Friday, June 29, 2012

A waste of space



A waste of space
1.1.2 This page will explain how certain address schemes can waste address space.
In the past, the first and last subnet were not supposed to be used. The use of the first subnet, which was known as subnet zero, was discouraged because of the confusion that could occur if a network and a subnet had the same address. This also applied to the use of the last subnet, which was known as the all-ones subnet. With the evolution of network technologies and IP address depletion, the use of the first and last subnets have become an acceptable practice in conjunction with VLSM.
In Figure , the network management team has borrowed three bits from the host portion of the Class C address that has been selected for this address scheme.
If the team decides to use subnet zero, there will be eight useable subnets. Each subnet can support 30 hosts. If the team decides to use the no ip subnet-zero command, there will be seven usable subnets with 30 hosts in each subnet. Cisco routers with Cisco IOS version 12.0 or later, use subnet zero by default.
In Figure , the Sydney, Brisbane, Perth, and Melbourne remote offices may each have 30 hosts. The team realizes that it has to address the three point-to-point WAN links between Sydney, Brisbane, Perth, and Melbourne. If the team uses the last three subnets for the WAN links, all of the available addresses will be used and there will be no room for growth. The team will also have wasted the 28 host addresses from each subnet to simply address three point-to-point networks. This address scheme would waste one-third of the potential address space.
Such an address scheme is fine for a small LAN. However, it is extremely wasteful if point-to-point connections are used.
The next page will explain how VLSM can be used to prevent wasted addresses.

A waste of space

A waste of space
1.1.2 This page will explain how certain address schemes can waste address space.
In the past, the first and last subnet were not supposed to be used. The use of the first subnet, which was known as subnet zero, was discouraged because of the confusion that could occur if a network and a subnet had the same address. This also applied to the use of the last subnet, which was known as the all-ones subnet. With the evolution of network technologies and IP address depletion, the use of the first and last subnets have become an acceptable practice in conjunction with VLSM.
In Figure , the network management team has borrowed three bits from the host portion of the Class C address that has been selected for this address scheme.
If the team decides to use subnet zero, there will be eight useable subnets. Each subnet can support 30 hosts. If the team decides to use the no ip subnet-zero command, there will be seven usable subnets with 30 hosts in each subnet. Cisco routers with Cisco IOS version 12.0 or later, use subnet zero by default.
In Figure , the Sydney, Brisbane, Perth, and Melbourne remote offices may each have 30 hosts. The team realizes that it has to address the three point-to-point WAN links between Sydney, Brisbane, Perth, and Melbourne. If the team uses the last three subnets for the WAN links, all of the available addresses will be used and there will be no room for growth. The team will also have wasted the 28 host addresses from each subnet to simply address three point-to-point networks. This address scheme would waste one-third of the potential address space.
Such an address scheme is fine for a small LAN. However, it is extremely wasteful if point-to-point connections are used.
The next page will explain how VLSM can be used to prevent wasted addresses.

Sunday, June 3, 2012

VLSM

VLSM
What is VLSM and why is it used?
 1.1.1
Certification-level claim: Compute and use Variable Length Subnet Masking (VLSM) techniques to design and implement effective and efficient IP addressing.
This module provides essential background information for the CCNA exam. Namely, this is how to configure IP addresses, subnet masks and gateway addresses on routers and hosts, and how to design an IP addressing scheme to meet design requirements.
Hands-on skills: None
In this lesson students will be introduced to the new topic of Variable Length Subnet Masks (VLSM). It is important for instructors to introduce this topic after they have made sure that students are thoroughly familiar with subnetting. It might be useful to give students the opportunity to demonstrate their skills at subnetting by giving them a series of small network addressing problems. These could be such as ones they have done in CCNA 1 and 2. Instructors should then emphasize that VLSM is an important topic and students will now be able to use subnet zero. During this module, try to give the students plenty of opportunities to compute and use VLSM techniques to design and implement effective and efficient IP addressing.
Best practices for teaching this TI include online study with study guides, group work, practical addressing quizzes using VLSM, lab work, and mini-lecture.
This is a core TI.
VLSM is simply an extension of basic subnetting, where the same Class A, B, or C address is subnetted by using masks of different lengths. VLSM provides a more efficient way of assigning IP addresses. It provides more flexibility in assigning an adequate number of hosts and subnets given a limited number of IP addresses. In CCNA 1 and 2, the question may have come up as to why host addresses are used on a WAN link, which only requires one address on either end of the link, plus a network address and a broadcast address. VLSM makes it possible to subnet a subnet so VLSM can be used on WAN links with a Classless InterDomain Routing (CIDR) notation of /30. IP subnet zero is enabled by default on Cisco IOS 12.0 and higher. This allows the use of all zeros and all ones subnets.
Pay particular attention to the following figures:
  • Figure outlines that VLSM works with OSPF, IS-IS, EIGRP, RIP v2, and static routing.
  • Figure emphasizes the use of the /30 on the serial links.
  • Figures and illustrate VLSM and how it is computed.
The following are questions for the students to research:
  1. Why is VLSM described as subnetting a subnet?
Why was VLSM not used in CCNA 1 and 2? 
=====================================


As IP subnets have grown, administrators have looked for ways to use their address space more efficiently. This page introduces a technique called VLSM. With VLSM, a network administrator can use a long mask on networks with few hosts, and a short mask on subnets with many hosts. -
In order to implement VLSM, a network administrator must use a routing protocol that supports it. Cisco routers support VLSM with Open Shortest Path First (OSPF), Integrated IS-IS, Enhanced Interior Gateway Routing Protocol (EIGRP), RIP v2, and static routing.
VLSM allows an organization to use more than one subnet mask within the same network address space. VLSM implementation maximizes address efficiency, and is often referred to as subnetting a subnet.
Classful routing protocols require that a single network use the same subnet mask. As an example, a network with an address of 192.168.187.0 can use just one subnet mask, such as 255.255.255.0.
A routing protocol that allows VLSM gives the network administrator freedom to use different subnet masks for networks within a single autonomous system.  Figure shows an example of how a network administrator can use a 30-bit mask for network connections, a 24-bit mask for user networks, and even a 22-bit mask for networks with up to 1000 users.
The next page will discuss network address schemes.

Semester 3 :- Module 1: Introduction to Classless Routing

Semester 3 
Module 1: Introduction to Classless Routing
Overview
Network administrators must anticipate and manage the physical growth of networks. This may require them to buy or lease another floor of a building for new network equipment such as racks, patch panels, switches, and routers. Network designers must choose address schemes that allow for growth. Variable-length subnet mask (VLSM) is used to create efficient and scalable address schemes.
Almost every enterprise must implement an IP address scheme. Many organizations select TCP/IP as the only routed protocol to run on their networks. Unfortunately, the architects of TCP/IP did not predict that the protocol would eventually sustain a global network of information, commerce, and entertainment.
IPv4 offered an address strategy that was scalable for a time before it resulted in an inefficient allocation of addresses. IPv4 may soon be replaced with IP version 6 (IPv6) as the dominant protocol of the Internet. IPv6 has virtually unlimited address space and implementation has begun in some networks. Over the past two decades, engineers have successfully modified IPv4 so that it can survive the exponential growth of the Internet. VLSM is one of the modifications that has helped to bridge the gap between IPv4 and IPv6.
Networks must be scalable since the needs of users evolve. When a network is scalable it is able to grow in a logical, efficient, and cost-effective way. The routing protocol used in a network helps determine the scalability of the network. It is important to choose the routing protocol wisely. Routing Information Protocol version 1 (RIP v1) is suitable for small networks. However, it is not scalable to large networks. RIP version 2 (RIP v2) was developed to overcome these limitations.
This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.
Students who complete this module should be able to perform the following tasks:
  • Define VLSM and briefly describe the reasons for its use
  • Divide a major network into subnets of different sizes using VLSM
  • Define route aggregation and summarization as they relate to VLSM
  • Configure a router using VLSM
  • Identify the key features of RIP v1 and RIP v2
  • Identify the important differences between RIP v1 and RIP v2
  • Configure RIP v2
  • Verify and troubleshoot RIP v2 operation
Configure default routes using the ip route and ip default-network commands

Summary Module 11 ACLs

 Summary Module 11 ACLs

This page summarizes the topics discussed in this module.
ACLs are lists of conditions that are applied to traffic that travels across a router interface. They can be created for all routed network protocols such as IP and IPX. Packets are accepted or denied based on these lists.
Network administrators create ACLs to control network access. ACLs provide the ability to limit network traffic, increase performance, and manage security issues. ACL statements operate in sequential, logical order. When a condition is matched as true, the packet is permitted or denied and the rest of the ACL statements are not checked. If all the ACL statements are unmatched, an implicit deny any statement is placed at the end of the list by default. The invisible deny any statement at the end of the ACL will not allow unmatched packets to be accepted. When first learning how to create ACLs, it is a good idea to add the deny any at the end of ACLs to reinforce the dynamic presence implicit deny.
ACLs are created in the global configuration mode and the basic rules should be applied. Each ACL on a router must be configured with a unique number or a name. When a numbered ACL is used, the number identifies the type of access list. Numbered ACLs may be either standard or extended, and must fall within the specific range of numbers that is valid for that type of list . Standard IP ACLs use the numbers from 1 to 99. Extended IP ACLs use the numbers from 100 to 199. ACLs are created by entering the command access-list. Once created, the list is then assigned to the proper interface.
The placement of an ACL has a great impact on network efficiency. The general rule is to put the extended ACLs as close as possible to the source of the traffic denied. Standard ACLs do not specify destination addresses, so they should be placed as close to the destination as possible.
A wildcard mask is a 32-bit quantity that is divided into four octets. The numbers one and zero in the mask are used to determine the treatment of the corresponding IP address bits. In the wildcard mask process, the IP address in the access-list statement has the wildcard mask applied to it. This creates the match value, which compares the two and determines whether the packet should be processed by this ACL statement, or sent to the next statement to be checked.
The show ip interface command displays IP interface information and indicates whether any ACLs are set. The show access-lists command displays the contents of all ACLs on the router. To see a specific list, add the ACL name or number as an option for this command. The show running-config command will also display the access lists on a router and the interface assignment information.
Standard ACLs check the source IP address of packets that are routed. The ACL will permit or deny access based on the network, subnet, and host address. Extended ACLs are used more often than standard ACLs because they provide a greater range of control. Extended ACLs check the source and destination packet addresses and can also check for protocols and port numbers. A named ACL may be either an extended or standard ACL. Named ACLs provide the ability to modify ACLs without deleting and then reconfiguring them. A named access list will allow the deletion of statements but will only allow for statements to be inserted at the end of a list

Restricting virtual terminal access

Restricting virtual terminal access 
 11.2.6
This page will explain how ACLs are created for virtual ports.
Standard and extended access lists apply to packets that travel through a router. They are not designed to block packets that originate within the router. An outbound Telnet extended access list does not prevent router initiated Telnet sessions, by default.
Just as there are physical ports or interfaces, such as Fa0/0 and S0/0 on the router, there are also virtual ports. These virtual ports are called vty lines. There are five vty lines, which are numbered 0 through 4, as shown in Figure . For security purposes, users can be denied or permitted virtual terminal access to the router but denied access to destinations from that router.
The purpose of restricted vty access is increased network security. The Telnet protocol can also be used to create a nonphysical vty connection to the router. There is only one type of vty access list. Identical restrictions should be placed on all vty lines since it is not possible to control the line on which a user will connect.
The process to create the vty access list is the same as described for an interface. However, applying the ACL to a terminal line requires the access-class command instead of the access-group command.
The following should be considered when configuring access lists on vty lines:
  • A name or number can be used to control access to an interface.
  • Only numbered access lists can be applied to virtual lines.
  • Identical restrictions should be set on all the virtual terminal lines, because a user can attempt to connect to any of them.
In the second Lab Activity, students will use ACLs to control IP traffic.
This page concludes this lesson. The next page will summarize the main points from this module.