NET 102 - Networking Essentials II

Chapter 5, IP Configuration; Chapter 6, Switch Management

Objectives:

This lesson reviews IP basics and some details about switches. Objectives important to this lesson:

1. IP addressing
2. Subnets
3. Routing
4. DHCP and DNS
5. Wiring UTP to Connectors
6. Switches
7. VLANs
8. Trunk lines
9. Spanning tree
   

Concepts:

Chapter 5, IP Review

Testout begins chapter 5 with a discussion of IP addressing . We are told that messages need to be addressed, partly for the good of the network. Imagine the millions of users on the Internet at any given moment, all sending broadcast messages, and the horrible traffic jam that would create. We can imagine the message units converging on a particular PC as being some kind of ordinance, bent on destroying the device at the end. It would not be just the end device that would melt down, but most of the Internet's supporting structure if this were allowed.  So, we consider the economy of IP addresses.

First, know that the dotted decimal notation we have seen for IPv4 addresses is an illusion. Real systems send addresses as binary numbers. This should not be a surprise: all computers send data in a binary format. You should get comfortable converting decimal to binary, and binary to decimal, using a calculator and by hand. This part of the material will give you some practice.

Recall that every MAC address on a network must be unique (and every MAC address in the world, for that matter), and that every IP address on a network must be unique. The leads to a useful observation: if you can get to a command prompt, knowing two commands will show you the IP address and MAC address of most computers:

• ipconfig - good for Windows operating systems (typically used by entering ipconfig /all)
  
• ifconfig - good for UNIX, Linux, and Mac OS X operating systems
  

These commands will give you more useful information as well, but we are concerned with those addresses right now.

If you do not know how IP addresses work, imagine five computers connected to a wiring concentrator (which could be a hub, a switch, or a router). All five PCs have IP addresses, which are all the same except for the fourth number. It is a good bet that the first three numbers identify the LAN these computers are on. We could be certain of this if we knew the subnet mask for this network. The subnet mask is something you tell network devices, typically when you assign an address to them.

To pass the certification test for this course, you will need to be able to convert decimal notation to binary notation and vice versa. You will need to know a conversion method to pass the test, so we will discuss this one in class.

Values of Positions in a Byte

Bit position:	7	6	5	4	3	2	1	0
Value of Position (if a 1 is in it):	128	64	32	16	8	4	2	1

Like decimal numbers, binary and hex numbers use a positional value scheme. Each digit in a number is worth that digit times the value of the position it occupies. For example, in the decimal number 725, the 7 is worth 7 times 100, the 2 is worth 2 times 10, and the 5 is worth 5 times 1.

Binary is easier, since the only digits we can use are 1s and 0s. The largest number that can be stored in one byte is 255. This is the sum of the values of all the the positions in the byte. Converting a binary number to decimal is simple: add the values of all the positions that hold a one. The only trick is to have a clear memory of the value of each position. They are all powers of two. Start on the right with 1, and double the value for the each new position, moving to the left: 1, 2, 4, 8, 16, 32, 64, and 128.

When you convert a decimal number to binary, do a series of subtraction problems, one for each position in the byte, starting from the left. For example, let's convert 175 to binary.

1. Ask yourself this question for each bit position: Can I subtract the value of this bit from the current number? You must be able to do it without getting a negative result. Remainders are okay.
   So, can you subtract 128 (a bit position value) from 175 (our current number)? Yes, you can. So you write a one in the 128 bit position, and do the math: 175 - 128 = 47.
2. Can you subtract 64 from 47? No, so you write a zero in the 64 bit position.
3. Can you subtract 32 from 47? Yes, so write a one in the 32 bit position, and do the math: 47 - 32 = 15.
4. Can you subtract 16 from 15? No, so you write a zero in the 16 bit position.
5. Can you subtract 8 from 15? Yes, so write a one in the 8 bit position, and do the math: 15 - 8 = 7.
6. Can you subtract 4 from 7? Yes, so write a one in the 4 bit position, and do the math: 7 - 4 = 3.
7. Can you subtract 2 from 3? Yes, so write a one in the 2 bit position, and do the math: 3 - 2 = 1.
8. When you have 1 left, write a one in the 1 bit position. This will always be done for odd numbers.
   If there is no remainder at any of the steps, write a zero in each of the remaining bit positions.

The IP protocol stack was invented with networking in mind. IP addresses contain two parts: one to identify the address of the network a host is on, and the other part to identify the host itself. Every network is assigned an address which, according to the original design, could be one, two, or three bytes, depending on the class of the network (A, B, or C). The remaining byte or bytes are typically used for hosts on networks. (It gets more complex, but this is how we start.)

There are five address classes you need to know. The first three classes can be described by the number of bytes assigned to the network portion of their addresses:

• one byte identifies a class A network
• two bytes identify a class B network
• three bytes identify a class C network

Class D and E addresses use portions of the fourth byte as well for network addressing. You may wish to know that only class A, B, and C addresses are for general use. Class D addresses are for multicasting (messages to groups of machines), and class E addresses are for experimental use.

One way to recognize the class of a given address is to know the range of possible addresses in each class. The five classes of addresses are defined as limited to specific ranges of values of the first byte. The numeric ranges are hard to remember until you see a chart that explains what the ranges have to do with the binary version of the first octet (byte).

Remember the basics of binary notation: a byte has eight bits. Each bit is a digit in a binary number. Since we can only use 1s and 0s in binary notation, we either have (1) or don't have (0) the number of units represented by a position in the binary number.

Values of Positions in a Byte

Bit position:	7	6	5	4	3	2	1	0
Value of Position (if a 1 is in it):	128	64	32	16	8	4	2	1

Reading from left to right, if the first bit (position 7, above) of the first octet (another word for a byte) is a zero, that octet must represent a number less than 128. This defines a class A address: the first octet must be 127 or less. Consider it this way:

• Class A - first bit is a 0, range for the byte is 0 to 127
• Class B - first bit is a 1, second is a 0, range for the byte is 128 to 191
• Class C - first two bits are 1s, third is a 0, range for the byte is 192 to 223
• Class D - first three bits are 1s, fourth is a 0, range for the byte is 224 to 239
• Class E - first four bits are 1s, fifth is a 0, range for the byte is 240 to 255

What good does it do to know the class of a network? That brings us back to a subnet mask. If I tell a device that its address is 10.25.31.46, it does not know which part of that address identifies the network until I tell it the subnet mask to use.

A subnet mask is like a pattern or filter. It tells hosts on a network which bits in an address are network address bits and which bits are host address bits. It does it by the use of 1s and 0s. Consider the table below that shows you three simple masks:

Network devices read a mask to learn how to interpret addresses. A mask is always a series of 1s followed by a series of 0s. It is never a jumble. Address positions marked by 1s in a mask are considered network address positions. Address positions marked by 0s in a mask are considered host address positions.

Another way of saying this is that certain address bits are considered to be network address bits and the rest are considered host address bits. The actual method used involves Boolean math, but understanding it is not critical to understanding or using the concept. When a device reads an actual IP address, the rule from the subnet mask is applied, and the device understands which bits are the net address and which are the host address.

If you need another metaphor, think about this one. A router on a class C network might receive traffic bound for device 204.112.44.16. When received, that address would look like this:
11001100011100000010110000010000
(No dots, remember?)

A subnet mask is like a filter that only shows a portion of an address to a device. Routers only care about the network portion of an address. Imagine a pair of glasses that has one red lens and one blue lens. Imagine that the subnet mask colors all the bits of an incoming address so that the network bits are red and the host bits are blue. On a class C network, the subnet mask is 255.255.255.0, so the address would look like this:
11001100011100000010110000010000

The router would look at the address through a filter that would show it only the network address portion. This would be like looking through the blue lens, hiding the host portion of the address.
11001100011100000010110000010000

If this traffic were received by a device that cared only about the host portion of the address, it would be like looking through the red lens.
11001100011100000010110000010000

Subnet masks are also used when we subdivide a network, creating subnets. More on that shortly.

In my example above, the host was assigned 10.25.31.46 as its address. If it uses a class A mask, that means it is on network 10.0.0.0. If it uses a class B mask, that means it is on network 10.25.0.0. If it uses a class C mask, that means it is on network 10.25.31.0.

Why is it important to know what the network address is? Because we need to know whether we are sending to a machine on our own network or some other network. If it is on another network, we need to send the packets to a router, a device whose job is to connect two or more networks together. There may be more than one router on our network. Whether there is or not, a standard piece of information to give to a device is the address of its default gateway, the router on its network that gets all packets bound for other networks.

Let's assume for a minute that the mask we gave to the host in the example above was 255.255.0.0. This means that the address of the network this host is on is 10.25.0.0. The text mentions that the default gateway on a network is usually given the first address, which would be 10.25.0.1 in this case.

By the way, why isn't the first address on that network 10.25.0.0? That's the network's address, which is never assigned to a host. One way to remember that is that all the host bits are set to 0, which would not identify any machine. Another address never assigned to a host is the broadcast address for the network. The broadcast address is computed by taking the network address and turning on all host bits (making them all 1s). How do I know which are the host bits? Go back and look at the subnet mask again. In this example the third and fourth bytes are the host bits. That makes this network's broadcast address 10.25.255.255,

Remember when I told you that some networks would work just fine using only OSI layers 1 and 2? That's because you only need to know MAC addresses to reach another machine on your own network. What if you don't know their MAC addresses? You can get MAC addresses for local network devices by sending a broadcast request for them using ARP, Address Resolution Protocol. The ARP broadcast is sent to all local network devices, but it asks for the MAC address of a device that has a specific IP address, typically the one in a message you are trying to pass on. That's what routers do when a message arrives for a device on the router's network.

Quick fact: ARP is used to get a MAC address when you know an IP address.
RARP, Reverse Address Resolution Protocol, used to be used to get an IP address when you knew a MAC address: typically, a workstation would use RARP to ask to be assigned an IP address.
Some authors refers to RARP as being long dead. You could still see a question about it on certification test, so know something about it.
RARP is unnecessary if you are using DHCP to assign IP addresses, or if your workstations use BOOTP to ask for IP address assignment.

Routers pass signals from one network to another. Routers use software addresses instead of hardware addresses. This makes them independent of protocols used at lower layers. Almost. Example: a transmission is sent from a host on network 10.25.0.0 to a host on network 10.28.0.0. It could travel along several different routes. What happens is like this:

• The Network Layer header of the outgoing message has a place to write information about the sender and the intended receiver. We are talking about IP addresses. The sender's IP address is saved in the Network Layer header, along with the IP address for the recipient. This data stays in the Network Layer header until the intended recipient breaks down the header.
  

  Layer	Source info	Destination info
  Network layer	Sender's IP	Receiver's IP
  Data Link layer

  
  
• The Data Link Layer header also has a place to write down the address of the sender and the receiver, the difference being that this layer uses MAC addresses. Since the intended recipient is not on the sender's network, the sending station sets the Data Link Layer address of the recipient to the MAC address of the router (default gateway) on its network, and sends the message as a frame to that router. If necessary, an ARP signal is sent to determine the MAC address of the default gateway router.
  

  Layer	Source info	Destination info
  Network layer	Sender's IP	Receiver's IP
  Data Link layer	Sender's MAC	Default Gateway MAC

  
  
• The router on the sender's network gets the frame, erases the sender and recipient addresses in the Data Link Layer (the green layer), and decides on a route to the recipient's network (which is written on the header of the Network layer, remember?). The next router in a logical chain is selected. If necessary, ARP is used to find the MAC address of the next router. The next router's MAC address is written in the Data Link Layer header as the "recipient", and the current router's MAC address is written to the Data Link Layer header as the "sender". The frame is forwarded to the next router.

  Layer	Source info	Destination info
  Network layer	Sender's IP	Receiver's IP
  Data Link layer	Default Gateway MAC	Next router's MAC

  
  
• The process in the step above is repeated until a router on the intended recipient's network gets the frame. Then, the final router's MAC information and the receiver's MAC information are written to the Data Link Layer header, and the frame is delivered, where it is unpacked and handed to the IP protocol on the Network layer, and up the stack of layers.
  

  Layer	Source info	Destination info
  Network layer	Sender's IP	Receiver's IP
  Data Link layer	Final router's MAC	Receiver's MAC

Back to subnet masks for a bit. They are useful to know, but they are a bit bulky. There is another way to pass along subnet mask information. What if I was told that a message was meant for the address 10.28.33.44/16? What's the /16 part for? That's CIDR notation. Classless InterDomain Routing information tells you the subnet mask that an address uses. /16 means that the network the address refers to uses 16 network bits, which is the same thing as saying it has a subnet mask of 255.255.0.0, which is the same as 11111111.11111111.00000000.00000000, but not nearly as boring, or nearly as prone to error.

IP address ranges in the various classes are assigned by the Internet Assigned Numbers Authority (IANA). Ranges of addresses assigned within a given class are called class licenses. Once upon a time, this was done by one person. Now, IANA doles out licenses to Regional Internet Registries (RIRs), who assign them to ISPs (Internet Service Providers).

There is a question on tests about how many hosts you can have on a given network. Class C networks are a good example. Each class C network has 255 host addresses, but you can't assign the first address or the last address to a host. The first address has all host bits set to 0, which makes it the address of the network. The last address has all host bits set to 1, which makes it the IP broadcast address for that network. This is true within any class license: two addresses are not assignable to hosts.

Regarding class D and class E addresses: Class D and E addresses use portions of the fourth byte, as well as the first three, for network addressing. You may wish to know that only class A, B, and C addresses are for general use. Class D addresses are for multicasting (messages to groups of machines), and class E addresses are for experimental use. What's multicasting? When you send a message to all hosts on a network, that's a broadcast. When you send a message to one host on a network, that's a unicast. When you send a message to an address that is shared by several computers, that is a multicast. When they were frequently used, bridges on a network would be assigned their own addresses and a multicast address that they shared, so that they could easily send messages to each other. Routers do this as well.

In addition to not assigning a network address or a broadcast address to hosts, there are some special addresses that are reserved. The list below shows some specific addresses that have special meanings:

• 0.0.0.0 - the default route, used by Cisco routers
• 127.0.0.0 - reserved for loopback. 127.0.0.1 is the Local Host. Any address in the 127.0.0.0 network can work as a loopback address.
  
• All network bits set to 0, host bits set to some number - this means that the host bits are set to something other than 0, and we mean a specific host on the current network.
• All host bits set to 0, network bits set to your network number - this is the address for the network itself
• Network bits all set to 1 - this is the equivalent of using wildcards, meaning all networks
• Host bits all set to 1 - this is the equivalent of using wildcards, meaning all hosts (broadcast address)
• 255.255.255.255 - this is all wildcards, but refers to all hosts on this network

IANA has designated some address ranges as private or unregistered addresses. They are also called nonroutable addresses:

Class	Private Addresses Begin	Private Addresses End
Class A	10.0.0.0	10.255.255.255
Class B	172.16.0.0	172.31.255.255
Class C	192.168.0.0	192.168.255.255

Any address beginning with a 10, for example, is assumed to be a private address. This is the format used in many networks, because it provides lots of addresses for hosts, and lots of room for subnets. (We will discuss this next.)

Within any organization, addresses in these ranges may be used without registering the addresses with IANA. Each address you use within your network must still be unique in your network. The problem is that there is no guarantee whatsoever that any address I use in my organization is not already in use in your organization, which makes direct networking between our networks unreliable, if not impossible.

The magic part: To access the Internet, traffic from a private address network passes through a router that acts as a proxy server, providing a shared connection with a registered address. That router has both a private address on your network, and a registered public address that lets it communicate with other networks. The proxy server shares its public address with the devices on your network, allowing them to send signals to other networks through it. The service that does this sharing of the address is called Network Address Translation (NAT).

Subnetting

Subnetting is the next topic of note. You create subnets by subdividing a network, breaking it into useful subdivisions. Subnetting works by borrowing bits from the host portion of an address, and using those bits to identify subsections of your network. The use of borrowed bits only works because of subnet masks.

By borrowing one bit, two subnets are theoretically possible. However, as a general rule, subnet numbers using all 1s or all 0s are not used, so borrowing one bit will usually not yield any usable subnet addresses. This is why the traditional formula for number of usable subnets is:

2^N - 2 = number of subnets (where N is the number of bits borrowed).

This limitation can be overcome with Cisco routers. The router command to accomplish it is IP subnet-zero. This command allows us to borrow one bit, so this would eliminate the need to subtract 2 from the number of possible subnets. When you are given an exam question, assume that the formula requires you to subtract 2 unless it says otherwise, often in some obscure way.

Assume we borrow two bits. In the table below, you see what the new subnet mask would be for each of the three useful classes. Borrowed bits are shown in red in the resulting subnet mask numbers below:

Subnet Masks if Borrowing 2 Bits

	Decimal Mask	Binary Mask
Class A	255.192.0.0	11111111.11000000.00000000.00000000
Class B	255.255.192.0	11111111.11111111.11000000.00000000
Class C	255.255.255.192	11111111.11111111.11111111.11000000

Note that the subnet masks above do not match the standard masks we learned. The standard masks are called classful masks, because they match the intended use of class address schemes. The masks above are classless, because they do not match any network class.

Be aware that routers on the Internet only use the network bits of an address for routing. Routers connecting subnets within a network must use the network, subnet, and host bits for routing.

Regarding the topic of assigning subnet addresses:

• Each address on a network must be unique. This is true for all IP addresses, not just subnet addresses.
• The network and subnet numbers must be the same for all devices on the same network. A classic error is to assign two workstations to different subnets and expect them to communicate as if they were on the same logical LAN.
• The host portion of the address must not be set to all 1s or all 0s.
• Unless you are told otherwise, the subnet portion of an address must not be set to all 1s or all 0s.
• Plan for growth. You will have to add more stations later to most LANs, and you may have to add more subnets than you need today. In general, you calculate the number of subnets required, then round up to the nearest power of two. Do the same with the number of hosts needed per subnet. You may find that the two goals are in conflict.
• Don't use IP addresses reserved for special use. These have been noted above.

You must strike a balance between how many subnets you need and how many hosts you may put on each subnet. If the network administrator has decided to borrow 3 bits from the host byte for subnets on a class C network, this leaves 5 bits for host addresses. To calculate how many usable subnets are obtained when borrowing a specific number of bits, use this formula:

2^N - 2 = number of subnets (where N is the number of bits borrowed).

To calculate the number of hosts that are possible for each subnet, you actually do the same calculation, except that for the value of N, you use the TOTAL number of host bits still available in the address.

For instance, if this were a class B network, and you were borrowing 3 bits from the third byte for subnet addresses, the remaining 5 bits in the third byte and the 8 bits in the fourth byte would give you 13 as the value of N, with regard to host bits. Some methods call the exponent M when calculating the possible hosts, but the math is the same. DO subtract 2 in this case, because you cannot have all host bits as 0s (this is the subnet address) or all host bits as 1s (this is the broadcast address for the subnet).
For this example, the number of subnets would be 2^N - 2 = 2³ - 2 = 6
The number of hosts would be 2^N - 2 =  2¹³ - 2 = 8190

Assume we have a class C network whose address is 210.199.10.0. A class C network is born with the classful subnet mask of 255.255.255.0. If we borrow two bits from the host portion of the address, we make the subnet mask 255.255.255.192 (because 128 + 64 = 192).

The next step is to calculate the actual subnet addresses, that is, the addresses of the subnets themselves. The method is this:

• Find the right-most 1 in the binary version of the subnet mask. The mask we are using in this example is this:
  

  255.255.255.192

  11111111.11111111.11111111.11000000

  
  
• Determine the value of this digit, based on its position in its own byte. This value can only be 128, 64, 32, 16, 8, 4, 2 or 1. Call the value delta. (For those who are curious, Δ the Greek letter delta is a common physics symbol for "the amount of change".) In this example, the leftmost two bits of a byte are borrowed, so this value of delta is 64.
• The value of delta is used as the value of the shared byte, creating the first practical subnet address. The network address in this example is 210.199.10.0, so the first subnet address would be 210.199.10.64. Subsequent subnet addresses are multiples of delta, used as the value of the shared byte. Obviously, no value greater than 255 can be used. In this example, the potential subnet addresses would look like the table below. We either do or don't count the first and last ones, depending on what the routers allow. Delta times 0, times 1, times 2, and times 3:
  
  

  210.199.10.0	11010010.11000111.00001010.00000000
  210.199.10.64	11010010.11000111.00001010.01000000
  210.199.10.128	11010010.11000111.00001010.10000000
  210.199.10.192	11010010.11000111.00001010.11000000

  These are not masks, nor are they host addresses. They are the addresses of the possible subnetworks.
  Subnet addresses using all 0s or all 1s in the subnet address section are possible only if your routers support them. If you were not to use that command, there would be two fewer possible subnets.

You must be able to calculate the number of possible subnets and possible hosts per subnet. You must also be able to state the addresses of the possible subnets. We have just covered this. You are further required to calculate the broadcast address of each subnet, and the range of host addresses on each.

The broadcast address of each subnet is actually one less than the address of the next subnet. For the last subnet, it is the broadcast address of the network. For example, the broadcast address for subnet 210.199.10.0 above is 210.199.10.63. Why? Because this is the same address with all host bits turned on (host bits shown in purple):
11010010.11000111.00001010.00111111
This is easily seen in binary, but also easily calculated in decimal. So for each subnet, the broadcast address is easily obtained.

Subnet	Broadcast address
210.199.10.0	210.199.10.63
210.199.10.64	210.199.10.127
210.199.10.128	210.199.10.191
210.199.10.192	210.199.10.255

Once you have this information, you can derive the host address range for each subnet: it is the range of numbers between the subnet address and its broadcast address.

An objective for the class is to understand supernetting. The text does not address the topic in this chapter. If you understand that subnetting is borrowing host bits to subdivide a network, you may find it easy to understand that supernetting is borrowing network bits to combine contiguous networks.

Supernets exist because of the growth of networks. The concept was invented to allow the use of larger numbers of hosts on a network than are allowed by standard IPv4 addressing rules. Another text states that supernets were invented to "extend the 32-bit IP address lifetime". This is also true.

All available class A and class B licenses for network addresses have been assigned. If you get a class C address, your network can only have about 254 hosts on it. This is not enough for some users.

Supernets combine multiple, sequential class C network addresses into single logical networks. The networks used will fall into the range 192 through 223. This is the opposite of subnetting, so it should be logical that you begin the opposite way: you borrow bits from the network portion of the IP address in order to use them as host bits. Every bit you borrow for use as a host bit doubles the theoretical number of hosts for your network. A phrase used to describe the combining of addresses into a supernet is address aggregation.

Supernets have rules that are different from subnets:

• Supernets are created from class C network addresses.
• Network addresses used must be consecutive.
• In each pair of network addresses, the third octet of the first address must be an even number. Another way of saying this is that the binary version of the third octet of this address must end with a 0. For example, if you own the network addresses 201.41.18.0 and 201.41.19.0, you can make a supernet. If you own the addresses 201.41.19.0 and 201.41.20.0, you cannot make a supernet. (I will leave the binary conversion to you as an exercise.)
• Supernet masks are subnet masks that use fewer 1 bits than classful masks. A standard class C subnet mask is 255.255.255.0. If you borrow one bit for supernetting, your mask is 255.255.254.0, and your network can have 512 (theoretical) hosts instead of 256. This mask uses 23 bits for the network identifier, instead of the standard 24 bits for class C. Routers will be informed of this shorter mask, and they must support it or the supernet will not work.
• It would be easier to just use a private addressing scheme and to use Network Address Translation on a proxy server to let your hosts access the Internet.

In an IP network, each device needs a unique IP address. Assignment of these addresses takes some planning. First, there are two major approaches:

• Static assignment - someone has to manually configure the address on each device, including workstations, servers, and printers. Unless your network is small, this is very painful.
• Dynamic assignment - a server on the network can assign an address to workstations as they are powered up or as a user logs in to a network. You will still want to manually configure addresses on servers, printers, routers, and other network resource devices. However, you can automate the "manual" part: see below.

Static assignment is summarized in the graphic on page 171. Hosts need to be given an IP address, a subnet mask, and a default gateway address. It is a good idea to give them a DNS server address. Note that this address does not need to be on the same network as the other two addresses. You may have to do this in a simulation for a certification test, so you should know how to open the Windows Network and Sharing Center, open the Status dialog of the Local Area Connection, open the Properties of that connection, and the Properties of the IPv4 stack.

Dynamic Host Configuration Protocol (DHCP) service allows us to dynamically assign IP addresses to hosts on an IP network. You need to understand that, as far as IP is concerned, "host" means any device on the network. It can also set the subnet mask, the default gateway, and the DNS server. Three methods for assigning addresses:

• Automatic Allocation: DHCP assigns a permanent IP address to a host.
• Dynamic Allocation: An IP address is assigned to a host for a limited period of time (or until the host relinquishes the address). Also called address leasing.
• Manual Allocation: This method requires that you assign the address. DHCP simply delivers the address to the host. Read that carefully: you can make the assignment, but you tell the DHCP server to deliver it, so you don't have to visit the host yourself.

It is good to know what you may see if a DHCP server fails. Automatic Private IP Addressing (APIPA) could be described as an error condition, if you are using DHCP on your Windows-based network. The first clue may be that a workstation cannot reach the Internet, because APIPA does not set a default gateway. What it does is to set a private IP address instead of one that matches your network scheme. It will be in the range 169.254.0.0 - 169.254.255.254. APIPA is meant to be a fallback method of assigning addresses. It will result in communications failures if some of your workstations have APIPA addresses, and others have DHCP assigned addresses. The two groups will essentially be on two different networks. APIPA addressing can only happen if DHCP fails, and if your workstations are configured to use APIPA as a fallback solution.

If a Windows workstation is configured for DHCP, but has an address in the APIPA range, try opening a command line interface and entering two commands:

ipconfig -release
ipconfig -renew

The first command tells the computer to let go of the lease it has (or thinks it has). The second command tells the computer to start a DHCP discover, offer, request, acknowledge sequence. These commands will have no effect if your DHCP server is not running, or is not reachable.

You shouls also know the Linux/UNIX/OS X version of these commands:

sudo ifconfig eth0 down
sudo ifconfig eth0 up

You may not need to type sudo.

Chapter 6

The text material from TestOut begins with the idea that switches can be either managed or unmanaged.

• An unmanaged switch is a simpler device that does not require configuration. It works only on Layer 2 information, so it does not deal with features involving IP addresses. It is easy to use, unless you want it to do something it is not capable of doing, such as implementing security measusres. For this reason, most switches you will use, at home or at work, will be managed switches.
• A managed switch is typically configured through a built-in web page presented by the switch itself, or by using management software, which may be built into the switch or loaded on a computer attached to the switch.
  

• Straight-through (standard) cable - to connect a device to a standard hub or switch (concentrator)
• Crossover cable - a crossover cable is used on UTP networks to bypass a concentrator and connect two NICs directly to each other. You can't use a standard UTP cable for this: one end of the cable must have the live circuits reversed.
• Rolled cable, also called rollover cable - to connect a workstation to Cisco router

The tables below describe a straight-through cable, a crossover cable, and a rollover (rolled) cable.

Standard RJ-45 Pin and Wire Assignments: 568B

Pin	Color	Color	Signal	Circuit
1	Orange/White	Orange White	TX data +	Orange Circuit
2	Orange	Orange	TX data -	Orange Circuit
3	Green/White	Green White	RX data +	Green Circuit
4	Blue	Blue	unused	Blue Circuit
5	Blue/White	Blue White	unused	Blue Circuit
6	Green	Green	RX data -	Green Circuit
7	Brown/White	Brown White	unused	Brown Circuit
8	Brown	Brown	unused	Brown Circuit

The insulation shown in the graphics above should NOT be stripped back on these wires.

Straight-through (standard) cable If you are making a straight-through cable (to run from a workstation to a hub or switch) connect both ends as listed above and shown on the right. Insert the wires into the RJ-45 connector, then crimp with the crimping tool. (There will be no spaces between the wires when they are inserted into the RJ-45 connector. Space is used here to make the color pattern more readable.)	End 1
	End 2
Crossover cable If making a crossover cable (to run directly from one NIC to another) swap the orange and green circuits on one end only: put orange/white on 3, orange on 6, green/white on 1, and green on 2. Insert the wires as shown on the right, then crimp. (This second configuration is actually EIA/TIA 568A. Some people use this arrangement on both ends of their straight-through cables, and that works fine. TestOut uses the 568A standard, but I typically see cables wire by the 568B standard instead.)	End 1
	End 2
Rollover cable Now, for something completely different, if you are making a rollover cable (to run from a workstation to an older Cisco router), prepare the cable like a standard cable, both ends in the same configuration.  Before crimping the second end, roll the cable (or the RJ-45 connector) over, 180 degrees. The will make pin 1 on one end of the cable connect to pin 8 on the other end, pin 2 to pin 7, pin 3 to pin 6, and pin 4 to pin 5. If you don't want to think about rolling anything over, insert the wires as shown on the right, then crimp. This cable is used with an adapter to connect to a Cisco router's console port.	End 1
	End 2

Crimping is simple, but it is not easy until you have practiced doing it. The TestOut material is correct, but incomplete. All wires in a cable are crimped to a connector, not just select wires. The illustrations above show how to load the wires into a connector better than the ones online.

The material online discusses passwords for Cisco equipment. There are three kinds of passwords to know about. The console password is needed to log on to a switch or router by a direct connection to its console port. The VTY password is needed to connect to the device through a remote software like Telnet or SSH. The EXEC mode is used once you are actually connected to the management software of the device. It has two passwords, the enable password and the enable secret password. You should review the material on these passwords before doing the lab on them.

Switches need IP addresses if you are going to configure them to do Layer 3 switching. Know that you can manually configure and IP address for a switch, which will override and assignment by a DHCP server, and may potentially be in conflict with another DHCP assignment to another device.

TestOut discusses some material on VLANs, Virtual LANs are logical subdivisions of a network, and you can make them using switches. Creating VLANs can allow you to separate users who would otherwise be in the same LAN, without having to separate them with routers. You are going to use switches anyway, so this approach does not lead to greater expense. The idea is that you can control what VLAN each port on a switch connects to. Before you adopt this as a general principle, however, realize that not all LANs are locked down to this degree. It is sometimes good to let there be some flexibility, and to use other, simpler means to keep intruders off your network.

Review the commands to set up and configure VLANs on a switch. You should know about two kinds of  links (ports) on switches in VLAN networks:

• access link - a link that is part of only one VLAN, which is called the native VLAN of the port.
  • Frames sent by a switch to a device through an access link have the VLAN information removed, making the frame look like the VLAN is the only LAN.
  • Access links carry information for one VLAN.
• trunk link - a link that belongs to multiple VLANs. Ports that link switches to switches, that link switches to routers, and that link switches to servers should be trunk links.
  • A trunk link is a point-to-point connection, typically running at 100Mbps or 1Gbps, and it can carry traffic for up to 1005 VLANs.
  • If a link between two switches is not a trunk link, that link will only carry information for VLAN 1 (the default VLAN)
  • A link between two switches that is a trunk link, carries information for all VLANs by default. An administrator can limit which VLANs are carried on a trunk link.

As you might imagine, frames in a VLAN environment need to carry information about which VLAN the frame is meant for. Otherwise the switches could not decide whether to pass the frame to the next switch, or to a host on that switch. This information is called a frame tag, a VLAN ID, or acolor. In the image below, I have used colors to illustrate the idea. The two boxes are switches. Each host is using an access link to its switch, and I have indicated two VLANs with light blue and light red patch cables. The green line between the two switches symbolizes a trunk link between them.

If a frame is sent from the host on the upper left to the host just to the right, that frame is tagged as being on the light red VLAN. (Both sender and receiver are on the light red VLAN, and are connected to the blue switch.) The blue switch receives the frame, and notes that it is for a host connected to it, on the same VLAN as the sender. The VLAN information is stripped off, and the frame is delivered to the addressee.

If the same host sends a frame to the host at the upper right of the image, it is still sending to another host on the light red VLAN. However, when the blue switch receives the frame, it notes that the addressee is not connected to it. The frame is sent across the trunk link to the red switch, and the VLAN tag is left on the frame. The red switch receives the frame, and notes that it is addressed to a host connected to it with an access link. The switch confirms that the frame is for a host on the same VLAN as the sender, the VLAN tag is removed, and the red switch delivers the frame to the addressee.

TestOut mentions two trunking protocols that you may encounter. Neither is proprietary:

• IEEE 802.1Q - This method is not proprietary to Cisco devices. It allows us to connect Cisco devices to non-Cisco devices. Use this method in a mixed environment. This method puts an 802.1Q field in each frame.
• VLN Trunking Protocol (VTP) - Not proprietary. This method uses a VTP server (actually a switch) to provide centralized management of your VLANs. VTP information is inserted into frames, like 802.1Q, but also uses encapsulation like ISL. Switches in a VTP environment must be in a common domain, otherwise they do not exchange VTP information.

Under VTP, switches can operate in three modes:

• Server - noted above, a switch that is used to manage your environment. A server is used to create, add, and delete VLANs. Servers save their VLAN information in NVRAM.
• Client - clients can send and receive updates, but they cannot be used to make changes. Clients do not save VLAN information in Nonvolatile RAM. A client can be changed into a server. The text recommends adding a new server as a client first, then making it a server to make sure it has a copy of the existing VLAN database before it transmits any information.
• Transparent - transparent mode switches receive VTP advertisements, and they will forward them to other switches. They are not part of the VTP environment. You might think of them as repeaters that pass network information to devices that need it.

In a large network, frames may find redundant connections to various parts of the network, which may lead to those frames being passed around the network forever. This kind of a problem is called a loop, and it is typically called a bridging loop or a switching loop depending on the kind of equipment that is creating the problem.

To avoid the bridging/switching loop problem, IEEE (Institute of Electrical and Electronics Engineers) standard 802.1d gives us the spanning tree protocol. This says that in each redundant pair of bridges, one is the designated bridge, and the other is the backup bridge. (For the purposes of this discussion, assume switches and bridges are equivalent.) Bridges communicate with bridge protocol data units (BPDUs) to determine which is the designated bridge, and when the backup bridge must take over. The network should be diagrammed like a tree. One bridge is chosen to be the root bridge, which sends configuration messages to designated bridges.

The root bridge is chosen by its bridge ID, which is an eight byte (16 hex digits) number composed of two bytes assigned by the administrator and allsix bytes from the MAC address of the port adapter (NIC). The portion assignable by the administrator is referred to in the text as the priority value of that bridge. The default priority value for all devices using Cisco STP is 32,768. This value can be set with the command:
spanning tree vlan number priority number
The first number is the number of the virtual LAN that the switch represents. The second number is the number assigned as the priority for that switch. The text provides an example of this command which shows that the priority value must be a multiple of 4096. Setting one switch to this value would make its bridge the lowest on your network, making it the root bridge.

The bridge in the tree with the lowest bridge ID number is the root bridge. Bridges elect a root bridge by sending packets to all ports proclaiming themselves to be the root bridge. If packets are received from bridges with lower IDs, each bridge will acknowledge by changing its opinion, and sending packets that identify the new candidate as the root bridge. (Note that these packets contain the address for the bridge sending the packets in one field, and the address of the bridge it believes to be the root bridge in another field.) A root bridge will continue to send BPDUs every two seconds, by the IEEE standard, even after the election is over. One of our texts compares BPDUs to hello packets, which makes it clearer why they continue as long as the device is running.

TestOut also discusses a Cisco method called EtherChannel which uses either of two protocols (PAgP or LACP) to connect several ports of a switch to matching ports of another switch, which allows those switches to pass frames between them using all those ports, increasing effective bandwidth.

Review the troubleshooting material in this section as well, to know what to expect from common switching problems.