SAMCOM SOLUTIONS

Address Resolution Protocol (ARP)

Two types of addressing are used to identify network hosts – the IP (or Layer 3) address and the
local (or Data Link Layer) address. The Data Link Layer address is also commonly referred to as
the MAC address. Address resolution, as defined in RFC 826, is the process in which the IOS
determines the Data Link Layer address from the Network Layer (or IP) address.
ARP resolves a known IP address to a MAC address. When a host needs to transfer data across
the network, it needs to know the other host’s MAC address. The host checks its ARP cache and
if the MAC address is not there, it sends out an ARP Broadcast message to find the host,

You can debug ARP with the debug arp command.

An ARP entry is required for communication across the network. You can see that a Broadcast
has taken place if there is no ARP entry. It is also important to understand that ARP tables on
routers and switches are flushed after a certain amount of time (four hours by default) to
conserve resources and prevent inaccurate entries.
On the router below, it has an ARP entry only for its own FastEthernet interface until its
neighbour is pinged, so the first of five ping (ICMP) packets fails, as shown by the period
followed by four exclamation marks:
Router#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 0002.4A4C.6801 ARPA FastEthernet0/0
Router#ping 192.168.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.!!!! ← first packet fails due to ARP request
Success rate is 80 percent(4/5),round-trip min/avg/max = 31/31/31 ms
Router#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 0002.4A4C.6801 ARPA FastEthernet0/0
Internet 192.168.1.2 0 0001.97BC.1601 ARPA FastEthernet0/0
Router#

Proxy ARP

Proxy ARP (see Figure 1.19 below) is defined in RFC 1027. Proxy ARP enables hosts on an
Ethernet network to communicate with hosts on other subnets or networks, even though they
have no knowledge of routing.
If an ARP Broadcast reaches a router, it will not forward it (by default). Routers do not forward
Broadcasts, but if they do know how to find the host (i.e., they have a route to it), they will
send their own MAC address to the host. This process is called proxy ARP and it allows the host
to send the data thinking it is going straight to the remote host. The router swaps the MAC
address and then forwards the packet to the correct next hop.
The ip proxy-arp command is enabled on Cisco routers by default.

Figure 1.19 – Router Uses Proxy ARP to Allow the Hosts to Connect

Expanding upon the previous point, part of the exam requirements is understanding how
addressing changes as packets traverse the network. As the packet traverses the network, there
must be a way for each end device to communicate, but also a way for intermediary devices to
be able to exchange the next-hop address for the packet to traverse. Proxy ARP provides the
answer again. The source and destination IP address never change but in order for the packet
to be passed to a next-hop address, the MAC address (in the frame) changes between devices.
In Figure 1.20 below, the frame will leave HOST A with the source IP address 192.168.1.1, the
destination IP address 172.16.1.2, the source MAC address AAAA:AAAA:AAAA, and the
destination MAC address AAAA: AAAA:BBBB. R1 will retain the IP addresses but change the
source address to AAAA:AAAA:CCCC. By the time the packet leaves R2 for HOST B, the IP
addresses will not have changed but the source MAC address is now AAAA:AAAA:DDDD and the
destination MAC address is AAAA:AAAA:EEEE.
Figure 1.20 – MAC Address Changes as the Packet Traverses Network Devices

Reverse Address Resolution Protocol (RARP)

RARP maps a known MAC address to an IP address. Hosts such as diskless workstations (also
known as thin clients) know their MAC address when they boot. They use RARP to discover
their IP address from a server on the network.

Gratuitous Address Resolution Protocol (GARP)

GARP is a special ARP packet. A normal host will always send out a GARP request after the link
goes up or the interface is enabled. Gratuitous in this case means a request/reply that is not
normally needed according to the ARP RFC specification but could be used in some cases. A
gratuitous ARP request is an ARP request packet where the source MAC, the source IP, and the
destination IP addresses are all set to the IP address of the machine issuing the packet, and the
destination MAC is the Broadcast address FFFF: FFFF: FFFF. Ordinarily, no reply packet will
occur.
A GARP reply is one to which no request has been made (if you see a GARP reply, that means
another computer on the network has the same IP address as you have). GARP is used when a
change of state happens in FHRP protocols (e.g., HSRP; this will be covered later), with the
objective of updating the Layer2 CAM table. We will discuss GARP again in the IPv6 section.
Simple Network Management Protocol (SNMP)
SNMP is used for network management services. An SNMP management system allows network
devices to send messages called traps to a management station. This informs the network
administrator of any faults on the network (such as faulty interfaces), high CPU utilisation on
servers, etc.
You can debug SNMP traffic with the debug snmp command. SNMP uses UDP ports 161 and 162.
Hyper Text Transfer Protocol Secure (HTTPS)
TLS, and the older protocol SSL, is used for secure communication over the Internet, which is
carried out by means of cryptography. You will also find these used for e-mail and Voice over IP
(VoIP), and when surfing sites which begin with the URL https://. HTTP with TLS/SSL (HTTPS)
uses port 443.

IP Configuration Command

This is not actually a Cisco tool but it’s part of your troubleshooting toolkit. The ipconfig
command used at a Windows command prompt allows you to use several switches, but
perhaps the most commonly used command is ipconfig /all, as shown in the screenshot
below:

Figure 1.21 – The ipconfig /all Command Output

Other switches you can use with the ipconfig command are as follows:
/? Display this help message
/all Display full configuration information
/release Release the IP address for the specified adapter
/renew Renew the IP address for the specified adapter
/flushdns Purges the DNS Resolver cache
/registerdns Refreshes all DHCP leases and re-registers DNS names
Cables and

TCP/IP

TCP/IP is a complete suite of protocols and services which enable communication to take place
over networks. Earlier competitors to TCP/IP, such as IPX/SPX, have all but died out due to their
lack of adoption and ongoing development.
TCP/IP is a freely available and free to use set of standards maintained by the Internet
Engineering Task Force (IETF), and it is used for end-to-end device connectivity. It has been
developed and improved upon through submission of Requests for Comments (RFCs), which
are documents submitted by engineers to convey new concepts or for peer review. One
example is Network Address Translation (NAT) discussed in RFC 2663. IETF adopted some of
these RFCs as Internet standards. You can learn more about the IETF and RFCs at the link
below:
www.ietf.org/rfc.html
TCP/IP offers many services but many are outside the scope of the CCNA exam and will not be
covered. I will also omit those covered in other sections, such as DNS and DHCP. The following
sections outline the basics of TCP/IP. Because the CCNA isn’t a basic networking exam, it is
expected that you already have a good grasp of networking concepts such as those learned in
the Network+ exam from CompTIA.

Transmission Control Protocol (TCP)

TCP operates at the Transport Layer of the OSI model. It provides a connection-oriented service
for reliable transfer of data between network devices. TCP also provides flow control,
sequencing, windowing, and error detection. It attaches a 32-bit header to the Application
Layer data, which is in turn encapsulated in an IP header. TCP is described in RFC 793. Common
TCP ports include the following:

1. FTP Data – 20
2.  FTP Control – 21
3.  SSH – 22
4.  Telnet – 23
5.  SMTP – 25
6.  DNS – 53 (also uses UDP)
7.  HTTP – 80
8.  POP3 – 110
9.  NNTP – 119
10.  NTP – 123
11.  TLS/SSL – 443 

Internet Protocol (IP)

IP operates at the Network Layer of the OSI model. It is connectionless and is responsible for
transporting data over the network. IP addressing is a function of Internet Protocol. IP examines
the Network Layer address of every packet and determines the best path for that packet to take
to reach its destination. IP is discussed in detail in RFC 791.

User Datagram Protocol (UDP)

UDP also operates at the Transport Layer of the OSI model. It transports information between
network devices but, unlike TCP, no connection is established first. UDP is connectionless, gives
best-effort delivery, and gives no guarantee that the data will reach its destination. UDP is
much like sending a letter with no return address. You know it was sent, but you never know if
the letter got there.
UDP consumes less bandwidth than TCP does and is suitable for applications in which low
latency is preferred over reliability or guarantees. Both TCP and UDP are carried over IP. UDP is
described in RFC 768. Common UDP port numbers include the following:

1.  DNS – 53
2.  TFTP – 69
3.  SNMP – 161/162

File Transfer Protocol (FTP)

FTP operates at the Application Layer and is responsible for reliably transporting data across a
remote link. Because it has to be reliable, FTP uses TCP for data transfer.
You can debug FTP traffic with the debug ip ftp command.
FTP uses ports 20 and 21. Usually, a first connection is made to the FTP server from the client
on port 21. A second data connection is then made either leaving the FTP server on port 20 or
from a random port on the client to port 20 on the FTP server. You may wish to read more
about active versus passive FTP for your own information, but it is unlikely that this will be
covered in CCNA-level exams.
IN THE REAL WORLD: Having a server on a network containing backup copies of the startup configuration and IOS is a very
good idea indeed.

Trivial File Transfer Protocol (TFTP)

For less reliable transfer of data, TFTP provides a good alternative. TFTP provides a
connectionless transfer by using UDP port 69. TFTP can be difficult to use because you have to
specify exactly the directory in which the file is located.
To use TFTP, you need to have a client (the router, in your case) and a TFTP server, which could
be a router or a PC, or a server on the network (preferably on the same subnet). You need to
have TFTP software on the server so the files can be pulled off it and forwarded on to the
client.
TFTP is used extensively on Cisco routers to back up configurations and upgrade the router. The
following command will carry out these functions:
RouterA#copy tftp flash:
You will be prompted to enter the IP address of the other host in which the new flash file is
located:
Address or name of remote host []? 10.10.10.1
You will then have to enter the name of the flash image on the other router:
Source filename []? / c2500-js-l.121-17.bin
Destination filename [c2500-js-l.121-17.bin]?
If you have an older version of IOS, you may be prompted to erase the flash on your router
before copying, and then the file will be transferred. When the router reloads, your new flash
image should be available for use.
Other optional commands are copy flash tftp if you want to store a backup copy or copy
running config tftp if you want to back up your running configuration file.
You can run a debug on TFTP traffic with the debug tftp command.

Simple Mail Transfer Protocol (SMTP)

Hyper Text Transfer Protocol (HTTP)

HTTP uses TCP (port 80) to send text, graphics, and other multimedia files from a web server to
clients. This protocol allows you to view web pages, and it sits at the Application Layer of the
OSI model. HTTPS is a secure version of HTTP that uses Secure Sockets Layer (SSL) or Transport
Layer Security (TLS) to encrypt the data before it is sent.
You can debug HTTP traffic with the debug ip http command.

Telnet

Telnet uses TCP (port 23) to allow a remote connection to network devices. You will learn more
about Telnet in the labs. Telnet is not secure so many administrators are now using Secure
Shell (SSH), which uses TCP port 22, as an alternative to ensure a secure connection. Telnet is
the only utility that can check all seven layers of the OSI model, so if you Telnet to an address,
then all seven layers are working properly. If you can’t Telnet to another device, it doesn’t
necessarily indicate a network problem. There could be a firewall or an access control list
blocking the connection purposely, or Telnet may not be enabled on the device.
In order to connect remotely to a Cisco router or switch, there must be an authentication
method for VTY lines configured on the router. If you are trying to Telnet to another device but
cannot connect to it, you can enter Ctrl+Shift+6 and then enter X to quit. To quit an active
Telnet session, you can simply type exit or disconnect.
You can debug Telnet with the debug telnet command.

Internet Control Message Protocol (ICMP)

ICMP is a protocol used to report problems or issues with IP packets (or datagrams) on a
network. ICMP is a requirement for any vendor who wishes to use IP on their network. When a
problem is experienced with an IP packet, the IP packet is destroyed and an ICMP message is
generated and sent to the host that originated the packet.
As defined in RFC 792, ICMP delivers messages inside IP packets. The most popular use of ICMP
is to send ping packets to test the network connectivity of remote hosts. A ping command
issued from a network device generates an echo request packet that is sent to the destination
device. Upon receiving the echo request, the destination device generates an echo reply.
Because pings also have a Time to Live (TTL) field, they give a good indication of network
latency (delay). The ping output below is from a desktop PC:
C:\>ping cisco.com
Pinging cisco.com [198.133.219.25] with 32 bytes of data:
Reply from 198.133.219.25: bytes=32 time=460ms TTL=237
Reply from 198.133.219.25: bytes=32 time=160ms TTL=237
Reply from 198.133.219.25: bytes=32 time=160ms TTL=237
Reply from 198.133.219.25: bytes=32 time=180ms TTL=237
Ping statistics for 198.133.219.25:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 160ms, Maximum = 460ms, Average = 240ms
In the output above, the ping packet is 32 bytes long, the Time field reports how many
milliseconds the response took, and the TTL is the Time to Live field (i.e., how many
milliseconds before the packet expires).
The ping command on a Cisco router has a verbose facility that provides more granularity from
which you can specify the source you are pinging, how many pings, and what size you are

This feature is very useful for testing and is used several times in the accompanying lab scenarios, as illustrated in the output below:

Router#ping ← press Enter here
Protocol [ip]:
Target IP address: 172.16.1.5
Repeat count [5]:
Datagram size [100]: 1200
Timeout in seconds [2]:
Extended commands [n]: yes
Source address: ← you can specify a source address or interface here
Type of service [0]:
Set DF bit in IP header? [no]: yes
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Sending 5, 1000-byte ICMP Echos to 131.108.2.27, timeout is 2 seconds:
U U U U U
Success rate is 0% percent, round-trip min/avg/max = 4/6/12 ms
Several notations represent the response the ping packet receives, as follows:

1.  ! – One exclamation mark per response
2.  . – One period for each timeout
3. U – Destination unreachable message
4.  N – Network unreachable message
5.  P – Protocol unreachable message
6.  Q – Source quench message
7.  M – Could not fragment
8.  ? – Unknown packet type

You can terminate a ping session by holding down the Ctrl+Shift+6 keys (all together) and then
the X key (on its own).
ICMP packet types are defined in RFC 1700. Learning all the code numbers and names is outside
the scope of the CCNA syllabus.
Many junior network engineers misuse the ping facility when it comes to troubleshooting. A
failed ping could indicate a network issue or that ICMP traffic is blocked on the network.
Because ping attacks are a common way to attack a network, ICMP is often blocked.
Traceroute
Traceroute is a very widely used facility which can test network connectivity and is a handy tool
for measurement and management. Traceroute follows the destination IP packets by sending
UDP packets with a small maximum TTL field, and then listens for an ICMP time-exceeded
response. As the Traceroute packet progresses, the records are displayed hop by hop. Each hop
is measured three times. An asterisk [*] indicates that a hop has exceeded its time limit.
Cisco routers use the traceroute command, where as
Windows PCs use tracert, as illustrated in
the output below:
C:\Documents and Settings\pc>tracert hello.com
Tracing route to hello.com [63.146.123.17]
over a maximum of 30 hops:
1 81 ms 70 ms 80 ms imsnet-cl10-hg2-berks.ba.net [213.140.212.45]
2 70 ms 80 ms 70 ms 192.168.254.61
3 70 ms 70 ms 80 ms 172.16.93.29
4 60 ms 81 ms 70 ms 213.120.62.177
5 70 ms 70 ms 80 ms core1-pos4-2.berks.ukore.ba.net [65.6.197.133]
6 70 ms 80 ms 80 ms core1-pos13-0.ealng.core.ba.net [65.6.196.245]
7 70 ms 70 ms 80 ms transit2-pos3-0.eang.ore.ba.net [194.72.17.82]
8 70 ms 80 ms 70 ms t2c2-p8-0.uk-eal.eu.ba.net [165.49.168.33]
9 151 ms 150 ms 150 ms t2c2-p5-0.us-ash.ba.net [165.49.164.22]
10 151 ms 150 ms 150 ms dcp-brdr-01.inet.qwest.net [205.171.1.37]
11 140 ms 140 ms 150 ms 205.171.251.25
12 150 ms 160 ms 150 ms dca-core-02.inet.qwest.net [205.171.8.221]
13 190 ms 191 ms 190 ms atl-core-02.inet.qwest.net [205.171.8.153]
14 191 ms 180 ms 200 ms atl-core-01.inet.net [205.171.21.149]
15 220 ms 230 ms 231 ms iah-core-03.inet.net [205.171.8.145]
16 210 ms 211 ms 210 ms iah-core-02.inet.net [205.171.31.41]
17 261 ms 250 ms 261 ms bur-core-01.inet.net [205.171.205.25]
18 230 ms 231 ms 230 ms bur-core-02.inet.net [205.171.13.2]
19 211 ms 220 ms 220 ms buc-cntr-01.inet.net [205.171.13.158]
20 220 ms 221 ms 220 ms msfc-24.buc.qwest.net [66.77.125.66]
21 221 ms 230 ms 220 ms www.hello.com [63.146.123.17]
Trace complete.

The fields in the Traceroute output are as follows:

1.  ... – Timeout
2.  U – Port unreachable message
3.  H – Host unreachable message
4.  P – Protocol unreachable message
5.  N – Network unreachable message
6.  ? – Unknown packet type
7.  Q – Source quench received

Traceroute is a very useful command when you want to troubleshoot network connectivity
issues. Although it is outside the scope of the CCNA syllabus, here is a more detailed
explanation of how it operates.
Traceroute works by sequentially incrementing the TTL field of UDP packets (only used in Cisco
and Linux; Microsoft Windows tracert command uses ICMP echo request datagrams instead of
UDP datagrams as probes) destined for a host and recording the replies received from
intermediate routers.
Every packet has a TTL value associated with it and each time the packet reaches a hop, its TTL
value is decreased by 1. The first packet is sent to the destination with TTL=1, which reaches
Router 1, but because its TTL value has dropped to 0, the router sends an error message (TTL
exceeded in transit). Then a second packet is sent with TTL=2. This reaches Router 2, which also
sends the same error message that Router 1 sent. This is continued until the destination is
reached.
All hops, except for the last one, should return a “TTL exceeded in transit” message, whereas
the last hop should return a “destination unreachable/port unreachable” message, indicating
that it cannot handle the received traffic (UDP Traceroute packets are typically addressed to a
pseudorandom high port on which the end host is not likely to be listening).

Using a layered approach can be very effective when you’re troubleshooting your network. The
only decision from this point onwards is to determine which way you want to use the OSI stack
– top-down, bottom-up, or divide-and-conquer method, which involves focusing on sections of
the network in turn.
I recommend using the bottom-up method at the beginning so you don’t waste time looking at
applications when the cause can often be found at the lower layers, such as loose or broken
cables or incorrect IP addressing. As you gain more experience, using the divide-and-conquer
method will probably be faster, depending on the symptoms. If you start at the bottom layer
and work your way up, you would do something like this:

Layer 1

Are all the cables inserted into the ports correctly, or have they come loose? Are thecable ends bent or worn out? If cables are the problem, you will usually see an amber lightshowing on the device when it should be green. Has somebody forgotten to add the correctspeed to the interface? Has the speed of the Ethernet port been set correctly? Has the interfacebeen opened for use by the network administrator?

Layer 2

 Has the correct protocol been applied to the interface so it agrees with the other side,
such as Ethernet/PPP/HDLC, etc.?

Layer 3 

 Is the interface using the correct IP address and subnet mask?

Layer 4 

 Is the correct routing protocol being used, and is the correct network being advertised
from the router?
You will see how to apply these steps as you complete the labs in this book. Experts may argue
that some Layer 4 issues are at Layer 3, some Layer 2 issues are actually at Layer 1, and so on. I
prefer to focus on the fact that we are applying a layered troubleshooting method rather than
debating about whether the correct issue is at the correct layer.
The TCP/IP, or DoD, Model
The TCP/IP model is another framework and an alternative to the OSI model. The TCP/IP model
is a four or five-layered model created by an association known as DARPA. It is also known as
the Department of Defense (DoD) model. The four layers from the top down are as follows:

4 –Application [Telnet/FTP/DNS/RIP]

Application Data, but not encapsulated yet
Transport TCP header added to the data Segment
Network IP header added (including IP address) Packet
Data Link Data Link header added (Data Link address) Frame
Physical Turned into electrical signals Bits on the wire

Layer # OSI Data

7 Application Application
6 Presentation
5 Session
4 Transport Host to Host
3 Network Internetwork
2 Data Link Network
1 Physical Interface
3 – Transport/Host-to-Host [UDP/TCP/ICMP]
2 – Internet or Internetwork [IPSec/IP]
1 – Link/Network Interface [Frame Relay/Ethernet/ATM]
The TCP/IP model has been updated from four to five layers, so you may be asked questions
about a five-layered TCP model in the exam. The upper layers are closer to the end-user and
the lower layers describe how the technology or protocols interact with other systems. The fivelayered

TCP model is as follows:

5 – Application [Telnet/FTP/DNS/RIP/HTTP]
4 – Transport/Host-to-Host [UDP/TCP/ICMP]
3 – Network [IPSec/IP]
2 – Data Link [Ethernet/Frame Relay/PPP]
1 – Link/Network Interface/Physical [Bits on the wire]
A five-layered TCP model allows for more granularity and it more accurately represents what
actually occurs before data is put onto the wire. For example, at Layer 2 encapsulation of data
occurs and addressing takes place (i.e., Data Link addressing). Cisco seem to prefer the fivelayered
model when it comes to exam questions.
Data is encapsulated as it travels down from the Application Layer to the Physical Layer in
exactly the same way as demonstrated in the OSI model,

For the CCNA exam, you will be expected to understand the OSI model and which applications
and protocols fit in which layer. You may also have to apply your troubleshooting knowledge
using the OSI layered approach. Let’s examine each layer of the OSI, starting with Layer 7.

Layer 7 – Application Layer

This layer is the closest layer to the end-user, you and me. The Application Layer isn’t the
operating system of the devices but usually provides services such as e-mail (SNMP and POP3),
web browsing (using HTTP), and file transfer services (using FTP). The Application Layer
determines resource availability.

Layer 6 – Presentation Layer

The Presentation Layer presents data to the Application Layer. Multimedia works here, so think
MP4, JPEG, GIF, etc. Encryption, decryption, and data compression also take place at this layer.

Layer 5 – Session Layer

The role of the Session Layer is to set up, manage, and terminate sessions or dialogues
between devices. These take place over logical links, and what is really happening is the joining
of two software applications. SQL, RPC, and NFS all work at the Session Layer.

Layer 4 – Transport Layer

The role of the Transport Layer is to break down the data from the higher layers into smaller
parts, which are referred to as segments (at this layer). Virtual circuits are set up here, which
are required before devices can communicate.
Before the data can be passed across the network, the Transport Layer needs to establish how
much data can be sent to the remote device. This will depend upon the speed and reliability of
the link from end to end. If you have a high-speed link but the end-user has a low-speed link,
then the data will need to be sent in smaller chunks.
The three methods used to control data flow are as follows:

• Flow control
• Windowing
• Acknowledgements

Flow Control

If the receiving system is being sent more information than it can process, it will ask the
sending system to stop for a short time. This normally happens when one side uses broadband
and the other uses a dial-up modem. The packet sent telling the other device to stop is known
as a source quench message.

Windowing

Acknowledgements

Layer 3 – Network Layer

Layer 2 – Data Link Layer

Layer 1 – Physical Layer

The OSI Model

Open Standards Interconnection (OSI) was created by the International Organization for
Standardization (ISO). With the technology boom came the rise of several giants in the fields of
networking devices and software, including Cisco, Microsoft, Novell, IBM, HP, Apple, and others.
Each vendor had their own cable types and ports and ran their own communication protocols.
This caused major problems if you wanted to buy routers from one company, switches from
another, and servers from yet another.
There were workarounds for these problems, such as deploying gateways on the network that
could translate between protocols, but such solutions created bottlenecks (i.e., slow portions
of the network) and made troubleshooting very difficult and time-consuming. Eventually,
vendors had to agree on a common standard which worked for everyone, and the free suite of
protocols called Transmission Control Protocol/Internet Protocol (TCP/IP) was ultimately
adopted by most. In the end, those vendors who failed to adopt TCP/IP lost market share and went bust.
The ISO created the OSI model to help vendors agree on a set of common standards with which
they could all work. This involved dividing network functions into a set of logical levels or
layers. Each layer would perform a specific set of functions, so, for example, if your company
wanted to focus on network firewalls, they would work with other vendors’ equipment.
The advantage was that each device was designed to perform a specific role well, rather than
several roles inadequately. Customers could choose the best device for their solution without
being tied to one vendor. Troubleshooting became much easier because certain errors could be
traced to a certain OSI layer.
The OSI model divides all network functions into seven distinct layers. The layered model starts
at Layer 7 and goes all the way down to Layer 1. The more complex functions, which are closer
to the user, are at the top, moving down to network cable specifications at the bottom layer, as
illustrated

Table 1.2 – The OSI Model

Layer # Layer Name
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

You can easily remember the names of the layers with the mnemonic “All People Seem To Need
Data Processing.” I would certainly get used to referring to each layer by its number because
this is how real-world network technicians use the OSI.
As data is passed down from the top layers to the bottom for transportation across the
physical network media, the data is placed into different types of logical data boxes. Although
we often call these data boxes “packets,” they have different names depending upon the OSI
layer. The process of data moving down the OSI model is referred to as encapsulation (see
Figure 1.13). Moving back up and having these boxes stripped of their data is called deencapsulation.

Mesh

When downtime is not an option, a mesh topology can be considered. Full-mesh networks
provide a connection to each device from every other device. This solution is often used with
WAN connections.

Hub-and-Spoke

Physical versus Logical

Topology refers to how network equipment is arranged in order to communicate. How this is
done could be limited by the communication protocols the equipment uses, cost, geography, or
other factors, such as the need for redundancy should the main link fail.
You should also note that there is often a difference between physical and logical topology.
Physical topology is how the network appears when you look at it, whereas logical topology is
how the network sees itself. The most common topologies are described in the following
sections.

Point-to-Point

This topology is used mainly for WAN links. A point-to-point link is simply one in which one
device has one connection to another device. You could add a secondary link connecting each
device but if the device itself fails, then you lose all connectivity.

 

Bus

Star

Ring