Develop Reference

How do I determine that the subnet was going to be .11.254 and .13.254?

I figured out the subnet mask for both subnets 1 and 2. My problem is I can't grasp how the subnet turns to 172.20.11.254 and 172.20.13.254 respectively? I assume this is VSLM, but not certain. I'm just learning this. I got 172.20.8.0 and 172.20.6.0 as my subnet and I know that is wrong now. Thanks for any help you can provide.
To determine which subnet mask will work for the 172.20.0.0 network, first look at the number of hosts required for each subnet:
Subnet1 (connected to FastEthernet0/0) has 672 hosts. To support 672 hosts, a subnet mask of /22 is required (10 host bits in the 2n-2 formula will afford 1022 host addresses in the subnet).
Subnet2 (connected to FastEthernet0/1) has 258 hosts. To support 258 hosts, a subnet mask of /23 is required (9 host bits in the 2n-2 formula will afford 510 host addresses in the subnet).
With a network address of 172.20.0.0 and the masks needed to fit the requirements, you need to configure the following IP address and subnet masks:
For the FastEthernet0/0 connection:
172.20.8.0/22 is the third possible subnet. (172.20.0.0/22 is the first possible subnet and 172.20.4.0/22 is the second possible subnet.)
172.20.11.254 is the last possible IP address in the subnet.
255.255.252.0 is the decimal version of a 22-bit mask.
For the FastEthernet0/1 connection:
172.20.12.0/23 is the next available subnet that does not overlap.
172.20.13.254 is the last possible IP address in the subnet.
255.255.254.0 is the decimal version of a 23-bit mask.
Use the following commands to configure the SFO interfaces:
SFO>enable
SFO#configure terminal
SFO(config)#interface FastEthernet0/0
SFO(config-if)#ip address 172.20.11.254 255.255.252.0
SFO(config-if)#no shutdown
SFO(config-if)#interface FastEthernet0/1
SFO(config-if)#ip address 172.20.13.254 255.255.254.0
SFO(config-if)#no shutdown
SFO(config-if)#exit
SFO(config)#exit
SFO#copy run start

I detect some desperation, so let's see if I can convey and understandable explanation. :-)
172.20.0.0 seems to be the address space destined for you to use in this exercise. That is a class B network (255.255.0.0, or /16 netmask), but since we're going to subnet it variably, you can safely forget that. For example, you could subnet all of it it in small, class C subnets (all with a mask of 255.255.255.0, or /24), and if you did you would use 172.20.0.0/24 for one network, 172.20.1.0/24 for another, 172.20.2.0/24 for another, and so on. But if you did that, each subnet would be able to hold no more than 254 hosts (that is because you leave the last octet - 8 bits - for the host portion, and you have to reserve two - the first and last - for the subnet address and the broadcast address: 2^8-2=254).
But 254 hosts is not enough for your needs, since you have requirements for 672 and 258.
If you use a smaller sized mask (meaning larger sized network -> more hosts) like a /23 (255.255.254.0) you now have 9 bits for the host portion, therefore you can acommodate 2^9-2=510 hosts, big enough for 258, but not for 672. So for the latter you will need a /22 network (255.255.252.0), which will leave 10 bits for the host portion thus allowing 2^10-2=1022.
With each bit you reduce in the netmask, you double your network size. So if a /24 goes from 172.20.0.0 to 172.20.0.255 (the single '0' class C network), a /23 goes from 172.20.0.0 to 172.20.1.255 (two class C networks, '0' and '1'). And a /22 goes from 172.20.0.0 to 172.20.3.255 (four class C networks). In each case the first address is considered the network address and is not assigned to any device, and the last one is the broadcast address, and is not assigned either.
So, back to your example, they choose to assign the 3rd /22 network (1st being from 172.20.0.0 to 172.20.3.255, 2nd being from 172.20.4.0 to 172.20.7.255, and 3rd being from 172.20.8.0 to 172.20.11.255) to that particular subnet. So 172.20.8.0/22 it is. And they choose to assign the 7th /23 subnet possible (1st is '0' and '1' class C's, 2nd is '2' and '3' class C's, and so on) to the other subnet. So 172.20.12.0/23 it is for it. Remember that they cannot overlap!
Now, as to why they chose the .254 addresses for the router interfaces, that is just a convention. Router interfaces are usually configured to use either the first usable (.1) IP address or the last usable (.254) IP address in their subnets, at least on the LAN side. Note that your subnets' broadcast addresses are 172.20.11.255 for the /22 and 172.20.13.255 for the /23. In both cases they picked for the router interfaces the address which is one below them, i.e. the last usable address. But it could have been any one in the corresponding range.
Did that help?

VLSM Calculation

Network - 193.197.74.0 /24
There are 6 routers : A,B,C,D,E,F
router A - DMZ - 12
router B - 60hosts
router C - 20hosts
router D - 10 hosts
router E - 25hosts
router F - 50hosts
These routers are connected in a ring topology
There a conditions given below before I can calcuate the VLSM.
Subnet zero and last subnet(1-bit subnets) are forbidden
"By this I understand that it means, the first possible subnet address and the last possible subnet address should not be used. "
2.The lowest and highest subnet IPs are for normal serial inter router connection
" By this I understand, that the network address should be given for connections between Router A - Router B - and so no." Is that correct?
3 - The biggest subnet should be in the middle of possible address
"In cisco netacad, I read that the highest possible address should be taken first , with that I can calculate the subnet mask and the first and last possible hosts"
4 - The lower in size matching subnet is to use a DMZ - Network
" Does that mean that , I have to choose the lowest subnet - (Least possible hosts) and pick that for DMZ"
I need no solution for this, but I just to understand the question correctly that way I can solve it.
My understanding were mentioned above :)

1)Nowadays by default in cisco routers no subnet zero is enabled that means you can use first subnet for allocation.
2)cisco has behaviour of longest possible match means if you have two networks to reach same destination 10.1.1.0/27 and 10.1.1.0/30 then second one will go in routing table as cisco starts counting network address from LSB which in this case is 32 then 31 then /30 ITS HIT AND GOES TO ROUTE TABLE.
Plan acordingly and note that LONGEST POSSIBLE MATCH has an precedence over AD value of routing protocols value.

Finding addresses of next hop

I have the next table:
Network adress NetMask Next Hop
128.96.166.0 255.255.255.0 1
128.96.166.0 255.255.252.0 2
0.0.0.0 0.0.0.0 3
I want to find the adreeses range, for which the router will send to each Hop. for example, the adress's IP: 128.96.166.0 would send to Hop 1.
I don't understand how the NetMak help me to detrmine it. Is it not always would go to hop 1?

The algorithm to decide is:
If (IP address BitwiseAND NetMask == NetwordAddress) Then
Forward to Next Hop

First, start reading the netmask in binary form. In this form the netmask is ALWAYS some 1s followed by 0s. The netmask tells you the length (in bits) of the relevant prefix (1 means relevant bit, 0 means not relevant bit). For instance
128.96.166.1 and 128.96.166.2 would be sent to Hop1 b/c if you only look at the first 24 bits both addresses have the same 24 first bits, just like the first 24 bits of the network address. However the address 128.96.167.1 would not be sent to Hop1, b/c the 24th bit is different.
But the entry for Hop2 has a different netmask. The netmask for Hop2 says to look only at the first 22 bits. When only looking at the first 22 bits 128.96.167.1 matches the network address for Hop2 and packets addressed to 128.96.167.1 would be sent via Hop2.
Further:
When looking at the first 22 bits the network addresses for Hop1 and Hop2 match 128.96.166.1 and 128.96.166.2. However, (normaly) any component will pick Hop1 for 128.96.166.1 and 128.96.166.2 because that rule matches more bits. This is called "longest prefix match" and concurs with the idea "if there are more matching bits this hop will get the packet closer to the final destination".

A simple ip subnet calculator online here: http://www.subnet-calculator.com/

VLSM assistance

I have a quick query about using VLSM. I need to adopt a optimized addressing scheme making use of VLSM, I have 3 networks in total connected via two different routers, router 1 has a network of 300 hosts and another network of 25 hosts. Router 1 is connected to router 2 and that has an additional 82 hosts. Would it be possible to do this scheme over two IP addresses?
Lets say my starting IP is 182.20.1.0, how would this work?

You would at least need 4 subnets (between router 1 and 2 you need a /30 subnet). You need to reserve ip addresses for each subnet starting from the subnet with the highest number of hosts.
The number of hosts determines how big your subnets will be. You can have (2^n-2) host for every subnet, having n the number of reserved bits.
So for your first subnet you'll need 9 bits, leaving you with a /23 subnet.
Start over for your next subnet with the next available ip address.

Understanding vlan treatment on packet

Hi every one i am trying to understand vlan behavior on tagged and untagged packets.i have come across these statement which sounds quite confusing to me
When a tagged packet enters a port, the default VLAN ID setting has no effect on the tag.
1. The packet proceeds to the VLAN specified by its VLAN ID tag number.
2. If the port in which the packet entered does not belong to the VLAN
specified by the packet’s VLAN ID tag, the system drops the packet.
3. If the port belongs to the VLAN specified by the packet’s VLAN ID,
the system can send the packet to other ports with the same VLAN ID.
I am so confuse in all these statements.How does these three differ. They are contradicting one an other what does packet /port belong to specific vlan ID mean as port can have only one vlan ID

Overview
I have been refraining from answering this question, since I thought it would get migrated to Server Fault; since it is lingering here, I will address the specifics of your question. It is also difficult to completely respond without more context of why the author was making those points, but I will endeavor to answer as best I can. I'm not sure why I spent so much time answering this question, other than it's Christmas and my wife is out of the country visiting her family...
Diagram
I think the concepts are best illustrated by something called a multi-layer switch, which is just an ethernet switch that also understands IP addresses. I drew a diagram to illustrate:
The switch has four physical interfaces, numbered Port 1/1, Port 1/2, Port 1/3 and Port 1/4
The switch has one virtual interface, Vlan12. The virtual interface has an ethernet mac-address and an IP address assigned to it.
Three ethernet frames are assumed to enter Port 1/1
Port 1/1 is configured to accept Vlan tags 12 and 13. Port 1/1 also has a default Vlan of 1; this means that any untagged frames are put into Vlan 1.
The first decision point an ethernet switch uses is determining what Vlan a frame belongs to.
Next the ethernet switch looks at it's database of ethernet mac-addresses that it knows
Answers
I am so confuse in all these statements.How does these three differ. They are contradicting one an other what does packet /port belong to specific vlan ID mean as port can have only one vlan ID
Actually it depends on the kind of port we are discussing. The author is very clearly describing what happens on an ethernet switch port in trunk mode.
Ethernet trunk mode ports can process than one Vlan ID, if they are in trunk mode (see Port 1/1 in the diagram). Port 1/1 can accept ethernet frames with either Vlan 12 or Vlan 13; however, those frames must have an 802.1q tag on them so the switch knows which Vlan they belong in
Ethernet Access mode ports have only one Vlan assigned.
To address the points in quoted from the text...
When a tagged packet enters a port, the default VLAN ID setting has no effect on the tag.
1. The packet proceeds to the VLAN specified by its VLAN ID tag number.
This is best illustrated by what could happen to Frame A.
Even though Port 1/1 has a default Vlan (Vlan 1), Frame A remains assigned to Vlan 12. As such, it could exit Port 1/2, 1/3 or go directly to Virtual Interface Vlan12:
If Frame A goes out Port 1/2, the 802.1q tag (12) sent into Port 1/1 remains on Frame A, because Port 1/2 is in trunk mode
If Frame A goes out Port 1/3, the 802.1q tag (12) sent into Port 1/1 is removed from Frame A, because Port 1/3 is in access mode
If Frame A is delivered to Virtual Interface Vlan12 (if Frame A's destination mac-address is 000a.dead.beef), the switch doesn't need to forward the frame anywhere else. Normally the reason that you would see an ethernet frame addressed to a virtual interface on the switch is for management purposes, such as telnet, ssh or snmp. There are other reasons, but let's not complicate things any more for now.
... 2. If the port in which the packet entered does not belong to the VLAN
specified by the packet’s VLAN ID tag, the system drops the packet.
This is best illustrated by what happens to Frame B.
Port 1/1 is not configured to accept Vlan ID 20, so when the switch sees "20" in the 802.1q tag, Frame B is discarded.
... 3. If the port belongs to the VLAN specified by the packet’s VLAN ID,
the system can send the packet to other ports with the same VLAN ID.
This again refers to Frame A; in this case the author describes what could happen if the switch does not deliver Frame A to Virtual Interface Vlan12.
Finally I included Frame C for your reference. This is to illustrate the behavior of a default Vlan on an ethernet trunk port.
Merry Christmas, and good luck with your studies.

Let's take a step back and just look at the concept here.
If you just have a "dumb" switch, it only has one VLAN, and that VLAN is "untagged". That means each packet has a "normal" Ethernet header which does not include the 802.1q tag.
If you want to multiplex more than one network over a single physical medium, the switch has to have some way to tell the networks apart. The way it does that is by using a VLAN tag. Let's imagine you have two switches connected to each other, and you have three VLANs, 100, 200, and 300.
Imagine the two switches are connected to each other with only 1 cable to port A on each switch. You would configure port A on each switch to accept and forward tagged traffic on those three VLANs. Then you would configure the ports you wanted to be in VLAN 100, 200, and 300 as that port's default VLAN, on each port exposed to end users.
In summary, a few important points:
VLAN tags are used to multiplex multiple logical layer 2 networks over the same physical link
VLAN tags are normally used between infrastructure devices (and possibly servers) and are not seen on end users' networks
A switch is typically configured such that when a packet is switched, the appropriate tag is added as the packet traverses the network infrastructure, and then removed before an end user device sees the packet again.
Kind of hard to explain. Hope this helps.

When a tagged packet enters a port, the default VLAN ID setting has no effect on the tag.
means that when a packet enters some switch with some VLAN ID assigned to it.. it will continue travelling inside the switch with same vlan id. If the packet has no vlan id then packet will be assigned default vlan id which is generally 1.
1. The packet proceeds to the VLAN specified by its VLAN ID tag number.
because the packet has vlan id assigned, it will proceed ahead with same vlan id.
2. If the port in which the packet entered does not belong to the VLAN
specified by the packet’s VLAN ID tag, the system drops the packet.
packet will enter into some port decided by switch based on destination ip address in packet header and routing table inside switch. If that port does not have permissions to transmit packets with vlan id of that particular packet, then the port will drop the packet.
3. If the port belongs to the VLAN specified by the packet’s VLAN ID,
the system can send the packet to other ports with the same VLAN ID.
Otherwise if the port has permissions to transmit packets with that particular vlan id then it will transmit the packet ahead.
this same criteria will be followed in every switch it encounters till the packet reaches its destination.

both frames B and C would be discarded. If native vlan is not allowed in the trunk then the untagged frame wont be allowed to travel

VLAN tag is a part of a packet link header (on the 2nd ISO/OSI layer).
You have two possibilities of setting a port:
1) Port belongs to the VLAN (access mode).
This implicates two behavior:
a) Inside of switch every port has its own VLAN ID (default is normally VLAN 1). Every port in this mode rejects ingress 802.1q tagged frames and automatically assigns untagged frames to the VLAN ID of this port.
b) If a frame enters a port associated with this mode, and egresses a trunk port (below), the frame will be tagged with an 802.1q header with the appropriate VLAN ID associated with the ingress port.
As you can see, When you set a half ports on the switch to the VLAN5 and a half to the VLAN2, you will divide switch to the two parts and you will have two virtual switches.
2) Port is 'trunking port'
Through this port are going packets without modifications to other switch or PC, which can work with the tagged packets. On some switch you can use filter, where you can specify, which VLAN (or, which number of tag of VLAN) can pass through this port. But this port don't change the VLAN tags.
In this case, packets outside of switch goes exactly with the same tags, as inside of switch.