IP subnetting made easy

IP subnetting is a fundamental subject that’s critical for any IP network engineer to understand, yet students have traditionally had a difficult time understanding it. Over the years, I’ve watched students needlessly struggle through school and in practice when dealing with subnetting because it was never explained to them in an easy-to-understand way. I’ve helped countless individuals learn what subnetting is all about using my own graphical approach and calculator shortcuts, and I’ve put all that experience into this article.


Cisco Discovery Protocol (CDP)

The Cisco Discovery Protocol (CDP) is a media- and network protocol independent layer 2 protocol that is used to discover information about neighboring network devices. Because CDP operates at the Data Link layer, it doesn’t need a network layer protocol, such as IP or IPX, to transfer information. CDP devices send out periodic advertisements to the MAC multicast address 0100.0ccc.cccc, every 60 seconds by default. The holdtime is 180 seconds by default, when exceeded without receiving advertisements the CDP entry is removed from the CDP table.

CDP runs on all Cisco equipment including routers, switches, bridges and access servers. It gathers information about neighboring devices such as the type of device, software version, and network layer addresses, if configured. This information is stored in a table in the device’s RAM.

CDP is enabled by default, use the following command in global configuration mode to disable CDP for the entire router:
Router(config)# no cdp run

To see if CDP is enabled for the router, and display the current CDP timers, use the following command:
Router> show cdp

To disable CDP on a particular interface, use the following command in interface configuration mode:
Router(config-if)# no cdp enable

One of the most important commands regarding CDP is the show cdp neighbors command. It displays the following information:

* type of device that is discovered
* name of the device
* number and type of the local interface (port)
* number of seconds the CDP advertisement is valid for the port
* device type
* device product number
* port ID

Router02> show cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge S – Switch, H – Host, I – IGMP, r – Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
Router01 Ser 0 154 R 2500 Ser 0

When the detail option is added to the command, it will display the following additional information per discovered device:

* Network layer addresses (IP, IPX, AppleTalk, etc.)
* IOS version

Router02> show cdp neighbors detail
Device ID: Router01
Entry address(es):
IP address:
Platform: cisco 2500, Capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime : 126 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-D-L), Version 12.0(9), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 20-Oct-2003 07:29 by jhiemstra

Besides using the built-in IOS commands to display the information gathered by CDP, CDP can also be used in combination with SNMP and a Network Management Station to gather and store information.

The following commands are most probably not part of the CCNA exam(s) but are included for completeness.

Router> show cdp entry [* | ID]
Displays all entries or a specific entry of the CDP table. The show cdp entry * results in the same output as the show cdp neighbors detail command. Specify the Device ID to display a specific entry. Mind that the Device ID is case sensitive.

The show cdp interface command displays the interfaces for which CDP is enabled including the encapsulation type and CDP timers.

The following command displays the CDP counters regarding CDP packets sent and received as well as error statistics:
Router02> show cdp traffic
CDP counters :
Packets output: 48, Input: 36
Hdr syntax: 0, Chksum error: 0, Encaps failed: 6
No memory: 0, Invalid packet: 0, Fragmented: 0

The default update timer of 60 seconds can be changed using the cdp timer command in global configuration mode. For example, the following commands will configure the router to send CDP advertisements every 90 seconds:
Router(config)# cdp timer 90

The default holdtime of 180 seconds can be changed using the cdp holdtime command in global configuration mode:
Router(config)# cdp holdtime 270

To disable CDP globally on a Catalyst 1900 switch (not relevant for CCNA), use the following command:
Console> (enable) set cdp disable

Alternatively, CDP can be disabled on a particular interface. In the following example CDP is disabled for the port 12 on a module 1:
Console> (enable) set cdp disable 1/12

Author: Johan Hiemstra

IP Access Lists

Access lists allow Cisco routers to function as a packet filter and are supported for several protocols. The most common of these protocols are listed in the following table:

Protocol Range
IP standard 1 to 99 (and 1300 to 1999 in IOS 12.0 and higher)
IP Extended 100-199 (and 2000 to 2699 in IOS 12.0 and higher)
Ethernet type code 200-299
DecNet 300-399
XNS 400-499
Extended XNS 500-599
AppleTalk 600-699
Ethernet address 700-799
IPX Standard 800-899
IPX Extended 900-999
IPX SAP 1000-1099

Access lists are lists of rules that either permit or deny certain inbound or outbound traffic from and to particular hosts or networks. The access list and its rules are applied to one or more interfaces on the router. When the router routes traffic through these interfaces, the rules in the list are processed sequential, looking for a matching rule permitting the traffic to pass. When there is not a matching rule permitting the traffic to pass, it is denied by default because of the implicit deny any at the end of each rule. For example, if you deny telnet traffic to host using the rule: access-list 110 deny TCP any host eq TELNET and this would be the only rule in the access list, you would effectively deny all IP traffic from entering or leaving the router’s interface.

The implicit deny all, for many, is a confusing part of access lists and often forgotten in practice while in fact it is very logical. If you want to protect a network using a packet filter, you would typically start out with denying all traffic, and from there permit certain hosts or networks to communicate certain traffic.

In addition to protecting private networks from external intruders, access lists are also commonly used to manage network traffic. For example, if you do not want certain protocols or services available in particular subnets you can block only those ports but permit all other traffic. This is also used as an effective way to prevent traffic such as ICMP messages and routing updates from traveling over certain links.

Standard IP Access Lists

Standard IP access lists are used to permit/deny traffic from or to one or more IP addresses.

Use the global exec access-list command to create access lists:
router(config)#access-list number deny|permit source|any [log]

Use the Interface config mode access-group command to bind the access list to an interface: router(config-if)#ip access-group number in|out

For example, to deny hostC from sending traffic to the WAN in the network depicted in the diagram below, use the following commands.

router(config)#access-list 10 deny router(config)#access-list 10 permit any router(config)#interface ethernet 0 router(config-if)#ip access-group 10 in

accesslist1 IP Access Lists

When traffic is send to the router’s Ethernet interface the rules in access list 10 are processed, if the traffic is send by hostC the router drops the packets and stops processing the rules. The rule access-list 10 permit any is included because of the implicit deny. There must be at least one ‘permit’ rule otherwise the protocol is completely disabled for the interface as soon as you bind it.

Wildcard Masks/Inverse Masks

Instead of specifying a single IP address, you can also permit or deny networks/subnets entirely or partly by using wildcard masks, also known as inverse masks. To understand this concept, it helps a lot if you have some basic understanding of subnetting.

The first example is simple: if you want to deny access to all hosts in the network with subnet mask you would use as the source in the access-list command. When the router checks if the addressing information of an incoming packet matches the denied address specified in the access list, it only cares about the part of the address where the corresponding bits in the inverse mask are 0. The part of the address where the corresponding bits in the inverse mask are set to 1 can be anything (in this example 0 to 255).

In other situations, where you want to specify a range of addresses that does not have the boundary between 0s and 1s exactly between octets, you might need to convert it all to binary to determine the inverse mask. For example, you want to specify the network with the subnet mask When you convert this mask to binary it shows that in this subnet mask the first 20 bits are set to 1 (11111111.11111111.11110000.00000000), so the inverse mask would have the first 20 bits set to 00000000.00000000.00001111.11111111 which is in decimal notation. This would specify the address range to

If you want the source or destination to be any host from any network you could use the address with the inverse mask, but to save you from pressing so much keys you can use the keyword any instead.

In Extended Access lists the keyword host can be used to replace the inverse mask. Instead of specifying a single address with you can use host

Extended IP Access Lists

Extended IP access lists offer more granular control compared to standard lists that only allow you to deny or permit traffic from a certain source. Extended access lists allow you to control TCP/IP traffic based on the Transport protocol being used (TCP or UDP) and the service or application (e.g. SMTP, Telnet) from source addresses AND destination addresses.

Use the global exec access-list command to create the access lists. This command supports numerous arguments, most of them are beyond the scope of the CCNA exam. At the bottom of this TechNote are links to documents at Cisco.com explaining the complete syntax. Nevertheless, here is the most important part:
router(config)#access-list number deny|permit protocol source|any destination|any

When TCP or UDP is used as the protocol argument two other important arguments are operator port. The port argument can be a TCP or UDP port number or name (e.g. 21 or FTP, 23 or TELNET, 123 or NTP), the operator is usually eq which means equal, other options include lt (less than) and gt (greater than).

Use the Interface config mode access-group command to apply the access list to an interface: router(config-if)#ip access-group number in|out

Take a look at the diagram below for example:

accesslist2 IP Access Lists

You can prevent SMTP traffic originating from the WANs from traveling over link A to an SMTP server wuth destination by putting an outbound extended IP access list on the Serial 0 interface of RouterX and using the following commands on RouterX (or RouterY):

router(config)#access-list 105 deny TCP any host eq SMTP
router(config)#access-list 105 permit IP any any
router(config)#interface serial 0
router(config-if)#ip access-group 105 out

Following is another example using the same diagram above. It shows how you can use extended access lists to control ICMP traffic (used for utilities such as ping and trace). For example, to deny the hosts in the Ethernet network attached to RouterY to use ICMP to communicate with hosts on the other side of the router, use the following commands on RouterY:

router(config)#access-list 102 deny icmp any
router(config)#access-list 102 permit IP any any
router(config)#interface serial 1
router(config-if)#ip access-group 102 out

The following command allows you to remove an access list from interface:
router(config-if)#no ip access-group number|name in|out
For example: router(config-if)#no ip access-group 102 out

The following commands allows you to completely delete an access list from the configuration:
router(config)#no access-list number|name
For example: router(config)#no access-list 102

Named Access Lists

If your router is running IOS 11.2 or higher, you can create named access lists. Instead of choosing a number between 1-99 for standard IP access lists, you can use a custom name allowing for more lists and more convenient management. The commands to create a named access list are different for standard and extended access lists.

To create a named access list, use the following command in global configuration mode:
router(config)#ip access-list {standard | extended} name

This command will take you into access-list configuration mode where you can define the deny and permit rules. For example to create a named access list with the name wwwfilter and permit only access from the networks, and use the following commands:

router(config)#ip access-list standard wwwfilter

Use the exit command to exit access-list configuration mode.

A named list is applied to an interface in the same way as with numbered lists:
router(config-if)#ip access-group wwwfilter out

VTY Lines

You can also use standard access lists to limit access to VTY lines. For example:

router(config)#access-list 5 permit
router(config)#line vty 0 4
router(config)#access-class 5 in

Monitoring and Verifying

The following commands are useful for monitoring and verifying the operation of access lists.

The show ip interface command displays which access lists are applied to the specified interface, for example:
router(config)#show ip interface serial 1

The following command displays the contents of an access list, and if applied to an interface, the number of matches per permit/deny rule:
router(config)#show access-lists number|name

If you do not specify an access-list number or name, all the current access lists will be displayed. You can also use the show ip access-lists command to display one or all of the current IP access lists.

Author: Johan Hiemstra

Integrated Services Digital Network (ISDN)


Integrated Services Digital Network, a circuit-switching network used for voice, data and video transfer over existing copper telephone lines. ISDN is a bit similar to the normal telephone system but it is faster and needs less time to setup a call. ISDN runs on the bottom three layers of the OSI reference model.

There are several types of ISDN channels, the two main being the 64 Kilobits per second B-channel for data, and the D-channel for control information. Two B-channels + one D-channel make up ISDN BRI (Basic-Rate Interface), some Remote Access servers support a feature called multilink allowing both B-channels to be combined in a single virtual link of 128 Kbps. In SOHO networks often 1 B-channel is used for data (an internet connection for example) and 1 B-channel is used for voice (connected to a digital telephone for example). The US and Japanese version of ISDN PRI (Primary-Rate Interface) is made up of 23 B-channels (total rate of 1.472 Mbps) and 1 D-channel. The European and Australian version supports 30 B-channels (total rate of 1.984 Mbps) and 1 D-channel.
A common implementation of these two types of ISDN is a remote access solution with ISDN PRI at the corporate network supporting 23 dial-in connections for employees with ISDN BRI at home. Also an ISDN BRI connection is often implemented as a backup line between routers in WANs such as in a Frame Relay network as shown in the following image:

isdn bu fr Integrated Services Digital Network (ISDN)

Besides this dial-up ISDN configuration for backup and other Dial on Demand Routing (DDR) configurations another service offered are ISDN BRI leased-line connections, the difference is they always use both data channels for the connection to the ISDN service provider and ISDN BRI leased-lines are always active.

ISDN Function groups

The ISDN function groups represent the devices in an ISDN environment such as terminals, terminal adapters, network-termination devices and line-termination equipment. The following table lists these devices:

TE1 (Terminal Equipment 1) Specialized ISDN terminals that understand the ISDN standards, for example an ISDN telephone.

TE2 (Terminal Equipment 2) Non-ISDN Terminals that need a Terminal Adapter (TA) to connect to an ISDN network, for example a regular telephone.

TA (Terminal Adapter) Converts some other form of signaling to ISDN to allow non-ISDN devices (TE2) to work the 2-wire ISDN network.

NT1 (Network Termination 1) Connects TE1 or TA devices to the ISDN network. In the US, the NT1 is located at the customer’s premises and owned by the customer. In other parts of the world the NT1 is usually provided by the carrier (typically a telephone company).

NT2 (Network Termination 2) The NT2 is a physical device that interfaces the NT1 to different types of devices (TE1 or TA). In most cases it is a PBX at the customer’s premises.
Take for example an apartment building or campus, if have a demand for ISDN lines from your renters (customers) you can order an ISDN PRI and connect it to your local PBX. You can then extend the ISDN service to any place in the building(s).

The following image shows the various function groups and reference points.

isdn ref func Integrated Services Digital Network (ISDN)

The following image illustrate some real-life situations. As you can see the NT2 is left out, most NT1 adapters today have a U interface on one side and an s/t on the other so you simply plug your TE1 or TA into the NT1 and you’re good to go.

isdn Integrated Services Digital Network (ISDN)

The following image shows two type of routers, the upper is usually used in North America where the demarcation point between the customer premises and the carrier’s network is the U reference point, this router is actually a TE1 with a built-in NT1 and is also known as a ‘U router’. The other router is used in most other parts of the world where the NT1 is provided by the telco, this router is actually a TE2 with a built-in TA and is also known as a ‘S/T router’.

isdnrouters Integrated Services Digital Network (ISDN)

ISDN Reference points

ISDN specifies four reference points that define the logical interfaces/connections between function groups (also represented in the mage below):
R defines the reference point between non-ISDN equipment (TE2) and a TA.
S defines the reference point between and an NT2.
T defines the reference point between NT1 and NT2 devices.
U defines the reference point between NT1 devices and line-termination equipment in a carrier network. Relevant in North America where the NT1 function isn’t provided by the carrier network.

ISDN protocols

ISDN protocols are defined in ITU protocols that operates on the Physical, Data Link and Network layer of the OSI model. There are several series of protocols dealing with different issues:
E series defines the use of ISDN on the existing telephone network.
I series deals with concepts, aspects, and services.
Q series covers switching and signaling. The LAPD protocol is formally specified in ITU-T Q.920 and ITU-T Q.921. LAPD is the signaling protocol used on the D-channel in ISDN BRI and PRI.

Configure ISDN BRI and Legacy DDR

Configuring ISDN may seem to be complex but is rather simple in basic situations. The diagram below shows a typical setup connecting two remote offices using an ISDN dial-up configuration.

isdn log 2routers Integrated Services Digital Network (ISDN)

First the ISDN switch type must be configured and should match the carrier’s equipment. You can use the isdn switch-type command in both global config mode (required) and interface configuration mode (optional if different per interface). For example:
Router(config)#isdn switch-type basic-dms100
The correct switch type should be supplied by the carrier. Click here for a table at Cisco.com listing the ISDN BRI service provider switch types. If you change the switch-type, you must reload the router for the new switch type to take effect.

Although ISDN supports several upper-layer protocols such as IP, IPX and Appletalk, typically IP is used and this is also the one relevant to the CCNA exam. Configuring an IP address on an ISDN BRI interface is done in the same way as configuring an IP address for any other interface such as Ethernet or Serial:
Router(config)#interface bri 0 (to enter interface config mode)
Router(config-if)#ip address

Some service providers require the use of SPIDs for your ISDN device to be able to place or receive calls. A SPID is usually the telephone number of the channel with some optional numbers which can be used to identity the service(s) the customer is subscribed to. The SPID numbering scheme depends on the service provider and the switch-type. For example, the DMS-100 switch type requires a SPID for each B channel.
Router(config-if)#isdn spid1 5055551234 0111 (B1 channel)
Router(config-if)#isdn spid2 5055551235 0111 (B2 channel)

The default encapsulation type for each B-channel is HDLC, however PPP encapsulation is recommended over HDLC in order to allow the use of CHAP authentication. The encapsulation type can be configured using the following command in interface configuration mode:
Router(config-if)#encapsulation ppp

Now to configure the actual part that maps the link to the network layer using the dialer map command, it defines the remote host where the calls are going, specifies whether broadcast messages will be sent and the dialing string to use to set up the call. Here’s the syntax of the command:
Router(config-if)#dialer map protocol next-hop-address name remote-name speed 56|64 dial-string
We’ll break down the command using example options:
Router(config-if)#dialer map ip name RouterB speed 64 broadcast 55588613213

- The IP address of the remote router’s BRI interface used in this command is the next hop. In the global configuration you will have to define a static route to the remote network pointing to the next hop address used in the dialer map command. The use of static routes is very important, since you don’t want to use dynamic routing protocols for this type of connection because the routing updates will keep the link up.
- The remote name in name remote-name is the hostname of the other router.
- speed defaults to 64 (in kilobits) but you may need to set it to 56 in some situations.
- The broadcast option specifies whether broadcast packets such as routing updates are sent.
- The dial-string is the telephone number that should be dialed when making an outgoing connection. You can leave out this number to configure the interface to only accept incoming connections.

The following commands will define “interesting” traffic that will cause the router to place a call make the connection. For example if you want the router to dial-in for all IP traffic you need to configure a dialer-list and bind it to the BRI interface:
Router(config)#dialer-list 1 protocol ip permit
Router(config)#int bri0
Router(config-if)#dialer-group 1

You can also use regular or extended access lists to permit all traffic except HTTP/HTTPs for example. Instead of using the options in the dialer-list command above you would specify the access list:
Router(config)#dialer-list 1 protocol ip list 101

The following command makes the router disconnect calls that haven’t had any interesting traffic for the configured time:
Router(config-if)#dialer idle-timeout seconds

To add some level of security and to identify the router when it dials out, you should use the Challenge Handshake Authentication Protocol (CHAP). The hostname of the router is used to identify the router to another router when sending messages.
Router(config-if)#ppp authentication chap

The global configuration username command is required when CHAP is used to specify the CHAP secret message to use when challenged by another router. Important to know is that the two routers that need to talk must share the same password.
Router(config)#username routerB password password

PPP Multilink

Multilink is a feature that enables the use of both B-channels combined for one call. To turn on multilink use the following command:
Router(config-if)#ppp multilink

Use the following command to specify when the second B-channel should kick-in (bandwidth on demand). When the total load for this connection reaches this threshold, it brings up the other B channel. This value represents a utilization percentage; it is a number between 1 and 255, where 255 is 100 percent.
Router(config-if)#dialer load-threshold 60


Here are some commonly used show commands used to monitor and troubleshoot ISDN:

Router(config)#show interfaces bri number
Displays information about the physical attributes of the ISDN BRI B and D channels.

Router(config)#show controllers bri number
Displays protocol information about the ISDN B and D channels. Checks Layer 1 (physical layer) of the BRI.

Router(config)#show isdn {active | history | memory | status | timers}
Displays information about calls, history, memory, status, and Layer 2 and Layer 3 timers.

Router(config)#show dialer interface bri number
Obtains general diagnostic information about the specified interface. Checks Layer 3 (network layer).

Router(config)#show isdn status
Use to verify that ISDN BRI Layer 1 is ACTIVE, LAYER 2 State is MULTIPLE_FRAME_ESTABLISHED, and the service profile identifiers (SPIDs) are valid.

Router(config)#debug q921
Checks Layer 2 (data link layer).

The following three commands offer more advanced methods to check Layer 3 (network layer) operation:

Router(config)#debug isdn events
Router(config)#debug q931
Router(config)#debug dialer

Author: Johan Hiemstra

7-layer OSI MODEL

The OSI (Open System Interconnection) model is developed by ISO in 1984 to provide a reference model for the complex aspects related to network communication. It divides the different functions and services provided by network hardware and software in 7 layers. This facilitates modular engineering, simplifies teaching and learning network technologies, helps to isolate problems and allows vendors to focus on just the layer(s) in which their hardware or software is implemented and be able to create products that are compatible, standardized and interoperable.
The diagram below shows the 7 layers of the OSI Model, to remember them in the correct order a common mnemonic is often used: All People Seem To Need Data Processing.
osilayer encap 7 layer OSI MODEL
The Application, Presentation and Session layer are known as the Upper Layer and are implemented in software. The Transport and Network layer are mainly concerned with protocols for delivery and routing of packets to a destination and are implemented in software as well. The Data Link is implemented in hard- and software and the Physical layer is implemented in hardware only, hence its name. These last two layers define LAN and WAN specifications.

A more detailed description of each layer follows below, but here’s what basically happens when data passes from Host A to Host B:
1. the Application, Presentation and Session layer take user input and converts it into data,
2. the Transport layer adds a segment header converting the data into segments,
3. the Network layer adds a network header and converts the segments into packets ,
4. the Data Link layer adds a frame header converting the packets into frames,
5. the MAC sublayer layer converts the frames into a bits which the Physical layer can put on the wire.

The steps are known as the 5 steps of data encapsulation. When the bits stream arrives at the destination, the Physical layer takes it of the wire and converts it into frames, each layer will remove their corresponding header while the data flows up the OSI model until it is converted back to data and presented to the user, this is known as decapsulation.


The Application layer provides network services directly to the user’s application such as a web browser, email software and Windows Explorer. This layer is said to be “closest to the user”.
Protocols that operate on this layer include: TELNET, HTTP, FTP, TFTP, SMTP, NTP, SNMP, EDI.


This layer ‘represents’ the data in a particular format to the Application layer. It defines encryption, compression, conversion and other coding functions.
Specifications defined at this layer include: GIF, TIFF, JPEG, MPEG, MIME, and ASCII.


Establishes, maintains and terminates end-to-end connections (sessions) between two applications on two network nodes. It controls the dialogue between the source and destination node, which node can send when and how long. Also provides error reporting for the Application, Presentation and Session layer.
Protocols/API’s that operate on this layer include: RPC, SQL, NETBIOS.


This layer converts the data received from the upper layers into segments. The Transport layer is responsible for end-to-end (also called source-to-destination) delivery of entire messages. Provides end-to-end connectivity, it allows data to be transferred reliably and sequencing to guarantee that it will be delivered in the same order that it was sent. Provides services such as error checking and flow control (software).
Protocols that operate on this layer: TCP, UDP, NETBEUI, SPX.

These protocols are either connectionless or connection-oriented:

Connection-oriented means that a connection (a virtual link) must be established before data can be exchanged. This can guarantee that data will arrive, and in the same order it was sent. It guarantees delivery by sending acknowledgements back to the source when messages are received. TCP is an example of an connection-oriented transport protocol.

A common example of connection-oriented communication is a telephone call: you call, the ‘destination’ picks up the phone and acknowledges and you start talking (sending data). When a message or a piece of it doesn’t arrive, you say: “What!?” and the sender will retransmit the data.

Connectionless is the opposite of connection-oriented; the sender does not establish a connection before it sends data, it just sends without guaranteeing delivery. UDP is an example of an connectionless transport protocol.


This layer converts the segments from the Transport layer into packets (or datagrams) and is responsible for path determination, routing, and the delivery of these individual packets across multiple networks without guaranteed delivery. The network layer treats these packets independently, without recognizing any relationship between those packets, it relies on upper layers for reliable delivery and sequencing.
Also this layer is is responsible for logical addressing (also known as network addressing or Layer 3 addressing) for example IP addresses
Examples of protocols defined at this layer: IP, IPX, AppleTalk, ICMP, RIP, OSPF, BGP, IGRP, EIGRP, NLSP, ARP, RARP, X.25
Devices that operate on this layer: Routers, Layer 3 Switches.

Network layer addresses
Also known as Layer 3 or Logical addresses. These type of addresses are protocol-dependent, for example if the network protocol is IP, IP addressing will be used which is made up of a network part and a host part and needs a subnet mask to determine the boundaries of these parts. An example of an IP address is: and a subnet mask:
Another example is Novell’s IPX addressing, which uses a combination of a hexadecimal network address + the layer 2 MAC address to form a network layer address, for example” 46.0010E342A8BC


The Data Links provides transparent network services to the Network layer so the Network layer can be ignorant about the physical network topology and and provides access to the physical networking media. Responsible for reassambling bits taken of the wire by the Physical layer to frames, makes sure they are in the correct order and requests retransmission of frames in case an error occurs. Provides error checking by adding a CRC to the frame, and flow control. Examples of devices that operate on this layer are switches, bridges, WAPs, and NICs.

IEEE 802 Data Link sub layers

Around the same time the OSI model was developed, the IEEE developed the 802-standards such as 802.5 Token Ring and 802.11 for wireless networks. Both organizations exchanged information during the development which resulted in two compatible standards. The IEEE 802 standards define physical network components such as cabling and network interfaces, and correspond to the Data Link and/or Physical layer of the OSI model. The IEEE refined the standards and divided the Data Link layer into two sublayers: the LLC and the MAC sub layer.

- LLC sublayer

LLC is short for Logical Link Control. The Logical Link Control is the upper sublayer of the Data Link layer. LLC masks the underlying network technology by hiding their differences hence providing a single interface to the network layer. The LLC sublayer uses Source Service Access Points (SSAPs) and Destination Service Access Points (DSAPs) to help the lower layers communicate to the Network layer protocols acting as an intermediate between the different network protocols (IPX, TCP/IP, etc.) and the different network types (Ethernet, Token Ring, etc.) This layer is also responsible for frames sequencing and acknowledgements.
The LLC sublayer is defined in the IEEE standard 802.2.

- MAC sublayer

The Media Access Control layer takes care of physical addressing and allows upper layers access to the physical media, handles frame addressing, error checking. This layer controls and communicates directly with the physical network media through the network interface card. It converts the frames into bits to pass them on to the Physical layer who puts them on the wire (and vice versa)

IEEE LAN standards such as 802.3, 802.4, 802.5 and 802.10 define standards for the MAC sublayer as well as the Physical layer.

Other standards on this layer include: X.25 and Frame Relay

Data Link layer addresses
Also known as layer 2 addresses, BIAs (Burned-in Address), physical address and most commonly referred to as MAC address. This is a fixed address programmed into a NIC or a router interface for example.
00-10-E3-42-A8-BC is an example of a MAC address. The first 6 hexadecimal digits (3 bytes) specify the vendor/manufacturer of the NIC, the other 6 digits (3 bytes) define the host.
The layer 2 broadcast address is FF-FF-FF-FF-FF-FF.


This layer communicates directly with the physical media, it is responsible for activating, maintaining and deactivating the physical link. It handles a raw bits stream and places it on the wire to be picked up by the Physical layer at the receiving node. It defines electrical and optical signaling, voltage levels, data transmission rates and distances as well as mechanical specifications such as cable lengths and connectors, the amount of pins and their function.
Devices that operate on this layer: HUBs/concentrators, repeaters, NICs, and LAN and WAN interfaces such as RS-232, OC-3, BRI, V.24, V.35, X.25 and Frame Relay.

TCP/IP stack vs. the DoD Model

TCP/IP operation is defined in its own model: the DoD model. DoD is short for Department of Defense, who desgined TCP/IP for ArpaNet. ALthough they are similar, in contrary to the 7-layer OSI model the DoD model has 4 layers. Each DoD layer and its functions corresponds to 1 or more OSI layers and their functions, which is represented in the image below:
dod vs osi 7 layer OSI MODEL

For the CCNA exam you don’t need to know the DoD model in detail, but if you know the OSI model and the related DoD layers you can easily identify the layer at which a certain protocol or standard is specified, for example:
Process/Application: Telnet, FTP, SMTP, HTTP, SNMP, etc.
Host To Host: TCP UDP
Internet: IP, ICMP, ARP, RARP, BootP, etc.
Network Access: Ethernet, Fast Ethernet, Token Ring, FDDI, etc.

Author: Johan Hiemstra

LAN Technologies


Ethernet was developed by DIX (Digital, Intel and Xerox) in the 1970s. In 1980 the IEEE 802.3 standard was released. Two years later version 2 was introduced, which is the basis for today’s Ethernet networks. The access method (how the wire is accessed) is Carrier Sense Multiple Access/Collision Detection (CSMA/CD). In a CSMA/CD network stations listen to check if the network is busy, if the network is free the station transmits data. When two stations listen, and both determine the network is available, they will start sending the data simultaneously and a collision occurs. When the collision is detected both stations will retransmit the data after a random wait time created by a backoff algorithm. In today’s large-fast-growing-bandwidth-eating network environments this will soon become a problem, stations will have to wait more often before they can transmit data and more collisions will occur. The solution to this is to separate the network in multiple collisions domains, which devices can be used for this purpose will be explained using a network diagram for each of the following relevant network components.

An Ethernet network is a broadcast system, this means that when a station transmits data every other station receives the data. The frames contain an address in the frame header, only the station with that address will pick up the frame and pass it on to upper-layer protocols to be processed.


All devices in this domain will receive broadcast frames originating from any other device within the domain. Broadcast domains are typically bounded by routers because routers do not forward broadcast frames. Broadcast frames are frames explicitly directed to all nodes on the LAN, as networks grow this will become a problem as well.

A repeaters is a simple device that is used to expand LANs over larger distances by connecting segments. They do not control broadcast or collision domains, they are not aware of upper-layer protocols and frame formats, they merely regenerate/amplify the signal. Repeaters operate at the Physical layer of the OSI model. An important rule when using repeaters to expand a network is the 5-4-3 rule, which defines that the maximum distance between two hosts on the same network can be 5 segments, 4 repeaters, and only 3 of the segments can be populated, as illustrated in the following logical network diagram:
LAN+Technologies+1 LAN Technologies HUBS/CONCENTRATORS

Hubs, also known as concentrators or multiport repeaters, are used in star/hierarchical networks to connect multiple stations/cable segments. There are two main types of hubs: passive and active. An active hub takes the incoming frames, amplifies the signal, and forwards it to all other ports, a passive hub simply splits the signal and forwards it. Another type of hubs can be managed allowing individual port configuration and traffic monitoring, these are know as intelligent- or managed hubs.

Hubs operate on the physical layer of the OSI model and they are protocol transparent, that means they are not aware of the upper-layer protocols and such as IP, IPX nor MAC addressing. Hence they do not control broadcast or collision domains, but they extend them as illustrated below:
LAN+Technologies+2 LAN Technologies

Bridges are more intelligent than hubs; they operate on the Data Link layer of the OSI model.
They are used to increase network performance by segmenting networks in separate collision domains. Bridges are also protocol transparent, they are not aware of the upper-layer protocols. They keep a table with MAC addresses of all nodes, and on which segment they are located.
A bridge takes an incoming frame, reads its destination MAC address and consults the database to decide what should be done with the frame; if the location of the destination MAC address is listed in the database, the frame is forwarded to the corresponding port. If the destination port is the same as the port where the frame arrived it will be discarded. If the location is not known the frame will be flooded through all outgoing ports/segments.

As illustrated below, bridges control collision domains, they do not control broadcast domains:
LAN+Technologies+3 LAN Technologies

To improve network performance even more switches were developed, switches are very similar to bridges; they also keep a table with MAC addresses per port to make switching decisions, operate in the OSI model and are protocol transparent.
Some of the main differences are:
- a switch has more ports than a bridge
- bridges switch in software whereas switches switch in hardware (integrated circuits)
- switches offer more variance in speed, an individual port can be assigned 10 Mb/s or 100 Mb/s or even more.

As illustrated below, switches control collision domains, they do not control broadcast domains*:
LAN+Technologies+4 LAN Technologies
* Do not control broadcast domains unless Virtual Local Area Networks (VLANs) are being used, and most modern switches do support VLANs. The following diagram represents a router configured with two VLANs. Like in the previous diagram each port forms an collision domain, but as you can see in this diagram the network is separated in two broadcast domains using VLANs. If the network protocol used in this network would be TCP/IP the VLANs would each have its own (sub-)network address, for example VLAN 1 could be Class C 192.168.110.x and VLAN 2 192.168.220.x.
LAN+Technologies+5 LAN Technologies
Switches are able to use software to create Virtual LANs; a logical grouping of network devices where the members can be on different physical segments. A VLAN can be based on Port IDs, MAC addresses, protocols or applications. For example in the network diagram above port 1 to 12 on the switch could be assigned to VLAN 1, and port 13 to 24 to VLAN 2, resulting in two different broadcast domains, or station 1, 2 and 3 could be using IPX/SPX while station 4, 5 and 6 could be using TCP/IP.

An example of a large network with VLANs could be an office building with a switch on each of the three floors and a main switch connecting them all together. An administrator would be able to keep a list of MAC addresses and assign stations from different floors to a single VLAN and for example create a VLAN (broadcast domain) for each department in the company. Switches share their MAC address table information with other switches so the path to a destination can be found quickly.


Routers are used to interconnect multiple (sub-)networks and route information between these networks by choosing an optimal path (“route”) to the destination. They operate on the Network layer (Layer 3) of the OSI model and in contradiction to hubs, bridges and switches, routers are protocol-aware. Examples of these protocols are: IP, IPX, and AppleTalk. Routers make forwarding decisions based on a table with network addresses and there corresponding ports, this table is known as the route table. Common use of routers is to connect two different type of networks (for example Ethernet and Token ring) or to interconnect LANs into a WAN. The concept of routing will be covered in more detail in the Routing Protocols TechNote.

As illustrated below, routers control collision domains AND broadcast domains:
LAN+Technologies+6 LAN Technologies

A gateway (as a network component) is a device that connects networks with dissimilar network protocols or architectures and translates between the networks. Gateways are very intelligent devices, generally they operate on the Transport layer and on those above it (Session, Presentation, Application). A gateway could be used to allow IPX/SPX clients to use a gateway with a TCP/IP uplink to an internet connection. TCP/IP would be converted to IPX/SPX. Another common use of a gateway is to connect an Ethernet network to an IBM SNA mainframe environment.


A NIC (Network Interface Card) is an expansion cards for a computer used to connect a to the physical network. The NIC’s interface itself is defined at the Physical layer (Layer 1) of the OSI model, the physical address (also known as Burned-In Address and commonly: MAC address) of the adapter as well as the drivers to control the NIC are located at the Data Link layer’s MAC sub-layer. The reason the physical address is defined at the Data Link layer is that the Physical layer only handles bits.

Half duplex
Half-duplex means that only one host can communicate at a given time, two hosts communicating with each other will take turns transmitting. This is the default on non-switched LANs.

In full-duplex communication both hosts can transmit at the same time, theoretical allowing twice as much data to be transmitted over the same connection.
In order for full-duplex to work, some requirements must be met:
- The NICs, hubs etc. must support it,
- Collision Detection and Loopback functions must be disabled.
In reality the connections able to run at full-duplex are cross-cable connections and connection to a port on a switch, where collisions cannot occur because each end has it’s own wire pair (segment).

Author: Johan Hiemstra