0% found this document useful (0 votes)

56 views

All Rights Reserved

Uploaded by

Roy Leong

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

56 views

All Rights Reserved

Uploaded by

Roy Leong

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 295

yx

yx
Copyright
Copyright © 2003-2020, New H3C Group.
All rights reserved
No part of this book may be reproduced or transmitted in any form or by any
means or used to make any derivative work (such as translation,
0

0
transformation, or adaptation) without prior written consent of New H3C
80

80
yx

yx
Group.
0

0
80

80
yx

H3C Certification Training Courses

H3CNE Exam Training Textbook

Constructing Small- and
0

0
80

Medium-Sized Enterprise Networks (v7.0)

Study Guide (Volume I)

Published by New H3C Group

yx
About the H3C Certification System
In today’s highly competitive market, companies are seeking employees, partners, and
solutions that enable them to achieve their business objectives while containing costs. H3C
certifications provide an easy way to identify individuals and organizations that offer
in-demand expertise. H3C certifications enable customers to confidently work with H3C
partners, knowing that they are receiving highly qualified technical assistance. H3C
0

0
80

80
certifications provide employees the skills and abilities required to complete the program.
yx

yx
Additionally, H3C certifications equip employees with essential competencies that can
increase their earning power and improve their marketability.

H3C has more than 20 authorized training centers and 450 network academies worldwide.
As of the end of 2019, more than 250,000 persons from over 40 countries or regions had
attended H3C training, and 170,000 of them obtained certificates.
0

0
80

80
yx

H3C Technical Certification System

The H3C certification system offers both standard and customized training certification
solutions that accommodate diversified customer demands. In response to growing
customer demands and technologies, the H3C certification system is ever evolving to help
network professionals, managers, and their employers achieve constant business success.
0

0
80

80
yx

yx
yx

yx
Preface
H3C Certified Network Engineer (H3CNE) certification is targeted at planning, design,
configuration, and maintenance of small- and medium-sized business networks. It covers
computer network fundamentals, getting started with H3C network devices, configuring LAN
switching, advanced TCP/IP, configuring IP routing, configuring secure branch networks, and
WAN access and interconnection.
0

0
80

80
Target Audience
yx

yx
 Network technology engineers and IT staff in small- and medium-sized enterprises
and various industries
 Computer science students
 Anyone interested in network technologies
 Anyone pursuing a technical or sales career in the communication industry
 Engineers of H3C agents
 H3C certification trainers
 H3C network product maintenance/operation staff

How to Obtain an H3CNE Certificate

To obtain the H3CNE certificate, you must pass the GB0-191 exam. If the GB0-191
0

0
80

80
exam is passed, you will obtain the H3CNE certificate issued by H3C. The certificate is valid
yx

yx
for three years.

How to Register for an H3CNE Exam

To get a comprehensive view of H3C certification, see Training & Certification at
http://www.h3c.com. The website provides comprehensive information about H3C
certification exams such as available exam organizations, exam delivery methods, time
schedules, and benefits. The H3CNE exam outline is also available for download. It gives
the exam coverage and basic exam information such as exam duration.
Before taking the exam, you can take a mock exam online to get familiar with the exam
and test your readiness.
0

About H3CNE Certification Training

To prepare for the H3CNE certification exam (code GB0-191), take the Constructing
yx

Small- and Medium-Sized Enterprise Networks (v7.0) course. The course helps you gain a
comprehensive view of data communication networks and acquire generic networking skills
for designing and building small- and medium-sized business networks with H3C products.

New H3C University

yx
Table of Contents

Table of Contents

1 COMPUTER NETWORK OVERVIEW ............................................................................................... - 1 -

LEARNING OBJECTIVES............................................................................................................................ - 1 -
COMPUTER NETWORK OVERVIEW ............................................................................................................ - 2 -
0

0
What Is a Computer Network ....................................................................................................... - 2 -
80

80
Basic Functions of Computer Networks ....................................................................................... - 3 -
yx

yx
EVOLUTION OF COMPUTER NETWORKS ..................................................................................................... - 4 -
BASIC CONCEPTS OF COMPUTER NETWORKS .............................................................................................. - 6 -
LAN, MAN, and WAN .................................................................................................................... - 6 -
Network Topologies ...................................................................................................................... - 8 -
Circuit Switching and Packet Switching ...................................................................................... - 10 -
KEY PERFORMANCE SPECIFICATIONS OF COMPUTER NETWORKS ................................................................... - 12 -
NETWORK STANDARDIZATION ORGANIZATIONS.......................................................................................... - 13 -
SUMMARY ......................................................................................................................................... - 14 -

2 OSI REFERENCE MODEL AND TCP/IP MODEL .............................................................................. - 15 -

0
LEARNING OBJECTIVES.......................................................................................................................... - 16 -
80

80
OSI REFERENCE MODEL ....................................................................................................................... - 17 -
yx

yx
Layers of the OSI Reference Model ............................................................................................ - 17 -
Relations Between Layers and Data Encapsulation of OSI Reference Model ............................. - 19 -
Physical Layer ............................................................................................................................. - 22 -
Data Link Layer ........................................................................................................................... - 24 -
Network Layer ............................................................................................................................ - 27 -
Transport Layer ........................................................................................................................... - 33 -
Session Layer, Presentation Layer and Application Layer ........................................................... - 34 -
TCP/IP MODEL .................................................................................................................................. - 35 -
Layered Structure ....................................................................................................................... - 36 -
Internet Layer ............................................................................................................................. - 37 -
0

Transport Layer ........................................................................................................................... - 38 -

Circuit Switching Connection...................................................................................................... - 81 -

Common Interfaces and Cables .................................................................................................. - 82 -

Link Layer Protocols .................................................................................................................... - 87 -
INTRODUCTION TO PACKET SWITCHING WAN TECHNOLOGIES ...................................................................... - 88 -
SUMMARY ......................................................................................................................................... - 90 -

5 IP FUNDAMENTALS .................................................................................................................... - 91 -

LEARNING OBJECTIVES.......................................................................................................................... - 91 -
IP OVERVIEW ..................................................................................................................................... - 92 -
IP and Related Protocols............................................................................................................. - 92 -

ii
yx

yx
Table of Contents

IP Network Structure .................................................................................................................. - 94 -

IP Encapsulation ......................................................................................................................... - 95 -
IP ADDRESSING AND ADDRESS MAPPING ................................................................................................. - 96 -
IP Address Format and Representations .................................................................................... - 96 -
Classification of IP Addresses ..................................................................................................... - 98 -
Special IP Addresses ................................................................................................................... - 99 -
ARP ........................................................................................................................................... - 101 -
0

0
80

80
RARP ......................................................................................................................................... - 103 -
yx

yx
DELIVERY OF IP PACKETS ..................................................................................................................... - 104 -
A Host Delivers an IP Unicast Packet ........................................................................................ - 104 -
A Router Delivers an IP Unicast Packet ..................................................................................... - 105 -
A Host Receives an IP Packet .................................................................................................... - 106 -
Broadcast Storm ....................................................................................................................... - 107 -
OTHER RELATED PROTOCOLS ............................................................................................................... - 108 -
Proxy ARP ................................................................................................................................. - 108 -
ICMP ......................................................................................................................................... - 109 -
SUMMARY ....................................................................................................................................... - 112 -

6 TCP AND UDP FUNDAMENTALS.................................................................................................... 113

0
80

80
LEARNING OBJECTIVES............................................................................................................................ 113
yx

yx
TRANSPORT L AYER FUNCTIONS................................................................................................................. 114
TCP FUNDAMENTALS ............................................................................................................................. 115
TCP Features ................................................................................................................................. 115
TCP Encapsulation ........................................................................................................................ 116
TCP/UDP Port Number ................................................................................................................. 118
TCP Connection Establishment ..................................................................................................... 119
TCP Connection Termination ........................................................................................................ 120
Reliable TCP Transmission ............................................................................................................ 121
Sliding Window ............................................................................................................................ 124
UDP FUNDAMENTALS ............................................................................................................................ 126
UDP Encapsulation ....................................................................................................................... 126
0

0
80

Comparison of TCP and UDP ........................................................................................................ 127

SUMMARY ........................................................................................................................................... 128

7 ROUTERS, SWITCHES, AND THEIR OPERATING SYSTEMS .......................................................... - 129 -

LEARNING OBJECTIVES........................................................................................................................ - 130 -

FUNCTIONALITY AND CHARACTERISTICS OF ROUTERS AND SWITCHES ........................................................... - 131 -
Functionality and Characteristics of Routers ............................................................................ - 131 -
Functionality and Characteristics of Switches .......................................................................... - 133 -
Development Trend of Switches and Routers .......................................................................... - 135 -
H3C ROUTERS AND SWITCHES AT A GLANCE .......................................................................................... - 136 -

iii
yx

yx
Table of Contents

H3C Router Portfolio ................................................................................................................ - 136 -

H3C Switch Portfolio ................................................................................................................. - 139 -
ABOUT THE H3C COMWARE OPERATING SYSTEM .................................................................................... - 141 -
SUMMARY ....................................................................................................................................... - 143 -

8 COMMAND LINE OPERATION BASICS ....................................................................................... - 144 -

LEARNING OBJECTIVES........................................................................................................................ - 144 -

0
ACCESSING THE CLI OF AN H3C NETWORK DEVICE .................................................................................. - 145 -
80

80
Connecting to the CLI ............................................................................................................... - 145 -
yx

yx
Setting Up a Connection Through the Console Port ................................................................. - 146 -
Setting Up a Connection Through the AUX Port ....................................................................... - 150 -
Setting Up a Connection Through Telnet .................................................................................. - 151 -
Setting Up a Connection Through SSH ..................................................................................... - 152 -
USING THE CLI.................................................................................................................................. - 153 -
Understanding Command Views .............................................................................................. - 153 -
Command Types ....................................................................................................................... - 157 -
Command Line Help ................................................................................................................. - 159 -
Error Prompt Information......................................................................................................... - 160 -
Command Line History ............................................................................................................. - 161 -
0

0
80

80
Editing Features ........................................................................................................................ - 162 -
yx

yx
Multiple-Screen Output............................................................................................................ - 163 -
COMMONLY USED COMMANDS ........................................................................................................... - 164 -
Commonly Used Device Management Commands .................................................................. - 164 -
Commonly Used Information Display Commands .................................................................... - 165 -
CONFIGURING REMOTE LOGIN ............................................................................................................. - 166 -
Configuration for Logging In to a Router Through Telnet ......................................................... - 166 -
Configuration for Logging In to a Router Through SSH ............................................................. - 170 -
SUMMARY ....................................................................................................................................... - 175 -

9 NETWORK DEVICE FILE MANAGEMENT .................................................................................... - 176 -

LEARNING OBJECTIVES.........................................................................................................................- 176 -

OVERVIEW ....................................................................................................................................... - 177 -

80
yx

File Categories .......................................................................................................................... - 177 -

Storage Media .......................................................................................................................... - 178 -
Working with Files .................................................................................................................... - 179 -
FILE MANAGEMENT ........................................................................................................................... - 182 -
Introduction to Configuration Files .......................................................................................... - 182 -
Configuration File Management .............................................................................................. - 184 -
Transmitting Files by Using FTP ................................................................................................ - 186 -
Transmitting Files by Using TFTP .............................................................................................. - 189 -
Specifying a Boot File ............................................................................................................... - 192 -

iv
yx

yx
Table of Contents

Rebooting the Device ............................................................................................................... - 193 -

SOFTWARE MAINTENANCE .................................................................................................................. - 194 -
Boot Process ............................................................................................................................. - 194 -
Software Maintenance Methods .............................................................................................. - 196 -
SUMMARY ....................................................................................................................................... - 198 -

10 BASIC NETWORK DEVICE DEBUGGING ................................................................................... - 199 -

0
LEARNING OBJECTIVES........................................................................................................................ - 199 -
80

80
NETWORK CONNECTIVITY TEST ............................................................................................................ - 200 -
yx

yx
Testing Network Connectivity with the ping Command ........................................................... - 200 -
Testing Network Connectivity with the tracert Command ....................................................... - 203 -
SYSTEM DEBUGGING ...........................................................................................................................- 207 -
System Debugging Overview .................................................................................................... - 207 -
System Debugging Operations ................................................................................................. - 208 -
Sample Debug Output .............................................................................................................. - 209 -
SUMMARY ....................................................................................................................................... - 210 -

11 ETHERNET SWITCH FUNDAMENTALS ...................................................................................... - 211 -

LEARNING OBJECTIVES........................................................................................................................ - 211 -

0
SHARED ETHERNET AND SWITCHED ETHERNET ........................................................................................ - 212 -
80

80
MAC ADDRESS LEARNING .................................................................................................................. - 214 -
yx

yx
FRAME FORWARDING AND FILTERING .................................................................................................... - 217 -
BROADCAST DOMAIN ......................................................................................................................... - 220 -
SUMMARY ....................................................................................................................................... - 221 -

12 VIRTUAL LOCAL AREA NETWORK ........................................................................................... - 222 -

LEARNING OBJECTIVES........................................................................................................................ - 222 -

VLAN OVERVIEW.............................................................................................................................. - 223 -
VLAN ASSIGNMENT .......................................................................................................................... - 226 -
Port-Based VLAN Assignment ................................................................................................... - 227 -
Protocol-Based VLAN Assignment ............................................................................................ - 228 -
0

IP Subnet-Based VLAN Assignment .......................................................................................... - 229 -

VLAN FUNDAMENTALS ...................................................................................................................... - 230 -

IEEE 802.1Q Frame Format ....................................................................................................... - 231 -

How VLAN Tags Are Handled .................................................................................................... - 232 -
CONFIGURING BASIC VLAN SETTINGS ....................................................................................................- 237 -
SUMMARY ....................................................................................................................................... - 242 -

13 SPANNING TREE PROTOCOLS ................................................................................................. - 243 -

LEARNING OBJECTIVES........................................................................................................................ - 243 -

BACKGROUND ................................................................................................................................... - 244 -

v
yx

yx
Table of Contents

STP ................................................................................................................................................ - 246 -

Protocol Data Units of STP ........................................................................................................ - 246 -
How the Root Bridge Is Elected ................................................................................................ - 248 -
How Port Roles Are Assigned ................................................................................................... - 249 -
Port States ................................................................................................................................ - 253 -
Port State Transitioning ............................................................................................................ - 254 -
Drawbacks of STP ..................................................................................................................... - 255 -
0

0
80

80
RSTP .............................................................................................................................................. - 256 -
yx

yx
PVST .............................................................................................................................................. - 258 -
MSTP............................................................................................................................................. - 259 -
A COMPARISON BETWEEN STP, RSTP,PVST AND MSTP .......................................................................... - 261 -
BASIC STP CONFIGURATIONS ............................................................................................................... - 262 -
SUMMARY ....................................................................................................................................... - 268 -

14 PORT SECURITY FOR SWITCHES .............................................................................................. - 269 -

LEARNING OBJECTIVES........................................................................................................................ - 269 -

802.1X BASICS AND CONFIGURATION ....................................................................................................- 270 -
PORT ISOLATION OVERVIEW AND CONFIGURATION....................................................................................- 275 -
SUMMARY ........................................................................................................................................- 278 -
0

0
80

80
15 ETHERNET LINK AGGREGATION .............................................................................................. - 279 -
yx

yx
LEARNING OBJECTIVES.........................................................................................................................- 279 -
LINK AGGREGATION OVERVIEW ............................................................................................................ - 280 -
LINK AGGREGATION APPROACHES ......................................................................................................... - 282 -
CREATING A STATIC LINK AGGREGATION GROUP ...................................................................................... - 283 -
SUMMARY ....................................................................................................................................... - 286 -
0

0
80

80
yx

vi
yx

yx
Chapter 1 Computer Network Overview

1 Computer Network Overview

0
The emergence of computer networks has profoundly changed the way we live, entertain,
80

80
yx

yx
and do business.
Computer networks interconnect separate information islands worldwide, making it possible
for people and businesses to communicate and share information with ease. The fast
development of computer networks has resulted in explosive growth of network applications
such as office automation systems, remote education, and management software for
different industries.
This chapter will discuss the drivers behind computer networks and major computer
networking technologies.

Learning Objectives
0

0
80

80
yx

yx
0

0
80

80
yx

-1-
yx

yx
Chapter 1 Computer Network Overview

Computer Network Overview

What Is a Computer Network
0

0
80

80
yx

yx
0

0
80

80
yx

According to the Institute of Electrical and Electronics Engineers (IEEE), a computer

network is a group of interconnected autonomous computers. "Interconnected" means the
computers are connected by a communication medium and can communicate with one
another. "Autonomous" means that each computer is not controlled by other computers.
0

0
80

80
yx

-2-
yx

yx
Chapter 1 Computer Network Overview

Basic Functions of Computer Networks

0
80

80
yx

yx
0

0
80

80
yx

yx
Computer networks provide the following benefits:
 Resource sharing
Resources include both software and hardware. Software resources include various data,
such as digital information, messages, voice, and images. Hardware resources include
different types of devices, such as printers, FAX machines, and modems. Computer
networks enable people to transfer information and share resources at any time and any
place.
0

0
80

 Distributed processing and load balancing

Through the Internet, an organization or service provider can distribute large, complicated
processing tasks to computers worldwide. For example, a large Internet content provider
(ICP) has a large volume of network accesses. To support more users, the ICP can deploy
many web servers worldwide. These servers can contain the same content. In addition, an
ICP can provide users quick access to those servers by using the appropriate technology
for load sharing and efficient communications.
 Integrated information services

-3-
yx

yx
Chapter 1 Computer Network Overview

Computer networks have evolved to support integrated data, voice, and video services.
Along with explosive growth of computer networks, network applications such as email, IP
phone, video on demand (VoD), e-marketing, and video conferencing emerged.

Evolution of Computer Networks

0
80

80
yx

yx
0

0
80

80
yx

Driven by both computer and communication technologies, computer networks have

evolved from the earliest simple host interconnections to today’s Internet:
 Host interconnection
0

0
80

Systems comprising mainframes connected by low-speed serial links emerged in the early
yx

1960s. They were the initial form of computer networks. In such a network, a terminal
accesses hosts through telephone lines. Because the hosts send and receive digital signals,
whereas telephone lines transfer analog signals, a modem needs to be deployed between
the terminal and the hosts to convert between digital signals and analog signals.
In this scenario, computers are network cores and controllers. This is a primitive computer
network, in which remote terminals are connected to computers to provide services like
application execution, remote printing, and data services.
 LAN

-4-
yx

yx
Chapter 1 Computer Network Overview

In the 1970s, decreases in the size and price of computers drove the demand for business
computing based on personal computers. Business computing requires that a large number
of terminal devices be interconnected to share resources and cooperate with each other.
This requirement resulted in various local area network (LAN) technologies, including
Ethernet.
Dr. Robert Metcalfe invented Ethernet at Xerox PARC in 1973, and subsequently
co-founded 3Com Corporation to build Ethernet compatible products in 1979. In 1982, DEC,
0

0
80

80
Intel, and Xerox published a standard named DIX Ethernet. A few years later, the IEEE 802
yx

yx
committee published a slightly different set of standards, among which, 802.3 covers an
entire set of CSMA/CD networks. Through the 1980's Ethernet then had to battle the token
ring from IBM, and other local area networks that competed with it. Eventually, Ethernet won
the battle.
 internet
The term internet without the initial capital letter refers to a generic system of interconnected
computer networks that use the TCP/IP standards. Wide area network (WAN) technologies
were developed in the late 1970s to connect geographically distributed local area networks.
In 1983, the Advanced Research Projects Agency Network (ARPANET) adopted the
Transmission Control Protocol (TCP) and the Internet Protocol (IP) as its principal protocol
0

0
80

80
suite, making it possible for network interconnection in broader areas.
yx

yx
 Internet
The Internet, which is written with an initial latter, refers to a global system of interconnected
computer networks that use the TCP/IP standards. From the 1980s to 1990s, the ARPANET
expanded rapidly to connect companies, campuses, Internet Service Providers (ISPs), and
personal computers worldwide. In 1990, ARPANET was officially replaced by the Internet.
Since then, the Internet has experienced explosive growth and changed the world in a
revolutionary way.
0

0
80

80
yx

-5-
yx

yx
Chapter 1 Computer Network Overview

Basic Concepts of Computer Networks

LAN, MAN, and WAN
0

0
80

80
yx

yx
0

0
80

80
yx

Computer networks are classified by coverage into local area networks (LANs),
metropolitan area networks (MANs), and wide area networks (WANs).

LAN

A LAN is a computer network covering a small physical area, such as a room or a building.
0

Organizations build LANs to interconnect personal computers and workstations to share

resources (such as printers and databases) and exchange information. The transmission
yx

speed of traditional LANs ranges from 10 Mbps to 100 Mbps, and the time delay is dozens
of microseconds with low error rate. The transmission speed of today’s LANs can exceed 1
Gbps. The differences between LANs and other network types lie in:
 Physical coverage
 Network topology
 Transmission technologies

-6-
yx

yx
Chapter 1 Computer Network Overview

Covering a small area, a LAN is easy to manage and configure, and its network topology
can be very simple. In addition, it features short network delay, high transmission speed,
reliable transmission, and can be deployed in various topologies. All these features make
LANs widely deployed for resource sharing and information exchange in small physical
areas.

MAN
0

0
80

80
A MAN covers a larger geographical area than a LAN. The coverage of a MAN ranges from
yx

yx
several blocks of buildings to entire cities (generally about 10 km or 6.2 miles). Currently, a
MAN mainly adopts IP and ATM technologies. A broadband IP MAN is a broadband
multimedia telecommunication network built in a city for service development and
competition. Broadband IP MANs are extensions of the broadband backbone networks
within cities. As a component of a local public information service platform, a MAN is
responsible for carrying various multimedia services, providing a variety of access methods,
and satisfying the demands for IP-based multimedia services of governments, enterprises,
and individuals. A broadband IP MAN must be a manageable and expandable
telecommunication network.
A MAN can be divided into the metropolitan part and the access part. The metropolitan part
is an operator network planned and built by the carrier, and can be further divided into the
0

0
80

80
metropolitan core layer and metropolitan distribution layer. The metropolitan core layer
yx

yx
implements high-speed data transmission and exchange within the MAN, and interconnects
with other networks, whereas the metropolitan distribution layer implements data
convergence and distribution.
The access part can be built by a carrier, an enterprise, a builder or a property management
department. It offers not only traditional access, but also local services to users. The MAN
access part can be further divided into access distribution layer and user access layer. The
access distribution layer aggregates and distributes data traffic, manages users, and
provides services and performs accounting for the MAN access part, whereas the user
access layer provides accesses for users.

WAN
0

0
80

80
yx

A WAN is a computer network that covers a broader geographical area than a LAN or MAN.
It usually uses a variety of serial links for connections. Generally, an enterprise network
accesses the local ISP through a WAN. A WAN allows full-time and partial-time connections,
and different rates on serial interfaces. A WAN generally adopts a hybrid topology. Because
of low speed and long delay, network access devices are only responsible for receiving and
transmitting data. Network management such as routing is performed on interconnecting
devices such as switches and routers. The interconnecting devices are connected through
communications lines to form a mesh topology. A WAN network features low transmission
speeds from 56 kbps to 155 Mbps, long delays (about a few milliseconds), and a complex

-7-
yx

yx
Chapter 1 Computer Network Overview

topology. A WAN typically adopts the mesh topology and depends on the
telecommunication data networks of carriers for connections.

Network Topologies
0

0
80

80
yx

yx
0

0
80

80
yx

Network topology presents the layout of connected devices. Common network topologies
include bus, ring, star, and mesh. Most networks adopt one of these topologies or a hybrid
of them. Before designing or diagnosing a network, you must know its topology.

Bus Topology
0

0
80

In a bus network, each machine is connected to a single bus cable. The traffic among the
yx

machines must travel through the single bus cable.

The bus topology was widely adopted in early LANs. It is simple, cheap, and easy to install
and maintain. However, because all machines are attached to a single bus cable, the failure
of the bus cable will cause the entire bus network to fail. In addition, because bandwidth is
shared in a bus network, network performance deteriorates when traffic gets heavy. To
solve these problems, the star topology was introduced.

-8-
yx

yx
Chapter 1 Computer Network Overview

Star Topology

In a star network, each machine is connected to a central node (such as a switch). The
central node controls and manages the communication and information exchange between
attached machines.
In a star topology, the failure of a single line does not affect other machines on the network.
To attach or remove a machine to or from a star network, you just need to connect or
0

0
disconnect the machine to or from the central node. The central node can manage the entire
80

80
yx

yx
network with ease and isolate faults timely. More reliable than the bus topology, the star
topology requires more connection cables. In addition, if the central node fails, the entire
network fails.
The star topology has been widely adopted on LANs in place of the bus topology.

Ring Topology

In a ring network, each computer is connected to the network in a closed loop or ring. Each
computer can communicate with one or two adjacent computers directly. If a computer
needs to communicate with a non-adjacent computer, the information must pass through all
machines between them.
A ring network can be unidirectional or bidirectional. In a unidirectional ring network, traffic is
0

0
80

80
transmitted either clockwise or counterclockwise. Each machine can communicate with only
yx

yx
one adjacent node. In a bidirectional ring network, traffic can be transmitted in both
directions. Each machine can communicate with both adjacent nodes.
Ring networks have simple structures and are easy to construct. Administrators can add or
remove nodes easily. Every machine in a ring network has an equal opportunity to transmit.
Data transfer can be controlled in real time and the network performance is predictable.
However, if one machine fails, the entire network fails. To avoid single-point failures,
multiple rings are usually used in real networks. Another disadvantage of a ring network is
that each data transmission involves all machines on the ring. Compared with the bus
topology, more time is consumed for each machine to forward data to other machines.

Mesh Topology
0

0
80

80
yx

yx
Chapter 1 Computer Network Overview

bandwidth and used exclusively by the communicating parties. The channel is available for
other users only after it is released by both parties.
Circuit switching brings these benefits:
 Low transmission delay. Once a channel is established, data is transmitted directly.
 Free of resource contention and conflicts once a channel is established.
 High throughput. Because user data is transmitted transparently across transmission
0

0
channels, no correction or interpretation will be performed.
80

80
yx

yx
Despite all its benefits, circuit switching is not suitable for end-to-end communication in
large-sized computer networks, where communication occurs frequently at high speed, the
gap between traffic peak and valley is large, and multiple parties may be involved
concurrently.
With circuit switching, bandwidth assigned to a circuit is predefined. Once established, a
circuit cannot be used by any other users but the communicating parties, even if it is idle.
Moreover, it takes a relatively long time for a circuit to establish, because the circuit setup
call must be acknowledged by all switches in between before it eventually reaches the
called party. In PSTN, the process generally takes about 10 seconds or even longer, which
varies for local calls, national long-distance calls, and international long-distance calls.
Above all, to implement circuit switching on a computer network, each computer must
0

0
80

80
establish a direct circuit to each of the other computers. This is hardly possible in a
yx

yx
large-sized network.

Packet Switching

Packet switching is a network communications method that segments traffic into discrete
blocks called packets. In a packet switched network, data is transmitted in packets. Each
packet carries the addresses of the sender and recipient so that it can be transmitted to the
destination by the devices on the network.
Packet switching adopts the statistical multiplexing approach. In this approach, bandwidth is
shared by all users and no dedicated bandwidth is reserved for any connections. This
ensures that any users can use a link so long as it is idle.
0

0
80

Packet switching prevents a communication channel from being exclusively occupied by

any users for a long time and makes concurrent interactive communications on a link
possible. That is why IP phone is much cheaper than traditional phone calls.
However, packet switching requires data to be segmented into packets. When traversing
network devices, packets may be buffered and queued before being forwarded, resulting in
a longer end-to-end delay. In addition, each packet has extra address information, so more
bandwidth is required to transfer the extra information with the original data. Because a
channel may be multiplexed for communications of multiple node pairs, burst data may

- 11 -
yx

yx
Chapter 1 Computer Network Overview

cause channel congestion. All these mentioned facts require that packet switching network
devices perform addressing, forwarding, and congestion control.

Key Performance Specifications of Computer Networks

Key Performance Specifications of

Computer Networks
0

0
80

80
yx

yx
 Bandwidth
 Describes the volume of data that can be
transferred from a node to another node in a
specified period of time
 Measured in bps
 For example, Ethernet bandwidth is 10 Mbps,
and fast Ethernet bandwidth is 100 Mbps.
 Delay
 Describes the time used to transfer a data unit
0

0
from a node to another node
80

80
yx

www.h3c.com yx

The performance of a network is affected by transmission distance, link type, transmission

technology, bandwidth, networking device performance, and many other factors. Among all
these factors, bandwidth and delay are two key specifications that measure network
performance.
Bandwidth describes the volume of data that can be transferred from one node to another
node in a specified period of time. Bandwidth can be classified into analog bandwidth and
0

digital bandwidth. Bandwidth in this document specifically refers to digital bandwidth.

80
yx

Bandwidth is measured in bits per second (bps), that is, the number of data bits a link can
transfer per second.
The following are bandwidth specifications in common use:
 Ethernet bandwidth can be 10 Mbps, 100 Mbps, 1000 Mbps, and 10 Gbps.
 Modem dial-up network access bandwidth can be 56 kbps, and ISDN BRI bandwidth
can be 128 kbps.
 E1/PRI bandwidth can be 2 Mbps, and E3 bandwidth can be 34 Mbps.

- 12 -
yx

yx
Chapter 1 Computer Network Overview

 OC-3 bandwidth can be 155 Mbps, OC-12 bandwidth can be 622 Mbps, OC-48
bandwidth can be 2.5 Gbps, and OC-192 bandwidth can be 10 Gbps.
Delay describes the time it takes to transfer a data unit from one node to another node.
Delay can be introduced for many reasons. Depending on the cause, delay is divided into
propagation delay, switching delay, access delay, and queuing delay. Delay varies with
network devices, transmission media, network protocols, and hardware and software
restrictions. Even though delay can be controlled, it cannot be eliminated.
0

0
80

80
yx

yx
Network Standardization Organizations
0

0
80

80
yx

yx
0

0
80

80
yx

Many international standardization organizations have made great contributions to the

development of computer networks. They unify network standards, making it possible for
the network products of different manufacturers to work together. The following are some
main organizations:
 International Organization for Standardization (ISO): An international standard-setting
body, setting standards for networks (including the Internet). The ISO released the OSI
reference model that describes the working principle of networks, and constructed an
easy-to-understand hierarchical model for computer networks.

- 13 -
yx

yx
Chapter 1 Computer Network Overview

 Institute of Electrical and Electronics Engineers (IEEE): Formulates standards for

network hardware, so that hardware devices from different manufacturers can be
interconnected. IEEE LAN standard is a leading LAN standard. It defines the 802.X
protocol suite, where 802.3 is for Ethernet, 802.4 for token bus networks, 802.5 for
token ring networks, and 802.11 for wireless LANs (WLANs).
 American National Standards Institute (ANSI): A private non-profit organization
comprising companies, governments, and other organizations. The ANSI defined fiber
0

0
80

80
distributed data interface (FDDI).
yx

yx
 International Telecomm Union (ITU): Defines telecommunications standards for wide
area interconnections, such as X.25 and frame relay.
 Internet Architecture Board (IAB): An important international standardization
organization for the Internet, which oversees a number of task forces, including the
Internet Engineering Task Force (IETF), Internet Research Task Force (IRTF), and the
Internet Assigned Numbers Authority (IANA).

Summary
0

0
80

80
Summary
yx

 Computer networks can implement resource sharing, yx

yx
0

0
80

80
yx

- 15 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Learning Objectives

Learning Objectives
0

0
Upon completion of this lesson, you will be able to:
80

80
yx

yx
 Describe the need for the OSI
reference model and TCP/IP model

 Describe the layered structure and

related concepts of the OSI reference
model and TCP/IP model

 Describe the functions of the OSI

reference model and TCP/IP model
0

0
80

80
yx

yx
0

0
80

80
yx

- 16 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

OSI Reference Model

Layers of the OSI Reference Model

OSI Reference Model

0
80

80
 The OSI Reference Model defines a
yx

yx
layered structure that network devices
must comply with.
 Benefits of the layered structure
 Defines open and standard interfaces
 Enables compatibility between vendors
 Makes it easy to learn, understand and update
protocols
 Allows for modular design, which simplifies
product development
0

0
80

80
 Simplifies troubleshooting
yx

www.h3c.com yx

Today, people can easily use devices from different vendors to build networks without
worrying about compatibility issues. However, this was not true for networks at early stages
when institutes and venders developed their own operating systems that were not
compatible. Without a uniform standard, such systems could not interconnect with each
other.
0

Some major players in datacom developed their own standards, such as SNA from IBM,
80

IPX/SPX from NOVELL, AppleTalk from Apple, DECNET from DEC and the most popular
yx

one TCP/IP. They launched different hardware and software products based on their
standards. Undoubtedly, their efforts promoted the development of networking
technologies and devices, but networks based on such different standards became more
complicated and most of the devices from different vendors could not work with each other.

To solve compatibility issues, the ISO developed the OSI reference model in 1984, which
rapidly became the basic model for computer communications.

- 17 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

It is important to understand that the OSI reference model describes how to transfer
information between network devices in a theoretical manner. It does not define the
implementation of hardware and software at different layers as TCP/IP does. Therefore,
the OSI reference model is most often used as a teaching tool. By understanding the
basics of the OSI reference model, you can apply it to real protocols to gain a better
understanding.
0

0
The OSI reference model defines a layered architecture, which separates a complex
80

80
function into simpler components. It breaks the network communication process into seven
yx

yx
layers, which are independent of each other in design, function and test without relying on
an operating system or other factors.

The OSI reference model provides the following benefits:

 Defines open and standard interfaces between layers to allow vendors to freely
develop their products.
 Enables compatibility between vendors as they develop products based on the same
model.
 Makes it easy to learn, understand, and update protocols because you can learn each
layer’s protocols independently, and modifications to a layer’s protocol do not affect
other layers’ protocols.
0

0
80

80
 Allows for modular design, which simplifies product development. Each vendor can
yx

yx
focus on the development at a single layer or of a single module. This reduces
development complexity and costs and improves development efficiency.
 Simplifies troubleshooting. Once a fault occurs, you can easily locate it at a specific
layer and solve it.
0

0
80

80
yx

- 18 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Relations Between Layers and Data Encapsulation of OSI Reference Model

Layers of the OSI Reference Model

Communication between
application programs 7 Application layer
0

0
80

80
Data format processing and
encryption 6 Presentation layer
yx

yx
Session establishment, maintenance,
and management 5 Session layer

End-to-end connection
establishment 4 Transport layer

Addressing and route selection 3 Network layer

Media access and link

2 Data link layer
management

Bit stream transmission 1 Physical layer

0
80

80
www.h3c.com
yx

yx
The OSI reference model defines the functions of each layer for fulfilling specific
communication tasks, and each layer exchanges data with adjacent layers only.

The physical layer sends bit steams over physical media. It defines the mechanical,
electrical, functional, and procedural specifications, including voltage, type of cable, data
rate, and type of interface.

The data link layer controls the physical layer, detecting and correcting errors and
performing flow control. It is also relevant to physical addressing, network topology, and
cable planning.
0

0
80

80
yx

The network layer routes packets between networks through optimal routes. It uses routing
protocols for route calculation.

The transport layer receives data from the session layer. It may divide a data block into
segments when needed and send them to the network layer. The transport layer is
responsible for the correctness of each segment, the establishment and maintenance of
virtual links, error control, and flow control.

- 19 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

The session layer establishes, manages, and terminates sessions of applications between
devices. It is responsible for duplex negotiation and session synchronization. In addition,
applications know status information about each other through the session layer.

The presentation layer is concerned with the syntax and semantics of information to be
transmitted. It translates the device-specific formats of the data from the application layer
to computer-irrelevant data formats to ensure the receiving end can correctly resolve the
0

0
data. The presentation layer is also responsible for data encryption.
80

80
yx

yx
The application layer is the closest to the end user among all OSI layers. It provides
network services for applications, including file transfer, file management, and email
message processing.

Peer-to-Peer Communication

Application layer APDU Application layer

Presentation layer PPDU Presentation layer

Session layer SPDU Session layer

0
Segment
80

80
Transport layer Transport layer
yx

yx
Network layer Packet Network layer

Data link layer Frame Data link layer

Bit
Physical layer Physical layer

Host A Host B

 Every layer uses its own protocols.

 Every layer needs the help of the immediate lower
layer to communicate with the peer layer.
www.h3c.com
0

0
80

80
yx

Data is called application protocol data units (APDUs) at the application layer, presentation
protocol data units (PPDUs) at the presentation layer, session protocol data units (SPDUs)
at the session layer, segments at the transport layer, packets at the network layer, frames
at the data link layer, and bits at the physical layer.

In the OSI reference model, a communication process between two hosts involves
communications between peer layers, but peer layer communications are not carried out
directly. Rather, a layer needs the help of the immediate lower layer to communicate with
the peer layer. The lower layer provides services to the upper layer through service access

- 20 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

points (SAPs). For example, the transport layer on the sending host communicates with
the transport layer on the receiving host through segments. Segments are encapsulated
into packets at the network layer, packets are encapsulated into frames at the data link
layer, and frames are translated into bits, which are then sent to the physical layer. After
arriving at the receiving host, data is processed by the data link layer, network layer, and
transport layer in turn. In this way, communication between peer layers is implemented.
0

0
To ensure correct data transfer, each pair of peer layers must use the same protocol for
80

80
communication. For example, the email program on a host can communicate with the
yx

yx
email program on another host at the application layer, but it cannot communicate with
other programs such as Telnet.

Data Encapsulation and De-encapsulation

Application
Layer 7
header + Data layer
Layer 7 Data
header

Layer 6 Layer 7 Presentation Layer 6 Layer 7

header + header Data layer header header Data

Layer 5 Session
+ Layer 6 Layer 7 Data Encapsulation De-encapsulation Layer 5 Layer 6 Layer 7
0

0
header header header Data
layer header header header
80

80
Layer 4 Transport
+ Layer 5 Layer 6 Layer 7 Data Layer 4 Layer 5 Layer 6 Layer 7
yx

yx
header header header header
layer header header header header Data

Layer 2
header + Layer
header
3 Layer 4
header
Layer 5 Layer 6
header header
Layer 7
header Data Data link
layer
Layer 2
header
Layer 3 Layer 4
header header
Layer 5
header
Layer 6
header
Layer 7
header Data

Layer 1
header + Layer
header
2 Layer 3
header
Layer 4 Layer 5
header header
Layer 6
header
Layer 7
header
Data Physical
layer
Layer 1 Layer 2 Layer 3 Layer 4
header header header header
Layer 5
header
Layer 6
header
Layer 7 Data
header

Binary data flows

www.h3c.com
0

0
80

Each layer adds information to the data received from upper layers by prefixing headers
yx

(sometimes also appending trailers) to the data. This process is called encapsulation. The
original data then becomes payload.

Each OSI layer at the sending end encapsulates the data received from the upper layer to
ensure the data can reach the receiving end. At the receiving end, each layer
de-encapsulates the received data before sending it to the upper layer.

- 21 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Physical Layer

Application layer
0

0
80

80
 Physical layer: Defines voltages,
yx

yx
Presentation layer
interfaces, cabling standards,
transmission distances, and so on.
Session layer
 Physical layer media:
Transport layer  Coaxial cables including thin cables
and thick cables
Network layer  Twisted pair cables including UTPs
and STPs
 Fibers including single-mode fibers
Data link layer and multimode fibers
 Wireless media including Infrared,
Physical layer Bluetooth and WLAN technologies
0

0
80

80
www.h3c.com
yx

yx
The physical layer is the lowest layer (called the first layer of the OSI reference model). It
transmits bit streams between devices.

Rather than referring to physical devices or media, the physical layer describes the
specifications for interconnecting physical devices through physical media, including:
 Mechanical specification: Describes the form and size, the number of pins, and the
pinout of the connecter used by an interface. For example, all types of power
connecters have specific specifications for their sizes.
 Electrical specification: Describes the voltage and current ranges for each wire of an
0

0
80

interface cable.
yx

 Functional specification: Describes the meaning of the voltage of a specific level on a

wire.
 Procedural specification: Describes the sequence of possible events that may occur to
a specific function.
The physical layer transmits the data received from the data link layer in the form of bit
streams regardless of the meanings and formats of the data, and it sends data received
from the physical media to the data link layer directly.

- 22 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Physical Layer Standards and Devices

 Physical layer media

 Twisted pair cables, coaxial cables, fibers, and
wireless signals
0

0
80

80
 LAN physical layer
yx

yx
 Standards: 10Base-T, 100Base-TX/FX, 1000Base-T,
and 1000Base-SX/LX
 Devices: Repeaters and hubs

 WAN physical layer

 Standards: RS-232, V.24 and V.35
 Devices: Modems

www.h3c.com
0

0
80

80
yx

yx
The most common physical media include twisted pair, fiber, and radio.

Twisted pair cabling is a common form of wiring in which two 1-mm diameter insulated
copper wires are twisted together to minimize electromagnetic interference (EMI). It falls
into shielded twisted pair (STP) cabling and unshielded twisted pair (UTP) cabling. STP
has strong anti-EMI and anti-radio interference capability but is costly. UTP is easier to
install and cheaper but has a relatively weak anti-interference capability and short
transmission distance.

Composed of glass fibers and a shield, optical fiber cables are immune to EMI. They
feature high-rate and long-distance transmission, but are more costly than other media.
0

0
80

The Ethernet standard of the Xerox company and the IEEE 802.3 standard define
yx

standards for commonly used cables at the physical layer of Ethernet, including 10BASE-T,
100BASE-TX/FX, 1000BASE-T and 1000BASE-SX/LX. Repeaters and hubs are typical
LAN physical layer devices.

The WAN physical layer specifies the following commonly used interfaces:
 EIA/TIA-232: Also called RS-232. It is a public physical layer standard for unbalanced
circuits operating at speeds of up to 64 Kbps.
 V.24: It is an ITU-T standard for interfaces between DTE and DCE. V.24 interfaces
can work in either synchronous mode or asynchronous mode. In asynchronous mode,

- 23 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

the data link layer supports PPP and SLIP, and the highest transmission rate is
115,200 bps. In synchronous mode, the data link layer supports X.25, frame relay,
PPP, HDLC and LAPB, and the highest transmission rate is 64,000 bps.
 V.35: A standard that describes the synchronous physical layer protocol for
communications between an access device and a packet switched network,
supporting a maximum speed of 2 Mbps.
A modem is a common WAN physical layer device.
0

0
80

80
yx

yx
Data Link Layer

Data Link Layer

Application layer  The main functions of the data

link layer are as follows:
Presentation layer  Creation and identification of frames
 Creation, maintenance and release of
Session layer data links
0

0
 Control of transmission resources
80

80
Transport layer  Flow control
yx

yx
 Error control
Network layer  Addressing
 Identifying of network layer data
Data link layer
 The data link layer is divided
into the LLC sublayer and the
Physical layer MAC sublayer.

www.h3c.com
0

The data link layer transmits data over a specific medium or link. Different transmission
80

media need different data link layer protocols.

The main functions of the data link layer are:

 Creation and identification of frames: Because the physical layer only sends and
receives bit steams without caring about their sequences, structures, and meanings,
the data link layer needs to translate bits to frames, and identify and send frames to
the network layer.
 Creation, maintenance, and release of data links: The data link layer creates and
maintains data links during data transmission and releases them after communication.

- 24 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

 Control of transmission resources: Over a shared medium, multiple terminals may

need to send data at the same time. In this case, the data link layer decides how to
assign resources.
 Flow control: To avoid buffer overflow at the receiving end and to avoid network
congestion, the sending end needs to control the sending speed through the data link
layer.
 Error control: Because the physical layer cannot identify errors in bit streams, the data
0

0
80

80
link layer performs error detection on a per-frame basis.
yx

yx
 Addressing: The data link layer identifies all nodes and transmits data between them
by using hardware addresses.
 Identifying network layer data: The data link layer transparently transmits packets
received from the network layer. From the network layer’s perspective, the data link
layer is a line without errors. To support multiple network layer protocols, the data link
layer adds an ID to the control information of a frame to identify a specific network
layer protocol. With such an ID, the receiving node can correctly send the frame to the
specific network layer protocol.
To manage and control physical-layer media while providing a uniform interface for
network layer protocols, the data link layer is divided into two sublayers, Logic Link Control
(LLC) and Media Access Control (MAC).
0

0
80

80
yx

yx
Data Link Layer Standards

 LAN data link layer standards

 IEEE802.1 Basic LAN issues
 IEEE802.2 LLC sublayer standards
 IEEE802.3 Ethernet standards
 IEEE802.4 Token bus standards
 IEEE802.5 Token ring standards

 WAN data link layer standards

0
80

80
yx

 HDLC
 PPP
 Frame relay

www.h3c.com

- 25 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

The data link layer standards of IEEE are the most widely used LAN standards. They are
called IEEE 802 standards.
 802.1 describes basic LAN issues. For example, 802.1d describes the Spanning Tree
Protocol (STP).
 The 802.2 group defines the LLC sublayer.
 The 802.3 group defines the MAC sublayer standards, such as Carrier Sense Multiple
Access with Collision Detection (CSMA/CD).
0

0
80

80
 The 802.4 group defines token bus standards.
yx

yx
 The 802.5 group defines token ring standards, which are the same as those defined
by the IBM token ring group.
Today, IEEE 802.3 Ethernet standards are widely used in LANs. Ethernet switches are
typical data link layer devices.

These are some WAN data link layer standards: High-level Data Link Control (HDLC),
Point-to-Point Protocol (PPP), X.25, and frame relay.

HDLC is a bit-oriented synchronous data link layer protocol developed by the ISO. It
defines a data encapsulation method for synchronous serial links by using frame
characters and checksums.
0

0
80

80
PPP is defined in RFC 1661. PPP includes the Link Control Protocol (LCP), Network
yx

yx
Control Protocol (NCP) and extended PPP protocol suite. LCP is responsible for
establishing, maintaining, and releasing links. PPP supports both synchronous and
asynchronous circuits and multiple network layer protocols.

Frame relay is a switching mode data link layer protocol. It is more efficient than X.25
because it speeds up data transmission by avoiding error correction.
0

0
80

80
yx

- 26 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Network Layer

Application layer
0

0
80

80
yx

yx
Presentation layer

Session layer

 Addressing
Transport layer
 Route selection
Network layer
 Congestion control
Data link layer  Interconnection of
heterogeneous
Physical layer networks
0

0
80

80
www.h3c.com
yx

yx
Data at the network layer is called packets. The network layer finds optimal routes for
packets, ensuring packets can correctly reach their destinations.

The main functions of the network layer are:

 Addressing: The network layer uses addresses to identify network nodes. Addressing
is essential to path selection.
 Route selection: The key function of the network layer is to select routes to forward
packets. The devices that perform route calculation and selection, and packet
forwarding are called routers.
0

0
80

 Congestion control: When the volume of traffic is huge, network congestion may occur,
yx

causing data loss and delay. The network layer is responsible for congestion control.
 Interconnection of heterogeneous networks: There are various types of links and
media. Each type of link has specific specifications. The network layer must be
capable of working on different links and media to send data over network segments.
Working between the transport layer and the data link layer, the network layer provides
services to the transport layer and translates network addresses into physical addresses.
In addition, the network layer can handle packet transmission issues between devices with
different processing capabilities. For example, the network layer fragments packets to

- 27 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

meet the maximum transmission unit (MTU) requirement on the data link layer at the
sending end and reassembles them at the receiving end.

Network Layer Addresses

0
Network address Host address
80

80
IP address
yx

yx
10. 8.2.48

Network address Host address

IPX address
1aceb0b1. 0000.0c00.6e25

 A network layer address usually consists of

two components:
 Network address
 Host address
 A network layer address is globally unique.
0

0
80

80
www.h3c.com
yx

yx
Network addresses identify network nodes at Layer 3 and are essential to Layer-3
forwarding. Different network layer protocols use different address formats. An IP address
has four bytes and is usually represented in dotted decimal notation. An IPX address has
10 bytes. The first four bytes represent the network address, and the following six bytes
represent the host address. It is usually represented in hexadecimal notation.

Generally, network layer addresses are hierarchical, which facilitates addressing and
management by splitting a big network address block into small ones. A common method
is to divide a network layer address into a network address and a host address. In this way,
0

0
80

a packet is forwarded to the network identified by the network address first, and then to the
yx

host identified by the host address through the gateway on that network.

To ensure the uniqueness of network nodes in a network, their network layer addresses
must be globally unique.

- 28 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Routing Protocol and Routed Protocol

 A routed protocol defines the formats and meanings of the

fields of the protocol packets and encapsulates data at the
network layer.
 A routing protocol runs on routers, establishes a routing table
on each router through exchange and calculation of routing
information to provide routing services for routed protocols.
0

0
80

80
yx

yx
IP network
Routed protocol: IP
1.1.1.1 RIP
Routing protocols: RIP, OSPF,
and BGP

BGP

1.1.2.1 OSPF 2.1.1.1

IP network

www.h3c.com
0

0
80

80
yx

yx
A routed protocol is a network layer encapsulation protocol that defines the formats and
meanings of the fields in the protocol packets. The packets of a routed protocol can be
forwarded between network devices. Common routed protocols include IP in the TCP/IP
protocol suite and IPX in the Novell IPX/SPX protocol suite.

A routing protocol runs on routers. It establishes a routing table on each router through
exchange and calculation of routing information to provide routing services for routed
protocols. The routing table describes the topology of the whole network.

Multiple routing protocols may be designed for a single routed protocol. For example,
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Intermediate
System to Intermediate System (IS-IS) were all developed for routing IP.
0

0
80

80
yx

- 29 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Connection-Oriented and Connectionless Services

 Connection-oriented service
 A connection is established before data transmission and is
released after communication
 Ordered delivery
Response acknowledgement
0

0

80

80
 Error retransmission
yx

yx
 Suitable for applications having high reliability requirements
 Connectionless service
 Best-effort service
 No connection needs to be established
 No sequencing mechanism, no acknowledgement
mechanism, and no retransmission mechanism
 Suitable for applications insensitive to delay

www.h3c.com
0

0
80

80
yx

yx
In computer communications, the connection-oriented service and the connectionless
service are a pair of important concepts.

When using the connection-oriented service, two parties need to establish a connection
before data transmission and then release the connection after communication. If the
called party refuses the connection attempt, the communication process ends.

During connection establishment, the IP addresses of the source and destination hosts
must be given in the service primitives and protocol data units. During data transmission,
an identifier can be used to identify the connection.

A connection-oriented service can ensure the correct sequence of received packets and
0

0
80

reliable packet transmission for two communicating parities. The receiver sends an
yx

acknowledgement for each received packet to the sender. When a packet is lost, the
sender will re-send that packet. Two parties can send variable-length packets (within a
certain length range) to each other. Normally, a packet sent earlier arrives earlier than a
packet sent later, but this will not be true when the first packet is delayed during
transmission. To make sure that received packets are in the correct sequence, the receiver
arranges them according to their sequence numbers. A connection-oriented service is
suitable for sending large numbers of packets within a certain period. It is not good at
sending small packets because the cost is high.

- 30 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Two parties using a connectionless service do not establish a connection before

communication. Thus the lower layer resources are not reserved beforehand, but assigned
dynamically during data transmission. Connectionless services take the postal service as
the model. Each packet (like a mail) has a complete destination address, and packets are
independent of one another. Connectionless services provide best-effort service, which
means they make best efforts to transmit packets but do not ensure reliable delivery.
0

0
A connectionless service does not require two communicating parties to be active at the
80

80
same time. Instead, only the working party needs to be active. The advantages of
yx

yx
connectionless services are flexibility, convenience and speed, but they cannot avoid
packet loss, duplication and disorder. Therefore, they are suitable for transmitting a small
number of packets and scattered packets.

Not all application protocols require establishing a connection for communication. For
example, some applications do not need to ensure transmission reliability because their
upper layer applications provide reliable response mechanisms.

Generally, the network layer protocols of the OSI reference model provide connectionless
services. They do not ensure orderly transmission, which instead is implemented at the
transport layer.
0

0
80

80
yx

yx
Network Layer Protocol Operation
RTD RTE
Host A Host B
RTA RTC

Application Application
layer layer
Presentation RTB Presentation
layer layer
Session Session
layer layer
Transport Transport
layer layer
0

0
80

Network Network Network Network Network

layer layer layer layer layer
yx

Data link Data link Data link Data link Data link
layer layer layer layer layer
Physical Physical Physical Physical Physical
layer layer layer layer layer
Host A RTA RTB RTC Host B

www.h3c.com

The figure above shows how data is transmitted from Host A to Host B.

- 31 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

An application program on Host A needs to send data to Host B on another network. First,
the application layer information is changed to a format that can be transmitted over
networks. Then, the presentation layer adds a header to the data, negotiates the data
format, decides whether to encrypt the data, and then presents the data in a correct format.
The session layer adds a header, and other layers also add their headers. The data unit is
called a segment at the transport layer, packet at the network layer, and frame at the data
link layer. The frame is changed to bit streams at the physical layer. Then Host A sends the
0

0
80

80
bit streams to its gateway Router A (RTA for short).
yx

yx
After receiving the bit streams, RTA identifies the frame and network layer protocol type,
and removes the frame header to get the network layer packet. The network layer routing
process uses the destination address in the header to find a matching route entry that
contains the outgoing interface and the next hop router RTB. The link layer of the outgoing
interface adds a link layer header to the packet and sends the frame to RTB.

Routers on the forwarding path process the packet in the same way until it arrives at RTC.
RTC finds from the routing table that the outgoing interface of the packet is on the same
link as Host B. Then it encapsulates the packet to the frame destined to Host B and sends
it out. Host B de-encapsulates the frame from bottom layer to top layer to deliver the frame
to the corresponding application program.
0

0
80

80
yx

yx
0

0
80

80
yx

- 32 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Transport Layer

Application layer
0

0
 The transport layer can
80

80
yx

yx
Presentation layer  Divide upper layer data into
segments
Session layer
 Establish end-to-end connections
 Deliver transparent and reliable
Transport layer
transmission
Network layer  Perform flow control
 Transport layer protocols
Data link layer
 TCP and UDP in the TCP/IP protocol
Physical layer suite, and SPX in the IPX/SPX
protocol suite
0

0
80

80
www.h3c.com
yx

yx
The transport layer provides error-free connections for the session layer, ensuring that
packets are correctly transmitted between devices. The data unit at the transport layer is
called a segment.

The transport layer receives data from the session layer, and if the data is too big, divides it
into segments before delivering the data to the network layer.

The transport layer establishes end-to-end connections. The application programs on the
two communicating devices exchange information through each other’s address
information, and are unaware of the transmission nodes in between.
0

0
80

80
yx

The transport layer can establish a connection either for a single session-layer request, or
for multiple session-layer requests (multiplexing), which is transparent to the session layer.

Another major task of the transport layer is to perform packet error checking and
retransmission. The packets of a data flow may not arrive at the receiving end in sequence
if they travel different paths to the destination. To ensure orderly delivery to the session
layer, the transport layer of the receiver arranges the received packets according to their
sequence numbers and checks that all packets are received. If a packet is lost or has an
error, the receiver will ask the sender to retransmit that packet.

- 33 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

In addition, the transport layer performs flow control to ensure that the sending speed
matches the processing capabilities of the network and the receiver. For example, it
increases the sending speed when the receiver has enough resources and decreases the
sending speed when the receiver has insufficient resources.

Session Layer, Presentation Layer and Application Layer

0
80

80
Session Layer, Presentation Layer, and
yx

yx
Application Layer
 Application layer protocols
 Offer network services to applications and
programs such as word processing, email,
Application layer and spreadsheet
 SQL, NFS, and RPC
Presentation layer
 Presentation layer protocols
Session layer  Define data format and structure
 Negotiate the upper layer data format
Transport layer  ASCII, MPEG, and JPEG
0

0
Network layer
80

80
 Session layer protocols
yx

yx
 Allow host communication
Data link layer  Establish, maintain, and terminate sessions
between programs
Physical layer  Word processing, email, and spreadsheet

www.h3c.com

The session layer provides session service for the representation layer and session users
by using the end-to-end service provided by the transport layer. The session layer
establishes and maintains sessions. For example, when a user logs in to a remote device
and exchanges information with it, the session layer determines the sending and receiving
0

0
80

sides. This is a synchronization mechanism.

The session layer also performs error recovery. For example, suppose the network breaks
when a user is sending a large file. Does this user need to retransmit the whole file after
the network recovers? The answer is NO because the session layer allows the user to
select a check point from the information stream. Only the dropped data after the check
point is retransmitted.

If communication breaks down at a lower layer, the session layer will try to recover the
communication. For example, when a PC user uses the dialup service of an ISP to access

- 34 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

the Internet, the session layer of the ISP server performs connection negotiation with the
session layer of the PC. If the telephone cable is disconnected, the session layer on the
PC will detect the disconnection and try to reestablish a connection.

The presentation layer presents the application layer information in a specific format. It
mainly focuses on the syntax and semantics of the transmitted information. Two
communicating peers must use the same format. For example, a sender can present a
0

0
figure in JPEG format or BMP format. If the peer does not support the format, it cannot
80

80
show the figure correctly.
yx

yx
The presentation layer also encrypts and compresses data. Encryption prevents
unauthorized users from reading the data. Compression reduces the size of data and thus
the cost of data transmission. Compression also improves the sending speed.

The application layer is the highest layer in the OSI reference model. This layer directly
interacts with users and application programs so that programs can use network services
including file transfer, file management, and email services. Note that the application layer
does not correspond to one application program. When you send an email over a network,
your request is transmitted to the network through the application layer.
0

0
TCP/IP Model
80

80
yx

yx
The OSI reference model greatly facilitates understanding the Internet structure, and
developing network products, and network design. However, the OSI reference model is
too complex to be implemented completely. The layers of the OSI reference model have
overlapping functions, and thus the efficiency is low. In addition, when the OSI reference
model was launched, TCP/IP had already become the de facto standard. As a result, the
OSI reference model has never become prevalent, and no protocol suite that totally
complies with the OSI reference model has been developed.
0

0
80

80
yx

- 35 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Layered Structure

Layered Structure of the TCP/IP Model

OSI Reference TCP/IP model

Model
0

0
7 Application layer
80

80
yx

yx
6 Presentation layer Application layer 4

5 Session layer

4 Transport layer Transport layer 3

3 Network layer Internet layer 2

2 Data link layer

Network interface
layer 1
1 Physical layer
0

0
80

80
www.h3c.com
yx

yx
Similar to the OSI reference model, TCP/IP also uses a layered structure in which each
layer delivers different communication functions. TCP/IP simplifies the layered structure,
and consists of four layers only, the application layer, transport layer, Internet layer, and
network interface layer.
0

0
80

80
yx

- 36 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Internet Layer

Internet Layer
0

0
80

80
 The Internet layer
TCP/IP model
yx

yx
sends packets to
correct destinations.
4 Application layer
 Routing
3 Transport layer  Route maintenance
2 Internet layer  Protocols
 IP
1 Network interface
layer  ICMP
 IGMP
0

0
80

80
www.h3c.com
yx

yx
The Internet layer is the key component of the TCP/IP protocol stack. It delivers functions
similar to the network layer of the OSI reference model.

The Internet layer defines the IP protocol and packet format. The major functions of the
Internet layer include:
 Identifying a network node by using an IP address;
 Generating routing information by using a routing protocol, and forwarding packets to
the destination according to the routing information;
 Managing networks with the assistance of Internet Control Message Protocol (ICMP)
0

0
80

and Internet Group Management Protocol (IGMP).

- 37 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Transport Layer

Transport Layer
0

0
 The transport layer
80

80
TCP/IP model provides peer-to-peer
yx

yx
connections.
4 Application layer
 Data integrity check
3 Transport layer  Error retransmission
2 Internet layer  Fragment reassembly
 Protocols
1 Network interface
layer
 TCP

 UDP
0

0
80

80
www.h3c.com
yx

yx
The transport layer provides peer-to-peer connections for communicating application
programs on any two hosts, so that the peers on the source and destination hosts can talk
to each other.

The transport layer of the TCP/IP protocol stack mainly includes Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP). TCP is connection-oriented, provides
reliable transmission between the communication parties, and supports fragment
reassembly, error retransmission and flow control. UDP is connectionless, provides
unreliable data transmission, and leaves the application layer to guarantee the reliability of
0

0
80

data transmission.
yx

- 38 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

Application Layer

 The application layer

0
80

80
processes details of
TCP/IP model
yx

yx
specific application
programs.
4 Application layer
 Remote access
3 Transport layer  Resource sharing
 Protocols
2 Internet layer
 Telnet
1 Network interface  FTP, TFTP
layer
 SMTP, POP3
 SNMP, HTTP
0

0
80

80
www.h3c.com
yx

yx
The TCP/IP model has no separate session layer and presentation layer. The functions of
these two layers are included in the application layer. The application layer directly
interacts with users and application programs so that the programs can use network
services, including file transfer, file management, and email services. Typical application
layer protocols include teletype network (telnet), File Transfer Protocol (FTP), Simple Mail
Transfer Protocol (SMTP), and Simple Network Management Protocol (SNMP).

Telnet enables a terminal to access a remote server.

FTP is an Internet standard for transferring files. It supports text files, such as ASCII and
0

0
80

binary files, and files with a byte-stream oriented structure. FTP uses TCP to provide
yx

reliable connection-oriented file transfer. It is suitable for file transfer over a long-distance,
unreliable path.

The Trivial File Transfer Protocol (TFTP) transfers files by using UDP, and thus is
unreliable. It is suitable for file transfer within a LAN.

SMTP transfers text mails over the Internet. All operating systems have a client program
that uses SMTP to receive and send emails, and most Internet service providers (ISPs)
use SMTP to deliver mail services. SMTP is designed to transfer emails in various network

- 39 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

environments. It cares about how an email is delivered, rather than whether the email
arrives at the destination correctly. SMTP has a robust mail processing feature that allows
a mail to be routed automatically based on a specific standard. SMTP can immediately
inform the user if the mail address is non-existent, and returns an undeliverable mail in a
certain period of time back to the sender.

SNMP monitors and maintains network devices, and delivers security and performance
0

0
management.
80

80
yx

yx
The Hypertext Transfer Protocol (HTTP) is the basis of the World Wide Web (WWW). Most
web pages are transferred on the Internet through HTTP.

Network Interface Layer

 The network interface

0
TCP/IP model layer processes details
80

80
related to the
yx

yx
Application layer
transmission media.
4
 Physical wires and
3 Transport layer interfaces
 Link layer communication
2 Internet layer
 Protocols
1 Network interface  Ethernet,
FDDI, token
layer ring
 SLIP, HDLC, PPP
 X.25, frame relay, ATM

www.h3c.com
0

0
80

80
yx

TCP/IP has no rigid description for the layer below the Internet layer. However, a TCP/IP
host must use a certain lower layer protocol to connect to the network. In addition, TCP/IP
must support various lower layer protocols to implement end-to-end network
communications that are independent of links. The network interface layer of TCP/IP
processes the details of transmission media and provides the upper layer with coherent
network interfaces. Therefore, the network interface layer of the TCP/IP model
corresponds to the data link layer and physical layer of the OSI reference model, and

- 40 -
yx

yx
Chapter 2 OSI Reference Model and TCP/IP Model

usually includes network interface cards and interface drivers for computers and network
devices.

TCP/IP supports most LAN or WAN technologies. These technologies belong to the
network interface layer.

Typical network interface layer technologies include:

 LAN technologies: Ethernet, Fiber Distributed Data Interface (FDDI), and token ring
0

0
80

80
 Serial connection technologies: SLIP, HDLC, and PPP
yx

yx
 Packet switching technologies: X.25, frame relay, and Asynchronous Transfer Mode
(ATM)

Summary

Summary
 The OSI Reference Model and TCP/IP model
0

0
greatly facilitate the understanding of
80

80
yx

yx
internetworks, network device development,
and network design, and accelerate the
development of computer networks.
 The OSI reference model consists of seven
layers, whereas the TCP/IP model consists of
four layers.
0

0
80

80
yx

- 41 -
yx

yx
Chapter 3 LAN Fundamentals

3 LAN Fundamentals
0

0
80

80
A local area network (LAN) is a computer network covering a small physical area, such as
yx

yx
a room or a building. This chapter introduces common LAN technologies, and focuses on
Ethernet, the dominant LAN technology.

Learning Objectives

Learning Objectives
Upon completion of this lesson, you will be able to:
0

0
80

80
 Identity LAN types
yx

 Identify Ethernet types and describe yx

characteristics of Ethernet

 Describe the CSMA/CD mechanism

 Identify twisted-pair cable and optical fiber

cable

 Discuss basic WLAN technologies

0
80

80
yx

- 42 -
yx

yx
Chapter 3 LAN Fundamentals

LAN Overview

LAN and the OSI Reference Model

LAN & OSI Reference Model

0
80

80
yx

yx
Network layer protocols
Network layer
such as IP and IPX

LLC
802.2 LLC/SNAP
sublayer
Data link layer
MAC
802.3, 802.4, 802.5, 802.11
sublayer

Coaxial cables, twisted pairs,

Physical layer
fiber optic cables, RJ-45, radio

OSI model LAN

0
80

80
yx

www.h3c.com yx

A LAN is a group of computers connected for resource sharing and communication in a

small geographical area. To address enormous resource sharing demands, the
transmission rate of a LAN should be high. To accommodate a large number of computers,
a LAN should adopt the multi-access approach.

LAN technologies deal with the physical layer and data link layer of both the OSI reference
0

model and the TCP/IP protocol suite.

80
yx

The physical layer defines the mechanical specifications, electrical specifications, and
connection standards of the devices, cables, and interfaces that provide services for the
LAN. The following are some common LAN standards for the physical layer:
 10BASE5 (thick Ethernet) over coaxial cable and transceivers
 10BASE2 (thin Ethernet) over coaxial cable with BNC connectors
 10BASE-T, 100BASE-TX, and 1000BASE-T over twisted-pair cable with RJ-45
connectors
 Ethernet over optical fiber

- 43 -
yx

yx
Chapter 3 LAN Fundamentals

 Wireless LAN (WLAN) radio

IEEE divides the data link layer of a LAN into two sublayers: the logical link control (LLC)
sublayer and the media access control (MAC) sublayer. The LLC sublayer performs
hardware-independent flow control and error control at the data link layer. The MAC
sublayer, beneath the LLC sublayer, acts as an interface between the LLC sublayer and
the physical layer. Different types of LAN use the same LLC sublayer standard, but
different MAC sublayer standards.
0

0
80

80
yx

yx
The data link layer encapsulates and identifies data received from its upper layer, which is
implemented by the LLC sublayer. IEEE 802.2 defines the LLC sublayers for all 802
networks.

The LLC sublayer multiplexes protocols by adding an 802.2 LLC header to the packet that
the network layer delivers. To identify network layer protocols, the LLC sublayer uses
service access points (SAPs). Two SAPs, the source SAP (SSAP) and the destination SAP
(DSAP) are used to identify the network layer protocols of the sender and the recipient
respectively. The SSAP field and the DSAP field are each one-byte long, of which only six
bits are used to identify the upper layer protocol. Therefore, SAP can identify no more than
32 protocols. To make 802.2 LLC sublayer support more upper layer protocols, IEEE
issued the 802.2 Subnetwork Access Protocol (SNAP). IEEE 802.2 SNAP extends the LLC
0

0
80

80
header to encapsulate upper layer data. With IEEE 802.2 SNAP, the SAP value is set to
yx

yx
hexadecimal AA, and a two-byte type field is added.

The data link layer controls access to transmission media, handles channel contentions,
identifies and addresses stations, and checks the integrity of incoming frames at the MAC
sublayer. The IEEE defines different MAC sublayer standards for different media: 802.3 for
Ethernet, 802.4 for token bus, and 802.5 for token ring.
0

0
80

80
yx

- 44 -
yx

yx
Chapter 3 LAN Fundamentals

LAN Technologies

LAN Technologies
0

0
Ethernet Token
80

80
yx

yx
Token
ring

FDDI rings
0

0
80

80
www.h3c.com
yx

yx
Major LAN technologies once included Ethernet, token ring, and fiber distributed data
interface (FDDI). Ethernet has become by far the most popular.

Ethernet

Ethernet has achieved great success since it was launched by Xerox, DEC, and Intel. In
1985, Ethernet was standardized as 802.3 by IEEE. The DIX Ethernet standard describes
the 10-Mbps bus LAN over 50-ohm coaxial cable, and defines all specifications of the data
link layer and physical layer in the OSI reference model. However, the IEEE 802.3
0

0
80

standards describe LANs over various carrier sense multiple access with collision
yx

detection (CSMA/CD) based media at rates from 1 Mbps to 10 Mbps, and define only the
specifications of the data link layer's MAC sublayer and the physical layer in the OSI
reference model. The other sublayer, LLC, is described in IEEE 802.2.

The earliest Ethernet adopted coaxial cabling and the bus topology. Later, Ethernet
networks constructed with hubs in a star topology appeared. At present, switched Ethernet
constructed with switches is dominant.

- 45 -
yx

yx
Chapter 3 LAN Fundamentals

Token Ring

Token ring was defined in IEEE 802.5, which was developed based on the token ring
protocol designed by IBM.

Even though the physical topology of a token ring network is a star, the stations on the
network are organized in a logical ring topology with a token traveling around the ring. Data
is transmitted from one station to the next sequentially in one direction. The station that has
0

0
80

80
control of the token can use the network. The token is a special control frame with a bit
yx

yx
identifying whether the token is free or busy. If the token is not being used, a station can
take control of it for data transmission. If the token is being used by a station, it is set to
busy.

If one station wants to send data, it must first capture the free token. Then the station sets
the token to busy and sends out data after it. The token is set to free again after the data is
received by the destination station and stripped off the ring.

The token ring initially ran at 4 or 16 Mbps, and has been improved to support 100 Mbps.

The token ring mechanism is complex. A token ring network must maintain a token. If the
token is corrupted or lost, the token ring network will fail. Thus, one station is required to
0

0
80

80
monitor and manage the token. Because of its conservative approach, expensive
yx

yx
infrastructure, and implementation complexity, the token ring technology has never
prevailed.

FDDI

FDDI is a LAN technology that adopts the logical ring topology. FDDI technology:
 Uses the IEEE 802.4 token bus timed token protocol as its basis.
 Uses IEEE 802.2 protocols, and is thus compatible with the 802 networks.
 Offers up to 100 Mbps capability on the primary ring, and covers a transmission
distance of 100 km (about 62 miles) with 1000 stations at most.
 Adopts the dual-attached, counter-rotating ring topology, allowing for fault tolerance.
0

0
80

 Supports single- and multi-mode optical fibers.

 Allocates bandwidth dynamically and supports synchronous and asynchronous

transmission.
The bandwidth and reliability benefits that these features bring once made FDDI a good
choice for the backbones of core equipment rooms, offices, and campus networks.

However, Ethernet quickly outpaced token ring and FDDI with its improved bandwidth and
reliability, openness, ease of use and implementation, and low cost. Eventually Ethernet
dominated the LAN market and has been dominant ever since.

- 46 -
yx

yx
Chapter 3 LAN Fundamentals

Ethernet Technology Basics

To help you understand the fundamentals and development of Ethernet, we will start with
the early 10 Mbps Ethernet technologies.

Introduction to Early Ethernet Technologies

0
80

80
yx

yx
Early Ethernet Technologies

Name Speed Medium type Max distance

Thick coaxial 500 m (about
10BASE5 10 Mbps
cable 1640 ft.)
Thin coaxial 200 m (about 656
10BASE2 10 Mbps
cable ft.)
100 m (about 328
10BASE-T 10 Mbps Twisted pairs
ft.)

Hub
0

0
80

80
yx

yx
10BASE5/10BASE2 10BASE-T

www.h3c.com

IEEE 802.3 defines the 10 Mbps Ethernet standards, of which 10BASE5, 10BASE2, and
10BASE-T were commonly used.

10BASE5 adopts the bus topology. It runs over 50-ohm thick coaxial cable. Hosts are
0

0
80

connected to the network through transceivers connected to the cable at a certain distance.
yx

A thick coaxial cable can cover up to 500 meters (about 1640 ft.) thanks to its good
interference protection performance. The disadvantage is that cable connection and
cabling are complicated.

10BASE2 also adopts the bus topology. It runs over 50-ohm thin coaxial cable. Hosts are
connected to the cable with T-shape BNC connectors. 10BASE2 covers a transmission
distance of 200 meters (about 656 ft).

- 47 -
yx

yx
Chapter 3 LAN Fundamentals

Even though the bus topology requires less investment in cables compared to other
topologies, it is not preferred because it has single points of failure and even a failed point
can result in the breakdown of the entire network. In addition, it is difficult to isolate
problems in a bus topology network.

10BASE-T adopts the star topology. It uses hubs to connect stations with twisted-pair
cables. At both ends of a twisted-pair cable are RJ-45 connectors. The category-3
0

0
unshielded twisted pair (UTP) cable covers a transmission distance up to 100 meters
80

80
(about 328 ft) and the category-5 UTP cable up to 150 meters (about 492 ft).
yx

yx
10BASE-T superseded 10BASE5 and 10BASE2 for its ease of deployment and
troubleshooting.

Ethernet Hub

Ethernet Hub
Hub
Bus line
0

0
80

80
yx

Host Host Host Host

 The physical topology of hub-connected

stations is star.
 The stations are logically organized in a bus
topology, where only one station can send or
receive data at one time.
0

0
80

www.h3c.com
yx

A hub is a sharing device that provides multiple ports to connect network devices to form a
single network segment.

The stations connected by a hub are logically organized in a bus topology even though the
physical topology is a star. The internal structure and operating principles of a hub are still
the same as a bus. All ports of the hub work in half duplex mode. At any one time only one
of them can receive incoming signals, which are then passed to all other ports. This means

- 48 -
yx

yx
Chapter 3 LAN Fundamentals

that only one station can send or receive data at any one time and the data is sent to all
other stations.

The hub operates at the physical layer and is responsible for transmitting electrical signals
only.

MDI/MDIX
0

0
80

80
yx

yx
MDI/MDIX
Host Router Switch/hub Switch/hub
NIC(MDI) Ethernet access port uplink port
port (MDI) (MDIX) (MDI)
Straight-
Host NIC (MDI) Crossover Crossover N/A
through
Router Ethernet Straight-
Crossover Crossover N/A
port (MDI) through

Switch/hub access Straight- Straight- Straight-

CSMA/CD – Carrier Sense CSMA/CD

Carrier Carrier
sensed sensed, do
not transmit
If carrier is
sensed, stations
0

0
80

80
Carrier do not send data
sensed
yx

yx
because the
medium is busy.
No carrier No carrier
sensed sensed

If no carrier is
No carrier sensed, the
sensed medium is regarded
as idle.

Send data
to contend
Any host can send
for the line data to contend for
the idle line.
0

0
80

80
www.h3c.com
yx

yx
On an Ethernet network, all stations share the medium and have equal access to the
medium, but only one station can access the medium at any one time. Collisions thus
result. To detect collisions and control access to the medium, IEEE defines the Carrier
Sense Multiple Access with Collision Detection (CSMA/CD) mechanism in the family of
802.3 standards.

With the CSMA/CD mechanism, each station on the Ethernet network monitors the
medium for the carrier signal. If no carrier signal is detected, a station considers that the
medium is idle, and it can start transmitting data. If a carrier signal is detected, the station
0

0
80

waits until the medium is idle.

- 51 -
yx

yx
Chapter 3 LAN Fundamentals

CSMA/CD – Collision Detection and

Backoff CSMA/CD
Collision Collision
detected detected
The two hosts send
Collision data simultaneously,
detected causing collision
0

0
80

80
yx

yx
Each host waits for a
random backoff time
before sending data

A host sends data as

soon as its backoff
time expires

www.h3c.com
0

0
80

80
yx

yx
If more than two stations sense that the medium is idle, and start transmitting data
concurrently, a collision results. To reduce collisions, CSMA/CD requires that a station
listen to the medium while transmitting data. As soon as the station senses a collision, it
stops transmitting data and sends a signal for a sufficient time to ensure that all stations
have detected the collision. Then the station remains silent for a random period of time
before attempting to retransmit. This time period is called backoff delay. The process
continues until the data is eventually transmitted. As the backoff delay settings on colliding
stations are random, the probability of repeated collisions is decreased.

All stations sharing a common medium form a collision domain. The number of collisions
increases along with the number of stations. When the number of hosts reaches a certain
0

level, excessive collisions may occur and deteriorate network performance. Typically, you
80

80
yx

are recommended to control the number of stations in a collision domain within 50.

- 52 -
yx

yx
Chapter 3 LAN Fundamentals

MAC: 00E0.FC01.1111 Accept

MAC: 00E0.FC01.3333

 A NIC accepts only frames destined for its own MAC, the broadcast MAC
address, and the MAC address of the multicast group that it belongs to.
 A frame is dropped if its destination MAC address does not match any of the
above-mentioned MAC addresses.
 If a frame is accepted, it is passed to the upper layer for further processing.
0

0
80

80
www.h3c.com
yx

yx
An Ethernet frame contains two MAC addresses. One identifies the sender, called the
source MAC address, and the other identifies the recipient, called the destination MAC
address.

There are three types of Ethernet frames by destination range: unicast, multicast, and
broadcast. A unicast frame is destined only for a host. A multicast frame is destined for a
group of hosts. A broadcast frame is destined for all hosts on a LAN and the broadcast
MAC address is FFFF.FFFF.FFFF.

A common network interface card accepts only packets destined for it. When a frame
0

0
80

Single-Mode Fiber and Multi-Mode Fiber

0
80

80
yx

yx
 Multi-mode fiber
 Large core, allowing light-waves to travel along different
paths
 High dispersion, suitable for transmission over short
distances within one kilometer or 0.62 miles
 Low cost
 Single-mode fiber
 Small core, allowing light to travel along only one path
 Little dispersion, suitable for transmission over distances
as long as tens of thousands of meters
 High cost
0

0
80

80
yx

www.h3c.com yx

An optical fiber is a glass or plastic fiber that carries light along its length. An optical fiber
cable is made up of a bundle of fibers. The signals transmitted in optic fiber are light pulses
and the light source is usually a light-emitting diode or laser diode.

Optical fiber offers these benefits:

 High bandwidth: It permits high transmission rates and can offer bandwidth as high as
0

tens of Gbps.
80

80
yx

 Long transmission distance: Unlike copper coaxial or twisted-pair cable, signals can
travel a long distance in optic fiber with little attenuation. This reduces the investment
in repeaters.
 High reliability: Signals are transmitted in optical fiber as light pulses, which are less
prone to attenuation and are immune to electromagnetic interference.
 High security: Signal transmission over fiber does not generate radiation itself, and
fibers cannot be re-connected after they are cut. These features eliminate the
likelihood of eavesdropping en route.

- 58 -
yx

yx
Chapter 3 LAN Fundamentals

 Wide frequency band: An optical fiber can carry optical signals at different frequencies.
With wave-length division multiplexing (WDM) technology, the bandwidth of a
fiber-optic network can be increased significantly.
There are two types of optical fiber: multi-mode and single-mode.

Multi-mode fiber has a large core, which allows light waves to travel along different paths
within the core. This is beneficial because it is easy to make the cable and it allows for less
0

0
expensive transmitters, such as LEDs. However, the dispersion in multi-mode fiber cables
80

80
yx

yx
is high. One type of dispersion is called modal dispersion: when light enters the core at
different angles and travels at slightly different speeds, the pulses eventually become less
distinct. For this reason, multi-mode fibers are normally used for transmission over short
distances, typically within one kilometer (about 3281 ft).

Compared with multi-mode fibers, a single-mode fiber has a small core measured in
nanometers, and requires a much more precise transmitter such as a laser, which
increases cost. Because the core is small, light can only travel along one path, which
eliminates the problem of modal dispersion. For this reason, single-mode fibers are used
for transmission over distances as far as several tens of kilometers.
0

0
Fiber Connectors in Common Use
80

80
yx

 ST: Slotted bayonet type yx

 FC: Slotted screw-on type

0
80

80
yx

www.h3c.com

- 59 -
yx

yx
Chapter 3 LAN Fundamentals

Fiber Connectors in Common Use (cont.)

 SC: Push/pull type

0
80

80
yx

yx
 LC: Mini connector

www.h3c.com
0

0
80

80
yx

yx
The following are optical fiber connectors commonly used to connect to network devices:
 A straight tip (ST) connector is a slotted bayonet type with long ferrule.
 A ferrule connector (FC) is a slotted screw-on type connector.
 A Siemon connector (SC) is a pull/push type connector. SC is also called a subscriber
connector or standard connector.
 A Lucent connector (LC) is a small-form optic fiber connector.
 A mechanical transfer registered jack (MT-RJ) houses two fibers and mates together
with locating pins on the plug. Its small size makes it popular for small form-factor
devices.
0

0
80

80
yx

- 60 -
yx

yx
Chapter 3 LAN Fundamentals

Fast Ethernet and Gigabit Ethernet

Protoco
Name Speed Medium Max distance
l
2-pair CAT-5 UTP 100 m
0

0
100BASE-TX 100 Mbps
80

80
cable (328 ft.)
yx

yx
2000 m
100BASE-FX 100 Mbps Multi-mode fiber 802.3u
(1.2 mi.)
4-pair CAT-3 UTP 100 m
100BASE-T4 100 Mbps
cable (328 ft.)
275/550 m
1000BASE-SX 1 Gbps Multi-mode fiber
(902/1804 ft.)
550/5000 m 802.3z
1000BASE-LX 1 Gbps Single-mode fiber
(1804 ft./3.1 mi)
1000BASE-CX 1 Gbps 2-pair STP cables 25 m (82 ft.)
4-pair CAT-5
1000BASE-T 1 Gbps 100 m (328 ft.) 802.3ab
cable
0

0
80

80
www.h3c.com
yx

yx
10-Mbps Ethernet has evolved to faster Ethernet such as fast Ethernet, Gigabit Ethernet,
and ten-Gigabit Ethernet.

IEEE 802.3u defines a set of fast Ethernet standards that transmit data at the rate of 100
Mbps. The fast Ethernet performs the same encapsulation and CSMA/CD algorithm as
10-Mbps Ethernet. Fast Ethernet adopts star topology and does not use coaxial cables any
more.

100BASE-TX is the most popular fast Ethernet standard. It uses two-pair category-5 UTP
cables and RJ-45 connectors to connect devices with hubs to create a star topology. A
0

0
80

single cable can be up to 100 m (328 ft). It is easy to upgrade a 10BASE-T network to a
yx

100BASE-TX, because 10BASE-T also adopts two-pair category-5 UTP cabling and the
upgrade only needs 100BASE-TX hubs.

For category-3 UTP cabling, 802.3u provides another solution, 100BASE-T4. 100BASE-T4
uses four-pair category-3 UTP cables to provide bandwidth of 100 Mbps because signals
on category-3 UTP cable are attenuated quickly and susceptible to interference. One
100BASE-T4 cable can be up to 100 m (328 ft.).

- 61 -
yx

yx
Chapter 3 LAN Fundamentals

100BASE-FX is a fast Ethernet standard over optic fiber. It uses strands of optic fiber to
provide bandwidth of 100 Mbps. Its maximum distance reaches 2000 m (1.2 mi).

Fast Ethernet has been widely used at the access layer. At the distribution layer for sites
that have large traffic, faster Ethernet like Gigabit Ethernet is required.

While Gigabit Ethernet also uses the IEEE 802.3 frame format and CSMA/CD in
half-duplex mode, it improves transmission rate to 1 Gbps.
0

0
80

80
IEEE 802.3z defines a set of Gigabit Ethernet standards:
yx

yx
 1000BASE-SX for transmission over multi-mode fiber that uses an 850 nm
wavelength laser. Its transmission distance can reach 275 m (902 ft.) over 50 μm
multi-mode optical fiber or 550 m (1804 ft.) over 62.5 μm multi-mode optical fiber.
 1000BASE-LX for transmission over single-mode fiber that uses a 1310 nm
wavelength laser. Its transmission distance can reach 550 m (1804 ft.) over 50/62.5
μm single-mode optical fiber or 5000 m (3.1 mi) over 10 μm single-mode optical fiber.
 1000BASE-CX uses two-pair STP cabling to provide a maximum transmission
distance of 25 m (82 ft).
0

0
80

80
yx


-6
One μm equals one millionth (10 ) of a meter. yx
-9
 One nm equals one billionth (10 ) of a meter.

802.3ab defines 1000BASE-T Ethernet over copper wire. It uses four-pair category-5 UTP
cabling to provide a maximum transmission distance of 100 m (328 ft).

To resolve the compatibility issue among 10-Mbps Ethernet, fast Ethernet, and Gigabit
Ethernet, auto-negotiation technology was introduced. Both 100BASE-TX and
0

1000BASE-T define an auto-negotiation mechanism to be backward compatible with

10BASE-T.
yx

Auto-negotiation enables two connected devices to exchange operating parameters and

reach an agreement through negotiation. The mechanism is implemented at the physical
layer at a high speed without any higher layer protocol overheads.

If a device is not capable of auto-negotiation, its peer device will assume that it is working
at 10 Mbps in half-duplex mode. Even though auto-negotiation is efficient and easy to use,
it introduces delay and has the likelihood of negotiation error. You are thus recommended

- 62 -
yx

yx
Chapter 3 LAN Fundamentals

to enable auto-negotiation only on ports connected to end users. On ports connected to

servers or routers, configure a fixed rate and duplex mode.

To accommodate the explosive growth of network applications, 10-Gigabit Ethernet

emerged. It is typically used for interconnecting core devices in a MAN or large-sized
campus network.
0

0
Expanding Ethernet with Switches
80

80
yx

Non-Overlapping
3 3 12 3
channels
Modulation FHSS/DSSS CCK/DSSS OFDM CCK/OFDM
6, 9, 12, 18, 6, 9, 12, 18,
Transmission rate 1, 2 1, 2, 5.5, 11
24, 36, 48, 54 24, 36, 48, 54
Coverage N/A 100 m (328 ft.) 50 m (164 ft.) < 100 m (328 ft.)
Max theoretical UDP
throughput (1500-byte 1.7 Mbps 7.1 Mbps 30.9 Mbps 30.9 Mbps
based)
Max theoretical
TCP/IP throughput 1.6 Mbps 5.9 Mbps 24.4 Mbps 24.4 Mbps
(1500-byte based)
Compatible with Not compatible Compatible with
Compatibility N/A
802.11g with 802.11b/g 802.11b
0

0
80

80
www.h3c.com
yx

yx
Wireless devices must operate in a certain frequency band. Each band has specific
bandwidth, which is the amount of available frequency space offered by the band. The
transmission capability of a link is usually measured in bandwidth. The amount of data that
can be transmitted increases along with bandwidth.

As early as the mid-1980s, some companies began to launch WLAN products. In an

attempt to standardize WLAN products, IEEE released the 802.11 standard for WLAN in
1997, and subsequently 802.11b, 802.11a and 802.11g for the physical layer. 802.11a and
802.11g eventually won out over 802.11 and 802.11b. More and more products, however,
0

Channel to Frequency Map

Channel Freq (GHz) US/Can Europe Japan

0
80

80
1 2.412 x x
2 2.417 x x
yx

yx
3 2.422 x x
4 2.427 x x
5 2.432 x x
6 2.437 x x
7 2.442 x x
8 2.447 x x
9 2.452 x x
10 2.457 x x
11 2.462 x x
12 2.467 x
13 2.472 x
14 2.484 x
0

0
80

80
www.h3c.com
yx

yx
IEEE 802.11a defines the frequency bands of 5.15 to 5.35 GHz, 5.50 to 5.70 GHz, and
5.725 to 5.85 GHz; IEEE 802.11b/g defines the frequency band of 2.4 to 2.4835 GHz
(extended to 2.495 in Japan).

The 2.4 GHz band is typically divided into 13 channels. The width of each channel is 22
MHz and the central frequencies of two neighboring channels are 5 MHz apart. For
example, Channel 1 takes up bandwidth from 2.401 to 2.423 GHz and is centered on
2.412 GHz; Channel 2 takes up bandwidth from 2.406 to 2.428 GHz and is centered on
2.417 GHz; and so on. Japan adds a 14th channel in the 2.4 GHz band. Its central
0

0
80

frequency is 12 MHz greater than that of channel 13.

- 67 -
yx

yx
Chapter 3 LAN Fundamentals

802.11b/g Frequency Channels

2.417 2.427 2.437 2.447 2.457 2.467

5 10
0

0
80

80
4 9 14
yx

yx
3 8 13
2 7 12
1 6 11
2.412 2.422 2.432 2.442 2.452 2.462 2.472 2.484

www.h3c.com
0

0
80

80
yx

yx
As shown in the figure above, Channels 1, 2, 3, 4, and 5 overlap. If two stations are
operating in any two overlapping channels, they share bandwidth and their signals
interfere with each other.

Non-overlapping channels are thus often used on wireless devices deployed in an area to
maximize speed by minimizing congestion. There are four groups of non-overlapping
channels: 1, 6 and 11; 2, 7, and 12; 3, 8, and 13; 4, 9, and 14.

Because Channels 12 through 14 are available only in some countries, 1, 6 and 11 are
often used.
0

0
80

80
yx

- 68 -
yx

yx
Chapter 3 LAN Fundamentals

WLAN Deployment – Cellular Communication

System

 Neighboring areas
use non-overlapping
channels, e.g. 1, 6,
and 11.
0

0
80

80
 Adjust transmission
yx

yx
power to avoid co-
frequency
interference.
 Cellular
communication
system allows a
group of non-
overlapping channels
to be repeatedly used.
www.h3c.com
0

0
80

80
yx

yx
You can use a group of non-overlapping channels, Channel 1, 6, and 11 for example, to
avoid interference in any areas in a two-dimensional plane. Even if co-frequency
interference occurs in some areas because the power of a station is high, it can be offset
by adjusting the transmission power of the station. In a real three-dimensional application
scenario, however, co-frequency interference cannot be avoided.
0

0
80

80
yx

- 69 -
yx

yx
Chapter 3 LAN Fundamentals

802.11 Medium Access Control Mechanism

Medium Access Control Mechanism of

802.11
DIFS DIFS DIFS
10 7 5
0

0
Frame
80

80
Exchange
STA 1
yx

yx
9 6 4
Frame
Exchange
STA 2
3 10 8
Frame Exchange
STA 3
5 2 10
Frame Exchange
STA 4

Backoff Backoff Backoff

window window window

Carrier Sense Multiple Access with Collision Avoidance

(CSMA/CA)
0

0
80

80
www.h3c.com
yx

yx
The CSMA/CD mechanism used on a bus topology LAN controls medium access by
having stations detect collisions. This mechanism is not suitable for WLAN however,
because the adapters of wireless products cannot detect collisions in a channel. To
address the issue, IEEE 802.11 defines the Carrier Sense Multiple Access with Collision
Avoidance (CSMA/CA) mechanism.

The CSMA/CA mechanism minimizes collision probability by introducing a random

transmission delay, while requiring stations to listen to the medium for any transmission
activity. After a station senses that the medium is idle, it must wait a random period of time
0

0
80

before it can transmit.

In addition, IEEE 802.11 provides an acknowledgment mechanism at the MAC layer. If a

station does not receive acknowledgement after transmitting a data frame, it retransmits
the frame to improve reliability.

The following describes how a WLAN station works to transmit frames (see the figure
above):
1) The station listens to the medium for any transmission activity.

- 70 -
yx

yx
Chapter 3 LAN Fundamentals

2) After detecting that the medium is idle, the station continues to listen to the medium for
a period identical to the DCF interframe space (DIFS). If the medium is found busy
during the DIFS interval, the station defers transmission.
3) The station starts a backoff timer if no transmission activities have been found on the
medium when the DIFS interval expires. The initial backoff timer takes an arbitrary
number in the range of 0 to the contention window (CW). The timer decrements by 1
each time a fixed timeslot goes by. This backoff mechanism decreases the likelihood
0

0
80

80
of contentions that may occur when two sending stations simultaneously detect that
yx

yx
the medium is idle.
4) The station starts transmitting data when the backoff timer expires. If the transmission
fails and retransmission is needed, the backoff procedure repeats with increased
contention window size. If the transmission succeeds or the retransmission limit is
reached, the contention window is reset to the initial default. This ensures fairness
among stations.
5) If the medium is busy before the backoff timer expires, the backoff timer pauses. If the
station still wants to transmit data after detecting that the medium is idle again, it waits
for another DIFS and the backoff timer re-starts from where it stopped. When the
backoff timer expires, the station can transmit data.
0

0
80

80
Typical WLAN Application Scenarios
yx

WLAN Applications – Hotspot yx

Client

Wireless
switch
S3600-PWR
Equipment room
Meeting hall

Client

S3600-PWR

Coffee house
0

0
80

80
yx

Client
S7500

S3600-PWR

Information desk

www.h3c.com

- 71 -
yx

yx
Chapter 3 LAN Fundamentals

A typical WLAN network comprises access points (APs) and stations. The APs provide
access to the network like switches in a wired LAN.

Hotspot is a popular WLAN networking application, as shown in the figure. A hotspot is an

area covered by APs to provide access to the network for mobile users. The APs are
connected to switches using wired connections.

WLAN Applications – Wireless Bridge

0
80

80
Connection
yx

yx
Branch network 1

Wireless
Headquarters bridge

Wireless
bridge
Branch network 2

Wireless
bridge
0

0
80

80
yx

yx
www.h3c.com

This figure shows a WLAN network that uses wireless bridges to connect branches to the
headquarters. This technique is suitable for connecting buildings with no wired
connections.
0

0
80

80
yx

- 72 -
yx

yx
Chapter 3 LAN Fundamentals

Summary

Summary
 Ethernet is the most popular LAN technology
0

0
80

80
yx

yx
 LAN data link layer is divided into the LLC sublayer and
the MAC sublayer
 CSMA/CD defines methods for channel contention,
collision detection, and backoff algorithm
 Fast Ethernet and ten-Gigabit Ethernet offers high
transmission speed
 802.11 WLAN technology allows for easy deployment
0

0
80

80
yx

yx
0

0
80

80
yx

- 73 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

4 Wide Area Network Fundamentals

0
80

80
While a local area network (LAN) is limited to a room, building, or campus, a wide area
yx

yx
network (WAN) covers a broader area. The communications links of a WAN may cross city,
region, and even national boundaries to connect geographically dispersed LANs or MANs.
WAN networks are usually run by telecom carriers.

Learning Objectives

Learning Objectives
0

0
80

80
Upon completion of this lesson, you will be able to:
yx

yx
 Identify WAN types
 Identify WAN interface types
 Describe how some WAN protocols
work
0

0
80

80
yx

- 74 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

Basic WAN Concepts

Why WANs

Shortcomings of LANs
0

0
80

80
yx

yx
LAN
WAN

Branch Headquarters
1000 km
(620 mi.)

alternatively, lease an analog or digital dedicated line to connect to the remote router.

Building a WAN usually requires the use of routers, which connect different LAN and WAN
media, support complex WAN protocols, and enable communications across network
segments.

- 76 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

WAN and the OSI Reference Model

0
Network layer protocols such as
80

80
Network layer
IP and IPX
yx

yx
Frame
Data link layer HDLC PPP LAPB
relay

V.24, V.35, X.21, RS-232,

Physical layer
RS-449, RS-530, G.703, E1/T1

OSI reference WAN

model
0

0
80

80
www.h3c.com
yx

yx
WAN technologies mainly apply to the physical layer and data link layer of the OSI model,
or the network interface layer of the TCP/IP model.

The physical layer of WAN specifies the electrical characteristics, mechanical

yx
switching can be used for point-to-multipoint communications.

Introduction to Point-to-Point WAN Technologies

Leased Line Connection

Service provider network
0

0
80

80
Customer router Customer router
yx

DTE DCE
Transmission Transmission DCE
yx DTE
device device

Local line Access line Remote line Access line Local line

 Point-to-point permanent dedicated line, fixed bandwidth

 Typical technologies: asynchronous analog dedicated line
and synchronous digital dedicated line
 Commonly-used link layer protocols: SDLC, HDLC, and
PPP
0

0
80

80
yx

www.h3c.com

In the leased line approach, the service provider configures one dedicated communication
line for each customer on its network. The serial interfaces on the customer premise
routers connect to channel service units (CSUs)/data service units (DSUs) through local
loops about ten meters long. These CSUs/DSUs connect to the service provider network
through access lines that span from hundreds of meters to more than a thousand meters.

- 79 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

Typically, the local loops use V.24 or V.35 serial interface cables, and the access lines use
twisted pair cables. The leased line can be a digital transmission channel over a service
provider’s telephone network or an analog line over a pair of telephone copper wires that
directly connect the two ends across the service provider network.

The serial line signals of a router can be transmitted on the leased line only after they are
modulated on the CSU/DSU. A CSU connects terminal users with the local digital
0

0
telephone loop, while a DSU adapts the physical layer interfaces on the Data Terminal
80

80
Equipment (DTE) to the communications network. In addition, a DSU also handles signal
yx

yx
clocks.

The physical interfaces on communications devices fall into two categories: DCE and DTE
interfaces.
 Data Circuit-terminating Equipment (DCE): A DCE device provides interfaces for
customer devices to receive network communications services and clock signals for
synchronizing the data transmission between the DCE and DTE. For example,
CSUs/DSUs are DCE devices that send clock signals to DTE devices and control the
transmission rate.
 Data Terminal Equipment (DTE): A DTE device receives the line clock and network
0

0
communications services. A DTE device usually connects to the transmission line
80

80
through a CSU/DSU and uses the clock signals provided by the CSU/DSU. For
yx

yx
example, customer routers are usually DTE devices that receive services provided by
DCE devices.
The speed of leased lines is determined by the service provider. A customer exclusively
uses one permanent, point-to-point, and fixed-rate dedicated line and all its bandwidth.
This mode is easy to deploy, reliable, provides a wide range of bandwidths, and features
small transmission delays. Its shortcomings include low utilization ratio of resources, high
expense, and low flexibility due to its point-to-point structure.
0

0
80

80
yx

- 80 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

Circuit Switching Connection

Service provider network

Customer router Customer router

0
80

80
yx

yx
DTE DCE WAN switch WAN switch DCE DTE

Local line Access line Remote switching Access line Local line
circuits

 Dialing to connect as needed, dedicated line, fixed

bandwidth
 Typical technologies: PSTN, ISDN
 Commonly-used link layer protocol: PPP
0

0
80

80
www.h3c.com
yx

yx
In circuit switching, a customer router connects to a CSU/DSU through a serial interface
cable. The CSU/DSU further connects to a WAN switch on the service provider network
through an access line and thus connects to the circuit switching network. The most typical
circuit switching networks are Public Switched Telephone Network (PSTN) and Integrated
Service Digital Network (ISDN).
 PSTN, the public telephone switching system used by people every day, uses the
circuit switching technology and assigns a dedicated voice channel for each call.
Voice data is transmitted on the PSTN subscriber loop as analog signals and finally
0

converted into digital signals and transmitted along trunk lines on the service provider
80

network. Customer routers connect to PSTN access lines (common telephone lines)
yx

through modems. PSTN is present in almost every building office. Its advantages
include low installation fees and easy deployment. Its disadvantages include low
bandwidth (max. 56 kbps) and signals’ high susceptibility to interferences.
 ISDN is a data communications network accessed by using the dial-in method. ISDN
uses independent delta (D) channels for signaling and control, and independent
bearer (B) channels for data. An ISDN basic rate interface (BRI) provides 2 B
channels and 1 D channel, with each B channel providing a rate of 64 kbps and a
maximum rate of 128 kbps. An ISDN T1 primary rate interface (PRI) provides 23 B

- 81 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

channels and 1 D channel. An ISDN E1 PRI provides 30 B channels and 1 D channel.

A customer router accesses the ISDN network through a stand-alone or built-in
terminal adaptor (TA). ISDN has the following advantages: fast connection speed,
reliable transmission, and high bandwidth. Compared to common telephone services,
ISDN is slightly more expensive, but its double B channels support two simultaneous
applications. Hence, ISDN is a network access mode suitable for individuals and small
offices.
0

0
80

80
In circuit switching, WAN switches set up on-demand connections for customers. A WAN
yx

yx
switch sets up connections only when customers need to send data. When the data
transmission is finished, it tears down the connection.

Circuit switching is suitable for temporary communications that require low bandwidth,
aiming at saving communications costs. Its shortcomings include long connection delays
and low bandwidth.

Common Interfaces and Cables

0
80

80
yx

yx
Serial
interface Access line Service provider network

Customer router

Serial interface Service provider’s

cable devices

 Interfaces and cables

 V.24, V.35, X.21, RS-232, RS-449, RS-530, RJ-11, RJ-45,
twisted pairs
0

 Devices
80

80
yx

 Modems, synchronous CSU/DSU

www.h3c.com

In a typical point-to-point connection, a terminal user can only see the serial interface on
the router, serial interface cable, CSU/DSU, access cable, and connectors.

- 82 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

A customer router supports various WAN interfaces, including asynchronous serial, AUX,
analog modem (AM), FCM, synchronous/asynchronous serial, ISDN BRI, CE1/PRI,
CT1/PRI, CE3, CT3, and ATM. Among them, serial interfaces are most commonly used.
Customer routers usually connect to WANs through serial interfaces to receive WAN
services.

A serial interface may operate in asynchronous mode or synchronous mode. Some serial
0

0
interfaces support both modes. A synchronous serial interface can operate in DTE mode or
80

80
DCE mode, but it mostly works in DTE mode. An asynchronous serial interface can
yx

yx
operate in flow mode or protocol mode. It can operate as a dialup interface with a modem
or an ISDN TA attached to it. In protocol mode, its link layer protocol can be PPP.

Depending on the module models, serial interfaces on routers may have physical
connectors of various types. Among them, 28-pin connectors are most common.

A serial interface on a router connects to a CSU/DSU through a serial interface cable. One
end of the serial interface cable matches the serial interface on the router, and the other
end matches an interface on the CSU/DSU. Common standards for serial interface cables
include V.24, V.35, X.21, RS-232, RS-449, and RS-530. The cables of each standard fall
into DTE and DCE cables, depending on their connector pinouts. A router connects to a
0

0
CSU/DSU through a DTE cable. A device can automatically detect the type of any
80

80
yx

yx
synchronous serial interface cable connected to it and automatically choose the electrical
characteristics. This process requires no human intervention.

A CSU/DSU connects to the service provider network through an access cable. The ends
of this cable are usually shielded or unshielded twisted pairs, and the end inserted into the
CSU/DSU is usually an RJ-11 or RJ-45 connector.

Common router serial interface cables include:

 V.24 (RS-232) DTE cable: DB-25 male connector at the network end.
 V.24 (RS-232) DCE cable: DB-25 female connector at the network end.
 V.35 DTE cable: DB-34 male connector at the network end.
 V.35 DCE cable: DB-34 female connector at the network end.
0

0
80

 X.21 DTE cable: DB-15 male connector at the network end.

 X.21 DCE cable: DB-15 female connector at the network end.

 RS-449 DTE cable: DB-37 male connector at the network end.
 RS-449 DCE cable: DB-37 female connector at the network end.
 RS-530 DTE cable: DB-25 male connector at the network end.
 RS-530 DCE cable: DB-25 female connector at the network end.

- 83 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

V.24 Interface Cable

V.24 DTE cable

0
80

80
 Supporting the
yx

yx
Baud rate (bps) Max. transmission
synchronous and distance (m)
asynchronous modes 2400 60

 In asynchronous mode, 4800 60

the maximum rate is 9600 30

115200 bps. 19200 30

 In synchronous mode, 38400 20

the maximum rate is 64000 20

64000 bps. 115200 10

www.h3c.com
0

0
80

80
yx

yx
ITU-T recommendation V.24 is very similar to the RS-232 standard of Electronic Industries
Association/Telecommunications Industries Association (EIA/TIA). V.24 cables conform to
the RS-232 interface standard, and the electrical attributes of V.24 interfaces conform to
the RS-232 electrical standard. Interfaces and cables that conform to ITU-T
recommendation V.24 are widely used in telecommunications and computer systems.

Recommendation V.24 mainly makes specifications concerning the following aspects:

mechanical characteristics, electrical characteristics, common control signals,
transmission rate, transmission distance, and interface cables. These aspects are also
addressed in other recommendations.

The mechanical specifications define the number of pins, pin assignments, and size for
0

0
80

interfaces. As shown in the figure above, the router-side connector of a V.24 cable is
yx

usually a DB-28 male connector, and the network-side connector is a DB-25 male
connector that conforms to the RS-232 standard. V.24 cables fall into two categories: DTE
cables and DCE cables. The network-side connector of a DTE cable is the DTE type (25
pins), and for a DCE cable the DCE type (25 holes).

A V.24 cable operates in synchronous or asynchronous mode to connect a common

analog modem, an ISDN TA, or a synchronous CSU/DSU.

- 84 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

The maximum transmission rate of a V.24 cable is 64,000 bps in synchronous mode and
115,200 bps in asynchronous mode. The figure above shows the standard transmission
distances of a V.24 cable that transmits data at different rates. Depending on the working
environment, the actual transmission distances and maximum transmission rates may vary.
As proved in actual tests, the statistics given in the table in the figure above are slightly
smaller than their actual values.
0

0
80

80
V.35 Interface Cable
yx

yx
V.35 DTE cable

Baud rate (bps) Max. transmission

 Supporting the distance (m)
synchronous mode only 2400 1250
 Maximum rate in 4800 625
synchronous mode: 2 9600 312
0

0
80

80
Mbps 19200 156
yx

yx
38400 78
56000 60
64000 50
2048000 30
www.h3c.com

The interface characteristics of V.35 cables conform to the ITU-T V.35 standard. For a V.35
cable, its router-side connector is the same as a V.24 cable, and its network-side connector
is a DB-34 male connector. V.35 cable connectors also fall into two categories: DTE (34
pins) and DCE (34 holes). The figure above shows the diagram of a DTE cable.
0

0
80

A V.35 cable can operate in synchronous mode only and is used to connect a router and a
yx

synchronous CSU/DSU.

The acknowledged maximum rate of a V.35 cable is 2,048,000 bps (2 Mbps). The figure
above shows the standard transmission distances of a V.35 cable operating in
synchronous mode and transmitting data at different rates. Depending on the actual
working environment, the actual transmission distances and maximum transmission rates
may vary. As proved in actual tests, the statistics given in the table in the figure above are
slightly smaller than their actual values. Different from V.24 cables, V.35 cables cannot
achieve their maximum transmission rates due to the network environments. Theoretically,

- 85 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

the maximum rate of a V.35 cable can be 4 Mbps or even higher. However, no service
providers currently provide services at such bandwidth on a V.35 interface.

Introduction to Packet Switching WAN Technologies

Packet Switching Connection Mode

Service provider's packet
switching network
Customer router Customer router
0

0
80

80
yx

yx
Packet Packet
switch switch

Access line Virtual circuits Access line

 A terminal device can connect to multiple peers

through virtual circuits.
 Typical technologies: X.25, frame relay, and ATM
0

0
80

80
www.h3c.com
yx

yx
In packet switching mode, a customer router connects to a packet switch on the service
provider network through an access line. The service provider’s packet switching network
establishes, on demand or permanently, point-to-point virtual circuits (VCs) for customers.
Each customer router can use a physical interface to connect to multiple peer routers
through multiple virtual circuits. Customer devices group information to be transmitted into
suitably sized packets and submit them to packet switches on the service provider network.
Each packet carries the addresses of the sender and the receiver. Based on these
addresses, the packet switches forward packets to their destinations through virtual
0

circuits.
80

80
yx

The working pattern and customer access line connection method in packet switching
mode are the same as those in synchronous leased line mode. The physical layer visible to
the end users is also the same as that in point-to-point synchronous mode. Therefore, in
packet switching mode, customer routers are connected to packet switches through
synchronous leased lines.

This mode is flexible in structure, easy to migrate, and costs less than the leased line mode.
The down side, however, is that this mode requires complicated configurations and results
in long transmission delays.

- 88 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

Typical packet switching technologies include X.25, Frame Relay, and Asynchronous
Transfer Mode (ATM):
 X.25 is a legacy packet switching technology. It provides reliability mechanisms such
as error correction, flow control, and lost packet retransmission, and is suitable for
long-distance, high-noise lines. The down side is that X.25 data transmission is slow,
and has low throughput and long transmission delays. In early days, X.25 provided a
maximum rate of 64 kbps and thus could carry very limited services. In 1992, ITU-T
0

0
80

80
updated the X.25 standard, increasing its transmission rate to up to 2 Mbps. As the
yx

yx
line transmission quality gradually improves, the high reliability of X.25 is no longer
desirable.
 Frame relay is a simplified X.25 WAN technology. It is faster than X.25, because it
performs only the core functionality of the data link layer. Frame relay introduces
shorter delay than X.25 by removing the error correction and flow control mechanisms
of X.25, and simplifying signaling. Frame relay speeds vary from 64 kbps to 2 Mbps.
Frame relay is transparent to end users. It accommodates various packets and frames
by putting them in length variable frames. The down side is that frame relay is
susceptible to network congestions. It lacks protection mechanisms for delay-sensitive
real-time services. Packet loss may easily occur on lines that are interfered.
0

0
 ATM is a cell-based switching technology. It features high transmission rate, short
80

80
delays, and guaranteed transmission quality. ATM mostly uses optical fibers as the
yx

yx
transmission media. The rate can be up to 1,000 Mbps, but the cost is high. ATM can
support multiple types of data at the same time and can carry IP packets.
In packet switching mode, customer routers also run related packet switching protocols
and establish and maintain data links by working with packet switches on the packet
switching network. IP packets are encapsulated in protocol data units (PDUs) on the
packet switching network and reach the destination customer routers across the packet
switching network.
0

0
80

80
yx

- 89 -
yx

yx
Chapter 4 Wide Area Network Fundamentals

Summary

Summary
0

0
80

80
 WAN technologies mainly apply to the data link
yx

yx
layer and physical layer of the OSI model.

 WAN connection modes include the leased line

mode, circuit switching mode, and packet
switching mode.
0

0
80

80
yx

yx
0

0
80

80
yx

- 90 -
yx

yx
Chapter 5 IP Fundamentals

5 IP Fundamentals
0

0
80

80
The network layer of the TCP/IP protocol suite resides between the network interface layer
yx

yx
and the transport layer. Commonly used network layer protocols include the Internet
Protocol (IP), Address Resolution Protocol (ARP), Reverse Address Resolution Protocol
(RARP), Internet Control Message Protocol (ICMP), and Internet Group Management
Protocol (IGMP). IP is the core protocol of the network layer.

Learning Objectives

Learning Objectives
0

0
80

interface X.25, frame relay, PSTN, ISDN
layer
0

0
80

80
yx

www.h3c.com yx

The network layer of the TCP/IP protocol suite resides between the network interface layer
(the data link layer) and transport layer. The network layer identifies network nodes and
delivers packets to correct destinations.

The following are the major protocols at the network layer of TCP/IP:
 IP – Addresses nodes at the network layer, selects routes, segments and
0

reassembles packets.
80

ARP – Translates network layer addresses to physical addresses.

 RARP – Translates physical addresses to network layer addresses.

 ICMP – Sends error messages when a requested service is not available or when a
node is unreachable. It is a useful diagnosis tool.
 IGMP – Manages IP multicast groups.

- 92 -
yx

yx
Chapter 5 IP Fundamentals

Main Functions of IP
 Identifying nodes and links
 Identifying every node with a unique IP address
 Identifying every link with a unique IP network number
 Addressing and forwarding
0

0
 Locating the network where the target node resides, and
80

80
then locating the position of the target node
yx

yx
 An IP router chooses an appropriate route to forward an
IP packet towards the destination
 Adapting to various data links
 Fragmenting IP packets according to the MTU on a link
and reassembling them
 Creating mappings between IP addresses and data link
layer addresses to deliver packets over different data
links

www.h3c.com
0

0
80

80
yx

yx
IP is the core protocol at the TCP/IP network layer. It is defined in RFC 791. IP provides
best effort transmission, which is unreliable and connectionless. IP does not read the
payload of packets, nor does it ensure that each packet is sent to its destination correctly.
In addition, it does not maintain the state information of packets. The connection oriented,
reliable transmission service is provided by the upper layer protocol TCP.

After receiving a segment from the transport layer, IP encapsulates it into an IP datagram
and sends the datagram to the network interface layer.

After receiving an IP datagram from the network interface layer, IP de-encapsulates it and
sends the segment to the transport layer according to the protocol number in the IP
header.
0

0
80

80
yx

The major functions of IP are as follows:

 Identifying nodes and links: IP assigns each link a globally unique network number to
identify the network, and assigns a globally unique 32-bit IP address to each node.
 Addressing and forwarding: Each IP router uses its routing information to forward
packets to their destinations.
 Supporting various data links: IP supports various links and media to transmit packets
over them. For example, it can fragment IP datagrams according to the maximum

- 93 -
yx

yx
Chapter 5 IP Fundamentals

transfer unit (MTU) on a link, and can create IP address to data link layer address
mappings to deliver packets to the next hop on the link.

IP Network Structure

IP Network Structure
0

0
80

80
Network A Network B Network D
yx

yx
Network C

 An IP internet comprises multiple network

segments and each network segment
corresponds to a link.
 An router connects separate network segments,
supports various data link layer protocols, and
0

0
forwards packets between networks.
80

80
yx

www.h3c.com
yx

A typical IP internet comprises routers and network segments. Each network segment
corresponds to a link. Routers forward packets over network segments.

The major functions of routers are as follows:

 Connecting networks. Each interface of a router resides on a network. In this way,
separated networks are connected by routers to communicate with one another.
0

0
80

 Supporting various data link layer protocols. Different data link layer protocols cannot
yx

communicate with each other directly. Routers support various data link layer
protocols and rates to enable communication between them.
 Forwarding packets between networks. Routers run gateway to gateway protocols,
such as the Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and
Border Gateway Protocol (BGP), to exchange routing information and other control
information and forward packets to their destinations according to the routing
information.

- 94 -
yx

yx
Chapter 5 IP Fundamentals

IP packets are forwarded hop by hop. A router or node forwards a packet to the next hop or
the final destination. The next hop forwards the packet in the same way. Finally, the packet
reaches its destination. Each router or host uses a routing table to forward packets
independently.
0

0
80

80
yx

yx
On the early Internet, routers are called gateways. This document does not differentiate
between them.

IP Encapsulation

Format of the IP Header

0
80

80
yx

yx
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Version IHL Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum 20

bytes
Source Address

Destination Address

Options Padding
0

0
80

80
yx

www.h3c.com

The Options field is not often used and thus a common IP header is 20 bytes in length. The
following describes the major fields in the IP header.
 Version – Identifies the version of IP. The current IP version is 4. The next generation
IP version is 6.

- 95 -
yx

yx
Chapter 5 IP Fundamentals

 Internet Header Length (IHL) – Indicates the IP header length and is 4-bit long.
 Type of Service (ToS) – Identifies the service type expected by the packet and is often
used by Quality of Service (QoS).
 Total Length – Identifies the whole length of the packet, including the data portion.
 Identification – Uniquely identifies an IP datagram and increments by 1 each time a
datagram is sent.
 Time to Live (TTL) – Sets the maximum number of routers through which a datagram
0

0
80

80
can pass. It is decremented by 1 by each router that handles it. When the TTL
yx

yx
becomes 0, the datagram is discarded.
 Protocol – Identifies the upper layer protocol. The protocol number of TCP is 6 and
that of UDP is 17.
 Head Checksum – Used to the check the integrity of the IP header.
 Source Address – Identifies the source IP address of the datagram.
 Destination Address – Identifies the destination IP address of the datagram.

IP Addressing and Address Mapping

IP Address Format and Representations

0
80

80
yx

yx
IP Address Format and Representations

32 bits binary numbers

Network number Host number

191. The first two octets identify the network number of the Class B address. The last
80

two octets identify the host number of the Class B address and are 16 bits long. Class
yx

16
B addresses range from 128.0.0.0 to 191.255.255.255. Each Class B network has 2
or (about 65.5 thousand) Class B IP addresses.
 Class C – The first octet of a Class C address begins with “110” and ranges from 192
to 223. The first three octets identify the network number. The last octet identifies the
host number of the Class C address and is 8 bits long. Class C addresses range from
8
192.0.0.0 to 223,255,255,255. Each Class C network has 2 (256) IP addresses.
 Class D – The first octet of a Class D address begins with “1110” and ranges from 224
to 239. Class D addresses are used for multicasting.

- 98 -
yx

yx
Chapter 5 IP Fundamentals

 Class E: Class E addresses are reserved for research purposes, with the first octet
beginning with “11110”.

Special IP Addresses

Special IP addresses
0

0
80

80
yx

yx
Network Host
Address type and function
number number
An network address, identifying a network
Any All 0s
segment
The broadcast address of a network
Any All 1s segment, identifying all the nodes on the
network segment
127 Any An loopback address for testing loops

All 0s, identifying all networks and used to

All 0s
configure default routes
The broadcast address of all networks,
0

0
All 1s
80

80
identifying all nodes
yx

www.h3c.com
yx

Most IP addresses are used to uniquely identify devices, but some special IP addresses
are used for other purposes.

If the host number is all 0s, the IP address is called a network address. A network address
identifies a network segment, such as 1.0.0.0/8, 10.0.0.0/8 and 192.168.1.0/24.

If the host number is all 1s, the address is the broadcast address of the corresponding
0

0
80

network (directed broadcast). It identifies all the hosts in that network. For example,
yx

10.255.255.255 is the broadcast address of network 10.0.0.0, identifying all the hosts on
the network 10.0.0.0. An IP datagram sent to 10.255.255.255 is received by all the hosts
on the network.

IP addresses with a network number of 127 are used for testing loops. For example,
127.0.0.1 refers to the local host itself.

- 99 -
yx

yx
Chapter 5 IP Fundamentals

IP address 0.0.0.0 refers to all networks. It is usually used to configure default routes. IP
address 255.255.255.255 (limited broadcast) is the broadcast address of the zero network
(0.0.0.0). It identifies all the hosts on a network.

As mentioned above, each network segment has a network address and a broadcast
address, which cannot be used by hosts. Thus, all the addresses of a network segment
minus 2 are the actual addresses available for hosts. For example, as Class B network
16
0

0
172.16.0.0 has a 16-bit host ID, it has 2 IP addresses. Except network address
80

80
16
172.16.0.0 and broadcast address 172.16.255.255, there are 2 -2 addresses available to
yx

yx
identify hosts.

The following shows the address ranges of different classes:

 Class A addresses range from 1.0.0.0 to 127.255.255.255.
 Class B addresses range from 128.0.0.0 to 191.255.255.255.
 Class C addresses range from 192.0.0.0 to 223.255.255.255.
 Class D addresses range from 224.0.0.0 to 239.255.255.255.
 Class E addresses range from 240.0.0.0 to 255.255.255.255.
0

0
80

80
yx

yx
Because directed broadcast and limited broadcast packets affect network performance,
almost no routers forward broadcast packets by default.
0

0
80

80
yx

- 100 -
yx

yx
Chapter 5 IP Fundamentals

ARP

ARP
Broadcasting an ARP request HostB

IP=1.1.1.3, MAC=? IP=1.1.1.2

MAC=00E0.FC02.2222
0

0
HostA
80

80
yx

yx
IP=1.1.1.1 HostC
MAC=00E0.FC01.1111
IP=1.1.1.3
MAC=00E0.FC03.3333

HostB

IP=1.1.1.2
MAC=00E0.FC02.2222
HostA

IP=1.1.1.1
MAC=00E0.FC01.1111 HostC

IP=1.1.1.3, IP=1.1.1.3
MAC=00E0.FC03.3333 MAC=00E0.FC03.3333

Unicasting an ARP response

0
80

80
www.h3c.com
yx

yx
IP addresses hide the physical addresses from the upper layer, so that the Internet takes a
universal address format. During communications, however, IP addresses cannot be
recognized by physical networks, which still use physical addresses. Therefore, an IP
address needs to be mapped to a physical address.

When an IP datagram is sent through an Ethernet, the Ethernet link does not recognize the
32-bit destination IP address because it uses a 48-bit MAC address to identify an Ethernet
node. Thus, mappings between IP addresses and the MAC addresses must be
established. The process of creating such a mapping is called address resolution.
0

0
80

Address resolution protocol (ARP) is designed to dynamically map an IP address to a MAC

address. A host uses ARP to get the destination MAC address, and adds the IP-MAC
mapping into its ARP cache table for forwarding subsequent packets to the same
destination.

Suppose Host A and Host B are on the same network and Host A is to send an IP
datagram to Host B. The address resolution process is as follows:
1) Host A looks in its ARP table to see whether it contains the ARP entry corresponding
to Host B IP address. If the corresponding entry is found, Host A directly uses the

- 101 -
yx

yx
Chapter 5 IP Fundamentals

MAC address in the ARP entry to encapsulate the IP datagram into a frame, and
sends the frame to Host B.
2) If no corresponding ARP entry is found in the ARP table, Host A holds the IP datagram
and broadcasts an ARP request. In the ARP request packet, the sender IP address
and MAC address are those of Host A, the target IP address is that of Host B, and the
target MAC address is all 0s.
3) As the ARP request is broadcast, every host on the network receives the request
0

0
80

80
packet. Host B compares its IP address with the target IP address in the ARP request
yx

yx
packet. As they are the same, Host B stores the sender (Host A) IP address and MAC
address into its ARP table, and sends an ARP response to Host A, which contains
Host B MAC address. The other hosts do not reply when they find the sender IP
address in the ARP request is not theirs.
4) On receiving the ARP response packet, Host A adds Host B MAC address into its
ARP table. Then Host A encapsulates the IP packet in a frame and sends it to Host B.
ARP entries can be dynamic or static:
 Dynamic ARP entries are dynamically created by ARP. ARP adopts the aging
mechanism for dynamic ARP entries. If a dynamic ARP entry is not used within the
aging time, ARP removes it.
0

0
 Static ARP entries are manually configured and never age out unless they are
80

80
manually removed. A static ARP entry has a higher priority than a dynamic ARP entry
yx

yx
and thus can overwrite the corresponding dynamic ARP entry.
Gratuitous ARP is a special ARP application. In a gratuitous ARP request message, the
sender IP address and target IP address are both the IP address of the sending host, the
sender MAC address is the MAC address of the sending host and the target MAC address
is the broadcast address. A host broadcasts gratuitous ARP requests to implement the
following functions:
 Check whether any other host uses the same IP address as the sending host.
 If the host has its link layer address changed, it tells other devices to update the
corresponding ARP entry.
0

0
80

80
yx

- 102 -
yx

yx
Chapter 5 IP Fundamentals

RARP

RARP
Diskless workstation Broadcasting a RARP request HostB

MAC=00E0.FC01.1111, IP=?
0

0
80

80
yx

yx
MAC=00E0.FC01.1111 RARP Server
IP =0

HostB
Diskless workstation

MAC=00E0.FC01.1111 RARP Server

IP=1.1.1.1

MAC=00E0.FC01.1111,
IP=1.1.1.1
Unicasting a RARP response
0

0
80

80
www.h3c.com
yx

yx
If a host only knows its own physical address, it can use Reverse Address Resolution
Protocol (RARP) to get its IP address. RARP is used for a diskless workstation to get its IP
address during startup.

A diskless workstation only knows the MAC address of its own NIC upon startup. To get its
IP address, the workstation broadcasts a RARP request on the network. Upon receiving
the broadcast request, the RARP server sends back a response packet and then the
workstation get its IP address from the response.

Before the RARP server responds to the request, it must know the MAC address
0

0
80

corresponding to the IP address. Therefore, the RARP server stores a MAC-IP mapping
yx

table for the local network. When a diskless workstation sends out a RARP request, every
host on the physical network receives it, but only the RARP server processes and answers
the request based on the physical address of the supplicant in the RARP request. Because
the server knows the physical address of the diskless workstation, it sends a unicast
response to the diskless workstation rather than broadcasts the response.

Both the ARP and RARP requests are broadcast, while their responses are unicast to save
network resources.

- 103 -
yx

yx
Chapter 5 IP Fundamentals

the destination physical address, and sends the frame to the default gateway through the
port directly connected to the network.

A Router Delivers an IP Unicast Packet

A Router Delivers a Unicast IP Packet

0
80

80
The destination is Y Delivers the packet
yx

yx
Incoming packet the IP address of the
to the upper layer protocol
receiving interface?
N

N Destination directly Y
connected?
Resolves the hardware address
Resolve the hardware address
of the next hop
of the destination host
Encapsulates the packet in a frame
and sends it out the egress port

 If the network number of the destination address is

the same as that of any interface of the router, the
destination is considered directly connected.
0

0
80

80
 A router looks up the routing table to find the next-
yx

yx
hop.

www.h3c.com

When a router receives an IP packet, it checks the destination IP address:

 If the destination IP address is its own address, the router de-encapsulates the IP
packet and delivers the data to the upper layer.
 If the destination IP address is on a directly connected network, the router gets the
data link layer address corresponding to the destination IP address, encapsulates the
0

IP packet in a frame, and sends the frame to the destination host.

If the destination IP address is on a different network, the router finds the next-hop IP
yx

address from its routing table, resolves the next-hop IP address into the
corresponding data link layer address, encapsulates the IP packet in a frame, and
sends the frame to the next-hop router.

- 105 -
yx

yx
Chapter 5 IP Fundamentals

A Host Receives an IP Packet

De-encapsulates the packet and

delivers it to the upper layer protocol
Y
0

0
A packet from
80

80
Destined to the host?
the network interface layer
yx

yx
N Discards the packet

 A host accepts a packet if the packet meets

one of the following requirements.
 The destination IP address is the host’s IP address.
 The destination IP address is a broadcast address.
 The destination IP address is a multicast address and a service
of the host belongs to the multicast group.
 Otherwise, the network layer of the host discards the
IP packet.
0

0
80

80
www.h3c.com
yx

yx
A host accepts a packet received from the network interface layer when one of the
following requirements is met:
 The destination IP address of the packet is the IP address of the host.
 The destination IP address of the packet is a broadcast address.
 The destination IP address of the packet is a multicast address and a service of the
host belongs to the multicast group.
If the IP packet does not meet any of the above requirements, the network layer of the host
will discard the IP packet.
0

0
80

80
yx

- 106 -
yx

yx
Chapter 5 IP Fundamentals

Broadcast Storm

Broadcast Storm
Broadcast packet
DIP=255.255.255.255
0

0
80

80
yx

yx
 If routers forward broadcast packets,
broadcast storms occur, making networks
overwhelmed.
 A router does not forward broadcast
packets by default.
0

0
80

80
www.h3c.com
yx

yx
If routers forward broadcast packets, networks will be overwhelmed by those packets.
Many protocols perform announcement and discovery tasks through broadcasting. Take
ARP for example. Every host needs to broadcast an ARP request when communicating
with a host on the local network. If the routers forward the broadcast packet, the packet will
propagate throughout the whole Internet, which greatly wastes network resources.
Furthermore, the broadcast packet will be delivered to the network layer of each host for
processing, wasting the resources of hosts. If this situation goes on, the whole network will
collapse. This phenomenon is called broadcast storm.
0

0
80

To avoid broadcast storms, routers do not forward broadcast packets by default.

- 107 -
yx

yx
Chapter 5 IP Fundamentals

Other Related Protocols

Proxy ARP

Proxy ARP
0

0
Broadcasting an ARP Request
80

80
HostA
IP=2.2.2.3, MAC=?
yx

yx
Broadcasting an ARP request
Proxy ARP IP=2.2.2.3, MAC=?
IP=1.1.1.1
MAC=00E0.FC01.1111
E0/0 E0/1 HostC

IP=2.2.2.2
MAC=00E0.FC04.4444
IP=2.2.2.3
MAC=00E0.FC03.3333

Unicasting an ARP response

IP=2.2.2.3,
HostA
MAC=00E0.FC02.2222 Unicasting an ARP response
IP=2.2.2.3,
Proxy ARPMAC=00E0.FC03.3333
IP=1.1.1.1
MAC=00E0.FC01.1111
E0/0 E0/1 HostC
IP=1.1.1.2
0

0
MAC=00E0.FC02.2222
80

80
IP=2.2.2.3
yx

yx
MAC=00E0.FC03.3333

www.h3c.com

When a host does not know anything about the gateway or cannot determine whether the
destination IP address is on the local network, it uses ARP to resolves the destination IP
address that may reside on another network. In this case, the router needs to run proxy
ARP to help the host to achieve communication.

As shown in the figure above, Host A broadcasts an ARP request to get the MAC address
0

of Host C that is on a different network. After receiving the ARP request, the router running
80

proxy ARP broadcasts an ARP request on network 2.0.0.0 to get Host C’s MAC address.
yx

After receiving the ARP request from the router, Host C sends its MAC address
00E0.FC03.3333 in a unicast ARP response to the router. Upon receiving the ARP
response, the router sends the MAC address 00E0.FC02.2222 of its port E0/0 in an ARP
response to Host A. At last, Host A gets a mapping between IP address 2.2.2.3 and MAC
address 00E0.FC02.2222. Thus, Host A sends the packet to the router, which forwards it to
Host C.

- 108 -
yx

yx
Chapter 5 IP Fundamentals

ICMP

ICMP
ICMP reachability Test
Can you hear me?
DIP=2.2.2.2
ICMP Echo Request IP
0

0
HostA
80

80
HostB
yx

yx
IP=1.1.1.1 DIP=1.1.1.1
IP=2.2.2.2
ICMP Echo Reply
Yes！

 ICMP defines error reports and other messages for

processing of IP datagrams.
 ICMP reports errors and failures during datagram
transmissions and provides reachability diagnosis.
 ICMP messages are divided into ICMP error messages
and query messages
0

0
80

80
www.h3c.com
yx

yx
The Internet Control Message Protocol (ICMP), defined in RFC 792, is a network layer
protocol running over IP. ICMP defines error reports and other messages for IP datagram
processing, which are sent to senders. ICMP reports the errors and failures during
datagram transmission and provides network diagnoses.

ICMP is usually used by the protocols of the IP layer and higher layers. Ping is a common
ICMP application. A host uses ping to test the reachability to a specific network. When a
user runs a ping command, the host sends an ICMP echo-request message to the
destination host. The echo-request message is encapsulated inside an IP datagram, with
0

0
80

the destination host’s IP address as the destination address. When receiving the
yx

echo-request message, the destination host sends back an ICMP echo-reply message to
the source host. If the source host receives the echo-reply message, it knows the
destination host is reachable. If a router on the path does not have a route to the
destination network, it sends back an ICMP destination unreachable message to inform
the source host of the unreachable destination.

ICMP messages fall into two categories: ICMP error messages and query messages. The
ICMP error messages are treated in a special way. For example, no ICMP error message

- 109 -
yx

yx
Chapter 5 IP Fundamentals

is generated during a response to an ICMP error message. (If no such a limit rule exists,
one error message may engender another, and the process may cycle endlessly.)

Value of the type Error

Message Type Query message
field message
0 Echo Reply 

3 Destination Unreachable 
0

0
80

80
4 Source Quench 
yx

yx
5 Redirect 

8 Echo Request 

11 Time Exceeded 

12 Parameter Problem 

13 Timestamp Request 

14 Timestamp Reply 

15 Information Request 
0

0
80

80
16 Information Reply 
yx

yx
The following describes commonly used ICMP messages.
 Destination Unreachable: The destination host does not exist or is powered off, source
routing cannot be accomplished, or the do not fragment (DF) bit is set but the packet is
too big to be encapsulated in a frame. In such a case, the router detects the error and
sends an ICMP destination-unreachable message back to the source host. The
message contains the entire IP header of the datagram that cannot reach the
destination and the first 64 bits of its payload. Thus, the source host knows which
packet cannot be delivered.
0

 Echo Request: A query sent by a host or a router to a particular destination host. The
80

80
yx

query message tests whether the destination is reachable.

 Echo Reply: For responding to an echo request. A host, upon receiving an echo
request, sends an ICMP echo-reply message to the source host.
 Parameter Problem: If a router discovers an error or invalid value in the header of an
IP datagram, it sends a parameter-problem message back to the source. The
message contains the IP header of that error message and a pointer to that error field.
 Redirection: When receiving a packet from a host, a router knows another router can
forward this packet faster. The router notifies the information in a redirection message
to the host, which will send messages destined for the same destination to the correct

- 110 -
yx

yx
Chapter 5 IP Fundamentals

router. This mechanism enables hosts to dynamically update their routing table to
better adapt to network changes.
 Source Quench: When a source host sends datagrams faster than can be processed
by the destination host (or router), the destination host (or router) will be overwhelmed
and thus discard some datagrams. Through the upper-layer protocols, the source host
knows that some datagrams are discarded, so it re-sends those datagrams
continuously. As a result, the congestion situation on the destination host becomes
0

0
80

80
even worse. In this case, the destination host should send an ICMP source-quench
yx

yx
message to the source host to temporarily stop it from sending datagrams.
 Time Exceeded: When the time-to-live value of an incoming IP datagram is
decremented to 0 or some fragments of a datagram have not arrived when the
reassembly timer expires, the router discards the datagram or those fragments. The
router then sends a time-exceeded message to the source indicating that the packet
has failed to be delivered.
 Timestamp Request and Timestamp Reply: Used to determine the round-trip time
needed for an IP datagram to travel between hosts. The source host creates and
sends a timestamp-request message containing the sending time (original timestamp).
Upon receiving the packet, the destination host creates a timestamp-reply message
containing the original timestamp, receive timestamp and transmit timestamp. When
0

0
80

80
the source host receives the timestamp-reply message, it records the arrival time of
yx

yx
the packet. These timestamps can determine the delivering efficiency of the network.
0

0
80

80
yx

- 111 -
yx

yx
Chapter 5 IP Fundamentals

Summary

Summary
 A 32-bit IP address comprises a net ID and a host ID to identify a
0

0
80

80
network and a host on the network.
yx

yx
 A host delivers an IP packet that destined for another network to
the default gateway. An router is responsible for forwarding
packets between networks.

 ARP maps an IP address to a MAC address.

 RARP maps a data link layer address to an IP address.
 ICMP provides error control and diagnostic functions.
0

0
80

80
yx

yx
0

0
80

80
yx

- 112 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

6 TCP and UDP Fundamentals

0
The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) are two
80

80
yx

yx
transport layer protocols in the TCP/IP protocol suite. TCP provides connection-oriented,
reliable data transmission over unreliable networks. UDP is connectionless, and mainly
used for data transmission over reliable networks, or for applications requiring short delay.

Learning Objectives

Learning Objectives
Upon completion of this lesson, you will be able to:
0

0
80

80
yx

yx
 Identify services provided by TCP/UDP

 Describe TCP/UDP packet structure

 Be familiar with establishment and termination

of TCP connections

 Describe the sliding window of TCP

 Describe the reliability mechanisms of TCP

0
80

80
yx

- 113 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

Transport Layer Functions

0
80

80
yx

yx
0

0
80

80
yx

The transport layer in the TCP/IP model is between the application layer and Internet layer,
providing host-to-host connections. Transport layer protocols in the TCP/IP protocol suite
include TCP and UDP. Both of them are based on the Internet Protocol (IP). Transport layer
protocols are mainly used for:
 Providing connection-oriented or connectionless services: The transport layer
protocols define whether the two communication ends require a reliable connection.
 Maintaining connection status: The transport layer protocols record connection
0

0
80

relations in the database, maintain the connections relations, and detect connection
yx

failures.
 Dividing application layer data into segments and encapsulating them: The transport
layer protocols divide data traffic from the application layer into properly-sized
segments that can be transmitted on the network, and then send them to the IP layer.
 Implementing multiplexing: An IP address can identify a host, and a source-destination
IP address pair can identify a pair of hosts communicating with each other. However, a
host may run multiple programs to access the network. In this scenario, the transport

- 114 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

layer protocols use port numbers to identify the application layer programs, so that the
network channels can be multiplexed.
 Transferring data reliably (by TCP): Data error, data loss, or data disorder may occur
during data transmission over networks. The transport layer protocols can detect such
errors and fix the problems.
 Implementing flow control: When the sender transmits data at a speed higher than the
receiving speed of the receiver, or the receiver does not have enough resources for
0

0
80

80
processing the received data, the transport layer reduces the data flow to a properly
yx

yx
low volume. Otherwise, the transport layer increases the data flow to a properly high
volume.

TCP Fundamentals
TCP Features
0

0
80

80
yx

yx
0

0
80

80
yx

TCP is defined in RFC 793. It is a connection-oriented, reliable, host-to-host transport layer

protocol. TCP features:
 Three-way handshake: Ensures that a connection is established reliably.

- 115 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

 Port number: Identifies application layer protocols and services, implementing

multiplexing of network channels.
 Checksum: Calculates checksum according to the header and payload, ensuring that
the receiver can detect possible errors introduced during data transmission.
 Acknowledgement: Upon receiving data correctly, the receiver notifies the sender of
the receipt with an explicit reply. If the sender does not receive the acknowledgment
within a specified time period, it retransmits the unacknowledged segment, thus
0

0
80

80
ensuring the transmission reliability.
yx

yx
 Sequence number: Each sent segment is identified by a unique sequence number, by
which the receiver can implement receipt acknowledgment, segment loss detection,
and rearrangement of disordered segments.
 Sliding window: By a size-adjustable window, the receiver can notify the sender of the
expected sending speed, thus implementing flow control.

TCP Encapsulation
0

0
80

80
yx

yx
0

0
80

80
yx

A TCP segment header is illustrated in the figure above. It contains at least 20 bytes. The
main fields are:

- 116 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

 Source port: 16 bits. Together with the source IP address, identifies the communication
initiator.
 Destination port: 16 bits. Identifies the application port of the communication receiver.
 Sequence number: 32 bits. Identifies the first byte of the segment in the stream of data
sent from the TCP source to the destination. If the byte stream is considered a
unidirectional stream between two applications, a sequence number is used to count
each byte.
0

0
80

80
 Acknowledgment number: 32 bits. Identifies the first byte of the next expected segment,
yx

yx
and states that all segments before this one have been correctly received. The
acknowledgment number is the sequence number of the last received segment plus
one. Upon receiving the acknowledgment number, the sender can be sure which
segments have been received correctly. The acknowledgment number field is valid
only when the ACK flag is set.
 Data offset: 4 bits. Indicates the number of 32-bit words in the TCP header.
 Reserved: 6 bits, all set to 0. Reserved for future use.
 Control bits: 6 bits. Each bit represents a control function. The six bits, from left to right,
are the urgent pointer field significant (URG flag), acknowledgment field significant
(ACK flag), push function (PSH flag), reset the connection (RST flag), synchronize
sequence numbers (SYN flag), and no more data from sender (FIN flag).
0

0
80

80
 Window: 16 bits. By this field, the receiver tells the sender the number of bytes it
yx

yx
expects to receive each time.
 Checksum: 16 bits. Used for error detection. The sender calculates a checksum
according to part of the IP header, TCP header, and data contents, and the receiver
performs the same calculation and compares the two results. If the results are the
same, the received segment is considered intact.
 Urgent pointer: 16 bits, optional. It points to the sequence number of the octet following
the urgent data. This pointer is valid only when the URG flag is set.
 Options: Length-variable filed, at least 1 byte. If no option exists, this byte is 0,
indicating the end of the option list. When the byte is 1, it indicates no more operation is
required. When the byte is 2, it indicates that the next four bytes contains the maximum
segment size (MSS) of the sender. MSS defines the maximum data volume that the
0

0
80

data field can contain, and the sender and receiver must negotiate and use the same
yx

MMS. When a TCP connection is being established, each end advertises its own MSS,
and negotiates to use the same one. Generally, MSS is 1024 bytes. For Ethernet, MSS
can be 1460 bytes.
 Data: Not in the TCP header technically. It is between the urgent pointer/options field
and the padding field. The maximum size of the data field is determined by the MSS.
The size of the data field cannot exceed the MSS.
 Padding: Extra zero added to ensure that the TCP header is a multiple of 32 bits.

- 117 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

TCP/UDP Port Number

0
80

80
yx

yx
0

0
80

80
yx

yx
In an IP network, an IP address identifies a host uniquely. However, multiple applications
may be running on a single host and may want to access the network at the same time. To
identify these applications, TCP and UDP use service port numbers. The use of port
numbers enables TCP and UDP to multiplex applications onto one network connection. IP
uses protocol number 6 and 17 to identify TCP and UDP.
In host-to-host communications, both ends are actually two application programs, each of
which needs a port number for identification. Therefore, a communication connection can
0

0
80

be identified by the IP addresses and port numbers of both ends, and each packet must
yx

contain the source IP address, source port, destination IP address, and destination port. IP
addresses are carried in the IP header, and port numbers are carried in the TCP/UDP
header.
A TCP/UDP port number is a 16-bit binary number, ranging from 0 to 65535. Among them,
ports 0 to 1023 are managed by the Internet Assigned Numbers Authority (IANA), and have
been assigned or reserved for well-known services. Therefore, these ports are also called
well-known ports. The other port numbers, which are larger than 1023, are not occupied and
can be freely used. For details about port number assignment, refer to RFC 1700.

- 118 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

The necessity of defining well-known ports is obvious. For example, if HTTP service port
can be any port, users will be required to input the port number when accessing an Internet
website because the browser might not know the port number used by the destination
website. However, this does not mean that the well-known protocols must use the
well-known ports. For example, you can assign port 8080 to HTTP to prevent unauthorized
users from accessing web pages.
0

0
TCP Connection Establishment
80

80
yx

yx
TCP is a connection-oriented, reliable transmission control protocol. Before data is
transferred, a connection must be established. After data transmission is over, the
connection is terminated.
0

0
80

80
yx

yx
0

0
80

80
yx

Because the IP protocol used by TCP provides unreliable and connectionless services, TCP
uses a mechanism called three-way handshake to establish a reliable connection. TCP
uses the SYN flag in the TCP header to identify a message used in a three-way handshake
process. A connection can be established after both ends agree during the handshake.
The procedure for establishing a three-way handshake connection is as follows:

- 119 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

1) Host A initiates a connection request to Host B, setting the sequence number to a, and
the SYN flag to 1. Because this is the first segment, the ACK flag is set to 0.
2) Upon receiving the request, Host B sends an acknowledgment with the sequence
number b, ACK flag 1, acknowledgment number a+1, and SYN flag 1.
3) After receiving the acknowledgment from Host B, Host A sends a segment with ACK
number b+1 and sequence number a+1 to Host B.
4) After Host B receives the acknowledgment, a bi-directional connection is established
0

0
80

80
between the two hosts and is ready for data transmission.
yx

yx
Therefore, both ends can transfer data over the connection.

TCP Connection Termination

0
80

80
yx

yx
0

0
80

80
yx

TCP uses the FIN field to identify a message for closing a connection.
The figure above shows a general procedure for TCP connection termination. The details
are described as follows:
1) When Host A wants to terminate the connection, it sends a segment with the FIN field
set to Host B and acknowledges the last received segment at the same time. Suppose
that the sequence number is p.

- 120 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

2) Upon receiving the segment from Host A, Host B sends a segment with the ACK
number p+1 to Host B, and terminates the connection in its outbound direction.
3) Host B sends a segment with the sequence number q and the FIN flag 1 to tell Host A to
terminate the connection.
4) Upon receiving the segment, Host A sends a segment with the ACK number q+1 to
Host B, and terminates the connection in its outbound direction.
Thus, the TCP connection is terminated. The connection termination is a four-way
0

0
80

80
handshake procedure.
yx

yx
Reliable TCP Transmission
0

0
80

80
yx

yx
0

0
80

80
yx

To ensure that data is transferred reliably, acknowledgment is required in TCP. Sequence

number and acknowledgment number are used in the acknowledgment mechanism. In
each segment to be transferred, the sender uses a sequence number so that the receiver
can acknowledge it after receiving it. Sequence numbers can also help rearrange
segments received out of order.
Acknowledging each received segment is simple and effective, but may consume a lot of
network resources. To improve the communication efficiency, TCP adopts the following
measures:

- 121 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

TCP does not require that each segment be acknowledged. The receiver can use one
acknowledgement number to acknowledge all previously received data. For example, if the
sender receives a segment with the acknowledgement number N+1, it means that the
receiver has correctly received all segments with the sequence number less than N+1.
In addition, TCP does not require a separate acknowledgment. The acknowledgment can
be piggybacked in a TCP data segment. If an end receives a segment and has no segment
to be sent to the peer end, it waits for a little while to piggyback the acknowledgment with the
0

0
80

80
subsequent segment.
yx

yx
Because each segment has a unique sequence number, it is easy to detect duplicate
segments, locate lost segments, and rearrange the out of order segments . In a dynamic
routing network, segments may pass through different paths, so they may reach the
destination out of order. The 32-bit sequence numbers in the segments can help
reassemble the segment back to the original data at the destination.
The figure above shows a simplified procedure for TCP transmission. Assume Host A sends
to Host B sequentially numbered segments (staring from 1). Assume also a send window
size of 4096 bytes. Host B receives the segments and verifies the checksum. Host B then
sends an acknowledgement (numbered 4097 or 4096 + 1). The acknowledgement shows
that Host B has received all segments whose sequence numbering is less than 4097. The
0

0
80

80
acknowledgement also shows that Host B stands ready to receive segments whose
yx

yx
numbering starts from 4097. Host A then sends four segments at one time to Host B, and
those segments total 4096 bytes.
0

0
80

80
yx

- 122 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

0
80

80
yx

yx
0

0
80

80
yx

yx
The figure above shows a simplified procedure for TCP retransmission. Suppose that the
second segment (with the sequence number 1025), sent by Host A to Host B, and is lost in
transit. Host B only acknowledges the consecutive segments received correctly. That is,
Host B sends an acknowledgment message with the acknowledgment number 1025 to
notify Host A that the first segment has been received.
After receiving the acknowledgment, Host A cannot retransmit the second segment
immediately. This is because it is not sure whether the segment or acknowledgment of the
segment has been delayed. Only after the route trip time (RTT) expires, does Host A
retransmit the second segment.
0

0
80

After receiving the retransmitted segment, Host B finds that the sequence number of the last
yx

consecutive segment received correctly is 3073, and sends an acknowledgment with the
acknowledgment number being 4097, indicating that all previously transmitted segments
have been received.
If the second segment from Host A (with the sequence number 1025) reaches Host B but
fails the checksum check, Host B does not send any error notification to request a
retransmission. Host A retransmits the segment after the RTT expires.
The acknowledgment sent by Host B might get lost or damaged during transmission. In this
case, Host A retransmits the non-acknowledged segments after the RTT expires. If the

- 123 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

acknowledgment sent by Host B is just delayed, Host A might receive two

acknowledgments after it retransmits the segments. In this case, Host A simply ignores the
extra acknowledgment.
Obviously, RTT is an important parameter in the TCP retransmission mechanism. A too
large RTT may result in late retransmission and a lower transmission speed, and a too small
RTT may lead to frequent retransmission and lower resource utilization. In practice, TCP
dynamically adjusts the RTT value by tracking the interval between the sent segments and
0

0
80

80
the corresponding acknowledgment in real time.
yx

yx
Sliding Window
0

0
80

80
yx

yx
0

0
80

80
yx

TCP uses sliding windows for flow control and defines a window size notification
mechanism, which allows TCP to dynamically control flows between two ends of a
connection.
The TCP sliding window size defines the number of bytes that the receiver expects to
receive for one time. Because the window size is a 16-bit field, its maximum value can be
65535 bytes. During TCP transmission, each end of a connection advertises its window size
to indicate the size of its remaining buffer and the maximum data volume that can be
received next time, thus preventing buffer overflow.

- 124 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

The figure above illustrates how the sliding window implements flow control, taking a
unidirectional data transmission as an example.
Suppose that the initial send window size is 4096 bytes, and each segment contains 1024
bytes. Then, Host A can send four segments to Host B each time. After receiving these
segments, Host B should use the acknowledgment number 4097 to acknowledge the
receipt of these segments. However, due to insufficient buffer or low processing capability,
Host B considers that the sending speed is too high, and expects Host A to reduce the
0

0
80

80
window size by half. Therefore, Host B sends an acknowledgment with the request for
yx

yx
reducing the window size to 2048. After receiving the acknowledgment, Host A reduces the
send window size to 2048, thus reducing the sending speed.
If the receiving end asks for a window size of 0, it means that the receiving end has received
all data or the application at the receiving end is too busy to read any more data, and asks
the sending end to suspend data transfer.
TCP runs in full duplex mode, and therefore the sender and receiver may send data in the
same channel at the same time. This means that each end has two windows for each TCP
connection, one for sending and the other for receiving.
The sliding window mechanism solves the host-to-host flow control problems, but cannot
interfere with the network. If an intermediate node, for example, a router, is congested, TCP
0

0
80

80
cannot know it. If a specific TCP implementation is resistant to timeout settings and
yx

yx
retransmission, it will tremendously worsen the congestion conditions of the network.
0

0
80

80
yx

- 125 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

UDP Fundamentals
UDP Encapsulation
0

0
80

80
yx

yx
0

diskless workstation is not available with any complicated transfer mechanism at its
yx

startup. You can then use UDP based BOOTP to obtain booting information for the
station.
 High bandwidth utilization and transfer efficiency: A UDP header is smaller than a TCP
header, and UDP has no acknowledgment mechanism as TCP does, thus saving
bandwidth.
 Short delay: A sender using UDP can transmit data at a high speed constantly despite
acknowledgment, timeout, and window size. For many applications, especially
real-time applications, retransmission is actually not applicable. For example, in VoIP

- 127 -
yx

yx
Chapter 6 TCP and UDP Fundamentals

applications, retransmission of a lost voice packet is meaningless because the voice

quality has been affected. In such cases, UDP is more suitable than TCP.

Summary
0

0
80

80
yx

yx
0

0
80

80
yx

yx
0

0
80

80
yx

- 128 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

7 Routers, Switches, and Their Operating

Systems
0

0
80

80
yx

yx
Routers and switches are fundamental network devices. The basic function of a router is to
forward traffic based on Layer 3 addresses, like IP addresses, for example, in an IP
network. The basic function of a switch is to forward traffic based on MAC addresses at
Layer 2. This chapter will describe the characteristics of routers and switches and make a
comparison between them. Unless otherwise stated, the term router refers to an IP router
and the term switch refers to an Ethernet switch.

H3C provides a complete portfolio of routers, switches, and other network devices. This
chapter describes the generic concepts of routers and switches, and then H3C routers and
switches.
0

0
80

80
At the core of a router or switch is its operating system. H3C Comware is a generic
yx

yx
operating system for H3C network devices. This chapter covers H3C Comware as well.
0

0
80

80
yx

- 129 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Learning Objectives

Learning Objectives
0

0
Upon completion of this lesson, you will be able to:
80

80
yx

yx
 Describe how a router or switch
works
 Describe the structure of H3C
routers and switches
 Identify the functions and features
of the H3C Comware operating
system
0

0
80

80
yx

yx
0

0
80

80
yx

- 130 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Functionality and Characteristics of Routers and Switches

Functionality and Characteristics of Routers

Functionality of Routers
0

0
80

80
RTD
yx

yx
RTB

PCA
RTA
PCB
RTC
RTE
 Connecting heterogeneous links
 Interconnecting networks/subnets with
broadcasts isolated
0

0
 Routing and forwarding packets
80

80
yx

yx
 Switching/maintaining routes

www.h3c.com

Routers were developed along with the growth of the Internet and the network industry. As
the name implies, the essential function of a router is to find an appropriate route for IP
traffic to its destination in a network. In an internet, it works virtually at the IP layer of the
TCP/IP protocol stack to provide connectionless, best effort delivery for traffic.

As shown in the figure above, two PCs, PCA and PCB, are located in different networks.
0

For them to communicate with each other, forwarding devices like routers must be used.
80

Let's look at how a packet is sent from PCA to PCB.

1) First, PCA looks at the destination IP address of the packet. Because the packet is
destined for a remote network, it delivers the packet to the default gateway, which is
RTA in this scenario.
2) RTA looks up its routing table based on the destination IP address of the packet for
the outgoing interface and then forwards the packet out the interface to the next hop
device, RTB in this scenario.
3) Likewise, RTB forwards the packet to RTE after performing route lookup. RTE looks at
the destination IP address of the packet and finds out that the packet is destined for a

- 131 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

directly connected network. RTE then forwards the packet to PCB according to the
destination address.
Another important function of a router is to connect heterogeneous networks. The links
connected to a router could be of the same or different medium types. For example, RTD
can use a time-division multiplexed serial link at one end, and shared media to connect to
both RTE and PCB at the other end.
0

0
Finally, a router must be able to exchange routing information and select the optimal path
80

80
yx

yx
for a packet. In order to forward traffic, a router must maintain a routing table. Entries in the
routing table can be manually added or dynamically learned with routing protocols. With
dynamic routing protocols, routers can exchange routing information with one another to
adapt to topology changes dynamically. Because there may be multiple routes available to
a destination, a router must be able to select the best one depending on the routing policy.

Characteristics of Routers
 Operating at the physical, data link,
and network layers of the OSI
reference model
0

0
80

80
yx

yx
 Making forwarding decisions based
on network layer addresses
 Providing various types of interface
 Supporting rich link layer protocols
 Supporting rich routing protocols
0

www.h3c.com
80

80
yx

After examining the functionality and forwarding procedure of routers, we can conclude
that a router has these characteristics:
 It operates at the physical, data link, and network layers of the OSI reference model.
This is a basic characteristic of routers as network devices, even though a router may
also provide some transport layer and application layer services, as an FTP server for
example, for management purposes.
 It can connect heterogeneous networks.

- 132 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

 It supports a wide range of physical layer and link layer protocols and standards.
 It forwards IP traffic based on the routing table. This is the core function of a router at
the IP layer.
 To build the routing table and forwarding table (also called the forwarding information
base), a router must be able to exchange routing and other control information with
other routers.
0

0
Functionality and Characteristics of Switches
80

80
yx

yx
Functionality of Switches
PCB

SWB

PCA PCD
SWA
0

0
80

80
PCC
yx

yx
 Dividing an Ethernet network into multiple physical
segments, each being a collision domain
 Transparent, high speed Ethernet frame switching
 Automatic MAC address learning and maintenance

www.h3c.com

Switches can expand a LAN by bridging two or more network segments. As shown in the
figure above, SWA and SWB connect PCA, PCB, PCC, and PCD to form a LAN.
0

0
80

Different from a router, a switch makes forwarding decisions based on Layer 2 addresses
yx

(hardware addresses) rather than Layer 3 addresses.

Suppose PCB wants to communicate with PCC. Let’s look at how a switch forwards data
from PCB to PCC in Ethernet:
1) Because PCC is located on the same network segment as PCB, PCB encapsulates
data in Ethernet frames and sends the frames out of its network interface to SWA.
2) SWA looks up its MAC address table for a match based on the destination MAC
address of each frame and performs either of the following:

- 133 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

 If a match is found, the frame is sent out the specific outgoing port.
 If no match is found, the frame is flooded out all ports except the port where the frame
arrived.
3) SWB performs the same procedure as SWA to forward the frame to PCC.
The entire switching procedure is transparent. In this example, SWA is transparent to PCB,
so is SWB to SWA.
0

0
80

80
Characteristics of Switches
yx

yx
 Operating at the physical and data
link layers of the OSI reference model
 Transparently bridging Ethernet
networks
 Switching Ethernet frames between
ports based on link layer MAC
addresses
0

0
80

80
yx

www.h3c.com

After examining the functionality and forwarding procedure of switches, we can conclude
that:
 A switch operates at the physical layer and data link layer of the OSI reference model.
It does not rely on Layer 3 addresses or routes for forwarding.
0

0
80

 A traditional switch bridges Ethernet LANs and switches traffic between them. It does
yx

not connect heterogeneous media.

 A switch relies on the MAC address table for data forwarding. Entries in the table can
be automatically learned. The switches do not need to exchange destination
information to populate the table.

- 134 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Development Trend of Switches and Routers

Router and Switch Development Trend

 Unification of routing and switching

0
80

80
yx

yx
 Unification of services
0

0
80

80
www.h3c.com
yx

yx
Routers and switches have been merging in both functionality and services.

Traditionally, a router was dedicated to providing Layer 3 interconnectivity and a switch

was dedicated to providing switching at the data link layer. However, more and more
routers have provided Layer 2 Ethernet switching and switches have provided Layer 3
routing in addition to Layer 2 switching. The merging of their functionality not only expands
their application scope but also increases their flexibility.
In addition to merged functionality, the services provided by routers and switches have
been unified. Driven by explosive development of network applications, routers and
0

0
80

switches have been unifying security, voice, and wireless to provide value-added services
yx

in addition to basic interconnectivity service. To adapt to this trend, some vendors have
been opening some interfaces, which promotes compatibility of network devices from
different vendors.
Routers and switches can be categorized in many ways. In functionality and performance,
routers and switches are typically categorized into high-end, mid-range, and low-end. In
network hierarchy, they are typically categorized into core-layer, distribution, and access
routers and switches. In addition, a router or switch can be called a multi-service router or
switch to highlight its business orientation.

- 135 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

H3C Routers and Switches At a Glance

H3C Router Portfolio

0
80

80
yx

yx
CR series core
routers

SR series high-end
routers

MSR series routers

ER series routers
0

0
80

80
yx

www.h3c.com yx

H3C CR16K is a core router independently developed by H3C. It adopts the advanced
CLOS switching architecture in the industry. The switching capacity of the whole device is
up to 54.42 Tbps. The Comware V7 network operating system provides rich service
features and powerful self-healing functions. It is mainly applied in the IP backbone
network, interconnection nodes of a data center, as well as the core and convergence
positions of large-scaled IP networks in various industries.
0

0
80

The SR8800 series routers are designed for the core layer and backbone of large sized
yx

enterprise networks. To ensure high performance, the series adopts distributed network
processor (NP) hardware-based forwarding technology and crossbar non-block switching
technology. Designed as core layer routers, the SR8800 series provides dual routing and
switching processing units (SRPUs), up to 12 line/service card slots, and supports
10-Gigabit line cards. Unifying features of Ethernet switches, the SR8800 series can
provide common Layer 2 functionality in addition.

- 136 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

The SR6600 series products are service bearing routers independently developed by H3C
based on the high-end router platform. Adopted a full-service distributed processing
architecture, the SR6600 series build in all services without the need of additional service
boards. The SR6600 series provide flexible and scalable business processing capabilities.
The SR6600 series adopt the homegrown Apollo silicon integrated with route forwarding
and service processing functions, to achieve high-performance service line-rate forwarding.
Based on the IRF2 technology, the SR6600 series achieve WLAN convergence
0

0
80

80
virtualization, which greatly improves network reliability while reducing operation,
yx

yx
maintenance, and management costs.

The Multiple Services Router (MSR) is a new generation of networking products that H3C
is launching exclusively for industrial branches and medium to large-sized enterprises. The
MSR routers include MSR56, MSR36 and MSR26 series. MSR routers can provide
smarter service scheduling management mechanisms, support modular loose coupling for
services, and enable dynamic loading of processes and patches. In terms of hardware,
MSR routers use high-performance multi-core CPU processor and non-blocking switching
architecture, greatly enhancing the multi-service concurrency processing.
The MSR routers adopt the open application architecture (OAA). This architecture provides
open software and hardware interfaces and a set of standards for other vendors and
0

0
80

80
partners to develop their own more intelligent network applications.
yx

yx
In addition, H3C offers the ER series modular routers designed for the distribution and
access layers of large-sized networks and the core layer of small-sized networks.

Different router models have varied architectures. Their installation and configuration may
vary. This course uses the MSR 36 series routers for example and lab exercises are also
created on the MSR 36 series. If you are using a different router model, refer to the
documentation for the router for more information.
0

0
80

80
yx

- 137 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Views of a Sample H3C Router

MSR 36-40

Intelligent
interface
card (SIC)
Configuration port
0

0
CF card slot (Console)
80

80
yx

yx
Multi-function
interface module
Front panel (HMIM)

Power switch and

socket

Rear panel

www.h3c.com
0

0
80

80
yx

yx
The figure above shows an intuitive view of the H3C MSR36-40 router. The MSR36-40 is a
modular router. The front panel mainly includes a configuration port (Console), a CF card
slot, as well as various types of interface module slots. The front panel is also equipped
with the system indicator, interface indicator, and CF card indicator to help you monitor and
determine the system running state.

The MSR36-40 not only supports a variety of pluggable service expansion module, but
also supports flexible and hot pluggable power modules on the rear panel.

MSR36 series routers provide support for common SIC (intelligent interface card) and
HMIM (multi-function interface module) cards. Each interface module also varies in size,
interface type, and quantity, and can be flexibly configured according to the actual
0

0
80

requirements.
yx

- 138 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

H3C Switch Portfolio

Switch products for

data centers
0

0
80

80
yx

yx
Switch products for
campus networks

EPON

EPCN gateways
0

0
80

80
www.h3c.com
yx

yx
H3C offers a complete switch portfolio including core routing switches and low-end and
mid-range switches.

The core routing switch portfolio includes the S12500、S10500、S9500E、S7500E families.

The H3C S12500 core routing switch delivers Layer 2 and Layer 3 forwarding of high
capacity and performance. Moreover, the switch provides security features.
H3C has a rich low-end and mid-range switch portfolio, which comprises the S5830、S5820、
S5800V2、S5800、S5500-EI/SI、S5120-HI/EI/SI、S3600V2-EI/SI、S3100V2. In this portfolio,
the S5100-EI/SI and the S3100 provide Layer 2 switching, but all other switches provide
0

0
80

Layer 3 routing in addition.

The S5820V2 series switches used in this course are IPv4/IPv6 dual-stack routing
switches that adopt the brand new software and hardware platforms of H3C. The series
includes the S5820V2-52Q、S5820V2-52QF、S5820V2-54QS-GE. They provide similar
functions and features but are different in number of interfaces and types of interface.

- 139 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Different switches use different architectures. Their installation and configuration may vary.
This course uses the S5820V2 switch, and lab exercises are created on the S5820V2. If
you are using a different switch chassis, refer to its documentation for more information.
0

0
80

80
yx

yx
Views of Sample H3C Switches

S5820V2-54QS-GE

Front panel Rear panel

0
80

 The IPv4/IPv6 dual-protocol stack. As a next generation IP standard, IPv6 can resolve
0

address deficiency and some other critical problems with IPv4. The support for IPv6
80

80
yx

future-proofs the infrastructure investments of customers.

 Enhanced processing capability thanks to the multi-CPU design.
 Both routing and switching functions. The platform can be shared by both routers and
switches.
 High-availability and resilience features such as intelligent resilient framework (IRF).
 Good scalability and customizability. The H3C Comware adopts the modular design
and provides open interfaces. The customers can tailor software features as needed.

- 142 -
yx

yx
Chapter 7 Routers, Switches, and Their Operating Systems

Summary

Summary
 Routers forward traffic based on Layer 3 IP
0

0
80

80
addresses
yx

yx
 Switches forward traffic based on Layer 2
MAC addresses
 Operating system is software essential to the
operations of a router or switch
 Comware is the core software platform for
H3C IP network devices
0

0
80

80
yx

yx
0

0
80

80
yx

- 143 -
yx

yx
Chapter 8 Command Line Operation Basics

8 Command Line Operation Basics

0
80

80
H3C Comware provides a command line interface (CLI) to manage devices and configure
yx

yx
software features. You can access the H3C Comware CLI through the console port, AUX
port, telnet, and SSH. This chapter describes how to access and use the CLI, and manage
devices with some commonly used commands.

Learning Objectives

Learning Objectives
0

0
80

80
Upon completion of this lesson, you will be able to:
yx

 Configure network devices yx

 Use hierarchical command lines
 Manage devices with basic
commands
0

0
80

80
yx

- 144 -
yx

yx
Chapter 8 Command Line Operation Basics

Accessing the CLI of an H3C Network Device

Connecting to the CLI

Accessing Command Line Interface

0
80

80
yx

yx
 Logging in locally through the console port
 Logging in remotely through the AUX port
 Logging in through telnet
 Logging in through SSH
 Logging in through a serial port
0

0
80

80
yx

www.h3c.com yx

To manage and operate a device through the CLI, you must connect to the device remotely
or through a terminal. H3C network devices provide multiple methods for accessing the
CLI:
 Logging in locally through the console port
 Logging in remotely through the AUX port
 Logging in through telnet
0

0
80

 Logging in through SSH

 Logging in through an asynchronous serial port

This book describes all but the last method, which is not commonly used.

- 145 -
yx

yx
Chapter 8 Command Line Operation Basics

Setting Up a Connection Through the Console Port

0
80

80
yx

yx
Serial port Console port

Console cable
Terminal Router/Switch
0

0
80

80
www.h3c.com
yx

yx
Logging in through the console port is the most common way to log in to a network device.
An H3C router or switch provides one console port that uses a type EIA/TIA-232 DCE
connector. You connect the serial port of a terminal to the console port of the network
device through a dedicated console cable.

Connect the RJ-45 connector of the console cable to the console port of the network
device, and the DB-9 connector to the serial port of the terminal. Because the length and
transmission distance of the console cable are limited, the console port is only for local
configuration.
0

0
80

Console port connection is the basic connection method, and is also the most common
yx

way to perform initial configuration for a device. Users logging in from the console port of a
router or switch have the highest right by default, and can perform all operations and
configurations.

A typical terminal is a computer running the terminal simulation program. The following
uses a PC running Windows XP to illustrate how to create a new connection.

- 146 -
yx

yx
Chapter 8 Command Line Operation Basics

Setting Up a New Connection

0
80

80
yx

yx
www.h3c.com
0

0
80

80
yx

yx
Install the terminal emulation software PuTTY on the computer. You can log in to the
device through this software to configure the device.
0

0
80

80
yx

- 147 -
yx

yx
Chapter 8 Command Line Operation Basics

Selecting the COM Port

0
80

80
yx

yx
www.h3c.com
0

0
80

80
yx

yx
Start the software. Select Serial in Connection Type. Select the serial cable according to
the actual situation. In this example, COM4 is selected. Set the baud rate to 9600 (default
value).
0

0
80

80
yx

- 148 -
yx

yx
Chapter 8 Command Line Operation Basics

Entering the Device Configuration Interface

0
80

80
yx

yx
www.h3c.com
0

0
80

80
yx

yx
After setting the communication parameters, click Open to enter the device configuration
page as shown in the figure above.
0

0
80

80
yx

- 149 -
yx

yx
Chapter 8 Command Line Operation Basics

Setting Up a Connection Through the AUX Port

Setting Up a Connection Through AUX Port

Router/Switch
0

0
80

80
PSTN
yx

yx
Modem AUX port

Modem

Serial port

Terminal
0

0
80

80
www.h3c.com
yx

yx
The AUX port (with the type EIA/TIA-232 DTE) on a network device is generally used to
remotely operate and configure the device. In this configuration environment, a user
terminal is connected to the AUX port of the network device through the public switched
telephone network (PSTN). To establish this connection, both the user terminal and the
network device should have a modem installed. The AUX port of the network device is
connected to the modem through the AUX cable, and the terminal is connected to the
modem through the modem cable.

In application, a PC running the terminal emulation program is always used as a terminal.

0
80

Although setting up a connection through the AUX port is not a commonly used method, it
yx

can be used to remotely operate a device when an IP network is disconnected. This book
does not introduce this method in detail.

- 150 -
yx

yx
Chapter 8 Command Line Operation Basics

Setting Up a Connection Through Telnet

0
80

80
yx

yx
Telnet client Telnet server

Host Router/Switch

IP network
Network Network
interface interface
0

0
80

80
www.h3c.com
yx

yx
Telnet is a TCP-based protocol for remote connection and data exchange between hosts
and terminals. It adopts the client/server model so that the local computer of a user can
establish a connection with a remote computer and the user can log in to the remote
computer to perform operations.

A network device can serve as a telnet server to provide remote login services for users. In
this case, a user telnets the network device through a computer that serves as a telnet
client and can operate and configure the device after logging in successfully.

To set up a connection through telnet, first the client and the network device (server) must
0

0
80

be able to reach each other. It means that the network device and client must be
yx

configured with an IP address, and the network between them must have correct routes.
Second, for security purposes, the network device must be configured with some telnet
authentication information, including username and password, and TCP and telnet
protocol packets must be allowed in the intermediate network.

A network device can also serve as a telnet client to log in to another network device.

- 151 -
yx

yx
Chapter 8 Command Line Operation Basics

Setting Up a Connection Through SSH

Introduction to SSH
 Secure Shell (SSH) offers an approach to logging in to a
remote device securely.
0

0
 It is composed of transmission protocol, authentication
80

80
protocol and connection protocol.
yx

yx
 It uses TCP port 22 to provide password and publickey
authentication methods.

Host Router/Switch

PSTN/ISDN
IP network

SSH client SSH server

0
80

80
www.h3c.com
yx

yx
When telnet is used to remotely configure a network device, all the information is
transmitted on the network in plain text. Secure Shell (SSH) offers an approach to logging
in to a remote device securely. By encryption and strong authentication, it protects devices
against attacks such as IP spoofing and plain text password interception.

SSH comprises one transport layer, user authentication layer, and connection layer. SSH
uses TCP service on port 22. An H3C network device supports multiple concurrent SSH
connections.

A network device can work as an SSH client to establish SSH connections with a remote
0

0
80

device that acts as the SSH server.

SSH provides two authentication methods: password authentication and public key
authentication.
 Password authentication: The client encrypts its username and password,
encapsulates them into a password authentication request, and sends the request to
the server. Upon receiving the request, the server decrypts the username and
password, checks their validity, and then informs the client of the authentication result.

- 152 -
yx

yx
Chapter 8 Command Line Operation Basics

In this authentication method, the transmitted data will be encrypted, but the client
cannot know whether its server is a real server.
 Public key authentication: A pair of keys needs to be created and saved on the server.
The client sends an RSA authentication request together with its public key modulus
to the server. The server performs a validity check on the request. If it is not valid, the
server sends a failure message to the client. Otherwise, a 32-byte random number is
generated to form an MP integer according to the most significant bit (MSB). Then the
0

0
80

80
server encrypts the integer with the public key of the client to initiate an authentication
yx

yx
challenge to the client. Upon receiving the challenge message, the client decrypts it to
obtain the MP integer, and uses the integer and session ID generated in the
key-algorithm negotiation phase to generate the MD5 value. Then the client encrypts
the 16-byte MD5 value and sends it to the server. When the server receives the
message, it decrypts the message to get the MD5 value and compares it with the
value calculated by itself. If they are the same, the authentication succeeds and the
server sends a success message; otherwise it sends a failure message.

Using the CLI

0
Understanding Command Views
80

80
yx

Command Views yx
 User view
 Default view after device boot, with which you can
display the running status and statistics
 System view
 View where system global parameters are configured
 Routing protocol view
 View for configuring routing protocol parameters
 Interface view
0

0
80

 View for configuring interface parameters

 Line view
 View for configuring the attributes of the users
logging in to the device

www.h3c.com

Using Command View

******************************************************************************
* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************

Line aux0 is available.

0
80

80
Press ENTER to get started.
yx

yx
<H3C>%Oct 13 09:16:14:706 2013 H3C SHELL/5/SHELL_LOGIN: TTY logged in from aux0.

<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]interface GigabitEthernet 0/0
[H3C-GigabitEthernet0/0]description to_MyPC
[H3C-GigabitEthernet0/0]ip add 192.168.0.1 255.255.255.0
[H3C-GigabitEthernet0/0]quit
[H3C]user-interface vty 0 63
[H3C-line-vty0-63]authentication-mode scheme

www.h3c.com
0

0
80

80
yx

yx
The figure above displays how to use command views. In this example, after pressing
Enter, you enter user view, and then after entering the system-view command, you enter
system view. In system view, if you enter the interface GigabitEthernet 0/0 command,
you enter the interface view of GigabitEthernet 0/0. In this interface view, the description
command describes the interface, the ip address command configures an IP address for
the interface, and the quit command exits to system view. Finally, the line vty 0 63
command enters VTY user interface view to specify an authentication method for VTY
login.
0

0
80

80
yx

- 156 -
yx

yx
Chapter 8 Command Line Operation Basics

Command Types

Command Types
 Read Type
 Used to display system configuration information and
maintenance information, such as the display command
0

0
80

80
and dir command (for displaying file information).
yx

yx
 Write Type
 Used to configure the system, such as the info-center
enable command (for enabling the information center
function) and the debugging command (for configuring
debugging information).
 Execution Type
 Used to perform specific functions, such as the ping
command or FTP command (for establishing a
connection with the FTP server).
0

0
80

80
www.h3c.com
yx

yx
A command line is the smallest unit that controls user permissions in the Comware system.
According to command functions, the commands are categorized as follows:
 Read Type: Used to display system configuration information and maintenance
information, such as the display command and dir command (for displaying file
information).
 Write type: Used to configure the system, such as the info-center enable command
(for enabling the information center function) and the debugging command (for
configuring debugging information).
0

 Execution Type: Used to perform specific functions, such as the ping command or
80

FTP command (for establishing a connection with the FTP server).

- 157 -
yx

yx
Chapter 8 Command Line Operation Basics

User Roles

User Roles User Rights

Rights for operating all functions and resources of

network-admin
the system
0

0
80

80
yx

yx
Rights for display all functions and resources
network-operator
(except for display history-command all)

The administrator configures rights for level-0 to

level-14 users.
Level-0, level-1, and level-9 users have default user
level-n (n = 0~15) rights.
Level-15 users have the same rights as the network
administrator, and the administrator cannot configure
the rights for level-15 users.

www.h3c.com
0

0
80

80
yx

yx
The system pre-defines a variety of user roles, and some of which have default user rights.
Administrators can also customize existing user roles or create new roles if the system's
pre-defined user roles do not meet the rights management requirements.
0

0
80

80
yx

- 158 -
yx

yx
Chapter 8 Command Line Operation Basics

Command Line Help

Command Line Help (I)

<Sysname>?
User view commands:
backup Backup next startup-configuration file to TFTP server
boot-loader Set boot loader
bootrom Update/read/backup/restore bootrom
0

0
cd Change current directory
80

80
clock Specify the system clock
yx

yx
copy Copy from one file to another
debugging Enable system debugging functions
delete Delete a file
dialer Dialer disconnect
dir List files on a file system
display Show running system information
fixdisk Recover lost chains in storage device
format Format the device
free Clear user terminal interface
ftp Open FTP connection
graceful-restart Restart LDP protocol
language-mode Specify the language environment
license Software license information
---- More ----

[Sysname] interface vlan ?

<1-4094> VLAN interface number
[Sysname] interface vlan 1 ?
<cr>
0

0
80

80
www.h3c.com
yx

Command Line Help (II) yx

<Sysname> di?
dialer
dir
display

<Sysname> dis?
display

<Sysname> dis
<Sysname> display
<Sysname> display v?
version
virtual-access
vlan
0

voice
80

voiceboard
yx

vrrp

<Sysname> display ver?

version

<Sysname> display ver ?

<cr>

You can press Tab to supplement the command

www.h3c.com

- 159 -
yx

yx
Chapter 8 Command Line Operation Basics

The CLI provides an easy to use online help:

 Enter ? in any view to access all the commands in this view and get a brief description
about them as well.
 Enter a command and a ? separated by a space. If ? is at the position of a keyword, all
the keywords are given with a brief description. If ? is at the position of an argument,
the argument description will be given.
 Enter a character string followed by a ?. All the commands starting with this string are
0

0
80

80
displayed.
yx

yx
 Enter a command followed by a character string and a ?. All the keywords starting with
this string are listed.
 Press Tab after entering the first several letters of a keyword to display the complete
keyword, provided these letters can uniquely identify the keyword in this command.
When several matches are found, if you repeatedly press Tab, all the keywords
starting with the letter that you enter are displayed in cycles.

Error Prompt Information

0
80

80
yx

yx
[Router] di
^
% Ambiguous command found at '^' position.

[Router] dispaly
^
% Unrecognized command found at '^' position.

[Router] display
^
% Incomplete command found at '^' position.

[Router] display interface gigabitethernet 0/0 0

^
% Too many parameters found at '^' position.

[Router] display interface gigabitethernet 0/0/0

^
% Wrong parameter found at '^' position.
0

[Router]
80

80
yx

www.h3c.com

The commands you enter are executed if they pass the syntax check; otherwise, the
system gives error information. The following table lists some common error information:

- 160 -
yx

yx
Chapter 8 Command Line Operation Basics

Error message Error description

No command is found.

No keyword is found.
Unrecognized command
Parameter type error.

Parameter value exceeds the value range.

0
Incomplete command The entered command is not complete.
80

80
yx

yx
The command beginning with the entered
Ambiguous command found at '^' position character is not unique, and cannot be
recognized.

Too many parameters The entered command has too many

parameters.

Wrong parameter The entered command has wrong

parameter.

Command Line History

0
80

80
yx

Command Line History yx

 View history commands

display history-command

 Display a command in the history buffer

 Press↑or Ctrl+P to display a previous command
 Press↓or Ctrl+N to display a next command
0

0
80

80
yx

www.h3c.com

- 161 -
yx

yx
Chapter 8 Command Line Operation Basics

The commands that have been executed recently are saved in the history buffer. You can
use the display history-command command to display these commands, or view, edit or
execute these saved history commands. By default, the history buffer saves 10 commands,
and you can use the history-command max-size size-value command to set the buffer
size.

You can press the up-arrow key or Ctrl+P to display the history commands earlier than the
0

0
current one. You can press the down-arrow key or Ctrl+N to display the history commands
80

80
later than the current one.
yx

yx
Editing Features

Editing Features
Key Function
If the editing buffer is not full, insert the character at the position of the
Common keys
cursor and move the cursor to the right.
Deletes the character to the left of the cursor and move the cursor back
Backspace
one character.
← or Ctrl+B The cursor moves one character space to the left.
0

0
→ or Ctrl+F The cursor moves one character space to the right.
80

80
Ctrl+A Moves the cursor to the beginning of the current line.
yx

yx
Ctrl+E Moves the cursor to the end of the current line.
Ctrl+D Deletes the character at the current cursor position.
Ctrl+W Deletes all the characters in a continuous string to the left of the cursor.
Deletes all the characters of the continuous string at the current cursor
Esc+D
position and to the right of the cursor.
Moves the cursor to the leading character of the continuous string to the
Esc+B
left.
Esc+F Moves the cursor to the front of the next continuous string to the right.
Ctrl+X Deletes all the characters to the left of the cursor.
Ctrl+Y Deletes all the characters to the right of the cursor.

www.h3c.com
0

0
80

80
yx

The CLI provides the basic command editing functions. The table above lists the main
functions. For more editing functions, refer to the related operation manual and command
manual.

- 162 -
yx

yx
Chapter 8 Command Line Operation Basics

Multiple-Screen Output

Showing Items per Page

<H3C>display interface
Aux0 current state: DOWN
Line protocol current state: DOWN
Description: Aux0 Interface
The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
0

0
Internet protocol processing : disabled
80

80
Link layer protocol is PPP
yx

yx
LCP initial
Output queue : (Urgent queuing : Size/Length/Discards) 0/50/0
Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Physical layer is asynchronous, Baudrate is 9600 bps
Phy-mru is 1700
Last clearing of counters: Never
Last 300 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec
Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec
Input: 0 packets, 0 bytes
0 broadcasts, 0 multicasts
0 errors, 0 runts, 0 giants
---- More ----

 Space: Continues to display information of the next

0
80

80
<H3C>display current-configuration
yx

yx
 Displaying interface information
<H3C>display interface
 Displaying interface IP status and configuration information
<H3C>display ip interface brief

 Displaying system running statistics

<H3C>display diagnostic-information

www.h3c.com
0

0
80

80
yx

This figure lists the commonly used information display commands. You can use the
display version command to view the operating system version information of a network
device, and you can use the display current-configuration command to view the
current running configuration of a device.

You can use the display interface command to view the device interface information. This
command displays the type, number, physical layer status, data link layer protocols, IP
address, packet transmission, and receipt statistics for all the interfaces of a device. To

- 165 -
yx

yx
Chapter 8 Command Line Operation Basics

view the brief information for an interface, such as the IP status, you can use the display
ip interface brief command.

Generally, you need to execute the corresponding display commands for each module,
because each module has independent running information. To collect more information at
one time, you can execute the display diagnostic-information command in any view to
display the statistics of the running status of multiple modules in the system.
0

0
80

80
Configuring Remote Login
yx

yx
Before logging in to a server router remotely, you must configure your device. If it is the first
time configuration, you must perform local configuration through the console port. This
section describes the basic configurations of telnet and SSH remote login routers. The
configurations of switches are similar. For details, refer to the related operation and
command manual.

Configuration for Logging In to a Router Through Telnet

0
Telnet Service Configuration Commands on Routers (I)
80

80
yx

 Configuring the IP address of the an interface

connecting to the network IP
yx
[H3C-ethernet0/0]ip address ip-address { mask | mask-length }

 Enabling Telnet server functions

[H3C]telnet server enable

 Enter VTY user interface view and set the

authentication method
0

0
80

80
yx

[H3C]user-interface vty first-num2 [ last-num2 ]

[H3C-ui-vty0]authentication-mode { none | password |
scheme }
www.h3c.com

The figure above and the subsequent figures show the commands for configuring the
telnet server on the network device when password authentication is adopted.

- 166 -
yx

yx
Chapter 8 Command Line Operation Basics

 Configure at least one IP address to provide IP connectivity.

 Start the telnet server.
 Enter VTY user interface view. The VTY number ranges from 0 to 63. The first login
user is numbered VTY 0, the second VTY 1, and so on. Here you can select the VTY
number to be configured.
The authentication method for VTY user interface falls into three types:
0

0
 none means no authentication.
80

80
 password means password authentication, and you only need to input a password.
yx

yx
 scheme means username/password authentication, and you need to input the
username and password.

Telnet Service Configuration Commands on Routers (II)

 Setting login password and user role

[H3C-line-vty0-63] set authentication password {hash |

simple } password
[H3C-line-vty0-63] user-role role-name
0

0
80

80
 Creating a user, configuring the password, setting
yx

yx
the service type and setting the user role

[H3C] local-user username

[H3C-luser-manage-xxx] password { hash | simple } password
[H3C-luser-manage-xxx] service-type telnet
[H3C-luser-manage-xxx] authorization-attribute user-role role-
name

www.h3c.com
0

0
80

If you adopt password authentication, you need to configure an authentication


yx

password, and you can also configure the user role in the user line where a user logs
in.
 If you adopt scheme authentication, the system authenticates a user by using the user
information in the local user database. Therefore, you must configure the local
username, password, and user role, and select the service type as telnet for remote
login authentication.

- 167 -
yx

yx
Chapter 8 Command Line Operation Basics

If the user role of a local user is not the same as that in the user line where the user logs in,
the system adopts the former as the user role after login.
0

0
80

80
Telnet Configuration Example
yx

yx
Telnet client Telnet server

PCA RTA
G0/0

IP address:
192.168.0.1
Subnet mask: <H3C>system-view
255.255.255.0 [H3C]telnet server enable
[H3C]interface GigabitEthernet 0/0
0

0
[H3C-GigabitEthernet0/0]ip address 192.168.0.254 24
80

80
[H3C]line vty 0
[H3C-line-vty0]set authentication password simple 123456
yx

yx
[H3C-line-vty0]user-role network-admin

www.h3c.com

The figure above shows a configuration example for a client to connect to a router through
telnet. Suppose client host PCA is connected to router RTA through an Ethernet, and the
user role is network-admin. Configure RTA by using the commands shown in the figure,
0

and configure the IP address and subnet mask for PCA. Start the telnet client, and you can
80

access the CLI of RTA.

A telnet connection requires IP reachability. If the client and server are in different network
segments, configure IP routes as described later in this book to ensure that they can reach
each other.

- 168 -
yx

yx
Chapter 8 Command Line Operation Basics

Logging In Through Telnet

Microsoft Windows XP [ Version 5.1.2600]

0
C:\Documents and Settings\user>telnet 192.168.0.254
80

80
******************************************************************************
yx

yx
* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************

Password:
<H3C>

Input the password

0
www.h3c.com
80

80
yx

yx
Input the IP address of the router on the telnet terminal software of PCA to connect to the
router. If prompted for a password, input the preconfigured password 123456, and you will
pass the authentication and the command line prompt <H3C> will appear. Then you can
perform operations on the router.

If the system prompts “All user interfaces are used, please try later!”, it indicates that the
number of telnet login users has reached the upper limit. Try again after another user
terminates a connection.
0

0
80

80
yx

The modified user role takes effect only after a user logs out and re-logs in.

- 169 -
yx

yx
Chapter 8 Command Line Operation Basics

Configuration for Logging In to a Router Through SSH

SSH Service Configuration Commands on Routers

 Enabling SSH server functions

[H3C] ssh server enable
0

0
80

80
yx

yx
 Configuring the user interface when the SSH client logs
in
[H3C-ui-vty0-4]authentication-mode scheme
[H3C-ui-vty0-4]protocol inbound ssh

 Configuring SSH user

[H3C] local-user username
[H3C-luser-manage-xxx] password { hash | simple } password
[H3C-luser-manage-xxx] service-type ssh
[H3C-luser-manage-xxx] authorization-attribute user-role role-
name
0

0
80

80
www.h3c.com
yx

yx
The figure above and the subsequent figures show the commands for configuring the SSH
server on the network device when password authentication is adopted.
 Start the SSH server.
 Configure the user interface to support SSH. The configuration result takes effect at
the next login.
 Configure a local SSH user for the server for remote login authentication.
 Configure at least one IP address for the network device to provide IP connectivity.
0

0
80

80
yx

- 170 -
yx

yx
Chapter 8 Command Line Operation Basics

SSH Service Configuration Commands on Routers (II)

 Generating an RSA key

[H3C] public-key local create rsa
0

0
 Exporting an RSA key
80

80
yx

yx
[H3C] public-key local export public rsa ssh2

 Destroying an RSA key

[H3C] public-key local destroy rsa

www.h3c.com
0

0
80

80
yx

yx
To complete the SSH authentication and session, generate a session key and ID by using
parameters such as key pairs. The figure above shows the commands for generating key
pairs. The length of an RSA key is in the range 512 to 2048 bits. In SSH 2.0, some clients
require the key generated by the server to be at least 768 bits. If the type of key pair
already exists, the system will ask you whether you want to overwrite it.

You can display the generated RSA public key pairs on the screen or export them to a
specified file according to the specified format, or you can destroy the local key pairs.
0

0
80

80
yx

An SSH connection requires IP reachability. If the client and server are in different network
segments, configure IP routes as described later in this book to ensure that they can reach
each other.

- 171 -
yx

yx
Chapter 8 Command Line Operation Basics

SSH Configuration Example

SSH client SSH server

PCA RTA
G0/0
0

0
80

80
IP address: 192.168.0.1
Subnet mask: 255.255.255.0
yx

yx
Run SSH client software [H3C]public-key local create rsa

[H3C]interface GigabitEthernet 0/0

[H3C-GigabitEthernet0/0]ip address 192.168.0.254
255.255.255.0
[H3C]ssh server enable
[H3C]line vty 0 63
[H3C-line-vty0-4]authentication-mode scheme
[H3C-line-vty0-4]protocol inbound ssh
[H3C]local-user sshclient
[H3C-luser-manage-sshclient]password simple abc
[H3C-luser-manage-sshclient]service-type ssh
[H3C-luser-manage-sshclient]authorization-attribute user-
role network-admin

www.h3c.com
0

0
To configure the SSH server, you need to create a local key pair and then enable the SSH
80

80
service.
yx

yx
Enable user authentication in the line view and set the protocol supported by this line to
SSH.

Create a local user, configure the service type as SSH, and authorize the user role as the
network-admin.
0

0
80

80
yx

- 172 -
yx

yx
Chapter 8 Command Line Operation Basics

Starting the SSH Client

0
80

80
yx

yx
www.h3c.com
0

0
80

80
yx

yx
There are different types of SSH client software. This section takes PuTTY as an example
to illustrate how to configure an SSH client.

To connect an SSH client to a server, you must:

 Specify the IP address of the server.
 Select the remote connection protocol as SSH. Generally, a client supports multiple
remote connection protocols; for example, telnet, rlogin and SSH. To establish an
SSH connection, you must select the remote connection protocol as SSH.
 Select the SSH version. Because the device supports SSH server 2.0, you can select
version 2.0 or lower for the SSH client.
After configuring the terminal parameters, click Open to connect to the server (network
0

0
80

device). The following dialog box appears:

- 173 -
yx

yx
Chapter 8 Command Line Operation Basics

Logging In to a Network Device

0
80

80
yx

yx
www.h3c.com
0

0
80

80
yx

yx
By entering the pre-configured username and password, you can enter the CLI.
0

0
80

80
yx

- 174 -
yx

yx
Chapter 8 Command Line Operation Basics

Summary

Summary
 Multiple configuration methods: local configuration
0

0
80

80
through the console port, local/remote configuration
yx

yx
through the AUX port/Telnet/SSH.
 The command lines are managed under command
views.
 The command lines are hierarchically protected.
0

0
80

80
yx

yx
0

0
80

80
yx

- 175 -
yx

yx
Chapter 9 Network Device File Management

9 Network Device File Management

0
80

80
This chapter describes how to manage the operating system and configuration files on
yx

yx
H3C network devices.

A configuration file saves device configurations in command lines in text format. This
chapter shows how to manage and maintain configuration files.

In addition, this chapter describes how to upgrade the Boot ROM and operating system
software and download system files by using FTP and TFTP.

Learning Objectives
0

0
80

80
yx

yx
Learning Objectives
Upon completion of this lesson, you will be able to:

 Operate files on H3C network devices.

 Save, remove, back up, and restore a
configuration file.
 Upgrade the software of network devices.
 Transmit system files through FTP and
TFTP.
0

0
80

80
yx

- 176 -
yx

yx
Chapter 9 Network Device File Management

Overview

File Categories

Files Managed by H3C Devices

0
80

80
yx

yx
 The device saves the data for device
running in the way of files.
 H3C devices can manage these files:
 Boot files
 Configuration files
 Log files
0

0
80

80
yx

www.h3c.com yx

The device needs some basic programs and data at startup, and generates some
important data during the running process. The data is saved in the storage media of the
device in the file format for retrieval and management.

The files used by H3C devices include:

 Boot files: The Comware operating system is used to boot the program files of the
0

device. The device must have the Boot files to work normally. The Boot files can be
80

80
yx

released in BIN or IPE format.

 Configuration files: Files that save the device configurations in command lines in text
format, with an extension of .cfg.
 Log files: Text files that save the log data generated during the system running
process.

- 177 -
yx

yx
Chapter 9 Network Device File Management

Storage Media

Storage Media
Router
0

0
80

80
ROM Boot ROM
yx

yx
Application program file
Flash
CPU Startup configuration file (Saved-
memory
configuration)
Log file
RAM Running operating system
Running configuration (Current-
configuration)

A flash can be a built-in flash memory or a CF card,

depending on your device model.
0

0
80

80
www.h3c.com
yx

yx
Three kinds of storage media are available on H3C network devices:
 Read-Only Memory (ROM): Stores the Boot ROM. The Boot ROM is a loading
program that searches application files and loads the files to the operating system.
When the application files or configuration files fail, it can provide a recovery method.
 Flash Memory: Stores application files, saves configuration files and log files
generated during the system running. By default, the device loads application and
configuration files from the flash. A flash can be a CF card or a built-in flash device
depending on device models.
0

 Random-Access Memory (RAM): Used only for running the system. For example, it
80

stores the running configurations of H3C Comware. The information in the RAM is lost
yx

after the system is shut down or rebooted.

- 178 -
yx

yx
Chapter 9 Network Device File Management

Working with Files

 Directory operations
 Create/delete a directory, display the current working
0

0
80

80
directory, display the specified directory or file information,
and so on.
yx

yx
 File operations
 Delete, restore, and remove files completely; display file
contents; rename, copy, and move files; display the
information of the specified files.
 Storage medium operations
 Restore the space of and format a storage medium
 Setting prompt modes
0

0
80

80
www.h3c.com
yx

yx
You can create and delete a directory, and copy and display files.

By default, the system prompts you for confirmation of the commands that may cause data
loss (for example, commands for deleting files and overwriting files).

File operations can be classified into the following categories:

 Directory operations
Directory operations include creating/removing a directory, displaying the current working
directory, displaying the specified directory or file information, and so on. You can follow
0

0
80

these steps to perform directory operations in user view.

To do… Use the command… Remarks

Create a directory mkdir directory Optional

Remove a directory rmdir directory Optional

Display the current

pwd Optional
working directory

Display directory or file

dir [ /all ] [ file-url ] Optional
information

- 179 -
yx

yx
Chapter 9 Network Device File Management

To do… Use the command… Remarks

Change the current
cd directory Optional
directory

 File operations
File operations include displaying the specified directory, file information, or file contents;
0

0
80

80
renaming, copying, moving, removing, restoring, and deleting files.
yx

yx
To do… Use the command… Remarks
Delete a file delete [ /unreserved ] file-url Optional

Restore a file from the

undelete file-url Optional
recycle bin

reset recycle-bin [ file-url ]

Empty the recycle bin Optional
[ /force ]

Optional
Display the contents of a
more file-url Currently only a .txt file
file
can be displayed.
0

0
rename fileurl-source
Rename a file Optional
80

80
fileurl-dest
yx

yx
Copy a file copy fileurl-source fileurl-dest Optional

Move a file move fileurl-source fileurl-dest Optional

Display directory or file
dir [ /all ] [ file-url ] Optional
information

 Storage medium operations

When some space on a storage medium becomes inaccessible due to abnormal
operations, you can use the fixdisk command to restore the space of a storage medium or
use the format command to format a specified storage medium.
0

0
80

To do… Use the command… Remarks

Restore the space of a

fixdisk device Optional
storage medium
Format a storage medium format device Optional

- 180 -
yx

yx
Chapter 9 Network Device File Management

When you format a storage medium, all the files stored on it are erased and cannot be
restored. If you format the flash memory, all the applications and configuration files will be
lost.
0

0
80

80
yx

yx
For a hot swappable storage medium such as a CF card or a USB device, you can use the
mount and umount command in user view to mount or unmount it. When a device is
unmounted, it is in a logically disconnected state, and you can then remove the storage
medium from the system safely. To mount a storage medium, you must reconnect the
storage medium to the system.

To do… Use the command… Remarks

Optional

Mount a storage A storage medium is automatically

mount device-name mounted and in mounted state
medium
when it is connected to the system
by default.
0

0
80

80
Unmount a storage
yx

yx
umount device-name Optional
medium

 Before removing a mounted storage medium from the system, first unmount it to avoid
damaging the storage medium.
 When mounting or unmounting a storage medium, or performing file operations on it,
do not unplug or switchover the storage medium or the card where the storage
medium resides. Otherwise, the file system could be damaged.
0

0
80

80
yx

 Set prompt modes

yx
Chapter 9 Network Device File Management

The current configuration is stored in the temporary storage medium of the device, and is
removed if not saved when the device reboots.

A configuration file is saved as a text file. The content of a configuration file is command
lines, and only non-default configuration settings are saved. Commands in a configuration
file are listed in sections by views. Sections are separated with one or multiple blank lines
or comment lines that start with a pound sign #. The entire configuration file ends with a
0

0
return.
80

80
yx

yx
A network device can store multiple configuration files. The system boots with the
user-specified configuration file. If no configuration file is specified, the system boots with
the default configuration.

Most H3C devices support main and backup configuration files. If the main startup
configuration file is corrupted or lost, the system will use the backup startup configuration
file for device boot and configuration. The details of this feature are beyond this book.
0

0
80

80
yx

yx
0

0
80

80
yx

- 183 -
yx

yx
Chapter 9 Network Device File Management

Configuration File Management

Configuration File Operations

 Saving the configuration
<H3C>save
0

0
80

80
 Removing the configuration
yx

yx
<H3C>reset saved-configuration

 Specifying a startup configuration file

<H3C>startup saved-configuration filename

 Backing up/restoring the startup configuration file

<H3C>backup startup-configuration to dest-addr [ filename ]

<H3C>restore startup-configuration from src-addr filename
0

0
80

80
www.h3c.com
yx

yx
You can modify the current configuration on your device by using the command line
interface. However, the current configuration is saved in RAM. To make the modified
configuration take effect at the next boot of the device, you must save the current
configuration to the configuration file with the save command before the device reboots.

You can delete the startup configuration file by using commands. After the configuration file
is deleted, the system will use the null configuration when the device reboots.

The backup/restore feature allows you to back up and restore the startup configuration file
through command lines. The device and server transmit data through TFTP. The backup
0

0
80

feature allows you to back up the startup configuration file of the device to the TFTP server,
yx

and the restore feature allows you to download the configuration file saved on the TFTP
server to the device and specify it as the startup configuration file. You will learn how to use
TFTP services in the latter sections.

- 184 -
yx

yx
Chapter 9 Network Device File Management

Displaying and Maintaining Configuration File

 Displaying the saved configuration file

<H3C>display saved-configuration

 Displaying the startup configuration file

0
80

80
<H3C>display startup
yx

yx
 Displaying the validated configuration
<H3C>display current-configuration

 Displaying the validated configuration in current view

[H3C-ui-vty0]display this

www.h3c.com
0

0
80

80
yx

yx
In any view, the display saved-configuration command displays the contents of the
saved configuration file. The display current-configuration command displays the
current validated configuration information. The display startup command displays the
configuration file used for this and the next startup of the system. The display this
command displays the validated configuration information under the current view.
0

0
80

80
yx

- 185 -
yx

yx
Chapter 9 Network Device File Management

Transmitting Files by Using FTP

0
80

80
Host
yx

yx
Router/Switch

IP network

FTP client FTP server

FTP server FTP client
0

0
80

80
www.h3c.com
yx

yx
You can use File Transfer Protocol (FTP) to transmit files on network devices in a network.

Your device can function either as a client or a server.

 When the device serves as an FTP client, the user executes the ftp command on the
device terminal to establish a connection to the remote FTP server and download the
files on the server or upload the local files.
 When the device serves as an FTP server, FTP clients (users running the FTP client
program) log in to the device to download or upload files on the device. The
administrator must configure the IP address of the device as the FTP server IP
0

0
80

address before user login.

- 186 -
yx

yx
Chapter 9 Network Device File Management

Configuring FTP Service

 Enabling FTP server
[H3C]ftp server enable

 Creating a user
0

0
80

80
yx

yx
[H3C]local-user username

 Setting the service type and login password

[H3C-luser-xxx]service-type ftp
[H3C-luser-xxx]password { cipher | simple }
password

www.h3c.com
0

0
80

80
yx

yx
When the device serves as an FTP server, you must perform the following configurations:

Device Configuration Remarks

Disabled by default.
Enable the FTP server You can use the display ftp-server
function. command to view the FTP server
Device configuration on the device.
(FTP Configure the username, password,
server) Configure authentication and
and authorized working directory for an
authorization.
FTP user.

Configure the FTP server Parameters such as the FTP

operating parameters. connection timeout time

80
yx

PC (FTP Use the FTP client program to

—
client) log in to the FTP server.

After configuring the FTP service, you can log in to the device on the FTP client. After
passing authentication, you can upload and download files.

- 187 -
yx

yx
Chapter 9 Network Device File Management

FTP Operation Example

C:\>ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): h3c
331 Password required for h3c.
Password:
230 User logged in.
0

0
80

80
ftp> put config.cfg
200 Port command okay.
yx

yx
150 Opening ASCII mode data connection for config.cfg.
226 Transfer complete.
ftp: 1329 bytes sent in 0.00Seconds 1329000.00Kbytes/sec.
ftp>

www.h3c.com
0

0
80

80
yx

yx
The figure above shows an example for executing the ftp command on a PC to upload
configuration file config.cfg to a router that serves as an FTP server.
0

0
80

80
yx

- 188 -
yx

yx
Chapter 9 Network Device File Management

Transmitting Files by Using TFTP

0
80

80
Host
yx

yx
Router/Switch

IP network

TFTP server TFTP client

0
80

80
www.h3c.com
yx

80
yx

yx
<H3C>tftp 192.168.0.10 get config.cfg
The file config.cfg exists. Overwrite it? [Y/N]:y
Verifying server file...
Deleting the old file, please wait...

File will be transferred in binary mode

Downloading file from remote tftp server, please wait...
TFTP: 1329 bytes received in 0 second(s)
File downloaded successfully.
0

0
80

80
yx

yx
www.h3c.com

The above figure shows an example for a network device to execute the tftp command to
download configuration file config.cfg from the TFTP server.
0

0
80

80
yx

- 191 -
yx

yx
Chapter 9 Network Device File Management

Specifying a Boot File

Specifying a Boot File for the Next Boot

 Specifying a boot file for the next boot

0
80

80
<H3C>boot-loader file file-url
yx

yx
 Displaying a boot file for the next boot

<H3C>display boot-loader
0

0
80

80
www.h3c.com
yx

yx
A boot file is an application used when the device starts up. When there are multiple
application files in the storage media, you can use the boot-loader command to specify a
boot file for the next boot of the device. If you want to upgrade the operating system, you
only need to upload the new application file to the device, specify it as the boot file, and
reboot the device. The old application file still exists, and therefore, it is easy to recover to
the previous operating system version.

You can use the display boot-loader command to display the boot file for this and next
startup of the system.
0

0
80

80
yx

- 192 -
yx

yx
Chapter 9 Network Device File Management

Rebooting the Device

 Rebooting the system
<H3C>reboot
0

0
80

80
 Enabling the scheduled reboot function and
yx

yx
specifying a specific reboot time and date
<H3C>schedule reboot at hh:mm [ date ]
 Enabling the scheduled reboot function and
specifying a reboot waiting time
<H3C>schedule reboot delay { hh:mm | mm }
 Displaying the reboot time of a device

<H3C>display schedule reboot

0
80

80
www.h3c.com
yx

yx
After specifying a new boot file or upgrading the Boot ROM, you need to reboot the device
to make the configuration take effect.

You can execute the reboot command to reboot the device immediately, execute the
schedule command to specify a specific reboot time and date to make the device reboot
automatically at the specified time, or you can set a reboot wait time to make the device
reboot automatically after the specified time.
0

0
80

80
yx

- 193 -
yx

yx
Chapter 9 Network Device File Management

Software Maintenance

Boot Process

Booting Process
0

0
80

80
yx

yx
Power on
Load the
application

Hardware POST
Found
Search startup Not found
configuration file

Load Boot ROM

Load the
Load default
startup
Search Found configuration
application configuration
program files

Not found
0

0
Enter the Enter the CLI
80

80
Boot ROM menu
yx

www.h3c.com yx

Although the starting process for network devices differs with device models and software
versions, generally the starting process involves the hardware self-test, Boot ROM loading,
and H3C Comware system initialization. After this process, H3C Comware system will
control the device and implement most services.

As shown in the flow chart, after it is powered on, the router checks its hardware and then
0

boots the Boot ROM, which is a program saved in the ROM of the main board. It is like the
80

BIOS system in the CMOS of a PC, loading the operating system and maintaining some
yx

lower layer parameters. Then the device searches the H3C Comware application file with
the booting of the Boot ROM, decompresses and runs it after finding the file. After this, the
H3C Comware reads and recovers the configuration files of the device. After the whole
system is started, you can enter the CLI to perform operations.

If the Boot ROM cannot find the H3C Comware application, or the H3C Comware
application is corrupted, the system enters the Boot ROM mode. The administrator can

- 194 -
yx

yx
Chapter 9 Network Device File Management

repair the H3C Comware application in the Boot ROM menu, or the administrator can
forcibly pause the startup process and enter the Boot ROM mode.

A network device can store multiple configuration files. The system boots with the
user-specified configuration file. If no configuration file is specified, the system boots with
the default configuration.
0

0
80

80
yx

yx
 For security, a network device supports the multi-image function. The system can
save multiple images at the same time. An image can be main, backup, and security.
The system boots a router by using the files in the sequence of main, backup and
security.
 The details of the multi-image function are beyond this book. Please refer to the
related manual.
0

0
80

80
Router System Boot Example
yx

<H3C>
System is starting...
Press Ctrl+D to access BASIC-BOOTWARE MENU...
yx
System boot
Press Ctrl+T to start heavy memory test
Do you want to check SDRAM? [Y/N]
Booting Normal Extended BootWare
The Extended BootWare is self-decompressing....Done. Boot ROM
****************************************************************************
startup
* *
* H3C MSR36-20 BootWare, Version 1.42 *
* *
****************************************************************************
Copyright (c) 2004-2014 Hangzhou H3C Technologies Co., Ltd.

Compiled Date : Apr 1 2014

CPU ID : 0x2

BootWare Validating...
Press Ctrl+B to access EXTENDED-BOOTWARE MENU...
Loading the main image files... Decompression
Loading file cfa0:/msr36-cmw710-system-r0106l10.bin.........................
0

..............................Done.
and loading of
80

Loading file cfa0:/msr36-cmw710-security-r0106l10.bin....Done. application files

Loading file cfa0:/msr36-cmw710-data-r0106l10.bin......Done.
yx

Loading file cfa0:/msr36-cmw710-boot-r0106l10.bin..............Done.

Image file cfa0:/msr36-cmw710-boot-r0106l10.bin is self-decompressing.......

.........Done.
System image is starting...
Line aux0 is available.

Press ENTER to get started.

www.h3c.com

- 195 -
yx

yx
Chapter 9 Network Device File Management

The figure above shows typical output from a router startup. In this example, the version of
the Boot ROM is 1.42. At the end of the Boot ROM startup, if you press Ctrl+B as
prompted, the system will stop the loading process and enter the Boot ROM mode;
otherwise, the system will start executing the host software decompression.
0

0
80

80
yx

yx
To enter the boot menu, press Ctrl+B within 6 seconds after “Press Ctrl+B to access
EXTENDED-BOOTWARE MENU...” is prompted. Otherwise, the system will start
executing the host software decompression, and in this case, if you want to enter the boot
menu, you have to reboot the router.

The startup process of a switch is the same as a router, and is not described in this book.

Software Maintenance Methods

0
80

80
yx

yx
Software Maintenance Methods

 Upgrading application files by using

TFTP/FTP through command lines
 Upgrading application files through an
Ethernet port by using TFTP/FTP in Boot
ROM
 Upgrading application files through the
console port by using Xmodem in Boot
0

0
80

ROM
yx

www.h3c.com

H3C devices provide flexible software maintenance methods:

- 196 -
yx

yx
Chapter 9 Network Device File Management

 Upgrading applications by uploading or downloading applications, or upgrading

configuration files by using TFTP or FTP through the command line.
 Upgrading applications by using TFTP or FTP through an Ethernet port in the Boot
ROM.
 Upgrading applications by using XMODEM through the console port in the Boot ROM.
Generally, the device can enter the command line mode. If the administrator wants to
upgrade or back up the operating system software or quickly import or export configuration
0

0
80

80
files, he or she can upload or download files by using TFTP or FTP in the CLI.
yx

yx
In some cases, the device cannot enter the command line mode and can only enter the
Boot ROM mode. If the administrator wants to restore or upgrade the operating system
software, he can upload the application file through TFTP or FTP by performing the
operations provided by the Boot ROM menu to enable the device to start normally and
enter the command line mode. In this mode, the TFTP or FTP server must be connected to
a specific Ethernet port on the device.

If the TFTP or FTP server cannot be connected to the device (for example, port corruption
or no server software), the administrator can upgrade the application file by using
XMODEM through the console port to enable the device to start normally and enter the
command line mode.
0

0
80

80
yx

Be sure that you fully understand the impact of your Boot ROM, software, and file
upgrading operations. Incorrect Boot ROM, configuration file, and application file
management operations can cause boot failures.
0

0
80

80
yx

- 197 -
yx

yx
Chapter 9 Network Device File Management

Summary

Summary
 H3C devices can manage the files in the storage media.
0

0
80

80
 File operations include directory operations, file operations, and
yx

yx
storage medium operations.
 A configuration file includes startup configuration and running
configuration.
 You can upgrade the operating system software by specifying the
startup configuration file
 You can use FTP or TFTP to remotely load the system files such as
configuration file, operating system software and Boot ROM.
0

0
80

80
yx

yx
0

0
80

80
yx

- 198 -
yx

yx
Chapter 10 Basic Network Device Debugging

10 Basic Network Device Debugging

0
80

80
After setting up a network, you need to test network connectivity to ensure that hosts on
yx

yx
the network can communicate normally. Usually, to maintain network connectivity, network
devices run various protocols and deliver control messages between them. Thus, you also
need to debug these protocols or functional modules for configuration errors.

This chapter tells you how to test network connectivity and debug the functional modules
with the diagnosis and debug tools.

Learning Objectives
0

0
80

80
yx

yx
Learning Objectives
Upon completion of this lesson, you will be able to：

 Use the ping and tracert commands

to test network connectivity.
 Use debugging commands to
perform basic debugging on
network systems.
0

0
80

80
yx

- 199 -
yx

yx
Chapter 10 Basic Network Device Debugging

Network Connectivity Test

Testing Network Connectivity with the ping Command

Implementation of Ping
0

0
80

80
yx

yx
RTA RTB RTC

192.168.1.1 192.168.1.2 192.168.2.1 192.168.2.2 192.168.3.1

ping 192.168.3.1

echo-request

echo-reply
0

0
80

80
yx

www.h3c.com
yx

The ping command is implemented through the Internet Control Message Protocol (ICMP).
It is a widely used network connectivity test tool applied on various operating systems of
PCs or network devices. You can use the ping command to verify whether a device with a
specified address is reachable, and to examine network connectivity.

The ICMP protocol defines protocol packets of different types and the ping command
0

mainly uses two of them: ICMP echo request and ICMP echo reply. As shown in the
80

following figure, if you enter the ping 192.168.3.1 command on the command line interface
yx

of RTA, then the source device RTA sends an ICMP echo request to the destination device
RTC. If the network operates normally, the destination device will send an ICMP echo reply
to the source device upon receiving the ICMP echo request. If the network operates
abnormally, the source device RTA will output destination unreachable or timeout
information. After this interactive procedure, the source device RTA gets the status of the
IP layer of the destination device.

- 200 -
yx

yx
Chapter 10 Basic Network Device Debugging

Output of the Ping Command

[RTA]ping 192.168.3.1
Ping 192.168.3.1 (192.168.3.1): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.3.1: icmp_seq=0 ttl=64 time=1.824 ms
56 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=1.591 ms
56 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=1.204 ms
56 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=1.402 ms
56 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=0.919 ms
0

0
80

80
--- Ping statistics for 192.168.3.1 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
yx

yx
round-trip min/avg/max/std-dev = 0.919/1.388/1.824/0.312 ms
[RTA]%Oct 17 07:45:09:111 2013 RTA PING/6/PING_STATISTICS: Ping
statistics for 192.168.3.1: 5 packets transmitted, 5 packets received,
0.0% packet loss, round-trip min/avg/max/std-dev =
0.919/1.388/1.824/0.312 ms.

www.h3c.com
0

0
80

80
yx

yx
The figure above shows the actual output of the ping command.

In this example, RTA received the reply of each ICMP echo request from RTC; therefore,
the related information is displayed on RTA, including number of data bytes in each ICMP
echo request, packet serial number, time to live (TTL), and response time.

The last several lines of the output show the statistics for the ping command, including
number of ICMP echo requests sent, number of ICMP echo replies received, percentage of
packets not responded to the total packets sent, and minimum/average/maximum
response time.
0

0
80

80
yx

- 201 -
yx

yx
Chapter 10 Basic Network Device Debugging

Parameters of the Ping Command

<H3C>ping ?
-a Specify the source IP address
-c Specify the number of echo requests
-f Specify packets not to be fragmented
-h Specify the TTL value
-i Specify an outgoing interface
-m Specify the interval for sending echo requests
-n Numeric output only. No attempt will be made to lookup host
addresses for symbolic names
0

0
-p No more than 8 "pad" hexadecimal characters to fill out the
80

80
sent packet. For example, -p f2 will fill the sent packet
yx

yx
with 000000f2 repeatedly
-q Display only summary
-r Record route. Include the RECORD_ROUTE option in the
ECHO_REQUEST packets and display the route
-s Specify the payload length
-t Specify the wait time for each reply
-topology Specify a topology
-tos Specify the TOS value
-v Display the received ICMP packets other than ECHO-RESPONSE
packets
-vpn-instance Specify a VPN instance
STRING<1-253> IP address or hostname of remote system
ip IP information
ipv6 IPv6 information

www.h3c.com
0

0
80

80
yx

yx
The ping command provides abundant optional parameters:
 -a source-ip: Specifies the source IP address of an ICMP echo request
(ECHO-REQUEST).
 -c count: Specifies the number of times that an ICMP echo request is sent, in the
range 1 to 4,294,967,295. The default value is 5.
 -f: Discards packets larger than the MTU of a given interface, that is, the ICMP echo
request is not allowed to be fragmented.
 -h ttl: Specifies the TTL value for an ICMP echo request, in the range 1 to 255. The
default value is 255.
 -i interface-type interface-number: Specifies the ICMP echo request sending interface
0

by its type and number.

-m interval: Specifies the interval (in milliseconds) to send an ICMP echo request, in
yx

the range 1 to 65,535. The default value is 200 ms. If a reply from the destination is
received within the timeout time, the interval to send the next echo request equals the
actual response period plus the value of interval. If no reply from the destination is
received within the timeout time, the interval to send the next echo request equals the
timeout value plus the value of interval.
 -n: Specifies that the Domain Name System (DNS) is disabled for the host argument.
By default, the system translates hostname into an address.

- 202 -
yx

yx
Chapter 10 Basic Network Device Debugging

 -p pad: Specifies the padding value of the PAD field in the ICMP Echo Request
packet, which is a hexadecimal number ranging from 1 to 8 bits. For example, if pad is
set to 0xff, the PAD field will be fully filled with 0x000000ff, so that the total length of
the transmitted packet reaches the required length. By default, padded bytes begin at
0x01 and incrementally increase until 0xff, and then start padding again at 0x01.
 -q: Shows only statistics. By default, the system displays all the information, including
statistics.
0

0
80

80
 -r: Records routing information. By default, routes are not recorded.
yx

yx
 -s packet-size: Specifies length (in bytes) of an ICMP echo request, in the range 20 to
8,100. The default value is 56.
 -t timeout: Specifies the timeout value (in milliseconds) of an ICMP echo reply
(ECHO-REPLY). The value ranges from 1 to 65,535 and defaults to 2,000.
 -tos tos: Specifies type of service (ToS) of an echo request, in the range 0 to 255. The
default value is 0.
 -v: Displays any ICMP packets, other than ICMP echo replies received. By default, the
system does not display ICMP packets other than ICMP echo replies.

Testing Network Connectivity with the tracert Command

0
80

80
Implementation of Tracert
yx

RTA RTB RTC yx

192.168.1.1 192.168.1.2 192.168.2.1 192.168.2.2 192.168.3.1

tracert 192.168.3.1

Echo request TTL=1

(1)
TTL exceeded

Echo request TTL=2

0
80

(2)
Port unreachable
yx

www.h3c.com

- 203 -
yx

yx
Chapter 10 Basic Network Device Debugging

By using the tracert command, you can trace the routers that deliver an IP packet from
source to destination to check whether a network is available. This is useful for
identification of failed node(s) in the event of network failure.

As shown in the figure above, execute the tracert 192.168.3.1 command on RTA. The
following is the implementation procedure:
1) The source device RTA sends a UDP packet with a TTL value of 1 to the destination
0

0
device.
80

80
yx

yx
2) Each network device on the path toward the destination decrements the TTL value by
1 before it forwards the packet; therefore, after the UDP packet reaches the first hop
RTB, the TTL value is decreased to 0, and then RTB responds by sending a Time
Exceeded ICMP error message to the source, with its IP address encapsulated. In this
way, the source device can get the address of the first hop device.
3) The source device sends a packet with a TTL value of 2 to the destination device.
4) The ICMP packet with the TTL value of 2 is first sent to RTB, and the TTL value is
decreased to 1. After this packet reaches RTC, the TTL value is decreased to 0. Since
RTC is the destination device, it replies with a port unreachable ICMP error message
with the destination IP address. When RTA receives this message, it knows that the
packet has reached the destination and stops sending out any packet.
0

0
80

80
5) If there are more than two hops on the path between destination and source, the
yx

yx
process above continues until the ultimate destination device is reached. In this way,
the source device can get the IP addresses of all the devices on the path towards the
destination device.
0

0
80

80
yx

- 204 -
yx

yx
Chapter 10 Basic Network Device Debugging

Output of the tracert Command

0
80

80
yx

yx
System Debugging Overview

Introduction to System Debugging

For the majority of protocols and features supported, the
system provides corresponding debugging information to
help users locate and diagnose errors.
The protocol debugging switch and the screen output
switch control the display of debugging information.
Debugging
information Debugging
information
0

0
1 2 3 1 2 3
80

80
yx

yx
Protocol
Protocol
ON OFF ON debugging ON OFF ON
debugging
switch
switch

1 3 1 3

Screen output Screen output ON

switch OFF switch
1 3

www.h3c.com
0

The device provides various debugging functions. For the majority of protocols and
80

80
yx

features supported, the system provides corresponding debugging information to help

users locate and diagnose errors.

The following two switches control the display of debugging information:

 The protocol debugging switch (also known as module debugging switch), which
controls protocol-specific debugging information.
 The screen output switch, which controls whether to display the debugging information
on a certain screen.

- 207 -
yx

yx
Chapter 10 Basic Network Device Debugging

The relationship between the protocol and screen output switch is shown in the figure
above. Only when both the protocol debugging switch and the screen output switch are
turned on can debugging information be output on a terminal.

System Debugging Operations

0
System Debugging Operations
80

80
yx

yx
 Enable the monitoring of system information on
the console.
<H3C>terminal monitor
 Enable the display of debugging information on the
current terminal.
<H3C>terminal debugging
 Enable the debugging of a specific module.
<H3C>debugging module-name
 Display enabled debugging functions.
0

0
80

80
yx

yx
<H3C>display debugging

www.h3c.com

The terminal debugging command enables the display of debugging information on the
current terminal.

The debugging command enables the protocol debugging switch. You must specify the
related protocol module name in this command, such as ATM and ARP. The module name
0

0
80

may contain more than one keyword. For example, if you want to know the packet process
yx

status at the IP layer, you can use the debugging ip packet command.

The terminal monitor command enables the monitoring of system information on the
console. The debugging information is a kind of system information; therefore, this is a
switch command of a higher level. This command is optional and the monitoring of the
system information on the console is enabled by default.

Finally, you can use the display debugging command to display enabled debugging
functions.

- 208 -
yx

yx
Chapter 10 Basic Network Device Debugging

Sample Debug Output

<RTA>ping -c 1 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
*Oct 1 17:16:21:648 2008 RTA IPFWD/7/debug_case:
Sending, interface = Serial6/0, version = 4, headlen = 20, tos = 0,
0

0
pktlen = 84, pktid = 2775, offset = 0, ttl = 255, protocol = 1,
80

80
checksum = 11646, s = 192.168.1.1, d = 192.168.1.2
prompt: Sending the packet from local at Serial6/0
yx

yx
*Oct 1 17:16:21:673 2008 RTA IPFWD/7/debug_case:
Receiving, interface = Serial6/0, version = 4, headlen = 20, tos = 0,
pktlen = 84, pktid = 1515, offset = 0, ttl = 255, protocol = 1,
checksum = 12906, s = 192.168.1.2, d = 192.168.1.1
prompt: Receiving IP packet from Serial6/0

*Oct 1 17:16:21:674 2008 RTA IPDBG/7/debug_case:

Delivering, interface = Serial6/0, version = 4, headlen = 20, to s = 0,
pktlen = 84, pktid = 1515, offset = 0, ttl = 255, protocol = 1,
checksum = 12906, s = 192.168.1.2, d = 192.168.1.1
prompt: IP packet is delivering up!

Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=26 ms

--- 192.168.1.2 ping statistics ---

1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/26 ms
0

0
80

80
www.h3c.com
yx

yx
In this example, the debugging ip packet command is executed in advance for you to view
the execution process of the ping command. This example displays the detailed packet
processing procedures of the IP protocol layer when RTA sends an ICMP echo request
and receives an ICMP echo reply.

In this example, the value of the -c keyword is specified as 1; therefore, the ICMP echo
request is sent for once only. Oct 1 17:16:21:648 2008 RTA IPFWD/7/debug_case: is
system information and indicates the output of the debugging information. This piece of
information shows you the output time of the debugging information and the module name,
0

0
80

which is IPFWD (IP forwarding module).

The debugging information is divided into three parts:

 The first part shows the actual content of the IP header in the ICMP packet, including
length, identification, offset, protocol, source IP address, destination IP address, and
so on. The system first checks the routing/forwarding table, and then sends out this
ICMP packet from serial interface Serial 6/0.
 The second part shows that RTA receives a packet from Serial 6/0. The information is
similar to the first part, and RTA prints out the content of the IP header in the ICMP

- 209 -
yx

yx
Chapter 10 Basic Network Device Debugging

packet. You can see from the output information that this packet is the reply of the
former ICMP echo request.
 The last part describes the same packet in the second part. As RTA is the destination
of the reply packet, the packet is delivered to the upper layer of the local IP forwarding
layer for processing; therefore, the system prints out the information Reply from
192.168.1.2:, which indicates that 192.168.1.2 is reachable.
The last few lines display the statistics on data received and sent by the ping command,
0

0
80

80
including the following:
yx

yx
 One ICMP echo request is sent.
 One ICMP echo reply is received.
 Because all packets are responded, the packet loss rate is 0%.
 The minimum, average, and maximum response time is all 26 ms (because only one
ICMP echo request/reply is sent.)

Summary
0

0
Summary
80

80
yx

yx
 The ping function uses ICMP echo requests and ICMP
echo replies to test network connectivity.
 The tracert function uses TTL expiration mechanism
to test network connectivity
 The display of debugging information is controlled by
both the protocol debugging switch and the screen
output switch.
0

0
80

80
yx

- 210 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

11 Ethernet Switch Fundamentals

0
80

80
Switches are key network devices on local area networks (LANs). They forward data
yx

yx
frames quickly between hosts. Different from hubs, Ethernet switches work at the data link
layer to forward data frames based on MAC addresses. After reading through this chapter,
you can learn:
 Differences between shared Ethernet and switched Ethernet.
 How a switch learns MAC addresses to establish its MAC address table, and thereby
forwards data frames.

Learning Objectives
0

0
80

80
yx

yx
Learning Objectives
Upon completion of this lesson, you will be able to:

 Identify the differences between shared Ethernet and

switched Ethernet

 Describe how a switch establishes its MAC address table

0
80

bandwidth each host has. In addition, whatever a host sends, whether it is in a unicast,
yx

multicast, or broadcast packet, all the other hosts receive it. This is both inefficient and
insecure.

Switched Ethernet solves all these problems with shared Ethernet by reducing the size of
collision domains.

- 212 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

Switched Ethernet

Collision
Collision
domain
domain
0

0
80

80
yx

yx
Bridge Layer 2 switch

Collision
Collision
Collision domain
Collision domain
domain
domain

On a switched Ethernet, the ports of a switch form

boundaries between collision domains. All hosts
attached to the same port share bandwidth of the port.

www.h3c.com
0

0
80

80
yx

yx
Bridges were once used to connect multiple network segments at the data link layer on a
switched Ethernet. They are also called transparent bridges because they are transparent
in the network and do not require any configuration on the attached hosts. The protocol for
bridges is IEEE 802.1D, which is also called the transparent bridge protocol.

Today, Layer 2 switches are widely used to build switched Ethernet networks. Layer 2
switches are IEEE 802.1D compliant and similar to bridges in basic functionality. The
difference is that a Layer 2 switch provides higher port density, more powerful forwarding
capability, and more features.

A Layer 2 switch uses the CSMA/CD mechanism to detect and avoid collisions as a hub
does. The difference is that each port on the switch forms the boundary of a separate
0

0
80

collision domain. All hosts attached to a switch port share the bandwidth of the port and
yx

there is no bandwidth contention between ports. As the size of each collision domain is
limited, switched Ethernet has much higher switching performance than shared Ethernet.

- 213 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

MAC Address Learning

Initial MAC Address Table

MAC Address Table

MAC Address Port
0

0
80

80
yx

yx
PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD

At startup of a switch, the initial MAC address

table is empty.
0

0
80

80
www.h3c.com
yx

yx
When a switch receives a frame from a host, it floods the frame out of all ports but the
incoming port. All the other hosts, including the destination host, in the switched LAN
receive the data frame. This forwarding approach is inefficient and wastes bandwidth.

To improve forwarding efficiency, every Ethernet switch maintains a MAC address table,
which describes from which port a MAC address (or a host) can be reached. This table
allows the switch to forward a data frame only to its destination.

A switch can automatically populate its MAC address table by learning source MAC
0

addresses of incoming frames on each port.

80
yx

- 214 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

MAC Address Learning Process (1)

MAC Address Table

MAC Address Port
MAC_A E1/0/1
0

0
80

80
yx

yx
PC A PC C
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PC B PC D
1) PC A sends a data frame.
2) The switch associates the source MAC address of the
data frame with the incoming port.
3) The switch forwards the data frame out every other port.

www.h3c.com
0

0
80

80
yx

yx
Look at the above figure. Suppose PCA sends a data frame to PCD. The frame carries
MAC_A (the MAC address of PCA) as the source MAC address and MAC_D (the MAC
address of PCD) as the destination MAC address.

When the frame arrives at port Ethernet 1/0/1, the switch looks up the MAC address table
based on the source MAC address in the frame. If no match is found, the switch adds the
source MAC address (MAC_A) together with the incoming port Ethernet 1/0/1 to the MAC
address table. Then, the switch looks up the MAC address table based on the destination
MAC address. If no match is found, it floods the data frame out of all ports but the incoming
port.

The learning process is performed each time a frame is received from an unknown source
0

0
80

MAC address until the MAC address table is fully populated.

- 215 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

MAC Address Learning Process (2)

MAC Address Table

MAC Address Port
MAC_A E1/0/1
MAC_B E1/0/2
0

0
MAC_C E1/0/3
80

80
MAC_D E1/0/4
yx

yx
PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD
4) PCB, PCC, and PCD send data frames.
5) The switch associates the source MAC address of each
received data frame with the incoming port.

www.h3c.com
0

0
80

80
yx

yx
When learning MAC addresses, a switch follows two rules:
 A MAC address can be learned only on one port. If the switch finds out that the MAC
address learned on one port has been learned on another port, it removes the entry
previously learned and adds the new one. The situation may occur when a host is
moved from one port to another.
 More than one MAC address can be learned on a port because multiple hosts may
attach to a port through a hub.
To accommodate topology changes and prevent inactive entries from occupying table
space, the aging mechanism is adopted for the MAC address table. When a MAC address
entry is learned, an aging timer starts for it. If the entry has not been updated before the
0

0
80

timer expires, the entry is cleared.

- 216 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

Frame Forwarding and Filtering

Forwarding of Unicast Data Frames

MAC Address Table

MAC Address Port
0

0
80

80
MAC_A E1/0/1
yx

yx
MAC_B E1/0/2
MAC_C E1/0/3
MAC_D E1/0/4
PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD

 PCA sends a unicast frame destined for PCD.

 Based on the MAC address table, the switch sends the frame
out port Ethernet 1/0/4.
 The switch does not forward the frame out any other port.
0

0
80

80
www.h3c.com
yx

yx
As described earlier, a switch forwards data frames based on the MAC address table.

In the above figure, PCA sends a data frame destined for MAC_D, the MAC address of
PCD. When receiving the data frame on Ethernet 1/0/1, the switch searches the MAC
address table based on the destination MAC address, finds the entry for MAC_D, and
sends the data frame only out of the outgoing port Ethernet 1/0/4. Neither PCB nor PCD
receives the data frame.
0

0
80

80
yx

- 217 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

Forwarding of Broadcast, Multicast, and

Unknown Unicast Frames

MAC Address Table

MAC Address Port
MAC_A E1/0/1
MAC_B E1/0/2
0

0
MAC_C E1/0/3
80

80
MAC_D E1/0/4
yx

yx
PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD

The switch sends a broadcast, multicast, or

unknown unicast frame out of all ports but the
incoming port.
www.h3c.com
0

0
80

80
yx

yx
The switch floods a broadcast or multicast out of all ports but the incoming one. This is
because broadcast and multicast frames are intended for all hosts or a group of hosts on
the switched LAN.

Similarly, if the switch fails to find a MAC address entry for the destination of a unicast
frame, it considers the frame as destination unknown and floods the frame out of all ports
but the incoming one to ensure that the destination can receive the frame.
0

0
80

80
yx

- 218 -
yx

yx
Chapter 11 Ethernet Switch Fundamentals

Filtering of Data Frames

MAC Address Table

MAC Address Port
MAC_A E1/0/1
MAC_B E1/0/1
0

0
MAC_C E1/0/3
80

80
MAC_D E1/0/4
yx

yx
PCA PCC
E1/0/3
E1/0/1

Hub E1/0/4

PCB PCD

 PCA sends a data frame destined for PCB.

 When the frame arrives at port Ethernet 1/0/1, the switch looks up the
MAC address table based on the destination address. If an entry is
found and the outgoing port is Ethernet 1/0/1, the switch discards the
frame.
www.h3c.com
0

0
80

80
yx

yx
Typically, no switching is needed for the hosts attached to the same switch port because
they can directly communicate with each other. To avoid useless frame forwarding, an
incoming frame will be dropped if its destination address has been learned on the port
where it is received.

As shown in the above figure, PCA and PCB are attached to the hub connected to port
Ethernet 1/0/1 of the switch. The switch learns the addresses of PCA and PCB on port
Ethernet 1/0/1. When PCA communicates with PCB, the frames reach both PCB and port
Ethernet 1/0/1 of the switch. The port discards the frames instead of forwarding them.
0

0
80

80
yx

- 219 -
yx

source MAC addresses of incoming frames.
 A switch forwards data frames based on the MAC
address table.
 Layer 3 ports of a router/Layer 3 switch form boundaries
between broadcast domains.
0

0
80

80
yx

yx
0

0
80

80
yx

- 221 -
yx

yx
Chapter 12 Virtual Local Area Network

12 Virtual Local Area Network

0
80

80
The virtual local area network (VLAN) technology was introduced to limit broadcasts in a
yx

yx
switched LAN. It breaks a LAN down into multiple independent Layer 2 broadcast domains
called VLANs. Each VLAN is a bridging domain, frames are switched only between ports
assigned to the same VLAN, and all broadcast traffic is contained within VLANs.

Learning Objectives

Learning Objectives
0

0
Upon completion of this lesson, you will be able to:
80

80
yx

yx
 Describe the need for VLANs

 Describe VLAN assignment and

configure VLANs

 Describe the IEEE 802.1Q frame format

 Describe the link types of switch ports

and set the link type of a port
0

0
80

80
yx

Layer 2
switch
0

0
80

80
yx

yx
VLAN 1 VLAN 2
Broadcast
frames

PCA PCB PCC PCD

Layer 2 switches use VLANs to break a LAN down into

smaller broadcast domains.

www.h3c.com
0

0
80

80
yx

yx
Using VLAN technology on switches is a more cost effective way to isolate broadcasts
than routers. VLAN technology breaks a LAN into smaller logical LANs, each being a
broadcast domain. While devices in the same VLAN can communicate as if they were on a
LAN, devices in different VLANs are isolated at Layer 2. To enable communication
between VLANs, routers or Layer 3 switches are required. In this way, broadcast frames
are confined in a VLAN. Currently, most Ethernet switches support VLAN technology.
0

0
80

80
yx

- 225 -
yx

yx
Chapter 12 Virtual Local Area Network

Benefits of VLANs
0

0
PCA
80

80
PCB
yx

yx
PCC PCD
Workgroup Workgroup
1 2
 Reduces broadcast domain size
 Enhances LAN security
 Flexible creation of virtual workgroups
www.h3c.com
0

0
80

80
yx

yx
With VLAN technology, a LAN is logically segmented on an organizational basis rather
than on a physical location basis. All workstations and servers in a particular workgroup
can be assigned to the same VLAN, regardless of their physical location in the LAN.

VLAN technology delivers the following benefits:

 Confines broadcast traffic within individual VLANs. This reduces bandwidth waste and
improves network performance.
 Improves LAN security. By assigning user groups to different VLANs, you can isolate
them at Layer 2. Hosts in different VLANs can communicate only through a router or
Layer 3 switch.
 Flexible virtual workgroup creation. Because users in the same workgroup can be
0

0
80

assigned to the same VLAN regardless of their physical location, network construction
yx

and maintenance is much easier and more flexible.

VLAN Assignment

You can assign a frame to a VLAN for transmission in many ways. Generally, VLAN
assignment can be based on:
 Port
 Protocol

- 226 -
yx

yx
Chapter 12 Virtual Local Area Network

 IP subnet

Port-Based VLAN Assignment

0
80

80
VLAN Table
yx

yx
VLAN ID Port
10 E1/0/1
10 E1/0/2
20 E1/0/3
20 E1/0/4
PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD
VLAN 10 VLAN 20
0

0
80

80
yx

yx
www.h3c.com

In a port-based VLAN, VLAN assignment is based on ports. A port forwards traffic for a
VLAN only after it is assigned to the VLAN. The port-based VLAN implementation is the
basis for any other type of VLAN. Before using any other VLAN implementations,
port-based VLAN settings must be configured.

In the figure above, Ethernet 1/0/1 and Ethernet 1/0/2 are assigned to VLAN 10, Ethernet
1/0/3 and Ethernet 1/0/4 are assigned to VLAN 20. Therefore, PCA and PCB are in VLAN
0

10 and can communicate with each other. PCC and PCD are in VLAN 20 and can
80

communicate with each other. However, PCA and PCC cannot communicate with each
yx

other at Layer 2 because they are in different VLANs.

- 227 -
yx

yx
Chapter 12 Virtual Local Area Network

Protocol-Based VLAN Assignment

VLAN Table
0

0
VLAN ID Protocol
80

80
10 IP
yx

yx
20 IPX

PCA PCC
E1/0/1 E1/0/3

E1/0/2 E1/0/4

PCB PCD

VLAN 10 VLAN 20
IP-enabled IPX-enabled
0

0
80

80
www.h3c.com
yx

yx
In the protocol-based VLAN approach, frames are assigned to different VLANs based on
their protocol (suite) types such as IP and IPX.

Upon receiving an Ethernet frame on a port, the switch identifies to which VLAN the
Ethernet frame belongs according to the protocol encapsulated in the frame, and then
automatically assigns the frame to the VLAN for transmission.

By binding a protocol with a VLAN, this approach facilitates management and

maintenance.
0

0
80

80
yx

- 228 -
yx

yx
Chapter 12 Virtual Local Area Network

IP Subnet-Based VLAN Assignment

VLAN Table
0

0
VLAN ID IP subnet
80

80
10 10.0.0.0/24
yx

yx
20 20.0.0.0/24

10.0.0.1/24 20.0.0.1/24
E1/0/1 E1/0/3

E1/0/2 E1/0/4

10.0.0.2/24 20.0.0.2/24
VLAN 10 VLAN 20
0

0
80

80
www.h3c.com
yx

yx
In the IP subnet-based VLAN approach, a frame is assigned to a VLAN based on its
source IP address and subnet mask.

This approach is used to assign packets from the specified network segment or IP address
to a specific VLAN for management purposes.
0

0
80

80
yx

- 229 -
yx

yx
Chapter 12 Virtual Local Area Network

VLAN Fundamentals

VLAN Tag
0

0
An Ethernet
80

80
frame with
yx

yx
VLAN tag 10
PCA PCC

PCB An Ethernet PCD

frame with
VLAN 10 VLAN tag 20 VLAN 20

The switch uses VLAN tags to identify Ethernet

frames from different VLANs
0

0
80

80
www.h3c.com
yx

yx
Ethernet switches forward data frames based on MAC addresses. To this end, each
Ethernet switch must maintain a MAC address table that describes from which port a host
can be reached at its MAC address. When receiving an Ethernet frame on a port, the
switch looks up the MAC address table for the outgoing port based on the destination MAC
address of the frame. If the destination MAC address is a broadcast address, the switch
floods the frame out of all the ports except the incoming port.

VLAN technology adds a VLAN tag to the Ethernet frame to identify the VLAN where the
frame can be transmitted. To support VLAN technology, the VLAN ID attribute must be
0

0
80

included in the MAC address table to identify to which VLAN a MAC address entry belongs.
yx

MAC address table lookup is thus based on both destination MAC address and VLAN ID. A
frame can be forwarded out of a port only when a MAC address table entry is found for it
and the outgoing port carries the specific VLAN in the entry.

As shown in the figure above, the switch tags the Ethernet frames from PCA and PCB with
VLAN tag 10, tags the Ethernet frames from PCC and PCD with VLAN tag 20, and adds
the MAC address entries for them with their VLAN IDs included in the MAC address table.
Because MAC address table lookup is based on both MAC address and VLAN ID, the
switch forwards Layer 2 traffic only between PCA and PCB and between PCC and PCD.

- 230 -
yx

yx
Chapter 12 Virtual Local Area Network

IEEE 802.1Q Frame Format

IEEE 802.1Q defines the VLAN tag format for Ethernet frames.

802.1Q Frame Format

0
80

80
yx

yx
DA SA Type Data CRC

Standard Ethernet frame

DA SA tag Type Data CRC

TCI

TPID Priority CFI VLAN ID

IEEE 802.1Q-tagged Ethernet frame

0
80

80
yx

yx
www.h3c.com

Adding a 4-byte 802.1Q tag to an Ethernet frame makes a VLAN-tagged frame.

Comparatively, a traditional Ethernet frame without an 802.1Q tag is known as an
untagged frame.

An 802.1Q tag contains a 2-byte tag protocol identifier (TPID) field and a 2-byte tag control
information (TCI) field.

The TPID field identifies whether the frame is VLAN tagged. For VLAN-tagged frames, the
0

0
80

field is fixed to 0x8100.

The tag control information (TCI) field has the following three subfields:
 Priority: A 3-bit field indicating the 802.1p priority of the frame. The 802.1p priority
value ranges from 0 to 7.
 CFI: The 1-bit CFI field specifies whether the MAC addresses are encapsulated in the
standard format when packets are transmitted across different media. Value 0
indicates that the MAC addresses are encapsulated in the standard format. Value 1
indicates that MAC addresses are encapsulated in a non-standard format. It is used in

- 231 -
yx

yx
Chapter 12 Virtual Local Area Network

token rings/source-routed FDDI MAC access to signal the bit order of the address
information carried in the encapsulated frame.
 VLAN ID (VLAN Identifier): A 12-bit field identifying the VLAN ID of the frame. There
are 4,096 VLAN IDs in all. Every frame sent out an 802.1Q-enabled switch carries the
field to identify to which VLAN the frame belongs.

How VLAN Tags Are Handled

0
80

80
yx

yx
Single-Switch VLAN Tag Manipulation
An untagged
Ethernet frame

PCA Tag=10 PCC

Tag=20
0

0
PCB PCD
80

80
yx

 When a frame arrives, the switch inserts a VLAN tag into the
frame.
yx
 When the frame leaves, the switch removes the VLAN tag.

www.h3c.com

When an untagged frame arrives at an access switch, the switch inserts a VLAN tag into
the frame header to identify in which VLAN the frame can be transmitted. When forwarding
a VLAN tagged frame to a directly attached host, the access switch removes the VLAN tag.
0

0
80

The VLAN assignment and VLAN tag removal are transparent to the source and
yx

destination hosts. The hosts do not need to know how VLAN assignment is performed in
the network or recognize 802.1Q-tagged frames.

You can configure the link type of a port as access, trunk, or hybrid depending on the
purpose of the port. The VLAN tag handling method and the number of VLANs that a port
can carry vary with the link types. Every port has a default VLAN, which is called PVID and
sometimes known as native VLAN. By default, VLAN 1 is the default VLAN of all ports. It
can be changed as needed.

- 232 -
yx

yx
Chapter 12 Virtual Local Area Network

Access Port

Access
Port
0

0
80

80
PCA Tag=10 PCC
yx

yx
Tag=20
PCB PCD

 Connected to only one VLAN (also the default VLAN of the

port). It permits only traffic with the PVID to pass through.
 Usually used for connecting end-user devices.
www.h3c.com
0

0
80

Trunk ports are usually used to connect switches.

The figure above shows how VLAN tags are manipulated when the switches forward traffic
between PCA and PCC and between PCB and PCD.

When an Ethernet frame from PCA arrives at the access port Ethernet 1/0/1 of SWA, SWA
tags the frame with the PVID of Ethernet 1/0/1, VLAN 10 for example, and then forwards
0

0
80

the tagged frame out of the trunk port Ethernet 1/0/24 to SWB. SWB examines the
yx

destination MAC address and VLAN tag of the frame and then delivers it to port Ethernet
1/0/1. Because the PVID of port Ethernet 1/0/1 is VLAN 10, SWB strips off the VLAN tag
and forwards the untagged frame to PCC.

Let’s look at how a frame sent from PCB to PCD is processed. The access port Ethernet
1/0/2 on SWA tags the frame with PVID 20 and sends it to the egress trunk port Ethernet
1/0/24. Because the PVID of the trunk port is VLAN 20, the frame is sent out with the tag
removed. When the untagged frame arrives at port Ethernet 1/0/24 of SWB, SWB tags the
frame with VLAN 20 (the PVID of the port) and then delivers it to port Ethernet 1/0/2.

- 235 -
yx

yx
Chapter 12 Virtual Local Area Network

Because the PVID of port Ethernet 1/0/2 is VLAN 20, SWB strips off the VLAN tag and
forwards the untagged frame to PCD.

Hybrid Port
Hybrid port
PVID: 10
Untag: 10, 30
0

0
80

80
PCA Tag=10
yx

yx
Tag=20 PCC

PCB Hybrid port

Hybrid port PVID: 30
PVID: 20 Untag: 10, 20, 30
Untag: 20, 30
 Permits frames from multiple VLANs to pass through
 A hybrid is different from a trunk port in that:
 A hybrid port permits Ethernet frames from multiple VLANs to pass through
untagged.
 A trunk port permits only frames from the default VLAN to pass through
untagged.
0

0
80

80
www.h3c.com
yx

yx
Similar to a trunk port, a hybrid port permits frames from multiple VLANs to pass through.
Different from a trunk port, a hybrid port can forward frames untagged for any VLANs.

Hybrid ports are useful in some special scenarios. For example, you can configure hybrid
ports to allow hosts in different VLANs to communicate with the same host.

As shown in the figure above, PCA sends a frame to PCC. The frame is tagged with VLAN
10 at the hybrid port connected to PCA. When it arrives at the port connected to PCC, the
port strips the VLAN 10 tag from the frame and sends it to PCC. Similarly, the frames
0

0
80

tagged with VLAN 20 can reach PCC because the port connected to PCC can forward the
yx

frames untagged. However, frames from PCA cannot reach PCB, because the port
connected to PCB does not permit the frames from VLAN 10 to pass through.

- 236 -
yx

yx
Chapter 12 Virtual Local Area Network

Configuring Basic VLAN Settings

Basic VLAN Configurations

 Create a VLAN and enter VLAN view

0
80

80
[Switch] vlan vlan-id
yx

yx
 Assign ports to the VLAN
[Switch-vlan10] port interface-list
0

0
80

80
www.h3c.com
yx

yx
By default, only VLAN 1 exists on a switch, and all ports are access ports and belong to
VLAN 1. To configure basic VLAN settings, follow these steps:

Step1 Create a VLAN in system view and enter VLAN view.

vlan vlan-id

Step2 Assign ports to the VLAN in VLAN view.

port interface-list
0

0
80

80
yx

- 237 -
yx

yx
Chapter 12 Virtual Local Area Network

Configuring a Trunk Port

 Configure the link type of a port as trunk
[Switch-Ethernet1/0/1] port link-type trunk

 Assign the trunk port to VLANs

0
80

80
[Switch-Ethernet1/0/1] port trunk permit vlan { vlan-
yx

yx
id-list | all }

 Set the default VLAN of the trunk port

[Switch-Ethernet1/0/1] port trunk pvid vlan vlan-id

www.h3c.com
0

0
80

80
yx

yx
To configure a port as a trunk port, follow these steps:

Step1 Configure the link type of the port as trunk in Ethernet port view.

port link-type trunk

Step2 Assign the port to VLANs in Ethernet port view as needed. By default, a trunk
permits only the frames from the default VLAN (VLAN 1) to pass through. Assigned
to a VLAN, the port can carry traffic for the VLAN.

port trunk permit vlan { vlan-id-list | all }

Step3 Change the default VLAN of the trunk port as needed in Ethernet port view.
0

0
80

port trunk pvid vlan vlan-id

By default, the PVID of a trunk port is VLAN 1. If the connected switch port is using a
different PVID, you need to change the local setting to be the same as the one set on the
connected switch port to prevent communication error.

- 238 -
yx

yx
Chapter 12 Virtual Local Area Network

Configuring a Hybrid Port

 Configure the link type of a port as hybrid
[Switch-Ethernet1/0/1] port link-type hybrid
0

0
80

80
 Assign the hybrid port to VLANs
yx

yx
[Switch-Ethernet1/0/1] port hybrid vlan vlan-id-list
{ tagged | untagged }

 Set the default VLAN of the hybrid port

[Switch-Ethernet1/0/1] port hybrid pvid vlan vlan-id
0

0
www.h3c.com
80

80
yx

To configure a port as a hybrid port, follow these steps: yx

Step1 Configure the link type of the port as hybrid in Ethernet port view.

port link-type hybrid

Step2 Assign the port to VLANs in Ethernet port view and specify whether to strip off
VLAN tags for frames from these VLANs before forwarding them. By default, a
hybrid port permits only frames from VLAN 1 to pass through.

port hybrid vlan vlan-id-list { tagged | untagged }

0
80

Step3 Specify the default VLAN for the hybrid port in Ethernet port view.
yx

port hybrid pvid vlan vlan-id

To change a trunk port to a hybrid port or vice versa, configure it as an access port first.

- 239 -
yx

yx
Chapter 12 Virtual Local Area Network

VLAN Configuration Example

PCA PCC
0

0
E1/0/1 E1/0/1
80

80
E1/0/24
E1/0/24
yx

yx
E1/0/2 E1/0/2
SWA SWB
PCB PCD

[SWA]vlan 10 [SWB]vlan 10
[SWA-vlan10]port Ethernet1/0/1 [SWB-vlan10]port Ethernet1/0/1
[SWA]vlan 20 [SWB]vlan 20
[SWA-vlan20]port Ethernet1/0/2 [SWB-vlan20]port Ethernet1/0/2
[SWA]interface Ethernet1/0/24 [SWB]interface Ethernet1/0/24
[SWA-Ethernet1/0/24]port link-type [SWB-Ethernet1/0/24]port link-type
trunk trunk
[SWA-Ethernet1/0/24]port trunk [SWB-Ethernet1/0/24]port trunk
permit vlan 10 20 permit vlan 10 20
0

0
www.h3c.com
80

80
yx

yx
The figure above shows a basic VLAN configuration example. In the figure, PCA and PCC
belong to VLAN 10, PCB and PCD belong to VLAN 20, and the two switches are
connected through trunk ports. The PVIDs of the trunk ports are both VLAN 1.

Configure SWA:
[SWA]vlan 10
[SWA-vlan10]port Ethernet1/0/1
[SWA]vlan 20
[SWA-vlan20]port Ethernet1/0/2
[SWA]interface Ethernet1/0/24
[SWA-Ethernet1/0/24]port link-type trunk
[SWA-Ethernet1/0/24]port trunk permit vlan 10 20
0

0
80

Configure SWB:
yx

[SWB]vlan 10
[SWB-vlan10]port Ethernet1/0/1
[SWB]vlan 20
[SWB-vlan20]port Ethernet1/0/2
[SWB]interface Ethernet1/0/24
[SWB-Ethernet1/0/24]port link-type trunk
[SWB-Ethernet1/0/24]port trunk permit vlan 10 20

After the configuration is completed, PCA and PCC can communicate with each other but
neither of them can communicate with PCB or PCD. PCB and PCD can communicate with
each other.

- 240 -
yx

yx
Chapter 12 Virtual Local Area Network

Displaying & Maintaining VLANs

<Switch>display vlan
VLAN function is enabled.
Total 3 VLAN exist(s).
Now, the following VLAN exist(s):
1(default), 2, 10 VLANs created on the switch

<Switch> display vlan 2

VLAN ID: 2
0

0
80

80
VLAN Type: static
Route interface: not configured
yx

yx
Description: VLAN 0002 Ports where frames from VLAN 2
Tagged Ports: none are sent out with the tag
Untagged Ports: Ports where
Ethernet1/0/1 Ethernet1/0/3 Ethernet1/0/4
frames from
VLAN 2 are sent
<Switch> display interface ethernet 1/0/1
... out untagged
PVID: 1 Default VLAN of the port
Mdi type: auto
Port link-type: access The link type of the current
Tagged VLAN ID : none port is access
Untagged VLAN ID : 1
Port priority: 0
...

www.h3c.com
0

0
80

80
yx

yx
To display VLANs created on the switch, perform the display vlan command in any view.

As shown in the figure above, VLAN 1, VLAN 2, and VLAN 10 exist on the switch currently,
and VLAN 1 is the system default VLAN.

To display ports in a specific VLAN, perform the display vlan vlan-id command in any
view.

As shown in the figure above, Ethernet 1/0/1, Ethernet 1/0/3, and Ethernet 1/0/4 are in
VLAN 2, and they strip the VLAN tag from frames from VLAN 2 before forwarding them.

To display VLAN information for a specific port, perform the display interface
interface-type interface-number command in any view.
0

0
80

80
yx

As shown in the figure above, Ethernet 1/0/1 is an access port, and its PVID is VLAN 1. For
a trunk or hybrid port, the command also displays for which VLANs frames are forwarded
tagged, and for which untagged.

- 241 -
yx

yx
Chapter 12 Virtual Local Area Network

Summary

Summary
0

0
 VLANs segment a LAN into smaller
80

80
yx

yx
broadcast domains
 A switch uses VLAN tags to identify data
frames from different VLANs
 The link type of a switch port can be access,
trunk, or hybrid
0

0
80

80
yx

yx
0

0
80

80
yx

- 242 -
yx

yx
Chapter 13 Spanning Tree Protocol

13 Spanning Tree Protocols

0
80

80
Providing path redundancy is desirable in a bridged LAN for reliability. This brings loop
yx

yx
risks and hence broadcast storms in the bridged LAN if alternative active paths are
available between two stations. To eliminate loops in a bridged LAN, IEEE drafted the
Spanning Tree Protocol (STP). This chapter describes how STP works to generate a
dynamic spanning tree, introduces the Rapid Spanning Tree Protocol (RSTP) and the
Multiple Spanning Tree Protocol (MSTP), two protocols derived from STP, and describes
how to configure the spanning tree protocol on a switch.

Learning Objectives
0

0
80

80
yx

yx
Learning Objectives
Upon completion of this lesson, you will be able to:

 Identify problems that STP addresses

 Describe how STP works

80
www.h3c.com
yx

yx
In a bridged LAN, a bridge does not modify Ethernet frames, and an Ethernet frame does
not record how many bridges it has traversed. If a loop exists in the network, frames
proliferate and cycle to overwhelm the network.

The figure above shows how a loop causes frame proliferation and cycling in a network.

Before PCA sends any frames, bridges SWA, SWB, and SWC have no address entry for
PCA in their MAC address tables.

When PCA sends its first frame, all three bridges receive the frame, record PCA’s address
0

0
80

as on physical segment A, and forward the frame to physical segment B.

After SWA forwards the frame to segment B, both SWB and SWC receive the frame again.
Because SWB and SWC are not aware of SWA, it seems to SWB and SWC that the frame
is sent from PCA on segment B. As a result, SWB and SWC record PCA’s address as on
segment B and forward the new frame to segment A.

Similarly, after SWB forwards the initial frame to segment B, both SWA and SWC receive
this frame. SWC thinks that PCA is still on segment B, and SWA thinks that PCA has
moved to segment B. Then, SWA and SWC both forward the new frame to segment A. In

- 244 -
yx

yx
Chapter 13 Spanning Tree Protocol

this way, the frame keeps cycling in the loop network. To make it worse, each time a frame
is sent successfully, two copies of the frame are generated in the network.

What Can STP Do?

Segment
0

0
80

80
B
Root
yx

yx
Segment Segment
A C Segment
D

Segment
E

 Eliminate loops by blocking redundant links

 Recover network connectivity by activating the
redundant link for a failed link
0

0
80

80
www.h3c.com
yx

yx
Despite having the frame cycling and proliferation risk in a looped switched network,
transparent bridges are popular for their good performance in a loop-free network. The
issue is how to eliminate loops while retaining path redundancy.

To address the issue, the IEEE drafted the 802.1D Spanning Tree Protocol (STP). The
802.1D STP prunes a looped bridged network into a loop-free tree topology by blocking
redundant links. When an active link is disconnected, STP recovers network connectivity
by unblocking its redundant link.
0

0
80

The figure above shows the diagram of a bridged network pruned into a tree spanning from
yx

a root switch. In the diagram, the solid lines represent active links, that is, branches of the
tree, and the broken lines represent blocked redundant links, which will be unblocked only
when active links are disconnected.

- 245 -
yx

yx
Chapter 13 Spanning Tree Protocol

STP

Spanning Tree Protocol

 The Spanning Tree Protocol (STP) eliminates loops at

the data link layer of a bridged LAN.
0

0
 STP-enabled bridges complete spanning tree
80

80
yx

yx
calculation by exchanging bridge protocol data units
(BPDUs).
SWA

BPDU BPDU

BPDU
SWB SWC
0

0
80

80
www.h3c.com
yx

yx
The IEEE 802.1d STP eliminates loops at the data link layer in a bridged LAN. Devices
running this protocol detect loops in the network by exchanging information among them
and eliminate loops by selectively blocking ports to prune the looped topology into a
loop-free tree topology.

Protocol Data Units of STP

STP uses bridge protocol data units (BPDUs) to exchange information for spanning tree
0

calculation. There are two types of BPDUs:

80
yx

 Configuration BPDUs, used for calculating a spanning tree and maintaining the
spanning tree topology.
 Topology change notification (TCN) BPDUs, used for notifying concerned devices of
network topology changes, if any.

- 246 -
yx

yx
Chapter 13 Spanning Tree Protocol

Configuration BPDUs

 A configuration BPDU carries:

 Root ID
 Root path cost
 Designated bridge ID
 Designated port ID
0

0
80

80
 Initially each port generates a configuration BPDU
yx

yx
with the current switch as the root bridge.
 After topology converges, the root bridge sends out
configuration BPDUs regularly and other bridges just
forward these BPDUs.

www.h3c.com
0

0
80

80
yx

yx
Each configuration BPDU contains this information for spanning tree calculation:
 Root ID
The unique identifier of the bridge that the transmitting switch believes to be the root. The
bridge with the lowest root ID is elected as the root bridge.
 Root path cost
The least cost path of a bridge or port to the root bridge. In root port election on a bridge,
the port with the lowest root path cost is elected the root port for the bridge. In designated
bridge election on each physical segment in a bridged LAN, the bridge with the lowest root
path cost is elected the designated bridge for the physical segment. The root path cost of
the root bridge is zero.
0

0
80

Designated bridge ID
yx

The ID of each bridge in a LAN for designated bridge election. It consists of the priority and
MAC address of the bridge. In case two or more bridges are present in the LAN with the
lowest root path cost, the one with the least designated bridge ID is elected as the
designated bridge for the LAN.
 Designated port ID

- 247 -
yx

yx
Chapter 13 Spanning Tree Protocol

The ID of each port connecting a designated bridge to the LAN. It consists of designated
port priority and port index. The port with the least designated port ID is elected the
designated port for the LAN.

Initially each STP-enabled switch on the network sends a configuration BPDU out of each
port with itself as the root. In the configuration BPDU, the root path cost is 0, designated
bridge ID is the device ID, and the designated port ID is the ID of the transmitting port. The
0

0
bridges on the network calculate the spanning tree by comparing the configuration BPDUs
80

80
received from other devices. As a result:
yx

yx
 A unique root bridge is elected for the spanning tree topology.
 A designated bridge is elected for each segment of the bridged network.
 A root port and a designated port are elected on each designated bridge for traffic
forwarding.
The subsequent sections describe how a spanning tree is created in detail.

How the Root Bridge Is Elected

Election of the Root Bridge

0
80

80
yx

yx
SWA
Bridge ID: 0.0000-0000-0000

SWB SWC

Bridge ID: 16.0000-0000-0001 Bridge ID: 0.0000-0000-0002

 The bridge ID consists of the bridge priority and bridge

MAC address. The root ID is the ID of the bridge that the

transmitting bridge believes to be the root.

 The bridge with the lowest bridge ID is elected the root.

www.h3c.com

Each switch in a bridged LAN has a unique bridge ID, which consists of the bridge priority
and bridge MAC address. Bridge priority values are numerical, with a lower number

- 248 -
yx

yx
Chapter 13 Spanning Tree Protocol

representing better priority. When two bridge IDs are compared, the one with higher priority
wins out. If they use the same priority, the one with the lower MAC address value wins out.

Initially each STP-enabled switch on the network assumes itself to be the root bridge. By
exchanging configuration BPDUs, the switches compare their root IDs and elect the one
with the lowest root ID as the root bridge. After the spanning tree converges, the root
bridge generates and sends out configuration BPDUs regularly and other devices just
0

0
forward these BPDUs. This mechanism ensures the topological stability.
80

80
yx

yx
In the scenario presented above, SWA is elected the root bridge because it has the lowest
bridge ID.

How Port Roles Are Assigned

Port Roles

Port Roles
SWA
0

0
80

80
Root
yx

yx
DP DP

Cost=10 Cost=20

RP RP
Cost=30
DP AP
SWB SWC
 All ports on the root bridge are designated ports.
 On a non-root bridge, the port with the least root path cost is the
root port.
 On each physical segment, the bridge with the least root path cost is
the designated bridge, and the port connecting the designated
bridge to the physical segment is the designated port.
0

0
80

 Ports that are neither designated ports nor root ports are blocked.
yx

www.h3c.com

To block redundant links, STP introduces three port roles: root, designated, and alternate.
It allows root and designated ports to forward data but blocks alternate ports. Port roles are
assigned as follows:
1) All the ports on the root bridge are designated ports.

- 249 -
yx

yx
Chapter 13 Spanning Tree Protocol

2) On each non-root bridge, the port with the least root path cost is elected the root port.
For the non-root bridge, the path is the optimum one to the root bridge.
3) On each physical segment of the bridged LAN, the bridge with the least root path cost
is elected the designated bridge, and the port that connects the designated bridge to
the physical segment is the designated port.
4) Ports that are neither designated ports nor root ports are alternate ports. Common
Ethernet data frames are blocked on alternate ports.
0

0
80

80
Root Path Cost
yx

yx
Root Path Cost
SWA

Root
1000M 100M

Cost=10 Cost=20

1000M 100M
Cost=30
0

0
10M
80

80
10M
SWB SWC
yx

yx
 For a non-root bridge, root path cost is the sum of all
port path costs on the least cost path to the root bridge.
 On a non-root bridge, the port with the lowest path cost
is elected the root port.
 On a physical segment, the bridge with the least root
path cost is elected the designated bridge.

www.h3c.com

Every bridge has a root path cost. For the root bridge, the root path cost is zero. For a
0

non-root bridge, it is the sum of all port path costs on the least cost path to the root bridge.
80

80
yx

Normally, the path cost of a port is determined by its physical bandwidth. The larger the
bandwidth, the lower the port path cost.

IEEE 802.1d and IEEE 802.1t define the default path costs for Ethernet links (ports)
operating at different rates in different modes. H3C optimizes the path cost scheme for
better use on real networks, as shown below. For details, refer to related standard
documentation and device manuals.

- 250 -
yx

yx
Chapter 13 Spanning Tree Protocol

H3C proprietary
Link rate 802.1D-1998 802.1t
standard
0 65,535 200,000,000 200,000

10 Mbps 100 2,000,000 2,000

100 Mbps 19 200,000 200

0
1000 Mbps 4 20,000 20
80

80
yx

yx
10 Gbps 2 2,000 2

By default, H3C switches calculate port path costs based on the H3C proprietary standard.
You can manually change the path cost of a port as needed to affect spanning tree
calculation.

Bridge ID as a Tie Breaker for Port Role Assignment

Bridge ID as a Tie Breaker for Port Role

Assignment
0

0
80

80
SWA
yx

yx
Root
DP DP

Cost=10 Cost=10

RP RP
DP AP
SWB SWC
Bridge ID: 0.0000-0000-0001 Bridge ID: 0.0000-0000-0002
DP DP
Cost=10 Cost=10
RP AP

SWD
 If multiple ports are found with the least root path cost, the one connected
to the upstream bridge with the lowest bridge ID is elected the root port.
0

 If multiple bridges are connected to a physical segment with the least root
80

path cost, the one with the lowest bridge ID is elected the designated
yx

bridge for the physical segment. The port connecting the designated
bridge to the physical segment is assigned the role of designated port.

www.h3c.com

If a non-root bridge has at least two least cost paths that traverse different immediate
upstream bridges to the root bridge, the port connected to the upstream bridge that has the
lowest bridge ID is elected the root port for the bridge.

- 251 -
yx

yx
Chapter 13 Spanning Tree Protocol

If multiple bridges are connected to a physical segment with the least root path cost, the
one with the lowest bridge ID is elected the designated bridge for the physical segment.
The port connecting the designated bridge to the physical segment is assigned the role of
designated port.

In the figure above, SWD has two ports that can reach the root bridge SWA with the same
root path cost. Because the bridge ID of SWB is smaller than that of SWC, the port
0

0
connected to SWB is elected the root port for SWD. For the same reason, SWB is elected
80

80
the designated bridge for the physical segment between SWB and SWC, and the port
yx

yx
connecting SWB to the physical segment is elected the designated port.

Port ID as a Tie Breaker for Port Role Assignment

Port ID as a Tie Breaker for Port Role

Assignment
SWA
Bridge ID: 0.0000-0000-0001
Root

G0/1 G0/2
0

0
80

80
Cost=10 Cost=10
yx

yx
RP AP

SWB

Given the same root path cost and the same upstream bridge,
the port connected to the upstream port that has the lowest
port ID wins out during root port election.

www.h3c.com
0

0
80

80
yx

If a non-root bridge has at least two least cost paths that traverse the same immediate
upstream bridge to the root bridge, the port connected to the upstream port that has the
lowest port ID is elected the root port for the bridge.

Each port ID comprises the port index and port priority. When comparing two port IDs, STP
first compares their port priorities. The port with higher port priority (a lower numerical
value) wins out. If the port priorities are the same, the port with lower index wins out.

- 252 -
yx

yx
Chapter 13 Spanning Tree Protocol

In the figure above, two ports of SWB connect to SWA. Because they have the same root
path cost and upstream bridge, the port connected to the upstream port that has lower port
ID is elected the root port for SWB.

Because the index number of a port is normally fixed, you can influence STP topology
calculation by changing port priorities.
0

0
Port States
80

80
yx

yx
Port States

In state A port…

does not receive or send BPDUs;

Disabled
does not receive or forward data

receives but does not send

Blocking BPDUs; does not receive or
forward data

receives and sends BPDUs; does

0
Listening
80

80
not receive or forward data
yx

yx
receives and sends BPDUs; does
Learning
not receive or forward data

receives and sends BPDUs;

Forwarding
receives and forwards data

www.h3c.com

The IEEE 802.1d STP defines five port states:

 Disabled: A port in this state does not receive or send any packet. This state can be
0

0
80

caused because the physical layer of the port is not up or the port is administratively
yx

shut down.
 Blocking: A port in this state can only receive configuration BPDUs and submit them to
the CPU. It cannot send configuration BPDUs, forward user data or learn MAC
addresses.
 Listening: A port in this state does not forward user data or learn MAC addresses, but
it can receive and send configuration BPDUs.
 Learning: A port in this state does not forward user data, but it can learn MAC
addresses, and receive, process, and send configuration BPDUs.

- 253 -
yx

yx
Chapter 13 Spanning Tree Protocol

 Forwarding: A port in this state can forward user data, learn MAC addresses, and
receive, process, and send configuration BPDUs.
Of these five port states, listening and learning are unstable intermediate states.

Port State Transitioning

0
80

80
Port State Transitioning
yx

yx
 Before a root or designated port transitions to the forwarding state
from the initial blocking state, it must go through the listening state
and the learning state.
 The default forward delay is 15 seconds.

Blocking

Listening

Forward delay
0

0
80

80
Learning
yx

yx
Forward delay

Forwarding

www.h3c.com

The state of a port changes along with topology changes.

When a port no longer serves as the root or designated port due to a topology change, it
immediately transitions to the blocking state.
0

When a port is elected the root port or designated port, it transitions from the blocking state
80

80
yx

to the listening state first, and then to the learning state after experiencing a forward delay,
and finally to the forwarding state after experiencing another forward delay, as shown in
the figure above.

The forward delay is introduced to ensure that when topology changes, new configuration
BPDUs can propagate throughout the network before a root or designated port changes to
forwarding state to prevent temporary loops that may occur due to incomplete network
convergence.

The default forward delay is 15 seconds, as defined in the IEEE 802.1d STP.

- 254 -
yx

yx
Chapter 13 Spanning Tree Protocol

Drawbacks of STP

Drawbacks of STP
 A root or designated port must experience twice
the forward delay to transition from blocking to
0

0
forwarding.
80

80
 If topology changes frequently, the network will
yx

yx
constantly lose its connectivity.

SWA Server
DP DP
I can’t access the
server for at least
30 seconds each
time topology
RP changes!
RP

DP
SWB SWC
0

0
80

80
www.h3c.com
yx

yx
Despite all its benefits, the topology convergence time with STP is not fast enough
because it takes twice the forward delay for an STP-enabled port to transition from the
blocking state to the forwarding state. This means intolerable dozens of seconds for a
network to recover its connectivity after a topology change occurs. If topology changes
occur frequently, the network will constantly lose its connectivity, which would result in poor
user experience.

To speed up network convergence, the Rapid Spanning Tree Protocol (RSTP) was
developed on the basis of STP.
0

0
80

80
yx

- 255 -
yx

yx
Chapter 13 Spanning Tree Protocol

RSTP

 The Rapid Spanning Tree Protocol (RSTP) is an

0
enhancement to the IEEE 802.1D-1998 STP.
80

80
 RSTP provides all the functions of STP.
yx

yx
 RSTP achieves fast network convergence.
 RSTP shortens the delay that a root or designated port
must experience to transition from the blocking state to
the forwarding state.
0

0
80

80
www.h3c.com
yx

yx
RSTP was initially drafted in the IEEE 802.1w standard and was later incorporated into the
802.1d-2004 standard.

Derived from the IEEE 802.1D-1998 STP, RSTP uses configuration BPDUs to advertise
information for spanning tree calculation and calculates the spanning tree in a bridged LAN
based on configuration BPDU comparison.

RSTP shortens the delay that a port must experience to transition from the blocking state
to the forwarding state after it is elected the root or designated port. In this sense, RSTP is
0

better than STP.

80
yx

- 256 -
yx

yx
Chapter 13 Spanning Tree Protocol

Improvements Made in RSTP

Event STP behavior RSTP behavior

A port is
By default, the If a blocked alternate port is
elected
transition delay is present, the delay is only a few
the root
twice the forward delay. milliseconds.
0

0
port
80

80
If the designated port is a non-
yx

yx
A port is edge port, the transition delay
elected By default, the depends on multiple factors.
the transition delay is
designate twice the forward delay. If the designated port is an edge
d port port, it moves to the forwarding
state without any delay.

www.h3c.com
0

0
80

80
yx

yx
The subsequent subsections describe how RSTP achieves fast network convergence in
different scenarios.

A port Is Elected the Root Port

Suppose a switch has two ports that can reach the root bridge, one being the root port and
the other being the alternate port (blocked). The alternate port can take over as the root
port without forward delay when topology changes or for any other reason. No BPDUs are
required to be sent for the change. The fault recovery delay is thus reduced to several
milliseconds depending on the processing delay of the CPU.
0

A port Is Elected the Designated Port

80
yx

This situation is more complex. A non-edge port refers to a port that connects to another
switch rather than a terminal device. If two switches use a point-to-point connection, one
switch needs to send a handshake packet to the other and wait for acknowledgement
before its port can move to the forwarding state. The performance of RSTP thus depends
on the performance of the point-to-point link. The following are ports that use point-to-point
links:
 Link aggregate interface (refer to the chapter discussing link aggregation for more
information)

- 257 -
yx

yx
Chapter 13 Spanning Tree Protocol

 Ports that support auto-negotiation and operate in full duplex mode after negotiation
 Ports administratively configured to operate in full duplex mode
If a non-edge designated port is connected to a non-point-to-point link, the delay for it to
transition from the blocking state to the forwarding state is twice the forward delay, the
same as with STP. The default transition delay is thus 30 seconds.

If handshake negotiation is involved, the total convergence time depends on the network
0

0
diameter, which is the maximum number of bridges between any two points of end stations
80

80
yx

yx
in the switched network. The worst scenario is that the handshake spreads across the
entire network from one end to the other. If the network diameter is seven, a maximum of
six handshakes may be required before network connectivity can recover.

An Edge Port Is the Designated Port

There is no loop risk on a port that directly connects to a terminal device rather than a
switch. An edge port does not participate in spanning tree calculation and can rapidly
transition to the forwarding state without delay.

PVST
0

0
80

80
yx

yx
PVST
 PVST is short for Per VLAN Spanning Tree.
 Each VLAN runs STP or RSTP. The spanning trees
between different VLANs are completely independent.
 Single-VLAN load balancing is implemented on multiple
Trunk links.

SWA Server
VLANA: VLAN10
0

VLANB: VLAN20
80

80
yx

PCA SWC PCB

SWB
VLAN 10 VLAN 20
www.h3c.com

STP and RSTP share a spanning tree in all the bridges within a LAN. The system cannot
block the redundant links by VLANs. Packets of all VLANs are forwarded along a spanning

- 258 -
yx

yx
Chapter 13 Spanning Tree Protocol

tree. PVST can have a spanning tree in each VLAN, which can effectively improve the
utilization of link bandwidth. PVST can be simply interpreted as running STP or RSTP on
each VLAN. The spanning trees among different VLANs are completely independent.

H3C devices running PVST can interoperate with the partner's devices that adopt Rapid
PVST or PVST. For interconnection between H3C devices running PVST or
interconnection between H3C devices running PVST and partner's devices running Rapid
0

0
PVST, H3C devices support fast convergence like RSTP.
80

80
yx

yx
MSTP

Drawbacks of STP and RSTP

 A trunk link may carry traffic for multiple VLANs.

 All VLANs share the same spanning tree.
 VLAN traffic cannot be load-shared across
multiple trunk links.
0

0
80

80
SWA Server
yx

Traffic of all yx
VLANs is
blocked here.

PCA SWB SWC PCB

VLAN 10 VLAN 20

www.h3c.com
0

0
80

Both STP and RSTP use a single spanning tree. This means that in a switched multi-VLAN
yx

network, all VLANs have to share a common spanning tree and thus have the same
topology. On a trunk link, traffic is forwarded or blocked regardless of the VLAN to which it
belongs.

As shown in the figure above, the port connecting SWB to SWA is blocked after the
spanning tree calculation with STP or RSTP. All traffic from PCA to the server is transmitted
along the path of SWB –> SWC –> SWA as a result, while the path between SWB and
SWA is idle.

- 259 -
yx

yx
Chapter 13 Spanning Tree Protocol

As a VLAN is essentially an independent Layer 2 switched network, performing spanning

tree calculation on a per VLAN basis to avoid loops in each VLAN is a more efficient
approach in a multi-VLAN environment. To this end, the IEEE 802.1s Multiple Spanning
Tree Protocol (MSTP) was drafted, which was later incorporated into the 802.1Q-2003
standard.

MSTP
0

0
80

80
yx

yx
 The Multiple Spanning Tree Protocol (MSTP) maps
one or more VLANs to an instance and each
instance maintains an independent spanning tree.
 Multiple trunk links can load share traffic by VLAN.

SWA Server
Instance A: VLANs 1
through 10
Instance B: VLANs
11 through 20
0

0
80

80
yx

yx
PCA SWC PCB
SWB
VLAN 10 VLAN 20
www.h3c.com

MSTP enables you to configure multiple spanning tree instances in a network, with each
instance mapped to multiple VLANs and maintaining an independent spanning tree. This
avoids waste of resources in maintaining a separate spanning tree for each VLAN, while
allowing different VLANs to have different spanning tree topologies. As a result, a port may
permit the traffic of some VLANs while blocking traffic of other VLANs depending on the
0

0
80

spanning tree calculation result in each instance.

The figure above shows how traffic of different VLANs is load shared between different
links. PCA belongs to VLAN 10, which is mapped to instance A and PCB belongs to VLAN
20, which is mapped to instance B. Because the link between SWB and SWA is up in
instance A, data frames from PCA to the server travel the link. Similarly, traffic from PCB to
the server travels the link between SWC to SWA.

- 260 -
yx

yx
Chapter 13 Spanning Tree Protocol

A Comparison Between STP, RSTP,PVST and MSTP

Feature Comparison of Four Spanning Tree

Protocols

Feature STP RSTP PVST MSTP

0
Resolve loop failures
80

80
and achieving Y Y Y Y
yx

yx
redundancy

Fast convergence N Y Y Y

Load balancing among

N N Y Y
multiple spanning trees

 MSTP and PVST support fast convergence

as RSTP as well as load balancing.
 MSTP is compatible with STP and RSTP.
0

0
80

80
www.h3c.com
yx

yx
STP can form a loop-free tree in the switching network, and therefore solving the loop
failure and achieving redundancy.

Based on the STP functions, RSTP provides faster convergence by enabling the root port
to quickly enter the forwarding state, adopting the handshake mechanism, and setting the
edge port.

MSTP and PVST form multiple spanning tree instances in a large, multi-VLAN environment,
to efficiently provide multi-VLAN load balancing.
0

0
80

The compatibility between the PVST mode and other modes is as follows:
yx

 For Access ports: The PVST mode is compatible with other modes in any VLAN.

 For Trunk ports or Hybrid ports: The PVST mode is compatible with other modes only
in VLAN 1.

MSTP is compatible with both STP and RSTP. Both STP and RSTP packets can be
identified by devices running MSTP and applied to spanning tree calculation.

- 261 -
yx

yx
Chapter 13 Spanning Tree Protocol

A Comparison of Port States Between

RSTP/PVST/MSTP and STP

Blocking Discarding
0

0
Listening Forward delay
80

80
yx

yx
Forward delay

Learning Learning

Forward delay Forward delay

Forwarding Forwarding

STP RSTP/PVST/MSTP

www.h3c.com
0

0
80

80
yx

yx
In addition, the five port states used in STP are reduced to three in RSTP and MSTP, as
shown below:

Port states in STP Port states in RSTP/PVST/MSTP

Disabled

Blocking Discarding
Listening

Learning Learning

Forwarding Forwarding
0

0
80

80
yx

RSTP, PVST and MSTP use the discarding state to replace the three port states, disabled,
blocking, and listening, used in STP to simplify spanning tree calculation for faster network
convergence.

Basic STP Configurations

- 262 -
yx

yx
Chapter 13 Spanning Tree Protocol

In the narrowest sense, STP refers to the IEEE 802.1d STP. In the broadest sense, STP
refers to the IEEE 802.1d STP and various enhanced spanning tree protocols (RSTP and
MSTP for example) derived from that protocol. In this document, STP is used in its
broadest sense to refer to the spanning tree function on devices hereafter unless otherwise
0

0
stated.
80

80
yx

yx
Basic Spanning Tree Configurations

 Enable the spanning tree function globally

[Switch] stp global enable

 Disable the spanning tree function on a port

0
[Switch-Ethernet1/0/1] undo stp enable
80

80
yx

yx
 Configure the operating mode of the
spanning tree function
[Switch] stp mode {stp | rstp | pvst | mstp }

www.h3c.com
0

By default, the spanning tree function is disabled on H3C switches. To enable the function
80

globally, perform the following command in system view:

[Switch] stp global enable

To disable the spanning tree function globally, perform the following command in system
view:

[Switch] undo stp globa enable

After you enable the spanning tree function in system view, all ports participate in spanning
tree calculation by default. If you are sure that the segment connected by a certain port

- 263 -
yx

yx
Chapter 13 Spanning Tree Protocol

does not contain a loop, you can use the following command in port view to disable STP on
the port.

[Switch-Ethernet1/0/1] undo stp enable

To accommodate different network environments, the spanning tree function is available

with three operating modes: STP-compatible, RSTP, and MSTP (the default). MSTP and
RSTP are mutually compatible and thus can recognize each other’s protocol packets. If
0

0
80

80
your network contains legacy switches that support only IEEE 802.1D STP, you must adopt
yx

yx
the STP-compatible mode for interoperability. To set the operating mode of the spanning
tree function, perform the following command:

[Switch] stp mode { stp |rstp | pvst mstp }

Optional Spanning Tree Configurations

 Configure the bridge priority of the switch

mutually backed up parallel links. SWC is an access switch and it connects access users
with its Ethernet 1/0/1 port. To achieve the best network performance, deploy SWA at the
core of the forwarding path as the root bridge. To guarantee reliability, set SWB as the
backup root bridge.

To configure the spanning tree as described above, follow these steps:

Step1 Enable the spanning tree function on all three switches.

[SWA] stp global enable

- 265 -
yx

yx
Chapter 13 Spanning Tree Protocol

[SWB] stp global enable

[SWC] stp global enable

Step2 Configure the priority of SWA as 0 (32,768 by default) to make SWA the root bridge
for the whole network; configure the priority of SWB as 4096 to make SWB the
backup root bridge.
[SWA] stp priority 0
[SWB] stp priority 4096

Step3 Configure port Ethernet 1/0/1 of SWC as an edge port so that it can transition from
0

0
80

80
the blocking state to the forwarding state without delay when topology changes.
yx

yx
[SWC-Ethernet1/0/1] stp edged-port

Displaying & Maintaining Spanning Tree

Function
[SWA]display stp
-------[CIST Global Info][Mode MSTP]------- Operating mode
CIST Bridge :32768.000f-e23e-f9b0 Bridge ID
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-e23e-f9b0 / 0
CIST RegRoot/IRPC :32768.000f-e23e-f9b0 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
Bridge Config-
Digest-Snooping :disabled
TC or TCN received :0
......
0

0
80

80
yx

yx
[SWA]display stp brief
MSTID Port Role STP State Protection
0 Ethernet1/0/1 DESI FORWARDING NONE
0 Ethernet1/0/2 DESI FORWARDING NONE
......

Instance ID Port role Port state

www.h3c.com

By default, the spanning tree function is disabled. You can check its global status with the
0

following command:
80

80
yx

<SWA>display stp
Protocol Status :disabled
Protocol Std. :IEEE 802.1s
......

After enabling and configuring the spanning tree function, perform the display stp
command again to check its status and configuration:
[SWA]display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000f-e23e-f9b0
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-e23e-f9b0 / 0
CIST RegRoot/IRPC :32768.000f-e23e-f9b0 / 0

- 266 -
yx

yx
Chapter 13 Spanning Tree Protocol

CIST RootPortId :0.0

BPDU-Protection :disabled
Bridge Config-
Digest-Snooping :disabled
TC or TCN received :0
Time since last TC :8 days 21h:14m:50s
......

The output shows that the spanning tree function is working in MSTP mode. The Common
and Internal Spanning Tree (CIST) bridge ID of the switch is 32768.000f-e23e-f9b0 and the
0

0
bridge ID of the device that the switch considers to be the CIST root is
80

80
32768.000f-e23e-f9b0, as shown in the CIST Root/ERPC field, which is identical to the
yx

yx
CIST bridge ID of the switch. This means that the switch considers itself as the root of the
CIST.

To display port role assignment and port status, perform the following command:
[SWA]display stp brief
MSTID Port Role STP State Protection
0 Ethernet1/0/1 DESI FORWARDING NONE
0 Ethernet1/0/2 DESI FORWARDING NONE
......

MSTP enables you to configure multiple MST instances (MSTIs) for load sharing. The role
and status of a port in different MSTIs may differ. The sample output shows that both ports
Ethernet 1/0/1 and Ethernet 1/0/2 are designated ports (DESI) in the forwarding state for
0

0
80

80
MSTI 0, the default MSTI. By default, all VLANs are mapped to MSTI 0.
yx

yx
0

0
80

80
yx

- 267 -
yx

In a general 802 LAN, a user can access the devices and resources in the LAN as long as
it connects to a LAN access control device such as a switch. However, in scenarios where
authentication, authorization, and accounting (AAA) is required, such as access through
0

0
80

ISP, campus LAN access, and wireless LAN access, the LAN service provider wants to
yx

implement port-based access control. As the name implies, port-based access control
performs port-level authentication and control of devices connected to the 802.1X-enabled
LAN ports. A user can access the LAN only when it passes the authentication. The user
who fails to pass the authentication is denied access to the LAN, as if the physical
connection to the authenticator were torn down.

- 270 -
yx

yx
Chapter 14 Port Security for Switches

802.1X Architecture
0

0
80

80
Authentication
yx

yx
Supplicant Authenticator
server

 Local authentication
 The local server in the authenticator system authenticates the
supplicants
 Remote authentication
 A remote authentication server authenticates the client
www.h3c.com
0

0
80

80
yx

yx
802.1X operates in the typical client/server model and involves three entities: supplicant,
authenticator, and authentication server.
 Supplicant: An end-user device with 802.1X client software installed. The 802.1X
authentication can be initiated by the 802.1X client, and the client software must
support Extensible Authentication Protocol over LANs (EAPOL).
 Authenticator: A network device supporting the 802.1X protocol, such as an
802.1X-supported switch. It provides ports for the supplicants to connect to the LAN. A
supplicant is not allowed to access the LAN until its identity is authenticated and the
authenticator enables the port.
 Authentication server: Provides the services of authentication, authorization, and
0

accounting.
80

80
yx

The authentication server can be local or remote for different application scenarios:
 A local authentication server usually is embedded in an authenticator. The local
authentication server authenticates the supplicant and, upon success, enables the
port. It is applicable to small networks with not many supplicants. However, the
distribution of user information on different authenticators makes it inconvenient to
maintain the information.
 A remote authentication server is typically a dedicated authentication server for
authenticating clients in the network. Upon receiving the user information that is

- 271 -
yx

yx
Chapter 14 Port Security for Switches

forwarded by the authenticator, the authentication server searches its database to

decide whether the user is legal and returns a message to the authenticator. In this
mode, the user information is maintained centrally in the database of the
authentication server, which is convenient, and thus is applicable to large-scale
networks.

Access Control Methods

0
80

80
yx

yx
Switch
Hub

Port-based MAC-based
0

0
 Port-based
80

80
 MAC-based
yx

yx
www.h3c.com

The switch port implements access control in two methods:

 Port-based
In this mode, after a user connected to a port passes authentication, all subsequent users
connected to the port can access network resources without authentication. However,
when the authenticated user goes offline, the others are denied as well.
0

0
80

 MAC-based
yx

With this mode configured on a port, all users of the port must be authenticated separately,
and when a user goes offline, no other users are affected.

By default, MAC-based access control is applied for 802.1X access control on a port.

- 272 -
yx

yx
Chapter 14 Port Security for Switches

Basic 802.1X Configuration

 Enable 802.1X globally

[Switch] dot1x
 Enable 802.1X for the ports
0

0
80

80
yx

yx
[Switch-Ten-GigabitEthernet1/0/1] dot1x
 Create a local user and configure related
parameters
[Switch] local-user user-name class network
[Switch- luser-network-localuser] service-type lan-
access
[Switch- luser-network-localuser] password {
cipher | simple } password
www.h3c.com
0

0
80

80
yx

yx
Follow these steps to configure 802.1X on a switch:

Step1 In system view enable 802.1X globally.

dot1x

Step2 In interface view enable 802.1X for the specified ports.

dot1x

Step3 Create a local user and configure related parameters.

local-user user-name class network

0
80

service-type lan-access
yx

password { cipher | simple } password

802.1X must be enabled both globally and for the intended ports. Otherwise, it does not
function.

- 273 -
yx

yx
Chapter 14 Port Security for Switches

0802.1X Configuration Example

0
80

80
SWA
G1/0/1
yx

yx
PC

[SWA]dot1x
[SWA]interface GigabitEthernet 1/0/1
[SWA-GigabitEthernet1/0/1]dot1x
[SWA]local-user localuser class network
[SWA-luser-network-localuser]password simple hello
[SWA-luser-network-localuser]service-type lan-access
0

0
www.h3c.com
80

80
yx

yx
As shown in the figure above, a PC is connected to G1/0/1 of the switch. Configure local
802.1X authentication on the switch to authenticate the PC when the PC tries to access the
network.

Configure SWA:
[SWA]dot1x
[SWA]interface GigabitEthernet 1/0/1
[SWA-GigabitEthernet1/0/1]dot1x
[SWA]local-user localuser class network
[SWA-luser-network-localuser]password simple hello
[SWA-luser-network-localuser]service-type lan-access
0

0
80

After completing the configuration, launch the 802.1X client on the PC and enter the
yx

username localuser and the password hello as prompted. The PC should be able to pass
802.1X authentication and can access the network.

- 274 -
yx

yx
Chapter 14 Port Security for Switches

Windows XP comes with a native 802.1X client by default. Upon connection of the client to
the 802.1X-enabled switch port, a dialog box appears, asking for the username and
password.
0

0
80

80
yx

yx
Port Isolation Overview and Configuration

Port Isolation Overview

Uplink port
Switch Switch
0

0
80

80
yx

Port-isolate Group
yx
VLAN1 VLAN2 VLAN3

 Isolates Ethernet ports within a VLAN

www.h3c.com
0

0
80

Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save
yx

VLAN resources, port isolation is introduced to isolate ports within a VLAN, allowing for
better flexibility and security.

To isolate Layer 2 traffic between ports, you can assign the ports to the same isolation
group as isolated ports.

- 275 -
yx

yx
Chapter 14 Port Security for Switches

Basic Configuration of Port Isolation

 Create an isolation group.

[switch]port-isolate group 1
0

0
80

80
yx

yx
 Add a specified port to the isolation
group and configure it as a common
port in the isolation group.

[Switch-Ethernet1/0/1] port-isolate enable group 1

www.h3c.com
0

0
80

80
yx

yx
Port isolation groups can be created in the system view. The following command is used to
configure the port isolation group:

port-isolate group group-number

Port isolation can be configured in the Ethernet port view. The following command is used
to add an Ethernet port to an isolation group and configure it as a common port in the
isolation group:

port-isolate enable group group-number

0
80

80
yx

Isolation group 1 is created automatically by the system.

- 276 -
yx

yx
Chapter 14 Port Security for Switches

Port Isolation Configuration Example

Server

Eth1/0/1
Eth1/0/2 Eth1/0/4
0

0
80

80
Eth1/0/3
yx

yx
PCA PCB PCC
[SWA] port-isolate group 2
[SWA]interface ethernet1/0/2
[SWA-Ethernet1/0/2] port-isolate enable group 2
[SWA]interface ethernet1/0/3
[SWA-Ethernet1/0/3] port-isolate enable group 2
[SWA]interface ethernet1/0/4
[SWA-Ethernet1/0/4] port-isolate enable group 2

www.h3c.com
0

0
80

80
yx

yx
As shown in the figure above, PCA is connected to Ethernet 1/0/2 of the switch, PCB to
Ethernet 1/0/3, and PCC to Ethernet 1/0/4. Ethernet 1/0/1 of the switch connects to the
server. Configure port isolation on the switch.

Configure the switch:

[SWA]interface ethernet1/0/2
[SWA-Ethernet1/0/2] port-isolate enable
[SWA]interface ethernet1/0/3
[SWA-Ethernet1/0/3] port-isolate enable
[SWA]interface ethernet1/0/4
[SWA-Ethernet1/0/4] port-isolate enable
[SWA]interface ethernet1/0/1
[SWA-Ethernet1/0/1] port-isolate uplink-port

After the configuration, PCA, PCB, and PCC are isolated from each other, but can access
0

0
80

the server.
yx

- 277 -
yx

yx
Chapter 14 Port Security for Switches

Summary

Summary
0

0
 802.1X, a port-based network access control
80

80
yx

yx
protocol, performs authentication of users.
 Port isolation isolates ports within a VLAN.
0

0
80

80
yx

yx
0

0
80

80
yx

- 278 -
yx

yx
Chapter 15 Ethernet Link Aggregation

15 Ethernet Link Aggregation

0
80

80
Link aggregation is a common technology for increasing bandwidth and improving
yx

yx
reliability in an Ethernet network.

This chapter describes how link aggregation works to achieve increased bandwidth and
load sharing and how to configure and maintain link aggregation on H3C switches.

Learning Objectives

Learning Objectives
0

0
80

80
Upon completion of this lesson, you will be able to:
yx

yx
 Describe the benefits of link
aggregation
 Describe link aggregation approaches
 Create a static link aggregation group
0

0
80

80
yx

- 279 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Link Aggregation Overview

Benefits of Link Aggregation

0
80

80
Server
Link aggregation
yx

yx
SWB

SWA

 Increased link
bandwidth
 Enhanced link
PC reliability
0

0
80

80
www.h3c.com
yx

yx
Link aggregation aggregates multiple physical Ethernet ports into a logical aggregation
group. For each link aggregation group, an aggregate interface is created. To upper layer
entities using the link aggregation service, the aggregated physical links look like a single
logical link and data traffic is transmitted through the aggregate interface. Link aggregation
delivers the following benefits:
 Increased bandwidth: Within each link aggregation group, traffic is distributed across
the member ports according to a certain algorithm. Link aggregation thus increases
the link speed beyond the limits of any one single port.
0

 Enhanced link reliability: The member ports in a link aggregation group dynamically
80

80
yx

back up one another. When a member port fails, its traffic is automatically switched to
other member ports.

- 280 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Load Sharing in an Aggregation Group

PCA
0

0
80

80
yx

yx
PCB SWA SWB

Within each link aggregation group,

flow-based load sharing is performed

www.h3c.com
0

0
80

80
yx

yx
Within each link aggregation group, flow-based load sharing is performed. Traffic of the
same data flow travels the same port while traffic of different data flows may travel different
member ports.

Data flows are identified based on a packet field or a set of packet fields. Typically, source
and destination MAC addresses are used to identify Layer 2 traffic flows and source and
destination IP addresses are used to identify Layer 3 traffic flows.

Suppose the source MAC address is used on SWA in the figure above. Frames from PCA
and PCB will be identified as belonging to different data flows and may be transmitted
through different ports. Similarly, SWB also transmits the returning data flows over two
links separately.
0

0
80

80
yx

- 281 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Link Aggregation Approaches

 Static link aggregation

0
80

80
 Systems at both ends do not negotiate
yx

yx
port status.
 Dynamic link aggregation
 Systems at both ends use LACP to
negotiate port status.
 Link Aggregation Control Protocol (LACP)
is documented in IEEE 802.3ad for
dynamic link aggregation.
0

0
80

80
www.h3c.com
yx

yx
There are two link aggregation approaches:
 Static aggregation
In the static aggregation approach, the devices at both ends do not run any link
aggregation protocol to negotiate the aggregation status of the member ports in a link
aggregation group.

Use this approach if the device at either end does not support any link aggregation
protocols or the protocols supported at two ends are not compatible.
0

 Dynamic aggregation
80

80
yx

In the dynamic aggregation approach, the IEEE 802.3ad Link Aggregation Control Protocol
(LACP) is enabled on the devices at both ends to negotiate the aggregation status of the
member ports in a link aggregation group.

The IEEE 802.3ad LACP uses link aggregation control protocol data units (LACPDUs) for
information exchange between two LACP-enabled devices.

- 282 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Creating a Static Link Aggregation Group

Create a Static Link Aggregation Group

 Create a Layer 2 aggregate interface

0
80

80
[Switch] interface bridge-aggregation interface-
yx

yx
number

 Assign Ethernet ports to the link

aggregation group
[Switch-Ethernet1/0/1] port link-aggregation group
number
0

0
80

80
www.h3c.com
yx

yx
Static aggregation is the most popular approach in a small-sized LAN, because it avoids
the protocol interoperability issue and does not occupy network bandwidth for exchanging
protocol data units.

To create a static link aggregation group, follow these steps:

Step1 Create a Layer 2 aggregate interface in system view. At the same time, a link
aggregation group numbered the same is created.

interface bridge-aggregation interface-number

0
80

Step2 Add a physical port to the link aggregation group in the physical port view. Repeat
yx

this step to add other physical ports.

port link-aggregation group number

- 283 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Link Aggregation Configuration Example

[SWA] interface bridge-aggregation 1

[SWA-Ethernet1/0/1] port link-aggregation group 1
SWA [SWA-Ethernet1/0/2] port link-aggregation group 1
[SWA-Ethernet1/0/3] port link-aggregation group 1
E1/0/1 E1/0/3
0

0
E1/0/2
80

80
yx

yx
E1/0/2
E1/0/1 E1/0/3
[SWB] interface bridge-aggregation 1
SWB [SWB-Ethernet1/0/1] port link-aggregation group 1
[SWB-Ethernet1/0/2] port link-aggregation group 1
[SWB-Ethernet1/0/3] port link-aggregation group 1

www.h3c.com
0

0
80

80
yx

yx
In the figure above, SWA and SWB are connected through ports Ethernet 1/0/1, Ethernet
1/0/2, and Ethernet 1/0/3 on both ends. Aggregate the ports to increase bandwidth and
improve reliability as follows:
 Configure SWA:
[SWA] interface bridge-aggregation 1
[SWA] interface Ethernet 1/0/1
[SWA-Ethernet1/0/1] port link-aggregation group 1
[SWA] interface Ethernet 1/0/2
[SWA-Ethernet1/0/2] port link-aggregation group 1
[SWA] interface Ethernet 1/0/3
[SWA-Ethernet1/0/3] port link-aggregation group 1
 Configure SWB:
[SWB] interface bridge-aggregation 1
[SWB] interface Ethernet 1/0/1
0

0
80

[SWB-Ethernet1/0/1] port link-aggregation group 1

[SWB] interface Ethernet 1/0/2
yx

[SWB-Ethernet1/0/2] port link-aggregation group 1

[SWB] interface Ethernet 1/0/3
[SWB-Ethernet1/0/3] port link-aggregation group 1

- 284 -
yx

yx
Chapter 15 Ethernet Link Aggregation

Displaying & Maintaining Link Aggregation

<Switch>display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
0

0
Actor System ID: 0x8000, 000f-e267-6c6a
80

80
AGG AGG Partner ID Select Unselect Share
yx

yx
Interface Mode Ports Ports Type

---------------------------------------------------------------------
-
BAGG1 S none 3 0 Shar

Aggregate The aggregation The aggregation The member ports are

interface ID is mode is static group contains 3 load shared
member ports
1

www.h3c.com
0

0
80

80
yx

yx
Perform the display link-aggregation summary command in any view to display the link
aggregation status:
<Switch>display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 000f-e267-6c6a

AGG AGG Partner ID Select Unselect Share

Interface Mode Ports Ports Type

----------------------------------------------------------------------
BAGG1 S none 3 0 Shar
0

0
80

The output shows that the Layer 2 aggregate interface BAGG 1 is in static aggregation
yx

mode, and its corresponding link aggregation group contains three active load-shared
selected ports.

- 285 -
yx

yx
Chapter 15 Ethernet Link Aggregation

In a link aggregation group, only selected ports can forward data traffic. A port that is down
at the physical layer is always set in unselected state.
0

0
80

80
Summary
yx

yx
Summary

 Link aggregation helps achieve link backup,

increase link bandwidth, and perform load
sharing
0

0
 Link aggregation falls into static aggregation
80

80
yx

yx
and dynamic aggregation
0

0
80

80
yx

- 286 -

Computer Networking Bible, 3 in 1
100% (2)
Computer Networking Bible, 3 in 1
151 pages
Document: Message No. FAA - CMP030
100% (1)
Document: Message No. FAA - CMP030
15 pages
Part I English
No ratings yet
Part I English
295 pages
Botpress External Pricing - Sep - 19
100% (1)
Botpress External Pricing - Sep - 19
9 pages
256 QAM Uplink LowMid Band
No ratings yet
256 QAM Uplink LowMid Band
21 pages
H3CNE - Lab Guide - scanUAE
No ratings yet
H3CNE - Lab Guide - scanUAE
147 pages
LESSON 7 - Logic Instructions
No ratings yet
LESSON 7 - Logic Instructions
9 pages
Payment Details: Tender/Proposal Detail
No ratings yet
Payment Details: Tender/Proposal Detail
1 page
Lecture 1 - Part 1 - CSE421 - Computer Networks Department of Computer Science and Engineering School of Data & Science
No ratings yet
Lecture 1 - Part 1 - CSE421 - Computer Networks Department of Computer Science and Engineering School of Data & Science
19 pages
GB0-191 Exam Syllabus For The Constructing Small - and Medium-Sized Enterprise Networks V7.0
No ratings yet
GB0-191 Exam Syllabus For The Constructing Small - and Medium-Sized Enterprise Networks V7.0
5 pages
01 Data Communication Network Basis
No ratings yet
01 Data Communication Network Basis
20 pages
Full Stack Network Engineer: Basic Training
No ratings yet
Full Stack Network Engineer: Basic Training
4 pages
CCNA INDUSTRIAL TRAINING - Vansh Chaurasia
No ratings yet
CCNA INDUSTRIAL TRAINING - Vansh Chaurasia
17 pages
CCNA Discovery DS
No ratings yet
CCNA Discovery DS
2 pages
NetAcad Networking Flyer Option 3 - Oct2020 - EN
No ratings yet
NetAcad Networking Flyer Option 3 - Oct2020 - EN
2 pages
CCNA Networking Document FrancisIGP
No ratings yet
CCNA Networking Document FrancisIGP
46 pages
Course Catalog
No ratings yet
Course Catalog
60 pages
Course Catalog
No ratings yet
Course Catalog
59 pages
CiscoNetAcadFlyer Page-0001
No ratings yet
CiscoNetAcadFlyer Page-0001
2 pages
Fast Lane - CI-CCNA
No ratings yet
Fast Lane - CI-CCNA
3 pages
Course Catalog
No ratings yet
Course Catalog
60 pages
CCNP Specifications
No ratings yet
CCNP Specifications
2 pages
Course Catalog
No ratings yet
Course Catalog
60 pages
Vlan
No ratings yet
Vlan
2 pages
Networking Essentials Product Overview
No ratings yet
Networking Essentials Product Overview
30 pages
AT A Glance
No ratings yet
AT A Glance
1 page
CCNA Discovery AAG
No ratings yet
CCNA Discovery AAG
1 page
Brochure October 2019 English
No ratings yet
Brochure October 2019 English
49 pages
Instant ebooks textbook Introduction to Networks v6 Companion Guide 1st Edition, (Ebook PDF) download all chapters
No ratings yet
Instant ebooks textbook Introduction to Networks v6 Companion Guide 1st Edition, (Ebook PDF) download all chapters
55 pages
Pierce College - Course CNE 241 Cisco CCNA 1 Introduction To Networks 5 Credits
No ratings yet
Pierce College - Course CNE 241 Cisco CCNA 1 Introduction To Networks 5 Credits
7 pages
Introduction to Networks v6 Companion Guide 1st Edition, (Ebook PDF) - The ebook in PDF format is available for download
100% (4)
Introduction to Networks v6 Companion Guide 1st Edition, (Ebook PDF) - The ebook in PDF format is available for download
62 pages
CCNA 1 Instructors Guide
No ratings yet
CCNA 1 Instructors Guide
212 pages
Network 5 - Network Safety Certification (2011) CT
No ratings yet
Network 5 - Network Safety Certification (2011) CT
104 pages
At A Glance
No ratings yet
At A Glance
2 pages
21311a04e0 1
No ratings yet
21311a04e0 1
30 pages
Academy Program The Cisco Networking: Coming Up Next
No ratings yet
Academy Program The Cisco Networking: Coming Up Next
53 pages
SevenMentor-CCNA Syllabus
No ratings yet
SevenMentor-CCNA Syllabus
20 pages
Interconnecting Cisco Network Devices Part 1 Version 1.0 (ICND 1)
No ratings yet
Interconnecting Cisco Network Devices Part 1 Version 1.0 (ICND 1)
9 pages
CCNP Aag
No ratings yet
CCNP Aag
1 page
Course Catalog PDF
No ratings yet
Course Catalog PDF
59 pages
Ccna Datasheet
No ratings yet
Ccna Datasheet
2 pages
CCNA Course Details Duration, Eligibility, Fee Structure, Career Options, Syllabus, and Salary - NCERT Books
No ratings yet
CCNA Course Details Duration, Eligibility, Fee Structure, Career Options, Syllabus, and Salary - NCERT Books
1 page
Computer Network No.1 (Introduction) From APCOMS
100% (2)
Computer Network No.1 (Introduction) From APCOMS
36 pages
CCNA Course Part-1
No ratings yet
CCNA Course Part-1
123 pages
H3CSE-Routing and Switching
No ratings yet
H3CSE-Routing and Switching
3 pages
Ccna Training Report
No ratings yet
Ccna Training Report
49 pages
Network Fundamentals Lesson Plan
No ratings yet
Network Fundamentals Lesson Plan
8 pages
Ccna
No ratings yet
Ccna
88 pages
Scope and Sequence
No ratings yet
Scope and Sequence
4 pages
Compiler Design Lab
No ratings yet
Compiler Design Lab
49 pages
Probability - Counting Techniques
No ratings yet
Probability - Counting Techniques
28 pages
6es7321 1CH20 0aa0
No ratings yet
6es7321 1CH20 0aa0
3 pages
Aol Fullz
67% (3)
Aol Fullz
44 pages
National Family Planning Month
No ratings yet
National Family Planning Month
1 page
MM 1250 Analog Eriez Model 1250 Metal Detector IOM
No ratings yet
MM 1250 Analog Eriez Model 1250 Metal Detector IOM
28 pages
Restricted Boltzman Machine
No ratings yet
Restricted Boltzman Machine
6 pages
M06. Mi Mundo en Otra Lengua Semana 1 Unidad I. Introducing Myself and Others
No ratings yet
M06. Mi Mundo en Otra Lengua Semana 1 Unidad I. Introducing Myself and Others
2 pages
Srs Document Demo
No ratings yet
Srs Document Demo
4 pages
Lambda DG
No ratings yet
Lambda DG
980 pages
Xylem Vue Powerd by Go-Aigua
No ratings yet
Xylem Vue Powerd by Go-Aigua
68 pages
Console Manu Console Manu Console Manu Console Manu Console Manual AL AL AL AL
No ratings yet
Console Manu Console Manu Console Manu Console Manu Console Manual AL AL AL AL
25 pages
Section 7
No ratings yet
Section 7
2 pages
C++ Programming Practice With Solution
No ratings yet
C++ Programming Practice With Solution
3 pages
(BRUTE - PW) 3.9k Bugor
No ratings yet
(BRUTE - PW) 3.9k Bugor
68 pages
TM02 Determine Suitability of Database Functionality and Scalability
No ratings yet
TM02 Determine Suitability of Database Functionality and Scalability
81 pages
Design Review Scope - IE
No ratings yet
Design Review Scope - IE
3 pages
spaceLYnk LSS100200
No ratings yet
spaceLYnk LSS100200
2 pages
Usmc Tree Cutting
No ratings yet
Usmc Tree Cutting
40 pages
Competence Controls V1 ENG 01 2014 Web
No ratings yet
Competence Controls V1 ENG 01 2014 Web
24 pages
DEH-80PRS Installation Manual
No ratings yet
DEH-80PRS Installation Manual
24 pages
What Is Data Transfer Instruction Process in Computer Architecture
No ratings yet
What Is Data Transfer Instruction Process in Computer Architecture
2 pages
TOS 22402 Winter 19th I SCHEME Paper Model Answer Paper
No ratings yet
TOS 22402 Winter 19th I SCHEME Paper Model Answer Paper
25 pages
Linear Graphs Table of Values Method Powerpoint
No ratings yet
Linear Graphs Table of Values Method Powerpoint
43 pages
Angry Birds - Strategic Analysis
100% (1)
Angry Birds - Strategic Analysis
36 pages