Cisco Basics: Spanning Tree

Spanning Tree is a network protocol designed to prevent network loops. A loop exists at Layer 2 of the OSI model where there are multiple paths between any two devices. If you draw out a network diagram consisting of multiple switches, and can connect any two devices in more than one way there is potentially a loop in your network.

Loops cause problems when it comes to broadcast traffic. When a device sends a broadcast frame a switch will see it and forward the frame out of all ports except the one it received it on. With loops in the network this means that the frame will be broadcast indefinitely, as a switch will see the frame more than once.

Spanning Tree was introduced to prevent switching loops, but also allows for some redundancy in the design of a network. Spanning Tree will have a view of a network and calculates the most efficient paths between switches. Should a connection between switches fail a spare path that would have previously created a loop will become available in around a minute.

Traditionally when you plug a switch into a network it will immediately begin forwarding data, with spanning tree a device first waits to receive special frames known as BPDU’s. Each switch port will go through a series of states whilst waiting for these frames.
Continue reading Cisco Basics: Spanning Tree

Cisco Basics: Access Lists

Access lists allow you to group network objects such as IP addresses, services or users and act upon that information. They are most commonly used to permit or deny certain types of traffic though they are used for a variety of other things (filtering out routes for example).

Cisco IOS routers and switches have two types of access control list:

  • Standard
    Can only filter based on source IP address
  • Extended
    Can filter based on source or destination IP address, or certain Layer-4 protocols such as TCP or UDP

When configuring access control lists (ACL’s) they can be configured as either numbered on named. Numbered ACL’s can not be edited once created. To alter a numbered ACL it must be removed and re-created. Named ACL’s can be modified after creation.

Continue reading Cisco Basics: Access Lists

Cisco Basics: NAT and PAT

Address Translation commonly referred to as either NAT or PAT is the process of altering traffic as it passes through a router so that it appears to come from different addresses. Address translation is particularly useful due to the limited supply of IPv4 addresses. Networks can have a much larger number of internal-only addresses behind a smaller number (usually one) public internet address.

The translation process is performed by a router usually on the edge of a network, connecting to an internet service provider. In routed networks usually just the source and destination MAC address are changed as they pass through routers, with address translation the source IP address (and port) is also changed.

Generally speaking, there are two types of address translation:

  • NAT
    Network Address Translation translates the source address to one from a list of public addresses. The downside to this approach is that for each internal host on the network you also need an external address.
  • PAT
    Port Address Translation usually has a single outside IP address and alters the source port when traffic leaves the router, that way traffic can be mapped back to internal addresses

Cisco has a few different NAT configurations depending on the scenario, I’ll cover them in more detail below. Before we get started, let’s assume we have the following configuration:

! Internal interface representing a LAN
interface FastEthernet0/1
 ip address

! Outside interface representing the internet
interface FastEthernet0/2
 ip address

The first thing we need to do is specify which interface is inside our network and which is outside:

Router(config)# int Fa0/1
Router(config-if)# ip nat inside
Router(config-if)# int Fa0/2
Router(config-if)# ip nat outside

When executing the “ip nat inside/outside” commands the router may hang for a second, it’s normal behaviour. This doesn’t usually happen in Packet Tracer but may do on production devices.
Continue reading Cisco Basics: NAT and PAT