DAY 1: Networks, Cables, OSI, and TCP Models

Networks, Cables, OSI, and TCP Models

Common Network Devices:
Only a few years ago, networks were still pretty small. This meant that you could simply plug all devices into a hub or a number of hubs. The hub’s job was to boost the signal on the network cable, if required, and then pass out the data on the wire to every other device plugged in. The problem with this, of course, is that the message was intended for only one network host, but it would be sent to tens or hundreds of other hosts connected to other hubs on the network.
Network switches are a more intelligent version of hubs. Switches use Content Addressable Memory (CAM) and therefore have the ability to remember which device is plugged into which port. Cisco manufactures switch models which are designed to work in small offices and all the way up to large enterprise networks consisting of thousands of devices. We will explore this in more detail later, but, basically, switches operate by using the device’s MAC addresses (known as Layer 2) and IP addresses (known as Layer 3), or they can perform more complex tasks, such as processing lists of permit/deny traffic or protocols and port numbers (known as Layer 4), or a combination of all these layers and more. We will cover what comprises these layers and their functions later in this module.
Using a switch (see Figure 1.1) allows you to divide your network into smaller, more manageable sections (known as segments). This in turn allows the teams who work inside your company, such as human resources, finance, legal, etc., to work on the same section of the network at the same time, which is useful because the devices will spend most of their time communicating with each other.

Routers
As a Cisco engineer, you will spend a lot of time installing, configuring, and troubleshooting routers. For this reason, over half of the CCNA syllabus is dedicated to learning all about router configuration.
A router (see Figure 1.3) is a device used for networking. While network switches involve devices on the same network communicating with each other, the router communicates with devices on different networks. Older models of routers only had ports, which were physically built into them and attached to the motherboard. This is still sometimes the case, but modern networks now require a router to perform functions for IP telephony, switching, and security, and to connect to several types of telecoms companies. For this reason, routers are also modular, which means you have the router chassis and empty slots into which you can connect a variety of routing or switching modules.

Topology refers to how network equipment is arranged in order to communicate. How this is done could be limited by the communication protocols the equipment uses, cost, geography, or other factors, such as the need for redundancy should the main link fail. You should also note that there is often a difference between physical and logical topology. Physical topology is how the network appears when you look at it, whereas logical topology is how the network sees itself. The most common topologies are described in the following sections.
Point-to-Point
This topology is used mainly for WAN links. A point-to-point link is simply one in which one device has one connection to another device. You could add a secondary link connecting each device but if the device itself fails, then you lose all connectivity.

Bus
This topology was created with the first Ethernet networks, where all devices had to be connected to a thick cable referred to as the backbone. If the backbone cable fails, then the network goes down. If a cable linking the device to the backbone cable fails, then only that device will lose connection.

Star
This is probably the most common topology you will encounter. Each network device is connected to a central hub or switch. If one of the cables to the devices fails, then only that device becomes disconnected.

Ring
A ring topology is used by token ring networks and Fiber Distributed Data Interface (FDDI) networks, both of which went out of use several years ago.

Mesh
When downtime is not an option, a mesh topology can be considered. Full-mesh networks provide a connection to each device from every other device. This solution is often used with WAN connections.

Hub-and-Spoke
Due to the cost of equipment and WAN connections and bandwidth, companies often use a hub-and-spoke design. A powerful router is in the centre (hub), usually at a company’s HQ, while the spokes represent remote offices, which require less powerful routers. There are obviously issues with this type of topology; however, it is still widely used. We will revisit huband-spoke topologies again in the Frame Relay section, as it still forms a large part of the CCNA syllabus because of the routing issues it creates.

The OSI Model
Open Standards Interconnection (OSI) was created by the International Organization for Standardization (ISO). With the technology boom came the rise of several giants in the fields of networking devices and software, including Cisco, Microsoft, Novell, IBM, HP, Apple, and others. Each vendor had their own cable types and ports and ran their own communication protocols. This caused major problems if you wanted to buy routers from one company, switches from another, and servers from yet another. There were workarounds for these problems, such as deploying gateways on the network that could translate between protocols, but such solutions created bottlenecks (i.e., slow portions of the network) and made troubleshooting very difficult and time-consuming. Eventually,
vendors had to agree on a common standard which worked for everyone, and the free suite of protocols called Transmission Control Protocol/Internet Protocol (TCP/IP) was ultimately adopted by most. In the end, those vendors who failed to adopt TCP/IP lost market share and went bust.

The ISO created the OSI model to help vendors agree on a set of common standards with which they could all work. This involved dividing network functions into a set of logical levels or layers. Each layer would perform a specific set of functions, so, for example, if your company wanted to focus on network firewalls, they would work with other vendors’ equipment. The advantage was that each device was designed to perform a specific role well, rather than several roles inadequately. Customers could choose the best device for their solution without being tied to one vendor. Troubleshooting became much easier because certain errors could be traced to a certain OSI layer.
The OSI model divides all network functions into seven distinct layers. The layered model starts at Layer 7 and goes all the way down to Layer 1. The more complex functions, which are closer to the user, are at the top, moving down to network cable specifications at the bottom layer, as illustrated in Table 1.2 below:

You can easily remember the names of the layers with the mnemonic “All People Seem To Need Data Processing.” I would certainly get used to referring to each layer by its number because this is how real-world network technicians use the OSI. As data is passed down from the top layers to the bottom for transportation across the physical network media, the data is placed into different types of logical data boxes. Although we often call these data boxes “packets,” they have different names depending upon the OSI layer. The process of data moving down the OSI model is referred to as encapsulation (see
Figure 1.13). Moving back up and having these boxes stripped of their data is called deencapsulation.

Layer 7 – Application Layer
This layer is the closest layer to the end-user, you and me. The Application Layer isn’t the
operating system of the devices but usually provides services such as e-mail (SNMP and POP3),
web browsing (using HTTP), and file transfer services (using FTP). The Application Layer
determines resource availability.
Layer 6 – Presentation Layer
The Presentation Layer presents data to the Application Layer. Multimedia works here, so think MP4, JPEG, GIF, etc. Encryption, decryption, and data compression also take place at this layer.
Layer 5 – Session Layer
The role of the Session Layer is to set up, manage, and terminate sessions or dialogues
between devices. These take place over logical links, and what is really happening is the joining of two software applications. SQL, RPC, and NFS all work at the Session Layer.
Layer 4 – Transport Layer
The role of the Transport Layer is to break down the data from the higher layers into smallerparts, which are referred to as segments (at this layer). Virtual circuits are set up here, which are required before devices can communicate. Before the data can be passed across the network, the Transport Layer needs to establish how much data can be sent to the remote device. This will depend upon the speed and reliability of the link from end to end. If you have a high-speed link but the end-user has a low-speed link, then the data will need to be sent in smaller chunks.
The three methods used to control data flow are as follows:

1. Flow control
2. Windowing
3. Acknowledgements

Flow Control
If the receiving system is being sent more information than it can process, it will ask the sending system to stop for a short time. This normally happens when one side uses broadband and the other uses a dial-up modem. The packet sent telling the other device to stop is known as a source quench message.

Windowing
With windowing, each system agrees upon how much data is to be sent before an acknowledgment is required. This “window” opens and closes as data moves along in order to maintain a constant flow.

Acknowledgements
When a certain amount of segments is received, the fact that they all arrived safely and in the correct order needs to be communicated to the sending system.

All of this is agreed upon during a process known as a three-way handshake (see Figure 1.17). This is where you send a packet to establish the session. This first packet is called a synchronise (SYN) packet. Then the remote device responds with a synchronise acknowledgement (SYN-ACK) packet. The session is established in the third phase when an acknowledgement (ACK) packet is sent. This is all done via the TCP service.

The Transport Layer includes several protocols, and the most widely known are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are part of the TCP/IP suite of protocols. This suite is well known because it is the standard used on the Internet. TCP is known as a reliable connection-oriented protocol. It uses the three-way handshake, windowing, and other techniques to guarantee that the data gets to its destination safely. Many protocols use TCP, including Telnet, HTTPS, and FTP (although it sits at the Application Layer, it does use TCP). UDP, on the other hand, is known as a connectionless protocol. It numbers each packet and then sends them to their destination. It never checks to see whether they arrived safely and will never set up a connection before sending the packet. Sometimes data is not that important and the application developer decides that the information can always be sent again if it fails to arrive at its destination.
Why is UDP used at all? TCP uses a lot of bandwidth on the network and there is a lot of trafficsent back and forth to set up the connection, even before the data is sent. This all takes upvaluable time and network resources. UDP packets are a lot smaller than TCP packets and they are very useful if a really reliable connection is not that necessary. Protocols that use UDP include TFTP.
Layer 3 – Network Layer
The Network Layer takes the segments from the Transport Layer and breaks them down into smaller units called packets. Most network engineers refer to data as packets, no matter what the OSI layer, which is fine; however, just remember that they are technically packets at the Network Layer.
The Network Layer must determine the best path to take from one network to another; for this  reason, routers work at this layer. Routers use logical addressing here, and TCP/IP addressing is called IP addressing, which will be covered in detail later.
Layer 2 – Data Link Layer
The Data Link Layer chops down packets into smaller units referred to as frames. Layer 2
switches work at this layer and use hardware or MAC addresses, so they can switch traffic much faster because there is no need to check IP addresses and routing tables. WAN protoco ls work at Layer 2, including HDLC, ISDN, and PPP. Ethernet also works at Layer 2.
In order to interface with the upper and lower levels, the Data Link Layer is further subdivided into the Logical Link Control (LLC) Sublayer and the Media Access Control (MAC) Sublayer. The LLC Sublayer interfaces with the Network Layer and the MAC Sublayer interfaces with the Physical Layer.
Layer 1 – Physical Layer
At this layer, frames are converted into bits for placing on the wire. These bits consist of
electrical pulses, which are read as “on” and “off” bits, or in binary 1s and 0s, respectively. Hubs work at this layer, and here is where you will find cable specifications, such as RJ45.

The TCP/IP, or DoD, Model
The TCP/IP model is another framework and an alternative to the OSI model. The TCP/IP model is a four or five-layered model created by an association known as DARPA. It is also known as the Department of Defense (DoD) model. The four layers from the top down are as follows:
4 – Application [Telnet/FTP/DNS/RIP]
3 – Transport/Host-to-Host [UDP/TCP/ICMP]
2 – Internet or Internetwork [IPSec/IP]
1 – Link/Network Interface [Frame Relay/Ethernet/ATM]
The TCP/IP model has been updated from four to five layers, so you may be asked questions about a five-layered TCP model in the exam. The upper layers are closer to the end-user and the lower layers describe how the technology or protocols interact with other systems. The five layered TCP model is as follows:
5 – Application [Telnet/FTP/DNS/RIP/HTTP]
4 – Transport/Host-to-Host [UDP/TCP/ICMP]
3 – Network [IPSec/IP]
2 – Data Link [Ethernet/Frame Relay/PPP]
1 – Link/Network Interface/Physical [Bits on the wire]
A five-layered TCP model allows for more granularity and it more accurately represents what  actually occurs before data is put onto the wire. For example, at Layer 2 encapsulation of data occurs and addressing takes place (i.e., Data Link addressing). Cisco seem to prefer the five layered model when it comes to exam questions.
Data is encapsulated as it travels down from the Application Layer to the Physical Layer in
exactly the same way as demonstrated in the OSI model, as illustrated in Table 1.3 below:

You may be asked how the TCP/IP model maps to the OSI model. This is illustrated below

Cisco now prefer the (new) TCP model over the OSI model as a network framework, but they still expect you to understand the OSI model and thus have left it in the syllabus for now.

TCP/IP
TCP/IP is a complete suite of protocols and services which enable communication to take place over networks. Earlier competitors to TCP/IP, such as IPX/SPX, have all but died out due to their lack of adoption and ongoing development.
TCP/IP is a freely available and free to use set of standards maintained by the Internet Engineering Task Force (IETF), and it is used for end-to-end device connectivity. It has been developed and improved upon through submission of Requests for Comments (RFCs), which are documents submitted by engineers to convey new concepts or for peer review. One example is Network Address Translation (NAT) discussed in RFC 2663. IETF adopted some of these RFCs as Internet standards. You can learn more about the IETF and RFCs at the link below:
www.ietf.org/rfc.html
TCP/IP offers many services but many are outside the scope of the CCNA exam and will not be covered. I will also omit those covered in other sections, such as DNS and DHCP. The following sections outline the basics of TCP/IP. Because the CCNA isn’t a basic networking exam, it is expected that you already have a good grasp of networking concepts such as those learned in the Network+ exam from CompTIA.

Transmission Control Protocol (TCP)
TCP operates at the Transport Layer of the OSI model. It provides a connection-oriented service for reliable transfer of data between network devices. TCP also provides flow control, sequencing, windowing, and error detection. It attaches a 32-bit header to the Application Layer data, which is in turn encapsulated in an IP header. TCP is described in RFC 793. Common TCP ports include the following:
FTP Data – 20
FTP Control -21
SSH – 22
Telnet – 23
SMTP – 25
DNS – 53 (also uses UDP)
HTTP – 80
POP3 – 110
NNTP – 119
NTP – 123
TLS/SSL – 443
Internet Protocol (IP)
IP operates at the Network Layer of the OSI model. It is connectionless and is responsible for transporting data over the network. IP addressing is a function of Internet Protocol. IP examines the Network Layer address of every packet and determines the best path for that packet to take to reach its destination. IP is discussed in detail in RFC 791.
User Datagram Protocol (UDP)
UDP also operates at the Transport Layer of the OSI model. It transports information between network devices but, unlike TCP, no connection is established first. UDP is connectionless, gives best-effort delivery, and gives no guarantee that the data will reach its destination. UDP is much like sending a letter with no return address. You know it was sent, but you never know if the letter got there.
UDP consumes less bandwidth than TCP does and is suitable for applications in which low
latency is preferred over reliability or guarantees. Both TCP and UDP are carried over IP. UDP is described in RFC 768. Common UDP port numbers include the following:
DNS – 53
TFTP – 69
SNMP – 161/162

File Transfer Protocol (FTP)
FTP operates at the Application Layer and is responsible for reliably transporting data across aremote link. Because it has to be reliable, FTP uses TCP for data transfer.
You can debug FTP traffic with the #debug ip ftp command. FTP uses ports 20 and 21. Usually, a first connection is made to the FTP server from the client on port 21. A second data connection is then made either leaving the FTP server on port 20 or from a random port on the client to port 20 on the FTP server.
Trivial File Transfer Protocol (TFTP)
For less reliable transfer of data, TFTP provides a good alternative. TFTP provides a
connectionless transfer by using UDP port 69. TFTP can be difficult to use because you have to specify exactly the directory in which the file is located.
To use TFTP, you need to have a client (the router, in your case) and a TFTP server, which could be a router or a PC, or a server on the network (preferably on the same subnet). You need to have TFTP software on the server so the files can be pulled off it and forwarded on to the client.

TFTP is used extensively on Cisco routers to back up configurations and upgrade the router. The following command will carry out these functions:
RouterA#copy tftp flash:
You will be prompted to enter the IP address of the other host in which the new flash file is
located:
Address or name of remote host []? 10.10.10.1
You will then have to enter the name of the flash image on the other router:
Source filename []? / c2500-js-l.121-17.bin
Destination filename [c2500-js-l.121-17.bin]?
If you have an older version of IOS, you may be prompted to erase the flash on your router before copying, and then the file will be transferred. When the router reloads, your new flash image should be available for use.
Other optional commands are copy flash tftp if you want to store a backup copy or copy
running config tftp if you want to back up your running configuration file.
You can run a debug on TFTP traffic with the debug tftp command.
Simple Mail Transfer Protocol (SMTP)
SMTP defines how e-mails are sent to the e-mail server from the client. It uses TCP to ensure a reliable connection. SMTP e-mails are pulled off the SMTP server in different ways, and SMTP is used as an e-mail delivery service by most networks. POP3 is another popular way to do this. POP3 is a protocol that transfers the e-mail from the server to the client. SMTP uses TCP port 25.
Hyper Text Transfer Protocol (HTTP)
HTTP uses TCP (port 80) to send text, graphics, and other multimedia files from a web server to clients. This protocol allows you to view web pages, and it sits at the Application Layer of the OSI model. HTTPS is a secure version of HTTP that uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt the data before it is sent.
You can debug HTTP traffic with the debug ip http command.
Telnet
Telnet uses TCP (port 23) to allow a remote connection to network devices. You will learn more about Telnet in the labs. Telnet is not secure so many administrators are now using Secure Shell (SSH), which uses TCP port 22, as an alternative to ensure a secure connection. Telnet is the only utility that can check all seven layers of the OSI model, so if you Telnet to an address, then all seven layers are working properly. If you can’t Telnet to another device, it doesn’t necessarily indicate a network problem. There could be a firewall or an access control list blocking the connection purposely, or Telnet may not be enabled on the device. In order to connect remotely to a Cisco router or switch, there must be an authentication method for VTY lines configured on the router. If you are trying to Telnet to another device but cannot connect to it, you can enter Ctrl+Shift+6 and then enter X to quit. To quit an active Telnet session, you can simply type exit or disconnect.
You can debug Telnet with the debug telnet command.
Internet Control Message Protocol (ICMP)
ICMP is a protocol used to report problems or issues with IP packets (or datagrams) on a
network. ICMP is a requirement for any vendor who wishes to use IP on their network. When a problem is experienced with an IP packet, the IP packet is destroyed and an ICMP message is generated and sent to the host that originated the packet.
As defined in RFC 792, ICMP delivers messages inside IP packets. The most popular use of ICMP is to send ping packets to test the network connectivity of remote hosts. A ping command issued from a network device generates an echo request packet that is sent to the destination device. Upon receiving the echo request, the destination device generates an echo reply.Because pings also have a Time to Live (TTL) field, they give a good indication of network latency (delay). The ping output below is from a desktop PC:
C:\>ping cisco.com
Pinging cisco.com [198.133.219.25] with 32 bytes of data:
Reply from 198.133.219.25: bytes=32 time=460ms TTL=237
Reply from 198.133.219.25: bytes=32 time=160ms TTL=237
Reply from 198.133.219.25: bytes=32 time=160ms TTL=237
Reply from 198.133.219.25: bytes=32 time=180ms TTL=237
Ping statistics for 198.133.219.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 160ms, Maximum = 460ms, Average = 240ms

In the output above, the ping packet is 32 bytes long, the Time field reports how many
milliseconds the response took, and the TTL is the Time to Live field (i.e., how many
milliseconds before the packet expires).

Traceroute
Traceroute is a very widely used facility which can test network connectivity and is a handy tool for measurement and management. Traceroute follows the destination IP packets by sending UDP packets with a small maximum TTL field, and then listens for an ICMP time-exceeded response. As the Traceroute packet progresses, the records are displayed hop by hop. Each hop is measured three times. An asterisk [*] indicates that a hop has exceeded its time limit.

Address Resolution Protocol (ARP)
Two types of addressing are used to identify network hosts – the IP (or Layer 3) address and the local (or Data Link Layer) address. The Data Link Layer address is also commonly referred to as the MAC address. Address resolution, as defined in RFC 826, is the process in which the IOS determines the Data Link Layer address from the Network Layer (or IP) address. ARP resolves a known IP address to a MAC address. When a host needs to transfer data across the network, it needs to know the other host’s MAC address. The host checks its ARP cache and if the MAC address is not there, it sends out an ARP Broadcast message to find the host, as illustrated in Figure 1.18 below:

You can debug ARP with the debug arp command.
An ARP entry is required for communication across the network. You can see that a Broadcast has taken place if there is no ARP entry. It is also important to understand that ARP tables on routers and switches are flushed after a certain amount of time (four hours by default) to conserve resources and prevent inaccurate entries.
Proxy ARP

Proxy ARP (see Figure 1.19 below) is defined in RFC 1027. Proxy ARP enables hosts on an
Ethernet network to communicate with hosts on other subnets or networks, even though they have no knowledge of routing.
If an ARP Broadcast reaches a router, it will not forward it (by default). Routers do not forward Broadcasts, but if they do know how to find the host (i.e., they have a route to it), they will send their own MAC address to the host. This process is called proxy ARP and it allows the host to send the data thinking it is going straight to the remote host. The router swaps the MAC address and then forwards the packet to the correct next hop.

Expanding upon the previous point, part of the exam requirements is understanding how
addressing changes as packets traverse the network. As the packet traverses the network, there must be a way for each end device to communicate, but also a way for intermediary devices to be able to exchange the next-hop address for the packet to traverse. Proxy ARP provides the answer again. The source and destination IP address never change but in order for the packet to be passed to a next-hop address, the MAC address (in the frame) changes between devices.
In Figure 1.20 below, the frame will leave HOST A with the source IP address 192.168.1.1, the destination IP address 172.16.1.2, the source MAC address AAAA:AAAA:AAAA, and the
destination MAC address AAAA: AAAA:BBBB. R1 will retain the IP addresses but change the
source address to AAAA:AAAA:CCCC. By the time the packet leaves R2 for HOST B, the IP
addresses will not have changed but the source MAC address is now AAAA:AAAA:DDDD and the destination MAC address is AAAA:AAAA:EEEE.

Reverse Address Resolution Protocol (RARP)
RARP maps a known MAC address to an IP address. Hosts such as diskless workstations (also known as thin clients) know their MAC address when they boot. They use RARP to discover their IP address from a server on the network.
Gratuitous Address Resolution Protocol (GARP)
GARP is a special ARP packet. A normal host will always send out a GARP request after the link goes up or the interface is enabled. Gratuitous in this case means a request/reply that is not normally needed according to the ARP RFC specification but could be used in some cases. A gratuitous ARP request is an ARP request packet where the source MAC, the source IP, and the destination IP addresses are all set to the IP address of the machine issuing the packet, and the destination MAC is the Broadcast address FFFF: FFFF: FFFF. Ordinarily, no reply packet will occur.
A GARP reply is one to which no request has been made (if you see a GARP reply, that means another computer on the network has the same IP address as you have). GARP is used when a change of state happens in FHRP protocols (e.g., HSRP; this will be covered later), with the objective of updating the Layer2 CAM table. We will discuss GARP again in the IPv6 section.
Simple Network Management Protocol (SNMP)
SNMP is used for network management services. An SNMP management system allows network devices to send messages called traps to a management station. This informs the network administrator of any faults on the network (such as faulty interfaces), high CPU utilisation on servers, etc. You can debug SNMP traffic with the debug snmp command. SNMP uses UDP ports 161 and 162.
Hyper Text Transfer Protocol Secure (HTTPS)
TLS, and the older protocol SSL, is used for secure communication over the Internet, which is carried out by means of cryptography. You will also find these used for e-mail and Voice over IP (VoIP), and when surfing sites which begin with the URL https://. HTTP with TLS/SSL (HTTPS) uses port 443.
Cables and Media
Cabling and cable-related issues will become part of your day-to-day routine as a network engineer. You will need to know which cables plug into which devices, the industry limitations, and how to configure equipment for use with the correct cable type.
LAN Cables
Ethernet Cables
Most cable-related network problems will occur on the Local Area Network (LAN) side rather than on the Wide Area Network (WAN) side due to the sheer volume of cables and connectors, and the higher frequency of reseating (unplugging and plugging in) the cables for device moves and testing.
Ethernet cables are used to connect workstations to the switch, switch-to-switch, and switch-to-router. The specifications and speeds have been revised and improved many times in recent years, which means you can soon expect today’s standard speeds to be left behind for new and improved high-speed links right to your desktop. The current standard Ethernet cable still uses eight wires twisted into pairs to prevent electromagnetic interference (EMI), as well as crosstalk, which is a signal from one wire spilling over into a neighbouring cable.
Cable categories, as defined by ANSI/TIA/EIA-568-A, include Categories 3, 5, 5e, and 6. Each one gives standards, specifications, and achievable data throughput rates, which can be achieved if you comply with distance limitations. Category 3 cabling can carry data up to 10Mbps. Category 5 cabling is primarily used for faster Ethernet networks, such as 100BASE-TX and 1000BASE-T.
Category 5e cabling uses 100-MHz-enhanced pairs of wires for running GigabitEthernet
(1000Base-T). Finally, with Category 6 cabling, each pair runs 250 MHz for improved 1000Base-T performance. (“1000” refers to the speed of data in Mbps, “Base” stands for baseband, and “T” stands for twisted pair.) Table 1.6 below demonstrates some common Ethernet standards you should be familiar with:

Cisco like to sneak cable specification questions into the exam from time to time, so make sure you memorise the table above.
Duplex
When Ethernet networking was first used, data was able to pass on the wire in only one direction at a time. This is because of the limitations of the cables used at that time. The sending device had to wait until the wire was clear before sending data on it, without a guarantee that there wouldn’t be a collision. This is no longer an issue because a different set of wires is used for sending and receiving signals.
Half duplex means that data can pass in only one direction at a time, while full duplex means that data can pass in both directions on the wire at the same time (see Figure 1.22). This is achieved by using spare wires inside the Ethernet cable. All devices now run at full duplex unless configured otherwise.

You will still be expected to understand and troubleshoot duplex issues in the exam; we will cover troubleshooting Layer 1 and Layer 2 issues later in this guide. You can easily check an interface’s duplex settings with the show interface X command.
Switch#show interface FastEthernet0/1
FastEthernet0/1 is down, line protocol is down (disabled)
Hardware is Lance, address is 0030.a388.8401 (bia 0030.a388.8401)
BW 100000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, Loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s

If this interface was connected to a full-duplex device, you would see interface errors immediately and experience slow traffic on the link. You can also issue the show interfaces status command on a live switch, although this command may not work in the exam because a router simulator has limited commands (same for Packet Tracer). You can see possible issues with interface Fast Ethernet 1/0/2 below:
Switch#show interfaces status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 notconnect 1 auto auto 10/100BaseTX
Fa1/0/2 notconnect 1 half 10 10/100BaseTX
Fa1/0/3 notconnect 1 auto auto 10/100BaseTX
Fa1/0/4 notconnect 1 auto auto 10/100BaseTX
Fa1/0/5 notconnect 1 auto auto 10/100BaseTX
And of course you can fix this issue easily, as shown below:
Switch(config)#int f1/0/2
Switch(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
Switch(config-if)#duplex full

Please do try this and all the other commands on live Cisco equipment, GNS3, or at least Packet Tracer in order to remember them! We will cover the speed setting next. Speed
You can leave the speed of the Ethernet port on your routers or switches as auto- egotiate, or you can hard set them to 10Mbps, 100Mbps, or 1000Mbps.
To set the speed manually, you would configure the router as follows

Router#config t
Router(config)#interface GigabitEthernet 0/0
Router(config-if)#speed ?
10 Force 10 Mbps operation
100 Force 100 Mbps operation
1000 Force 1000 Mbps operation
auto Enable AUTO speed configuration
The following commands would allow you to view the router Ethernet interface settings:
Router#show interface FastEthernet0
FastEthernet0 is up, line protocol is up
Hardware is DEC21140AD, address is 00e0.1e3e.c179 (bia 00e0.1e3e.c179)
Internet address is 1.17.30.4/16
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, Loopback not set, keepalive set (10 sec)
Half-duplex, 10Mb/s, 100BaseTX/FX

Straight Cables
Each Ethernet cable contains eight wires and each wire connects to a pin at the end. The
position of these wires when they meet the pin determines what the cable can be used for. If each pin on one end matches the other side, then this is known as a straight-through cable. These cables can be used to connect an end device to an Ethernet port on a switch, and a switch to a router. You can easily check whether the wires match by comparing one side of the cable to the other, as shown in Figures 1.25 and 1.26 below:

Crossover Cables
By swapping two of the wires on the cable, it can now be used to connect a PC to a PC (without the use of a switch or a hub, although Auto-MDIX ports on newer network interfaces detect whether the connection requires a crossover, and automatically chooses the MDI or MDIX configuration to properly match the other end of the link) or a switch to a switch. The wire on pin 1 on one end needs to connect to pin 3 on the other end, and pin 2 needs to connect to pin 6 on the other end (see Figure 1.27). I have created my own colour scheme for the cables purely to illustrate my point – red, yellow, blue, green, cyan, pink, magenta, and lilac.

Rollover/Console Cables
All Cisco routers and switches have physical ports to connect to for initial set up and disaster recovery or access. These ports are referred to as console ports and you will regularly use these as a Cisco engineer. In order to connect to this port, you need a special type of cable called a rollover or console cable (see Figure 1.28). It can sometimes be referred to as a flat cable because, as opposed to most round-bodied Ethernet cables, it is often flat along its body.
A rollover cable swaps all pins (see Figure 1.29), so pin 1 on one end goes to pin 8 on the other end, pin 2 goes to pin 7, and so on.


Rollover cables usually have an RJ45 connection on one end and a 9-pin D-shaped connectionon the other end, which is designed to connect to the COM port on a PC or laptop. The trouble is that devices no longer come with these ports, as they were so rarely used. You can now buy a DB9-to-USB converter cable (see Figure 1.30) from many electrical stores or online. They come with software drivers which allow you to connect a logical COM port on your PC via a terminal programme, such as PuTTY or HyperTerminal.
Cisco have started to put mini-USB ports (in addition to RJ45 ports) on their devices to allow for console port connectivity using the USB Type A to 5-pin mini-Type B cable. If both console cables are plugged in at the same time, the mini-USB cable takes precedence and becomes active. Figures 1.31 and 1.32 below show the different connection types.

Connecting to a Router
The first time you connect to a router or a switch, it can seem a little daunting. We have
covered console connections above, so once you connect the cable, you will need to use a
terminal emulation programme on your PC or laptop. This will allow you to see router output and type in the configuration commands.
HyperTerminal has been the default for many years, and you may need to use this still if you need to perform disaster recovery; however, for now you can stick to PuTTY, which is very widely used. You can download PuTTY from www.putty.org. An old-fashioned connection using the COM port on a PC almost always uses a logical port on it labelled COM1 or COM2. You can see the facility of using this on PuTTY, which actually calls this a serial connection. If you are using HyperTerminal, you will also need to select more connection parameters, such as baud rate.
When you turn on the router, if you have selected the correct COM port AND plugged the
rollover cable into the console port (instead of a different port by accident), you should see the router boot-up text . If you can’t see any text, hit the Enter key a few times and then double-check your settings.
Router Modes
In order to pass the CCNA exam, you will need to understand which router prompt you should start from to perform various actions. Whatever function you wish to perform, you will have to be in the correct mode (signified by the router prompt). This is the biggest mistake novice students make when they are having problems configuring the router and cannot find the right command to use. Make sure you are in the correct mode!
User Mode
The first mode you will be presented with when the router boots is known as User mode or User Exec mode. User mode has a very limited set of commands that can be used, but it can be useful for looking at basic router elements. The default name of the router is “Router” but this can be changed, as you will see later.
Router>
Privileged Mode
Typing enable at the User prompt takes you into the next mode, known as Privileged mode or Privileged Exec mode. To get back to User mode, you simply type disable. To quit the session altogether, type logout or exit.
Router>enable
Router#
Router#disable
Router>
Privileged mode is very useful for looking at the entire configuration of the router, the statistics about how it is performing, and even which modules you have connected to the router. At this prompt, you would type show commands and troubleshoot with debug commands.
Global Configuration Mode
In order to configure the router, you have to be in Global Configuration mode. To get to Global Configuration mode, you simply type configure terminal, or config t for short, at the Privileged Exec prompt. Alternatively, just type config and the router will ask you which mode you would like to enter. The default is terminal (the default options will be shown inside the square brackets [ ]). If you press Enter, the command inside the brackets will be accepted.
Router#config
Configuring from terminal, memory, or network[terminal]? ← press Enter
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Interface Configuration Mode
Interface Configuration mode allows you to enter commands for individual router interfaces, such as FastEthernet, Serial, etc. On a new router, all of the interfaces will be shut down by default, with no configuration present.
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0
Router(config-if)#
Line Configuration Mode
Line Configuration mode is used to make any changes to the console, Telnet, or auxiliary ports (if your router has these). You can control who can access the router via these ports, as well as put passwords or a security feature called “access control lists” on them.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line console 0
Router(config-line)#
You can also configure baud rates, exec levels, and more in Line Configuration mode.
Router Configuration Mode
In order to configure a routing protocol onto the router so it can dynamically build a picture of the network, you will need to be in Router Configuration mode.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router rip
Router(config-router)#
VLAN Configuration Mode
This mode actually only applies to switches but it’s worth mentioning it here while we are discussing modes. You will spend a lot of time in this mode when configuring the switching labs in this book.
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#
Routers equipped with Ethernet switch cards use VLAN Database Configuration mode (this mode is deprecated on switches), which is similar to VLAN Configuration mode:
Router#vlan database
Router(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Router(vlan)#exit
APPLY completed.
Exiting….
Router#
Configuring a Router

There are no menus available on a router, and you cannot use a mouse to navigate between the different modes, as it is all done via the command line interface (CLI). There is, however, some context-sensitive help in the form of the [?] keyword. If you type a question mark at the router prompt, you will be presented with a list of all the available commands. Please note that you will only see the commands available for your mode. If you want to see interface configuration commands, you must be at the interface prompt.

Router#?
Exec commands:
access-enable        Create a temporary Access-List entry
access-profile         Apply user-profile to interface
access-template     Create a temporary Access-List entry
alps                         ALPS exec commands
archive                    manage archive files
— More –
If there is too much information to display on the screen, you will see the — More — tab. If you want to see the next page, press the space bar. If not, hold down the Ctrl+Z keys together or press “Q” to get back to the router prompt.
In addition, if you have started to type a command but forget what else you need to type in, using the question mark will give you a list of options available. The [?] keyword WILL work in the CCNA exam, but if you are using it, you didn’t follow all my labs!
Router#cl?
clear clock
If you begin to type out a command, as long as there is only one possible word or command available with that syntax, you can press the Tab key to have it completed for you.
Router#copy ru ← press the Tab key here
Router#copy running-config
The router has several modes from which to choose. This is to ensure that you do not make changes to parts of the router configuration you do not intend to change. You can recognise which mode you are in by looking at the command prompt. For example, if you wanted to make some changes to one of the FastEthernet interfaces, you would need to be in Interface Configuration mode.
First, go into Global Configuration mode:
Router#config t
Router(config)#
Next, tell the router which interface you want to configure:
Router(config)#interface FastEthernet0
Router(config-if)#exit
Router(config)#
If you are not sure which way to enter the interface number, then use the [?] keyword. Do not worry about all of the choices you will be given. Most people only use the FastEthernet, Serial, and Loopback interfaces.
Router(config)#interface ?
Router(config)#interface FastEthernet?
Router(config)#interface FastEthernet0
Finally, the router drops into Interface Configuration mode:
Router(config-if)#
From here, you can put an IP address on the interface, set the bandwidth, apply an access
control list, and do a lot of other things. Please note that your router and switch may well have different interface numbers from mine, so use the ? or show ip interface brief
commands to see your options. If you ever need to exit out of a configuration mode, simply type exit. This takes you back to the next-highest level. To quit any sort of configuration mode, simply press Ctrl+Z together (or type end).
Router(config-if)#exit
Router(config)#
Or, if using the Ctrl+Z option:
Router(config-if)#^z
Router#
Loopback Interfaces
Loopback interfaces are not normally covered in the CCNA syllabus, but they are very useful in the real world and for practice labs. A Loopback interface is a virtual or logical interface that you configure, but it does not physically exist (so you will never see it on the router panel). The router will let you ping this interface, though, which will save you from having to connect devices to the FastEthernet interfaces in the labs.
An advantage of using Loopback interfaces is that they always remain up, if the router is
working, because they are logical, meaning they can never go down. However, you cannot put a network cable into the Loopback interface because it is a virtual interface.
Router#config t
Router#(config)#interface Loopback0
Router#(config-if)#ip address 192.168.20.1 255.255.255.0
Router#(config-if)#^z ← press Ctrl+Z
Router#
Router#show ip interface brief 
Loopback interfaces have to be given a valid IP address. You can then use them for routing
protocols or for testing your router to see whether it is permitting certain traffic. You will be using these interfaces a lot throughout the course.
Editing Commands
It is possible to navigate your way around a line of configuration you have typed rather than deleting the whole line. The following keystrokes will move the cursor to various places in the line:
Keystroke        Meaning
Ctrl+A             Moves to the beginning of the command line
Ctrl+E              Moves to the end of the command line
Ctrl+B              Moves back one character
Ctrl+F               Moves forward one character
Esc+B               Moves back one word
Esc+F                Moves forward one word
Ctrl+P or up arrow Recalls the previous command
Ctrl+N or down arrow Recalls the next command
Ctrl+U               Deletes a line
Ctrl+W              Deletes a word
Tab                     Finishes typing a command for you
Show history         Shows the last 10 commands entered by default
Backspace             Deletes a single character