Chapter 6. Network Layer

What is the purpose of the network layer in data communication?

Why does the IPv4 protocol require other layers to provide reliability?

What is the role of the major header fields in IPv4 and IPv6 packets?

How does a host device use routing tables to direct packets to itself, a local destination, or a default gateway?

How does a host routing table compare to a routing table in a router?

What are the common components and interfaces of a router?

What is the boot process of a Cisco IOS router?

How do you configure the initial settings on a Cisco IOS router?

How do you configure two active interfaces on a Cisco IOS router?

How do you configure the default gateway on a network device?

routing page 213

Internet Protocol version 4 (IPv4) page 214

Internet Protocol version 6 (IPv6) page 214

media independent page 215

maximum transmission unit (MTU) page 217

fragmentation page 217

IP header page 218

payload page 218

Version page 219

Differentiated Services (DS) page 219

Time-to-Live (TTL) page 219

Protocol page 219

Source IP Address page 220

Destination IP Address page 220

Traffic Class page 224

Flow Label page 224

Hop Limit page 225

local host page 226

remote host page 226

local network route page 226

local default route page 226

router page 227

metric page 231

directly connected routes page 232

remote routes page 232

route source page 235

administrative distance page 235

route timestamp page 236

outgoing interface page 236

next hop page 236

branch page 241

WAN page 241

service provider page 241

RAM page 241

running configuration file page 242

ARP cache page 242

packet buffer page 242

dynamic random-access memory (DRAM) page 242

dual in-line memory module (DIMM) page 242

ROM page 242

NVRAM page 242

flash memory page 243

console ports page 244

LAN interface page 244

EHWIC slots page 244

management ports page 245

inband router interfaces page 245

Ethernet LAN interfaces page 246

serial WAN interfaces page 246

startup configuration file page 247

Power-On Self Test (POST) page 248

TFTP server page 249

description text page 253

show ip interface brief command page 253

The protocols of the OSI model network layer specify addressing and processes that enable transport layer data to be packaged and transported. The network layer encapsulation enables data to be passed to a destination within a network (or on another network) with minimum overhead.

This chapter focuses on the role of the network layer. It examines how it divides networks into groups of hosts to manage the flow of data packets within a network. It also covers how communication between networks is facilitated. This communication between networks is called routing.

Addressing end devices: In the same way that a phone has a unique telephone number, end devices must be configured with a unique IP address for identification on the network. An end device with a configured IP address is referred to as a host.

Encapsulation: The network layer receives a protocol data unit (PDU) from the transport layer. In a process called encapsulation, the network layer adds IP header information such as the IP address of the source (sending) and destination (receiving) hosts. After header information is added to the PDU, the PDU is called a packet.

Routing: The network layer provides services to direct packets to a destination host on another network. To travel to other networks, the packet must be processed by a router. The role of the router is to select paths for and direct packets toward the destination host in a process known as routing. A packet may cross many intermediary devices before reaching the destination host. Each route the packet takes to reach the destination host is called a hop.

De-encapsulation: When the packet arrives at the destination host, the host checks the IP header of the packet. If the destination IP address within the header matches its own IP address, the IP header is removed from the packet. This process of removing headers from lower layers is known as de-encapsulation. After the packet is de-encapsulated by the network layer, the resulting Layer 4 PDU contained in the packet is passed up to the appropriate service at the transport layer.

Unlike the transport layer (OSI Layer 4), which manages the data transport between the processes running on each host, network layer protocols specify the packet structure and processing used to carry the data from one host to another host. Operating without regard to the data carried in each packet allows the network layer to carry packets for multiple types of communications between multiple hosts.

Internet Protocol version 4 (IPv4)

Internet Protocol version 6 (IPv6)

Other legacy network layer protocols that are not widely used include

Novell Internetwork Packet Exchange (IPX)

AppleTalk

Connectionless Network Service (CLNS/DECNet)

Discussion of these legacy protocols will be minimal.

The basic characteristics of IP are

Connectionless: No connection with the destination is established before sending data packets.

Best effort (unreliable): Packet delivery is not guaranteed.

Media independent: Operation is independent of the medium carrying the data.

The postal service uses the information on a letter to deliver the letter to a recipient. The address on the envelope does not provide information as to whether the receiver is present, whether the letter arrives, or whether the receiver can read the letter. In fact, the postal service is unaware of the information contained within the contents of the packet that it is delivering and, therefore, cannot provide any error correction mechanisms.

Connectionless data communications work on the same principle. IP is connectionless and, therefore, requires no initial exchange of control information to establish an end-to-end connection before packets are forwarded. IP also does not require additional fields in the PDU header to maintain an established connection. This process greatly reduces the overhead of IP. However, with no pre-established end-to-end connection, senders are unaware whether destination devices are present and functional when sending packets, nor are they aware whether destination devices receive the packet or are able to access and read the packet. Figure 6-1 shows an example of connectionless communication.

If out-of-order or missing packets create problems for the application using the data, then upper-layer services, such as TCP, must resolve these issues. This allows IP to function very efficiently. If reliability overhead were included in IP, then communications that do not require connections or reliability would be burdened with the bandwidth consumption and delay produced by this overhead. In the TCP/IP suite, the transport layer can use either TCP or UDP based on the need for reliability in communication. Leaving the reliability decision to the transport layer makes IP more adaptable and accommodating for different types of communication.

Figure 6-1 shows an example of IP communications. Connection-oriented protocols, such as TCP, require that control data be exchanged to establish the connection. To maintain information about the connection, TCP also requires additional fields in the PDU header.

It is the responsibility of the OSI data link layer to take an IP packet and prepare it for transmission over the communications medium. This means that the transport of IP packets is not limited to any particular medium.

There is, however, one major characteristic of the media that the network layer considers: the maximum size of the PDU that each medium can transport. This characteristic is referred to as the maximum transmission unit (MTU). Part of the control communication between the data link layer and the network layer is the establishment of a maximum size for the packet. The data link layer passes the MTU value up to the network layer. The network layer then determines how large packets should be.

In some cases, an intermediate device, usually a router, must split up a packet when forwarding it from one medium to a medium with a smaller MTU. This process is called fragmenting the packet, or fragmentation.

The process of encapsulating data layer by layer enables the services at the different layers to develop and scale without affecting other layers. This means that transport layer segments can be readily packaged by IPv4 or IPv6 or by any new protocol that might be developed in the future.

Routers can implement these different network layer protocols to operate concurrently over a network to and from the same or different hosts. The routing performed by the intermediate devices only considers the contents of the packet header that encapsulates the segment. In all cases, the data portion of the packet, that is, the encapsulated transport layer PDU, remains unchanged during the network layer processes.

An IPv4 packet has two parts:

IP header: Identifies the packet characteristics

Payload: Contains the Layer 4 segment information and the actual data

As shown in Figure 6-4, an IPv4 packet header consists of fields containing important information about the packet. These fields contain binary numbers that are examined by the Layer 3 process. The binary values of each field identify various settings of the IP packet.

Significant fields in the IPv4 header include

Version: Contains a 4-bit binary value identifying the IP packet version. For IPv4 packets, this field is always set to 0100.

Differentiated Services (DS): Formerly called the Type of Service (ToS) field, the DS field is an 8-bit field used to determine the priority of each packet. The first 6 bits identify the Differentiated Services Code Point (DSCP) value that is used by a quality of service (QoS) mechanism. The last 2 bits identify the Explicit Congestion Notification (ECN) value that can be used to prevent dropped packets during times of network congestion.

Time-to-Live (TTL): Contains an 8-bit binary value that is used to limit the lifetime of a packet. It is specified in seconds but is commonly referred to as hop count. The packet sender sets the initial TTL value, which is decreased by one each time the packet is processed by a router, or hop. If the TTL field decrements to 0, the router discards the packet and sends an Internet Control Message Protocol (ICMP) Time Exceeded message to the source IP address. The traceroute command uses this field to identify the routers used between the source and destination.

Protocol: This 8-bit binary value indicates the data payload type that the packet is carrying, which enables the network layer to pass the data to the appropriate upper-layer protocol. Common values include ICMP (0x01), TCP (0x06), and UDP (0x11).

Source IP Address: Contains a 32-bit binary value that represents the source IP address of the packet.

Destination IP Address: Contains a 32-bit binary value that represents the destination IP address of the packet.

The two most commonly referenced fields are Source IP Address and Destination IP Address. These fields identify where the packet is from and where it is going. Typically these addresses do not change while the packet is travelling from the source to the destination.

The fields used to identify and validate the packet include

Internet Header Length (IHL): Contains a 4-bit binary value identifying the number of 32-bit words in the header. The IHL value varies due to the Options and Padding fields. The minimum value for this field is 5 (i.e., 5×32 = 160 bits = 20 bytes) and the maximum value is 15 (i.e., 15×32 = 480 bits = 60 bytes).

Total Length: Sometimes referred to as the Packet Length, this 16-bit field defines the entire packet (fragment) size, including header and data, in bytes. The minimum-length packet is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 bytes.

Header Checksum: This 16-bit field is used for error checking of the IP header. The checksum of the header is recalculated and compared to the value in the header’s checksum field. If the values do not match, the packet is discarded.

A router may have to fragment a packet when forwarding it from one medium to another medium that has a smaller MTU. When this happens, fragmentation occurs and the IPv4 packet uses the following fields to keep track of the fragments:

Identification: This 16-bit field uniquely identifies the fragment of an original IP packet.

Flag: This 3-bit field identifies how the packet is fragmented. It is used with the Fragment Offset and Identification fields to help reconstruct the fragment into the original packet.

Fragment Offset: This 13-bit field identifies the order in which to place the packet fragment in the reconstruction of the original unfragmented packet.

IP address depletion: IPv4 has a limited number of unique public IP addresses available. Although there are approximately 4 billion IPv4 addresses, the increasing number of new IP-enabled devices, the increasing reliance on always-on connections, and the potential growth of less-developed regions have increased the need for more addresses.

Internet routing table expansion: As the number of servers (nodes) connected to the Internet increases, so too does the number of network routes. These IPv4 routes consume a great deal of memory and processor resources on Internet routers.

Lack of end-to-end connectivity: Network Address Translation (NAT) is a technology commonly implemented within IPv4 networks. NAT provides a way for multiple devices to share a single public IP address. However, because the public IP address is shared, the IP address of an internal network host is hidden. This can be problematic for technologies that require end-to-end connectivity.

Improvements that IPv6 provides include

Increased address space: IPv6 addresses are based on 128-bit hierarchical addressing, as opposed to IPv4 with 32 bits. This dramatically increases the number of available IP addresses.

Improved packet handling: The IPv6 header has been simplified with fewer fields. This improves packet handling by intermediate routers and also provides support for extensions and options for increased scalability/longevity.

Eliminates the need for NAT: With such a large number of public IPv6 addresses, NAT is not needed. Customer sites, from the largest enterprises to single households, can get a public IPv6 network address. This avoids some of the NAT-induced application problems experienced by applications requiring end-to-end connectivity.

Integrated security: IPv6 natively supports authentication and privacy capabilities. With IPv4, additional features had to be implemented to do this.

The 32-bit IPv4 address space provides approximately 4,294,967,296 unique addresses. Of these, only 3.7 billion addresses are assignable, because the IPv4 addressing system separates the addresses into classes, and reserves addresses for multicasting, testing, and other specific uses.

As shown in Figure 6-5, IPv6 address space provides 340,282,366,920,938,463,463,374,607,431,768,211,456, or 340 undecillion, addresses, which is roughly equivalent to every grain of sand on Earth.

The IPv4 header consists of 20 octets (up to 60 bytes if the Options field is used) and 12 basic header fields, not including the Options field and Padding field.

The IPv6 header consists of 40 octets (largely due to the length of the source and destination IPv6 addresses) and eight header fields (three IPv4 basic header fields and five additional header fields).

Figures 6-6 and 6-7 demonstrate the differences between an IPv4 header and an IPv6 header. In IPv6, some fields have remained the same, some fields are not used, and some fields have changed names and positions.

In addition, a new field (Flow Label) has been added to IPv6 that is not used in IPv4. The IPv6 simplified header is shown in Figure 6-7.

The IPv6 simplified header offers several advantages over IPv4:

Better routing efficiency for performance and forwarding-rate scalability

No requirement for processing checksums

Simplified and more efficient extension header mechanisms (as opposed to the IPv4 Options field)

A Flow Label field for per-flow processing with no need to open the transport inner packet to identify the various traffic flows

Version: This field contains a 4-bit binary value identifying the IP packet version. For IPv6 packets, this field is always set to 0110.

Traffic Class: This 8-bit field is equivalent to the IPv4 Differentiated Services (DS) field in the IPv4 header. It also contains a 6-bit Differentiated Services Code Point (DSCP) value used to classify packets and a 2-bit Explicit Congestion Notification (ECN) used for traffic congestion control.

Flow Label: This 20-bit field provides a special service for real-time applications. It can be used to inform routers and switches to maintain the same path for the packet flow so that packets are not reordered.

Payload Length: This 16-bit field is equivalent to the Total Length field in the IPv4 header. It defines the entire packet (fragment) size, including header and optional extensions.

Next Header: This 8-bit field is equivalent to the IPv4 Protocol field. It indicates the data payload type that the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol. This field is also used if there are optional extension headers added to the IPv6 packet.

Hop Limit: This 8-bit field replaces the IPv4 TTL field. This value is decremented by one by each router that forwards the packet. When the counter reaches 0 the packet is discarded and an ICMPv6 message is forwarded to the sending host, indicating that the packet did not reach its destination.

Source IP Address: This 128-bit field identifies the IPv6 address of the sending host.

Destination IP Address: This 128-bit field identifies the IPv6 address of the receiving host.

An IPv6 packet may also contain extension headers (EHs), which provide optional network layer information. EHs are optional and are placed between the IPv6 header and the payload. EHs are used for fragmentation, security, to support mobility, and more.

Itself: This is a special IP address of 127.0.0.1, which is referred to as the loopback interface. This loopback address is automatically assigned to a host when TCP/IP is running. The ability for a host to send a packet to itself using network functionality is useful for testing purposes. Any IP within the network 127.0.0.0/8 refers to the local host.

Local host: This is a host on the same network as the sending host. The hosts share the same network address.

Remote host: This is a host on a remote network. The hosts do not share the same network address.

Hosts require a local routing table to ensure that network layer packets are directed to the correct destination network. The local table of the host typically contains

Direct connection: This is a route to the loopback interface.

Local network route: The network to which the host is connected is automatically populated in the host routing table.

Local default route: The default gateway is added to the host routing table and represents all other routes. The default gateway is either configured manually or learned dynamically and creates the local default route.

The default gateway is the device that routes traffic from the local network to devices on remote networks. It is often used to connect a local network to the Internet. The network is determined by the IP address and subnet mask combination. If a host is sending a packet to a device that is configured with the same IP network as the host device, the packet is simply forwarded out of the host interface to the destination device directly. A default gateway is not needed in this situation.

However, if the host is sending a packet to a device on a different IP network, then the host must forward the packet to the default gateway because a host device cannot communicate directly with devices outside of the local network. The default gateway, which is most often a router, maintains routing table entries for all of its directly connected networks, as well as entries for remote networks it may know about. The router is responsible for determining the best path to reach all of those destinations. The default gateway address is the IP address of the router’s network interface connected to the local network.

Figure 6-8 highlights areas associated with the entries in the local host routing table. In this example, the default gateway address is 192.168.10.1.

Entering the netstat -r command, or the equivalent route print command, displays three sections related to the current TCP/IP network connections:

Interface List: Lists the Media Access Control (MAC) address and assigned interface number of every network-capable interface on the host, including Ethernet, Wi-Fi, and Bluetooth adapters.

IPv4 Route Table: Lists all known IPv4 routes, including direct connections, local networks, and local default routes.

IPv6 Route Table: Lists all known IPv6 routes, including direct connections, local networks, and local default routes.

Figure 6-9 displays the IPv4 Route Table section of the output. Notice the output is divided into five columns:

Network Destination: Lists the reachable networks.

Netmask: Lists a subnet mask that informs the host how to determine the network and the host portions of the IP address.

Gateway: Lists the address used by the local computer to get to a network destination. If a destination is directly reachable, it will show as “On-link” in this column.

Interface: Lists the address of the physical interface used to send the packet to the gateway that is used to reach the network destination.

Metric: Lists the cost of each route and is used to determine the best route to a destination.

192.168.10.0: The local network route address; represents all computers on the 192.168.10.x network

192.168.10.10: The address of the local host

192.168.10.255: The network broadcast address; sends messages to all hosts on the local network route

1. Consult the IPv4 Route Table.

2. Match the destination IP address with the 192.168.10.0 Network Destination entry to reveal that the host is on the same network (On-link).

3. Send the packet toward the final destination using its local interface (192.168.10.10).

As shown in Figure 6-11, if PC1 wanted to send a packet to a remote host located at 10.10.10.10, it would take these steps:

1. Consult the IPv4 Route Table.

2. Find that there is no exact match for the destination IP address.

3. Choose the local default route (0.0.0.0) to reveal that it should forward the packet to the 192.168.10.1 gateway address.

4. Forward the packet to the gateway to use its local interface (192.168.10.10). The gateway device then determines the next path for the packet to reach the final destination address of 10.10.10.10.

The IPv6 Route Table section displays four columns:

If: Lists the interface numbers from the Interface List section of the netstat –r command. The interface numbers correspond to the network-capable interfaces on the host, including Ethernet, Wi-Fi, and Bluetooth adapters.

Metric: Lists the cost of each route to a destination. Lower numbers indicate preferred routes.

Network Destination: Lists the reachable networks.

Gateway: Lists the address used by the local host to forward packets to a remote network destination. On-link indicates that the host is currently connected to it.

For example, Figure 6-12 displays the IPv6 Route Table section generated by the netstat –r command to reveal the following network destinations:

::/0: This is the IPv6 equivalent of the local default route.

::1/128: This is equivalent to the IPv4 loopback address and provides services to the local host.

2001::/32: This is the global unicast network prefix.

2001:0:9d38:953c:2c30:3071:e718:a926/128: This is the global unicast IPv6 address of the local computer.

fe80::/64: This is the link local network route address and represents all computers on the local link in an IPv6 network.

fe80::2c30:3071:e718:a926/128: This is the link local IPv6 address of the local computer.

ff00::/8: These are special reserved multicast class D addresses equivalent to the IPv4 224.x.x.x addresses.

What happens when a packet arrives on a router interface? The router looks at its routing table to determine where to send the packet.

The routing table of a router stores information about

Directly connected routes: These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated. Each of the router’s interfaces is connected to a different network segment. Routers maintain information about the network segments that they are connected to within the routing table.

Remote routes: These routes come from remote networks connected to other routers. Routes to these networks can be either manually configured on the local router by the network administrator or dynamically configured by enabling the local router to exchange routing information with other routers using dynamic routing protocols.

Figure 6-13 identifies the directly connected networks and remote networks of router R1.

The routing table of a router is similar to the routing table of a host. They both identify

Destination network

Metric associated with the destination network

Gateway to get to the destination network

On a Cisco IOS router, the show ip route command can be used to display the routing table of a router. A router also provides additional route information, including how the route was learned, when it was last updated, and which specific interface to use to get to a predefined destination.

When a packet arrives at the router interface, the router examines the packet header to determine the destination network. If the destination network matches a route in the routing table, the router forwards the packet using the information specified in the routing table. If there are two or more possible routes to the same destination, the metric is used to decide which route appears on the routing table.

Unlike the host routing table, there are no column headings identifying the information contained in a routing table entry. Therefore, it is important to learn the meaning of the different types of information included in each entry.

Route source: Labeled “A” in Figure 6-14, it identifies how the route was learned. Directly connected interfaces have two route source codes:

C: Identifies a directly connected network. Directly connected networks are automatically created when an interface is configured with an IP address and activated.

L: Identifies that this is a link local route. Link local routes are automatically created when an interface is configured with an IP address and activated.

Destination network: Labeled “B” in Figure 6-14, it identifies the address of the destination network.

Outgoing interface: Labeled “C” in Figure 6-14, it identifies the exit interface to use when forwarding packets to the destination network.

A router typically has multiple interfaces configured. The routing table stores information about both directly connected routes and remote routes. As with directly connected networks, the route source identifies how the route was learned. For example, common codes for remote networks include

S: Identifies that the route was manually created by an administrator to reach a specific network. This is known as a static route.

D: Identifies that the route was learned dynamically from another router using the Enhanced Interior Gateway Routing Protocol (EIGRP).

O: Identifies that the route was learned dynamically from another router using the Open Shortest Path First (OSPF) routing protocol.

Route source: Identifies how the route was learned.

Destination network: Identifies the address of the destination network.

Administrative distance: Identifies the trustworthiness of the route source.

Metric: Identifies the value assigned to reach the destination network. Lower values indicate preferred routes.

Next-hop: Identifies the IP address of the next router to forward the packet.

Route timestamp: Identifies when the route was last heard from.

Outgoing interface: Identifies the exit interface to use to forward a packet toward the final destination.

When a packet destined for a remote network arrives at the router, the router matches the destination network to a route in the routing table. If a match is found, the router forwards the packet to the IP address of the next hop router using the interface identified by the route entry.

A next hop router is the gateway to remote networks.

Referring again to Figure 6-15 for an example, a packet arriving at R1 destined for either the 10.1.1.0 or 10.1.2.0 network is forwarded to the next-hop address 209.165.200.226 using the Serial 0/0/0 interface.

Networks directly connected to a router have no next-hop address, because a router can forward packets directly to hosts on these networks using the designated interface.

Packets cannot be forwarded by the router without a route for the destination network in the routing table. If a route representing the destination network is not in the routing table, the packet is dropped (that is, not forwarded).

However, just as a host can use a default gateway to forward a packet to an unknown destination, a router can also be configured to use a default static route to create a gateway of last resort. The gateway of last resort will be covered in more detail in the CCNA Routing course.

The following examples illustrate how a host and a router make packet routing decisions by consulting their respective routing tables: Some router output is omitted from the examples for clarity.

Example 1: The sending host and receiving host are on the same local network. PC1 wants to verify connectivity to its local default gateway at 192.168.10.1 (the router interface):

1. PC1 consults the IPv4 route table based on the destination IP address.

2. PC1 discovers that the host is on the same network and simply sends a ping packet out of its interface (On-link).

3. R1 receives the packet on its Gigabit Ethernet 0/0 (G0/0) interface and looks at the destination IP address.

4. R1 consults its routing table.

5. R1 matches the destination IP address to the L 192.168.10.1/32 routing table entry and discovers that this route points to its own local interface, as shown in Figure 6-16.

6. R1 opens the remainder of the IP packet and responds accordingly.

Example 2: The sending host and receiving host are not on the same local network but are connected to the same router. PC1 wants to send a packet to PC2 (192.168.11.10):

1. PC1 consults the IPv4 route table and discovers that there is no exact match.

2. PC1 therefore uses the all route network (0.0.0.0) and sends the packet using the local default route (192.168.10.1).

3. R1 receives the packet on its Gigabit Ethernet 0/0 (G0/0) interface and looks at the destination IP address (192.168.11.10).

4. R1 consults its routing table and matches the destination IP address to the C 192.168.11.0/24 routing table entry, as shown in Figure 6-17.

5. R1 forwards the packet out of its directly connected Gigabit Ethernet 0/1 interface (G0/1).

6. PC2 receives the packet and consults its host IPv4 routing table.

7. PC2 discovers that the packet is addressed to it, opens the remainder of the packet, and responds accordingly.

Example 3: The sending host and receiving host are not on the same local network and are not on the same router. PC1 wants to send a packet to 209.165.200.226:

1. PC1 consults the IPv4 route table and discovers that there is no exact match.

2. PC1 therefore uses the default route (0.0.0.0/0) and sends the packet using the default gateway (192.168.10.1).

3. R1 receives the packet on its Gigabit Ethernet 0/0 (G0/0) interface and looks at the destination IP address (209.165.200.226).

4. R1 consults its routing table and matches the destination IP address to the C 209.165.200.224/30 routing table entry, as shown in Figure 6-18.

5. R1 forwards the packet out of its directly connected Serial 0/0/0 interface (S0/0/0).

Example 4: The sending host and receiving host are not on the same local network and not connected to the same router. PC1 wants to send a packet to the host with IP address 10.1.1.10:

1. PC1 consults the IPv4 route table and discovers that there is no exact match.

2. PC1 therefore uses the all route network (0.0.0.0) and sends it to its local default route (192.168.10.1).

3. R1 receives the packet on its Gigabit Ethernet 0/0 (G0/0) interface and looks at the destination IP address (10.1.1.10).

4. R1 consults its routing table and matches the destination IP address to the D 10.1.1.0/24 routing table entry, as shown in Figure 6-19.

5. R1 discovers it has to send the packet to the next-hop address 209.165.200.226.

6. R1 again consults its routing table and matches the destination IP address to the C 209.165.200.224/30 routing table entry, as shown in Figure 6-19.

7. R1 forwards the packet out of its directly connected Serial 0/0/0 interface (S0/0/0).

Branch: Teleworkers, small businesses, and medium-size branch sites. Includes Cisco 800, 1900, 2900, and 3900 Integrated Series Routers (ISR) G2 (2nd generation).

WAN: Large businesses, organizations, and enterprises. Includes the Cisco Catalyst 6500 Series Switches and the Cisco Aggregation Service Router (ASR) 1000.

Service Provider: Large service providers. Includes Cisco ASR 1000, Cisco ASR 9000, Cisco XR 12000, Cisco CRS-3 Carrier Routing System, and 7600 Series routers.

The focus of CCNA certification is on the branch family of routers.

Regardless of their function, size, or complexity, all router models are essentially computers. Just like computers, tablets, and smart devices, routers also require

An operating system (OS)

A central processing unit (CPU)

Random-access memory (RAM)

Read-only memory (ROM)

A router also has special memory that includes flash and non-volatile RAM (NVRAM).

The CPU requires an OS to provide routing and switching functions. The Cisco Internetwork Operating System (IOS) is the system software used for most Cisco devices, regardless of the size and type of the device. It is used for routers, LAN switches, small wireless access points, large routers with dozens of interfaces, and many other devices.

Cisco IOS: The IOS is copied into RAM during bootup.

Running configuration file: This is the configuration file that stores the configuration commands that the router IOS is currently using. It is also known as the running-config.

IP routing table: This file stores information about directly connected networks and remote networks. It is used to determine the best path to use to forward packets.

ARP cache: This cache contains the IPv4 address to MAC address mappings, similar to the ARP cache on a PC. The ARP cache is used on routers that have LAN interfaces, such as Ethernet interfaces.

Packet buffer: Packets are temporarily stored in a buffer when received on an interface or before they exit an interface.

Like computers, Cisco routers actually use dynamic random-access memory (DRAM). DRAM is a very common kind of RAM that stores the instructions and data needed to be executed by the CPU. Unlike ROM, RAM is volatile memory and requires continual power to maintain its information. It loses all of its content when the router is powered down or restarted.

By default, Cisco 1941 routers come with 512 MB of DRAM soldered on the main system board (onboard) and one dual in-line memory module (DIMM) slot for memory upgrades of up to an additional 2.0 GB. Cisco 2901, 2911, and 2921 models come with 512 MB of onboard DRAM. Note that first-generation ISRs and older Cisco routers do not have onboard RAM.

Bootup instructions: Provides the startup instructions.

Basic diagnostic software: Performs the Power-On Self Test (POST) of all components.

Limited IOS: Provides a limited backup version of the OS, in case the router cannot load the full-featured IOS.

Cisco 1941 routers come with two external CompactFlash slots. Each slot can support high-speed storage densities upgradeable to 4GB in density.

Figure 6-20 summarizes the four types of memory.

Console ports: Two console ports for the initial configuration and command-line interface (CLI) management access using a regular RJ-45 port and a new USB Type-B (mini-B USB) connector

AUX port: An RJ-45 port for remote management access; similar to the console port

Two LAN interfaces: Two Gigabit Ethernet interfaces for LAN access

Enhanced high-speed WAN interface card (EHWIC) slots: Two slots that provide modularity and flexibility by enabling the router to support different types of interface modules, including serial, digital subscriber line (DSL), switch port, and wireless

The Cisco 1941 ISR also has storage slots to support expanded capabilities. Dual-CompactFlash memory slots are capable of supporting a 4-GB CompactFlash card each for increased storage space. Two USB host ports are included for additional storage space and secure token capability.

CompactFlash can store the Cisco IOS software image, log files, voice configuration files, HTML files, backup configurations, or any other file needed for the system. By default, only slot 0 is populated with a CompactFlash card from the factory, and it is the default boot location.

Figure 6-21 identifies the location of these connections and slots.

The connections on a Cisco router can be grouped into two categories:

Management ports: These are the console and auxiliary ports used to configure, manage, and troubleshoot the router. Unlike LAN and WAN interfaces, management ports are not used for packet forwarding.

Inband router interfaces: These are the LAN and WAN interfaces configured with IP addressing to carry user traffic. Ethernet interfaces are the most common LAN connections, while common WAN connections include serial and DSL interfaces.

Like many networking devices, Cisco devices use light emitting diode (LED) indicators to provide status information. An interface LED indicates the activity of the corresponding interface. If an LED is off when the interface is active and the interface is correctly connected, this may be an indication of a problem with that interface. If an interface is extremely busy, its LED is always on, and may be blinking very fast.

Console: Uses a low-speed serial or USB connection to provide direct connect, out-of-band management access to a Cisco device

Telnet or SSH: Two methods for remotely accessing a CLI session across an active network interface

AUX port: Used for remote management of the router using a dial-up telephone line and modem

The console and AUX port are located on the router.

In addition to these ports, routers also have network interfaces to receive and forward IP packets. Routers have multiple interfaces that are used to connect to multiple networks. Typically, the interfaces connect to various types of networks, which means that different types of media and connectors are required.

Every interface on the router is a member or host on a different IP network. Each interface must be configured with an IP address and subnet mask of a different network. The Cisco IOS does not allow two active interfaces on the same router to belong to the same network.

Router interfaces can be grouped into two categories:

Ethernet LAN interfaces: Used for connecting cables that terminate with LAN devices, such as computers and switches. This interface can also be used to connect routers to each other. Several conventions for naming Ethernet interfaces are popular: the older Ethernet, Fast Ethernet, and Gigabit Ethernet. The name used depends on the device type and model.

Serial WAN interfaces: Used for connecting routers to external networks, usually over a larger geographical distance. Similar to LAN interfaces, each serial WAN interface has its own IP address and subnet mask, which identifies it as a member of a specific network.

Figure 6-22 shows the LAN Interfaces and serial interfaces on the router.

Addressing

Interfaces

Routing

Security

QoS

Resources management

The IOS file itself is several megabytes in size, and similar to the files for Cisco IOS switches, is stored in flash memory. Using flash allows the IOS to be upgraded to newer versions or to have new features added. During bootup, the IOS is copied from flash memory into RAM. DRAM is much faster than flash; therefore, copying the IOS into RAM increases the performance of the device.

IOS image file: The IOS facilitates the basic operation of the device’s hardware components. The IOS image file is stored in flash memory.

Startup configuration file: The startup configuration file contains commands that are used to initially configure a router and create the running configuration file stored in RAM. The startup configuration file is stored in NVRAM. All configuration changes are stored in the running configuration file and are implemented immediately by the IOS.

The running configuration is modified when the network administrator performs device configuration. When changes are made to the running-config file, it should be saved to NVRAM as the startup configuration file, in case the router is restarted or loses power.

1. Perform the POST and load the bootstrap program.

2. Locate and load the Cisco IOS software.

3. Locate and load the startup configuration file or enter setup mode.

Step 1. Perform POST and Load Bootstrap Program

The Power-On Self Test (POST) is a common process that occurs on almost every computer during bootup. The POST process is used to test the router hardware. When the router is powered on, software on the ROM chip conducts the POST. During this self-test, the router executes diagnostics from ROM on several hardware components, including the CPU, RAM, and NVRAM. After the POST has been completed, the router executes the bootstrap program.

After the POST, the bootstrap program is copied from ROM into RAM. Once in RAM, the CPU executes the instructions in the bootstrap program. The main task of the bootstrap program is to locate the Cisco IOS and load it into RAM.

Step 2. Locate and Load Cisco IOS

The IOS is typically stored in flash memory and is copied into RAM for execution by the CPU. After the IOS begins to load, a string of pounds signs (#) will be displayed while the image decompresses.

If the IOS image is not located in flash, then the router may look for it using a TFTP server. If a full IOS image cannot be located, a scaled-down version of the IOS is copied from ROM into RAM. This version of IOS is used to help diagnose any problems and can be used to load a complete version of the IOS into RAM.

Step 3. Locate and Load the Configuration File

The bootstrap program then searches for the startup configuration file (also known as startup-config) in NVRAM. This file has the previously saved configuration commands and parameters. If it exists, then it is copied into RAM as the running configuration file, running-config. The running-config file contains interface addresses, starts routing processes, configures router passwords, and defines other characteristics of the router.

If the startup-config file does not exist in NVRAM, the router may search for a TFTP server. If the router detects that it has an active link to another configured router, it sends a broadcast searching for a configuration file across the active link.

If a TFTP server is not found, then the router displays the setup mode prompt. Setup mode is a series of questions prompting the user for basic configuration information. Setup mode is not intended to be used to enter complex router configurations, and it is not commonly used by network administrators.

The output from the show version command includes

IOS version: Version of the Cisco IOS software in RAM and that is being used by the router.

ROM Bootstrap Program: Displays the version of the system bootstrap software, stored in ROM, that was initially used to boot up the router.

Location of IOS: Displays the version and location of the bootstrap program and the complete filename of the IOS image.

CPU and Amount of RAM: The first part of this line displays the type of CPU on this router. The last part of this line displays the amount of DRAM. Some series of routers, such as the Cisco 1941 ISR, use a fraction of DRAM as packet memory. Packet memory is used for buffering packets. To determine the total amount of DRAM on the router, add both numbers.

Interfaces: Displays the physical interfaces on the router. In this example, the Cisco 1941 ISR has two Gigabit Ethernet interfaces and two low-speed serial interfaces.

Amount of NVRAM and Flash: This is the amount of NVRAM and the amount of flash memory on the router. NVRAM is used to store the startup-config file, and flash is used to permanently store the Cisco IOS.

The last line of the show version command displays the current, configured value of the software configuration register in hexadecimal. If there is a second value displayed in parentheses, it denotes the configuration register value that is used during the next reload.

The configuration register has several uses, including password recovery. The factory default setting for the configuration register is 0x2102. This value indicates that the router attempts to load a Cisco IOS software image from flash memory and load the startup configuration file from NVRAM.

Similar to configuring a switch, the following steps should be completed when configuring initial settings on a router:

1. Assign a device name using the hostname global configuration command.

2. Set passwords:

Secure privileged EXEC mode access using the enable secret command.

Secure EXEC mode access for console using the login command on the console port, and the password command to set the password.

Secure virtual access similar to securing EXEC access mode for console, except on the vty port.

Use the service password-encryption global configuration command to prevent passwords from displaying as plain text in the configuration file.

3. Provide legal notification using the banner motd (message of the day [MOTD]) global configuration command.

4. Save the configuration using the copy run start command.

5. Verify the configuration using the show run command.

There are many different types of interfaces available on Cisco routers. In the example in Figure 6-24, the Cisco 1941 router is equipped with two Gigabit Ethernet interfaces and a serial WAN interface card (WIC) consisting of two interfaces; the interfaces are named as follows:

Gigabit Ethernet 0/0 (G0/0)

Gigabit Ethernet 0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

To enable a router interface, configure the following:

IPv4 address and subnet mask: Configures the IP address and subnet mask using the ip address subnet-mask interface configuration command.

Activate the interface: By default, LAN and WAN interfaces are not activated. The interface must be activated using the no shutdown command. This is similar to powering on the interface. The interface must also be connected to another device (a hub, a switch, or another router) for the physical layer to be active.

Although not required, it is good practice to configure a description on each interface to help document the network information. The description text is limited to 240 characters. On production networks, a description can be helpful in troubleshooting by providing information about the type of network that the interface is connected to and if there are any other routers on that network. If the interface connects to an ISP or service carrier, it is helpful to enter the third-party connection and contact information.

You can verify connectivity from the interface using the ping command. Cisco routers send five consecutive pings and measure minimal, average, and maximum round-trip times. Exclamation marks verify connectivity.

Other interface verification commands include

show ip route: Displays the contents of the IPv4 routing table stored in RAM

show interfaces: Displays statistics for all interfaces on the device

show ip interface: Displays the IPv4 statistics for all interfaces on a router

Remember to save the configuration using the copy running-config startup-config (or just type copy run start) command.

For an end device to communicate over the network, it must be configured with the correct IP address information, including the default gateway address. The default gateway is only used when the host wants to send a packet to a device on another network. The default gateway address is generally the router interface address attached to the local network of the host. Although it does not matter what address is actually configured on the router interface, the IP address of the host device and the router interface address must be in the same network.

Figure 6-25 displays a topology of a router with two separate interfaces. Each interface is connected to a separate network. G0/0 is connected to network 192.168.10.0, and G0/1 is connected to network 192.168.11.0. Each host device is configured with the appropriate default gateway address.

In Figure 6-25, PC1 sends a packet to PC2. In this example, the default gateway is not used; rather, PC1 addresses the packet with the IP address of PC2 and forwards the packet directly to PC2 through the switch.

In Figure 6-26, PC1 sends a packet to PC3. In this example, PC1 addresses the packet with the IP address of PC3, but then forwards the packet to the router. The router accepts the packet, accesses its route table to determine the appropriate exit interface based on the destination address, and then forwards the packet out of the appropriate interface to reach PC3.

The IP address information on a switch is only necessary to manage the switch remotely. In other words, to be able to telnet to the switch, the switch must have an IP address to telnet to. If the switch is only accessed from devices within the local network, only an IP address is required.

Configuring the IP address on a switch is done on the switch virtual interface (SVI):

S1(config)# interface vlan1

S1(config-vlan)# ip address 192.168.10.50 255.255.255.0

S1(config-vlan)# no shut

However, if the switch must be accessible by devices in a different network, the switch must be configured with a default gateway address, because packets that originate from the switch are handled just like packets that originate from a host device. Therefore, packets that originate from the switch and are destined for a device on the same network are forwarded directly to the appropriate device. Packets that originate from the switch and are destined for a device on a remote network must be forwarded to the default gateway for path determination.

To configure a default gateway on a switch, use the following global configuration command:

S1(config)# ip default-gateway 192.168.10.1

Figure 6-27 shows an administrator connecting to a switch on a remote network. For the switch to forward response packets to the administrator, the default gateway must be configured.

A common misconception is that the switch uses its configured default gateway address to determine where to forward packets originating from hosts connected to the switch and destined for hosts on a remote network. Actually, the IP address and default gateway information is only used for packets that originate from the switch. Packets originating from hosts connected to the switch must already have default gateway information configured to communicate on remote networks.

The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across the network. To accomplish this end-to-end transport, the network layer uses four basic processes: IP addressing for end devices, encapsulation, routing, and de-encapsulation.

The Internet is largely based on IPv4, which is still the most widely used network layer protocol. An IPv4 packet contains the IP header and the payload. However, IPv4 has a limited number of unique public IP addresses available. This led to the development of IPv6. The IPv6 simplified header offers several advantages over IPv4, including better routing efficiency, simplified extension headers, and capability for per-flow processing. Plus, IPv6 addresses are based on 128-bit hierarchical addressing as opposed to IPv4 with 32 bits. This dramatically increases the number of available IP addresses.

In addition to hierarchical addressing, the network layer is also responsible for routing. Hosts require a local routing table to ensure that packets are directed to the correct destination network. The local table of a host typically contains the direct connection, the local network route, and the local default route. The local default route is the route to the default gateway.

The default gateway is the IP address of a router interface connected to the local network. When a host needs to forward a packet to a destination address that is not on the same network as the host, the packet is sent to the default gateway for further processing.

When a router, such as the default gateway, receives a packet, it examines the destination IP address to determine the destination network. The routing table of a router stores information about directly connected routes and remote routes to IP networks. If the router has an entry in its routing table for the destination network, the router forwards the packet. If no routing entry exists, the router may forward the packet to its own default route, if one is configured, or it will drop the packet.

Routing table entries can be configured manually on each router to provide static routing, or the routers may communicate route information dynamically between each other using a routing protocol.

In order for routers to be reachable, the router interface must be configured. To enable a specific interface, enter interface configuration mode using the interface type-and-number global configuration mode command.

Class Activity 6.5.1.1: Can You Read This Map?

Lab 6.3.1.9: Exploring Router Physical Characteristics

Lab 6.4.3.5: Initializing and Reloading a Router and Switch

Packet Tracer Activity 6.4.1.2: Configure Initial Router Settings

Packet Tracer Activity 6.4.4.3: Connect a Router to a LAN

Packet Tracer Activity 6.4.3.4: Troubleshooting Default Gateway Issues

Packet Tracer Activity 6.5.1.2: Skills Integration Challenge

1. Which device is responsible for determining the path to another network?

A. Switch

B. Router

C. Hub

D. Modem

2. What is true about OSI Layer 3? (Choose two.)

A. It uses data encapsulated in the transport layer.

B. It removes IP information before sending the Layer 3 PDU to the next level.

C. Layer 3 addresses are permanent.

D. Layer 3 addresses are 32 bits in length.

3. Which network protocol is not considered legacy?

A. IPX

B. IPv6

C. AppleTalk

D. DECNet

4. Which protocol provides connectionless network layer services?

A. IP

B. TCP

C. DNS

D. OSI

5. Which of the following are not functions of the network layer? (Choose two.)

A. Routing

B. Addressing packets with an IP address

C. Delivery reliability

D. Application data analysis

E. Encapsulation

F. De-encapsulation

6. Which of the following are true about IP? (Choose three.)

A. It is connection oriented.

B. It is the most common network layer protocol.

C. It analyzes presentation layer data.

D. It operates at OSI Layer 2.

E. It encapsulates transport layer segments.

F. It is media independent.

G. Packet delivery is assured.

7. Which commands can be used to view a host’s routing table? (Choose two.)

A. show ip interface brief

B. route print

C. show ip route

D. show run

E. netstat-r

8. Select three pieces of information about a route that a routing table contains.

A. Next-hop

B. Source address

C. Metric

D. Destination network address

E. Last hop

F. Destination MAC address

9. What kinds of problems are caused by excessive broadcast traffic on a network segment? (Choose three.)

A. Consumes network bandwidth

B. Increases overhead on network

C. Requires complex address schemes

D. Interrupts other host functions

E. Divides networks based on ownership

F. Advanced hardware required

10. Which is a characteristic of the IP protocol?

A. Media dependent

B. Reliable

C. Connectionless

D. Addresses give segments with IP addresses

11. Which of the following are not functions of the network layer? (Choose two.)

A. Routing

B. Addressing packets with an IP address

C. Delivery reliability

D. Application data analysis

E. Encapsulation

F. De-encapsulation

12. Which of the following are true about IP? (Choose two.)

A. IP stands for International Protocol.

B. It is the most common network layer protocol.

C. It analyzes presentation layer data.

D. It operates at OSI Layer 2.

E. It encapsulates transport layer segments.

13. What is the name of the process of removing the OSI Layer 2 information from an IP packet?

A. Frame fragmenting

B. Bit dropping

C. De-encapsulation

D. De-segmenting

14. Which of the following is true about IP?

A. It is connection oriented.

B. It uses application data to determine the best path.

C. It is used by both routers and hosts.

D. It is reliable.

15. Which of the following are true about the network layer encapsulation process? (Choose two.)

A. It adds a header to a segment.

B. It can happen many times on the path to the destination host.

C. It is performed by the last router on the path.

D. Both source and destination IP addresses are added.

E. It encapsulates transport layer information into a frame.

16. Which of the following are true about TCP and IP? (Choose two.)

A. TCP is connectionless and IP is connection oriented.

B. TCP is reliable and IP is unreliable.

C. IP is connectionless and TCP is connection oriented.

D. TCP is unreliable and IP is reliable.

E. IP operates at the transport layer.

17. Why is IP “media independent”?

A. It encapsulates Layer 1 instructions.

B. It works the same on all Layer 1 media.

C. It carries both video and voice data.

D. It works without Layer 1 media.

18. TCP is an OSI Layer __________ protocol.

A. 3

B. 5

C. 4

D. 6

E. 7

19. How many bits are in an IPv4 address?

A. 20

B. 8

C. 32

D. 64

E. 128

20. Which statement is true about local default routes?

A. They forward LAN traffic to the proper local host.

B. They are configured on the first physical interface of a switch.

C. They are configured on router interfaces.

D. They send packets that do not match in the routing table to the default gateway.