that answer so it should be a fairly fast process instead of having to bounce around all these different servers over the Internet another example at the application layer is the DHCP or dynamic host configuration protocol so when you plug your client into a switch what ends up happening is it sends what's called a DHCP discover request to the DHCP server the DHCP server responds back with the DHCP offer then our client responds back with the DHCP request and finally the server responds back to the DHCP acknowledgment at that point we pick up an IP address and that's what DHCP does right it assigns IP addresses automatically we don't have to manually assign IP addresses we just plug in our machine and gets an IP address magically but there is no magic I mean it's all DHCP that's taken place another mnemonic that can help you from an exam perspective is Dora what is Dora discover D offer o r request a acknowledgment so that's the Dora process for DHC now let's talk about transport layer transport layer utilizes port numbers to keep application sessions unique by creating a network socket and what's a socket It's a combination of source and destination IP and source and destination port number two common transport layer protocols that exist at this layer are called TCP or transmission control protocol and UDP or user data cram protocol UDP is a connectionless protocol to find an RFC 768 it sends data as best effort the biggest Advantage is that it's got low overhead only 8 bytes header and the application examples are DNS your voice video TCP on the other hand is a connection oriented protocol defined in RFC 793 it operates reliably but it comes at a cost so instead of eight bytes of UDP we're looking at 20 bytes of overhead in the header and the examples include web browsers HTTP basically email file servers Etc let's quickly take a look at UDP header I'm not going to go super deep because I'll have plenty of opportunity to do that throughout the course but just to give you a quick overview Source port and destination Port is important especially the destination Port because that's what determines what we're trying to access so for example if it's DNS that's Port 53 that's what DNS is mapped to so if you want to access DNS that request is sent over Port 53. now that happens behind the scenes we don't see it but that's how it works and as Network Engineers are expected to know this level of detail now another big thing is the length as I mentioned it's 8 bytes it's super lightweight now let's look at TCP next once again sourceport destination Port destination could be for example HTTP maybe you want to go to google.com that's Port 80 if it's https that's Port 443 the big thing here is that it's 20 bytes otherwise I mean if the differential is not that big we would have been better off just using TCP everywhere because it's reliable and there's sequence numbers and acknowledgments sent whereas with UDP we don't have sequence numbers we don't have acknowledgments so if we lose packets they're lost forever with TCP we have sequence numbers we can rearrange if packets arrive out of order with acknowledgments we can go ahead and acknowledge that we have received some certain number of packets and all that and there's some additional elements like windowing and things that I'm going to get into next there is this organization called Ayana the internet assigned numbers Authority and they have this RFC 63 35 that defines the different ports that are available and and all together the total number of ports we have available to us are 65 535 to start off with we have What's called the well-known ports and these are zero through 2023 these include SSH 22 telnet 23 SMTP 25 Etc then we have registered ports these are ports that are used by services like radius Network file system Sip and they go from 1024 to 49 151. and finally we have dynamic or private ports they're also called ephemeral ports and the reason they get the name of ephemeral is because they're very short-lived they're Dynamic and they're automatically allocated by our system so for example in your computer every time you're trying to access different applications and all your operating system can pick a port from 49 152 through 65 535 and just dynamically allocate it to the different sessions that you have opened could be different web pages or different video streams or whatever have you another important element from an exam perspective that you should memorize is this chart right here you've got about 20 ports or so that you're supposed to know by heart so that includes FTP which is 20 21 SSH which is 22 telnet is 23 SMTP for email is 25 tacx is 49 so on and so forth it may seem overwhelming at the moment but trust me as we continue going through the course we're going to continue referencing these different protocols and these different port numbers over time as you continue going through your CCNA studies this information will get pretty so solidified in your head and what you should do before you take the exam is memorize these to the best of your ability because most likely there's going to be at least one or two questions that you will be asked and this is also a really useful information from Real World perspective as you're troubleshooting and you know doing different things configuring Access Control lists for example and setting up Security on your firewall and allowing certain ports and blocking certain services this information can help you identify instead of having to constantly look this up if it's in your head you can just quickly make that happen as I mentioned earlier TCP has the ability to be able to reorder packets or segments at the destination so in this case as you can see the PC on the left PCA wants to send packets to PCB what's going to end up happening is it sends six segments and it sends data data is divided into different segments let's say six segments when these segments are sent each segment could potentially take a different path one segment could for example take this Green Path and the other segment could potentially take this red path for example to get to the destination and so on and so forth and result being when these segments arrive at the destination they may be completely out of order but TCP has the ability to reorganize or to reorder these segments because of the sequence number field in the TCP header another important concept from a TCP perspective is a TCP three-way handshake what does that mean well if Bob wants to talk to Ellis Bob says hey Alice I want to talk to you and sends a sin message Alice gets a send message and says okay Bob let's talk I also want to talk to you she sends a sin act back to Bob and Bob responds back says okay thanks and let's start communicating Bob sends an act back so this is also known as Sin sin Act that's the three-way handshake that happens when any communication Starts Now another example here let's say Bob has a session open to google.com and Bob no longer is interested he wants to go ahead and close that session by closing his web browser what's going to end up happening is when Bob kills that tab in his Chrome browser it he's going to send a Finn message once again that's one of the fields in the TCP header the server is going to get it and the server is going to send an acknowledgment back and then the server will eventually send out a fin or finish message and it's going to go ahead and receive an acknowledgment back from the client that it's ready to close at that point the communication is properly closed on both sides and the session is terminated there's another cool concept called TCP windowing where is sender and receiver negotiate a window size so let's say in this case the window size happens to be 3 000 bytes so as the sender is going to send two different sequence numbers along with sending segments so it's going to send a bunch of packets shoved into a segment 1500 byte long to the receiver and send another segment of 1500 bytes to the receiver at that point the receiver is going to acknowledge back telling the sender that I got it then the sender is going to go ahead and continue the process and the receiver is going to respond back saying I got it now this process is going to continue repeating itself until we get to a point where the receiver is no longer able to receive packets at that point it tells the sender to back off and that's what's called a sliding window because we have the ability to be able to slide the window up or down depending on whether or not the receiver is able to receive more or less segments if there's able to receive more we keep sending them more if they're not able to receive any more we Slide the window down and adjust now what's happening when the receiver slows down is remember sender had a momentum built in the center of ascending a lot of information at a very fast pace it's going to start storing stuff in its buffer and the sender's let's say if it's connected to a router Router has a buffer and a buffer ultimately has a q so the information sits in a buffer and there it sits in a queue if the queue gets full then what then what ends up happening is we experience a tail drop meaning we start to draw packets and that's not good hopefully we won't experience tail drop and we'll have the ability to re-transmit and continue forwarding packets but with TCP remember the the key with TCP is it has the ability to re-transmit so those packets are not lost forever we can always retransmit if you don't receive an acknowledgment number back and this whole tail drop in queue and buffer is qos we have a big qos section later in our course will go super deep into quality of service there now let's shift our Focus to layer number three the network layer two main functions of this layer are logical addressing IP addressing and packet forwarding and this process is called routing the whole idea is we want to find the most optimal path to deliver the information to the other side once again IP address is a logical address assigned uniquely to each device on a network and a couple of things to keep in mind from a layer 3 perspective is its connection less no connection established its best effort unreliable if the packet gets there it gets there if it doesn't it can all just be recent but remember at layer 4 if you're using TCP we have the ability to be able to resend but if you're using UDP if the packet gets dropped and it's lost and finally we have the media independent component now let's dig deep into each of these elements so the first thing is the connection less nature of Ip so what does that mean so when you have a ladder and you throw it in a post box the sender doesn't know if the receiver is present if the letter arrived and if the receiver can read the letter as a sender you cross your fingers and hope that it's gonna get to its eventual destination now what's happening on the other side is the receiver doesn't know when it's coming that's how IP operates at layer 3. next attribute it's best effort so what that means is when this guy a wants to send packets to the guy on the right B packets are routed through the network as quickly as possible some packets may get lost along the way but remember IP is not concerned with reliability if it if it gets dropped it gets dropped TCP will take care of it if it's UDP it gets lost as an unreliable Network layer protocol IP does not guarantee that all sent packets will be received other protocols manage the process of tracking packets and ensure their delivery like I said TCP for example that's the upper layer and finally the media Independence component and that has to do with the fact that whether you have copper Ethernet or copper cereal or optical fiber or copper ethernet or Wireless regardless of the media type IP packets are able to get from the source to the destination that's what ultimately it's all about sending packets from source to destination and vice versa that's what it comes down to next let's look at the IP header so IP header is 20 bytes in length it's got a couple of interesting fields in there it's a type of service has to do with quality of service like I said we have a big section so I will Reserve those details that may when we get into qos but it's how the traffic is treated and prioritized in our Network also we have TTL or time to live that's an interesting field if you didn't have this field and if he had some Rogue packets that had no destination we could have packets loop around in our Network forever and ever and ever but at layer 3 after they get to the value of 255 the packets just automatically die at that point then we have the protocol field that determines you know whether it's for example eigrp or ospf or l2tp or UDP or icmp that's determined here other two important fields are Source address and destination address that is very very important so ultimately it's all about sending traffic between source and destination like I said earlier that information is located here and all of this is based on RFC 791 if you want to learn more check out this request for comment and by the way this RFC there's this organization called ietf which is it stands for internet engineering task force they are responsible for writing RFC standards a request for comments and the whole idea is that the different layers of the OSI model they developed the different standards and they don't tell you exactly how things operate but they do tell you from a high level perspective how things should look like when you're trying to send traffic from source to destination so they get into those type of details into these rfcs and different vendors can use this information and develop their products accordingly now another element at Network layer is routing it's the process of forwarding information across a network from Source or destination it's composed of two fundamental elements and that is determining the the most optimal path that's the job of a routing protocol and then transporting packets through the network that's the routed protocol what's the difference routing Protocols are the ones that establish a communication Channel end to end so you can think of rip eigrp ospf Isis bgp and then you have routed protocol and that's the protocol that is responsible for actually carrying the data and that's IP ipx Apple talk now ibx and apple talk are pretty much dead IP is the de facto standard on a global scale so IP is what actually carries the data and that's what we ultimately care about it's the data but the routing Protocols are the ones that Define the patch so it's the way I look at it is routing protocol is like a road so if you go on a highway you got this road this path right that you ride on and then you got a car to me the car is the routed protocol like IP and the routing protocol Slayer is responsible for forwarding frames so now you're no longer concerned with packets the packets are now called frames and this layer is composed of two sub-layers LLC or logical link control this layer interfaces with the network layer and then we have the Mac or the media Access Control this interfaces with the physical layer so to kind of think about it conceptually what we have is the LLC which talks to layer 3 of The OSI model and then we got the Mac or the media access control which is the hardware address also called the MAC address talks to the physical layer which is layer one so data link is a very crucial layer that has this responsibility for speaking both to the upper layer and to the layer below it and finally the physical layer I'm gonna go really deep into the physical layer because I think it's a very important topic from a real world perspective so what happens at the physical layer is encoding we take the bits and we encode them into patterns recognized by layer 1 devices and we also have signaling here that determines how to represent the binary bit on a specific medium so for example if it's a copper then we'll be looking at sending voltage and that's how it's represented here as you can see encoding is the ones and zeros signaling is either the positive voltage or the negative voltage and ultimately we want to have an average voltage of zero on on a wire especially if you look at the Ami standard and then we got the media now going a little bit deeper into the signaling patterns all it comes down to is how the data is represented if there is a voltage on The Wire that's a one if there is no voltage on The Wire that's a zero once again voltage on The Wire one no voltage on The Wire zero and this whole sequence is considered a signaling pattern and we have different types of signals we have the electrical signals we have the light pulse fiber signals or the photons and then we got the Wireless microwave signals or radio frequency signals now let's talk about media so the actual physical cables we have the UTP or the unshielded twisted pair cable if you haven't seen it I'll show you a real world picture in a moment but it's the most common type of ethernet cable that you find either at home or at work what we have is color-coded plastic insulation for wires and electrically isolates wires from each other and identifies each pair it's a twisted pair and it protects a signaling signal from interference the outer jacket protects the copper wire from physical damage the other media you may be familiar with is the coaxial cable that's the one that plugs into so if you have a Comcast cable at home that's what you have you have this connector that comes in and it plugs into your modem cable modem and it provides you with a cable connection we'll also talk about fiber optic momentarily there are some physical wiring standards set by Tia eia and in particular 568 standard TI stands for telecommunications industry Association and EI stands for electronic Industries Alliance in what we have here is is straight through Ethernet cable and a crossover ethernet cable now the straight through Ethernet cable especially if you look at the t568b standard that's the most common standard out there you see how the transmit and receive pairs are connected as represented here and then the cross over they're mapped differently now one thing that I want to tell you here guys is it used to be a big deal that you would absolutely want to know the difference between straight through and a crossover cable otherwise your devices won't work but that is no longer the case a lot of the new devices are Auto sensing they have what's called Auto mdix feature and it's capable of automatically reversing the wiring functionality on the fly on the switchboard itself without having to swap the cables now a couple of things I want to draw your attention to so this right here is your ethernet cable connector this is called an RJ45 connector this is the one that you physically plug in to your computer or any other type of device that has an Ethernet port now what's an ethernet port ethernet port is this right here for example is considered a ethernet port this right here is considered an ethernet port this right here is considered an ethernet port so if you have like a 24 Port switch that means you have 24 ethernet ports on it and you have the ability to be able to connect these RJ45 connectors into these ports and another element you need to consider at this layer is the ethernet Nick or network interface card once again this looks familiar right it's the RJ45 Port so you plug this right in here as well now ethernet Nicks are commonly found in desktops laptops servers and other type of devices as a matter of fact even these ports on the switches um behind the scenes you actually have an Ethernet network interface card and they're mapped a little bit differently there's also an Asic mapping application specific integrated circuit we'll talk more about that in future videos but this is how these ports on these switches are architected and mapped okay straight through cable and crossover cable now for exam purposes you need to know from a real world perspective like I said it doesn't really matter anymore because the auto MD IX feature on Cisco devices have the ability to automatically detect the cable type and fix the pins but for exam purposes what you need to keep in mind is straight through cable so if you're trying to connect two dissimilar devices that's the key word here straight through diss similar so a switch connected to a computer switch to a router switch to a firewall to different devices you use straight through if it's the same type of device like Hub to Hub switch to switch router to router computer to computer or computer 2 router you use the cross over cable now let's shift our attention to fiber optics optical fiber is a cable made up of glass or plastic and is responsible for carrying light as signals primarily it's made up of glass more than plastic each fiber can carry many independent channels each using a different wavelength of light which is also called wavelength division multiplexing or wdm there are two main types of fiber optic cables multi-mode fiber and single mode fiber big difference between the two instead of going through all the little details here is that when the light is shined through the multi-mode fiber optic cable it can take many paths because it bounces back and forth and I'll show you visually in a moment what I mean or a single mode when the light is shined through a laser it shoots straight let me show you what I mean so if you look at this particular diagram here we got the multi-mode up top so as you can see we have light shining through the core of the fiber and you can see it's bouncing around the walls of the fiber and kind of taking different pants eventually it gets his destination but it's kind of bouncing around back and forth whereas if it's single mode as you can see the laser shines through and it's just a straight shot all the way through the core of the fiber another important topic guys is the optical components so the data is sent in the form of electrical signals but what ends up happening is linear Fiber Optic Cables plugged in the transmitter converts the electronic signals into the equivalent light pulses and the most common type of fiber connectors that you're going to see out there are the SC connector primarily for multi-mode fiber and the SD connector primarily used for the single mode fiber another topic I want to talk about which is beyond the scope of the CCNA exam but from a real world perspective important and I think you should be aware of that is the wdm wavelength division multiplexing is a technology which multiplexes multiple OC signals or Optical carrier signals on a single optical fiber by using different colors or lambdas or wavelengths of laser to carry different signals it's further divided into two different patterns we have the cwdm or conventional or coarse wdm it provides up to 16 channels and the max throughput is 10 gig and then we have the higher quality dense wave division multiplexing or dwdm it provides up to 50 channels at 100 gigahertz spacing or 80 channels at 50 gigahertz Max throughput 80 wavelengths of OC 48 a total of 200 gig per second or 40 wavelengths of oc1 attitude which is a total of 400 gigabits per second now that being said guys there are new standards that are actually taking things to the next level dwdm is a very exciting realm there's a lot happening there and we're seeing constant new development happening on a global scale because we're in dire need of more and more capacity to connect the entire Globe so I expect to see a lot more Innovation happening in this space over time now let's look at a couple of different physical topologies we have a bus topology so what's a bust topology it's a single backbone cable terminated on both ends as being shown here all hosts connect directly to this backbone as you can see in a ring topology we have every single host connected to the other host and when we complete the cycle where the first host connects to the last host it becomes a ring and finally we have the star topology where we have all the cables connecting to a central point now this is the most popular type of topology in today's networks right so if you think about your home or whatever so you got this Wi-Fi access point at home that has all these Wi-Fi devices laptops tablets smartphones connecting into it and also physical cables plugged into it for example if you have your Playstation or Xbox physically plugged in or your Apple TV or Roku or whatever have you all together I mean everything connects to a central point in your network and that represents a star topology the local area network or LAN it's limited geographic area it's typically within a building or within a house it's high bandwidth media because you know if you think about things that you're doing at your home you require a lot of bandwidth it's under one Administration and it's always on connectivity the Lan Technologies are ethernet token ring and fddi fddi stands for fiber distributed data interface it's obsolete because it maxed at 100 mag for fiber optic and so it's obsolete token ring was an IBM standard came out in 1984. it's also obsolete even though at the time it was considered revolutionary because it avoided collisions but ethernet became the dominant standard because at the time and token ring and ethernet were competing ethernet was much cheaper to implement so the cost helped ethernet win over and token ring just went by the wayside and from Lan devices perspective you got yourself routers switches wireless access points Bridges hubs and repeaters now hubs are mostly obsolete so are repeaters on the land but you might see repeaters within the service provider Network for extending their fiber optic for example but that's a whole different animal completely outside the scope of this exam but just wanted to throw it out there now a couple of things that I grabbed from the book because I think they were pretty cool I'm referring to the Cisco official cert guide volume 1 is the IEEE physical layer stand standards so what we got is the 10 base T which is 10 Meg is called ethernet when we go up to 100 Meg that's called Fast ethernet but when we go to a gigabit that's 1000 mag or one gig it's called a gigabit and then we got the 10 gig 40 gig and 100 Gig but one thing I want you guys to keep in mind is 10 Meg is over copper unshielded twisted pair so is 100 now at one gig you may get a fiber or you still have the ability to do copper even at 10 gig you have the ability of course to do fiber but you also have the ability to do copper but beyond 10 gig you can no longer use copper at least not today if that changes in a couple of years from now maybe but not today and you have to use Fiber at 40 gig and Beyond and same thing with 100 Gig now let's look at the media and segment lengths per IEEE IEEE stands for Institute of electrical and electronics Engineers they have developed all the ethernet standards including the wired and wireless standards that you see out there so a couple of things to keep in mind the length so that's another thing to think about guys the copper is limited to 100 meters or 328 feet you cannot go beyond that that's just a physical limitation of copper 100 meters or 328 feet that's just pure physics and we nobody can beat physics right so that's it but with fiber optic though we have the ability to go up to 550 meters which is 1800 feet which could potentially mean we can span across multiple buildings within the same campus for example or we even have the ability to go up to five kilometers which is 3.1 miles now let's continue digging into this from 802.3 10 gig standards perspective purely looking at fiber optic we got the 10 base 10 gbase as standard which is multi-mode 400 meters we got the 10g base LX 4 standard once again multi-mode 300 meters we had the 10 gbase LR long range that's single mode and that goes up to 10 kilometers and then we got the 10g base e which is also single mode goes up to 30 kilometers and we're talking about without repeaters just a single piece of wire going from one building to another building without any repeaters in the middle you don't have to amplify the signals and finally a comparison between UTP multi-mode and single mode fiber so relative cost of cabling UTP is low it's the cheapest multi-mode is medium single mode is kind of medium but the difference from a real world perspective cost wise is fiber optics is about three to five x more expensive than multi-mode so something to keep in mind once again cost of switch Port low medium high max distance 100 meters can't go beyond that on copper multi-mode 500 single mode can go up to 40 kilometers without using repeaters susceptibility to interference electromagnetic interference some when you have the the copper none on fiber optic at all and the risk of somebody comping from cable emissions so believe it or not there are devices let's say if you have a Russian spy trying to steal data from your network they could potentially use a device that is capable of copying data off of the cable emission and UTP can do that whereas multi-mode none you cannot do that at all if you want to steal data off a fiber optic you have to physically patch into the path of fiber optic which is a pretty major breach and you can somehow get found out so when we talk about cyber security guys security starts with physical layer all this keep that in mind you know security is a fancy topic and gets into a lot of interesting stuff but security always begins and starts at layer one remember that next thing you want to look at is the wide area network so that's the large geographical area low bandwidth media typically have serial interfaces here the connectivity here we have private lines or lease lines whatever you want to call them especially if they're like private circuits but you can also have public circuits like internet which are always on we have Technologies like sonnet or synchronous Optical Network we have T1 E1 we have DSL we have ISDN at some point it's going to become obsolete over the next few years but some parts of the world you still have ISDN once again cwdm and dwdm we talked about and when devices you have routers ATM frame relay switches these Technologies kinda exist but they're slowly being deprecated and then you have modems a couple of other important elements I want to talk about what's a bandwidth and somebody asks you do you know can you tell me what the definition of a bandwidth is well what you need to tell them is it's a theoretical measure of how much data could be transferred from source to destination in a given time frame it's a theoretical measure okay it's measured in bits per second megabits per second gigabits per second it's finite and the cost the financial cost is related to the amount of bandwidth well now that we have talked about bandwidth I think it's very timely to talk about throughput what's the difference well throughput is the amount of data moved successfully from source of destination within a specific time frame so the difference is the other one was theoretical and this is the actual that's a difference and factors that typically affect throughput include number of devices number of users the type of data the network topology whether it's point to point or Hub and spoke fold Mash whatever have you physical media whether it's ethernet you know CAD 5e or multi-mode fiber or single mode fiber all these things collectively determine the throughput when bandwidth physical layer standards you got the DSL which gives you anywhere from 128 kilobits per second to eight megabits per second ISDN was 128 kbps frame relay like I said being deck brick it gives you up to 44 Meg D1 E1 and a half magnet do mag once again D standard is the U.S standard and E is primarily used in emea which is Europe Middle East and Africa and then e3t3 the optical carrier which is OC and the SDS synchronous transport signal it goes from 51 Meg up to 40 gig and now we have 100 Gig and 200 gig standards available as well welcome to CCNA 200-301 course today we're going to look at section one part two we're still dealing with network fundamentals but what's different is that we're now looking at Network architectures and basics of Cisco CLI here are the topics I plan covering today first we'll look at Network architectures in two particular type of network architectures in particular Lan architecture and Wan architecture and finally we look at basics of Cisco CLI let's Jump Right In from a lan architecture perspective we have the infamous three-tier campus Network design and what we have in this architecture is we got these access layer switches that have the PCS plugged in uh laptops we could have servers plugged in here different devices you could also have a voice over IP phone plugged in do the search directly so these are the end devices here at the access layer that needs to be connected to the network taking a step back here is switch is a very important device when it comes to building a network that's one of the most fundamental components you need to start building in network and access layer provides access to the different endpoints like I said right so we got endpoints that are connected do the access layer switches what ends up happening next is that we have distribution layer switches and in distribution layer these are basically aggregations such as that are taking a bunch of connections from the access layer switches and combining them into a distribution layer also called aggregation layer and here the idea is that we got all these different connections coming from the endpoints it becomes a point of consolidation it handles all the different links that are coming from the access layer switches and in particular we call these links that are going up and getting plugged into the distribution layer switches from the excess layer uplinks they're very conveniently named uplinks all the links that are facing the clients and the endpoints these are called down links okay so this is an important terminology to understand when somebody says where's the problem down link or an Uplink immediately you should have you should get this picture in your head as you're troubleshooting a picture where you understand that the downlink means the the ports that are facing the end points and the uplinks mean interfaces that are facing the switches upstream and finally we have a core layer and the whole reason we have a chord layer in our network is to consolidate a bunch of distribution layer switches so this comes into play this type of model a three-tier campus model is suited for large Enterprises you're looking at Fortune 500 companies possibly up to Fortune 5 000 but these are gigantic large corporations with a ton of locations and what you end up doing is you take a bunch of different buildings and you consolidate them together and interconnect them together and core layer is what connects those different buildings together so for example in building one you may you'll have distribution layer switches in building one and then you have building two that has its own distribution layer then you have building three that has its own distribution layer such as building four same thing and so on and so forth well how do you connect all of these distribution layer switches together one way would be to actually interconnect them all in a full mesh and full mesh gets really really ugly really quickly you wouldn't want to do that instead what you do is you have these distribution layer switches and we end up using one of the buildings as the primary building so let's say building one might become the core of our Network and this is where we would install core switches and all of the distribution switches from different buildings would physically run their cables and get plugged into the core into building one and that's why we need this three-tier hierarchical architecture and another reason we need hierarchies because it's easier to troubleshoot it's easier to design our Network plus it's easier to make purchasing decisions when you're looking at buying access layer switches versus distribution layer switches or core layer switches each layer serves a different purpose so it makes your choice as an end user a lot easier to decide how to plug different switches into each layer so makes it like a Lego block type approach where you just fit the different blocks into the different layers for its own purpose next let's look at the two-tier Network design in this model what we have is we got these endpoints at the bottom our phones PCS laptops IP phones and all that they're all connected here at the bottom directly into the access layer switches and then we got it collapsed we call this a collapsed core uh or we can call it a course slash distribution layer so here we don't necessarily need a separate core layer and where this comes into play is if it's a small to medium-sized business where you don't have a lot of locations let's say you started a brand new business and you got building one and a few months later you got building two your network is not that large you can get a way of just having a bunch of distribution layer switches interconnected together in both buildings it isn't until you start adding more buildings and your network grows to a certain point that you would actually even consider looking at adding core switches and next I would like for you to look at the modular campus Network design this is taking the access and distribution and core so here the picture is flipped so we got the access switches all the way up at the top this is where the end points are plugged in right then we got a bunch of these links coming from the access switches into the distribution for aggregation right so that's our aggregation point and from there we further consolidate and interconnect into the core and the whole idea's core is where you would have your wide area connection for example at the bottom as you can see or you can have your data center connected or Internet and you might say well whoa what is what is this well up at the top you got our standard campus design right access distribution core at the bottom we got access distribution and core for interconnecting different services for example these endpoints that you have plugged in so if I'm a user up at the top let's say if I'm Bob and I've got a desktop that's plugged into in one of these switches well what does Bob need to do to do his job well Bob would need to connect to either wide area network to access some applications or perhaps maybe a some server that's sitting in a data center plugged into let's say one of these switches at the bottom here or Bob may need to access the internet you know maybe Google something or whatever right or maybe watch cat videos on YouTube uh if Bob has nothing better to do right um it's all possible because of this architecture so Bob would interconnect to the excess access would interconnect them to the distribution distribution will connect them to the core cores where the internet is plugged in uh through its own access distribution and core and then finally it will allow access to Bob and this is how the traffic flow may look like traffic flow might take a different path but for Simplicity reasons let's say this is the path that traffic took to allow Bob access to the internet so this is what's called a modular campus design we have these modules that we use to allow access to our end users because ultimately the network is exists for what reason the entire reason for setting up a network is to allow users access to different applications so they can do their job efficiently and effectively that's why we build networks and as Network Engineers we're concerned with how all the different network devices interconnect with each other and allow the traffic to flow through and that's our job now next I would like to give you a quick review of The Cisco campus searching Hardware portfolio but before I take you to Cisco's website couple of things I want to bring to your attention there are three main types of switches you got the fixed configuration switches you got the modular configuration switches and then you got the stackable configuration switches and I'm gonna go through each type on Cisco's website a couple of things to consider before you make a purchasing decision you need to think about how many ports you need you also need to think about are you buying switches for your access layer or distribution layer or core layer or are you buying switches for the entire network if it's you if it's a brand new location and a brand new site maybe you need switches for all three layers or maybe you're a brand new business and all you need to do is just have two layers instead of three tier architecture you could do that too but these are the things you just have to consider you have to think about the port density how many ports do you need a 24 Port switch or a 48 Port switch what do you need switch throughput what kind of throughput do you want a line rate throughput line rate throughput would mean that if you have a 24 Port switch and each Port happens to be one gig that's one gig times 24 that's 24 gig so that means that you need a switch that has the ability to operate at a 4 full 24 gig there is no contention ratio meaning there is no bottleneck each Port is able to access at a line rate typically that's not the case you don't in campus environment you don't need switches because those end up becoming really expensive switches when you want to get wire speed switches they end up becoming very expensive typically in a data center environment is where you would want switches that have no contention ratio in campus environments you're going to have eight to one type ratio is very common four to one a 16 to 1 type of ratio you're going to see stuff like that the next thing you need to consider is poe or power over ethernet and this is important because it just depends how many voice over IP phones you have in your environment so if you're going to have a lot of voice phones or zip phones you're going to need Poe power over ethernet meaning you know you know those switches get their power from the ethernet cable you don't have to plug them in separately into using this external power supply instead the ethernet port that's plugged into this the phone Powers it up versus non-poe so we also call that data Port so data Port versus voiceport you need to Define how many ports you need plus you need to decide whether you need a copper switch or fiber switch once again in a campus environment copper switch is very common you may need a couple of fiber switches to connect the different floors together for example you also need to consider power do you need redundant power do you need a switch that has multiple power supplies in it and finally scalability does your switch allow you to grow as your environment grows or are you stuck with that switch meaning if you get a fixed configuration switch As I alluded to earlier and if it's only 24 ports and you got 24 users on that floor you're done the minute you hire a 25th person now you need a new switch to be installed on that floor so something to think about and that's what I mean by scalability now without further Ado let me take you to Cisco's website so we can do a deep dive so what we'll do is we'll go to cisco.com so you go to products networking switches once we come to this page what we want to do next is we want to scroll down and you want to get to a point where it says view all Cisco switches click on that link and you will be absolutely Blown Away when you look at this especially if you're brand new to networking and you haven't really worked with switches before and let me explain what I mean so look at how many different categories of switches you got Blitz which is campus land data center industrial ethernet infiniband Network management blah blah blah I don't want you to get overwhelmed the only type of searches you want to pay attention to are these switches right here campus Lan access you want to look at campus land core and distribution and that's it these are the only two type of searches I want you to be concerned with later on in the course you can also look at data center switches but right now I don't want you to get overwhelmed let's focus in on campus line switches and the core and distribution such as that said now let's go ahead and click on the access switches now here are the different categories of access switches what I want you to pay attention to is Cisco released their Catalyst 9k or the 9000 Series a couple of years ago and this is the series that Cisco has been pushing the most lately so if you're in the market looking to purchase switches this is the series you need to be focused on you need to be looking at Catalyst 9200 9300 and 9400 switches for your campus access and these 9400 switches could also be potentially used as your distribution slash core collapsed as well and I'll I'll tell you more about it in a moment and if we were to look at the campus land core switches right here you'll see we got the Catalyst 9600 it's a fairly new series it was launched a couple of months ago Catalyst 9500 don't worry about the 6800 Cisco is eventually going to Sunset the 6800 platform 6500s have been around forever so so forget about that and some of these other switches are kind of going away as well you you primarily need to focus on The Cisco Catalyst 9 cased line or the 9000 Series that's what you need to be focused on now let me take you to the 9200 series as you can see here these are fixed switches and look at the let's look at the different models that they offer what I would suggest is every time you look at a switch the best way to learn more about it is you look at their data sheet and Cisco does an amazing job with their data sheets I really like their data sheets they do a really good job so it will tell you how many ports maximum what type of capabilities whether or not you have redundant power supplies or not redundant fans whether or not you have different additional capability abilities layer 3 and whatnot and what type of throughput overall whether or not these switches are stackable or not as I mentioned we have three different types of switches we got the fixed switches we got the modular switches and we got the stackable switches now these 9200 series switches they fit two categories they fit the fixed switches category and they also fit the category of stackable switches and let me show you here you can see if you continue scrolling down you can see how many ports how many down links like I said and Uplink and you got the modular Uplink models meaning you have the ability to install Uplink modules yourself and you can pick different types of configuration or you can purchase switches that have fixed Uplink modules in them and these are the network modules I'm referring to the ones that have the ability for you to install you pick one of these like for example four by one gig you can do four by ten gig 4 by 10 gig means four interfaces of 10 gig each four by one means four interfaces of one gig each so on and so forth and these switches have redundant power supplies in them as you can see each power supply has a single power cord connection coming out of it so you need to make sure that you have redundant pdus or power distribution units that these switches are going to get plugged into and the modularity means that you have the ability to be able to pull slide different modules out and slide them back in also these switches have the ability to be stacked so that means maximum number of switches that you can stack together are eight and let me show you a picture of a stacking configuration so here's a picture so basically this is the back side of these Catalyst 9200 switches and what we're looking at are these stacking cables and see how they're connected together and what that means is in this picture we're seeing four switches being stacked together via these stacking cables even though physically they're four separate switches but we need when you use stacking cables what it does is it makes them appear as a single switch instead of four different switches so one of these is going to become primary when you stack them up like that let's say the first one here becomes a primary switch when you log into it by CLI and we'll talk more about CLI in a moment command line interface what ends up happening is you see if each of these has 24 ports 24 times 4 is 96 ports right so what you're going to see in CLI is like literally you're going to see as if you have a single switch at 96 ports on it instead of four different switches or 24 ports each so it's really unique it's really interesting makes a lot easier for you to configure also the control plane combines it makes the configuration a lot easier you can take advantage of redundant links operating in active active fashion things of that nature so that was the overview of 9200 series now let's go ahead and take a look at the 9300 series it's very similar to the 9200 series and let's go ahead and take a look at the data sheet of the Catalyst 9300 these are the next class of switches 9200s are the most basic Bare Bones switches you can get whereas 9300 have a lot more horsepower and much better overall throughput they're also stackable switches by the way and very similar configuration 24 Port 48 Port you got data only switches you got Poe plus switches or upoe Universal power over ethernet These suck up more power so you'll see you know stronger bigger better power supplies on these compared to the ones that are just Poe Plus for example we'll talk more about Poe later in the course and once again you got the modular Uplink capability and then you got the fixed Uplink capability and you got all these different modules you can get um power supplies once again you have redundant power supplies you got redundant fans so you have a lot of redundancy there in case if one of the power supplies failed the other power supply has the ability to completely take over and become the primary power supply so you continue to run operations even if you had your search had experienced a single power supply failure that's pretty much it for the 9300 and now let's quickly take a look at the 9400 because this is a very interesting series because this is a cross between distribution slash core so let's look at quickly look at the data sheet here and these are modular switches by the way and modular switches are chassis based and you'll see what I'm talking about when the picture shows up but these switches as you can see they take up a lot more rack units instead of you know like a 1u or 2u these are much larger in size by the way there's a couple of other things you want to think about when it comes to modular switches and that has to do with the fact that modular switches require line cards and line cards are essentially the interfaces that you need right so an example of a line card would be here's an example of a line card you got this line card that is all RJ45 and you have the ability to plug in Copper ports so this is a copper line card you this right here is a fiber line card you can plug in fiber Connections in here and this is how it would look like once you plug in all of your line cards and soup modules now another thing I want you to understand and keep in mind is that on these modular switches you need line cards that provide interfaces and you need supervisor engine modules and the soup module they're also called soup modules these soup modules are the ones that are the brains of the entire switch without it switch is just a shell you need the supervisor module that has the CPU memory and all that it you know is the brains of the entire solution and it operates and it it runs the switch the reason you have two is for high availability and redundancy only one is active at a time when the primary fails the secondary supervisor engine takes over now coming back to the slots the 9404 chassis even though it has four slots you can only put two line cards in it because there are two dedicated slots for the supervisor engine same thing for 9407 here you have seven slots available but you can only use five for the line cards and two for soup module and then the 9410 once again you have two slots that are dedicated to the soup module and you can put you can insert eight line cards in this particular chassis and a lot of it's it's becoming customers new favorite switch a lot of the customers I know are replacing their old Catalyst 6500s with these 9400 series such as depending on how many modules they need and you also got this 9600 series that was just recently announced a couple of months ago here's the cat 9600 switch currently it's only available in one configuration option and that's 9606 that's the only option that's available today most likely they will Cisco will add additional options but right now that's all you got but it's a very very powerful switch in the Catalyst 9k family this happens to have the highest capabilities like if you look at not up to 9.6 terabit per second and a wire switching capacity with 3 billion packets per second I mean this switch is a monster right up to 48 non-blocking 100 Gig ethernet qsfp28 ports like I said this thing is an absolute monster for being a campus class switch it's almost a data center class switch in my opinion in terms of the capabilities offers but it does have a lot of uh campus type capabilities and that's why it's positioned as a campus core switch and it's all about wire speed packets come in packets go out and that's the whole purpose of the core now let's shift our attention to The Wider in network architecture not that we have talked about switches now let's talk about wide area network and routers but before we talk about routers let's take a step back and look at the wide area Network Technology from a high level perspective first so what we have is the overall wide area network is divided into two different categories you got the private when and you got the public win the private when you got two sub-categories dedicated and switched under dedicated you got leased lines T1 E1 T3 E3 they're still around but they're slowly being deprecated over time because it was sort of an expensive architecture to maintain for the telcos and the different service providers on a global scale and trust me I know this because I used to design least lines and frame relay and mpls networks I'm very familiar with that and then the other category is Switched Network within the switch Network category you got two subcategories circuit switched and packet switched under circuit switch we got the pstn and ISDN pstn and ISDN ISDN is almost dead but it's still there uh pstn is also slowly going away but you still got your pris and things like that which are part of the pstn for voice capability and then you got the packet switched where the Metro ethernet comes in mpls frame relay ATM this right here is the most popular type of private when uh type of connectivity that's preferred by Enterprises on a global scale today and then you got the public land which is basically the internet and you got the broadband and VPN capabilities here you got things like DSL cable wireless like LTE 4G 5G and all that jazz it's all up here now before we dig deeper I want to take a moment to to discuss with you and articulate the difference between circuit switched work versus packet switch because I think it's a very critical difference for you to understand so let's go ahead and do that right now so here's a picture of a circuit switch Network so if you think about an old school analog phone right the one that had a dial tone right when you lift up a handset on your old school analog phone you would get a dial tone that dial tone is provided by this particular switch in the central office in the service provider central office to be more specific and when you would if you were to dial digits and if you were to successfully dial digits for the called party the phone would actually start ringing on the other side right and before they would lift up the handset you would actually have a dedicated Channel all the way through the network it's 100 dedicated nobody else can use this it's completely dedicated to you when you make that call and the minute the other person pick up sick picks up the phone that's it this circuit is now busy and that's why if you guys recall for those of us that have actually used analog phones I'm pretty much giving away my age at this point um um you know if an analog what would happen is you would get a busy tone if you were to call someone who wasn't available or if you didn't have enough bandwidth available within the core of your service provider if any of these central office switches was busy or didn't have enough circuits left over you would get a busy tone or a busy signal right so this is a circuit switch Network where we have an entire path carved out now the benefits of this is the fact that we have dedicated and reliable bandwidth because it's completely carved out and we won't experience any um any degradation or anything because we have a dedicated Channel on the flip side the downside of of this is the fact that hey you have limited capabilities within the core of the service provider right you can only create so many circuits before you run out of capacity and that was a huge problem for service providers just do so to solve this problem they came up with the other architecture that we're going to talk about in a moment and that architecture is the packet switched Network in a packet switch Network it's the opposite of the circuit switched here we don't nail up so I have a server here and I have a server here this could be a client let's say this is a let's say this is Bob sitting on his desktop computer he wants to talk to this server right here well when Bob wants to connect with the server his packets can take any path in this network this could be one of the potential paths the other path could be going from here to there to here to here there are different paths it's not for good take for for Bob to be able to connect and then we have cues right and the cues are used for when the packets have to wait inside of the router or a switch for it to be processed traffic has to sit in a buffer and the router then decides how that traffic should be treated it's called key OS I'm kind of getting ahead of myself Qs is one of the topics that we'll discuss further down the road in this course but just do understand that qos and all that comes into play when you have a packet switch network but here the big benefit is we have a lot of different paths we have a ton of capacity and the more capacity we add the more ability we have to be able to connect Bob to the server that it's it wants to connect to the flip side is that the there could be latency at times so for example at 9 00 am Bob might connect to the server with let's say 30 milliseconds of latency but at 3 pm when Bob connects to the same server his latency might jump up to 90 milliseconds well what happened there what caused that 60 millisecond Delta that's huge well unbeknownst to Bob there's a lot of stuff happening inside the core here right the packets have to take a different path so it just depends time of day when the Bob is accessing the other the destination inside the core of the service provider our packets may take a different path this is where key OS comes in and traffic engineering comes in and we don't have to worry about that as a regular user but this is something you have to keep in mind that's what a packet switch network is now let's talk about a couple of different ethernet Technologies in particular Metro ethernet this happens to be the most popular type of Technology on the market today Metro ethernet defined by MEF or Metro ethernet forum you can Google MEF and and you'll get to learn a whole bunch about of you'll get to learn a whole bunch about MEF and what they offer in particular there are three different topologies that Metro ethernet has first we'll discuss today is e-line or ethernet line service this right here the name suggests is a point to point circuit we call it ethernet virtual circuit so CE is a customer Edge router and PE is a provider Edge router uh these routers we don't have to worry about because service provider a t Sentry Link whoever have yes Comcast they manage this stuff we don't worry about it all we get is a circuit from them we plug in the ethernet port into our router and on both ends and we're in business they do all the magic in the middle and here like I said in the e-line scenario we have an Ethernet virtual circuit created by the provider Edge and the core now with e-line what we can get the next level up is we could get point to multi-point type of connectivity here even though it's still point to point because each circuit is considered unique right this is one circuit up at the top and then at the bottom we may have another site that we're connected to over wide area network and this is another point to point so in reality these are a bunch of more than point to multipoint these are a bunch of point to point circuits but it's more like a hub and spoke topology right if you think about it because you got a hub on the left here and you got these spokes to the right and these folks talk to the hub through these virtual circuits this is the e-line this is the E line now let's talk about ethernet Lan service now this happens to be the most popular because you have what's called a full mesh connectivity here full mesh means every connect everyone is connected with each other through these virtual circuits that are created by these provider Edge routers and through the provider core we have full connectivity so if this is our environment if this is San Jose and this is Los Angeles and this is New York and this is Chicago all of these sites are interconnected and La can talk directly to Chicago and they can talk directly to New York Ellie can talk directly to San Jose you get the idea that's what full mesh means everybody is fully connected with everyone else that's full mesh now a couple of interesting facts to know about is that with Metro ethernet this is where mpls lives and we'll talk about mpls in a moment and this is where vpls lives which is the virtual private land service and mpls's multi-protocol land service or multi-protocol vpls virtual virtual private land service mpls multi-protocol label switching we'll talk about mpls in a moment but this is where these two technologies live mpls is a layer 3 technology technically layered 2.5 but it's considered layer 3 vpls is a layer 2 technology and the final topology we get with Metro ethernet is E3 or ethernet tree this is truly point to multipoint so here you got a hub and you got these virtual circuits that are spinning off of the The Hub and you can have additional circuits as well so this is like a tree where the Hub becomes the the core of the tree and these folks are the branches now let's quickly talk about multi-protocol label switching or mpls in mpls we have let's talk about the terminology first CE at customer Edge that's as a customer that's what you have PE is the provider Edge this these are the routers that are in the administration of the provider service provider we don't touch them we don't know about them they're completely oblivious to us the only thing we do know about them is when we get an IP address from our provider to use to over this point-to-point connection we have to make sure that we can ping the other side if we can ping that means we can get to the PE that's the only thing we are aware of and it's a layer three handoff like I said it's a layer 3 circuit and typically you would run some sort of routing protocol on top but let's not get ahead of ourselves now one thing that I want to bring to your attention is the fact that we have some semblance of Transport Independence whether we have a T1 T3 we have a frame relay or a Metro ethernet the handoff doesn't matter how the circuit is delivered whether it's a Serial circuit or an Ethernet circuit or a TDM circuit it doesn't really matter to us mpls Works seamlessly in its transport independent so that's another reason why mpls is so powerful and mpls has been around for over 20 years it's a very very successful wide area Network Technology and what ends up happening is inside the core here at the edges of the CE it's all layer three like I said but inside the core these provider Edge and provider core devices use labels and using the labels at layer 2.5 or 2.5 of the OSI model we can cut back on the expensive lookup that we have to do at layer 3. at layer 2 it's not that expensive for the router to to to do the lookup at layer 3 it has to use a lot more resources to do the lookup at layer 2.5 it's right in between and this is where labels come in these routers use labels to to transport packets for different customers inside the mpls cloud and this is all seamless to you as the end user you do not know what's happening in the core all you know is you have a layer 3 circuit and you're running maybe bgp for example as a routing protocol and that's how you're learning all the routes but the service provider is using labels PE also considered an ler or label Edge router and it puts the label on and takes the label off depending on whether it's an inbound packet or an outbound packet and that's called PHP or penultimate hop popping meaning right before the packet is about to leave the mpls cloud we pop the label so the router when the CE gets it doesn't get confused and the CE does its layer 3 lookup something for you to keep in mind now a couple of benefits of mpls like I said it's transport handoff independent end to end qos now the big thing about mpls is the fact that you get end-to-end quality of service so if I were to go back to the diagram here you got all these routers PES and provider core and provider edges they have qos configured on them quality of service so they treat your voice and video traffic or real-time traffic differently than your bulk traffic like internet or email meaning your bulk traffic could be dropped but your real-time voice and video cannot be dropped right and it also have to have low latency and all that that's all built in to mpls also you have a better Network topology control mpls lets you do point-to-point Hub and spoke partial mesh full mesh you are fully in control but the only drawback is you have to work with your service provider to make that happen you cannot create your own topology your service provider has to create the topology for you on their provider Edge router so it's very very important that you talk to your service provider about that ahead of time and you have a reliable service with service level agreement meaning the service provider who sells you an mpls circuit it's their job to make sure they meet their service level agreement service level agreement contains things like certain amount of latency that they promise that their network will not exceed certain amount of packet loss and Jitter and all that is all defined on paper so when you sign the agreement you're locked in and if they violate any of the terms of the agreement they actually pay you a financial penalty for example if your site goes down for longer than it's supposed to then they will pay you they will be they may give you service for free for that month so it's really cool from that perspective and that's mpls for you now let's quickly take a look at the Soho or the small office home office DSL architecture that could be you sitting at home and you got a router and you have a DSL modem let's say if you're using a DSL service it connects into what's called a d slam or DSL aggregation multiplexer it's a big router that has all these different modems coming into it from different households and then it has a big Uplink connected into the core through the internet through the wind service provider and it connects you to your headquarters so here at the headquarter you might have something like a T3 or you might have uh a 100 Meg ethernet circuit or maybe a one gig ethernet circuit or something like that and then at your home you got the DSL or it could be a branch location doesn't have to be a home but Soho is small office home office right so it's very very lightweight you have one user maybe two users that need access to the corporate environment to access certain resources and this is how the architecture looks like now let's look at another Soho model this is the cable instead of DSL we have a cable modem for most of us that's true like for example here for me I've got a Comcast cable connection coming in I've got a one gig Comcast cable connection so I've got a cable modem from Comcast then I've got my own router that's plugged in and then that's me sitting here right so if I need to access resources of my company I go over VPN or virtual private Network we'll talk more about that later in the course I establish a VPN connection into my corporate Network and I have access to it now the big difference here is instead of the DSL access multiplexer here we have what's called cable modem terminate system or cmts here's where you have all these different households with cable physical cable coaxial cables coming in and then this has once again a a network Uplink into the core of the service provider Network to be able to connect all the way up to your company head office what we have next in wide area network is Wireless when we got things like 3G 4G LTE 5G right so here we have our cell phone directly connected to the cell tower our laptop having a cellular card inside it or our tablet with a card inside it that has the ability to connect directly you can also get a router that has an LTE module inside it which also connects to the cell tower but here the key is the cell tower that we connect to and once you're connected to the cell tower then we gain access to the service provider or the ISP core and they have internet connected on the back end of it and then that allows you to access the internet that's a wireless win that's one of the access mechanisms of connecting to the wide area network now one thing I want to talk to you guys about and this might be kind of going beyond the course a little bit but it's uh near and dear to my heart because I spent over a decade of my life working for Global tier one service providers and that has to that's called the service provider pop or point of presence and what you have is you got all these customers so this could be you you have router one here and you got router two at the bottom or you might have other routers here too but these are the connections to you as a customer subscriber and these routers then you know are connected via circuits into the into the service provider access routers and this connection right here is called uni or user network interface user network interface and this is how service provider interfaces with their end user so to the right we have down links from the routers down to the customer and to the left we have uplinks into the core of the network from these access routers and there's another term that comes under Players called nni or network to network interface and that means um we have our internal routers within the service provider core connected together and these backbone routers can also then connect to other wide area network pops so what that means is this could be a point of presence physical data center or a physical point of presence for let's say a t here in San Jose and I'm sure they have tons of Pops in San Jose because San Jose is so fiber rich and then they have another pop in San Jose they might have another pop down in La for example and then that interconnects with these routers and that interconnects with these backbone routers as well down in LA and New York and so on and so forth and this is how the service provider pops are designed and interconnected to allow you access as the end user to their wide area network now let's quickly take a look at the Cisco routing Hardware portfolio before I show you the routers though I want you to think about two things when you think about a Cisco router you got sd-wan routers and you got the non-sdm router so this is something you have to think about before you make the purchasing decision sd-wan is a centralized architecture of the controller whereas the non-sdun Standalone routers old school kind of slowly going away pretty much everybody's jumping on the sd-wan bandwagon but something to keep in mind and then you got a couple of things to consider before you make the purchasing decision you have to look at the total router throughput you have to look at what features if you for example if you need Advanced security features on top of routing you're going to need a beefier router interfaces do you need copper and fiber how many what type single mode fiber multi-mode fiber power do you need routers with redundant power supplies if they're critical enough and then scalability do you need routers that have the ability to grow as your business grows so with that let me take you straight to Cisco's website so we can do a quick analysis so if you go to cisco.com click on products networking we click on routers once we get to routers what I want you to look at is view all routers right here you got a ton of options here the ones that we're concerned with are Branch routers primarily but look at how many different options you have available to you including service provider and all that we're not worried about any of those what we're worried about are the branch routers and the WAN aggregation and internet Edge routers these are the only two type of routers that you're concerned with for the purpose of CCNA now let's go ahead and click on Branch routers within the branch routers I want to draw your attention to a couple of things what you want to focus on is the Cisco ISR the integrated Services router is considered ISR 4K series that's the series you want to pay attention to and the ISR 1K series you want to pay attention to this is what Cisco has been pushing a lot lately the 1900s 1800s some of these other ones are probably eventually kind of going away uh they're a plus there for much smaller size networks isr1k is also for much smaller size networks as well in a really robust type of device and then you got the brand new series that just started it's the Cisco Catalyst 8300 series etch platform these are absolutely amazing next gen routers very very powerful and they're more geared toward like high-end branches with a lot of throughput requirements and next let's look at the WAN aggregation and internet Edge routers in particular I want you to look at the ASR or the aggregation Services router ASR 1K right here and then once again again we got the Catalyst 8500 series showing up here I think this Catalyst 8500 series is a better fit for data centers than it is for branch because of how big of a monster this series is now let's go and take a look at the 4K Series so this is the 4K series let's look at the data sheet you got a ton of different options here and in particular right here we get to see product specifications so for example you get to see that Cisco 4221 is where it starts then it goes up to 43.21 right here and 43 31 4351 you can see that right below the box is the throughput that it's capable of with some additional licensing you can take their throughput to the next level but be cautious though especially if you're going to use them as sd-wan devices the throughput might be very limited and especially if you can also enable Security on top you're going to have to be very very cautious of the throughput and then it shows how many Lan interfaces you got and when interfaces 10 gig ports how many copper ports how many fiber ports and so on and so forth now let's quickly take a look at the Cisco ASR 1K series and I'm going to pull up the data sheet here so we can review it together so here's the entire portfolio as you can see they have fixed configuration routers as well but they have a lot of modular routers so what you get with the ASR 1K series if I were to scroll down so what you can see is if you look at the ASR 1001 X it has the ability to go from 2.5 gig to up to 20 gig throughput you got the next one up is 1002x that goes from 5 gig to 36 gig in throughput then you got ASR 1001 HX these are high performance H is for high performance it goes up to 60 gig that's a monster 1002 HX goes up to 100 gig then you got the ASR 1004 goes from 10 to 40 so on and so forth so as you can see ASR routers are more geared toward data center because these are high throughput boxes designed for aggregating connections from a lot of different branch offices because typically at the data center you're going to have a situation where you got a ton of these branches that are constantly trying to access data that is located in a Data Center and you're going to have a lot of traffic hitting your data center network from these branch locations that's where these routers come in now let's shift our attention to the basics of CLI or command line interface in order to access a router or a switch it doesn't matter whether it's a search or a router it's the same way to connect you have two ways of doing it you can either physically do it or you can do it virtually what do I mean by that let me explain in a moment but let me explain a couple of other elements along the way first Cisco runs iOS whether it's a system a router or a Cisco switch they run iOS which stands for inter-network operating system once you buy a router or a switch you got to do something with it right otherwise out of the box it's not going to do anything for you you can connect things up to it but nothing is going to happen you have to configure things for it to actually work this is where CLI comes in command line interface and what we do is we connect to that device and we start configuring it well you might ask well how do you do that how do you connect well I'm glad you asked there's multiple different ways of doing it what I want to draw your attention to is a couple of different types of ports first the console Port see this console cable right here as you can see the RJ45 piece of it interconnects into this console Port this is the RJ45 connector plugging into the console port and then the serial connection we take it and plug it into our laptop if we had an older laptop and a lot of the newer laptops don't have that what we can do then is we can get an adapter that converts from serial to USB plug that in then install drivers for it and then it will recognize that we're connected via serial cable and then our laptop or desktop would be able to connect there's also the auxiliary port so with the auxiliary port we can have a modem plugged into it like a dial-up modem which is very very old school now if you guys remember back in the day when we had modems you still have them for auto band management or oob meaning if our Network were to go down for some reason we can still access our device remotely this is for remote access so that's the auxiliary piece of it and then either via the fast Ethernet or the serial ports we have the ability to connect virtually to our device so here of the auxiliary and console we're physically connecting even though with auxiliary that's also virtual too but with console your physique basically like literally have a physical cable plugged in to our device whereas at fast ethernet and serial Port we're going to configure IP addressing which is logical addressing and then I may have a router here in San Jose California but I could be halfway across the world somewhere in Sydney Australia and from there I can connect to my router that is physically sitting in San Jose well how is that possible it's because I have configured virtual access to it using telnet or SSH we'll talk about that in a moment but when you connect via the console cable you have to use what's called a terminal software on your machine so on Apple on Mac you literally have an application called terminal you open that up and you can start configuring these parameters down here at the bottom 9600 baud rate eight data bits no parity One Stop bit and no flow control these are parameters that you have to set up once you're connecting via the console cable through the console port to your router or a switch and that's it this is how you connect physically to your router we'll also talk about virtual configuration plus I will do some Hands-On for you so you get to learn how all that works before we actually touch the CLI I want to bring your attention to a couple of different things when we look at the command line interface of the router the first thing we're going to look at is we have a couple of different modes the first thing we're gonna get when we log into a router or a switch is we're going to get this prompt right here which some people call right arrow or greater than sign it's up to you whatever you prefer calling it but this is what we have in this mode we're limited to commands like Ping very limited show commands we can type in enable it means we have admin access etc etc but everything is very very limited here the next level up is the privilege exec mode here The Prompt changes in the CLI what you'll notice then is that the symbol will change from the greater than sign to the pound sign or hash sign that indicates to us that we're in privileged exact mode this is where we can type in all the user commands debug commands we can reload the router configure it etc etc one level deeper is the global configuration mode here the prompt changes to config hash or the pound sign and here we can do things like hostname enable secret IP route a lot of the configuration goes here we can go a level deeper into the interface configuration mode displayed by config Dash if and the hash sign in front and finally we can have config router mode where we go ahead and configure things like the routing protocol and all that so this is how hierarchically as you can see we have different options we start at the exact mode then we get to the privilege exact mode then go Global configuration mode and then we keep going levels deeper and deeper now I think at this point you guys are ready to go ahead and do a quick Deep dive into the basics of CLI and can't wait to get my hands dirty and you should do the same thing as I'm typing in the commands on my end you should do the same on yours because not you know you can easily find tools like Packet Tracer that is available for free and that's exactly what I'm using here so here's a switch and packet Trace are very similar to how you would look at an actual switch and what's being represented here right now why the CLI is as a fear connected through a console connection physically connected to that switch and what we can do here this is if you guys recall called a user exec mode here we have very limited access we can run commands like show version this is an interesting command shows us a couple of things here it shows us that this is a catalyst 2960 platform it shows us that this is the base Ethernet Mac address of this device right here it's giving us the exact model number of this box once again same information that we had up here this is actually the part number of the switch so you can literally go ahead and buy this switch with this part number if you needed an exact type of switch in your environment and it also shows us the type of software version that we're running we're running 12.2 and the software image that we're running it's a lan base image you also have more advanced capabilities event as well but the Lan base image gives you the most basic capabilities you can get at a layer to level on this switch we really can't do much in the user exec mode so we're better off going to the next mode which is called the privilege exec mode so notice the prompt changed from the greater than symbol to a pound symbol or a hash symbol here we have administrative access to the box and we can pretty much do anything but things get more interesting when we get to the next level so I want to show you a couple of things here if I say config and I hit tab on my keyboard it automatically completed the entire command even though I just typed in config it meant all the way to configure and what we can do next is Type in question mark space question mark that means is now we can see what the next potential command could be so here we'll type in terminal once we type in config terminal notice the prompt changes to config pound sign so now that means we're in a global configuration mode here we can change the host name we can do a couple of different things well now that we are here might as well start configuring our device right so let's go ahead and change the hostname we'll call it switch one so notice what happened the minute I typed in hostname S1 the name changed from the generic switch which is out of the box name to the name that I I gave it I could give it any other name I want for example I can call it hostname let's say if I have my own company and it's called nudge far and it happens to be switch 1 within my Corporation I can call it nudge for S1 for example so and it's cool and this this is considered a best practice what you need to do is you need to identify your site name your company name your site name and then the number of switch that it that it is you need to basically create a spreadsheet and you need to keep track of all the names and make the names as descriptive as possible so when you're troubleshooting you're not banging your head against the wall trying to figure out what's going on where are you connected to the right switch you don't have to constantly look at the documentation the name should kind of give it away um and and demonstrate to you for example that you're connected to a switch in San Jose compared to a switch in New York and you're connected to building one in San Jose instead of building two in San Jose so as you can see you can get pretty creative with the names and all so that's the first thing we'll do here a couple of other things we can do is as you saw earlier we didn't have to type in any password because this is a brand new configuration right what I would suggest is that we go ahead and type in a password so we do enable we have two different options password or secret password is unencrypted clear text rest secret is encrypted password so we are going to go ahead and set up a secret and we're going to go ahead and type in Cisco what we do next is we type in line console 0 because you want to set up our password on the console Port itself so we're going to type in login then we're going to go ahead and type in password again and you can say Cisco we can say login again exit exit exit now we're all the way back to the user exact mode we type in Cisco we type in enable we type in Cisco again and we went from user exec mode to privilege exec mode we type in configure terminal and it takes us to the global configuration mode and this is where we had set up our password so that's cool we have set up we have learned how to set up a secret password and how to apply it to our console Port that's great but we are not done yet I also need to have the ability to be able to remotely connect to this device what if I'm sitting on a beach in Hawaii and I get a call from someone that hey this router such as misbehaving right so I need the ability to be able to do that the way we do that is we go ahead and set up the line vty 0 through 4 on a router and typically 0 through 16 on a switch and what that means is this is how many virtual terminal ports will be used to allow this is how many connections will be allowed simultaneously into this device when I'm connecting to it remotely that's considered one connection zero through four means potentially five people can connect because zero itself is a session and then you can have up to five people that can connect to this particular box remotely and that's a virtual terminal line vty zero through four here we can type in password again and we can say password Cisco next you would want to specify the transport protocol so that's transport input do we want to do SSH or telnet telnet is a non-secure protocol it's clear text so it's bad news if I'm in Hawaii and I'm connecting and and someone kind of sniffing traffic off of the switch or there's a man in the middle they can see all of my passwords and everything being exchanged between my laptop in Hawaii and the switch over the Internet that's bad news right my company can completely get compromised so what I would want to do is set up SSH now to set up SSH what we would want to have to do is there's a couple of different steps we have to go through we have already set up a host name that's step one step two is we have to set up a domain name so I'm going to go ahead and get that done right now IP domain name and I'm going to call it notchkazi.com you also need to set up a username and password so let's just say username nudge password Cisco we also want to set up a crypto key generate RSA General Keys modulus let's see what's the best option we have let's use the best modulus we have available and as you can see currently the SSH version 1 was enabled we don't want that we actually want version two enable so we'll type in ipssh version 2. now this makes sure that we have SSH version to enable which is the most secure version and by the way the modulus this is the the strength of the encryption key we would want to use the the highest supported by our device because hackers are always figuring out ways to compromise devices and the lower the the modulus is the higher likely it is for hackers to be able to break the encryption on your box and crack the code so you don't want to give them that ability and finally what you would want to do again is you want to go back to the line vty 0 through 4 and type in transport input SSH one last time and that's pretty much it next time if I'm in Hawaii I can literally SSH into this box and I'll be connected to it now we did a couple of things on this box today right and um here's the deal though did I save any of it the answer is I really have not right so let's look at where it's currently available this is what's called show running config so when I run the show running config command it shows me all the changes that I've made to this device so I've set up the hostname notch for switch one I've set up a secret as you can see the secret it's an md5 hash it's still breakable it's not completely unbreakable but it's better than showing Cisco right then we got the ipssh version 2 that I had set up the domain name username and the password that I had set up well one thing that I'm not happy about is first of all I need to change the privilege I need to make it privilege 15. privilege one will give me very very limited access to this box that's not good privilege 15 will give me the full admin access to this box and I'll show you how to do that in a moment plus I can see the password in clear text ouch that's not good we need to fix that um and the rest you're getting more for now you'll learn more about it as we continue going through this class and then we applied it to the line console zero once again the password is showing in clear text under console and also vty ouch let's let's go ahead and fix it how do we make these passwords be encrypted let's go configure terminal and type in service password encryption command this Command right here automatically encrypts once again this is not uncrackable but it's better than having your passwords in clear text let me show you what I mean by the way here is another cool trick you can type in do show running config instead of having to exit and go back to the privilege exec mode to run the show command the keyword do allows you to be able to run the privilege exec mode command from any sub configuration mode that you're under right now you're under Global configuration mode by just typing in the keyword do in front of my command I can run the show running config without getting any error messages now let me show you right away well the password that we had in the secret we had previously was md5 hash to begin with but let's look at what happened with our username the password now is all kind of jumbled up now let's go down uh space space space look at line console 0 password is all jumbled up and line vty04 password is all jumbled up that's better but we are still missing one thing and like I said the username nudge privilege one and all that I need to change it to privilege 15. so let's do username nudge let's do privilege 15. password Cisco so now if I were to do show running config you'll see everything will be all jumbled up across the board you shouldn't be seeing any type of password that's clear text once again like I said it's on it's not like it's uncrackable but it's better than nothing and at least there's one layer of Defense now the best thing you can do is instead of setting up these username and passwords locally you should actually have an authentication server like a triple a server which is now called an i server and on the ice server identity Services engine server you go ahead and configure all the usernames and passwords there and then point your device to that server so it can authenticate that's the best way to do it and then you're completely secure because everything is fully encrypted and all that that's the best practice design now let's go back to the deck I think that pretty much wraps up that almost wraps up our configuration but one last step though if I were to go ahead and reboot the router now when it comes back up it's going to bring us back to the brand new prompt meaning we're going to have no configuration saved we don't want to do that so what do you want to do instead is you want to save the configuration before we exit the router so that's the command copy running config to start up config you hit enter a couple of times and that's it now you're safe and this router reboots now comes back online it's going to remember all of its configuration that we just did and that is really really cool so very very important for you to know that now a couple of additional shortcuts for this command you can do copy Run start it's the same thing it's a shorthand version of this Command right here very short version of it and another one that you'll see out there is WR which is right memory this also used to be called Write mem you can also do that these are all same commands accomplishing the same exact function but for exam purposes you want to memorize the show running config to Startup config or copy run to start or copy running config to Startup config that pretty much wraps up the Hands-On CLI portion of this let's go back now to the presentation so I can show you a couple of additional items so these are the different you can take a snapshot of this if you want um user exec mode privilege exec Global configuration mode interface configuration line configuration at this point you guys kind of know what this is uh but I have this handy dandy slide for you to take a snapshot of and keep it in front of you you can use it as an exam cheat sheet for example now how does a router boot up well a couple of things happen and the same thing is applied to a switch as well so it's the same exact process the first thing that happens is that the router initializes by loading the bootstrap and the bootstrap is located inside of read-only memory or ROM after the bootstrap what ends up happening is that the iOS is loaded the operating system itself and let's look at it on the flash The Flash could be a chip that's built into the router kind of burned into it or it could be a removable uh flash card that you install on it and that has an iOS sitting on it and then finally the last step in the process after the operating system has been boot up is to go ahead and load the configuration file and that's located in the NV Ram or the non-volatile ram that's a third step so just remember this process not sure if it's going to show up in the exam or not but from a real world perspective kind of good to know how all this works and it's not different than how your laptop works right you have a bios on your laptop or computer and that's the post post stands for power on self-test and what that means is when the device is coming up it automatically tests itself to make sure that it's got all the right Hardware parameters for it to be successfully able to boot up so that's the first thing right that's a bootstrap and then after that you got the hard drive where the operating system sits and all of your files sit this is sort of like the flash as the hard drive and then the nvram is where the configuration file sits a couple of additional items as I mentioned configuration file sits in the nvram this is the Startup configuration anytime you're making changes to the router it's the configuration sits in the ram which is the random access memory right dram whatever you want to call it unless you write the configuration using the copy running config to Startup config the config is not written to this to the nvram it's stored in the ram but the RAM the minute the device boots up the ram content goes away so this is something you have to keep in mind so this is how the iOS kind of processes the startup configuration versus the running configuration these are the SSH steps that I walked you through it's a six step process I went through it pretty quickly here you can follow these steps if you're doing a lab on your own for example I highly recommend that you guys follow me along whatever I'm doing on my end you guys should do the same thing on your end to get the maximum value out of this class and you can also take a snapshot of this and keep it handy dandy for exam purposes and also for doing Labs welcome to CCNA 200-301 course today will focus on section two part one local area network wired and Wireless in particular we're going to focus in On LAN switching Concepts here are the topics I plan on covering today ethernet overview switching fundamentals and finally I'll wrap it up with vlans vtp and trunking so let's first look at ethernet so ethernet is a layer 2 technology that allows us to send frames it's defined in IEEE 802.3 standard it was initially designed for land-based communications even though it has been extended to work over wide area network as well as a last mile handoff and copper happens to be the most common physical media used in providing ethernet technology however fiber optic is also common in the data center and large campuses and also service providers heavily utilize fiber optic due to the distance limitations of copper now let's quickly talk about ethernet it's more for revision than anything if you guys recall when we looked at the OSI model in section one part one video layer one has some limitations I'm not going to go through each and every element but I'm just going to give you the gist of it layer 1 cannot communicate with upper layers and what is layer 1 that's your electrical signals that your photons that your radio frequency for wireless connectivity it's the medium it does not have any smarts it's at the end of the day it's all about sending bits and bytes at a binary level zeros and ones Layer Two is where we start to add intelligence to our Network this is where things like mac address come into play also known as Hardware address we have things like LLC or logical link control and we'll talk about those details momentarily but that's why we need Layer Two we need higher layers in the OSI model because higher layers is where the intelligence gets added to the network now let's do a quick review of the osaw model I'm not going to go through each and every element but let me draw your attention to the second layer of the OSI model called data link data link is further subdivided into two different layers one is called LLC and the other is called Mac Mac deals with layer 1. whereas LLC deals with layer 3 which is the layer above now let's discuss a very important technology from ethernet perspective called csma CD stands for Carrier sense multiple access with Collision detection that's a mouthful what does that mean let's take a closer look so what ends up happening with csma CD is that we have a shared media so we got all these hosts as you can see here ABCD they want to talk to each other if there's a collision that's detected the frame has to be re-transmitted what that means from a layer 1 perspective is that when a collision happens that means electrical signals got jumbled up because multiple hosts were trying to transmit data at the same time and when that happens the frame at layer 2 gets corrupted and it has to be re-transmitted and the second thing that csma CD handles is the carrier sense piece of it listen before you transmit and that means each host on this shared media with its turn or the carrier signal so to speak and when it senses that the signal is Idle it goes ahead and sends data or frame when the carrier is not idle then the host Waits its turn that's what see csma CD handles the ability to be able to retransmit if there's a collision and the ability for the host to listen before being able to transmit data now there are multiple flavors of csma CD what I want to bring your attention to First is the top left portion and what we have at the top left portion is what's called contention based access and this is where Technologies like ethernet and wireless come into play stations can transmit at any time however collisions exist and when they're whenever there's a collision frames have to be re-transmitted csma CD is used on ethernet Networks which is which are physical wired networks on wireless networks which are the 802.11 standards we have technology called csma CA and CA stands for collision avoidance meaning we avoid the collisions to begin with instead of having to wait for the collisions to occur on the bottom right hand side of the screen you're seeing controlled access Technologies like token ring and fddi or Fiber distributed data interface now these are obsolete Technologies but they had an edge over ethernet in a sense that only one station could transmit at a time and the other devices had to wait until that station was done transmitting data there were zero collisions and some deterministic networks use token rank but like I said this this particular element is pretty much obsolete at this point all the networks that today that are ethernet based use either csma CD or csma CA here's the algorithm logic of csma CD first station is ready to send frame when it senses that the channel is available if the channel is free it goes ahead and transmits data now if there's no Collision transmission is complete however a couple of things to keep in mind is when it senses that the channel is busy it tries again to resend however while in the middle of transmission of the frame if it detects that there is a collision what it does it Trends it sends a jam signal which triggers a back off timer and this back off timer is sent to all the stations that are on that shared media so let's say if you have 10 hosts part of the same shared media all 10 hosts will get that back off timer and it's random so that ensures that once a collision occurs that no Two Hosts on the same network will be able to transmit data at the same time because it's a randomly generated back off timer that's how the algorithm works on any particular Lan there are three communication mechanisms first we have what's called Simplex communication that's a one-way communication mechanism where only one device can talk at a time we also have something called half duplex this is a two-way communication mechanism however only one device can send or receive at a given time you can think of it like if you guys remember walkie-talkies right only one person can talk when they're done then the other person is able to speak that's a half duplex Communication in full duplex what we have is it's also a two-way communication but you can think of it as a cell phone where both devices can send and receive at any given point in time now let's talk about a Mac address what's a MAC address stands for media Access Control it's a six byte long address physically assigned to network interface cards or in Nick card in layman's terms what that means is any device that has a network interface card has a hardware address associated with it it's also known as a burned in address or Bia it's usually written in one of the following two formats you have either with colons in between each octet or you have these dashes between each octet like I said it's a six byte long string of Mac address and it can be further subdivide into two halves the first half of the MAC address is considered a manufacturer ID and the second half of the address is considered a serial number to give you an example here is a MAC address on my Apple MacBook Pro this is the hardware address right here that's assigned to my computer now once again the first part right here this is the manufacturer ID so that would be apple and the last three bytes is the serial number uniquely associated with my Nick card on my MacBook Pro the combination of the manufacturer ID and the serial number combined together is what makes this universally unique theoretically no Two Hosts on planet Earth should ever have the same Mac address unless you manually change the MAC address none of the devices on your Lan at least if not globally at least within your local area network you should never find two devices with the same Mac address this should be universally unique at least within your Lan alright another element to keep in mind is that Mac addresses are made up of hexadecimal numbering to elaborate how that works you can look at the chart I've got two different charts here one on the left and one to the right there's also binary numbers which could be kind of intimidating if you have never dealt with binary numbers before so to make it less scary I will make the binary numbers go away in this example but rest assured that we'll talk about binary numbers in a lot of detail later in the course when we covered the layer 3 subnetting but right now I think it will only confuse you so I'm gonna just go ahead and make the binary numbers disappear but it should be fairly easy to understand that if you look at decimal zero the hexadecimal value is also zero one is one so on and so forth until you get to number 10. as you can see number ten in decimal equals a in hexadecimal eleven equals B 12 equals c so on and so forth until we get to 15 which happens to be f now to the right hand side it's still the same thing but what we're seeing now is a little bit of a different representation for example when we're dealing with a decimal value 255 that's all F's and when we're looking at a decimal various value zero that's zero zero because this is how hexadecimals are actually represented in the MAC address format so if you guys recall the MAC address that we just looked at on my machine on my MacBook Pro the multiple octets that it had that's how they were represented there there are two values so something to keep in mind now let's quickly take a look at the topology that we'll be working with today what we have in this topology and I'll use this topology to explain a lot of different concepts but before we move forward I want to make sure you understand the topology we got host a at the bottom of the screen on the left to the right we got host B each of these hosts are connected to their respective access switches so if you guys recall the last lecture I did on the campus searching architecture he talked about access distribution and core here we're looking at a collapsed core with access switches so post a is connected to access Stitch 1 over fast ethernet 0-10 host B is connected to access H2 over fast ethernet 10 as well access switch 1 is connected to core switch over fast ethernet 1 access switch 2 is connected to the corsage over fast ethernet 2 core search is connected to R1 over gigabit01 and it's connected to R2 over gigabit 0 2. now how do devices talk to each other on a local area network when this host right here host a wants to talk to host B it sends a frame to host B at layer 2. and what do we have at layer 2 we have mac addresses at layer 2. the hardware address just like the address you looked at on my machine a little bit ago we got the same thing on our hosts now to take it a step further when hoste wants to talk to host B it will send out a packet and in that packet let's say we're trying to Ping host B from host a we'll have a ping packet then we'll have a layer 3 header and within the layer 3 header we'll have the IP address of the destination machine IP address of the destination and will then also have a layer 2 header which will have the Mac address of the destination host that's how a packet is constructed and communicated now if you guys recall switches don't understand layer 3. so what ends up happening is switches don't look at this and this right they don't see if it's a ping application or whatever they don't understand layer three all they understand is Layer Two so what they look at is the MAC address and switches have what's called a MAC address table or a cam table which cam stands for Content addressable memory table or a Mac table these terms are interchangeably used on switches and at the end of the day what that is is a database of all the devices that are on that switch that are connected on that switch in this particular instance we should have the MAC address of the following devices on these switches R2 R1 host a host B let's go ahead and take a look at this topology that I've built in packet tracer on the command line interface to see if that is actually the case and let's also go ahead and jot down the Mac addresses of these devices while we're at it so here is host a and if you were to look at ipconfig all in order to be able to see the hardware address this right here physical address this is the one this represents the physical Hardware address of this machine so any other machine on this Lan that wants to communicate with this machine the destination address should be set to this value in the layer 2 header we'll talk more about the layer 2 header as we continue moving forward but that's what we need to do what we should do to make things easier for us is to identify the MAC address for each device so we can easily see things through in our topology so I'm going to go ahead and do that right now just like that I was able to go ahead and extract Mac addresses from all the devices now let's go ahead and look at the database of our switches to see if they're seeing these Mac addresses in their Mac address table or Cam table here is access switch one let's look at its Mac address table currently it's only seeing one Mac address it seems like that means the ARP process or the address resolution protocol hasn't taken place across the entire network yet because I just configured this lab and had these devices turned on that said let's jump right back into the presentation here's how the ethernet frame looks like if you were to zoom in at layer 2 into the ethernet frame this is how it looks like we have a couple of different fields here that I would like for you to quickly take a look at we got the destination Mac address field so this is every we would put the MAC address of the machine that we're trying to access so source is our cells so if I'm host a this would be my Mac address I'll call it Mac a and if I'm trying to get to host B the destination Mac would be Mac B ether type is the type of traffic we're dealing with payload contains whether it's IP packet ARP Etc and the data is up to 1500 bytes and then the check some CRC checksum which is four bytes but what's most important is the Mac header size that's 14 bytes in length that's six bytes for the destination Mac address six bytes for the source pack address and two bytes for The Ether type so 6 plus 6 12 plus 2 14 that's 14 bytes right there that's your Mac header size at Layer Two and on top of it you got the data payload which is 1500 bytes so typically an Ethernet type 2 frame is around 1518 bytes once again because 1500 bytes happen to be the data plus 14 for the header plus four for the trailer or the CRC checksum at the end of the day though guys I want to bring to your attention that all you care for is the data the the payload we need to make sure our job as Network administrators is to make sure that whatever the actual payload is the application payload or the message that we are trying to deliver that it gets delivered from source to destination everything else that we have to deal with is something we have to deal with as Network Engineers that's why we get paid the big bucks relatively speaking but at the end of the day it's about delivering the message that's encapsulated within all those headers just want to make sure that you guys keep that big picture perspective in mind now let's go slightly deeper into the switching fundamentals so what is switching switching is a process of sending frames across a network from a source to destination and there are a couple of things that I would like to talk about that led to the evolution of switching in the beginning in the olden days like we're talking 1970s and 80s we had hubs and hubs primarily transmitted electrical signals at layer one they were layer 1 devices they were called multi-ports repeater because you literally had a single wire that would connect all the ports so for example here you're seeing all the ports up front every single host that would be plugged into these ports was actually sharing a single piece of wire which created a lot of contention which means there was a single Collision demand and a single broadcast domain and at the bandwidth was shared across the entire device because once again imagine if there's a single piece of wire that is split that allows multiple hosts to be able to connect to it and then it was a half duplex communication at the end of the day meaning only one device could speak or listen to or could send or receive data at any given point in time then that led to the evolution of a layer 2 switch it forwards and receive frames it's a layer 2 device there's dedicated bandwidth per Port so if you have a 24 Port switch each Port has its own dedicated bandwidth there's no single wire concept here that all the hosts are sharing here each host has a separate Port dedicated to it and it's a dedicated bandwidth there's a single collision domain per port however there's a single broadcast domain per device by default but we could change that broadcast domain we can have multiple broadcast domains but by default there's only a single broadcast domain to begin with but Collision demand wise you're looking at a collision domain that's per port and it's a full duplex communication device meaning if it's a 100 Meg port the host is able to send and receive at 100 Meg so it's able to send data at 100 megabits per second at the same time able to receive data at 100 megabits per second and that led to the evolution of layer 3 or multi-layer switch this inherits all the features of layer 2 but it's capable of layer 3. so it's a layer 3 device it also has layer 4 intelligence hence their name multi-layer switch most of the switches you'll see in Netflix today have layer 3 capabilities now whether or not the end customer ends up using that switch as a layer 3 device is their choice but most of the switches that you will see today in the network have layer 3 capabilities now let's talk about a collision Demand versus broadcast domain once again looking at these Hub devices Hub was the layer 1 device as I said earlier you can think as if all the ports that were available they were all part of a single wire and then every time multiple hosts started Target each other the frames would Collide and be corrupted and then the frames would have to be reset or re-transmitted again whereas with the switch you got a different situation going on each host is physically plugged into its switch with a dedicated port and each Port has its own unique collision domain however at the end of the day we could have all these devices part of a single broadcast domain once again that's a default Behavior we could create multiple broadcast domains on a switch and we'll talk about that momentarily now let's quickly talk about how does the switch build its table or database or Mac address table or Cam table every single time devices want to communicate on ethernet they have to send each other ARP messages to be able to discover the MAC address of the other device so what does that mean so if we were to zoom into the MAC address table of the switch there are two fields port number and the MAC address here in this example what we're seeing is host a is connected to Port 1 and it has a MAC address of all A's host B on the other hand is connected to Port 2 into the MAC address of all B's switch is at the end of the day like I said guys are devices that are responsible for forwarding frames based on Mac address switches operate at layer 1 and layer 2 of The OSI model so that's another thing to keep in mind switch is also deal with electrical signals because at the end of the day each Port has a device plugged into it and the host that's plugged into the switch via that port and cable is sending electrical signals so it's a device that is capable of communicating at layer 1 which is electrical signals and then on top of it it's capable of communicating at layer 2. by the way switches forward frames using specialized Hardware called basic application specific integrated circuit these are specialized chips that are built into the switches and they allow switches to be able to process information at a wire speed they provide extreme low latency low cost and high Port density now let's talk about one of the most important Concepts you'll come across in your networking career and that is ARP or address resolution protocol what is it how does it work as I mentioned earlier every single time you have a device that's on an Ethernet Network and it comes online for the first time what it has to do is it has to discover other devices on that network via the process of ARP so it figures out how to communicate with them now at the end of the day R is where we already have the IP address of the other device so let's say for example if router 1 wants to communicate with router 2. Router 1 has the IP address of router 2 already okay once again IP addresses are logical at layer 3 Mac addresses are Hardware specific they're burned in Hardware addresses at Layer Two so R1 wants to talk to R2 it has to be able to construct a frame that has r2's Mac address otherwise it won't be able to communicate on ethernet so it sends R and what it is is you already have the IP you need the MAC address of the other device Mac is the question mark and the way it works is R1 constructs a frame and this is how the frame looks like let's do a quick whiteboard so R2 constructs a frame looks like this it has the IP Source address it has the destination IP address it has the source Mac address and it has the destination Mac address so if you were to go back to the diagram let's quickly take a look so R1 if it's constructing the r frame it's going to put its own IP address which is 10.10.100.1 in the source field so let's go ahead and do that 10.10.100.1 the destination IP that it's trying to reach is 10 Dot 10.100.2 which is the IP address of host 2. and then the Mac of source a would be its own Mac so R1 Mac and then it's going to have the destination Mac of R2 now interestingly enough the very first time these devices communicate each with each other R2 and R1 they're not going to know each other's Mac address so how do they discover each other's Mac address through this R process what ends up happening is that if router 1 does not know r2's address what it will do is it will instead of putting in this field it will modify this field here in the destination Mac it's going to specify all F's and that's known as the flooding procedure and let me explain let me go back to the diagram so once you have all F's in the destination Mac address field when that frame is sent to core switch the core switch is going to grab that frame it's not going to look at layer 3 because it doesn't have layer 3 intelligence at all it only looks at Mac addresses right and it's going to see the destination Max set to all F's to this core switch this means that it's a broadcast it needs to flood this packet out everywhere that's what's called the flooding procedure so it's going to send this Frame out fast ethernet one fast ethernet O2 and gigabit Ethernet O2 what's going to end up happening is that host is gonna get it because the destination IP doesn't match host is IP it will discard that frame host B is going to do the same thing however when router 2 gets it and it looks at its IP the destination IP field in that packet it's going to realize that hey it's destined for me it responds back with its own Mac address and when it does the core search is going to learn the MAC address of R2 put it in its table once again what we have is port and Mac so it's going to say gigabit Ethernet 0 2 has R2 on it and it's going to say gigabit Ethernet 0 1 has R1 on it it's literally going to have r2's mac on it and r1's Mac in this way it builds its table its Mac address table or content addressable memory table or Cam table and it's able to now allow these two devices to talk to each other R1 and R2 are also going to end up adding this information to their ARP tables so let's go ahead and take a look at in command line in Packet Tracer so you understand what's going on we'll also take a look at a pretty cool simulation in Packet Tracer so what I'm going to go ahead and do is I'm going to go ahead and shut off all the interfaces and re-enable them and we'll quickly go ahead and then do a network simulation and in this network simulation we're gonna just look at our so you guys get to see how this works as you guys can see core switch got that ARP message from R1 it sent it to everybody and as you can see host a and host B discarded that message and let's see when core switch received it what did it see it actually saw that the destination field was set to all F's as you're seeing here and then it had the source IP of itself 10 101 and the destination IP of 10 10 100.2 so this is how you can do a packet analysis now because this is Packet Tracer I can't run a debug ARP command for some reason it's not supported in this version of the packet tracer that I have even though it's the latest version but if you had access to real gear or if you had gns3 you could quickly fire that up but I wanted to show you the network simulation piece of it because I think it's really cool and you get to see at a much deeper level via a GUI how that looks like which I think is pretty cool and one last thing to think about guys is icmp is a bi-directional Communications composed of two messages or two packets one is where R1 is sending a ping or icmp Echo response that's the initial message a jet sent what ends up happening is R2 then is supposed to respond back to R1 and that's called icmp Echo reply so it's a bi-directional communication that happens let me quickly go back to the command line interface again to show you the ARP how to look at the ARP table on a router and also how to review the MAC address table quickly here I am on router one I'm going to go ahead and quickly take a look at the interfaces on this router and I'm going to go ahead and shut off gigabit000 and what that does is it goes ahead and resets all the layer 2 and layer 3 processes and I'm going to go ahead and bring it back up by typing in notion by the way when you type in do in front of any command you don't have to be in the privilege exact mode to be able to run the show command you can do it from any mode you're in so it's a pretty cool trick I believe I shared that with you in some of my previous videos but I wanted to bring that up again I'm gonna go ahead and look at my ARB table I should only have my own IP address if I want to go ahead and ping router 2 which is 10 102 Watch What Happens you see we lost a packet and then after that we had a successful ping so we we dropped the first packet and then the other four packets were successfully delivered what was happening in the meantime was that the frame was sent to the switch with all F's inside it and what the switch did with that frame here the core switch in our example here was that it looked at let's quickly take a look at it show Mac address table and it looked at it and assuming it didn't have an entry for the MAC address of router 2 it's sent out a broadcast out all the ports except the port that it initially received the ARP on and then when router 2 responded back to it it added router 2's Mac plus it added router 1's Mac when the initial request came in for arp and by doing that it was able to build its Mac address table so it's a hop I hop communication idea each device has to do that within an Ethernet Network each switch and router has to do that and as a matter of fact even a PC has its own ARP table so if you were to Ping again you're going to see if you're not going to drop the packet because if I were to look at show ARP as you can see before we did the Ping we only had our own IP but after we did the Ping On router 1 we now also have router 2's Mac address in our ARP table and as long as we have that in our ARP table we should now be able to construct frames and send directly to R2 through the switch in the middle because remember R1 and R2 are not directly connected they're connected with each other through the core switch in the middle VLAN stands for virtual local area network vlans live on layer 2 of The OSI model they have the ability to slice a single physical switch into multiple logical switches and a logically segment a physical switch into multiple broadcast domains so a couple of things I talked about let me explain so first this slice is physical search into multiple logical switches so if you look at what I've drawn up here up at the Top This is a single switch it has green ports red ports and blue port and also a white port now the white port here is the trunk board so forget about that we'll talk about in a moment but blue Port is a voice VLAN red Port could be sales VLAN Greenport could be marketing VLAN by assigning different vlans to different ports we're able to take a single physical switch and make it appear as if it's part of multiple logical switches what does that mean by default this host let's say if this is host a and this is host B they cannot talk to each other because they're on different vlans host a is on the green VLAN host B is on the red VLAN they're different vlans they cannot talk to each other also searches by default like I said have what's called a default VLAN and default VLAN is VLAN 1 which means all the ports by default are assigned to that VLAN but we have the ability to change that now all the ports that belong to the same VLAN they create what's called a single broadcast domain so for example in our case these two ports the green ports and these two green ports combined together these four green ports are part of a single broadcast domain these red ports right here are part of another broadcast domain so what that means is so remember we talked about how all F's are sent when there's an ARP communication that happens when you have logical segmentation like that the broadcast is contained within that broadcast domain so the green ports are part of a single broadcast domain and hosts attached to those ports can only see and send broadcasts within that domain the red ports or any other VLAN the blue one they do not get affected they never see the broadcast they never get impacted by it it's a nice way of reducing the broadcast domain because broadcast is a good thing because that allows us to discover devices it's also a bad thing because it takes CPU cycles and memory not only on the switch but also the hosts that receive those frames that they don't care for so this is a way of kind of bringing order to the chaos if you will and in a traditional layer 2 Network like I said devices in one VLAN can't talk to devices another VLAN also one VLAN equals one subnet that's a one-to-one ratio so when we talk about IP addressing later when we discuss layer three that's section three of the course you'll get to learn what that means but just remember that one VLAN equals one subnet at layer three and finally vlans can also be used for security to control access now it's it's a very rudimentary level of security you cannot consider it by today's standards and by today's sophisticated type of attacks that are being launched VLAN is not going to cut it it's a very small minute piece of the puzzle that security is but nevertheless it's poor man's security at a very basic fundamental level that said now let's look at the command line interface here I am on the course switch in packet tracer let's take a look show VLAN brief that's the command you guys want to memorize okay so now we're getting our hands dirty that's how we become a network engineer right gotta gain confidence got to do Hands-On stuff that's what it's about so as you can see all of these ports that you're seeing on the switch are automatically part of VLAN one that's also called a default VLAN okay so I want you to keep that in mind that's also an exam question what's a default VLAN VLAN one on a switch is considered a default VLAN all the ports are automatically assigned to it now there's a couple of additional reserved vlans 1002 through 1005 we don't care for them because their legacy their obsolete we don't care for them the only one we care for is the default one and the ones that we will create now one thing you want to keep in mind though is do not use the default VLAN Cisco suggests that as soon as you get a switch create new vlans and make sure that all of your ports are outside of VLAN one because VLAN one is a low hanging fruit for hackers right Bad actors anybody and everybody on planet Earth knows that every single switch on planet Earth whether it's Cisco or non-cisco has VLAN 1 by default so they can construct frames they can they can do things that can cause Havoc within your searching environment using VLAN one but if you didn't allow the bad actor to do that that's good security to begin with that's good practice so that said let's go ahead and create our first VLAN so we'll do configuration terminal we want to type in VLAN let's say 20. and we'll call it sales and we'll what we'll do next is we'll create VLAN 30 and we'll call it marketing exit exit show VLAN brief and voila here we go we got sales and marketing vlans created now as you can see there are no ports in front of these vlans which means these vlans exist on the switch but as long as there are no ports associated with them they're useless like they're not doing anything they're not participating in any function on this switch so what we have to do next is we have to assign ports to these vlans and we have different types of ports and we'll get to the into the port types later but let's take a look at how to configure a switchboard to begin with interface range fast ethernet 0-11-15 that means Port 11-15 will be able to take this configuration switch Port mode access that means that these are access ports so if you recall access distribution core access is where we have n devices and end hosts plugged in we'll type in switch Port access VLAN let's say 20 which is the sales VLAN this command assigned fast ethernet 11 through 15 to this sales VLAN now let's do this next fast ethernet 16 through 20 we're going to go ahead and say switch Port mode access and switch Port access VLAN 30. exit and show VLAN brief and what you will now see is that sales has ports assigned to it and marketing has ports assigned to it so what that means is if you took port 11 and plugged a desktop into it or an IP phone into it it's automatically going to belong to this VLAN sales VLAN and if you have marketing folks you can go ahead and plug in marketing folks in marketing VLAN and you can have different types of configuration like DHCP server and tftp and other things for their phone and other types of configuration that their host can automatically get by being part of this VLAN and we'll talk through those design details later but these are the fundamental pieces that will help you understand how this works now if you wanted to delete vlans on a switch what you have to do is there's a very specific command you have to type in a command delete vlan.dat and you have to hit enter twice and then you have to type in reload so I went ahead and rebooted the switch so we can take a look let's take a look show VLAN brief and voila all those vlans are gone but the rest of our configuration is intact the next thing you want to talk about is vtp which stands for virtual trunking protocol now in my opinion it's a bad name because it's not about trunking instead vtp has to do with VLAN propagation here's what it means so when you have a brand new Switch that you pull out of the box it has vtp revision zero when you create vlans on it it automatically changes the revision number and when you have other searches on the network that are connected to that switch where you made the VLAN changes they automatically inherit those vlans that you created that was a very rudimentary form of automation back in the day it did have its positive sides but because it was able to also create chaos in the network meaning not every single switch in your network needs to have the same vlans maybe on floor one you have sales people on floor two maybe you have marketing people but perhaps those two switches are connected with each other through a distribution switch you don't want to delete a VLAN within the sales realm that somehow ends up causing changes to the switch in the marketing realm so because of its negative aspect vtp is not really utilized much here's a trick though if you want to add an old switch to your network most likely it will have a very high revision number make sure that you change the revision number by changing the vtp domain name and then changing it back to the original name so that's a bit of a trick if you wanted to avoid adding an old switch to environment and then that switched completely ruining your configuration throughout your entire environment ideally you should disable vtp some of the newer switches have the ability to actually type in a command that allows you to disable vtp in the olden days you would actually have to use a very specific mechanism to disable vtp and let's talk about that vtp has three different modes server client transparent server is a default mode on all Cisco switches it's the most powerful mode you can add delete change propagate vlans in this mode such as can send and receive Updates this allows VLAN configuration to be saved in the client mode it doesn't allow you to configure vlans it's a read-only mode it can send and receive updates though but VLAN information cannot be changed transparent mode on the other hand is the same as a server mode with the exception of the fact that a switch in this mode does not listen to VDP advertisements okay so this was the way of disabling vtp meaning if you're a transparent switch you're transparent to vtp meaning you don't care for vtp updates you're not going to change your database you're not going to pass on the updates to somebody else you're just a transparent device the do forward updates to other switches though in vtp version 2 only but they do not accept changes it's being deprecated most likely it's not going to be on the exam but it's good for you to know from a real world perspective in case if you ever have to troubleshoot v2p there's another concept related to vtp called vtp pruning so what that means is I'll give you a very quick example it stops unnecessary broadcast traffic from being propagated so for example if you were to look at the diagram that I have here you get all these different switches we have these different vlans configured as you can see the bottom switch does not have the yellow VLAN the yellow VLAN is the sales VLAN because the bottom switch does not need to see the yellow VLAN we can type in switchboard trunk pruning VLAN command on this port right here connecting to the bottom switch so the middle switch right here builds configure vtp pruning for that particular VLAN and any messages any broadcasts that are sent on that yellow VLAN will never be propagated down so it saves the switch at the bottom from having to deal with unnecessary broadcast and all of its hosts are also spared as well now let's quickly take a look at the command line interface for the vtp configuration let's look at show vtp status so as you can see it says we are in vtp version 2. revision zero maximum VLAN supported locally are 255 number of existing vlans is five once again this is the default Behavior right we haven't created any new vlans or anything like that the switch is in its default State and as I alluded to earlier by default you're in server mode switch is most vulnerable in the default mode reason is it can automatically pick up vtp parameters from other switches in the environment so if you're not going to use vtp in your environment you should go ahead and um change it to transparent mode and like I said some of the newer switches now have the capability of disabling vtp to begin with and the way we can change the vtp configuration is you go to the global config mode type in vtp space question mark and it will give you the ability to make changes here we can change the mode and we can change it to transparent if we do that the device ends up becoming transparent which means it can forward vtp information but it's not going to accept it if we did that on all the searches in our environment this essentially disables vtp across the board in our entire environment now let's talk about trunking so what trunking is is it's a mechanism that allows switches to allow multiple vlans to be sent across switches it's also known as tagging so what that means is it's a layer 2 technology trunking and as you can see this right here is a trunk port so a port that interconnect switches together is called a trunk port doesn't have to be the case but for the most part when it interconnect switches together that's where the trunk link is configured you can also have a trunk link configured between a switch and a router for example there are some exceptions to the rule but for the most part and the interconnect switches together like that the links that interconnect the switches are called trunk links and as you can see here if the switch at the top has green and red VLAN and same as the bottom switch they need to be able to send frames that belong to both vlans the red and the green one so the trunk link carries multiple vlans inside it there are two different VLAN tagging protocols the first one ISL which has been depregated it's obsolete now it's called inner switch link protocol Cisco proprietary it used double tagging and all that whereas dot 1q that's the industry standard it uses an internal tag it's much more efficient because it has a single tag and it also has a concept of native VLAN on a trunk what's a native VLAN any VLAN anytime is switch receives untagged frames they're handled by the native VLAN they're not encapsulated with tagging bottom line the native VLAN allows untagged frames to be carried across such as over dot 1q Trunk by the way 802.1q is also referred to as dot 1 Q so something to keep in mind here's the structure of the frame up at the top is the ISL which added 26 byte header that's a huge overhead contrast that to the 802.1q header which is only 4 byte in length and if you were to zoom into the four bytes you'll see we have the tpid we have the priority what you care for are the two fields in here priority this has to do with class of service cos or class of service or quality of service we'll discuss this later in the course and the ID or the VLAN identifier or the VLAN ID and it's a 12-bit field which means it goes from 0 through 40 90 5. another thing I want to talk about is dtp or dynamic trunking protocol it auto negotiates a trunk between switches so what that means is when you have a switch let's say switch one and you have another switch switch 2. the minute you connect them together and they start talking to each other they will Auto negotiate a trunk over this inner link between the switches and it's a Cisco proprietary protocol and it uses either ISL or dot 1q if both ends support both types and ISL is favored because it's Cisco proprietary now another element which is very important is switch Port modes a Cisco switch can only be in one of the following five modes you've got yourself the access mode so this is so if you guys remember we did switch Port mode access right so this is where the end stations are plugged in your PC your IP phone things like that trunk is a switch to switch or a switch to router connection and the way we configure that is switchboard mode trunk command then what we have is the dtp that we just discussed right Dynamic trunking protocol these are the two elements that come into play with dtp either we have the dynamic auto mode or dynamic desirable mode Dynamic Auto is a passive mode and the way it can it works is if both sides of the switch has switch Port mode Dynamic Auto configured then the link will never become a trunk because it's a passive mode one side has to be active Dynamic desirable however on the other hand is an active mode so if you had one side that was Dynamic desirable and the other side that was Dynamic Auto then they will form a trunk if both sides are Dynamic desirable they will still form a trunk but if both sides are Dynamic Auto they will not won't form a trunk so very important distinction to keep in mind if you wanted to disable dtp you can just type in switch Port no negotiate command so you can disable the dynamic trunking protocol now let's go back and look at the CLI and see how we can configure trunks I'm on the core switch I'm going to go ahead and con go to Global configuration mode and modify interfaces fast ethernet one and two and make them trunk link so I'll go switchboard mode trunk so now I've essentially made these ports trunk ports because that's what I have right my fast ethernet one and two if you were to go back and look at the diagram my fast ethernet one and two are Trunk links because they're connected to access switches because I'm the core switch and the next thing you want to type in is switchboard trunk allowed VLAN so here we can specify if you want certain vlans to be allowed or to be removed from the list here you can once again this is another kind of a security element where you're being very specific in terms of what vlans you want to allow across a certain trunk link you can do that here let me go all the way back to the user exec mode here let's look at a couple of additional commands show dtp so this shows that we actually have dtp running another important command to look at is show interface trunk this shows us the type of trunk we have so we got two links that are connected to switches fast ethernet one is connected to switch one access switch one faster than connected to access H2 here we have encapsulation set 2.1q and we are successfully trunking as I mentioned we also have this concept of native VLAN once again the whole idea of native VLAN is if you ever receive untagged frames which we should never in an ideal scenario but if you had like an old school Hub or some non-cisco switch that does not understand tagging for some reason and if we were to receive that frame it can be handled by native VLAN it's a mechanism for allowing untagged traffic to be sent across switches that's what Native VLAN does so ideally according to Cisco we should never have native VLAN set to VLAN 1. native VLAN should be set to something other than VLAN one so to show you how to do that we'll go to configure terminal we'll go to interface range fast ethernet 1-2 and we'll type in switchboard trunk native VLAN and we'll call it VLAN 10. so we made the native VLAN VLAN 10. it's no longer the default VLAN now let's make sure we also have show VLAN brief that VLAN created see we don't actually have that VLAN here so it's not actually going to work what we have to do is we have to go to configure terminal and type in VLAN 10. so we actually have that VLAN that's why we received this native VLAN mismatch message because we didn't actually have VLAN 10 configured on our switch now let's look at showbiland brief we have VLAN 10 that's good and now let's look at show interfaces trunk and the native VLAN is set to 10 we should stop seeing that error message that we saw earlier where Cisco Discovery protocol or CDP was complaining that there was a mismatch speaking of cdb that's also a pretty powerful way of looking at our topology so if you can type in a command show CDP and it shows us whether or not we're running CDP and if you did show CDP Neighbors show cdb neighbors as a cool command because it quickly shows you who our neighbors are the name of the device and the port over which we're connected with them and also the platform it's really really cool it's a very very powerful command especially if you're a consultant and you walk into a brand new environment you have no idea how it's set up if the customer has shared the diagram with you diagram is fine but this is how you verify the diagram to make sure at a physical level the diagram represents how things are connected together because remember guys when you're troubleshooting or you're building or architecting a network every single link and how it's interconnected matters that's how you figure out whether or not things will work as predicted welcome to CCNA 200-301 course today I'm going to discuss section 2 part 2 Lan wired and Wireless in particular we're gonna focus on Advanced Lan switching Concepts here are the topics I plan on covering today first CDP second STP pvsd and rstp third STP optional features fourth ether Channel and finally I'll wrap it up with inner VLAN routing so what is cdb cdb stands for Cisco Discovery protocol as the name gives it away it's Cisco proprietary meaning only Cisco devices speak this protocol the whole purpose of this protocol is to help discover neighbors so for example if I'm a switch and I have other switches and routers plugged into me when CDP is enabled everywhere I can see who are the neighbors that are connected to me typically Network engineers and Consultants use CDP to verify physical connectivity of a network and I'll give you an example of how that works on a switch CLI in a moment the way CDP allows Discovery to happen is through CDP messages and these messages are sent across all ports on all routers and switches by default another interesting tidbit Cisco IP phones use CDP to learn both the data and voice VLAN IDs that are configured on that access switch port and finally lldp or link layer Discovery protocol is a competing standard to CDP and is defined in IEEE 802.1 a b standard if you happen to have any non-cisco switch in your environment whether Arista Juniper or you name it any other switch it runs lldp for the purpose of discovering neighbors so what you would have to do in that instance is if you have a mixed environment Cisco and non-cisco you should actually run lldp everywhere instead of running CDP because this way whether you're connected to a Cisco neighbor or a non-cisco neighbor you can discover and see what's going on now just by looking at these bullets it's probably not sinking in much let me jump right into the CLI so I can help you crystallize how CDP works here I am on switch one here's the magic man you want to know show CDP Neighbors on switch one what I can see by running this command is that I've got three different devices that are plugged into me and those three devices are I've got switch 2 plugged into me over fast ethernet 0 12. and the capability flag here corresponds to s switch because it's a switch and the platform is 29 Catalyst 2960 and the remote Port ID the port ID of the remote switch that's plugged in is this similarly S3 right below it is connected over fast ethernet 0 13. the flag is also s and platform as Catalyst 2960 remote Port happens to also be faster than a zero slash 13. finally R1 our local interface is gigabit Ethernet zero one flag is set to R because it's a router it's an ISR 4300 router and the remote interface on that router that is pointing toward us is gigabit000 now another interesting command that gives us a lot more detail about our neighbors is show cdb neighbors detail now one thing I would like to draw your attention to here is that I've got so here we're looking at router one and I can see the IP address of router one so that's pretty neat right so as you can imagine if I've got other devices plugged in and I'm walking into an environment completely cold as a consultant I had never worked in this environment before I have no clue how this environment is set up by using show CDP on different switches and routers I can start to map out how the network is set up I can actually create a diagram with physical connections so I can see how it's all interconnected in addition as a bonus I can also specify the IP addresses of the devices as well so really really cool feature now I'm going to warn you it works wonders when if it's a small environment but the minute you start looking at gigantic Global environments it's not going to work if you have hundreds of searches or thousands of searches it's Insanity to go to each switch and start mapping things out you're gonna go crazy instead there are other tools that you can use for monitoring purposes and things like that but at the same time typically larger networks the network Engineers that manage those environments have really good documentation or they're supposed to have really good documentation that includes really nice Visio diagrams some additional documentation that talks about the purpose of each device in the network and things of that nature now if you want to disable CDP on a switch we type in no CDP run command and when we do that this essentially kills CDP on the entire switch which means we're not going to be able to see our neighbors and vice versa our neighbors are not going to be able to see us because the CDP packets CDP messages CDP frames have been killed CDP basically just so you know runs at Layer Two this disables it at a global level on all the ports but let's say if if he didn't want to do that he would do CDP run so we enable it again on this switch but what we can do instead is we could go to a particular port and at the sub interface level we can do no cdb enable and what that would do is kill CDP on this interface only so there are two different ways of doing it one at a global level with no CDP run or we could do it at a per interface level by typing in no CDP enable now if you wanted to enable it back on this interface all you would have to do is just delete that keyword no in front of the command just type in CDP enable and boom it's gonna enable CDP again on fast 01. now that being said if you wanted to set up lldp on our switch we can do that by first disabling cdb and by enabling lldp run and when we do that it's going to enable lldp on the switch now we're going to have to type in the same command on all the other switches and routers to make sure we have a standardized environment and we're sending same type of packets and we're able to see each other so you can have to go to all the remote devices and do the same thing I'm not going to go much into lldp because it's very similar to CDP I just wanted you to understand conceptually how that works now let's talk about STP what is STP it stands for spanning tree protocol it's a layer 2 protocol and the entire purpose in life for spanning tree protocol is to create a loop-free topology by blocking redundant links why do we need to do that well in a network we need redundancy without redundancy we find ourselves in a bad place so to give you an example let's say we have a couple of switches here so we got switch one switch two switch three they're all connected to each other back to back in a daisy chain Style and we got host a here connected to switch one and we got a server one connected to switch three now if this guy let's say Bob wants to connect to the server he's gonna have to go this direction well what if this link fails the entire communication fails what if this link fails the entire communication fails that is unacceptable so what we do is we create redundancy by having a scenario like this where we have redundant links so if any of these links went down we still had another path to go from Source from Bob to the server from source to destination right that's the entire idea of having a network but the issue is that when we do this type of redundancy in a layer 2 Network without running spanning tree protocol we run into some major issues and there are three big issues that I would like to bring to your attention issue number one broadcast storm issue number two cam table instability issue number three transmission of multiple frames to the destination well what does that mean let me explain on the next slide in a scenario like this where we have host a connected to a switch host B connected to another switch and these two switches are connected to each other via a single link that's not a problem they can talk to each other all day long even without running spanning tree not an issue but the minute we add the second link into the picture here well we got ourselves a problem if you're not running STP what's going to end up happening is when Jose wants to talk to host B it's going to send an art message address resolution protocol so remember arp we already have a layer 3 IP address of the device you want to talk to in this case host B but what we do not have is the layer 2 Mac address that's the question mark so what we end up doing is we construct an ARP frame and we send it out and at layer 2 of this R frame if you were to like zoom into it what we'll see is that the destination Mac address field is set to all F's because host a does not have the entry of Mac address for host B in its ARP table that's why it sent the art message to begin with when that happens the switch in the middle let's say switch one and the top one is switch two switch one is gonna get it and it doesn't understand layer 3 at all so it's only going to look at source and destination Mac address and it looks at the source Mac it goes ahead and puts the MAC address of a and it's and then scam table or Mac address table however when it looks at the destination field it realizes that it does not have that in its cam table or Mac address table so it sends out a broadcast so this is the port that it initially received the request on it's not going to send the broadcast out here however it will flood this Frame out all the connected ports so switch 2 is going to get that frame twice over each link and host B is going to get that frame now when host b gets that frame it's gonna respond back with its Mac address because when it looks at the layer 3 destination IP field that IP address will match its own IP so it responds back to host a with its Mac address when it does switch to learnset Mac address and puts it in its cam table or content addressable memory table we have redundant links so the frame is being sent out both links in all directions and switch 2 gets that frame that was initially sent by switch one it's gonna send it back out to switch one again it creates this it just kind of broadcast storm where the frame keeps looping around the network over and over and over again and unfortunately at layer 2 we do not have what's called a TTL value or time to live value which we do at layer 3 but at layer 2 we do not have TTL at layer 2. so what that means is the frame can literally loop around forever and ever and ever bringing the network to its knees unless you turn off the switches or you break one of the links or you do something manually to stop that from happening so that's the first problem we get the second problem we have to deal with is the cam table instability so let me explain let's say if this is Port 1 and this is Port two and switch one sends that frame out to switch to with the source Mac address of host a not only switch 1 is going to learn it but such two will also learn it because of the fact that that source Mac address is in that layer 2 header field so it's gonna grab it and insert it into the cam table that's what switches do they learn Mac addresses let's say if that frame arrived maybe a few milliseconds before arriving over Port 2 switch 2 is gonna have confusion in its Mac table it's gonna say well I've got Mac address a available over port 1. but then the same frame arrives a few milliseconds later it's gonna get confused and go no no no it's not over Port one it's actually on Port 2 is where Mac address of a lives and when it does that it's going to keep switching back and forth as it continues to get frames and this causes Mac instability Because You're Gonna Keep switching back and forth between Port 1 and port 2. and finally because we have these redundant ports and multiple frames the host may end up getting multiple copies of the same frame and it would cause issues the application that host B is running might actually crash because it may not know how to handle duplicate frames so these are the three big issues that occur in a network when there's no spanning tree running now let's jump into STP fundamentals as I mentioned it's a link layer protocol it's a layer 2 protocol designed to ensure Loop free topology it's defined in IEEE standard 802.1d so it's an open standard it's not proprietary to Cisco which is good switches use special frames called bpdus or probes to exchange information about Bridge IDs and root path costs and we'll talk about those details momentarily you'll be an expert in a few minutes but before we get there what are BPD use their Bridge protocol data units bpdus are essentially spanning tree advertisements bpdus are sent out all active ports on a switch every two seconds by default however on the non-root bridge bpdu hello messages are sent based on the timer configured in the root search so let's say if on the root search you change the timer to a non-default value the non-root bridges will adhere to that non-default value and remember the main function of STP is to do what to discover Loops in the network and find the most efficient way back to the root and block the Redundant links now let's talk about Bridge ID each bpdu frame contains within it two measure Fields a bridge priority and switches Mac address combined together it's called Bridge ID or bid so here we get to see that we have a bridge ID of 8 bytes altogether at Layer Two we're basically looking at a layer 2 header of the bpdu we got the bridge priority here which is two bytes which means it's a value anywhere from 0 to 65 535 default is right in the middle and the other piece of it is the MAC address which is six bytes and that Mac address is derived from the back plane of the switch or the supervisor so if it's a fixed switch this Mac address is derived from the back plane if it's a modular switch with supervisor modules in it it's going to derive its Mac address from the supervisor module default Bridge priority is 32 768 and it can be modified in the increments of 4096. now one thing I want you guys to keep in mind is when it comes to bridge priority lower value is better one more thing about bpdus there are two different type of bpdus you have configuration bpdus and you have topology change notification bpdus configuration bbdus are originated by the root bridge and their flow outward away from the root whereas the topology change notification bpdus float toward the root bridge for providing topology change updates now let me explain what I mean by that right here if this guy up at the top ends up becoming a root Bridge of our Network what that means is all of these switches here in our environment are gonna try to find a way back to the root without causing Loops so what that means is this link will get blocked this link will most likely get blocked and access switch one at the bottom will go through distribution switch one up to core switch one and access H2 is going to go to distribution three up to core switch one so the idea is that we always want to have a single path toward the root bridge and this inherently helps us avoid Loops because we're only going in One Direction and there is no opportunity for the same frame to kind of boomerang or loop back around to us because we're only going in One Direction so that's the whole idea of STP so we have this root bridge and everybody kind of gravitate towards this root bridge and it becomes the center of the universe for our STP domain now as I mentioned there are two different type of bpds config bpdus and topology change notification bpdus now configuration bpdus are sent by the root Bridge so the root Bridge actually sends configuration BPD use and they're sent down this way Downstream another terminology I want you to understand when we go up toward the root that's Upstream when we go down from The Root Down to the other switches that's called Downstream so the core switch sends configurations BP to use Downstream whereas the topology change notification bpdus are sent Upstream by the non-root bridges to inform the root Bridge of any change that happened in the network now let's talk about three steps of initial STP convergence very very critical to understanding STP first thing that happens is we must select or elect one root Bridge so as soon as you have these multiple searches in your environment connected together they come online the first thing they want to do is they go through a series of steps and the very first step in the process is to elect one root Bridge or the King of the Hill if you will all such as exchange BPD use and the switch with the lowest Bridge ID ends up becoming a root bridge by default so for example in the topology that we have here this bottom switch ends up becoming a root bridge and the reason for that is because it has the lowest Mac address so remember the bridge ID is composed of two components we got the bridge priority and we got the MAC address and this right here is the bridge priority so if you were to look at all these the reason switch a became the root bridge is because from a hexadecimal perspective is lower then B or C because a in decimal is 10 whereas B in decimal is 11 C in decimal is 12. so this guy becomes the root Bridge however root Bridge election can be manipulated by changing the priority in Bridge ID since Mac address is hard coded into each switch so because we can't change MAC the only way to influence the election process is by changing the bridge priority and I'll show you that on a CLI in a moment by the way a pro tip because the lowest number MAC address ends up winning the election what that means is the oldest switch in your network that you bought in 1990s that is still out there sitting in a closet somewhere most likely will end up becoming a root bridge if you don't Define a rude Bridge yourself so it's a bad place to be something you have to keep in mind and I've seen some networks and very very ugly designs where Netflix administrators didn't really pay attention to what was happening and they let spanning tree do its thing by default it's not good it's very bad and I'll give you a couple of examples including a visual example to show you how bad it is alright step number two after electing the root Bridge we want to elect root ports root ports are elected on the non-root bridges it's the closest port to the root Bridge every non-root search needs to have one root port and only one the third step in the initial convergence is so first we elected the root Bridge second we elected the root Port third we want to elect designated ports after the root ports are assigned switches allocate one designated Port per link designated Port equals forwarding Port so if you were to look at the topology here considering the bottom switch is the root Bridge both switch b and c will have a root Port pointing to the roof and then switch B will have a designated Port pointing to switch C however the port on switch C going to word b is going to be in a blocking State and one thing I wanna touch base on when it comes to this blocking Port is that the data plane traffic on the blocking Port is dropped only control plan traffic is allowed because control plane is a spanning tree right and I actually did a video on the topic of control plan versus data plane watch my sdn video software defined networking video to learn more but once again on the blocking Port there's no user data traffic that's sent because again the idea is you want to avoid frames from looping around the network quickly here's our Network topology that we'll be working with today when it comes to spanning tree as you can see we got a couple of switches connected in a triangle and we got each switch has a router hanging off of it now before I jump into CLI let me finish talking about the election process and then jump into CLI because I think that will help crystallize some of the concepts that we just talked about so how STP elects the root Port per switch first as I mentioned earlier we must elect a root bridge this is the switch at the lowest Bridge ID it ends up becoming the root Bridge once that happens that's out of the way the next thing you want to focus on is the root Port election First Step here is the lowest cost to the root bridge in case of the same cost on multiple links so for example if the switch at the top is the root bridge and the switch at the bottom it's a non-root bridge if I have two links like that both are 100 Meg links the cost is the same on both links so I can't use that criteria to elect a root port the most efficient Port going to the root Bridge right I cannot do that because the cost is the same on both links what we do is you look at the lowest sender Bridge ID and if that is also a tie then we finally look at lowest Port priority now this is very very random this is an absolute tie breaker and you will absolutely finish the election process here because each Port has a unique Port priority that said so as I mentioned the cost there's an inverse relationship between the bandwidth and the cost so for example a 10 Meg link is a 100 in STP cost but a 100 Meg link is 19 in STP a gig e-link is four in STP and a 10 gig link is two when it comes to STP cost which means the lower the STP cost the better and the more preferred the link would be that said let's jump right into the CLI so here I'm on switch three let me go ahead and quickly look at a couple of commands show spanning tree that's the first command I want to look at here what it's showing me is that this bridge is the root what that means is that I am the root Bridge so S3 in our topology is the root bridge this guy right here and a couple of things I would like to bring to your attention here first like I said this bridge is a route that's important here's the bridge priority and the MAC address which is right here should be the same as here because we're the root bridge and we see things like you know the hello timer like I said two seconds the max age timer is 20 seconds there's a forward delay of 15 seconds and then aging time is 20 seconds couple of other things I want to draw your attention to is that we're connected to a couple of different devices here on our Network that are also running spanning tree so because we have the root Bridge we've got fast ethernet 13. specified as a designated Port which means it's it's in forwarding status and the cost is 19 because it's a hundred bank link and we see the port priority number here 128.13 and fast ethernet 0 23 with the cost of 19 which is also 100 Meg link we also have a gigabit Ethernet link connected to our router and the cost there is four there's no point in running spanning tree uh to the router because routers don't speak spanning tree they understand layer three so we can ignore the bottom link but the key is the first two links now let's see what we see on the other switches in our environment here I am on switch one and let's do show spanning tree and what I see here is that the running spanning tree which is the IEEE version this is once again open standard meaning if you had a non-cisco switch we would be able to speak that to them root ID priority is set to 32 769 this is the MAC address of the root bridge and our cost to get to the root bridge is 19 and we're using port 13 to connect to the root Bridge whereas the bridge ID piece shows us our own properties as a local switch so as S1 my priority is 32 769 as switch 1 my Mac address is this and then all these different timers STP timers another thing to note here on S1 once again forget about the bottom one because that's that's router so we don't need to worry about spanning tree with the router you can just ignore that let's just focus on the top two so fast ethernet 0 12 that's my connection to switch 2. that's a designated port meaning I'm able to forward traffic on this link and the cost is 19 which is once again 100 Meg fast ethernet 13 is a root port that support I'm going to use to connect and communicate back to the root and the port cost is 19. looking at this diagram here S1 makes this the root port and makes this the designated Port word S2 well why is that a couple of things well the guy at the top S3 is the root Bridge right so as you can visually see S1 is physically plugged into S3 and this port right here this link is 100 Meg and 100 Meg if you remember the chart that I showed you earlier is 19. STP cost so that's the cost of going to S3 now what's the cost of S1 connecting to S3 via S2 well that's 19 here for this link and 19 here for this link well that's 19 plus 19 equal 38. so that's a total cost of 38. so of course you're going to prefer the lowest cost because lower is better plus you're physically connected to it so it makes sense so this is one way of visually looking at and making sense of how STP operates another is to do a bit of a deeper dive but before I do that now let's go ahead and jump on the CLI of switch 2 so I can show you spanning tree there and then I'm gonna do a deeper dive let's quickly look at switch 2 and see what's going on here so show spanning Tree on this switch shows me that the root ID is this Mac address it's not us because it doesn't say this is the root Bridge right so remember that right so the keyword this is the root Bridge here in this portion verifies that us locally are the root bridge but in this case this switch is not the root Bridge because we can clearly see that there is a MAC address and there's a cost associated with that and it's showing us the bridges available over port 23. and our Bridge ID another visual verification is that the MAC address here is different than the MAC address here so this is our local Mac address and the MAC address above here is the root Bridges Mac address so that's another visual verification that we're not the root Bridge somebody else's in the network now something really interesting is happening here once again forget about the router right you don't want to look at that because that will only confuse us let's only look at the other two switches that are connect connected in this environment switch 2 is connected to switch 1 over fast ethernet 12. the role here is blocking and the cost is 19. so this link right here is actually being blocked meaning no frames are going to be sent no data is going to be sent no data plane traffic at all only bpdus will be received but no traffic user traffic will be received fast ethernet 0 23 on the other hand which is switches search 2's connectivity to the root bridge going back to the diagram here this is the root port and this is in blocking State this right here because remember in STP we must have a port that's blocked otherwise we'll have a situation where frame goes out and loops around the network forever and ever and ever and brings the network down to its knees completely kills the CPU and memory and chews up pretty much all the capacity on all the devices and that's a bad place to be because there's no TTL value at layer 2. so the frames never die they live forever that said let's quickly figure out why in our topology this guy became the root Bridge and this guy had a designated Port allocated to it in this direction and this guy had a blocking Port why is that how did this happen well remember it goes back to the bridge ID which is a combination of two things Bridge priority and the MAC address well Bridge priority by default is set to 32 768 that's a default value in all Cisco switches and the MAC address is the only tie breaker at that point and remember the older the switch is the lower the MAC address is the more preferred and the lowest Mac address ends up becoming the root Bridge now let's find out if that is the case now let's go ahead and grab Mac addresses of all of these switches and do the math and figure out how they decided to do what they did so if you were to go to our topology here and here are all the Mac addresses that I grabbed off of these switches I did the hexadecimal math in my last video so check that out but I'll give you a quick walk through of it again if you were to do an eyeball comparison you can clearly see that in all of the Mac addresses in the first octet the first two values are all zeros where things start to differ is the third value right here so as you can see switch 3 became the root Bridge so the reason it became a root bridge is because if you look at the values here 3 is the lowest out of all these three then nine and D in hexadecimal is actually 14. that's why it's all based on the Mac address because once again we only have two things to choose from either the bridge priority or the MAC address because Bridge priority is the same on all the Cisco switches by default it comes the tie breaker comes down to the Mac addresses that's why switch 3 was elected as a root bridge now let's quickly talk about spanning tree switch Port States there are five different switch Port States number one block in order to avoid Loops which puts support in a blocked State makes sense we just looked at a blocking port a moment ago it takes 20 seconds for STP to transition a port from blocking to listening state the next state happens to be the listening state here the port stays in this mode for 15 seconds before next step switch sends and receives bpdus when it's listening in the learning State Port stays in this mode for about 15 seconds such populates the cam table in this mode so meaning it's learning the Mac addresses then the next stop is forwarding State Port starts forwarding traffic here another state which is not officially part of the port state but it's definitely there is disabled when Port is manually shut down when you type in the shutdown command it's considered to be disabled and at that point it's not participating in STP because it's been manually shut down now let's add up all the timers to see how long it takes for the port to come up so we're in blocking stayed for about 20 seconds listening for 15 learning for 15 seconds finally if you're forwarding if you were to add it up 20 plus 15 is 35 35 plus 15 is 50. total transition time is 50 seconds believe it or not when you have a link failure in a spanning tree environment it takes 50 seconds for the existing links to reconverge what does that mean let me quickly visually explain this to you if I have a switch here and if I have a switch here and a switch here they're interconnected like this if this is the root Bridge and this has a designated port and this is blocking right here if this link goes down which is the root Port if this goes down toward the root bridge on this particular switch let's say this is switch two this is switch one and this is switch three if this root board goes down for whatever reason it's going to take us 50 seconds to reconverge and reroute traffic across such one to get to switch three Now by today's standards 50 seconds is bad it's really really bad to fix that there are enhancements that were made to the STP protocol now keep in mind sdb has been around since 1990s so it's been around a long time so enhancements had to be made finally I've got this real world behavior for you when it comes to STP so let's say you just set up a brand new network and you had some old switches and you got a bunch of new switches that you kind of put together and created this network and you connected them up like the way you're seeing in this picture what's going to end up happening is that through the magic of STP the switch all the way up at the top is going to end up becoming the root Bridge reason for that is because it has the lowest Mac address right all the other values are the same when it comes to the priority root Bridge priority that's the same the only difference is the MAC address well the next step that happens is we're going to have root ports that are going to go toward the root and then we're going to have a bunch of blocked ports and designated ports well if I were to eliminate all the Redundant links that were blocked look at how sub-optimal this network looks when we let STP do its thing first of all this switch up at the top is an access layer switch access layer switch should never be a root Bridge because root bridge is the one that is remember at the center of the universe so all the traffic must go through the root bridge to get to the other switches so in this environment we're sending all the traffic to a closet switch an access layer switch that's a bad idea plus this switch might be 20 year old okay whereas these switches right here could be the latest Catalyst 9500 switches well if that's the case this is such a waste because we have switches that are worth hundreds and thousands of dollars versus a switch that was bought 20 years ago that's virtually worthless at this point and is a choking point in the network because remember it's it only has 100 Meg links whereas these guys here could have one gig 10 gig switches these days have up to 100 Gig type of connectivity we're right on the heels of 400 gig um so that's a bad design you do not want to let STP do its thing by default because like I said it automatically picks the lowest Mac address and if you look at the how the manufacturer IDs work with Mac addresses whenever a manufacturer starts producing switches it starts off sequentially so it starts off with a number and then from there it it continues to add more values to it so by that token what that means is the newer switches are going to have a higher Mac address and the older switches will have a lower Mac address so that's a huge problem instead we should manually pick these core switches make one the root primary and make the other the secondary route and go from there now let's quickly shift our attention to pvst it stands for per VLAN spanning tree all new Cisco switches run pvst out of the box it's a Cisco proprietary protocol that is something you have to keep in mind only Cisco switches run pvst by default and they utilize ISL trunking pvst creates a spanning tree instance for each VLAN so here the idea is that it's per VLAN spanning tree so instead of having a single spanning tree for all the vlans now we have a VLAN specific spanning tree and what that does for us and before I get into the functionality effect let's kind of discuss first the layer 2 frame header architecture of pvst so from a layer 2 standpoint what we have here is a couple of things so if you recall the spanning tree the regular spanning tree which is called CST or common spanning tree this whole field if you guys recall was called a bridge priority there was no VLAN idea there right this whole field which is two bytes or 16 bits was Bridge priority and then to the right was Mac but here we have a bit of a different story with pvsd you still have the bridge priority field but we also insert in the middle a VLAN field it's a 12 bits field and all together the bridge priority still happens to be from 0 through 65 535 we typically use the default value on all the switches 32 768. and then the MAC address which I mentioned previously is derived from the back plane on fixed switches and from a supervisor module on the modular switches finally pvst Plus is the same thing as pvst but it's supported over 802.1 Q trunking since 802.1q trunking is the default standard in the industry these days most likely on Cisco switches you're going to see pvst plus being ran by default so that is something you have to keep in mind how does pvst work so let's quickly talk about that here's an example this switch right here if this ends up becoming a root Bridge for all traffic what's gonna end up happening is whether the traffic belongs to VLAN 38 or it belongs to VLAN 77 everything all traffic is gonna be funneled through switch a but what we can do is to better utilize the switch at the bottom because everything is going through switch a switch B for the most part is going to be sitting idle right and that's not good because we spent money and in networking we also want to utilize our resources efficiently so what we do is you say you know instead of using switch a as primary as root bridge for all the vlans how about if you went ahead and made such a primary for VLAN 38 and we made switch B primary for VLAN 77 this way if host a which happens to be on VLAN 38 wants to talk to host C on VLAN 38 the traffic will flow this direction however if the hosts at the bottom of the screen host B want to talk to host D the traffic can flow this direction because we now have two different route Bridges so as you can see here this allows us to create a very efficient layer to network that's why pvsd was designed by Cisco to create efficiency in our layer 2 Lan now let's talk about rstp what is it stands for Rapid spanning free protocol it's defined in IEEE standard 802.1w it's industry standard anytime you see the word IEEE that's industry standard meaning Cisco non-cisco pretty much all networking devices support that feature rstp has the same underlying Concepts that I have just finished covering from a regular span entry perspective or the old school spanning tree perspective however it has fast convergence time so that's why I have the picture of this Jet right I want every time you hear the word rapid spanning tree it means fast convergence time and if you guys recall it took us 50 seconds to converge on a regular spanning tree here it's much much faster and they'll talk through those details another important element that I want to bring to attention is that in a traditional spanning tree when the port is blocked we don't worry about the BPD use we don't listen to the bpds we still receive bpdus but we don't store any information so the drawback of that is if you have two switches like that and the top guy is the root Bridge let's say switch one is a root bridge and switch to is the non-root bridge let's say if this link is in Block state or blocking state what ends up happening is if this link goes down for some reason and we have to reconverge we'll have to wait about 50 seconds for this port to come up why because until then we'll keep dropping anything we're receiving here we're not going to remember anything and we're gonna have to run the entire spanning tree we're gonna have to go through all those different port States listening learning and all that and eventually get to the point where we're forwarding traffic whereas with STP the big difference is that it's proactive in nature and what we do is the block boards still keep the information that it's getting from the bpdus in its database and it significantly accelerates the convergence we go from 50 seconds down to either one to two most of the new switches are capable of converging under sub second that is really really amazing significant Improvement and that's where rstp comes in now there's a difference in such Port States instead of five different states that we talked about previously when it comes to common spanning tree or the traditional spanning Tree in Rapid spanning tree we got three different port States instead of five the first one is called discarding here what's happening is all incoming frames are dropped and no Mac addresses are learned by the switch discarding equals disabled plus blocking plus listening so if you guys recall these are three separate Port States previously in the traditional spanning tree here they're all combined together and are called discarding the next is called learning here it's pretty much the same as the traditional STP learning State here the switch is populating its Mac address table but the incoming frames are still being dropped and finally once we have learned the Mac addresses and the database has been successfully populated we start forwarding the frames and that's called the forwarding state so keep this distinction in mind most likely they will hit you on the exam but this question difference between traditional STP versus rapid spanning tree what is the difference between the switch Port States so keep this in mind some of the port rolls when it comes to Rapid spanning tree we have what's called a root Port you guys already know at this point all the non-root bridges have to have one root port and only one back to the root then we also have a designated Port it's the best root path cost the route on a non-root bridge after we identify the root Port we then specify a designated port and by the way it's also considered a forwarding port on the root Bridge all the ports are designated ports because they're all in a forwarding State all the time none of the ports on the root Bridge ever get blocked that's the whole point of having a root Bridge and then we have an alternate port in STP this is called a blocked Port but the difference in Rapid spanning tree is that the alternate Port remembers the block board as an alternate route back to the route and finally we have an edge port and that's the one that connects to the end device so if you see in the diagram here to the right the host at the bottom of the screen would be considered that Port pointing to that host or connected that host would be considered an edge port so let me quickly walk you through this animation so let's say if the bottom switch is the root Bridge then what's going to end up happening is the top two switches they're directly connected ports are going to become root ports one of the switches is going to have a designated Port the other one is going to be an alternate port which used to be called a blocking Port but now it's called alternate and the port where the end host is plugged in is called an edge Port now let's quickly talk through some of the optional features of spanning tree first we're going to discuss portfast this is a feature that allows a port to immediately start forwarding as soon as it comes online it doesn't have to go through all the different spanning tree timers significantly enhances the speed it's used in the access layer facing the end hosts which are called downlinks right all the down links where the hosts are plugged in that's where you would enable portfast there are a couple of commands I want you to take a look at and they'll also check these commands out momentarily on the CLI one is in a global configuration mode the command portfast default spanning Tree Port fast default and the next command is at a sub interface level under the interface you can also specify if you wanna set up the port as a portfast typically a good practice is to go with the second option where at the interface level you define whether or not you want to enable portfast instead of globally enabling portfast and all the ports on a switch because what if that Port is not being plugged into an end device instead if it's connecting to another switch that would cause issues another feature that I want to talk about is more of a security feature kind of related to portfast it's called bpdu guard it's linked to portfast in a sense that once you have portfast enabled let's say on a global level on a switch on all the ports you would also want to enable BPD guard because what it protects you against is if most of the ports of on that switch are going to be plugged into an end host if any of the end hosts let's say if there is a bad actor or a hacker connected to a PC on one of the down links and pretends to be a switch and this starts sending bpdu messages remember only searches send BPD messages and stations cannot because these are STP advertisements right so you should never receive ads STP advertisements ever from a down link bpds are always exchanged on the up Uplink level between the switches or trunk links so what ends up happening is if you do end up receiving bpdu messages on a port that is facing a host then that Port will actually be put into an error disabled State because you should never receive a bpdu from a port that is an end device facing port and this feature should be enabled on all the switches in your environment to protect you against receiving bpdus on ports that have portfast enabled on them once again you have the global configuration command you can type in spanning Tree Port fast BPD ugar default or you can do it at a sub interface level and you can say a spanning tree bpdu guard enable once again the difference is the First Command enables it globally on all the ports the one below it will only enable it on the port that you want to have it enabled on so let's say if you have a 24 Port switch if you specify the last command under a very specific Port let's say fast ethernet zero slash one then that's the only Port that will have bpdu guard enabled and no other port on that switch will have that enabled now let's quickly jump into a command line interface because I want to show you a couple of things all right I'm on switch one in our topology let's go ahead and quickly look at show spanning tree detail I want to show you something real quick one quick thing I want to draw your attention to here is I'm on search one and why would such one choose port 12. compared to Port 13. as the designated forwarding port and then choose port 13 as the root forwarding Port right what decision criteria did it use so one thing I want to draw your attention to is if you see Port 12 which is facing S2 our path cost to reach that destination or the root bridge is 19. and the designated path cost this right here 19 which is advertised To Us by the remote neighbor which happens to be S2 in this case is also 19. so our path cost here is 38. compared to the path cost that we have on port 13 which is only 19. so once again lower cost is better once the reason it's 19 is because it's a hundred megabits per second link so if you guys remember the chart that I showed you 38 means I have two links that are 100 Meg each or two hops to get to the root Bridge and remember networking guys less hops are all this preferred over more hops right because more hops mean more latency more chances of the traffic being dropped more chances of the delay in the network more points of failure so the way all the layer 2 and layer 3 technologies have been architected are to use the least hops possible to get to their destination the next thing I want to talk about is as you guys can see if I do show spanning tree again on this guy we are not the root Bridge because first of all it should say right here that we are the root Bridge we know we're not because the MAC address here is different than the MAC address that we have here plus we can tell by looking at the output here of the trunk links that one is the designated and the other is the root Port remember on the root Bridge itself all the ports are always forwarding and none of the ports are root ports all the ports on the root Bridge are designated ports so that's a quick check now a couple of commands we can run let's say if I wanted to make switch one the root Bridge of our Network how would I do that I'll go to configure terminal to go to the global configuration mode and I'll type in spanning tree VLAN and then whatever VLAN we're using now in this case we haven't really manipulated or changed any vlans so we're actually using VLAN 1 on all the switches right now and there's a couple of things I can do here I can either say root and I can say primary and that's it if I hit enter what ends up happening is the switch will look at the priority of the root bridge and then automatically adjusts that value to make it lower so that this switch S1 will become the preferred root bridge in the environment or will take on the role of a root bridge in the environment or instead of saying root primary I can also specify a priority in the increments of 40.96 so let's say if I type in 4096 and I give it a moment I do show spanning tree and as you can see now it says this bridge is the root and the MAC address here is identical to the MAC address here that's another quick visual check to see if you're the root Bridge or not and as you can see now all the ports are in designated roll there are no root ports anymore on this switch because we are now the root I also wanna show you another really interesting command show spanning tree summary I really really like this command because what it does for us is it shows us what's going on on our switch so our switch is in pvst mode so remember we didn't manipulate the mode or switches in right now by default all the Cisco switches are in pvst mode per VLAN spanning tree and we're at the root bridge right now and we have what's called extended system ID enabled so let me talk about that in a moment and then there's a bunch of different features that we just finished talking about we talked about the portfast and the bpdu guard we didn't talk about some of the other features we can cover those in the ccnp course right now they're beyond the scope of this ecna exam and if you see here we only have one VLAN configured on this switch and all the ports are in forwarding state right now and STP is active and these are the different port States we talked about blocking listening learning forwarding now let's talk about the extended system ID so if I were to type in show spanning tree again I know some of you guys may have noticed that I kind of skipped over the priority field when I typed in 4096 why did it switch to 4097 it should have been 40.96 well the reason it's 40.97 is because if you guys recall the new bpdu frame header at Layer Two for the pvst has the following Fields it's got the bridge priority Plus VLAN ID plus Mac so Bridge priority because I manually typed it in remember 4096 Plus what's our VLAN ID I just showed you guys that we only have one VLAN on the switch and that's VLAN one well 4096 plus one equals what 4097 right that's what we have right here and we also have the MAC address right below it so that's how it's it's displayed and that these are the advertisements remember bpdu is an STP advertisement so as switches are talking to each other they're sharing these values with each other and they're learning about the network and that's how they identify who the root Bridges versus the non-route bridge and all the rest of the Jazz in terms of how different ports are going to come up and things of that nature all right couple of additional things we can do so let me go back to configure terminal go to the global configuration mode and type in spanning tree mode rapid spanning tree as soon as I do that this will enable rampant spanning Tree on the switch but it's rapid purvy land spanning tree so as we talked about the fact that you know we have different vlans you want to specify different route bridges for different vlans for load balancing purposes and all that this command enables those fast convergence timers so instead of having to wait 50 seconds with as soon as we enabled rapid pvst we now will experience less than a second or maybe two seconds at the most to reconverge when our root Port goes down couple of other commands that are not related to spanning tree but important to understand on a switch are show interfaces status so on a switch that's an important command because you can see a couple of different things you can see but VLAN a port is assigned to layer 2 status whether or not it's up or down you can see the duplex you can see the speed and then you can see the type of media 100 Base DX is copper media anytime you see the word TX at the end that's a copper media and what we see on this switch we see fast ethernet 12 and 13 being connected which means these two ports are up and we also see gigabit01 connected we also see this up all the other ports are physically down we can also type in the command show IP interface brief two important things you can see here so for the ports that are up you can see if they're up up so the first up refers to the status the physical condition of the port the electrical signals and the physical function whether or not physical cable is plugged in the second up refers to Layer Two whether or not the layer 2 connection is up end to end so if you should all just see up up you should never see down down or up down those are two bad conditions and when you see something administratively down that means we have manually shut down that particular Port which in this case is VLAN one which is a virtual Port it's not a physical Port it's a port that's located on the switch but it only exists in a virtual realm not in a Physical Realm now let's quickly jump into ether channels well what is an Ethernet channel it's a link aggregation mechanism meaning if you take a couple of links and we bundle them together we call that an ether Channel and why is that why do we need in The Ether Channel well in a typical spanning tree network if you think about it guys spanning tree is very inefficient if there are two switches that are connected with four links in between what's gonna end up happening is spanning tree is going to block how many links to avoid loops it's going to block Three Links it's only going to leave one link up while the other three links are gonna be blocked and the total bandwidth that will use is going to be 100 megabits per second assuming these are all fast ethernet interfaces but in reality we have the ability we have four 100 Meg links we have 400 Meg worth of capacity available to us but it's a shame that STP is only allowing us to use 100 Meg so word with ether Channel what we end up doing is that we kind of bundle all the links together we aggregate them together and we're able to utilize full throughput capacity of that link and even though physically there's still four separate ports but through a configuration we can make them logically appear as if it's one big pipe or one big link with a lot more capacity and it's very very powerful in real world ether channels are utilized quite heavily in the data center realm also at the server Farm level very heavily utilized all right now let's quickly talk about the different ether Channel negotiation protocols when it comes to Ether Channel there are two protocols first pack b stands for Port aggregation protocol it's Cisco proprietary Port modes that are available in pack B are Auto that's a passive mode if both sides are set to auto the link will never become an ether Channel desirable this is an active mode link actively tries to become an ether Channel and the third is on this mode forces the link to become ether Channel and kills Auto negotiation the next one up is called lacp this is the industry standard stands for link aggregation control protocol it's Define an IEEE standard 802.3 a d Port modes in this are passive active and on as you can see there's they correspond exactly to the pack B now pack B is a Cisco proprietary protocol you might be asking a question why do we have why do we always have these competing standards with Cisco like cdb and then lldp pack B and lsep well what ends up happening is Cisco is a thought leader in the industry right so they're the industry leaders in networking they're the ones that typically come up with an idea first and then a couple of years later the industry catches up and the other companies express interest in deploying that piece of technology on their networking equipment so then they come up with an open industry standard and that's why you see all these competing standards against Cisco to be able to allow non-cisco devices to work in a friendly manner with Cisco devices basically the whole idea is to create this ecosystem in the industry so the users are not locked down to certain vendors so it creates it Fosters A Better Business environment for different networking vendors that's the whole idea another important thing I want you guys to keep in mind is let's say if you have a server this right here is a web server and you have two Nick cards inside of the server both are 10 gigabit Ethernet cards and then you have a switch that has these two 10 gig links plugged into two different 10 gig ports on this switch well if you didn't use either Channel if you let spanning tree do its thing it's going to kill one of the links right it's gonna block and which means we can only utilize 10 gig worth of capacity but with the magic of ether Channel you can combine these two by the way this right here is a symbol of ether channel so wherever you see in network diagrams a sort of like a circle drawn over the links between two devices this right here is a symbol of ether channel so when we enable either channel on our switch and by the way on the server we would also have to enable an ether Channel using lacp remember server depending on the server you're gonna have to enable lacp link aggregation control protocol so assuming you have lacp enabled on the server itself and lsep is enabled on the switch and they're in the appropriate you know groups and all that and we'll talk about the configuration in a moment all of a sudden we can now utilize a full 20 gig worth of capacity between that switch and the server so that's a very beautiful thing and and you can imagine why it's such a powerful technology when it comes to Data Center networking there are two different types of ether channels we have Layer Two ether channels so here in this example we have a couple of links between two different switches and as we can see there's an ether Channel configured and here's how we would actually configure here are the commands we type in under the global configuration mode we go to those interfaces that we want to participate in an ether Channel then we go ahead and under the interface configuration mode we specify the channel group and the channel group should match on both ends it has it's a must thing if it doesn't match either channel will not come up so let's dive right into the CLI all right here I am on a switch on the left hand side let me go ahead and do show spanning tree real quick and I can see that first of all I'm not the rude Bridge because it doesn't say that here plus it shows that there's a cost of four to get to the root Bridge so whenever you see a cost Associated as well that means we're not the road plus the fact that the MAC address is different than us so all these things are an indicator that we are not the root plus you can see the rules here root and Alternate blocking so our fast ethernet 21 is the root port and the other one became the alternate blocking Port that said we want to configure ether Channel meaning we want to combine these two links together so we can fully utilize the capacity these are two gigabit Ethernet so there's a difference in the diagram here I'm showing fast ethernet but on the device and I'm look using I actually have gigabit Ethernet links so I apologize for the confusion here but I'll make sure that I use the gigabit Ethernet interfaces and my configuration when I am configuring these devices but the key here is I want to make sure that you guys understand the concepts concepts are important more important than necessarily just understanding the commands so let's go ahead and jump right in so we'll go to configure terminal mode well another thing you want to think about is we need to do show interface trunk we need to look at whether or not we have a trunk link now interestingly enough though on some of the switch platforms switches do not form trunk automatically unless you specify whether or not they are on a particular trunk link because if you guys remember in the last video I talked about the fact that you have different type of modes when it comes to trunking and the passive mode does not allow either of the searches to come up so if both sides of the switch are in passive mode which some of the switches are by default then they do not form a trunk link between them so to fix that what I'm going to do is I'm going to take both of these ports go under these two interfaces so also get used to the interface range command that's a cool command instead of having to separately go under each interface you can just use a range command many use a comma in between that means this port and this port but if you use a dash in between then that means this port through this port so there's a distinction but it's an important distinction here we only want these two ports to be trunk links so what I'm going to do is I'm going to type in switch Port mode trunk and switchboard trunk encapsulation Dot 1q by typing in these two commands if I now look at show interface trunk I should be able to see that I actually now have two trunk links going to switch to and what I want to do next is that under these two interfaces I now want to set up an ether Channel okay so let's go ahead and set up an ether channel so I'll say Channel group 13. we'll just match what we have on the screen here so there's no confusion and it says specified the mode we can say Active Auto desirable on passive remember there are two different protocols pack B and lsep we talked about both they're all specified here right what I want to do is I don't want to use the lacp or PAC P per se I just want to make sure that this becomes an ether channel so I will go ahead and use the on mode I prefer this personally because I think it makes it a lot easier to do it this way and you don't leave things up for negotiation because this way if you set up a passive mode on both sides the the ether channel will never come up similar to like a trunk link when you have passive on both sides trunk will never come up so I like to be in control as a network engineer you always want to be in control you don't want to be at the mercy of devices so let's go ahead and also look at the other switch on switch to let's go ahead and do the same thing we did on switch one we're gonna go under interface range and we'll specify gigabit one slash zero 21 and gigabit one slash zero twenty three we'll go ahead and first type in switchboard mode trunk and it says command is rejected because you've got to specify the trunk mode so let's do switchboard trunk encapsulation let's go ahead and Define the encapsulation first and then type in the command switch Port mode trunk and let's verify that we have our trunk Links come up and indeed they did let's also do quickly show CDP nibber to see who the neighbor is that we are connected with so it shows us that we're connected with switch one over to physical ports and then one Port Channel and we haven't specified our Port Channel yet so the port channel is not up yet what we need to do right now though is go ahead and configure our Port Channel so we'll while we're still under the interface range mode we'll type in Channel group and we'll specify our group will build set 13 to match what we have on the other side and we'll say mode on now as I mentioned earlier this ensures that the port Channel comes up on both sides we have a couple of different commands we can run to verify our Port channel one is show interface trunk now as you can see before we were showing physical ports but those physical ports have now been displaced with a single port channel so that's really cool there's another really cool command called show ether Channel summary uh this quickly shows us the summary of our four channel so what we would want to see here is the number of the poor Channel kinda should match the other side right and the way we can tell whether or not our Port channel is up is by looking at s and U that we hit we see here and what this snu corresponds to is s means let's match it here in the flags s means it's a layer to Ether Channel and u means it's in use meaning it's up so it's Layer Two that's the S component of it and the U specifies that it's in use meaning it's up that's what this right here corresponds to so that's pretty cool and then it shows the physical ports that are part of this so gigabit Ethernet one zero twenty one and gigabit Ethernet one zero twenty three and the P flag here at the end of these ports represents that they're part of the port this poor Channel Port Channel 13. you can also run a command show ether Channel Port Channel this shows us the port channels that are currently in use and the port State and the type of protocol you're running if it's pack b or lscp and then all the different physical ports that are part of this ether Channel and how long has this ether Channel been up and another cool thing you'll notice is when you type in show interface status now you'll actually show a poor Channel come up it says connected it's up and it doesn't show the type because remember this is not physical it's virtual something to keep in mind so as I mentioned earlier there are two different types of ether channels we just finished discussing Layer Two now let's discuss layer 3 ether Channel now I know this is still a layer 2 Section but bear with me here because there are some Concepts that kind of overlap I want to touch base on some very basic layer 3 Concepts here that are still very much attached to layer two but no worries at all because in the next section section three of this course I'm gonna go super deep into layer three so all of your Concepts on layer 3 will be completely clarified once you go through those sections and you're more than welcome to come back to these videos again and quickly glance over some of the layer three things that we're talking about right now that may not register with you at the moment but once you have viewed all the videos in section three which is the next section and then you come back to this it's going to be a lot easier and simpler for you to understand but let's quickly talk about it so there might be scenarios where we would want to Define it layer 3 Port channels instead of having a layer 2 Port Channel depending on our design and we have that flexibility available to us here are the commands that we would want to type in when we have a scenario like that so let's jump right into the CLI again so here I am on switch one let's quickly take a look at our Port channel so let's quickly take a look at Show run on the switch to see the port Channel configuration so as you can see it's a layer 2 Port Channel right now there's no layer 3 configuration on it so what you would want to do is go under Global config mode configure terminal go under the interface Port Channel 13 and say no switch port this would make it a layer 3 interface the minute we say no switchboard that means we want to enable layer 3 functionality on that Port it's no longer is regular switch Port it almost starts behaving like a router Port okay because we can now specify layer 3 IP addressing on it so I'm going to go ahead and type in IP address 172 .30.1 Dot let's take a look at our diagram here um on the left I've got ones and we have slash 24 so that's 255.255.255.0 I'm going to hit enter and I'm done here next thing I want to do is I also want to go under the interfaces I'm going to type in interface range command and go under gigabit 1021 and gigabit 1023 and say Channel Group 13 mode on as a matter of fact if we should say no switchboard here first as you can see we are running into a bit of a catch-22 situation here we keep getting these different error messages regardless of the command we are typing in here saying you can either be a layer 2 or a layer 3 ether channel so I think to do this right what we would have to do is you would have to blow up all the configuration that we have done so far on these physical interfaces and redo this so to do that there is a very interesting command called default interface and then you can go gigabit 1021 and then you can do default interface gigabit 1023 and hit enter and what this command does is that it blows up all the config that you had done previously it brings the port to its default config and now we're going to go back under the interface range command again and the first thing we're going to do is we're going to say no switch Port so it knows right off the bat that this is going to be a layer 3 port and we then want to specify the fact that we want to you want these ports to be part of a channel group now at this point if I were to do show interface status as you guys can see now the physical ports say they are routed ports they're no longer part of a VLAN you see this column right here shows us vlans right but now you see these are routed ports they're no longer participating in switching spanning trees off and all that we're now running routing and the poor Channel also says it's routed let's verify a couple of additional elements so let's do show ether Channel summary here and we'll still we're we're now are you instead of an SU s was Layer Two now it says R it says layer 3u meaning we are layer 3 and we're up and operational if I were to do show ether Channel Port Channel I still see the same information that I saw before but we are not done yet because remember we need to do the same thing on the other side so now I'm on switch to Let's quickly go to Global config mode go under interface range well first of all let's blow up all the config right so if you guys remember we ran into an issue so it'll blow up those configs so a default interface gigabit 1 0 21 and then we'll do default interface gigabit Ethernet 0 23 and then we're going to do interface range gigabit 0 1 0 21 Dash gigabit 0 1 or 1 0 23 and we'll say no switchboard and we'll say Channel Group 13 mode on and you should also go to the interface board Channel now and do no switchboard there first I think that's why this command was rejected and then specify IP address there so 172 30.10.3 255 255 255.0 because it's a slash 24 and we should go on back under the interface range command again on the physical interfaces and type in Channel Group 13 mode on and once again we're going to run a couple of commands here show interface status this shows us that we are now routing on the physical ports and if you were to look at the Port Channel that's also routed and now do further verification why I show ether Channel summary command it says it's Ru so now it's it's routing and from here we should actually be able to Ping the other guy so as you can see we're able to Ping now so we have layer 3 connectivity from switch 2 to switch one over this ether Channel That's now giving us a combined of two gig worth of capacity because these are gigabit Ethernet links that we're using right so one gig plus one gig equals two gig so that's really cool why do we need enter VLAN routing so if you guys remember why do we create vlans to begin with well we want to reduce the scope of the broadcast domains right you want to isolate subnets by default stuff in one VLAN cannot talk to another VLAN we know that well if that is the case then how do we allow two different devices that are part of two different vlans to talk to each other well we have to introduce a layer 3 device in the middle that's what's called inter VLAN routing there are multiple ways of accomplishing this task though three particular elements I want to bring to our attention option A is where we have physically dedicated links between our switch and router for each VLAN so each VLAN is a separate interface now it's not a great design in a sense that you're burning up and using way too many ports on your switches and on your routers and in a typical environment in a corporate environment you'll see dozens of felines if not hundreds you'll see dozens of vlans configured so this could get ugly pretty quickly so typically in real world you won't see this being utilized much unless you have a very cornered case scenario where you're forced to use something like this you're not going to see this what you see in real world utilized mostly is option C but before I get to option C let me quickly touch base on option b because this is also very heavily utilized in the traditional networking and that is a single physical link between the switch and a router and we actually make this a trunk link now I know so far we have discussed that a trunk link is a link that's between two switches here we have a router on one side and a switch on the other side what are we talking about well what we do here in this instance is we specify different vlans that are allowed across this link and we have to do some special configuration on the router which is called router on a stick configuration to allow for those vlans to be processed separately on this router and we'll talk through those details momentarily but what we mostly see in the real world today is if you have a multi-layer switch which are most of the newer switches are multi-layer switches we actually have svis configured which are called svis or switch virtual interface configured and the inner VLAN routing happens right on that switch it the traffic doesn't have to leave the switch and go through a different device it all happens here it's all about speed efficiency and low latency that's the beauty of the multi-layer switch and that's why most of the real world environments that you'll see today have option C configured now let's quickly talk through the router on a stick scenario so what is it so like I said it's a legacy type of thing if you're stuck with a layer 2 switch then this is the only way to do it right but there's a couple of drawbacks here we have a single point of failure as you can see in the design here this is a single point of failure if this goes down that's it we're toast introduces latency and DeLay So if this thing is choked if there's too much traffic going across it packets will get delayed buffering becomes a challenging thing this becomes a bottleneck so like I said this is more of a legacy type concept but it's still there and in some networks you have to use it to be able to get the job done with that said let's go ahead and quickly get this piece configured so right now I'm connected to the switch that you're seeing in your diagram here down below I'm going to quickly take a look at show VLAN brief well it seems like we do not have VLAN specified so I'm going to put these vlans or these ports in the appropriate vlans as we see here in this diagram so I'm going to go ahead and do go to Global config mode and put in the interfaces are different than what you're seeing there the interfaces for me are interface gigabit 101 connects to VLAN 50 so I'm going to go ahead and uh say switch Port mode access and the next thing I want to say is search Port access VLAN 50. so this right here creates a VLAN 50 and then puts this port under that VLAN and I'm going to repeat the same commands for the other ports so we're going to go to gigabit one zero two type in search Port mode access and then we'll type in switch Port access VLAN 60. and finally we'll say switch interface gigabit Ethernet 103 switchboard mode access switchboard access VLAN 70 here and if you go all the way back and type in show VLAN brief we can now see that these ports have been allocated to the specific vlans so now what we'll see is that these hosts are not going to be able to Ping each other because they are incompletely separate vlans so right now I'm on a host on VLAN 50. let's quickly take a look at ipconfig and as you can see I am on VLAN 50. this is my IP address my IP address is 172.20.50.200 if I wanted to go ahead and ping the host in VLAN 60 which is 172.20.60.200 you guys will see that the traffic is not going to go through and my pings will fail and the reason for that is we don't allow vlans to talk to each other that's the whole idea of creating separate broadcast domains so let me go ahead and set up our trunk link and then show you what commands you need to type in on the router for you to allow this to happen so I'm on the switch here I'm going to go ahead and set up a DOT 1q trunk link let's first of all look at our CDP neighbor and see what can what port we're using to connect to R1 so this is our Port let's go to Global config again type in interface gigabit 104. gigabit 104 once we are under this interface we go ahead and say switchboard trunk encapsulation.1q and search for mode trunk and this would force this link to become a trunk link so now we're trunking with the router so if you were to do do show interface trunk this link is now a trunk link that is facing the router now let's quickly jump on the router and finish the rest of the config so now I'm on router one let's quickly go ahead and look at show CDP neighbor and see what port we're using to connect to S1 it seems like you're using gigabit Ethernet zero zero zero what we have to do now is set up three sub interfaces on our router to allow these different vlans to be processed over that trunk length that we just created so what that means is we go ahead and type in interface gigabit zero zero zero and we type in dot 50 for VLAN 50 and we type in encapsulation dot 1q 50 and we also specified the IP address of 172 to 20.50.1 so that becomes our Gateway that's that next thing we do is we now specify the other dot one Q trunk which is 60. so we go we create another sub interface gigabyte ethernet zero zero zero dot sixty these are all virtual interfaces that we're creating now you want to type in encapsulation.1q 60 and here we specified the IP address 172.20.60.1 because that's our Gateway IP here on this router and finally what you want to type in is gigabit Ethernet zero zero zero Dot 70. and you want to say in cap.1q70 and you want to say IP address 17220 70.1 and 255 255 255.0 which is slash 24 and now if you were to look at show IP interface brief on this router what we're going to see is that we have these sub interfaces created and these sub interfaces have IP addresses assigned to them and if things are set up correctly from the router at least we should be able to Ping the hosts in each of these vlans so each host remember has an IP address of 200 so let's see if he can actually make that happen so as you can see we were able to do that on VLAN 50 let's verify VLAN 60 we were able to do that on VLAN 60 and now let's go ahead and do that on VLAN 70. and as you can see at least from our one perspective all the hosts are reachable now let's go ahead and check out the situation on the hosts so as you guys remember earlier our ping failed uh to host in VLAN 60. let's try it again and as you can see we are now able to successfully reach that host let's also verify the host in VLAN 70 see if he can actually reach that from the host in VLAN 50. so 172.20 .70.200 and we're able to hit all of the hosts in our environment at this point so this is how you go ahead and set up router on a stick configuration and the final thing I want to talk about is svi it stands for switched virtual interface it's a logical interface or a virtual interface on a switch with layer 3 capabilities so like I said earlier we have different options this is the most preferred option that you'll see in most of the environments to date and what we'll do is uh we'll go ahead and get this configured now on our switch and one last thing that I want to draw your attention to is as you can see all the way to the bottom of the screen is that you have to enable on your switch IP routing because switches do not do routing by default so you have to enable IP routing by typing in command IP routing in a global configuration mode to allow the switch to act as a router at that point you might as well call it a swouter because it's a switch and a router right but let's go ahead and get this uh quickly configured so I'm on the switch right now and let's look at show VLAN brief as we can see all the vlans are there if I were to do show interface show IP interface brief uh you guys can see I have no eyepiece configured besides just the port channel that we had configured earlier but that was for a different purpose forget about the poor Channel at this point let's just focus on the svi piece and here the idea is that we've got different hosts in different vlans and we want to allow them to talk to each other without introducing a separate layer 3 device you want to do that right on our switch so the way we do that is we go to Global configuration mode and we go under interface VLAN 50 for example if you go under each interface in VLAN interface and we specified the IP address of the Gateway so 172.20.50.1 24. and the next thing you will do is do interface VLAN 60 do the same thing but change the IP to 60 of course and then interface VLAN 70 type in IP address on 7220.70.1 255 255 255. dot o and when we do that let's go ahead and double check show IP interface brief now what you'll see is that we've got a bunch of interface vlans and remember we have to enable IP routing otherwise it's not going to work so we'll have to go to Global config and type in IP routing and now we should be able to from the switch ping these different hosts so if you guys recall our host IPS are in the last octet instead of one they're 200. so I'm able to hit the one in VLAN 50. how about VLAN 60. we can reach the one in VLAN 60 and then how about the host in VLAN 70 we can also reach that guy as well um and the hosts are also going to be able to reach each other again just like we saw in an example a moment ago so at this point you have full-blown end-to-end connectivity I'm not going to get into the IP details IP routing table details because that's going to only confuse you I will save that for the next section but here I just wanted to let you know how you can allow different devices to talk to each other in different vlans conceptually welcome to CCNA 200-301 course today we're going to discuss section 2 part 3. Lan wired and wireless today's session is all about Wireless technology we're going to do a deep dive here are the topics I plan on covering today first wireless LAN overview second we'll look at different topologies third we'll look at different standards and channels fourth we'll look at different architectures fifth we'll look at different deployment models and finally I'll wrap it up with wireless LAN security Let's Go wireless LAN overview Wireless lives on layer one and two of The OSI model in wireless LAN we have radio frequencies that are radiated into the air from antennas that create radio waves one of the things about the wireless LAN is that it behaves like a hub and in a hub if you guys recall we have what's called a shared signal meaning everybody that's connected into the Hub they're all sharing the same piece of wire if you will and the communication happens to be half duplex when it comes to The Hub meaning only one device can send data and it can only send or receive it cannot both send and receive at the same time it can only transmit in One Direction either it's sending something or it's receiving something that's half duplex so the pictures at the bottom of the screen are showing us to the left of how a wired ethernet hub looks like and to the right we see how the wireless access point operates it's the same idea the only difference is you're changing the medium instead of a wired connectivity we're now on the wireless radio frequency Wireless technology uses csma CA which is Carrier sense multiple access collision avoidance and what that means is only one device transmits at any given point in time and other devices use random back off timers and have to wait their turn before they're able to transmit data and each frame must be acknowledged by the access point before the next one is sent and if the acknowledgment is not received what ends up happening is we retransmit data that's why on the wireless network the actual throughput that we end up experiencing is a lot less than what's advertised by the access point manufacturer and here are the two biggest challenges of the wireless technology first things like interference so if your access point is behind a wall for example there's an obvious interference there if there's a metal there might be another type of interference there even things like moisture and dust in the air believe it or not could also potentially cause interference and we'll discuss more details momentarily and the second big Achilles heel off a wireless LAN network is security if you think about it guys anybody who happens to be within the range of the wireless access point can communicate with each other that includes everybody good guys and the bad guys and a lot of the bad guys actually exploit this because shared airspace is no different than you communicating an open public let's say you go to a coffee shop and you have a phone conversation and it's supposed to be a private conversation well if you're speaking in a public space like a coffee shop other people can listen to you similarly on a wireless network that is publicly available to everybody as you can imagine everybody who's connected to that wireless network has the ability to eavesdrop and listen into anybody else's conversation so that's a pretty scary thought security has come a long way since Wireless was introduced back in 1999 today we're looking at really high levels of security but one thing I want you to keep in mind is it has to be implemented properly for you to take advantage of it some additional basic terminology SSID and the wireless network stands for service set identifier that's the name we connect to so for example if you fire up your wireless card on your laptop or your phone or your iPad for the first time I'm sure you've noticed that you'll see a collection of different wireless devices that you can connect to and then you'll find the one for example that happens to be your home access point you'll pick that SSID whatever you called it that assures me that I'm connected to my own personal access point and not somebody else's access point so this is how the wireless networks are differentiated the service set peace here means group of wireless devices one thing you need to keep in mind when it comes to SSID both the receiver and the sender must have the same SSID for them to be able to communicate with each other and there's another term that's used kind of behind the scenes is bssid or basic service set identifier that essentially is a MAC address of the access point multiple access points can have the same SSID but each access point has a unique BSS ID so what that means is like I said SSID is a logical identifier so I can have an access point where I'm advertising different ssids so I on 2.4 gigahertz and we'll talk about the different bands in a moment but on 2.4 gigahertz I might have one SSID on five gigahertz I may have a different SSID however both of those ssids will have a single BSS ID because bssid is a MAC address and there are three different basic types of Wireless sets and there are two different modes first one is called ibss or independent basic service set here's how it looks like so in this scenario we have direct communication between clients there's nothing in the middle there's no access point or wireless router or whatever have you what you have here is a bunch of clients laptops PCS whatever or wireless devices talking directly to each other that's considered ad hoc mode then there are two additional service sets there's basic service Cent it's considered infrastructure mode and in this mode all Wireless clients form a membership with the access point so as you can see all these laptops here are communicating with the access point and the form of membership this membership is called Association so essentially a client Associates with the access point finally there is ESS or extended service set it's also considered infrastructure mode similar to BSS the only difference here is when you combine multiple basic service sets together via a wired land infrastructure that's what makes up an ESS and wireless clients associated with multiple APS using the same SSID and ESS facilitates transparent roaming so let's unpack this ESS a little bit so like I said multiple BSS connected via a wired Lan infrastructure so as you can see there are two access points that are connected to a single switch here Wireless clients all using the same SSID as shown here both access points are advertising the same SSID and this is what facilitates transparent roaming so the roaming component will talk more about it momentarily is when this laptop let's say a moves into the territory of this access point to the right when it does we want this to be very seamless we don't want the connections to drop because as you can imagine this is year 2021 uh most of the people are on Zoom calls and WebEx and all that and they might be communicating with somebody in real time we do not want that call to be dropped or that WebEx session to be to be timed out so we set up this transparent roaming where the user just walks around here you're only seeing two access points but in a real world environment in a large Enterprise you may have a ton of access points on a particular floor for example and as a user as you walk around the floor you don't even notice a blip but in the background you're experiencing transparent roaming that is facilitated by ESS or extended service set now let's look at a couple of uh design basics in real world when it comes to wireless LAN so a cell is an area range covered by an access point and one thing that I want to explain before I move further here is very quickly how a wireless client is able to connect to the access point so the way it works is first step is when the Wi-Fi client comes online so let's say this guy a comes you enable the wireless card it issues a probe and sends it to the access point the access point responds back with what's called a beacon and the client Associates with the chosen SSID so at that point the let's say the SSID here is nudge so when this laptop connects to this Wireless SSID called Nodge initially it sent a probe in response it received a beacon bank then it's Associated itself with the SSID the last step in the process is that the access point adds this client's Mac address and Association table so this is how the access point is able to keep track of the different devices that are connected to it now back to the design so as I said cell is an area or range covered by an access point and best location for an access point can be chosen by performing a site survey so if you have no experience working with wireless networks before what we do in real world in a corporate or Enterprise type environment if you want to deploy the access points in the correct fashion what you would do is you would perform a site survey it's an investigation process in which an access point is placed at its desired location and the client moves around and as the client is moving the signal strength is measured in real time there are some special purpose devices too but the cheapest method is to actually just place an access point where you would like it to be placed and then you take your client could be your laptop or iPad or whatever and then you start moving around and see if you're getting the best possible coverage as you can see at the bottom of your screen here this guy Z is outside the range of this access point so the wireless signals are not getting to this Z guy it's not going to be able to connect so we would want to find the most optimal place for the access point the clients outside the cell coverage at the risk of stating the obvious are unable to associate with the access point right because they don't they're not getting the signal a couple of other elements I want you to keep in mind in real world clients roam from one cell to another so in order to provide coverage service areas should have 15 overlap so let me quickly explain so as you can see these are all different access points right so this is an access point this is an access point an access point here so on and so forth and we got a client a at the bottom here as this client is moving around or roaming we want when we place multiple access points in our environment like this we want to make sure that there is at least 10 to 15 percent overlap of these signals to allow for transparent roaming because if you can imagine if there's no overlap then there might be a point where as this client at the bottom is moving around as they move from one cell to the next there might be a dead spot or a dead zone to avoid the dead zone we need to have this overlap if repeaters are being used to provide extended coverage service areas should have 50 overlap we'll talk about repeaters in a moment but if you're using repeaters and the overlap should be more because repeater repeats the signal in order to provide extended coverage as shown below the adjacent APS cannot use the same frequencies or channels once again we'll talk about frequencies and channels momentarily but you cannot have APS that are right next to each other or adjacent to each other and be in the same frequency range because those frequencies are going to start canceling each other out they're going to create noise and the signal is going to get lost and you might have certain times when the signal just gets completely scrambled and collisions occur that's the whole idea the collision avoidance right we want to avoid collisions and once again the act of moving between APS is called roaming now let's focus on wireless LAN topologies first topology I want to discuss is repeater to extend wireless range or cell area what we do is we add another access point so here in this diagram here typically an access point is connected to a lan switch and one thing I want you guys to keep in mind is the primary purpose in life for an access point is to provide connectivity between the wired ethernet and a wireless ethernet environment so here if you guys remember 802.3 is the ethernet right so that's a wired connection here and this Wireless right here between the access point and the laptop is 802.11 and we'll discuss more details momentarily but what ends up happening is as this laptop want to go out to the internet for example the wireless signal which is encapsulated in 8.11 gets decapsulated by the access point and then the access point encapsulate the same message into 8.3 message and sends it across the Lan out to the internet for example and then the same thing happens in reverse the encapsulation and decapsulation as the data comes back from the wired Lan infrastructure back into the wireless environment that is something I want you guys to keep in mind now back to the repeater what happens in the repeater scenario is we have an access point already but then we have another client let's say this laptop one at the bottom of the screen which is outside the range of our primary access point and let's just say for arguments sake that we do not have the ability to provide a wired connection into this laptop because it's not feasible either financially or physically it's just not possible because it's Out Of Reach and we don't have an infrastructure to support that so what you would do in that scenario is you would add a repeater and repeater is essentially a lightweight version of an access point as a matter of fact you'll find some access points on the market that allow you to change the functionality to a repeater so you can you know when you log into the GUI of that access point you can just select the option that says I don't want to use it as an access point I want to use it as a repeater and then when you do that then it no longer acts as an access point it takes signals from an access point and then repeats those signals for the clients to connect into now it's looks great on paper but the reality is that when you repeat Wireless signals the quality degrades and once again the whole idea here is to increase the signal strength because the signal is dying and at a certain spot you might have a Dutch spot so instead of having that dead spot through repeater you can enlarge that area but the drawback is that when you do that it can significantly reduce the throughput of your wireless network because you're now repeating the same signals and there's also a lot of interference that could potentially happen between the repeater and the access point as well especially if they're on the same channel so something to keep in mind not an ideal scenario but something you can do the next topology I want to talk about is work group Bridge to bridge the wired and wireless network together we have this work group Bridge scenario and you can think of work group Bridge as an external wireless card for a legacy wired only device so here's what I mean by that so you got this access point that's connected to the Lan infrastructure but then you have this Legacy client at the bottom and this could be a legacy medical device for example right and let's say that medical device only comes with an RJ45 connector at the back of it it doesn't have any wireless capability zero Wireless capabilities well how are you going to connect to the wireless environment and let's say for some reason you can't bring a wired connectivity into that Legacy client and what if that Legacy client has to move around for example if it happens to be on a cart that gets rolled from one room to another room in the in a hospital for example well you cannot have an ethernet cable Head dangling off of it right so what you would do then is you would have this device which is a special purpose device called work group Bridge it has one leg in the wired world and it has another leg into the wireless world and it Bridges the two together and allows for this Legacy ethernet only wired only device to be able to connect to the wireless network and like I said it's fairly common in in a hospital type scenario also in some Legacy environments where you do not have clients with wireless capabilities the next up is outdoor Bridge point to point and point to multi-point so you could also have outdoor Bridges you could have for example two buildings that need to be able to connect to each other using special purpose antennas and there are two different types of outdoor topologies one is called point to point the other one is point to multi-point let's talk about the point to point first so as you can see here in this picture I've got this building a to the left and Building B to the right and I've got this Lan switch that sits in the inside this building and then I've got this bridge that has one connection into the switch and another connection that connects to a directional antenna and this directional antenna is on both sides and by pointing them toward each other we can create this Wireless connectivity between the two buildings now in an ideal world you would want to have some sort of like a fiber optic physical wired connection between the two buildings that's uh the most ideal scenario but in some instances it's not possible and this is where this outdoor Bridge point-to-point connectivity comes into the picture next let's discuss point to multi-point so here it's very similar to point to point but as you can see there is another building in in the middle here so let's say this is building a this is Building B and we got Building C Building B in the middle here has this what's called an omnidirectional antenna and what that means is it's a type of antenna that is capable of transmitting its signal equally in all directions so it can reach the other buildings simultaneously so it kind of radiates its signal equally in all directions and allows those directional antennas to kind of amplify the signal if you will and this allows all three buildings to be connected with each other next up we got the mesh Network this is a specialized type scenario so in a very large environment we can create a mesh topology to allow Wireless traffic to be bridged from one access point to another until it reaches the wired line infrastructure so let me show you here so as you can see here we got all these different access points and only one is connected to the Lan infrastructure but the rest are all connected to each other as repeaters and it's what we call daisy chaining of APS and it offers transparent roaming and typical use case is a University campus or Sports stadium with thousands of potential people that want Wireless connectivity now when you think of a mesh Network you might think oh repeater is a bad idea as a mesh networks must be horrible that is not true Cisco uses it its own proprietary mesh Network protocol for wireless connectivity which is pretty intelligent and it figures out how to collect all the all the traffic and then Bridge it across all the way to the wired infrastructure in a seamless fashion plus it has some interesting Auto healing capabilities so let me explain let's say if this guy dies well if you're using a mesh Network configuration what's going to end up happening is this access point right here and this access point right here they're going to automatically increase the power transmission of their radio frequency so the signal strength increases and they're going to end up making up for the slack of this access point that just died on us so it's really interesting it's really cool and in a large environment that's what you would typically see set up where you don't have the ability to connect each access point physically back into the land and an ideal world you would want every single AP to be able to connect back into the Lan infrastructure with the physical ethernet cable but that's not possible in some scenarios and that's where the mesh Network comes in now let's discuss different wireless LAN standards and channels first let's discuss radio frequency RF or radio frequency that's what the wireless local area network is all about so when I think of radio frequency what I think of is radio in your car and you have this FM stereo player in your car what you do is you have either am or FM channels and you can connect to 92.3 and you might connect to Hip Hop and if you switch it to 96.6 you might connect to Jazz and if you switch it to 99.7 you might connect to classical music so what you have as you search from one frequency in FM to another frequency you're basically hopping channels you're tuning into different channels and that's exactly what we do in the wireless LAN Network and what we have in the wireless LAN network two different unlicensed frequencies that are dedicated for wireless communication the first one is 2.4 gigahertz band and it's a range that starts at 2.40 goes all the way up to 2.485 gigahertz and the other one is five gigahertz band and the range starts at 5.150 all the way up to 5.825 gigahertz once again these are different you can think of these as different radio channels lower frequency translates to longer range but the data rates are lower so for example 2.4 gigahertz frequency has a higher longer range but the data rate drops because it extends the signal so the longer you extend the signal the less it has the ability to to deal with high throughput data and the inverse is true or the reverse is true higher frequency equals smaller range but the data rates are higher so the five gigahertz band for example that's higher frequency the range is smaller with five gigahertz but the data throughput is higher and radio frequency signals are negatively impacted by a couple of different things and there's a whole slew of different things you can talk about but the ones that I wanted to highlight are things like reflection so if you have like a mirror or metal Wireless signal kind of bounces off of it right so that's reflection and refraction is where the signals bend after they hit either the water surface or certain type of surfaces the the signals Bend absorption is like signals going through the wall if the wall is made up of certain type of material your signals may not make it to the other side of the wall so that's absorption and finally scattering where the signal just kind of scatters everywhere so these are problems these are issues that the wireless lens suffers from and we have to be cognizant of that as we're designing our wireless network because these things can have an impact on the overall quality of our wireless LAN now let's dig a little bit deeper into the two different bands that you talked about eight or 2.11 bands in particular 2.4 gigahertz and 5 gigahertz first let's focus on 2.4 gigahertz so 2.4 gigahertz has 14 channels these are called wide channels each Channel covers the frequency range that is allocated to more than four consecutive channels so let me explain so if you look at this channel one for example it has this frequency that kind of bleeds into some of the other channels so for example 2 3 4 are all impacted by Channel One and then as you can see Channel 6 starts and Channel 6 then also kind of bleeds into different channels it's bleeding into five it's bleeding into seven eight nine and then we have Channel 11 here and channel 11 also bleeds into 12 13 14 and also partially number 10. so what does that mean for you as a consumer it means at a 2.4 gigahertz level you only have three non-overlapping channels meaning you have three clean channels that you can use in your environment why is this important well if you have a environment where you expect a lot of devices to be connected also known as high density environment then you may not find that 2.4 gigahertz is sufficient enough for you because it doesn't offer you enough non-overlapping channels and like I said you do not want channels to overlap if they overlap or bleed into each other then they cause interference interference results into collisions and collisions are bad right which means draw packets and we can have a lot of re-transmission going on on our wireless network and we don't want that so that is something I want you to keep in mind that this is a limitation with the 2.4 gigahertz band and the only channels that are your friend are one six and eleven you should avoid using any other Channel all together on a 2.4 gigahertz band next up is the five gigahertz band channels here are narrow as you can see in the picture here using 20 megahertz we can have up to 24 non-overlapping channels five gigahertz offers better throughput than 2.4 gigahertz because you have more channels available to you and there's also a technology called Channel bonding that allows us to bond multiple channels together let's say at five gigahertz if each channel is 20 megahertz if he Bond two channels together that would be 40 megahertz and if Each Bond four channels together that would give us 80 megahertz and when we do that what that does for us essentially is it increases the throughput quite a bit and that's what we're experiencing with the technologies that we have in place today now let's look at different 802.11 standards that are out there in the beginning 1997 is when the wireless technology was introduced can you imagine a life before Wireless I cannot so it's kind of humbling looking at this table here it was at 2 2.4 gigahertz five gigahertz wasn't supported and the maximum data rate at the time was 2 Meg then in 1999 two years later we had 802.11 B and once again it supported 2.4 gigahertz did not support 5 gigahertz and uh it was quite a significant jump 11 megabits per second in throughput then 8.11 it came out the same year but it was on the five gigahertz band and it offered a much better throughput 54 megabits per second but the reason A2 02.11 it never took off is because at the time when b and a were introduced there was a special silicon chip inside the access points that needed the 802.11a technology to be implemented that was actually in shortage on a global scale and because it was in shortage 802.11b standard took off even though technologically it was a lot less Superior than 802 to 11 8 then 802.11 G came out in 2003 it also supported 2.4 gigahertz but then the maximum data rate went up to 54 megabits per second then in 09 n standard came out it supported both 2.4 gigahertz and 5 gigahertz by the total maximum throughput of 600 Meg then in 2013 standard AC came out did not support 2.4 gigahertz only supported 5 gigahertz and the maximum throughput of 6.93 gigabits and finally the IEEE standard 802.11 ax came out in 2019 this is the latest standard available today supports both bands 2.4 gig and 5 gig and is four time the data rate of 8 or 2 to 11 AC which is absolutely insane but to take advantage of this kind of throughput you need all the wireless clients on your network that support 802.11ax and that is the biggest challenge in real world your wireless clients are always going to be few years behind so if you think of your laptop or your desktop or your phone or your watch or any device that needs wi-fi connectivity you're gonna find that most of those devices you bought a few years ago they probably support an older standard even if you buy the latest and the greatest access point that doesn't magically mean that everything is going to start communicating at 8 11 ax both the client and the access point must have the appropriate hardware and software capability to support 811x now to further crystallize these eight or two to 11 standards because I know when I was a student for the very first time and I heard about these standards I mean it confused the heck out of me so I want to help you understand these in a much simpler manner so think of it as your cell phone a couple of years ago we were all on 3G and then 4G came along and most of us are in 4G today and some of us are lucky enough to live in metropolitan areas that actually have 5G connectivity and we're enjoying the higher throughput of 5G but the idea is that as we move from the previous generation to the next three G to 4G to 5G it's inherently understandable and understood that 5G is better than 4G and 4G is better than 3G so with this in mind I want you to re-look at the table we just looked at a moment ago so here's that table again but pay attention to the left there's more information so a non-profit organization called Wi-Fi Alliance introduce this idea of Wi-Fi gen or generation and the reason that did that is to make it simpler for people to understand because as you can see these IEEE standards have no Rhyme or Reason like we start at B then we went to a then he went to G I mean what happened to everything in between then he went to n then AC and now ax there's kind of no Rhyme or Reason Behind these different 802.11 IEEE standards so the alliance the Wi-Fi Alliance took it upon themselves to make it easier from a marketing perspective for people to understand how these different Wi-Fi standards operate so very similar to 3G 4G 5G we just talked about a moment ago if you have an access point that supports Wi-Fi 4 then you know it's 8.11n and these are the capabilities and if you have Wi-Fi five then you know the capabilities and so on and so forth but where it makes the most sense is when you are talking to your upper management let's say your boss wants you to upgrade the wireless infrastructure when you're talking to your upper management instead of talking about all this technical mumbo jumbo you can just say I'm currently investigating Wi-Fi 6 solution because I believe in order to protect our investment we need to be on the latest and the greatest technology so we can be protected for the next five to seven years if that happens to be your refresh cycle and a couple of other things Wi-Fi Alliance did that I think are really cool and worth mentioning if you see this symbol with the digit 4 that signifies Wi-Fi for if you see the symbol with five that's Wi-Fi five you see the symbol with six that's Wi-Fi six if you see these icons on a box when you purchase an access point then you automatically know that access point you just bought has that capability be or it belongs to that particular Wi-Fi generation if you will and anything that's Wi-Fi certified you'll also see this logo on on there and if it's Wi-Fi 6 certified you'll see the Wi-Fi 6 certified logo as shown on the screen now let's talk about wireless LAN architectures first architecture I want to talk about is autonomous AP autonomous AP is a standalone access point and it has a brand of its own meaning it has all the required intelligence it needs it's capable of being completely self-sufficient it has the hardware and software it also has the ability to send Wireless signals and at the same time has one leg into the wired Network it's suitable for small environments however it gets harder to manage in large environments because you have to touch each access point individually one access point at a time and if you happen to have dozens or hundreds of access points it could be painful to manage them and autonomous system access points connect wireless ssids to wired vlans at the access layer so let me explain so if you have these ssids that you see here at the bottom four one and 501 each access point typically also has a management IP that you use to be able to manage that box like via a GUI or CLI or whatever you need to be able to connect and configure that box right so that's pretty obvious then what you do is the link the physical link between the access point and the switch you would want to run it as a trunk link with these vlans allowed which is a management VLAN VLAN 17 and then VLAN 401 and 501 map these ssids at the bottom and then same trunk link with the allowed vlans up into the distribution and at the distribution level we have these switched virtual interfaces or svi setup for layer 3 and then we have core all the way at the top so this is the typical access distribution core model and this is how the autonomous AP interconnects into our three-tier architecture next one is a cloud-based access point so if you guys are familiar with Cisco Meraki Solution that's what we're talking about here it's internet-based centralized management platform it's a single web dashboard for the configuration management monitoring and troubleshooting it decouples the control plane from data plane control plane traffic is the traffic between the access points and data traffic is the actual data that the users want to send could be an email or web browsing or whatever they want to do that's the actual data and that's the data plane control plane traffic travels to the cloud whereas the data plane passes through the access point stays local so let me explain here you can see as you can see these Meraki access points what ends up happening is we can no longer configure them from within the organization meaning all of these access points go talk to the Cisco Meraki cloud which is basically a controller available over the internet and all these access points go and talk to and register with that controller and we log into a GUI dashboard and in that dashboard we configure manage Monitor and troubleshoot all of these Meraki access points however one key thing to keep in mind is as the data travels so let's say if there is a PC here a wants to talk to PCB the traffic here will physically go from the access point to the switch here to the distribution then across the distribution back to the access switch down to the other access point and eventually over the wireless signal down to this laptop on the left and the reason I drew this is to show you that the data traffic the data plane traffic stays local it never goes to the cloud the only traffic that goes to the cloud is the management traffic or the control plane traffic but the actual data stays local next up is the split Mac architecture this architecture is composed of two main ideas one that we have a central controller that manages all access points it's called Wireless Lan controller or wlc and the second idea is that it separates management functions from real-time functions of the access point known as the lightweight access point so here is the idea if you were to take this access point which is the autonomous access point and split the functions where the wireless LAN component wireless LAN controller component has all the management functions the RF management radio frequency management association and roaming management client authentication security and qos all these are separated out and handled by a central controller called wireless LAN controller and the guy at the bottom becomes a lightweight access point it's not a full-blown autonomous access point it doesn't have a brain of its own it has very basic real-time functions such as radio frequency transmit and receive Mac management and encryption this is the only things that it's responsible for but then all the other functions are offloaded to the wireless LAN controller because it's a much bigger beefier box that has the ability to handle and process information in a much more better way but more importantly the reason we decouple the two functions is so it's easier for us to manage everything centrally instead of managing each access point separately by hand we can go ahead and Define the template on our controller and then as we add more access points to our Network those access points can talk to the wireless LAN controller and download their appropriate configuration accordingly app wrap or control and provisioning of wireless access points tunneling protocol it encapsulates data between lightweight access point and wireless LAN controller within new IP packets so what that means is that a tunnel this right here you can think of it as a tunnel that gets created between the lightweight access point and the wireless LAN controller and all the data is encapsulated within this tunnel and we can either switch this data at Layer Two in our Network or routed across our Network at layer 3. going deeper into the split Mac cap wrap that we just talked about is composed of two tunnels there's a control tunnel that operates at UDP Port 5246 and there's a data tunnel that operates at UDP port 5247. so here are the two tunnels that get created and one thing to note here is that there's a control tunnel this is the one that gets established first because control channel is the communication between the lightweight access point and the wireless LAN controller and then the data tunnel gets created later this is for handling the actual user data that has to go across cap web control messages are encrypted and authenticated cap web data packets are not encrypted by default however if encryption is enabled dtls is used datagram transport layer security going even deeper into split Mac Gap app tunneling allows the lightweight access point and wireless LAN controller to be logically separated without needing layer 2 in the network transport so as you can see here in this diagram we got these ssids on the lightweight access point at the bottom that are mapped to the vlans up at the top on the wireless LAN controller but these vlans aren't required in the middle of the network so that significantly reduces the overhead in our Network traffic on SSID is 301 and 401 from clients is transported across the network infrastructure in encapsulated inside the capwab data tunnel the tunnel exists between the IP addresses of the access point at the bottom and the wlc at the top hence allowing the tunnel packets to be routed at layer 3. and finally no trunk link is needed in the transport as all vlans are encapsulated and tunneled as layer 3 IP packets rather than individual layer 2 vlans so once again this could be all layer 3. this link could be layer three this link could be layer 3 all kind of layer 3 in the middle for example and we're able to kind of tunnel all this information this layer 2 information if you will across a layer 3 tunnel because we have the ability to encapsulate the information in a cap wrap data tunnel now let's look at the different wireless LAN deployment models first unified wireless LAN controller Unified wlc is located centrally at the core of the network it's purchased in the form of dedicated physical Appliance or appliances because typically you would want to have redundancy and high availability so you would have multiple of these uh unified wireless controllers can support up to 6000 APS however they do scale out meaning if you need more APS then the maximum required you would add more wireless LAN controllers to your network and here's our physical Appliance and all of these lightweight APS at the bottom come and register and once again this all happens across the cap web tunnels that we talked about a moment ago and once again why do we need this type of controller model is to have scalability 6000 APS that's a lot of APs if you had to configure each and every one of those APS that could take you months or years to complete if you did them by hand but you can simplify the process you can log into the wireless LAN controller set up templates and then as these wireless LAN controllers come online they call home to the wlc and auto configure themselves over the network and create those tunnels and and be connected that's the beauty of it next up is the wireless Lan controller cloud-based and here the idea is instead of like a campus environment we could have that located in our private cloud AKA Data Center and typically these are consumed in a form of virtual machines or VMS and of course like I mentioned earlier you wouldn't want to have just a single VM you would want to have a redundancy in your network Cloud wlcs can support a maximum of 3000 APS and once again it's a scale out model meaning if you need more APS to be supported you simply add more VMS the next one up is embedded wireless LAN controller in this deployment model the wlc is co-located on the switch Hardware so here for example if you look at the new Catalyst 9k series you could have these wireless LAN controllers integrated and embedded right into the switch and that's what an embedded wlc is these are suitable for small environments uh maximum number supported is about 200 APS if you need to add more you would want to add those wireless LAN controllers to other switch Stacks in your environment you could also have a Mobility Express type of deployment model in this model the wireless LAN controller is co-located on the access point itself it's suitable for super small environments typically you can support up to a total of 100 APS and the scalability is limited here if you need to add more APS you're not going to be able to add simply more Mobility Express wireless LAN controllers instead you're going to have to look at one of the other models we just discussed a moment ago and so that's why it's important as you're designing your network that you take a step back and think about how your environment is going to look like in the next six months or maybe a year or two to three years down the road because it's not like you can constantly add more wireless LAN controllers to your environment most likely you would want to add a wireless LAN controller that sits your environment for at least five to seven years so you don't have to keep messing around with it right the idea is to set it and forget it so take a step back think about what you want and then move forward however if you're working for a smaller company it's okay to start out small with the Mobility Express type controller and then as your company grows then you look at things differently now here's a summary of everything we just wrapped up talking about all the different models that are available to us unified Cloud embedded Mobility Express and autonomous it's all about the placement of the wireless LAN controller remember the whole idea as you want is centralized placement where we have this intelligence that is capable of managing all the different access points so we can configure them we can see what's going on correlate and all that and what's interesting here is the unified model supports up to 64 000 clients the cloud supports up to 32 000 embedded up to four thousand Mobility Express two thousand and the typical use is once again large Enterprises use the unified model large Enterprises could also potentially use the private cloud model and the smaller organizations would want to use embedded and Mobility Express and as you can see here the cost of each solution is directly proportional to the number of APS and clients supported which makes sense right so the more clients you have and the more APS you need supported the higher the cost of the solution is going to be now let's look at the last section of our discussion today wireless LAN security wireless network is considered untrusted by default and is inherently insecure because wireless devices communicate with each other over the year if you have two people that are talking in an open public space even if they're having a private conversation you cannot consider it a private conversation because it's in a public open public space at a coffee shop two people are talking about some secret stuff well it's no longer a secret is what if somebody's recording the data or what if there's a bad guy sitting there who is looking for that secret well you just give it away right so wireless LAN has some of these inherent insecure and untrusted attributes by default but we can fix that anyone within the access points Wireless signal range can potentially listen in on any conversation happening over the year unless we do something about it and that's where API comes to rescue now what is an API well here's the deal I'm not talking about application programming interface do not confuse it with that it's a different mnemonic okay and it's a memory aid for you to remember for exam purposes and ccns certification purposes that wireless and security is composed of three distinct components first of which is a an API stands for authentication so what we do here is we verify users identity before we letting them connect to the access point how do we do that well if you think about it the most common way of doing that is by providing a username and password credentials and the advanced methods may require bi-directional authentication what do I mean by that one directional is where we trust that the access point is a trusted device and the wireless client has to authenticate to the access point but what if you have a bad guy who is using a fake or a rogue access point and maybe using the same name as your home network and when you connect to that access point all of a sudden that bad guy is now running a man in the middle attack on you to avoid that with bi-directional authentication the client also authenticates the access point to make sure it's connecting to an access point that it's supposed to be connected into and not some random Rogue access point and an example of authentication in real world at home could be a pre-shared key so I'm sure you're familiar if you have an access point at home you have an access key a pre-shared key right so you have to time in every time you want to connect a laptop or your phone or tablet you have to plug in a key to connect that right there is a pre-shared key that's what you're using to connect to your access point now in this case let me explain the authentication piece so here we got this employee his name is Bob he's connecting to the network and when he initially established his communication at the access point excellent point says who are you well Bob says I am Bob by providing username and password credentials and those credentials could either be verified by the AP itself or those credentials could potentially be verified by a solution like Cisco ice identity Services engine or Microsoft active directory or a radius server or an ldap server any of those Solutions are possible but some sort of authentication server may be involved in the process and then at that point you are connected but like I said this guy at the bottom here Mr Robot might have a malicious intent Mr Robot might have an AP that is also advertising an SSID called private and let's say if you're also using the SSID private foreign wants to see which SSID to connect to he's going to see both private ssids on his laptop he's not going to be able to decide which one to connect what if mistakenly he connects to this SSID right here well it's a good day for Mr Robot because that's what he wanted to do at that point Bob's information is being completely captured Bob might be completely oblivious to this he might be thinking well I'm good because I can connect to Google and I can do my job but little did Bob know that there's a man in the middle attack happening and the reason it's called man in the middle is because you literally have a man who's in the Middle with this access point because the other side would be internet right so a smart hacker or a bad actor would make sure that you do get internet access so you don't get to realize that you're connected to a device that doesn't have any access to anything by giving you internet access when you're connected to the Internet you may not realize for hours or potentially days that you're connected to a rogue device while Mr Robot is doing a number on you and you're completely clueless so very important that we have authentication in place especially bi-directional authentication where not only the AP authenticates a client but the client also authenticates the AP next one up is privacy so in our API that's the P the idea here is we encrypt all the data between wireless devices for privacy and what is encryption if you're not familiar with it it's the process of converting plain text into a cipher text using a mathematical algorithm and only authorized parties can decipher this data so let me explain so as you can see Mr Robot is listening in on the same because he's within the same wireless range as Bob Mr Robot we're using the same shared space and same channel and signal Mr Robot has the ability to listen in on what's going on with Bob if Bob says in plain text my pastor is covet 19. Mr Robot can hear that and then next time Mr Robot can pretend to be Bob and then wreak havoc on our Network by connecting into our land and basically injecting worms and viruses and all kinds of nasty things in our Network to protect ourselves we can use encryption and what that means is as the wireless laptop is communicating with the wireless access point what the laptop can do is instead of using the password in plain text it can run a mathematical formula on covid-19 and it might end up being three one two nine one three seven and these digits get transported across over to the access point and then the access point can run the same algorithm to compare and then decrypt this data when we do that what ends up happening is Mr Robot when he looks at this number he goes huh what is this Mr Robot is oblivious to I mean he doesn't understand what these numbers are so it's important that we encrypt the data this is also called confidentiality you'll see different terms being used in security for privacy but you might see this term privacy being interchangeably used with encryption or confidentiality these are all the same thing and the i in our API stands for integrity so what that means is we want to avoid data tampering by running an algorithm or a hash that matches on both sides the sender and the receiver so the example that I was talking about earlier we want to make sure that the information that Bob sent to the AP is the original packet that Bob intended to send instead of Mr Robot pretending to be Bob and the way we do that is by running a hash or a mathematical algorithm and by adding a little hash value at the end of the password could be E7 for example and then when the other side gets it which is the AP in this case it would run the same formula based on the algorithm that they decide to use and then match those hashes and if the hash is an exact match then it means that the information was not tampered with you can think of it as a secret little stamp that's put in on that packet when it's sent across that stamp has to match on both sides and once again if you do this right we can kick Mr robot out of the picture here and he cannot inject malicious traffic into our Network now let's look at a couple of different authentication methods there are a couple of Legacy authentication methods that I want you guys to look at first called open authentication any client can join the AP without authentication now that sounds pretty pathetic right but think about it coffee shop Airport Stadium type venue shopping malls you want the ability to have access to the internet and this is where open authentication is used on the access points to just give you free guest access to the internet next up is psk also known as web or wired equivalent privacy same secret key used on both access point and the client now web is deprecated and not recommended anymore we still use the pre-shared key but the web technology is no longer in use and I'll dig more deeper into the web technology momentarily so you understand why it's no longer recommended here are the new authentication methods we have this authentication method called Eep or extensible Authentication Protocol this is used for Port based authentication and here the idea is we've got three different players into the mix We have got the supplicant who's the client to the left we got the authenticator who's the access point could be a wireless LAN controller in the middle of the network and we got the authentication server to the right of our diagram and what ends up happening here is when the supplicant wants to join the network credentials are sent so let's say Bob uses his username and password those credentials are seamlessly passed through the authenticator over to the authentication server authentication server either accepts or denies a credentials if the credentials are denied communication stops on the other hand if the credentials are accepted the authentication server generates an encryption key for both the supplicant and the Authenticator and it's it's the same key on both sides and it's only good for that particular session so as as long as the supplicant continues to communicate after being authenticated they'll have the same key now the session drops and few hours later if the same supplicant wants to rejoin the whole process has to happen again and a fresh pair of encryption keys are generated by the authentication server so this is how the security is maintained now within Eep we have different additional components that add more enhancement first one up is Leap or lightweight extensible Authentication Protocol this is Cisco proprietary and you should not use it anymore because it's insecure Next Level Up is Eep that stands for extensible Authentication Protocol flexible authentication via secure tunneling this is an enhancement over leap and you'll see some networks Implement that Next Level Up is peep or protected extensible Authentication Protocol developed by Cisco Microsoft and RSA it uses a TLS tunnel to protect the authentication transaction and finally Eep TLS TLS stands for transport layer security it's open industry standard protocol it's considered the most secure and the end users and radius servers authenticate each other by using each other digital certificates now as you can imagine when you talk about digital certificates we're now adding another layer of complexity in our Network which means we now need to maintain pki or public key infrastructure meaning we need to add a CA or certificate Authority server in our environment and within our infrastructure and then distribute certificates to all the devices and that significantly increases the complexity of our Network but in a typical Enterprise Network it's a must next let's discuss privacy and integrity methods very first type of privacy and integrity method we had was tkip temporal key Integrity protocol it's a legacy protocol it's deprecated and not recommended anymore then came along ccmp stands for counter CBC Mac protocol it's more secure than tkip it's used in WPA2 then came along gcmp gcmp stands for Galloway counter mode protocol it's a robust authenticated encryption suite and is better than ccmp it's used in wpa3 now let me walk you through the evolution of security as you can imagine I mean all these different pieces I talked about it's probably getting you pretty confused right about now so you may be asking how do I choose the best Security Suite because we need to make sure we have the right authentication mechanism coupled with Integrity coupled with encryption or privacy how do I kind of put all the pieces together well thanks to the Wi-Fi Alliance they created what's called a WPA or Wi-Fi protected access certification process and it's significantly simplifies how we look at the different options that are available to us to protect and secure our Wi-Fi network and here's a table that shows an evolution of these Technologies first we had web or wired equivalent privacy don't be fooled by the name it's very insecure naturally because it was the first security Suite that is introduced and it used an encryption method of rc4 or Rivas Cipher 4 very very weak you shouldn't use it data Integrity of crc32 it had two authentication mechanism either open or shared and finally is it okay to use today I would say no now moving on WPA came out in 2003 it used tkip with rc4 as I said rc4 is bad news so naturally this should mean you should avoid it however it used a better quality data Integrity protocol called mic message Integrity check and authentication wise it is pre-shared key and 802.1x with Eep variant so the different variants of extensible Authentication Protocol we just finished talking about it use that which makes it very very secure from an authentication standpoint but I say that you do not use it today because of the fact that it's known to be vulnerable and it's hackable as a matter of fact there are tools available that you can use today to easily crack either web or WPA next up is WPA2 this was introduced in 2004 and it uses the encryption method of ccmp and advanced encryption standard or AES AES currently is the most popular encryption method used on wired and wireless networks today and from a data Integrity perspective uses CBC Mac from an authentication perspective it uses pre-shared key and Dot 1X with e AP variant once again if you have WPA2 at home you'll be using pre-shared key but in an Enterprise environment you'll use 802.1x with EAP variant I say that if you're using WPA today and that's all you have supported on your access point and wireless devices and clients then go ahead and use it but it's a partial yes okay finally we have this wpa3 standard that was introduced in 2018 it also uses advanced encryption standard but instead of the 128 bit being used here wpa3 uses aes192 bit that's the biggest difference makes it much much stronger it uses Shaw or secure hash algorithm for data integrity very popular and strong data Integrity protocol and from an authentication perspective it uses what's called SAE or simultaneous authentication of equals and it still supports dot 1X with EAP variant and whether or not you should use it today I would say heck yeah that's the protocol and the suite that you should be using in your environment today welcome to ccnn 200-301 course today you're starting a new section section three part one IP addressing and routing today's session is all about ipv4 subnetting here are the topics I plan on covering today we'll first discuss IP overview we'll then get into ipv4 binary to decimal conversion then talk about ipv4 private versus public addresses and finally I'll wrap it up with ipv4 subnetting let's go first ipv4 overview ipv4 is the most widely deployed protocol globally and that's the dominant protocol on the internet today ipv4 is defined an ietf publication RFC 791 so if you Google RFC 791 you're going to come across the original specification of ipv4 it was published in 1980s I believe 1981 to be exact and it's been around since then let me quickly touch base on ITF its stands for internet engineering task force they've been around a long time as well it's an Open Standards organization based in the United States they're located here in the Silicon Valley and they're responsible for the enhancements to the tcpip protocol and IB V4 happens to fall within that realm IP address is a 32-bit long binary string and I'll show it to you in a moment but a couple of things to keep in mind you have to read it from left to right very much like mathematics total number of IP addresses provided by ipv4 address space are 2 to the power of 32 or 4.3 billion roughly give or take now given the current population of 7.8 billion people globally you may think that this is not nearly enough number of IP addresses to be able to serve all the people on planet Earth given the fact that over half of the world's population today happens to be on the internet well you would be correct in thinking so we're actually running out of ipv4 addresses believe it or not however there are some interesting techniques and hacks that we can use to extend the life of ipv4 we'll talk about that as well an IP address is divided into four different octets of eight bits each or one byte each eight bits equal one byte and let me show you in a moment what an octet looks like but the word OCTA comes from Greek and OCTA means eight so four octet naturally means four pair of eight different values of binary and each decimal number is one byte that means it's 2 to the power of 8 or 256 and the decimal range starts from zero goes up to 255. and let me show you what I mean if you look at an IP address you may find an IP address that looks like this 192.168.10.1 it's also known as dotted decimal format and if you were to look at the binary of this IP that's what you're looking at at the bottom here so let me explain if I can go slightly deeper here you see this 192 here and this IP address this right here is translated to this binary code at the bottom in the first octet and each octet is delineated by a DOT as you can see there are three dots right and you can see the same dots down below up at the top we have the decimal format which we're familiar with right but computers understand binary and that's why we need to understand binary as well because we need to understand the binary math in particular to be able to deal with IP addressing so as I mentioned first octet 192 translates to 1 1 and a bunch of zeros then the next one the second octet translates to 168. that is one zero one zero one and a bunch of zeros and then the third octet is ten and this translates to a bunch of zeros followed by one oh one oh and then the final and the fourth octet which happens to be one in decimal it translates to a bunch of zeros followed by A1 in binary so as you can see in binary you can only have either a zero or a one that's what binary means you're either off or on zero in binary means off and one in binary means on now if you feel a little lost at this point let me help you out here real quick so what it'll do is on my Apple Mac Mini will go up to the top Apple menu top left go to system preferences we'll then click on network and click on Wi-Fi Advanced and then finally click on the tab tcpip and what we're looking at here is the IP address that's assigned to this machine along with the subnet mask and a router now why is this important well the reason I believe it's important to talk about this quickly is the fact that I guarantee you pick any device in your network at home and it has an IP address and specifically as you can see here it says ipv4 address right and then there's a subject mask and and the router but the bottom line here is every single device on your network has an IP address in your home or your office or any other environment where you have devices connected to the internet or to a network they must communicate via IPS that's why it's important and relevant to understand IP addressing and hopefully this provides a real world perspective on this now back to ipv4 or review now each IP address is accompanied by a subnet mask and without a subnet mask IP really doesn't give you any information so it's almost a requirement that you understand the subnet mask then you're looking at an IP so here's an example you got 192.168 10.1 and the subnet mask is right below it which is 255.255.255.0 and what this does for us when we have a subnet mask it helps us differentiate and delineate between the network portion of the IP and the host portion of the IP hang in there with me if it doesn't make a lot of sense right now do not worry by the time you're done with this video you will be a master of looking at IPS and and being able to make sense of what these numbers actually mean so just to kind of reiterate we got this IP address and we got the subject mask down below as you can see the first three octets here in this case octet number one octet number two and octet number three same thing octet one octet two octet three up here we have an IP address down below we have is subnet mask okay just to be clear and when we look at these three octets the first second and the third that makes up the network portion for at least the address you're looking at it's different for different types of ips and different types of subnet masks but in this case what we have is a network portion that is the first three octets and the host portion that is the last octet IP address can be class full or class less and I'm gonna go deep into this topic so you understand what that means momentarily class full means when the original ipv4 RFC came out RFC 791 that I was talking about on the last slide it had five different classes specified within it Class A Class B Class C d and e and we'll talk about all these classes in a moment but that's what the original RFC 791 defined in its specification however before I start talking about the different classes of Ip addressing what we need to talk about first I believe which would make it a lot simpler for you to understand things going forward would be a quick look into the binary to decimal conversion for ipv4 this is a key concept guys this is the most fundamental and key concept when it comes to layer three if you guys do not get this concept you guys will struggle with layer 3 and layer 3 is the heart of routing routing happens at layer three so you need to understand it if you want to become a world-class engineer you must understand how routing Works how IP addressing Works let's take a look so we have this conversion chart that I'm going to show you here in a moment it helps us convert from decimal to Binary and and binary to decimal we can kind of go back and forth and each bit position in an octet has a decimal value associated with it so for example what we do is we actually draw this out so remember we talked about eight bits which equals one byte so an IP address when we look at let's say for example 192 168 1.0 when you look at this each octet this is the first octet this is the second octet this is the third octet and this is the fourth octet each octet is eight bits eight bits per octet if you were to kind of chop up an IP address into different octets like this and if you were to zoom into one of these octets let's say we zoom into this first octet that's eight bits well if we can lay them out like this okay starting with the value one two four eight sixteen thirty two sixty four one Twenty Eight the idea is that these values double as you can see they're they're doubling as we go from right to left and it will make more sense when I show you that in binary 2 to the power of 0 is 1. 2 to the power of 1 is 2 2 to the power of 2 is 4 2 to the 3 is 8 2 to the 4 is 16 2 to the 5 is 32. so on and so forth and when we have all the bits on what we end up getting is what's called a broadcast address and a broadcast address is an address that's sent to all the devices on the network whoever is within that subnet that you belong to every single device in that network is gonna get that message hence the name broadcast it's similar to if you guys recall in Layer Two when we were discussing you know I'm in an ARP gets sent out and you have all F's at Layer Two If you guys recall it's it's the same thing but at layer 3 instead ffff all these different F's happen to be at Layer Two that's the layer two broadcast right and for us at layer 3 255 is the broadcast it's the equivalent it's the same thing and what we have next is all zeros that is considered a network address so in other words this defines the beginning of an IP address range and this defines the end of the IP addressing range now let's quickly jump into the IP address classes so if you guys recall there are five different classes a b c d and e let's first quickly take a look at class A what we get with class A according to the RFC standard is that the first bit must always be zero what that means is if you were to look at our binary conversion chart the first bit will always be zero no matter what so we can almost draw a line here and the rest of the bits once again we have our starting bit which is also known as the network address and we also have the ending address known as the broadcast address where we have all once what that means mathematically though is that the class A starts at zero and goes all the way up to 1 27 and let me explain what that means you see all the bits and there's zero right that means that class A starts at zero and because the first bit must always be zero even for all the ones the first bit is set to zero but we have to add up all these numbers here right so let's quickly add up what's 64 plus 32 that's 96. what's 96 plus 16. that is 112 and what is 112 Plus 8 that is 120 if we were to add 4 that's 124 we add 2 plus 1 at 3 to it that's 127. what we get when all the bits are set to 1 is 127. as shown by the math here however as you can see here by these two asterisks if you were to look at these two asterisks down below all zeros and all ones are invalid host addresses so that is something very very important to keep in mind and I'll continue explaining as we move forward in case if it doesn't make sense at the moment now another thing you want to look at is in class A the first octet is dedicated to networks and the last three octets are dedicated to hosts and the default subnet mask is 255.0.0.0 and here the total possible number of networks is 2 to the power of 7 that's 128 Networks and within each Network we can have a total of 2 to the power of 24 which is 16.7 million plus hosts per subnet that number is insane what we have next is Class B Class B starts off where Class A ends so you see it starts off at 128 but before I go there let's focus on the binary so the RFC 791 standard defines that the first two bits must be set to one and zero so let's go back to our binary conversion chart again and we're going to be doing that a lot in today's session so you get a pretty good feel for how this works because the standard says for class B one and zero are all this set this way and are unchangeable we're gonna put them down like that and another thing you want to keep in mind is once again our range always starts with all zeros and it ends with all ones and then we have different combination of zeros and ones in between right this could be one this could be zero so on and so forth and what that means is as you can see the first value here is 128. right and that's why our range starts at 128 as shown here and down here at the bottom below if you were to add 128 to all these different numbers here let's do that so 128 plus 32 is 160 160 plus 16 is 176 Plus 8 is 1 84. plus 4 plus 2 plus 1. we'll just say plus seven that right there makes it 191. so this is where the range ends 191 and voila it matches this value right here so hopefully now you guys are starting to see a pattern here now once again in this one in class B though two octets are dedicated to networks and two octets are dedicated to hosts the default subnet mask for class B is 255.255.0.0 here we have a total subnets of 2 to the power of 14 that's 16 384 and we have totals hosts of 65 534. the reason we have this minus two in the end as you guys are seeing here is because once again all zeros and all ones are invalid host addresses meaning none of the network devices routers switches IP phones desktops laptops you name it any network device in your network cannot be programmed with all zeros and all ones as the host address because these values are reserved by the RFC to be able to identify the network address and the broadcast address next we look at class C here in class C the RFC 791 standard says all the bits in green the first three bits must be one one zero so once again going back to our binary conversion chart what that means is the first three bits will always be one one zero regardless right so if you were to draw a line like this because we cannot change the first three bets let's see how the rest of it pans out well I'm missing a four here so what we'll have is zero zero zero zero zero and we'll have one one one one one as the ending so once again top one is the starting position and the bottom one is the ending position and if you were to do the math what we'll get is 128 plus 64 is 192. and this is what this value represents this is where Class C starts where Class B ends is where Class C starts and if you were to do the math here with 190 128 plus 64 being 192 and then if you were to add up all these other numbers it's going to end up being 2 2 3 and once again that very conveniently matches where the class C range ends Class C has the first three octets reserved for networks and the last octet reserved for host and the default subnet mask in class C is 255.255.255.0 here we have total networks of 2 to the power of 21 over 2 million Networks but we have hosts of 2 to the power of 8 minus 2 which means 2 to the power of 8 is 256 but once again we cannot use the first and the last and the range that gives us a total of 254 and that's what we're seeing here next up is class D here the RFC standard said the first four bits will be one one one zero so going back to our handy dandy binary conversion chart what you'll get here is the first four bits always locked in like this and once again our starting range starts with all zeros and ends with all ones if you were to add up all these numbers wherever we see one we add up those numbers right so 128 plus 64 plus 32 gives us 2 2 4 which matches the beginning of the range and the next up the final is the one one one and then a bunch of other ones and the only thing that's missing is 16 if you were to add all that up that adds to 239 which matches this number right here now one thing I want to mention about class D is it's a unique class of IP addresses in a sense that it's reserved for multicast routing and multicast is a whole different way of doing routing in our networks typically when we talk about routing we're talking about unicast routing here these ranges are dedicated this whole class D is dedicated to multicast routing and in this course we'll touch base and multicast a little bit we'll talk a lot more about it in the ccnp class so it's kind of beyond the scope of the CCNA exam but you need to know a little bit about the multicast which we'll cover later in the course and finally we have class E hear what we get is according to the RFC standard first four bits are always set to one and then once again our starting position is all zeros and then the ending position is all once if you were to add up all these numbers all these ones to the left you'll get the value of 240 and if you were to add up all the ones of course you're going to get 255. as the end of the range this is once again a unique bird in a sense that it's an experimental range so in real world you'll never see anything in this range uh being handed out in your network so in reality you should only see the top four classes of the IP addressing in your networks and you shouldn't really see Class E specified anywhere now let's quickly talk about class less so if you just finished talking about class full IPS remember those different categories Class A through Eve just finished talking about this is the other side of it where we have what's called a cider or classless Internet domain routing or vlsm or variable length subnet masking where we have the ability to be able to control IPS and this technique was introduced to slow down the rapid exhaustion of ipv4 addresses because as I mentioned we only have roughly under 4.3 billion ipv4 addresses and we have to be smart about how we allocate and use them and like I said gives you full full control as an administrator to use this space and then Define and carve out the the network portion and the host portion as you see fit and addressing a cider notation is written as follows so you may see an address like this even though it belongs to class A you might say well if it's Class A it shouldn't end with a slash 16. right it should actually Class A ends in a slash eight and the reason classes ends in a slash eight is because if you guys remember the subject mask is 255.0.0.0 which means only the first octet has all the bits on and then the rest of the octets are all zeros that's the default class but that's not what we're seeing here so what's up with that well this is what's called class less where you're taking an IP and we're carving it out according to however we want to carve it out to program our devices in our Network and what we have here is the portion to the left which is the IP address or the network address here 10.1.0.0 is the network address that's what's called the prefix or the network address and the slash 16 represents the suffix or the subnet mask and this subnet mask in decimal would be written as 255.255.0.0 that's how slash 16 is represented now let's quickly talk about ipv4 private versus public IP addresses so what had happened was because as I mentioned ipv4 there was this real scare many many years ago in the it Community about running out of Ip addressing space and it's real right because we have a lot of devices a lot of people online and we're running out of ibb4 so they we had to come up with some clever smart way of dealing with this situation So what had happened was an RFC 1918 was published and it defined what's called a private ipv4 address ranges and these addresses can only be used on the LAN they're not routable on the internet and as a matter of fact the service providers have filters in place to drop packets on their internet routers if the packets are sourcing from private IP address range and I'll explain that momentarily and here are the three private IP address ranges that you must memorize for the exam the first range starts with 10.0.0.0 and ends in 10.255.255.255. it's is Slash 8. it's defined in RFC 1918 the next range is 172.16.0.0 through 172.31.255.255. it's a slash 12 or 12 bit and the third one is 192.168.0.0 through 192.168.255.255. that's a slash 16. if you see these IPS configured on your devices then that means that your devices are configured to take advantage of private IP addressing space as a matter of fact I would be willing to bet that most of the environments that you are aware of today including your home network a coffee shop your office whatever have you you're going to see IP addresses in one of these ranges should never be outside of these ranges unless you're talking about a data center where you have servers and you know things of that nature even servers you don't actually have public IPS configured on them you would actually configure private IPS on the servers and then use another clever technique that we'll talk about in a moment to to magically mask the private to the public IP but the bottom line is that these are the private IP address ranges that you must memorize not only for the exam but it's a very real world topic because that's how you configure your Lan or local area network and as I mentioned what ends up happening is if you're using these private networks in any of these ranges 19168 10.0 or the 17216 range that we talked about as those packets go out and they hit your ISP router right so this could be for example your Comcast device at your home this could be your your cable modem and then behind your cable modem of course you'll have your router if that router that you have at home sends this IP 19168 1.0 out to the ISP router the ISP router will actually discard this packet it's not going to send it forward reason being these are private IP address ranges they have no business of being available on the internet because like I said the RFC standard specifically called out that these IPS are not allowed to be routed on the internet so they do not route on the internet they cannot become part of the internet routing table so you have to get creative to do something about it and let me show you how we can get past this challenge this is where Nat comes in and that stands for Network address translation and what that does for us is allows network devices on the land to be able to communicate over the internet and the whole trick is that Nat function is ran on a router could be a firewall mostly a router and what it does is it changes the source address in the ipv4 header so if you guys recall the ipv4 header right it's 32-bit in length we just talked about you know the 32 bits and how they're carved out and all the IP addressing we've been discussing so far is part of this right here the source and destination addressing element but what I want to point out is we need to swap out this private IP on our land that you're seeing to a public IP that we're going to get from our ISP which means when the packets leave this router this router is going to run in that function and it's going to Translate and swap out this private IP with the public IP so when the packet gets to the other side they never see the private IP all this C is the public IP and this fools the ISP router now if we were to talk about the ISP router which is right here when it gets this packet when the source address is public well this router has no problem because it's designed to forward public routes so it's going to forward the packet but if you guys recall on the previous Slide the reason the ISP was actually discarding the packet before using Nat is because it's programmed not to allow the private IP addressing space to be routed across the internet because that's what the standard says now quick disclaimer I'm not gonna go deeper into Nat here because this section is about IP addressing but we'll have another section later in the course under IP Services where we'll go deep into this topic and we'll talk about the static and dynamic and different types of nat strategies that we can use to be able to configure our network but at this point I think this is sufficient enough information for you to understand the concept of nat now let's go through a bunch of different exercises so you get to learn how subnetting actually works the vlsm the variable length subnet masking how does it work how do we take an IP address and kind of chop it up into different networks well here's the first example where we've been given this IP address up at the top 200 or network address I should say 200.10.5.0 24 and we've been asked to create four subnets out of it well how are you going to do that here's a three-step process that I love to use and there are a number of different ways of doing it and I don't blame you if you end up using another method if it works better for you but the method that works best for me and for my students is this one they absolutely love it and I personally also loved it when I was a student myself so the first thing we do is we convert the number of subnets required from decimal to binary so what are the total number of networks acquired you need four so what that means is we talked about if you guys remember handy dandy binary conversion chart right one two four eight sixteen thirty two sixty four one twenty eight now if you need four are these we have to see how we can come up with number four well if this bit is on and if all of the rest of the bits are off that gives us a decimal value of four and that's exactly what we are after now what we do next is we Define the network bits to create a modified subnet mask so the default subnet mask we have in slash 24 by by now you guys know is 255.255.255.0 which equals a bunch of ones in the first octet a bunch of ones in the second octet a bunch of ones in the third octet and all zeros in the fourth and the last octet well we learned from the previous step that it takes three bits to produce four networks what that means is we're gonna go ahead and borrow three bits from the host address and just to quickly clarify in slash 24 the first three octets are all Network octets right they're dedicated to Networks and what we need to do is we need to find four networks right so what what we did was this right here is the host octet the final one we borrowed three bits that match the three bits that we came up with here right to come up with the value of four so that's what we're doing here and what that gives us is a modified subnet mask of 255.255.255.224 or slash 27. why do we call it slash 27 well if you were to add up all these bits here all these Network bits and by the way Network bits must be contiguous if they're not that's a violation of the ipv4 addressing rules so make sure that in other words you can't have a network where you have a zero here for example N1 and Zen Zero and one you will never run into a situation like that ever because that's a violation of ipv4 addressing rules when you have all ones like this you should always see contiguous ones okay in all of these octets so something for you guys to keep in mind and the the the 224 value is once again you know looking at the binary conversion chart where we have one two four eight and all that right this is 128 position right here this is 64 position this is 32 position if you add all that up that equals 224. third and the final step is we Define the network range for each subnet how do we do it well we focus on the last Network bit so if you guys remember this was our last Network bit this last Network bit position what's this position here let's blow it up a little bit so we have one two four eight 16 32 64 128 right so if I were to do one one one zero zero zero zero zero well this right here is the last Network bit position that's what I'm talking about right which is 32. the value 32 comes from here it's the it's the least significant bit by the way that's another terminology you guys need to be aware of the leftmost bit is considered the most significant bit and the last Network bit is considered the least significant bit so we'll look at the least significant bit value position and we'll take that from the modified subject mask which we're looking at right here to Define our Network range so the first range ends up becoming 200.10.5.0 through 200.10.5.31 well how did we figure this out and and what are we doing again well let's take a step back quickly what that means is after modifying what we needed to modify in order to get four networks right create four different chunks or four different pieces of this network one slash 24 divided into four different subnets we did all this to come up with certain values right and if you were to pay attention to this right here the modified subnet mask that tells us everything we need to know and here's what I mean all the network bits that we have if you look at all the zeros these are for hosts how many zeros we have one two three four five we have five zeros right so two to the power of 5 gives us what 32 that's what it gives us right and that's the value that we're looking at here so what that means is we'll have 32 hosts in each subnet and if you guys remember we have to do 32 minus 2 to get to the value of 30. that's the usable space that's what we call usable IP address space because we cannot use the first IP because that's the network address and we cannot use the last IP because that's the broadcast address and these are reserved according to the RC standards so what does that mean what should be the next range here well what that means is the next range should start with 200.10 DOT 5.32 because this value is 32 here right and at this point I think we can start identifying that the one after that would be 32 plus 32 is 64. and then if we were to add another 32 to that we'll get 96. and so on and so forth these are all the different ranges that we'll actually end up getting so we're gonna get instead of four even though we needed four but the way it worked out we're gonna actually end up with eight networks and these eight Networks each network is going to be able to support 30 usable IPS and where does this number eight come from Remember The Borrowed bits what's two to the power of three how many bits we borrowed three right that's eight these are the number these are the networks that we're gonna end up getting so as you can see once you guys understand and get a feel for this binary conversion chart and math it kind of becomes very cool and you sort of like become a ninja of going back and forth and doing conversions between binary and decimal to make sense of what you're dealing with so I've got a ton of other examples let's keep rolling example number two we're still subnetting Networks you got the IP address 193.9.10.0 24 and we need 60 subnets step one convert the number of subnets required from decimal to binary so we're going to look at the number 60. we're going to do our handy dandy binary conversion chart and after doing the math that's what we're gonna get to get to the number 60. step number two if you guys recall is we Define Network bits to create a modified subnet mask so first we write down our default subnet mask of 255.255.255.0 and then we see the binary in front of it well we learned from the first step that it takes six bits to produce 60 Networks what that means is we need to borrow six bits from The Host address space in order to be able to come up with 60 Networks and this is how the modified subnet mask will look like the modified subnet mask shows us that we've got ourselves a subject mask of 255.255.255.252 or slash 30. finally we Define Network range for each subnet so as you can see here let me draw that out for you the least significant bit which happens to be this one what's this position aligned to when it comes to the binary conversion chart up here one two four right this right here is four well that's the position we got right here and we use this to Define our Network range so what that means is our Network range should start with 193 .9.10 .0 and the one after that should be 193.9.10 .4 and the one after that would be 193.9.10.8 but where does this first range end these are all different ranges right it's gonna end at 193.9.10 .3 where does the second one end it ends at 193.9.10 .7 and where does this one end the third one 193.9.10.11 because the next one down below would be dot 12 right so I'm sure at this point you guys are starting to see a pattern here but remember we cannot use the first and the last IP in each range which means we only have two usable IPS per subnet that we have and how many subnets are we going to get in total well 2 to the power of 6. equal 64. that's how many subnets you're going to get so 64 subnets even though we only wanted 60 but we ended up getting a few extra because that's how the math worked out and within each subnet we're only going to have two usable IPS and here are all the different ranges and it it's going to continue but you guys get the idea now I'm going to pick up my Pace a little bit because at this point I'm sure you guys are getting comfortable with how this works so this is example number three and we're still subnetting Networks so what we have here is 155.1.0.0 16 and we need 120 subnets now this is a different one before we had 2 24s the previous examples right this example is a slash 16 a little bit different but the rules are still the same so first thing that we do is we convert the number of subnets required from decimal to Binary so what's a decimal number we're after 120. let's do the binary math real quick this is how the binary math works out step number two Define Network bits to create a modified subnet mask right we first of all jot down the default subnet mask which is slash 16 255.255.0.0 it takes seven bits we learn from step one to create 120 Networks so let's go ahead and borrow Netflix bits from the host octet and that's exactly what we did we borrowed seven bits well that gives us a modified submit mask of 255.255.254.0 or slash 23. let's define our Network range for each subnet what's the last position so let's quickly talk about the last position so as you can see here the last position once again if you were to compare it to our handy dandy binary conversion chart is in the bit position two and that's what we got here and we can use this to Define our Network ranges so it starts off at 155.1.0.0 all the way up to 155.1.1.255. the next range starts at 155.1.2.0 through 155.1.3.255. so on and so forth but what I want you to pay attention to is based on the steps that I outlined above you will see that as as long as you stick to our formula here you see we start off at zero because that's a default right and then we go to two and four and six and eight because here we're messing with the third octet all right because this is Class B so this is where we need to write things down it's a little different than how we manage Class C so far but just hang in there with me and I think you guys are understanding what I'm doing here and let's talk about how many total networks we're gonna get well total networks would be 2 to the power of seven and that is 128 so that's the total of subnets I'm going to get from the math I just did even though we only needed 120 but we're going to have a few extra and within each subnet you're going to have how many hosts how many host bits do you see here well you see the you know eight bits right here in the last octet and then one additional host bit in the third octet so all together we have 2 to the power of 9. and what does that give us well that gives us a total of 512 hosts but the usable would be 510 because once again we cannot use the first and the last so that's the total number of hosts and that's why the range looks bigger it starts at 0.0 but then as you noticed the third octet changes to dot one and ends at 2 255. but the reason it goes from zero to one is because the first range looks like this 155.1 dot 0.0 through 155.1.0 through 255 but then we don't stop we continue 55.1.1.0 through 155.1 dot 1.255. so you guys see the way it works out and the same thing that other ranges too but I'm going to spare you the grief and here's the last example once again we're still subnetting networks the network we have been given is Class A 89.0.0.08 and we need 300 subnets same steps convert the number of subnets required from decimal to binary well decimal is 300 what's the binary that's how the the way math works out now one little difference here you guys probably noticed I'm going beyond our typical 128 boundary is because I needed 300 networks and I could not create 300 networks just from the fourth octet alone the maximum number of networks that I can get from the fourth octet is 256. why because there are eight bits in each octet 2 to the power 8 is 256. so that's the maximum number I can get from one octet right but I needed 300 so I need to go above that well that's where we kind of crossed over to the other boundary and one went from the fourth octet into the third octet in order to be able to borrow the appropriate bits and get the job done step two we Define Network bits to create a modified subnet mask 255.0.0.0 and then we lay that out in binary it takes nine bits to produce 300 networks that's what we saw in step one right well let's go ahead and specify how that will play out so because remember it's a slash eight we only have the first octet with all ones second octet through the fourth octet were all zeros before but because we needed nine bits to come up with 300 subnets we now have to turn on those bits as you're seeing in Red so the modified subject mask equals 255.255.128 dot zero or slash 617 and the reason it's slash 17 is because we have 17 Network bits on and the final step we Define Network range for each subnet so let's see how that looks like so if you start off at 89.0.0.0 through 89.0.127.255. the next one is 89.0.128.0 and it ends at 89.0.255.255. next range is 89.1.0.0 so on and so forth but once again the key here is that once we have identified our bit position we can use that to our advantage and figure out how to define the ranges now one thing I want you guys to keep in mind is here in because this is Class A at address and we're messing with the second and third octets you'll actually see the values increment both in the second and third octets as you can see here which is very very different than the slash 24 and slash 16s that we have looked at so far so I don't want you to freak out I want you to understand that because you're modifying the second or the third octet the values are going to increment as you define your network ranges finally how many subnets do we actually get due to the power of nine equals 512. and how do we know that by 2 to the power of 8 is 256 right so if you double 256 that's 512. okay so that's simple and that's a total number of subnets once again we only needed 300 but we're going to end up with 512 and that's fine we needed a minimum of 300. so it doesn't matter if you end up with more that's fine they can come in handy later in the future and as far as IP addressing look at how many host bits we got all the zeros that are left over and this modified subject mask are actually host bits so that's 2 to the power of 8 9 10 11 12 13 14 15 2 to the power of 15. that's a gigantic number I'm gonna have to fire up a calculator to figure this one out it's 32 000 768 but remember we'll have to do minus two so we're going to end up at 32 766 if usable IPS once again these are the number of hosts per subnet that's a lot of hosts per subnet you should never see that many hosts on a single subnet because your network devices will melt if you had that many devices and if you were to send broadcasts and things of that nature not gonna work but keep in mind we're just doing a theoretical exercise right now for your brain muscles so you can learn how IP addressing works because in the exam they're going to get you on this topic and they're going to throw some weird numbers at you so that's why I'm going through these random examples from different classes so you get a feel for how to subnet your networks and this is the final section we're going to now look at previously we talked about how to subnet networks or create chunks from networks now we're gonna look at how to subnet hosts so this is example number one what we have is 200.10.5.0 24. and we need 25 hosts now it's switched instead of Networks now we're looking for hosts the overall logic is going to stay the same but I'm going to point out a few differences first convert the number of hosts required from decimal to Binary so if you look at the decimal number 25 we map that against the binary conversion chart and that's what we get step two we Define host bits to create a modified subnet mask you got 255 255 255 oh and right in front of it is this the binary numbers it takes five bits to produce 25 hosts as mentioned in the previous step right that's what they learned well they're gonna have to divvy up the host bits so instead of focused on the network bits that we were in the previous section in this section we're focused on just the host bits and this is how the modified subject mask is going to look like once we did that 255 255 255 224 or slash 27. step number three we Define Network range for each subnet let's look at the position of the least significant bit here's where the gotcha is you may end up looking here at this last zero no you don't want to do that that's wrong what you want to do instead is you want to look at look it says last Network bit position not host Network bit well this is the network bit right here well what does this match do when it comes to the binary conversion chart well it maps to the value 32. hence the value 32 here now let's use this to our advantage to figure out the network ranges so 200 .10.5.0 is where we begin in the um and the next range would be 200.10.5 Dot well it says 32 I'm pretty confident we can put this down 200.10.5.64. and where does each range end the first one is going to end at 200.10.5.31 the second one is going to end at 200.10.5 63 200 dot the third one dot 10.5 Dot 95 and so on and so forth we are not done yet but you guys get the idea now one final step that you always do how many hosts and subnets are we going to get out of this well originally we had a sub Dead mask of 24 and we ended up borrowing a couple of network bits in the fourth octet and what we have is 2 to the power of 3 because we borrowed three bits we're gonna get eight subnets and we're gonna get two to the power of five that equals 32 hosts minus two because we can't use the first and last we're gonna get 30 hosts per subnet so we're gonna get eight subnets in total and we're going to get 30 hosts usable hosts or usable IPS in total now let's look at the next example 199.5.10.0 24 and we need 60 hosts let's go first convert the number of hosts requiring from decimal to Binary should be pretty fast now right 60 me look at the binary conversion chart that's what we come up with second step we Define host bits to create a modified subnet mask here we got a slash 24 it's just 255 255 255.0 then we have the binary representation or fan of it we learned from the last step that it takes six bits to create or produce 60 hosts what we're gonna do is go ahead and set aside a bunch of zeros that match the number of bits that we defined in Step One and this gives us a subnet mask of 255.255.255.192 or slash 26. step 3 Define Network range for each subnet well let's quickly take a look at the network bit position once again be careful it's not this guy it's the network it's the least significant Network bit so if you look at this this is what position when it comes to the binary conversion chart that is a position 64. that's what you got here now let's look at the different ranges 199.5.10.0 through 199.5.10.63 next up 199.5.10.64 all the way up to 127. third range 199.5.10.128 all the way up to 191. fourth range 199.5.10.192 all the way up to 255. so how many hosts do we actually get in this scenario but first let's look at subnets well initially we had slash 24 so what we did was we only modified two bits right these are the bits we borrowed from the host octet or the fourth octet right so 2 to the power of 2 equals four so that's it we only get four Networks and what do we get within each Network or each subnet as far as hosts well we got ourselves 2 to the power of 6 and that gives us 64 hosts minus 2 62 usable IPS per subnet next example 130.5.0.0 16 we need 450 hosts step one convert the number of hosts required from decimal to Binary let's do that very quickly that's how it Maps out also notice we're kind of going beyond our regular 8-bit boundary we're kind of in the ninth bit territory if you will step two we Define host bits to create a modified subnet mask here the default is slash 16. so 255.255.0.0 then we have the binary representation in front of it it takes nine bits to produce 450 hosts as mentioned in Step One so what you're going to do now is we're going to go ahead and reserve nine bits for hosts in our subnet mask and the rest will make that part of the networked portion and what we end up getting is a modified subnet mask of 255.255.254.0 or slash 23. final step is we Define Network range for each subnet and we look at the least significant bit at least significant Network bit so that would be this guy right here so according to the binary conversion chart if this is one this is two that's it and this is how it looks like 130.5.0.0 through 130. 5.1.255. and so on and so forth let's quickly as always look at how many subnets in total first well how many bits did we mess around with or we actually enabled compared to so we messed with the third octet right the the default was all zeros in the third octet right as you can see here but we actually messed with it so what are the bits that we actually messed around with we actually borrowed 2 to the power of seven that gives us 128 subnets how about hosts well let's check that out so 2 to the power of 9. because we have to count up all the zeros right and what we get is if 2 to the power of 8 is 256 2 to the power of 9 must be 5 12 because we just keep doubling the number in decimal right and that's the total number of hosts we do minus 2 we end up getting 510 usable IPS per Subnet in our Network and yay the final subnetting exercise in this example you're going to look at class A 14.0.0.08 we need 110 hosts step one convert the number of hosts required from decimal to Binary let's do that real quick step two Define host to create a modified subject Master default one is slash eight that's what we got 255.0.0.0 and then we got the binary representation in front of it because it takes seven bits according to Step One to create 110 hosts what we're going to do is we're gonna go ahead and specify the hosts in the fourth octet in red and then we're gonna enable the rest of the bits to the left of it to all ones because remember this is how it works in ipv4 addressing network has to be contiguous and you cannot have a mix of zeros and ones when it comes to the network address all the subnet bits must be ones uh the ones that are considered significant bits they must all be ones contiguously and consecutively and what that gives us is a modified subject mask of 255.255.255.128 or slash 25 final step Define Network range for each subnet well let's find the last Network bit position very very quickly let me look at this guy well this position is 128. that's what you got let's start looking at the different ranges 14.0.0.0 through 14.0.0.127 14.0.0.128 so on and so forth let's finally talk about how many networks we get first so how many Network bits did we mess with the default subnet mask here and look at what we did down below we modified a lot of bits we need to count them up so eight plus eight plus one so eight plus eight is sixteen plus one is 17. that's 2 to the power of 17. once again I'm gonna have to fire up a calculator because I don't think I can do that in my head that's one hundred thirty one thousand zero seventy two that's the total number of subnets you're gonna get that's a lot how about the number of hosts because that's what we really cared for right 2 to the power of 7. that is 100 28. we know that already because 2 to the power of 8 is 256 so half of that is 128. so that's the total number of hosts but remember if you do minus two we're going to actually end up getting 126 usable IPS on each subnet and one bonus topic that I want to touch base on kind of fun is ipv4 subnetting hack and what I'm talking about here is so this is my machine's IP address at home what I have here is this is the IP address I've got here's the subnet mask I got and this is the Gateway IP also known as router IP but don't worry about the router IP this is irrelevant for our purpose right now you guys will learn that in the next section when we talk about IP routing but today all you should be concerned with is the IP address and the subnet mask so if you walked into a real world environment and you plugged in your machine or through Wireless you picked up an IP address if you ever wondered how the administrator in that Network came up with this strategy and how many available hosts there are and networks and things of that nature you can actually use this technique that I'm going to show you to kind of reverse engineer the administrator's brain and see what they were thinking when they designed the network let's take a look so as you guys saw on the previous screen my IP address is 172.27.7.35 on my machine at home and my subject bask is 255.255.255.192. let's figure out how this network was designed so here's the technique it's a two-step process much simpler than some of the other steps that we looked at previously but this knowledge builds upon what we have learned so far so it's complementary step one you figure out the last Network bit position in the subnet mask so what does that mean so let's lay out the subnet mask it's um 255.255.255.192 right and then we kind of write down the binary representation of it the least significant Network bit is this guy right here and if you were to compare this against the binary conversion chart this is position number 64. that's what we have here step number two and the final step we Define Network range for each subnet we use the last Network bit position 64 of the modified subject Mass to Define Network range so what we had is 172.27.0.0 because this is vlsm we're not going to worry about the other ranges so the range that we're concerned with right here is so at my home the IP addresses start from 172.27.7.0 once again o cannot be assigned to anything because that's the network address right and the range ends with 172.27.7.63. once again 63 is also unusable because it's reserved and it's a broadcast address what I'm gonna get is 64 minus 2 equals 62 hosts on this network so this is good information to have because a lot of hackers used can use this information to do what's called a reconnaissance attack where they start gathering information about different hosts in the network so this is a starting point this will give them an idea of how large the network is and what information and value they can extract out of the network as a disclaimer I'm not encouraging you to become a hacker but rather the opposite I'm getting you excited to become a security expert because in order to become a security expert you have to reverse engineer a hacker's brain welcome to CCNA 200-301 course today I'll cover section three part two IP addressing and routing we'll do a deep dive into ipv4 routing here are the topics I plan on covering today first ipv4 routing overview second fundamentals of Ip routing and finally I'll wrap it up by providing a quick overview of different types of static routes first let's look at ipv4 routing overview what is routing at a very high level routing is about forwarding packets from the source to the destination if you guys remember the OSI model IP addressing lives at layer 3 of The OSI model at the network layer and routing is all about sending packets from one device to another device so if you were to look at this topology here in this instance Bob at the top wants to send an email to Sal at the bottom what Bob will do is it's going to be the source because that's where the email is originating and Sal will be the destination so from a routing perspective in order for Bob to be able to successfully send an email to Sal he's going to need to do IP routing in order for him to be able to successfully deliver the email message now I'm gonna come back to this slide momentarily because there's a bunch of Concepts that I would like to clarify as we continue moving forward now the type of routing we're going to be talking about here today is called unicast routing there's also something called multicast routing that's a topic for another day today our goal is to focus on unicast routing and routing is based on destination it's all about getting to the destination so if you think about the best analogy I can give you is a GPS if you have ever fired up and used a GPS on your smartphone then you know that when you do that you become the center of the universe as an individual so you become the source and where you want to go the destination you want to get to is the destination right so similarly each layer 3 device in our Network that needs to send information to another device ends up becoming the source and the other device on the other end is the destination and that's what routing is all about now layer 3 devices include end hosts so that's your PCS IP phones printers IP cameras any type of device that is able to communicate IP that also includes switches and routers and firewalls Etc must know where the destinations are right so every single hop so for example if I'm in San Jose and if I want to send an email to somebody who's in New York well physically there's going to be a bunch of routers in between us and every single device every single layer three hop between San Jose California to New York needs to have information about the destination so it can actually route my traffic do the eventual destination which in this case is sale and once again I'm going to come back to this slide because there's a couple of Concepts that I would like to crystallize so what ends up happening is how did Bob know how to send information to sell to begin with where there's something called a binary and operation that is ran on the devices and all layer 3 devices run this binary and operation the first thing that happens when that operation is ran is the layer 3 device looks at its own IP address and its own subnet mask and run the binary and against it then what it does is it takes the destination IP address and its own subnet mask and then runs a binary end against it and if the resulting value is identical then that means you're on the same subnet and if that's the case then the traffic is sent directly to the destination if the resulting value is not identical then that means we are on different subnets and in that case the packets are sent to the local default gateway now to continue building on this there's something called a binary and operation logic truth table that tells us how the overall binary and logic actually works so let's quickly take a look at it let's assume value a is the IP address and value B is the subnet mask what ends up happening in this case is that we look at the binary number whether it's zero or one right binary is either a zero or a one so if the IP address is zero and if the bit on the subnet Mass out of the house is zero then the end result is zero if the binary bit is zero for IP and it's one for subject mask the result is still zero and remember that there is an implied and because they're looking at the and operation insert it in between A and B so it's the binary and operation if the IP address is 1 and sub Advance is zero then it's the result is zero if i p addresses one if the subject basket is also one then the result is one so if you look at the two bullets at the bottom here if both inputs match one the result is true and the value is one in all other variations the result is false so that's how the binary bit logic works now under this context let me take you back to the first topology that I was showing you earlier to help crystallize how this works so if you were to look at these two IPS here Bob wants to send an email to Sal right so Bob's IP is 172.16.0.1 and it wants to communicate with 172.16.0.2 well what did we learn what we need to do first is we need to look at the source IP and we need to run a binary and against it so what that means is let me do quick whiteboarding 172.16.0.1 this is Bob's IP right and the subject bask is 255.255.255.0 well we need to look at these from a binary perspective so what's 172 in binary so let's quickly do the binary math here so 2 to the power of 0 2 to the power of 1 2 to the power of two if you guys remember the binary decimal conversion chart that's what I'm going to explain here but I've done that already in my last video I'll provide a link up at the top you can either tap or click on it and you can go and look at that video that I did so you can learn at a much deeper level how this works but here I'm just giving you a quick overview so 2 to the power of 0 is 1 2 to the power of 1 is 2 4 8 16 32 64 128 and if you were to draw a line here what we want to do now is look at 172.16.0.1 so we're going to have to look at each octet here in this IP address and map it to this binary conversion chart so what's 172 in binary well let's figure that out so if the first bit if the 128 bit is set to 1 if the 64th also set to 1 it's going to be it's gonna go over 172. so we're gonna have to set that to zero one 28 plus 32 is 160. so this is also going to be one if we also enable 16 that would be too much it's going to go beyond 172. so if you're gonna have to set that beer a bit to zero the one right next to it is eight so a total of 168 we need to get to 172 well this bit if we also enable this bit and set the rest of the bits to zero we'll get a decimal figure of 172. how about 16. well let's do that as well so 16 means these bits are going to be off 16th position is going to be on the rest are going to be all zeros what about zero well that's a very simple one it's going to be all zeros love the simplicity and then what about one well it's gonna be all zeros followed by a one so now let's take this binary math and line it all up so let's do that one zero one zero one one zero zero that's 172. what about sixteen zero zero zero one zero zero zero zero what about zero it's gonna be eight zeros and then what about one it's gonna be seven zeros six seven followed by one and then what about 255 well 255 means all the bits are on so we're gonna do that one two three four five six seven eight one two three four five six seven eight and then zero means it's gonna be all zeros well what we need to do now is we need to very quickly hear look at the end results so if you guys remember the binary logic the truth table one and one is one but one and zero will always be a zero one and one is one and zero zero one and one is one and one and one is one zero zero then we get zero zero zero one zero zero zero zero then a bunch of zeros in the third octet four five six seven eight one two three four five six seven eight so what this gives us if we were to convert this into decimal is 172.16.0 dot zero so that means that this is our Network address and that was the whole point of Bob's PC running this binary and operation in the background all it was trying to do was trying to determine its own network address so it knows that its Network address is 172.16.0.0 so now let me go back to the slide we were looking at so it knows that the network address is 172.16.0.0 so that's first step right so Bob's first step is to determine determine its own network address second step is to take the destination IP and run it against its own subnet mask so that's step number two well let me save you some math and let you know that the end result is going to be the same which means they're both on the same subnet and because both PCS are on the same subnet Bob now knows that it has the ability to communicate directly with Sal without having to go through an intermediary Gateway device so it doesn't need a default gateway Bob can communicate directly with Sal because in between we got a layer 2 transport Network which is seamless to Bob it might as well be a one long wire running from Bob's PC all the way to sales PC so that's the level of transparency that we're getting from these switches here and that's how the binary and operation works now there's one more concept that I want to clarify and that is if you guys recall and I want you to picture the OSI model in your head at layer 3 at the network layer that's where IP addressing lives right and IP addressing is basically logical addressing and at OSI layer 2 that's where Mac addressing lives well we have to map the two together in order for the communication to occur and the way it happens is through a protocol called ARP or address resolution protocol and all layer 3 devices on our Network maintain an ARP table which is a mapping of an IP address to a MAC address and R allows us to create a new layer 2 frame it's also called layer 2 packet rewrite but before I go too deep into this I'm going to actually give you an example of how this works until then let's park it always remember that our request is a broadcast whereas ARP reply is a unicast and we just talked about the binary and operation right the whole idea of running the binary and operation by the layer 3 devices in our network is to determine who to ARP for because ultimately we need to decide are we arping for another device on our local subnet and how's that determined well if the destination IP matches my Subnet when I run the ipn operation then that means the final destination is local to me so I'm going to ARP for my final destination locally but if the destination IP doesn't match my Subnet then that means I need to go and talk to my default gateway or a router in the middle also known as intermediary router and let that router figure out to get me to the Final Destination and one final thought guys before I go back and explain to you using the topologies you were looking at earlier this R process is repeated at each layer 3 hop throughout our Network so if there are 10 routers in the middle every single router in the middle of our source and destination is going to run the r process assuming it's an Ethernet Network now let me quickly go back to the topologies and explain how this works and now I'm going to be very quick step number one I'm sure you guys remember at this point Bob's PC has to run a binary and against its own IP and subnet mask it finds out that it's on subnet 172.16.0.0 Second Step It Takes sales IP and its own subnet mask and runs the same and operation and it finds out that cell also happens to be on 16 172.16.0.0 well what it finds out by running these two operations is that they're both on the same subnet and because they're on the same subnet Bob Arps for the destination directly which happens to be Sal in this case and let me quickly explain a quick review of how ARP Works in order to understand how ARP Works let's quickly zoom into an IP header or an Ethernet header so let's uh what an Ethernet header would contain is the layer 7 information which happens to be email in this case then we'll have the layer 4 Header information like TCP in this case we'll have the layer 3 and then we'll have the layer 2. now if we were to zoom in to layer 3 we're gonna have the source IP of Bob will have the destination IP of Sal however when we look into layer 2 we'll have a source Mac of Bob because Bob is the originator and then the destination Mac of if you were thinking Sal you would be incorrect it would actually be if they're talking to each other for the first time they have never communicated before then what's going to end up happening is the destination is going to be set to all F's by Bob and all apps is basically a layer to broadcast so every single device on that VLAN at layer 2 or that subnet at layer 3 is gonna get that broadcast well in this case the only other device on this network is cell so Sal is gonna get that it's going to look into layer 2 and layer 3 and by looking at layer three it's gonna see that the destination IP is itself it's going to realize that this message is meant for him he's gonna go ahead and respond back to Bob by providing its own Mac address which ends in b and Bob will get that and Bob will build its ARP table cell will also update its ARP table what also what that also does for us in the middle is that switch one and switch 2 will also build their Mac address tables when this happens and let me quickly show you the CLI of how this looks so here I am on Bob's PC I'm going to do ipconfig slash all by doing that I'm looking at a couple of different things here first of all I'm going to focus in on flash ethernet zero that's the main interface I care for my IP address my subject mask and my physical address ends and Dot a uh that's uh so that's Bob now let's also quickly take a look at Bob's ARB table and Bob does not have any entries in its ARP table at the moment let's go ahead and quickly check out SAS so here I am on Sal I'm gonna do ipconfig slash all and but when I look at the fast ethernet zero I see that my Mac address ends in B which matches the diagram the IP address matches and the subnet mask matches now let me also quickly take a look at the ARP table on this PC and there are no ARP entries now let me go ahead and ping on Bob's PC I'm going to go ahead and ping cell so 172.16.0.2 and it's successful beautiful let's quickly look at our ARP table again and see this time around our ARP table is populated and as a matter of fact not only we can see the IP address of cell but we see the physical address that ends in b also being populated here and now that we have the ARP table built Bob will have the ability now to construct a layer to frame and start sending information directly without using any other intermediary layer 3 device and this is actually called transparent bridging this whole process because we're not using any other layer 3 device in the middle and the switches are not manipulating any data they're not changing the layer 2 Header information the layer 2 Header information stays intact between Bob and Sal and this is what's known as transparent bridging now let's quickly take a look at the other topology where we have a router in the middle to kind of go a little bit deeper into this stuff now in this example here we've got two separate subnets we've got a subnet on the left and we got a subnet on the right and we I have this imaginary kind of dotted line in the middle to differentiate between the two subnets now if you look at Bob's IP and if you look at sales IP on the surface you might think well 172.16.0.1 and 172.16.0.17 they got to be on the same subnet right that's what it seems like well but pay very close attention you see the Slash 28. it's not slash 24 it's slash 28 which makes the overall subnet very small what slash 28. 255.255.255.240. so it only gives us 16 possible IP addresses in the network range and out of 16 if we were to subtract 2 because we can't use the network address and the broadcast address the very first address in any IP range is an electric address and the last one is a broadcast address and we cannot use them based on the IP rules we end up getting only 14 usable IPS in each of these subnet ranges and that's what we're seeing here I wanted to trick you a little bit I wanted to see if you were actually paying attention and and guys just kind of just taking a step back here remember network engineering is all about paying attention to detail at the end of the day unless you pay attention to detail you're never gonna become a good network engineer that's a number one trait that you need to develop as a network engineer paying very close attention to every single thing that's happening on the screen to to the topology to the configuration of the devices everything to make sure everything properly matches so that being said now let me explain how this scenario is going to play out compared to the previous scenario where if you didn't have the router so in this scenario Bob wants to send an email to sell so what's going to end up happening is Bob's PC is gonna run a binary and operation against its IP and subnet mask and it's going to realize that it's on in network 172.16.0.0 28. next it's going to take sales IP address which ends in dot 17 and run a binary Yan against its own subnet mask of Slash 28 and what it would realize and let me save you a lot of math and time here is that it's on 172.16.0.16 28. because these two subnets do not match there is actually a mismatch what ends up happening in step three is that we send packets to the default gateway which in this case happens to be the router here but before we do that we need to arp for the default gateway and when we inspect the r packet that's what we see we see the payload which is data we see layer 4 information which in this case would be TCP SMTP in particular because this is email and then we'll have layer 3 and layer 2 Header information if you were to zoom into layer 3 Header information we'll have the source IP of Bob's PC will have the destination IP of sales PC will have the source Mac of Bob's PC and the destination Mac is going to be set to what all F's right because we just finished talking about arp so initially it's all F's which is a layer 2 broadcast and it's sent out to all the hosts on the same VLAN or all the hosts on the same subnet at layer three everybody gets it only the device that is supposed to respond back is going to respond back and at that point these all F's in the subsequent packets will be replaced with routers interface number one the interface pointing to the Bob specie here this interface right here the next thing the router is going to do is it's going to realize that the destination IP is pointing to Sal's IP and lucky for the router sales IP happens to be directly connected on routers interface number two so what it's going to do is it's going to go ahead and decapsulate the packet and re-encapsulate it and I'm going to explain the process in a moment here but when it goes ahead and does that it's going to retain the data the layer 4 information and the layer 3 information the only thing that it's going to change is it's going to go ahead and rewrite layer 2 header because remember you're swapping interfaces here so because the interfaces are being swapped it has to do what's called a layer 2 packet rewrite in order for the packet to be transported across two different networks and two different interfaces now if you were to zoom in to this packet right here here's what you're going to see The Source IP of Bob's IP Source IP didn't change destination IP didn't change either this is Sal's IP but what did change is the source Mac in this instance the source Mac is going to be routers interface number two and the destination Mac in this instance is going to be initially all F's because it has to determine sales Mac address and all that so it's going to go through the whole Jazz that I've discussed so far and eventually it's gonna get sales Mac address back it's going to populate its ARP table and all the consequent packets are going to have the destination Mac set to Sal's Mac address and now at this point there's sufficient information for the router to be able to go ahead and send traffic now another thing that the router had to do behind the scenes is it would actually have to look into the layer 3 routing table because it's two different subnets so it's going to look at the source subnet and the destination subnet and its routing table and then formulate the packet accordingly which is the layer 2 packet read write process so the information can flow from one end to the other now another thing to keep in mind is sound specie also has to do the same thing in Reverse in order to be able to find its way back to Bob's PC because remember it's a per hop idea and it's also a directional idea so each Direction so from Bob's perspective we have directionality that is pointing us into Sal's Direction but then the opposite is also true Sal has to go through the network to in order for it to be able to find its way back to Bob so naturally it has to go through the exact same process of running the and operation on its IP then running the and against Bob's ipe using its own subnet mask and then it's going to have to R for the default gateway and the same thing is going to have to repeat it all over again and eventually the ARP tables are going to be built end to end a router in the middle is going to have its ARB table populated for both sides of the subnet and we're going to have end-to-end connectivity so now that we understand the mechanics of Ip routing we're going to quickly take a step back and do a 10 000 foot overview of the fundamentals of Ip routing there are two components of Ip routing first is determining the optimal path which is called the route Ting protocol and the other is transporting packets through a network that's called routed protocol now let's quickly zoom into each routing Protocols are used to establish a communication Channel that helps the layer 3 device or router determine the best path examples are routing information protocol enhanced interior Gateway routing protocol open shortest path first intermediate system to intermediate system and Border Gateway protocol route tit protocol on the other hand carry the actual data they are the ones that are carried across the network examples include ipv4 and IPv6 now a very quick analogy that I can give you that helps me understand these protocols very easily is you can think of a routing protocol as a road like a highway and what you have on a highway is a bunch of cars you may have the big cars the big truck different type of vehicles right those Vehicles you can consider as the routed protocols whereas the road itself could be considered a routing protocol because road is what's providing the communication path the transportation path if you want to go from San Jose California to Chicago Illinois the path you take is the routing protocol but the vehicle that you're using to get there is the routed protocol so hopefully this kind of crystallizes the concept in your head a little bit what's the job of a routing protocol let's quickly talk through that first IP protocol learns IP routes from neighboring routers second it advertises IP routes to the neighboring routers third if more than one paths exist to one destination subnet the routing protocol picks the best route based on a metric if something changes in our Network topology meaning a circuit goes down or a link failure interface dies we remove the path from our local routing table that's what the routing protocol does then it advertises the change so everybody else in the network knows that hey this link went away don't use this path because it's dead and instead we look for an alternative path now these three last steps that I just talked about this process is known as convergence where interface went down be advertised to change to others so everybody knows that the network is down and then we do a quick calculation to figure out how to route to the same destination using a different path that's called convergence there are two major categories of routing protocols first is called interior Gateway protocols or igp that's the type of Fraud and protocol that's used inside a single autonomous system an autonomous system is a single administrative domain so you can think of it as the company you work for it's a single organization so that would be considered a single autonomous system and the examples of igps include rip eigrp ospf and Isis EGP on the other hand or exterior Gateway protocols is where you have different autonomous systems in the mix and the administrative domain here is multiple organizations instead of a single organization and there's only one EGP on planet Earth it's called bgp or border Gateway protocol so here's a quick real world View of how igps related to egps so let's assume I have this company called notchcorp and my very first location opened up in San Jose ended up becoming a data center this is the public IP that I have and I've got I'm running ospf internally between the routers so this becomes one autonomous system and then I have another location that's another company that I just bought in Chicago and this is the public IP that I have for this location and I'm internally running eigrp between the routers to route as as you can see San Jose is running ospf but Chicago's running eigrp it doesn't really matter because each of them are their own domains right administrative domain so that would be considered an igp operation here within this Cloud igp operation here within this cloud and what each cloud has is a leg an internet circuit into a service provider so Chicago has an internet circuit into an ISP and so does San Jose and there's a bgp peering that we have with the service provider routers and Chicago connects to isb1 isb1 internally runs ospf isb2 on the other hand that's connected to San Jose runs Isis and then the isps interconnect with each other over bgp and then there are different autonomous system numbers as you can see Chicago has the autonomous system number of 111 isb1 has bgp ASN of 222 isp2 has bgps and 333 whereas San Jose has bgps and a 444 now a couple of things I want to bring to your attention so each one is running an igp each Cloud within their own administrative domain but the Common Thread that interconnects everything as you can clearly see is the bgp bgp is the thread that interconnects all of these sites together and bgp is how the internet exists today internet wouldn't exist if it wasn't for bgp so bgp is an amazing and very powerful routing protocol that allows the whole world to connect with each other and that's the difference between igps and egps now a quick tidbit for your information we can get public IPS from an organization called Aaron American registry for internet numbers and we can get public IPS from Aaron we can also get uh these would be ipv4 IPS of course you can also get IPv6 but IPv6 will that's a topic for another day and we also get bgp asns from Aaron as well and these are public bgps and you can also have a private bgpsn but that's beyond the scope of this exam but here both bgp ASN and public IPS can be obtained from Aaron in North America but then other regions like apnic for Asia and there are others for Europe and all that you basically go to those local authorities to obtain the IP addresses and bgp autonomous system numbers now that's just a little tidbit it's not necessarily related to igp and EGP but I just wanted to throw it out there for some real World Knowledge now let's quickly take a look at routing classification and types there are two routing classifications class full routing type of routing that does not have support for vlsm this is the old school like Class A B C watched my previous video to learn more about these classes class less routing on the other hand supports vlsm which stands for variable length subnet masking and the examples are rip eigrp ospf bgp and Isis routing types there are two different types of routing static routing this is how we manually type in the routes and it's designed to Define fixed paths it works well in small environments or traffic is predictable the other one is called Dynamic routing that's the preferred mechanism that's the type of routing in which routes are learned Auto magically dynamically adapts to the changes in the environment and the internet wouldn't exist today if it wasn't for dynamic routing and examples are bgp ospf you know all these routing Protocols are Dynamic routing protocols whereas if you were to manually type in a static route command that would be considered static router there are different type of routing algorithms first distance Vector distance Vector Protocols are also called Bellman Ford algorithm named after their inventors they send routing updates to their neighbors distance Factor protocols send large updates to the neighboring routers each node running distance Vector protocol only knows about its neighbor distance Vector protocols conduct routing by our process called routing by rumor so what that means is if the neighbor is advertising false information we'll accept it because that's what routing by rumor means if it's a rumor it's a rumor we don't know any better because our neighbor is saying it's truth will assume it's it's true and will advertise that information to the rest of the environment examples include rip igrp EGP and bgp Link state protocols also known as shortest path first or SPF algorithms their flood routing updates to all the routers in the entire network so the idea here if it links to it is that all the nodes all the routers in the entire environment know about everybody else and small updates are sent to the routers in link State because everybody knows about everybody already and each node has an entire picture of the entire Network and the examples include Isis and ospf link state routing Protocols are taxing on the routers and layer 3 devices that these Protocols are running on because each device each node needs to have an entire picture of the entire network so something to keep in mind the final type is called balanced hybrid or Advanced distance vector they have characteristics of both distance vector and Link State hybrid routing protocols send only incremental updates similar to link state but only to its neighbors like distance vector example includes eigrp now how does routing table work let's quickly talk through the decision making process in the order of operation so the order of operation that I'm going to show you here is important first order of operation is prefix length the longest prefix match is the best and most specific route and is all this preferred in the routing table this criteria has the highest preference and it trumps all of the route attributes the next thing that the router looks at if the prefix length is the same for different routes in our routing table is Administrative distance if there are multiple routes to a destination of the same prefix length the route learned by the protocol with the lowest administrative distance is preferred administrative distance is locally significant and does not get advertised and lower number is considered better so lower ad equals high priority administrative distance can be manually manipulated as shown below so for example here's a sample config right so if you're in a router we can type in router ospf1 and then under the router ospf configuration we can change the distance to 70 for example and that would change the administrative distance of the ospf routing protocol on that router and the final criteria is metric and if the administrator distance subject mask and prefix length are all the same for multiple routes and the lowest metric is used to choose the best route rip uses the metric of hop count ospf uses the metric of cost and eigrp uses what's called a composite metric or k values and the default is bandwidth and delay for eigrp if administrative distance subnet mask and Metric are all the same then the router starts load sharing on that link now let's quickly take a look at the administrative distance table and here are the default values connected interface has an administrator distance of zero static route as an ad of one ebgp has an administrator distance of 90 eigrp has an 80 of 90 ospf 110 Isis 115 rip 120 and unknown is set to 255. now administrative distance is the believability so the connected interface is always the most predictable and the most believable because that is literally connected to the router right it's physically there or logically there static route is a route that an administrator manually types into the router that's also pretty believable but as you can see even Dynamic routing protocols the believability decreases with different types of routing protocols so that what that means is if you have static routes configured on our router most likely our static routes will be considered preferred over the dynamic routing protocols now let's quickly look at igp comparison chart so there are six different features that I want you to look at first of all these three routing protocols they're all classless rip version 2 eigrp and ospf from an algorithm perspective version 2 uses distance Vector eigrp uses Advanced distance vector and ospf uses link state they all support manual summarization rip version 2 is vendor agnostic meaning it's multi-vendor supported so is ospf eigrp on the other hand used to be Cisco proprietary the reason I have an asterisk here is because in 2013 eigrp was made public meaning other vendors can now also Implement eigrp in their code and in their Network operating system and run it but I think Cisco took so long to actually make that happen that I don't think there's any adoption in the industry like in other words nobody really cares to implement eigrp in their routers Cisco should have done it a long time ago and he had Europe had just come out but you know it is what it is routing updates are sent to a multicast IP address on all three and from a convergence perspective version 2 is slow eigrp is very fast because it has a concept of successor and feasible successor which means it has the primary path and the secondary path in the routing table available all at the same time and it doesn't have to recalculate it's very very fast so switch over and ospf is considered fast now let me give you a quick overview of static routes so a static Network router static route is composed of two different pieces piece number one type of it's a manually configured route that defines a subnet or an entire class a b or c network next you can either specify an outgoing interface or a Next Top IP so here's how the syntax looks on the router and we'll do this in CLI in a moment here's what we type in on the router we type in IP route I mean specify the network that we need to specify we specify the subnet mask of that Network and then finally we specify the next hop IP address so the next top IP this is the subnet mask this is the network address and then these are the keywords iprout and that's how we create a static route on a router here's another example where instead of the next top IP we have the local interface specified specifying the next top IP in the static route is considered a best practice design specifying an Ethernet interface for example is not considered good because if it's a point-to-point interface you're fine but if it's not a point-to-point interface and if it's like an Ethernet segment with multiple devices on it every single time you're expected to Route traffic to that interface it's going to generate a broadcast and that broadcast will be sent out to all the devices so it's not considered good practice to specify an interface instead you should always have a Next Top ipconfigured reviewing the show IP route command shows a different output in the routing table for each of the static routes configured above so what I'm saying is that for each of the IP route statements that we have specified here whether we have the next top IP or the interface specified the the output is going to look different and I'll show you that in a moment when the router interface associated with static route fails the router automatically removes the static route from its routing table so now let's quickly go to the CLI and look at this stuff now let's quickly take a look at this routing scenario here right in front of us so about router 1 right now and I'm gonna look go ahead and take a look at show IP interface brief to see what's going on and it seems like I have an IP address of 10.0.0.1 configured see if I can ping the other side which happens to be 10.0.0.2 and it seems like I'm able to successfully do that so router 1 is able to Ping router 2. now router 2 happens to have a couple of different routes 192.168.0.0 24 and 192.168.1.0 24. two separate subnets behind its LAN now router 1 by default is not going to have the ability to see those routes to verify that we'll look at show IP route this is the routing table and as you can see here routing table has this codes section so what we can see right below that is the different networks that are in our routing table and C corresponds to the flag or the code up here in the table which stands for connected so this right here is a connected route and it's on our interface gigabit zero zero zero and this and this happens to be the slash 30. our local route which is the L flag here is 10.0.0.132 now this is called a host route because it's a very specific route it's a slash 32. and it's also directly connected over gigabit Ethernet zero zero zero so if you guys remember the administrative distance chart we were looking at this has an administrative distance of zero because it's directly connected it's considered to be the most believable now we got a bit of a problem here we cannot see the routes that router 2 has these 192 168 routes now before we do anything let's quickly jump to router 2 and look at show I Peter phase brief make sure everything is up and running and indeed it is and what I've done is I'm representing these routes as loopback interfaces because it doesn't really matter I mean I could have other layer 3 devices hanging off of this router if I wanted to but I'm just trying to simplify the configuration here and it doesn't make any difference whatsoever let's quickly take a look at show IP route so if I do that I will see that I have a bunch of routes that I've specified once again for every route that or for every interface I'm going to see two different entries one is the host specific entry and that has a flag of L right next to it and then I'll see another entry uh which is the C entry the connected route and that is the network that I specified when I was configuring my interface so let me quickly show you what I mean so if I were to do Show run let me show you how I've specified these interfaces loopbacks are slash 24s as you can see here the gigabit000 is actually a slash 30 because it ends in Dot 252. now if I were to look at the show IP route the reason we're seeing the loopbacks with Slash 24 and slash 32 is slash 24 represents the subnet that I typed in here right which was dot zero but because I have specific IPS on the interface it automatically inserts a host route so this is not something I inserted this is the operating system automatically inserting the host route just so it has a specific entry in its table so I just wanted to quickly point out that distinction now let me jump back to router one we still have a problem I can't ping for example one of these subnets that router 2 has on its land side and I'll prove to you that I can't ping either one of them both networks are currently unavailable on router one and the reason is router 1 doesn't know where those routes are and hence is unable to get to those destinations so let's go ahead and enter those routes manually that's what's called static routing we'll go ahead and set that up so IP route 192.168. dot zero dot zero then I'll type in the subject mask and finally I'll type in the next hop IP here which for us is 10.0.0.2 which happens to be the router 2's interface pointing toward us now let's go ahead and do ping 192 168. 0.1 and voila we have much better luck this time around now if you were to look at show IP route you'll clearly see that we have an S flag which stands for static meaning I manually typed it in and as you can see it clearly spells out the network address the subnet mask and the fact that it has an admin distance of 1 and Metric of zero so it's very very believable of course directly connected will always be preferred but then right after that would be the manually typed in static route and it specifies the next top IP that we typed in of router two let's go ahead and now add the other route [Music] iprout192.168.1 Dot oh 255 255 55.0 and in this time around instead of specifying the next top IB I'm going to go ahead and specify my local outgoing interface to word router to and as you can see here the operating system on this router is giving me a grief it's barking at me it's saying default route without Gateway if not a point-to-point interface may impact performance and that's what I was alluding to earlier that we're going to have a lot of arping going on and if it's not a point-to-point link we might have performance issues because our ARP table is going to get pretty big and we're going to have broadcasts going to different devices now let's go ahead and look at our show IP route again and this time around as you can see it appears in our routing table a little differently the first part is the same so the network and the subnet mask is the same but this time around it says it's directly connected and once again directly connected is preferred over the static route but remember this is not a good practice this is actually a bad design to specify a Next Top interface instead of the next top IP but I just wanted to show you two different ways of doing this and one final thing is to do a quick verification check and make sure we're able to reach the new subnet that we just added and indeed we were able to do that now let's quickly take a look at show arp and sure enough we have those IPS specified in our ARP table and one final thing I want to talk about today is static host route also known as a host route a default route and a floating static route let's start off with static host route that's a route that points to a single host address as I showed you earlier so in this instance instead of specifying a network address this is a spin on it so instead of a network address you see we're actually specifying an exact IP address that's what makes it a host specific route and look at the subnet mask it's a slash 32. once again another thing that makes it a host specific route and then we're specifying our next hop IP host routes are preferred if you know that that is the only device that you'll be communicating with on the other side of the network and you're never going to expect any other device on that Network to be able to communicate with you then host routes is the most beautiful way because it's at least taxing on your router from resources perspective CPU memory and all that next up is default route also known as static default route but commonly in the real world you would call it a default route default route is a router's gateway of Last Resort it provides a path for traffic that does not match anything in the routing table the way we specify it is we type in the command IP route zero zero zero zero followed by a bunch of zeros and then we specify either the next top or our outgoing interface and there you go anything that does not match our routing table will automatically send that traffic to the next device that's connected to us and let that device take care of the traffic for us here's another syntax alternative syntax instead of specifying outgoing interface you're specifying the next top IP and finally the floating static route now this is a hidden route that can be used as a backup route for example you might have a static default route pointing to your primary mpls link but when that mpls goes down you may have a backup internet route as you can see we're specifying a route in our routing table by typing an IP Route 192 168 1.0 slash 24 with the next top and here's what's different we're specifying a value of 200 that's administrative distance so what we're seeing is when the primary static route that we had manually typed in as primary when that one disappears we want this route to show up so meaning when the mpls link goes down and let's assume this is a an internet circuit or DIA dedicated internet access circuit we want this route to show up instead so we can start routing traffic across this link and that's at floating static route does for us now let's go ahead and quickly take a look at these different types of static routes we just finished talking about the first one we're going to look at is the static host route so first of all let's look at the interfaces on this router will do show IP route and what we're seeing in our show IP route are the different routes we have a connected route we have a local route these are both connected and local are automatically added by the router we don't have to type them in whereas the routes with s in front of them are the ones that we have manually added these are the routes that we had added a little bit ago so what I'm going to do is I'm gonna go ahead and remove one of these routes and instead specify a host route so to do that I'm going to go ahead and look at show running configuration and see what I had done in this config so these are the two routes that I had specified so I'm going to go ahead and remove the bottom one with the interface specified as the as the outgoing interface because remember that's bad design so we're gonna go ahead and remove that route very quickly here I'm going to go to Global configuration mode type in no and go ahead and copy and paste this command and here we are it's gone now let's go ahead and type in a static host route so if you guys recall a host route is a route that is very very specific so it's it's a slash 32 route so we're going to go ahead and specify that and you're going to provide our path to get to that route which is the next top IP and we're going to go ahead and hit enter now if you were to look at show IP route we see that we actually now have a host route pointing to the LAN on router 2. which happens to be the bottom one the bottom line 192.168 1.0 24. so let's go ahead and uh ping 192 168 1.1 only if I can type today and sure enough we're able to Ping that IP what you want to do next is look at static default route so instead of specifying specific routes we can have what's called a default route so that's a catch-all route so what that means is whenever nothing matches specifically in my routing table I'm going to go ahead and send my traffic to that next hop that is specified via the default route and it's essentially the Gateway of Last Resort it's basically specifying a default gateway for us on the router so let's quickly go ahead and take a look at our show running config and let's go ahead and remove both of these routes from our routing table because instead what you want to do is you want to specify a default route so I'm going to go ahead and do that I just remove both of the static routes that I had manually configured let me do Show run and I shouldn't see those routes in my configuration anymore so I'm going to go ahead and type in iprout000 it's all zeros and then we specify the next top IP so the next top IP for us is 10.0.0.2 and I'm going to go ahead and hit enter at this point if I were to do show IP route what you're going to see is we have a static route and there is a star right next to it which makes it a candidate default route which means whenever we get packets that do not match anything specific on our router or in our routing table in particular we're going to go ahead and forward that traffic to 10.0.0.2 which is router 2. now let me go ahead and ping 192.168.0.1 which happens to be a lan subnet on router 2 and if I can reach those subnets that are behind router 2 then it means I can go through router 2 and I'm good to go so as you can see this kind of simplifies the configuration we didn't need to specify multiple routes all you did was specified a single route default route which is a catch all route and all the traffic that doesn't match just automatically gets forwarded over to that Gateway of Last Resort and finally I'm going to show you a configuration for specifying a floating static route so we have this default route that is pointing to the primary Gateway I'm going to go ahead and remove the default route from my routing table and specify a static route to demonstrate how floating static route works so what we'll do is we'll do I ipra 192 168. dot zero dot zero 255 55 55.0 with the next top of 10.0.0.2 what we'll do next is for the next route which is 192 168 1.0 slash 24 I'm going to specify the DIA backup you see the blue path that's the backup path I'm going to go ahead and specify that and I'm going to go ahead and write my configuration WR means right mem which is the same as copy running config to Startup config so it's the same thing now I'm going to go ahead and look at my routing table again I'm seeing a static route pointing to router 2 but guys we have a bit of a problem what happened to the second route I see the dot zero zero route but I don't see the 1.0 route the backup one it should be here well let's figure out what's going on so let's do show IP interface brief and if you can see here it seems like our protocol status is up but the protocol is down and this is a very key concept here guys I want you to pay very close attention to this so both the status and the protocol have to be up up for the route to show up in the routing table if one if the status is up which means physically it's connected but the protocol is down which means it's down at Layer Two the route will never show up in the routing table so let's go ahead and quickly troubleshoot and fix this issue so I'm going to go to router 2 and look at what's going on here so show up interface brief aha it seems like gigabit Ethernet 001 is administratively down which means it's manually shut down let's go ahead and enable that interface gigabit001 and we're gonna do no shut on it and boom as you can see line protocol came up on this side line protocol also came up on the left so you should be good to go here do show IP interface brief and it's up let's do show hype interface brief again it's up up now so that's perfect now let's see how our routing table looks do show IP route and sure enough the secondary route has also now shown up so what I'm going to do now is show you guys floating static route so I'm going to go ahead and look at Show run and see how my routes look like what I want to do is I want to go ahead and specify a floating static route pointing to 192.168 0.0 Network behind router two and tell my router that let's use the DIA path for it which is 10.0.1.2 that's the next hop and let's change the administrative distance to 200. so now when I do show IP route as you can see my router is still pointing to 0.2 right which is the mpls primary path but I have now configured a floating static rod with an administrative distance of 200 and it's floating meaning it's kind of there but it's not inserted or installed in the routing table because the primary path is up right now but let's go ahead and simulate an outage on the primary path so I'm going to go to router 2 and I'm going to go to gigabit uh interface gigabit000 and simulate an outage I'm going to shut it down and let's go ahead and take a look at show IP interface brief sure enough the primary path is down let's see if that floating static route actually shows up show IP route and sure enough you see what happened there the floating static route showed up with the administrative distance of 200. and a metric of zero right it showed up because the primary path is down but we still want to reach this subnet behind router 2 across the backup link which is the internet link right or the DIA dedicated Internet Access Link we want to make sure we can get there using the secondary path that we have that's how floating static route Works welcome to CCNA 200-301 course today I'll cover section three part three IP addressing and routing we'll do a deep dive into ospf here are the topics I plan on covering today I'll first do a quick review of static versus Dynamic routing I will then get into ospf basic concepts finally I'll wrap it all up with ospf command line interface configuration so what's the difference between static and dynamic routing first in static routing we have to manually specify the routes whereas in Dynamic routing routes are dynamically learned second in static routing we have to specify a lot of manual entries for redundant pads and because we have to specify it's at least a double the number of entries but if you have more than two redundant paths then most likely you're going to have to enter even more entries into your routing table by hand that makes the process very error prone because human beings we make mistakes and in static routing you best believe that if you have nothing but static routing configured everywhere you can end up making a ton of mistakes whereas on the dynamic routing side of the house we have what's called built-in intelligence that calculates the best path to the destination because Dynamic routing uses different mathematical algorithms that's the built-in intelligence I'm talking about third in static routing if we have bad entries that can cause routing loops in Dynamic routing on the other hand we have inherent routing Lube prevention mechanism four in static routing we have a predictable path meaning the route that we have specified manually which will always expect the same route to the destination it's never going to change so we have predictability and path whereas on the dynamic routing side of the house we have a predictable outcome meaning ultimately what we care for is whether or not a particular Source can get to a certain destination because routing is all about Source destination right what's in between like as far as different pads we do care but we could care less as long as we can get to our destination predictably so Dynamic routing gives us that ability number five static routing is for small networks whereas Dynamic routing is great for medium to large size Networks and finally static routing is great if you're getting paid per routing entry wink wink whereas in Dynamic routing not so great if you're getting paid per routing entry sad face because you're going to have to type in less entries in Dynamic routing which means you're going to get paid less well there's a pun intended here of course nobody will ever hire you per routing entry most likely you're either going to be a contractor where there's going to be a certain project you have to complete or if you're a full-time employee you have to learn how to do things efficiently and that's where Dynamic routing comes into play now let's look at ospf basic concepts first ospf overview shortest path first algorithm so in particular we're going to talk about ospf version 2. It's defined in RFC 2328 it uses SPF algorithm or shortest path first algorithm also known as dijkstra algorithm to find the shortest path to each destination based on the cumulative cost and we'll talk about the cumulative cost as we continue moving forward to get to a particular destination that's what makes ospf such a powerful routing protocol because under the covers it uses SPF and by the way not sure if you guys know but SPF is the same algorithm that our GPS uses so it's really really cool GPS uses the same mathematical logic to figure out how to get you to your destination in the most efficient way possible ospf is vendor neutral meaning it's an open standard so if you're on a Cisco router on one end and there's a juniper router on the other end they will work perfectly fine as long as they're running the same version of ospf which in this case is ospf version 2. ospf has a built-in intelligence for building a loop free topology ospf pretty much guarantees a loop free topology what ospf does is it only keeps the best routes and the routing table if there are more than one pads in the routing table to get to the destination ospf supports ecmp or equal cost multi-path and that allows ospf to actually have redundant paths being installed in the routing table ospf supports vlsm and security so if you guys recall from my previous videos vlsm stands for variable length subnet masking which means ospf as class less and with every single route advertisement it advertises a subnet mask for that destination and from a security standpoint it can either use Clear text or md5 based authentication now this is an optional feature you don't have to use it but it's recommended to use it to protect potential Bad actors or hackers wreaking havoc on your environment by bringing in a rogue device that pretends to be an ospf router and it's actually not in real world you would want to do it for security reasons ospf deals with efficient updates ospf advertises link States or connected links instead of routes so the biggest difference between ospf and other routing protocols is other routing protocols advertised routes or networks whereas ospf advertises the link States or the local links ospf sends incremental or triggered updates only when changes happen in the network rather than sending the entire routing table and that allows ospf to achieve really fast convergence meaning when things change in the network our Network can very quickly adapt to that change ospf also sends periodic updates known as LS refresh or link State refresh every 30 minutes and Ellis refresh contains a full routing table now let's quickly review the different type of tables that ospf maintains in particular it maintains three different type of tables first neighbor table same as eigrp ospf routers use hello packets to discover Neighbors ospf goes through a series of steps to form a neighbor relationship and I'm going to go ahead and walk you through those steps momentarily the next table that ospf uses is called topology table and topology table is a map or a road map of every single Network that is available within the same area and all the possible paths to get there and I'll talk about areas in a moment until then hold that thought but let me explain what topology table is so I'm right here in California if I want to get to Texas which is right here there are different paths I can take I can take Nevada Utah Colorado Oklahoma down to Texas that could be path one or I can take a different path I can go California through Arizona New Mexico down to Texas so I can either take the red path the northern path up here or I can take the southern path down here in blue well the reality of the matter is when I fire up my GPS it's gonna show me these two paths now you may jump to the conclusion by looking at these two pads immediately they go well the blue path should always be preferred because you're only going through two different states compared to the northern path and red where you're going through four different states to get to Texas but let's not jump to the conclusion here guys because there's a couple of very critical pieces that are missing here piece number one The Source what's the exact source of this traffic meaning am I located in Southern California or am I located in Northern California I'm located in Northern California right I'm in in San Jose so if I want to get to Texas perhaps the northern path is faster to get there Maybe but if I live in Southern California most likely the southern path is much faster and efficient but there's one other critical piece that's missing what does the traffic look like that's another thing my GPS looks for right if the traffic is bad on the southern path then most likely Northern path is the only efficient path to get to my destination now how's that relevant to ospf ospf using the SPF algorithm or the shortest path first algorithm uses the same logic it looks at the source it looks at the destination and then it also looks at instead of traffic it actually looks at bandwidth ospf doesn't actually look at the congestion but it looks at the bandwidth which is considered cost to get to the network now I'll talk about cost in a little bit but the bottom line is that this is the information that ospf uses to figure out how to allow packets to go from the source to destination and the most efficient way possible now with this context in mind let's continue and there's a third table that ospf maintains called a routing table and where routing table comes into play is ospf router initially built a topology table right after the neighbor table is built and once it understands the topology and the database is built then it runs its SPF algorithm and it finds the best path and then that best route goes in the routing table now here let's quickly take a look at which path ospf will choose to install in the routing table we have the source on the left router 1 we have destination to the right router 8 path a there's only one hop in the middle only one additional router in the middle we have Pat B in green and we have two routers in the middle or two additional Hops and we have Pat C that has three additional hops to get to the destination which path do you think ospf will take well you might jump to the conclusion and say Obviously path a DA that's the path with the least number of hops but you would actually be wrong and let me explain why path a what if this is 10 Meg and this is also 10 Meg whereas path B what if this is 100 Meg on all the circuits and Pat C is one gig on all the circuits and all the links all the way across now which one do you think ospf should choose well ospf uses bandwidth intelligence to figure out right it's called cost that's a metric that it uses obviously it will take path C and install this path in its routing table to get to this destination of router 8. because of the efficiency in bandwidth so hopefully this gives you an idea that in network architecture we can never jump to conclusions we should take our time look at the design and see exactly what the network is is telling us before we can jump to any conclusion now let's quickly look at ospf areas and terminology ospf has what's called area zero and it's considered a backbone area and the best analogy I can give you when it comes to the backbone area is the human backbone we have a backbone that connects to all the different limbs in our body and all that and all the signals are processed through our central nervous system and carried through our backbone to the brain but our backbone is the key to connecting the entire body together and that's exactly what ospf area zero does for us it's the backbone of the entire network and all other areas must connect to area zero so let's quickly take a look at this topology we have here so you got a couple of different routers here we have an asbr ABR and ABR and I'll explain this terminology in a moment I'll just explain BB for now BB stands for backbone router and the reason it's called backbone router is because it's only in area zero but then we got other routers that have connectivity into other areas which we'll discuss in a moment but the bottom line is all areas must connect to area zero routers in the same area share the same database or topology table in other words this router right here this router right here this and this all four of these guys will have the same view of the entire network meaning they'll see the same links being advertised same networks being advertised they're going to see the exact same picture of the entire network the only difference is that each router is going to be at the center of the universe once again it's a GPS idea no matter where you are in the world when you fire up your GPS you immediately become the source and then the place you want to visit is the destination it's the same thing here and ABR would be the source and then when it runs its shortest path first algorithm to figure out how it should communicate with the rest of the network and the databases are exchanged all of these routers will have the same view from their own unique perspective ABR stands for area border router that's the router that sits at the border of the network and it connects multiple areas together so if you look at for example this area border router right here it has one leg into area one and another leg into area zero if you look at this ABR right here it has one leg into area two and another leg into area zero so that's what makes these routers abrs or area border routers we also have an asbr which stands for autonomous system boundary router which in this case is this guy so it has one leg into area zero into ospf and it has another leg into another external routing domain now this could be bgp this could be eigrp this could be Isis could be rip version too but I hope not but the bottom line is asbr connects you to the external world when it comes to ospf we have this area concept we have what's called a single area design and we have what's called a multi-area ospf design theoretically you could get away with having a single area and all of the devices can be part of that area so for example you can have area zero and all of the devices in your network let's say if you have 50 sites all 50 sites can be part of ospf and life is good but what if your network grows what if you have a hundred sites or 200 sites or maybe a thousand sites or ten thousand sites having a single area in that case would be Insanity so what you would do then is to find different areas and somehow figure out like a geographical separation to Define how the network is designed and that allows an efficiency in the network another very important thing to keep in mind guys is Route summarization and it's a really amazing feature and let me give you a quick example so let's say behind this ABR you have 30 routers okay and each of these 30 routers has three different subnets on the Lan that are carrying different type of traffic you know PCI internet and mpls so three times thirty equals 90. that's 90 land subnets that this ABR will have to advertise into area zero but not only that this doesn't even include all the links so the 30 routers each router is going to have at least single links so assuming we only have a single link design we don't have redundant circuits that's 90 Plus 30. that equals 120 potential networks that will have to be flooded into this area zero now as you can imagine if you have a much larger Network you're looking at a much much larger number of advertisements so do compress this and instead of advertising 120 individual networks wouldn't be nice if you could take all these 120 and advertise a single Network and this is where Network summarization come in we can actually do that it's called super netting it's the opposite of subnetting where we take a bunch of subnets and we summarize them in subnetting we take one network and we divide it into different networks right but in summarization we take multiple smaller networks and combine them into a single larger Network entry in this way we don't have to send a ton of routes we just send a single route and that's it and one key thing to keep in mind is in ospf only the area border router and the autonomous system boundary router are the ones that can do summarization no other device can do summarization so in other words this guy cannot do summarization and if this guy if there was another router behind this ABR or there was another router behind this ABR these devices would won't be able to do summarization and this backbone won't be able to do summarization either because it doesn't have a link in different areas only the device that sits at the edge of different networks has the ability to be able to do summarization which makes sense now let's quickly take a look at ospf LSA types there are three different types of lsas in ospf and these are link State advertisements so when the routers connect with each other they start exchanging packets with each other that's where these lsas come in so we have what's called an LSA type one it's called router LSA and it describes a router each router sends a type 1 LSA in an area and it includes a list of directly attached links and a router ID LSA type 2 is the network LSA and it describes a Network that has a designated router and we'll talk about a Dr in a moment this LSA is only generated by the Dr on broadcast network and it includes the Dr and bdrip subnet ID and subnet mask and finally LSA type 3 called summary LSA it describes in Subnet in another area this La is summarized route generated by the area border router include subnet ID mask and router ID of advertising ABR keep in mind there are 11 types of LSA and ospf in CCNA exam though because of the exam blueprint we're only covering three when we get to ccnp we're gonna learn about four additional type of lsas but it won't be until you get to ccie that you'll get to learn about all 11 types of lsas now let's quickly dig deeper into the ospf header and within an ospf header there's a field called packet type and let's zoom into that field within the ospf header also called lsas or link State advertisements what that packet contains is a Hello message that's what's responsible for never Discovery and neighbor adjacencies these messages are sent to multicast address 224.0.0.5 or 224.0.0.6 now let's pause here for a moment I want to describe a very important concept here instead of doing a broadcast to all the devices what ospf does is it uses multicast to send hello messages so let's say if you have all these different routers that are connected to the same Lan segment and this router right here is only doing static routing and so is this guy both of these guys are doing static routing whereas these guys are running ospf these three right here well because it uses multicast only this router this router and this router is going to get the Hello message these two routers running static routing will never even get this Hello message and this shouldn't because they're not running ospf that's why multicast addressing is used instead of a broadcast because broadcast would be sent out to everybody even the static routing devices will get it but in this instance they won't because you're using multicast the next type of packet that ospf uses called database descriptor or dbd it's a link State database summary the third is link State request or LSR it's the request for a specific networks and it's a unicast LSU is a response to an LSR and it contains multiple lsas within it so you can think of an LSU as like a bucket and within that bucket you got a whole bunch of lsas and finally we got link State acknowledgment packet that is designed for acknowledging the database descriptor packet the link State request and Link State update and this is what makes ospf a reliable routing protocol now if this doesn't make a lot of sense to you right now hang in there with me as we continue exploring additional topics this stuff will make sense and we'll come back to it especially when we're doing the CLI configuration piece of things this stuff will start to click here's a quick overview of osbf neighbor adjacency formation process so let me quickly explain so we got a router on the left R1 and we got router on the right R2 let's imagine these two routers are directly connected with each other with a piece of copper cable here are the steps these devices will go through in order to form an ospf neighbor relationship so Step One is when the routing process is actually running on the router but we're in a down state because we haven't learned about our neighbor yet step two is called init State and this is where router 1 would send a Hello message to router 2. also known as initialization State step three is when router 2 will respond back to router 1. and in that hello message router 1 will actually get its own router ID back from browser 2 like a boomerang and when that happens it achieves what's called a two-way State meaning it now knows that I have a neighbor who has acknowledged my presence so now he can start talking to each other step four is what's called an X start State and this is where the Dr and bdr election takes place and the highest router ID becomes Master now let's park it for a moment I'm gonna go deeper into this momentarily once we get past that step we'll get into step five which is called exchange state here is where the database descriptor or dvd packets are exchanged step six is the loading State based on that database descriptor packet that was exchanged in the previous step the router sends an LSR or link State request in this case R1 will send an LSR to R2 and R2 will respond back to it with an LSU or link State update that contains multiple link State advertisements within it and then the final step step 7 called Full State here all the lsas are exchanged and ospf databases are fully synchronized now let's quickly talk about one more item before we get into the CLI and that is ospf neighbor adjacency requirements now here are the Ten Commandments of ospf neighbor relationship and what I mean by that is you must abide by these 10 rules to make sure the neighborages and C comes up first one is interfaces interfaces must be in an up up state now it's one of those where you go da I mean of course you have to be in an up up State for the routers to talk to each other second no access control list filtering routing protocol messages so the second one means you shouldn't have any ACL on an interface that is actually filtering the routing protocol messages because that would make the adjacency not come up third interfaces must be in the same subnet that makes sense authentication must match on both ends makes sense hello and dead timers must match each router ID must be unique so you cannot have two routers on the same network with the same router ID it's going to cause issues and your ospf agencies will flap or may never even come up so make sure each router in your environment has a unique router ID interfaces must be in the same area ospf process should not be shut down duh all neighboring interfaces must use same MTU setting so that's another important one here the ospf adjacency will come up but you're going to have weird type of intermittent issues if the MTU mismatches on the two neighboring interfaces so make sure your MTU value matches if it's 1500 bytes on one side then on the other side of the link it should also be 1500 bytes and finally all neighboring interfaces must use the same ospf network type it's another one of those scenarios where if you had a mismatch the neighbor relationship is going to come up but then you're going to have bizarre issues where the information will never make it into the routing table things will get lost into building the lsdb or the link State database so keep this list in your back pocket now let's quickly take a look at ospf Network types the two Network types that are covered in CCNA are broadcast network type and point-to-point network type let's first speak to the broadcast network type that's a default mode on all ethernet interfaces it requires neighbors to be on the same subnet it's used for auto neighbor Discovery and ospf hellos are sent to 224.0.0.5 Dr and bdr election takes place in broadcast and when we have Dr and bdr then those hellos are sent to 224.0.0.6 and we'll talk about that in a moment as well when I go deeper into the Dr bdr process couple of things to keep in mind highest ospf interface priority wins the election by default all the interfaces have a priority of one so because of interface priority is always the same router ID ends up becoming the tiebreaker once the Dr is selected Dr is in charge of receiving and sending all the updates to everyone on the local subnet after the Dr and bdr election all other ospf routers on the local subnet become Dr and there's another Network state that I think is important for you to understand called point-to-point network type that's the default mode on serial interfaces so if you guys are familiar with T1 or E1 in Europe or OC interfaces here in the U.S or SDS interfaces in the in Europe or APAC then you know what serial interfaces are and serial interfaces are by default considered point to point because there are no additional devices there are only two devices on a Serial interface hence the reason we call it point to point it requires neighbors to be on the same subnet uses Auto neighbor discovery and Hollows are sent to 224.0.0.5 however the big difference here is there's no Dr or bdr election because the broadcast is not supported on serial interfaces or the point-to-point network type now let's quickly look at ospf Dr and bdr so everything that we have learned up to this point would help us understand how this works so let's quickly jump in so if you look at this network segment here this is a point-to-point link because this is a Serial link right in this case what's going to end up happening is there is no Dr or bdr Happening Here right because it's a Serial link and we just talked about it so this is a point to point however we are going to have a competition on a couple of different segments first of all this right here is a shared segment so these two routers are going to go through the election process let's assume this guy becomes the Dr this guy becomes the bdr and do you guys remember the third type it's called Dr or druther for that matter and then there's another election process that's going to take place here on this segment let's assume this becomes a Dr this becomes a bdr and all these guys become Dr others so that's how this whole Dr and bdr process works but what's the reason behind Dr and bdr to begin with well in ospf what ends up happening is when we're exchanging our databases which is called the lsdb link State database when we're exchanging the database we assume full mesh connectivity meaning all of these routers can talk to each other and they can all send updates to each other as you can imagine this could become very chatty if everybody started sending updates to everybody on the same Lan segment so what ends up happening is with the Dr and bdr election let me clean this up a little bit if this guy is the Dr and this guy is the bdr by the way bdr only comes into picture when the Dr is down so bdr is there but it's not actually doing anything Dr on a lens segment becomes in charge of everything so what that means is if there's a change in this land segment if something happens here this guy is going to advertise it to Dr Dr is going to receive that update and then the Dr would be responsible for responding to everyone instead of this guy sending the update to this guy right here this router and then this guy advertising it to everybody else and then everybody else advertising to everybody else this chaos is controlled by this Dr and this Dr then becomes responsible for letting everybody else know and the criteria for the election is the highest interface priority if that's not configured then the highest router ID will end up becoming a Dr or bdr now in real world typically the best practice design would be to use the interface priority as a tiebreaker because then you know for sure that for example if you want this guy to be Dr no matter what if you set up the interface I this interface right here with the highest interface priority then this guy will all just be preferred no matter what and one last thing to keep in mind is on a shared network segment all routers except Dr and bdr stay in two-way State and we talked about States a little bit ago now let's quickly talk through the ospf metric called cost so once the never adjacency is done like we talked about a moment ago ospf runs its SPF algorithm to find the best path to the destination and to find the best path it uses a metric called cost and it's based on interface bandwidth and the formula is cost equals 100 divided by bandwidth in megabits per second and here's the default ospf cost table so as you can see here if you guys remember the 56 and 64k modems these are the default costs T1 is a cost of 64. E1 is a cost of 48 10 ethernet 10 Meg is a cost of 10. fast to use one gigabit Ethernet is one 10 gig ethernet is one and as you can imagine if you let this default table operate that's not a good thing because in today's data centers in networks you may actually have 100 Gig links and if the 100 Gig is the same as the fast ethernet well we got a problem right so there's actually a way to fix that we'll talk about it in a moment and here's a quick topology of how this can play out so as you can see the different type of links this is 48 because this is an E1 and this right here is 1785 because this is the 56k circuit and this guy's one because it could be 100 Meg circuit this could be one gig so on and so forth now if you wanted to change it which we would want to we can change it under the routing process under ospf routing process we'll type in the command Auto Dash cost space reference Dash bandwidth space when we type in 100 000 this means 100 Gig the minute we do that 100 Gig becomes a cost of one and all the other subsequent bandwidths like a 40 gig 10 gig they will have higher costs than 100 Gig and this will truly reflect what our environment looks like so remember ospf has been around since 1980s this is where these values are coming from and we'll have to make changes for this to work here's another way of specifying cost at the interface level you can type in ipospf cost and then the cost of one remember cost of one is most preferred and one last thing I want you guys to keep in mind is once you change the reference bandwidth command it must be adjusted in all ospf routers so you cannot type in this command and just one router and be done with it you're gonna have to specify it on all ospf routers in your environment so they can calculate and run their SPF algorithm accordingly to find the best path around the network now let's quickly jump on CLI my favorite part and talk about ospf and actually get to see it in action love getting my hands dirty when it comes to routing there's no better way to learn now let me give you a quick walk through of this lab right here you have two routers in the middle router one and router two part of area zero we have router 3 and area one and router 4 and area two now if you start from left to right we got Network 10.0 Dot 31.0 30 between router 3 and 1. we got Network 10.0.0.12.0.30 between router 1 and 2. and between router 2 and 4 we have Network 10.0.13.0 30. so I want you to familiarize yourself with this and I've also specified the ending IPS on each side of the link so you know exactly how that's going to pan out and on router 3 I've got a bunch of loopbacks that are defined and these loopbacks that are representing different type of networks or subnets that are behind router 3 and similarly to the right on router 4 I've got a ton of loopbacks that are representative of different subnets or networks that are behind router 4 with this context in mind let's quickly jump into the CLI so let's quickly take a look at router 3 first and let me show you what I've done so I've configured the 10.0.31.2 IP address on router 3's interface and let's make sure I have the correct subnet mask on this interface so do Show run pipe section interface and hit enter this is a cool command instead of running through the entire show run or running config you can just simply look at the different interfaces and by looking at fast ethernet one slash zero I can see that I do have slash 30 specified on this interface let's also quickly take a look at show CDP never command to see who's directly connected with me and as you can see here as depicted in the diagram up above uh router one is indeed connected with me over my local interface of fast 101 slash o and the remote side is also fast ethernet one slash o so that is great news let me go ahead and enable ospf on my router here and what I want you guys to understand is that when it comes to ospf the way we enable ospf on the router is by simply typing in router ospf and then the process ID and when we do that we're now under the ospf routing configuration mode now let me take a quick pause here because I think it warrants a quick explanation you see this ospf process ID it's locally significant meaning it's not carried through the ospf LSA update or anything it's only enabled locally on the router and that's about it now what we need to do next is we need to Define the interfaces that I want to enable ospf on I'm going to give you a couple of different ways of doing this so you guys can become the masters of ospf okay the least specific way or the laziest way is you type in Network 0.0.0.0 and you type in a wild card mask of all 255s any type in area zero now I said Wild Card mask and you might be going whoa hang on a sec what's a wild card mask and that's a great question let me quickly do some white boarding so I can explain what a wild card mask is so a wild card mask is considered the mirror opposite of a subnet mask and it's also known as an inverted mask okay so let me explain so if you guys remember from the videos that I did on the topic of subnetting what is this this is a slash 24 right slash 24 is represented as 255.255.255.0 what would be this is called a subnet mask right but if I wanted to create a wild card mask from this how would I go about doing that well it's the mirror opposite so that means where I see 255 I've actually specified zero 0 0 and where I see 0 I'll specify 255. so once again wildcard mask is the mirror opposite of the subnet mask and wildcard mask is used by eigrp ospf and also Access Control lists or ACLS so it's something important that you have to understand and learn and to continue building on it in subnet mask where we see all ones so for example going back to 255.255.255.0 example if I were to zoom into this we have you know the if you guys remember the handy dandy binary conversion chart I'm gonna go ahead and specify all these values here and these are the different binary bit positions and in 255 means all the bits are on so every single bit is on and when we add up all these numbers that adds up to 255. now I've done a detailed video on this topic go ahead and check that out it's called ipv4 addressing and subnetting now that being said in the subnet mask wherever we see ones that means we care that means we actually care for these bits and where we see zeros like this zero right here and the last octet if you were to zoom in that would be that would be all zeros from a binary perspective that means we don't care for these bits we do care about the ones but we don't care about the zeros now what happens in a wild card mask is the opposite of the subnet mask so in The wildguard Mask the logic is reversed meaning wherever I see zeros that means I care and wherever I see ones means I don't care and that's the Wild Card mask for you let's go ahead and jump back on the CLI again I could do it this way but I'm not gonna do it this is the laziest way of doing it and I'm gonna go ahead and type in no in front of this command and remove it now ospf is not running on any network I'm only running a local ospf routing process but I need to be able to start running it on interfaces now the next level up is less specific but here what we can do is we can go Network 10.0.0.0 and with the subnet mask of 0.255.255.255 area zero and I'm actually doing it wrong I shouldn't actually be saying area zero I should actually be saying area one so what that means I'm going to go ahead and have to type in no in front of it retype this command and put one because remember looking at the diagram I'm in area one on router 3. right so I have to specify area one now what this command is doing is that as I explained earlier it's saying all I care for is the first octet because that's a zero on the Wild Card mask this means I care but then the rest of the three octets I do not care because I've got 255.255.255 there so wherever I have ones in the wildcard mask I don't care meaning when I take this interface right here and as long as the first octet matches I'm going to go ahead and enable ospf on whether I have one network or if I have 10 different networks I'm going to go ahead and enable ospf and all these different networks and this should be fine we can do it this way even though I would prefer is to be more specific but that's good enough for demonstration purposes now let me go ahead and jump on router one look at show IP interface brief here and see what it's got going on I'll do show CDP never to see whether or not I'm seeing the appropriate devices and sure enough to the left of router one I'm seeing uh router 3 connected and then to the right I'm seeing router 2 connected that's beautiful let me go ahead and um enable ospf on this router so do config T router ospf one by the way it doesn't have to be process one this process ID doesn't have to match I can call it process 100 if I wanted to and as a matter of fact let me call it 100 so I can demonstrate my point that this value right here is irrelevant it doesn't really matter it's it's something locally significant it's not carried in LSA updates or anything like that so I'm going to prove my point in a moment let's go ahead and now let's be a little bit more specific this time around we're going to say Network 10.0 Dot 31 .0 and we're going to go 0.0.0.3 for the wildcard mask and if you're wondering where did I get three I'll have to explain that to you in a moment and we just got the ospf adjacency message saying our neighbor has come up and we are connected so that's good ospf adjacency has come up but before I start looking at ospf I want to explain to you the Wild Card mask and how I came up with three so let's go ahead and do some whiteboarding again so as I mentioned earlier is slash 24 in a subnet mask World list 255.255.255.0 uh the Wild Card mask of this would be the opposite of it so 0.0.0.255. what if you have a slash 16. well slash 16 from a subnet perspective is 255.255.0.0 what's going to be the wildcard mask of this the opposite 0.0.255.255. what about if you have slash eight well we have 255.0.0.0 that's a subnet mask how is the Wild Card mask of this gonna be well simply the first octet is going to be zero followed by a bunch of 255s now let me explain how I came up with that dot 3 in the subnet mask so because it's a slash 30 what's a slash 30 from subnet mask perspective 255.255.255. what 252. the Wild Card mask like I said is the opposite of it but here I'm going to go in slightly more detail so to figure out the Wild Card mask here's a tip you can use so jot down all 255s at the top and what you want to do next is take the slash 30 that we had and subtract so let's get it all written here and then we want to do what we want to subtract minus right so 255 would be 0 255 0 this would be zero and this would be what 255 minus 252 is 3. this is where the value 3 came from that you were looking at earlier right that I typed in on my router this is a very very specific entry and this is a slash 30 entry from a wild card perspective now what I can do is I can go ahead and look at show IP ospf neighbor and I'm going to have to type in do in front and what we're seeing here is that I'm connected with my neighbor who happens to be but hold on a sec this command shows me that I'm connected to my number 10.0 Dot 31.2 which is router 3 and my interface is fast ethernet one slash zero and another critical piece of information that this gives us is that this ID right here neighbor ID this is called router ID so if you guys recall I talked about router ID or red a couple of times before that's what it is and as you can see here on router 1 I'm seeing a random well seemingly random neighbor ID there's a better way of handling it so we'll talk about that in a moment now on router one I'm not done yet I still have to run in network command yet again on another interface now this time around let me use the network command 10.0 Dot 12.1 and I'll type in the Wild Card mask of all zeros in area zero now what did I do here once again zeros in wildguard mask mean I care this means this entire thing has to match now this is very very specific this is like laser surgery here I'm specifying that I only want to enable ospf in this particular interface and that's about it now I personally really like it because what that does for me is ensures that I'm only enabling ospf on the interface that I care for and nothing else but there's even a better way than this and I'll show you what that looks like when we get to router two so at at this point on router 1 we're done let me go ahead and uh write the configuration let me go to router 2 now now let's go and start configuring router two so look at show IP interface brief look at show CDP neighbor that looks good let's go ahead and start configuring now this is my favorite way of enabling ospf so what we'll do is we'll go under the interface so interface fast zero zero will say ipospf I'll give it the process ID let's just say 200 and we'll do area zero and bingo our osbf adjacency just came up and we'll do we'll go to the other interface now fast ethernet one slash zero and type in the same command again but then change the area to area two because router 2's interface pointing to router 4 happens to be in area two and let's go to router four and do the same thing show IP interface brief that's good show CDP neighbor I should only have one neighbor the word router two that's good I'll go under the interface and enable ospf ipospf let's just say it doesn't really matter like 99 area 2. so now you guys have seen different methods of how ospf can be enabled on a router now let's quickly go ahead and look at a couple of show commands show IP ospf neighbor I'm only seeing one neighbor and my neighbor's address is 10.0.13.1 which is right if I look at the diagram here up up at the top and I've got in a full adjacency with them and that's good and then the router ID is 10.0.13.1 once again this is something I will talk about momentarily now let me quickly go to router one and look at show ipospf database and naturally there is a lot more to unpack here this right here is LSA type one router link States and if you guys remember routerlink slsa is where the neighboring router is advertising to us their router ID along with all the links that they have well because we don't have the router IDs properly specified it's going to be a lot harder to unpack this so what I'm going to do is I'm going to go ahead and manually start configuring router ID on every single router to hammer the point home why it's important to have router ID specified all this that's considered a best practice design so we'll do router ID because it's router 3 we'll do 3333 and as you can see here it says we have to either reload or clear the ospf process so what I'm going to do is I'm going to do do clear iposvf process reset all processes yes please now let me go ahead and do that across the board now I have to remember the routing process 100 so router ospf 100 router ID 1111 that's good I'm gonna go ahead and do clear iposbf process yes on router 2 same thing do Show run section ospf we'll do router ospf 200. router ID 2222 [Music] do clear ipospf process and yes and we'll do the same thing here do Show run section ospf router ospf 99 router ID 4444 do write mem and do clear IP osbf process and that should really be it now that we have reset the osbf processes across the board and all the routers let's go ahead and unpack the show ipospf database command that I've typed up here on router 3. now look at the diagram up above and keep this context in mind as we unpack this okay first it tells us our ospf router ID right here it's telling us the local process you're running here once again this is locally significant and has no relevance across the ospf network at all it's only local to the device this right here as I alluded earlier is LSA type 1. now LSA type 1 if you guys recall it describes a router and it tells us the different links that we have in our database and everybody in the same area which in this case happens to be area one because you're looking at router 3 up here it only has connectivity into area one everybody in this area should have the same database right here so all the links are advertised and we can also see the link count there's only one link per device as we're seeing here okay the next one up here is LSA type two this is called the network LSA and this describes a Network that has a Dr so it shows us right here that link ID 10.0.31.2 which happens to be us we are the Dr and he can confirm that when we look at the command that we ran above that show IPO SPF neighbor it shows that our neighbor is a bdr or backup designated router which automatically makes us what a Dr or a designated router so that's what we are seeing here and finally LSA type 3 which is called summary LSA this describes all the subnets in other areas so because you're in area one we're going to see this link ID which is 10.0.12.0 this happens to be the area zero link ID and this right here 10.0.13.0 which happens to be the area 2 Link ID so if you're seeing those in here so if you go back and look at and I talked about the of ospf LSA types you'll get to understand now what I was talking about because now this crystallizes that concept that I articulated earlier now let's go ahead and continue moving forward here I'm going to run the show ipus BF database command on router 1 here and what you're seeing is it's showing its own router ID and the local process ID that it's running and then for area zero it's showing all the different routers that are advertising the router LSA type one then it's showing the Dr on this segment and here the Dr happens to be 12.2 which is router 2. which means if I were to do show IP usbf neighbor we're gonna be a backup designated router which I'm going to do in a moment and then finally the summary LSA is routes and other areas or network in other areas so 10.0.13.0 is in in area two and 31.0 is an area one and we and we happen to be in area zero so we all just see information from other areas not our own area now below it right here is information for area one this is the LSA type one for area one LSA type 2 for Area 1 LSA type 3 for area one so for each area we have separate lsas it's per area idea we can also look at a command show IP protocols to see what protocols we are running on this router so here we can see our local ospf process you can see there are no update filters set that's good we can see our router ID we can see that we are an area border router and the reason is because we've got legs in multiple areas and in particular we have two different areas here and we're routing for these two networks one in area zero one in area one it's also showing us the reference bandwidth command is set to 100 megabits per second and it's also showing us the routing information sources where the information is coming from and our default distance is 110. now let's also look at another very important command show IP route and here what we're seeing is of course the connected routes are represented by the code C but what we're what we're interested in is the ospf route right so which starts with o and then it's got IA in front of it so if you see o means ospf up here and I a means ospf enter area route and what that means is on router 1 we're learning 10.0.13.0 which is a inter-aria route meaning it's a a route that's being learned from a different area than the one we know about because remember in router 1 what are the two areas we know of on router one if you look at the diagram up here we know about area one and we know about area zero we don't know about area two but through the magic of routing we are learning about this network from router two because it's connected to router 4. as you can see in the diagram and we can see that our administrative distance is 110 and our metric to get there is 2. and the reason our metric is 2 is there's a cost of one here and there's a cost of one here to get to R4 that's why this value right here is 2. because it the ideas cumulative bandwidth right so we have to add the bandwidth of all the Hops that are in between and that will give us our metric now one more thing we need to do is you should also go ahead and advertise all of our loopbacks right I got all these loopbacks that need to be advertised so let's go ahead and do that let's do show IP protocols because that can help us determine the routing process so we'll do router ospf one and we'll go ahead and do Network 172.30 I'm just going to be lazy here and do this and type in area one and this will cause ospf to flood the information because remember we just had a network change so what this is going to do is this is going to flood this information across the entire ospf domain show IP route so we're showing these as are directly connected I'm on router 3 right now I'm seeing two inter area routes one is the 12.0 and the other one is a 13.0 network which makes sense because router 3 is not connected to area 0 or area two but it's still learning and if you go to area router 1 now and do show IP route what we should see now is all these routes all these ospf routes that are being learned which are the loopbacks so basically these loopbacks are subnets behind router 3. and we should be seeing them everywhere now if you do show IP route on router 2 what do you think do you think router 4 is going to have that or no all those routes of course we will because that's what ospf does because at the end of the day we need to be able to communicate with all the devices right so you're seeing the flag here of o i a which means inter area routes and you can see the cost here which tells us that we're a couple of hops away to get there four hops away so the three hops would be the links in between so router 4 to router two is one hop router two two router one is another hop router 1 to router 3 is the third hop and then the loopback is the fourth hop on router three so that's what we're seeing here now that's a lot of routes so let's jump back to the deck again and learn about a couple of additional Concepts so how do we change the router ID so remember we wanted to change the router ID right because that allows us more flexibility which we did that earlier how about the interface ID or priority well this feature reconfigure under the interface by default all the routers have Priority One but you can go ahead and specify the interface priority and this will make sure that this particular router that has a better priority configured is always selected over any other router and if you assign the value of zero to that router it exempts the router from the Dr bdr election process another very important concept that I want you guys to understand is the osbf route summarization so you just saw in the routing table we have so many different routes that we're learning from router 3 throughout the network wouldn't be nice if we could somehow figure out a way to advertise a single routing entry instead of having these individual routes now it looks nice if you have a small Network to have access to every single subnet but in a very very large environment this can get out of hand and looking at the routing table you'll have pages and pages full of routing table and is going to become very very difficult for you to troubleshoot so there's a concept called summarization and what we can do is all the different networks that we defined on router 3 . if we were to line them up like the way you're seeing here we would want to see where the changes are happening in order to do summarization and as you can see here clearly the third octet is where the change is happening so because this is where the change is happening we focus on this octet and what we do is we go ahead and zoom into this octet and we convert these IPS to binary so if you convert zero the third octet zero to Binary it's all zeros one would be a bunch of zeros followed by one two would be this three four so on and so forth and when we jot all this down what we learn is that the leftmost bits the five leftmost bits are the same here but the three bits to the right is where the change is happening so if you recall because this is slash 24 slash 24 is 255.255.255.0 and when we take that and we apply this logic where we understand the five bits are constant and only three bits are changing what we can do and the third octet is we can go 255.255.248 .0 because only the first five Bits And if you recall there's this Con binary conversion chart one two four eight 16 32 64 and 128. if we were to line up these bits here what we'll get is the third octet being 248 because five bits are constant right so this is on this is on this is on this and right here so if you were to add all these up we're going to get the value of 248 and that's what I have right here so therefore the most efficient subnet mask or supernet we call that supernet to advertise for this network would be this Command right here so let's go ahead and do that on our router and see what happens by the way just a quick quickly clarify this is not under the interface configuration this is under the ospf routing process so let's go ahead and check that out we're gonna have to do this on router one summarization right because if you guys recall we can do summarization only on an ABR or asbr in this case router 1 is an area border router so this router should give us the ability to go ahead and configure that so let's do show IP protocol and see what our ospf routing processes router ospf 100 and we'll do area one range and we'll type in the network followed by the subnet mask here it's not the Wild Card mask it's a subnet mask remember this distinction compared to the network command when we type in the network command under the ospf routing process we specify wildcard mask following the network ID here we typed in the subnet mask after the network ID so now what this should do for us is down the line like on router 2 and router 4 you shouldn't be seeing so many different routes we should now be seeing a very tidy routing table and sure enough you see how tidy and nice this is now we're seeing 172.30.0.0 so basically all the routes have now been represented by a single entry in the routing table and this saves on memory CPU bandwidth all those precious resources on our router and it should be the same thing on router 4. if you look at the routing table sure enough instead of seeing those individual entries for 172 we're just seeing a single entry now and that's awesome now I want to quickly talk about the ospf default routes and as you can see here I've got this diagram right in front of you you're going to go ahead and set up a default route right here pointing to this next top on our router and I kind of changed the topology a little bit instead of area two now I'm going to call it ISP and what I'm going to do is I'm going to actually remove ospf here okay I want to remove it and I want to do this to show you how the default route works so a couple of commands I want you guys to look at is we're going to first type in the default information originate command this command creates a default route for the network if one exists so I'll explain what that means and then the other one is default information regenerate always command and this command creates a default route for the network even if there isn't one configured typically as a best practice the second command is not such a good idea you would want to use the command at the top here default information originate and have a manually specified default route to the to the ISP and this way that route gets pushed down to the rest of the network and makes it really easy for everybody if they want to get access to the internet so let's go ahead and get this configured first of all I'm going to go to router 4. let's look at show IP protocol and I'm going to remove ospf configuration no router ospf 99. I'm going to do show IP routes do show IP protocols to C5 have any Dynamic routing protocol configured I don't have anything configured at this point so I am done on router 2 what I'm gonna do is look at Show run section ospf and go ahead and remove ospf from the interface that is pointing to router 4. so I'm going to type in interface and I'm gonna do no end time in this command right here copy it and paste it so at this point I have no osbf running on area two if I do show IP protocol I see that I'm only running ospf on Fast ethernet 0 0 in area zero I no longer have area 2 specified so that's good it's the show IP ospf neighbor do show iposbf neighbor and you can see that I'm only seeing router 1 router 4 is not even here what I want to do now is set up a static route static default route by the way which is all zeros pointing to 10.0.13.2 as my next top so let me go ahead and quickly take a look at show IP route to see how it shows up in my routing table and sure enough what I'm seeing here is that I've got a default route pointing to this interface now let me verify if I can reach the networks behind router 4. so let's bang 192.168. 0.1 of course I can and sure enough it seems like I can reach everybody because I've now just pointed a default route to router 4 and right now in this example router 4 is acting as an ISP what we'll do now is I will go under the routing process do show IP protocol router ospf200 I'll type in default Dash information originate and hit enter and what we should see by typing in this command is that all of the routers down the chain like router 1 and eventually router 3 they should be seeing a single default route being injected via ospf in their routing tables so the that router 3 can go ahead and reach all the subnets behind router 4 all the way through so let's go ahead and check that out so let's do show IP route and there you go you see this route o star E2 star means it's a candidate default route so once again it's a default route that we created right so what that means is anything that doesn't match my routing table I'm going to send it to this particular entry and it's a very it's very important to keep this in mind okay because typically like I said when you have an ISP in your network and you have ospf as your default routing protocol you would want to inject a default information originates all the routers in your environment know what to do with traffic that is internet bound it will send it to the default gateway that's connected to the ISP and E2 in this instance means it's ospf external type 2 route okay so now from router 3 see if you can ping all the way through and paying the loopbacks on router 4 192 168 .0.1 the reason it's failing is why can you think of the reason why this is failing our packets are making it to router 4 for sure but you know what's happening in return router 4 doesn't know how to get get to us because remember we are no longer running ospf right so how do we fix this well I'm glad this happened because this gives you an opportunity to learn on router 4 we're going to have to specify a static route so once again we'll just do all zeros and we'll type in next top of 10.0.13.1 which happens to be router 2's interface pointing to router four okay at this point we have end-to-end path so let's see if he can pay now boom there you go you see so what was happening is before I typed in that command in router 4 our packets are making it to router 4 but they didn't know router 4 didn't know how to return the traffic back so the traffic is actually dying on router 4. but by specifying a default route pointing to R2 and R2 has the intelligence using ospf R2 knows so let's go ahead and take a look do show IP route see R2 knows how to get to 172.30 network R2 also knows how to get to 10.0.31 network by the way let me show you another command that is very powerful if I go to R3 and type in ping IP from router 3 we're gonna ping this subnet that's behind router 4 which is all the way to the other side right hand side and we will specify the source of loopback on router 3 which is all the way to the left this will verify completely end-to-end connectivity all the way through see if it works and sure enough it did so when you do this what this does is it constructs an IP packet an icmp packet a ping packet that has a source of this and a destination of this when you don't specify the source what ends up happening is when you just paying 192.168 0.1 The Source becomes this physical interface you see fast a one slash zero this automatically becomes a source when you're pinging and this may be okay but ideally you want to you would want to check end-to-end connectivity to make sure the subnets behind your Source or the actual source is able to get to the eventual destination that it needs to get to here's a couple of commands you can keep in your back pocket for verification purposes these are my favorite commands right here these are the commands that we primarily ran during our lab today those other ones are good to know but these are absolutely critical and of course if you guys recall we had to clear the iposvf process so whenever your ospf is misbehaving not a bad idea to go ahead and clear the ospf process so it resets and we didn't run debug IP commands today but you can run these commands to learn about ospf at a much deeper level we'll do that in the ccnp class