explanation required 2

Answered Question
Jun 14th, 2007

What is a fixed configuration router? And how has this feature been removed by introducing slot/port thing while configuring an interface?


Reference:


Router(config)#int ethernet ?

<0-0> Ethernet interface number

Router(config)#int ethernet 0

Router(config-if)#

The 2500 router, as previously demonstrated, is a fixed configuration router, which means that when you buy that model, you?re stuck with that physical configuration.To configure an interface, you always use the interface type number sequence, but the 2600, 3600, 4000, and 7000 series routers use a physical slot in the router, with a port number on the module plugged into that slot. So on a 2600 router, the configuration would be interface type slot/port, as seen here:

Router(config)#int fastethernet ?

<0-1> FastEthernet interface number

Router(config)#int fastethernet 0

% Incomplete command.

Router(config)#int fastethernet 0?

/

Router(config)#int fastethernet 0/?

<0-1> FastEthernet interface number

And make note of the fact that you can?t just type int fastethernet 0. You must type the full command: type slot/port, or int fastethernet 0/0, or int fa 0/0.

Correct Answer by Wilson Samuel about 9 years 8 months ago

Hi Neerav,


Thats a good question. I would rate you 4 points for that!


Actually, it works something like this:-


1. All applications work on Socket (Socket= IP Addr + Transport Protocol TCP/UDP + Port Number


2. All Servers (or services) do LISTEN on a specific port e.g. HTTP= TCP/80, HTTPS = TCP/443. SMTP=TCP/25 etc.


3. Whenever a client wants to talk to a server its will initiate the session To the server on the Service Port i.e. for SMTP=TCP/25 and the server would send the response back to the client on a 'high level' port number i.e. above the Service Port Numbers.


4. This all happens to a specific client and using a Socket (remember Socket = IP Add + TCP/UDP+ Port Number, hence for single client the IP Address would be unique, hence the Socket would be unique, hence the Server could respond to any number of clients with out issues.


And for clients, the request is sent to a particular IP Addr+ TCP/UDP + Port Number, and in this also, the IP Address would be different everytime, hence a client can initiate a session with any number of Servers!!


Morever, I know this might a bit difficult to understand in my terms, hence if you want a detailed explanation please visit


http://www.tcpipguide.com/free/t_TCPIPTransportLayerProtocolTCPandUDPAddressingPort.htm



I hope this helps,


Please rate if it helps.


Kind Regards,

Wilson Samuel

Correct Answer by Wilson Samuel about 9 years 8 months ago

Hi Neerav,


Please find below the 'comprehensive' Password Recovery link, and here you should get almost all Cisco Product's password recovery option.


http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml


However the point to be noticed is that, in every case you MUST HAVE CONSOLE ACCESS to the Router which is either a Direct Console Cable from your PC AND THE ROUTER/SWITCH MUST BE in the BootStrap Mode i.e. once it has completed the POST, you can't run the Password Recovery options!!


So, one can't access the Config / Change Password of a Cisco Router / Switch unless:


1. Reboots the Router

2. Issues the Password Recovery option (i.e. send Break from the Console)



Now, if someone has already got this, things can get much uglier than this... so this essentially not a Security Loophole.


I hope I was able to express my view, however please feel free to get back if there is anything else that still hits your mind. :-)



Hope that helps


Please rate if it helps,


Kind Regards,

Wilson SAmuel



Correct Answer by mohammedmahmoud about 9 years 8 months ago

Hi,


A fixed configuration router (ex: 800 and 2500 series) is a non modular router, i.e a router that can't have more interfaces and modules, and accordingly a modular router is a router that have empty slots in order to have more interfaces installed on it (ex: 2600 and 3600).


From your example, when configuring a fixed router you use "int ethernet 0", while when you configure a modular router you use "int fastethernet 0/0" where the first 0 is the slot number where the interface was inserted into.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (12 ratings)
Loading.
Correct Answer
mohammedmahmoud Fri, 06/15/2007 - 03:37

Hi,


A fixed configuration router (ex: 800 and 2500 series) is a non modular router, i.e a router that can't have more interfaces and modules, and accordingly a modular router is a router that have empty slots in order to have more interfaces installed on it (ex: 2600 and 3600).


From your example, when configuring a fixed router you use "int ethernet 0", while when you configure a modular router you use "int fastethernet 0/0" where the first 0 is the slot number where the interface was inserted into.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Wilson Samuel Fri, 06/15/2007 - 06:03

Hi,


I shall give the explanation in slightly different manner, however most of it would just an addendum to what Mohd. has written.


Simply put two things in mind:


1. A Fixed Configuration Router is a Router with Fixed number Interfaces in it.


2. Cisco uses various ways to address the Interfaces / Slots / Modules hence this may bit varry, for instance even if Switch 2950 is a fixed configuration, we still have to enter the Interface as Fa0/XX (where XX = 1-12 or 1-24 or 1-48 depending upon the port numbers).


So, in my sense, its not very nice to stick to the sense that, all Fixed config devices would have Interface_type Interface_Number (e.g. int ethernet 0).


Please revert back to us, if you still require more information about this or anything else.


I hope this helps.


If helps, please rate.


Kind Regards,

Wilson Samuel

neerav_kumar Sun, 06/17/2007 - 23:34

A bridge ID is defined by the priority of the bridge and the base MAC address. So what will be a bridge ID of a port with a hub attached to it. What will its base MAC address be?

mohammedmahmoud Mon, 06/18/2007 - 00:54

Hi,


Each VLAN on each network device has a unique 64-bit bridge ID consisting of a bridge priority value, an extended system ID, and an STP MAC address allocation, each series switch chassis have either 64 or 1024 MAC addresses available to support the BID, it has nothing to do with what is attached to the switch port.



HTH, please do rate all helpful replies,

Mohammed Mahmoud.



Wilson Samuel Mon, 06/18/2007 - 04:27

Hi Neerav,


Simply put the entire Saga of STP (and RSTP/MSTP) is only for Switch or Bridges and NOT for the Hubs/Repeaters etc. as they operate only at the L-1 of the OSI reference model. So any parameter which is associated with STP needn't apply on hubs.



Hence, generally hubs needn't have any MAC address as they are nothing but a 'multi-port repeater'.


Hope that helps,


Please rate if helpful.


Kind Regards,

Wilson SAmuel



neerav_kumar Mon, 06/18/2007 - 20:37

The password recovery option provided by Cisco router, isn't it a security loophole. Anyone can login from a remote host and change the configuration.

And one more question is there any way to access the router via ethernet, or is it only possible through the console/auxillary port?

Correct Answer
Wilson Samuel Tue, 06/19/2007 - 04:39

Hi Neerav,


Please find below the 'comprehensive' Password Recovery link, and here you should get almost all Cisco Product's password recovery option.


http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml


However the point to be noticed is that, in every case you MUST HAVE CONSOLE ACCESS to the Router which is either a Direct Console Cable from your PC AND THE ROUTER/SWITCH MUST BE in the BootStrap Mode i.e. once it has completed the POST, you can't run the Password Recovery options!!


So, one can't access the Config / Change Password of a Cisco Router / Switch unless:


1. Reboots the Router

2. Issues the Password Recovery option (i.e. send Break from the Console)



Now, if someone has already got this, things can get much uglier than this... so this essentially not a Security Loophole.


I hope I was able to express my view, however please feel free to get back if there is anything else that still hits your mind. :-)



Hope that helps


Please rate if it helps,


Kind Regards,

Wilson SAmuel



neerav_kumar Tue, 06/19/2007 - 04:46

Thanks for the link. It was of great help in understanding the password recovery.

But regarding the question whether we can access the router through an ethernet. Actually I am on a LAN and would like to see the configuration of the router is connected to.

mohammedmahmoud Tue, 06/19/2007 - 05:27

Hi,


You can telnet to the router Ethernet IP address, but make sure that you have configured either "no login", or "login" + password under the vty lines.



HTH,

Mohammed Mahmoud.

neerav_kumar Tue, 06/19/2007 - 21:01

In which case do we need to assign more than one IP address to a LAN interface ????

mohammedmahmoud Wed, 06/20/2007 - 00:24

Hi,


This is done in many cases, a simply case would be that the LAN ips is out, and we need to assign a new range of IPs while having only 1 physical interface, thus the second default gateway IP address in the second range is added as a secondary IP address on the Ethernet interface.



HTH,

Mohammed Mahmoud.


neerav_kumar Wed, 06/20/2007 - 05:47

The total number of ports available for the server, to differentiate between the different clients at the Host to Host layer, are 64512. So what happens if there are more number of users

accessing the server at one time?

Correct Answer
Wilson Samuel Wed, 06/20/2007 - 06:01

Hi Neerav,


Thats a good question. I would rate you 4 points for that!


Actually, it works something like this:-


1. All applications work on Socket (Socket= IP Addr + Transport Protocol TCP/UDP + Port Number


2. All Servers (or services) do LISTEN on a specific port e.g. HTTP= TCP/80, HTTPS = TCP/443. SMTP=TCP/25 etc.


3. Whenever a client wants to talk to a server its will initiate the session To the server on the Service Port i.e. for SMTP=TCP/25 and the server would send the response back to the client on a 'high level' port number i.e. above the Service Port Numbers.


4. This all happens to a specific client and using a Socket (remember Socket = IP Add + TCP/UDP+ Port Number, hence for single client the IP Address would be unique, hence the Socket would be unique, hence the Server could respond to any number of clients with out issues.


And for clients, the request is sent to a particular IP Addr+ TCP/UDP + Port Number, and in this also, the IP Address would be different everytime, hence a client can initiate a session with any number of Servers!!


Morever, I know this might a bit difficult to understand in my terms, hence if you want a detailed explanation please visit


http://www.tcpipguide.com/free/t_TCPIPTransportLayerProtocolTCPandUDPAddressingPort.htm



I hope this helps,


Please rate if it helps.


Kind Regards,

Wilson Samuel

mohammedmahmoud Wed, 06/20/2007 - 06:03

Hi,



Just to add to Wilson's great explaination, the port numbers are divided into three ranges, these are the only port numbers that can be used:


The Well Known Ports are those in the range 0?1023.

The Registered Ports are those in the range 1024?49151.

The Dynamic and/or Private Ports are those in the range 49152?65535. These ports are not used by any defined application.



Refer to the IANA site for the full list.

http://www.iana.org/assignments/port-numbers



HTH,

Mohammed Mahmoud.

neerav_kumar Thu, 06/21/2007 - 03:47

Class D addresses have been assigned as the Multicast addresses. So how does a host figure out that the packet is addressed to it by looking at this address.

Also what does layer 2 multicast address look like.


Cisco says that the Layer 2 multicast address is a group of hosts that have joined a specific group.

And a multicast is supposed to deliver source traffic without adding additional burden to the source.


As far as I understand it the source will have to individually send packets to all hosts in a group. So what exactly is a multicast? Wasn't it supposed to be something like a broadcast where a single packet is delivered to all the desired hosts using a single address.


mohammedmahmoud Thu, 06/21/2007 - 04:14

Hi,


Multicast IP address represents multicast group/application and not hosts (no subnet mask required - unstructured/un-hierarchical)


Assigning a Layer 3 multicast address to a multicast group (application) automatically generates a Layer 2 multicast address, the MAC address is calculated easily like this: The MAC address = 01.00.5E.X.Y.Z -> X.Y.Z are 24 bits -> put in the most significant bit 0 and copy the last 23 bit of the IP multicast address in the rest of the bits -> convert the 24 (0+MulticastIPleast23bit) bits to Hexa -> 01.00.5E.X.Y.Z.


Please see the attached document on how multicast simply works.


Please post different questions in different threads in order for the forum to be more comprehensive.



I hope that i've been informative.


HTH,

Mohammed Mahmoud.



Attachment: 
neerav_kumar Thu, 06/21/2007 - 19:36

I seem to get the hang of it but there are a few doubts that have come up after reading the last post.


1. Routers don't forward multicast messages so where does their role come in.


2. A real life problem:

We have a LAN and we use IP Messenger to communicate with each other. The application displays all the hosts on which the application is running. We can either send the message to all the hosts or to some or to one.

Now when we send a message to some hosts in the group, then the MAC destination address will be decided as explained earlier. So all the hosts on which the application is running should receive the message. But only those people receive the message to whom it was addressed. How is this possible if there is a common multicast MAC address for all hosts in the same group.

Note: If a message addressed to more than one host is received it comes with multicast written over it.

mohammedmahmoud Thu, 06/21/2007 - 23:39

Hi,


What was said is that there must be a mechanism by which a host can dynamically indicate to the connected router whether it would like to receive the traffic for the installed multicast application (The router should not just flood the multicast traffic to all hosts). The Internet Group Management Protocol (IGMP) provides communication between hosts and a router connected to the same subnet, and thus the router needs to interact with multicast hosts in order to know which host is using which multicast address to join which group, because as we said before the multicast address is given to the application and not the host ad thus router needs to know which host has an application that needs this multicast traffic..


HTH,

Mohammed Mahmoud.



neerav_kumar Fri, 06/22/2007 - 01:03

Still not very clear........


1. Can multicast groups exist beyond LAN?


2. When a multicast message is sent on LAN is it first forwarded to the router and then it is delivered to all the concerned hosts.

mohammedmahmoud Fri, 06/22/2007 - 01:16

Hi,


I am really very glade having this discussion with you, but as i've told you before, please always initiate a new post thread for new questions in order for the forum to be more comprehensive.


As for the multicast issue, multicast is not like ordinary packet forwarding (not like unicast and broadcast), a multicast host needs to tell a router that it has an application that needs to receive multicast traffic for a certain group (multicast address) using IGMP, and further the router will forward this multicast traffic to this specific host, to elaborate further, even the layer 2 switch can use CGMP or IGMP snooping in order not to flood the multicast traffic over all its ports, and accordingly when a multicast packet reaches the router the router knows to which hosts it should forward to, and more over even the switch knows to which switch ports the traffic should be forwarded to.


And yes, multicast can go beyond the LAN using multicast routing protocols, some of the multicast routing protocols are Distance Vector Multicast Routing Protocol (DVMRP), Multicast Open Shortest Path First (MOSPF), and Protocol Independent Multicast dense mode (PIM-DM) and sparse mode (PIM-SM).


HTH,

Mohammed Mahmoud.

roy.samuel Fri, 06/22/2007 - 02:05

I want to know how MOSPF is used to route multicast packets....it would be nice if you can explain...


TIA.

mohammedmahmoud Sat, 06/23/2007 - 01:28

Hi,


AFAIK, Cisco IOS does not support MOSPF.


Multicast Open Shortest Path First (MOSPF) is defined in RFC 1584, ?Multicast Extensions to OSPF,? which is an extension to the OSPFv2 unicast routing protocol. It is considered as a dense-mode routing protocol, the basic operation of MOSPF is as follows:


. MOSPF uses the group membership LSA, Type 6, which it floods throughout the originating router?s area. As with unicast OSPF, all MOSPF routers in a single area must have identical LSDB so that every MOSPF router in an area can calculate the same SPT.


. The SPT is calculated ?on-demand,? when the first multicast packet for the group arrives.


. Through the SPF calculation, all the routers know where the attached group members are, based on the group membership LSAs.


. After the SPF calculation is completed, entries are made into each router?s multicast forwarding table.


. Just like unicast OSPF, the SPT is loop free, and every router knows the upstream interface and downstream interfaces. As a result, an RPF check is not required (Unlike PIM, MOSPF do not use the unicast IP routing table for RPF checks, instead building its own independent tables via SPF calculations).


. Obviously, MOSPF can only work with the OSPF unicast routing protocol. MOSPF is suitable for small networks. As more hosts begin to source multicast traffic, routers have to perform a higher number of Dijkstra algorithm computations, which demands an increasing level of router CPU resources.



I hope that i've been informative.


HTH,

Mohammed Mahmoud.

Actions

This Discussion