Visit https://ebookultra.

com to download the full version and

explore more ebooks

Practical guide to advanced networking 3rd ed

Edition Beasley

_____ Click the link below to download _____

https://ebookultra.com/download/practical-guide-to-
advanced-networking-3rd-ed-edition-beasley/

Explore and download more ebooks at ebookultra.com

Here are some suggested products you might be interested in.
Click the link to download

Guide to Networking Essentials 7th Edition Greg Tomsho

https://ebookultra.com/download/guide-to-networking-essentials-7th-
edition-greg-tomsho/

Advanced Practical Organic Chemistry 2 ed reprint 1995 2nd

ed Edition Leonard John

https://ebookultra.com/download/advanced-practical-organic-
chemistry-2-ed-reprint-1995-2nd-ed-edition-leonard-john/

Bullying A Practical Guide to Coping for Schools 3rd

Edition Michele Elliott

https://ebookultra.com/download/bullying-a-practical-guide-to-coping-
for-schools-3rd-edition-michele-elliott/

A Practical Guide to Clinical Virology 2nd ed Edition L.

R. Haaheim

https://ebookultra.com/download/a-practical-guide-to-clinical-
virology-2nd-ed-edition-l-r-haaheim/
A Practical Guide to TPM 2 0 1st ed. Edition Will Arthur

https://ebookultra.com/download/a-practical-guide-to-tpm-2-0-1st-ed-
edition-will-arthur/

Teacher s guide for discovering the world through debate a

practical guide to educational debate for debaters coaches
and judges 3rd ed Edition Claxton
https://ebookultra.com/download/teacher-s-guide-for-discovering-the-
world-through-debate-a-practical-guide-to-educational-debate-for-
debaters-coaches-and-judges-3rd-ed-edition-claxton/

The busy coder s guide to advanced Android development 1st

ed Edition Mark L Murphy

https://ebookultra.com/download/the-busy-coder-s-guide-to-advanced-
android-development-1st-ed-edition-mark-l-murphy/

The complete idiot s guide to running 3rd ed Edition

Rodgers

https://ebookultra.com/download/the-complete-idiot-s-guide-to-
running-3rd-ed-edition-rodgers/

Networking with Microsoft Windows Vista Your Guide to Easy

and Secure Windows Vista Networking 1st Edition Paul
Mcfedries
https://ebookultra.com/download/networking-with-microsoft-windows-
vista-your-guide-to-easy-and-secure-windows-vista-networking-1st-
edition-paul-mcfedries/
Practical guide to advanced networking 3rd ed Edition
Beasley Digital Instant Download
Author(s): Beasley, Jeffrey S.;Nilkaew, Piyasat
ISBN(s): 9780789749048, 0789749041
Edition: 3rd ed
File Details: PDF, 27.09 MB
Year: 2013
Language: english
A PRACTICAL GUIDE TO
ADVANCED NETWORKING

JEFFREY S. BEASLEY AND PIYASAT NILKAEW

Pearson
800 East 96th Street
Indianapolis, Indiana 46240 USA
A PRACTICAL GUIDE TO ADVANCED NETWORKING ASSOCIATE PUBLISHER
Dave Dusthimer

Copyright © 2013 by Pearson Education, Inc. EXECUTIVE EDITOR

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, Brett Bartow
or transmitted by any means, electronic, mechanical, photocopying, recording, or other-
wise, without written permission from the publisher. No patent liability is assumed with SENIOR DEVELOPMENT EDITOR
respect to the use of the information contained herein. Although every precaution has been Christopher Cleveland
taken in the preparation of this book, the publisher and author assume no responsibility for
errors or omissions. Nor is any liability assumed for damages resulting from the use of the MANAGING EDITOR
information contained herein. Sandra Schroeder
ISBN-13: 978-0-7897-4904-8
PROJECT EDITOR
ISBN-10: 0-7897-4904-1
Mandie Frank
The Library of Congress Cataloging-in-Publication Data is on file.
COPY EDITOR
Printed in the United States of America
Sheri Cain
First Printing: November 2012
INDEXER
Trademarks Ken Johnson
All terms mentioned in this book that are known to be trademarks or service marks have
PROOFREADERS
been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of
Leslie Joseph
this information. Use of a term in this book should not be regarded as affecting the validity
Dan Knott
of any trademark or service mark.
TECHNICAL EDITORS
Warning and Disclaimer Iantha Finley Malbon
Every effort has been made to make this book as complete and as accurate as possible, but Wayne Randall
no warranty or fitness is implied. The information provided is on an “as is” basis. The au-
thors and the publisher shall have neither liability nor responsibility to any person or entity PUBLISHING COORDINATOR
with respect to any loss or damages arising from the information contained in this book or Vanessa Evans
from the use of the CD or programs accompanying it.
INTERIOR DESIGNER
Bulk Sales Gary Adair
Pearson IT Certification offers excellent discounts on this book when ordered in quantity
for bulk purchases or special sales. For more information, please contact COVER DESIGNER
Chuti Prasertsith
U.S. Corporate and Government Sales
1-800-382-3419 COMPOSITOR
corpsales@pearsontechgroup.com Bronkella Publishing
For sales outside of the U.S., please contact
International Sales
international@pearsoned.com

ii
CONTENTS AT A GLANCE
Introduction xvi
1 Network Infrastructure Design 2
2 Advanced Router Configuration I 52
3 Advanced Router Configuration II 98
4 Configuring Juniper Routers 158
5 Configuring and Managing the Network Infrastructure 188
6 Analyzing Network Data Traffic 226
7 Network Security 266
8 IPv6 306
9 Linux Networking 336
10 Internet Routing 396
11 Voice over IP 428
Glossary 456
Index 472

iii
TABLE OF CONTENTS
Introduction xvi

CHAPTER 1 Network Infrastructure Design 2

Chapter Outline 3
Objectives 3
Key Terms 3
INTRODUCTION 4
1-1 PHYSICAL NETWORK DESIGN 4
Core 5
Distribution Layer 5
Access Layer 6
Data Flow 6
Selecting the Media 6
1-2 IP SUBNET DESIGN 7
IP Address Range 8
Determining the Number of Subnetworks Needed for the Network 9
Determining the Size or the Number of IP Host Addresses Needed for the Network 11
IP Assignment 15
1-3 VLAN NETWORK 16
Virtual LAN (VLAN) 17
VLAN Configuration 18
VLAN Tagging 23
802.1Q Configuration 25
Networking Challenge: Static VLAN Configuration 26
Configuring the HP Procurve Switch 27
1-4 ROUTED NETWORK 28
Router 29
Gateway Address 30
Network Segments 31
Multilayer Switch 32
Layer 3 Routed Networks 33
Routed Port Configuration 33
InterVLAN Routing Configuration 35
Serial and ATM Port Configuration 37
Summary 44
Questions and Problems 46

iv CONTENTS
CHAPTER 2 Advanced Router Configuration I 52
Chapter Outline 53
Objectives 53
Key Terms 53
Introduction 54
2-1 CONFIGURING STATIC ROUTING 54
Gateway of Last Resort 61
Configuring Static Routes 61
Load Balancing and Redundancy 68
Networking Challenge—Static Routes 70
2-2 DYNAMIC ROUTING PROTOCOLS 70
Distance Vector Protocols 73
Link State Protocols 74
2-3 CONFIGURING RIPv2 75
Configuring Routes with RIP 77
Configuring Routes with RIP Version 2 82
Networking Challenge—RIP 84
2-4 TFTP—Trivial File Transfer Protocol 85
Configuring TFTP 85
Summary 89
Questions and Problems 89

CHAPTER 3 Advanced Router Configuration II 98

Chapter Outline 99
Objectives 99
Key Terms 99
INTRODUCTION 101
3-1 CONFIGURING LINK STATE PROTOCOLS—OSPF 101
Link State Protocols 102
Configuring Routes with OSPF 103
Load Balancing and Redundancy with OSPF 109
Networking Challenge—OSPF 111
3-2 CONFIGURING LINK STATE PROTOCOLS—IS-IS 112
Configuring Routes with IS-IS 113
Load Balancing and Redundancy with IS-IS 117
Networking Challenge: IS-IS 118

CONTENTS v
 3-3 CONFIGURING HYBRID ROUTING PROTOCOLS—EIGRP 119
Configuring Routes with EIGRP 120
Load Balancing and Redundancy 125
Networking Challenge: EIGRP 128
3-4 ADVANCED ROUTING REDISTRIBUTION 129
Route Redistribution into RIP 130
Route Redistribution into OSPF 134
Route Redistribution into EIGRP 137
Route Redistribution into IS-IS 141
3-5 ANALYZING OSPF “HELLO” PACKETS 143
Summary 147
Questions and Problems 147

CHAPTER 4 Configuring Juniper Routers 158

Chapter Outline 159
Objectives 159
Key Terms 159
INTRODUCTION 160
4-1 OPERATIONAL MODE 160
4-2 ROUTER CONFIGURATION MODE 166
Displaying the Router Interfaces 166
Hostname Configuration 167
Assigning an IP Address to an Interface 168
4-3 CONFIGURING ROUTES ON JUNIPER ROUTERS 169
Configure STATIC Routes on Juniper Routers 169
Configure RIP on Juniper Routers 171
Configure OSPF on Juniper Routers 173
Configure IS-IS on Juniper Routers 175
4-4 CONFIGURING ROUTE REDISTRIBUTION ON JUNIPER ROUTERS 178
Summary 182
Questions and Problems 182

vi CONTENTS
CHAPTER 5 CONFIGURING AND MANAGING THE NETWORK
INFRASTRUCTURE 188
Chapter Outline 189
Objectives 189
Key Terms 189
Introduction 190
5-1 DOMAIN NAME AND IP ASSIGNMENT 190
5-2 IP MANAGEMENT WITH DHCP 195
DHCP Data Packets 197
DHCP Deployment 201
5-3 SCALING THE NETWORK WITH NAT AND PAT 204
Configuring NAT 205
5-4 DOMAIN NAME SERVICE (DNS) 209
DNS Tree Hierarchy 210
DNS Resource Records 214
Summary 220
Questions and Problems 220

CHAPTER 6 Analyzing Network Data Traffic 226

Chapter Outline 227
Objectives 227
Key Terms 227
INTRODUCTION 228
6-1 PROTOCOL ANALYSIS/FORENSICS 228
Basic TCP/UDP Forensics 234
ARP and ICMP 236
6-2 WIRESHARK PROTOCOL ANALYZER 239
Using Wireshark to Capture Packets 243
6-3 ANALYZING NETWORK DATA TRAFFIC 244
Configuring SNMP 244
NetFlow 250
6-4 FILTERING 251
FTP Filtering 256
Right-Click Filtering Logic Rules 258
Filtering DHCP 260
Summary 262
Questions and Problems 262

CONTENTS vii
CHAPTER 7 Network Security 266
Chapter Outline 267
Objectives 267
Key Terms 267
INTRODUCTION 268
7-1 DENIAL OF SERVICE 268
Distributed Denial of Service Attacks (DDoS) 270
7-2 FIREWALLS AND ACCESS LISTS 270
Network Attack Prevention 272
Access Lists 272
7-3 Router Security 279
Router Access 280
Router Services 282
Router Logging and Access-List 283
7-4 Switch Security 285
Switch Port Security 286
Switch Special Features 288
7-5 Wireless Security 289
7-6 VPN Security 292
VPN Tunneling Protocols 293
Configuring a VPN Virtual Interface (Router to Router) 294
Troubleshooting the VPN Tunnel Link 299
Summary 302
Questions and Problems 302

CHAPTER 8 IPv6 306

Chapter Outline 307
Objectives 307
Key Terms 307
Introduction 308
8-1 Comparison of IPv6 and IPv4 308
8-2 IPV6 ADDRESSING 311
8-3 IPv6 Network Settings 315
8-4 Configuring a Router for IPv6 320
8-5 IPv6 Routing 324
IPv6: Static 324
IPv6: RIP 324
IPv6: OSPF 325

viii CONTENTS
 IPv6: EIGRP 325
IPv6: IS-IS 326
8-6 Troubleshooting IPv6 Connection 327
Summary 329
Questions and Problems 329

CHAPTER 9 Linux Networking 336

Chapter Outline 337
Objectives 337
Key Terms 337
INTRODUCTION 338
9-1 LOGGING ON TO LINUX 339
Adding a User Account 340
9-2 LINUX FILE STRUCTURE AND FILE COMMANDS 344
Listing Files 344
Displaying File Contents 346
Directory Operations 348
File Operations 351
Permissions and Ownership 353
9-3 LINUX ADMINISTRATION COMMANDS 357
The man (manual) Command 358
The ps (processes) Command 359
The su (substitute user) Command 362
The mount Command 362
The shutdown Command 364
Linux Tips 364
9-4 ADDING APPLICATIONS TO LINUX 365
9-5 LINUX NETWORKING 371
Installing SSH 375
The FTP Client 376
DNS Service on Linux 376
Changing the Hostname 377
9-6 TROUBLESHOOTING SYSTEM AND NETWORK PROBLEMS WITH LINUX 378
Troubleshooting Boot Processes 378
Listing Users on the System 380
Network Security 382
Enabling and Disabling Boot Services 382

CONTENTS ix
 9-7 MANAGING THE LINUX SYSTEM 385
Summary 390
Questions and Problems 391

CHAPTER 10 Internet Routing 396

Chapter Outline 397
Objectives 397
Key Terms 397
INTRODUCTION 398
10-1 INTERNET ROUTING—BGP 398
Configuring a WAN Connection 398
Configuring an Internet Connection 400
10-2 CONFIGURING BGP 401
Configuring BGP 401
Networking Challenge: BGP 409
10-3 BGP BEST PATH SELECTION 410
10-4 IPv6 OVER THE INTERNET 412
10-5 CONFIGURE BGP ON JUNIPER ROUTERS 415
Summary 421
Questions and Problems 421

CHAPTER 11 Voice over IP 428

Chapter Outline 429
Objectives 429
Key Terms 429
INTRODUCTION 430
11-1 THE BASICS OF VOICE OVER IP 430
11-2 VOICE OVER IP NETWORKS 433
Replacing an Existing PBX Tie Line 433
Upgrading Existing PBXs to Support IP Telephony 435
Switching to a Complete IP Telephony Solution 436
11-3 QUALITY OF SERVICE 438
Jitter 438
Network Latency 439
Queuing 439
QOS Configuration Example 440

x CONTENTS
11-4 ANALYZING VoIP DATA PACKETS 442
Analyzing VoIP Telephone Call Data Packets 446
11-5 VoIP SECURITY 449
Summary 452
Questions and Problems 452

Key Terms Glossary 456

Index 472

CONTENTS xi
ABOUT THE AUTHORS
Jeffrey S. Beasley is with the Department of Engineering Technology and Surveying Engineering at New
Mexico State University. He has been teaching with the department since 1988 and is the co-author of Modern
Electronic Communication and Electronic Devices and Circuits, and the author of Networking.
Piyasat Nilkaew is a network engineer with 15 years of experience in network management and consulting,
and has extensive expertise in deploying and integrating multiprotocol and multivendor data, voice, and video
network solutions on limited budgets.

xii
DEDICATIONS
This book is dedicated to my family, Kim, Damon, and Dana. —Jeff Beasley

This book is dedicated to Jeff Harris and Norma Grijalva. Not only have you given me my networking career, but
you are also my mentors. You inspire me to think outside the box and motivate me to continue improving my
skills. Thank you for giving me the opportunity of a lifetime. I am very grateful. —Piyasat Nilkaew

ACKNOWLEDGMENTS
I am grateful to the many people who have helped with this text. My sincere thanks go to the following technical
consultants:
• Danny Bosch and Matthew Peralta for sharing their expertise with optical networks and unshielded twisted-
pair cabling, and Don Yates for his help with the initial Net-Challenge Software.
• Abel Sanchez, for his review of the Linux Networking chapter.
I also want to thank my many past and present students for their help with this book:
• David Potts, Jonathan Trejo, and Nate Murillo for their work on the Net-Challenge Software. Josiah Jones,
Raul Marquez Jr., Brandon Wise, and Chris Lascano for their help with the Wireshark material. Also,
thanks to Wayne Randall and Iantha Finley Malbon for the chapter reviews.

Your efforts are greatly appreciated.

I appreciate the excellent feedback of the following reviewers: Phillip Davis, DelMar College, TX; Thomas D.
Edwards, Carteret Community College, NC; William Hessmiller, Editors & Training Associates; Bill Liu, DeVry
University, CA; and Timothy Staley, DeVry University, TX.
My thanks to the people at Pearson for making this project possible: Dave Dusthimer, for providing me with the
opportunity to work on this book, and Vanessa Evans, for helping make this process enjoyable. Thanks to Brett
Bartow, Christopher Cleveland, and all the people at Pearson, and to the many technical editors for their help with
editing the manuscript.
Special thanks to our families for their continued support and patience.
—Jeffrey S. Beasley and Piyasat Nilkaew

xiii
ABOUT THE TECHNICAL REVIEWERS
Wayne Randall started working in the Information Technology field in 1994 at Franklin Pierce College (now
Franklin Pierce University) in Rindge, NH, before becoming a Microsoft Certified Trainer and a consultant at
Enterprise Training and Consulting in Nashua, NH.
Wayne acquired his first certification in Windows NT 3.51 in 1994, became an MCSE in NT 4.0 in 1996, was a
Certified Enterasys Network Switching Engineer in 2000, and then worked as a networking and systems consul-
tant from 2001 to 2006 before becoming a director of IT for a privately held company. Wayne currently works for
Bodycote, PLC, as a network engineer/solutions architect. Bodycote has 170 locations across 27 countries with
43 locations in North America. Wayne has taught for Lincoln Education since 2001 and developed curricula for it
since 2011. Mr. Randall holds a BA in American Studies from Franklin Pierce University.
Iantha Finley Malbon’s teaching career has spanned 20 years from middle school to collegiate settings and
is currently a CIS professor at Virginia Union University. She is also an adjunct professor at ECPI University,
having previously served as CIS Department Chair, teaching Cisco routing, networking, and Information Tech-
nology courses. She implemented the Cisco Academy for Hanover Schools and was the CCAI for the Academy.
She earned her master’s degree in Information Systems from Virginia Commonwealth University and bachelor’s
degree in Technology Education from Virginia Tech. She holds numerous certifications including CCNA,
Network+, A+, and Fiber Optic Technician.

xiv
WE WANT TO HEAR FROM YOU!
As the reader of this book, you are our most important critic and commentator. We value your opinion and want
to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other
words of wisdom you’re willing to pass our way.
As the associate publisher for Pearson IT Certification, I welcome your comments. You can email or write me
directly to let me know what you did or didn’t like about this book—as well as what we can do to make our
books better.
Please note that I cannot help you with technical problems related to the topic of this book. We do have a User
Services group, however, where I will forward specific technical questions related to the book.
When you write, please be sure to include this book’s title and author as well as your name, email address, and
phone number. I will carefully review your comments and share them with the author and editors who worked on
the book.
Email: feedback@pearsonitcertification.com
Mail: Dave Dusthimer
Associate Publisher
Pearson IT Certification
800 East 96th Street
Indianapolis, IN 46240 USA

READER SERVICES
Visit our website and register this book at www.pearsonitcertification.com/register for convenient access to any
updates, downloads, or errata that might be available for this book.

xv
INTRODUCTION
This book looks at advanced computer networking. It first guides readers through network infrastructure design.
The readers are then introduced to configuring static, RIPv2, OSPF, ISIS, EIGRP routing protocols, techniques
for configuring Juniper router, managing the network infrastructure, analyzing network data traffic using
Wireshark, network security, IPv6, Linux networking, Internet routing, and Voice over IP. After covering the
entire text, readers will have gained a solid knowledge base in advanced computer networks.
In my years of teaching, I have observed that technology students prefer to learn “how to swim” after they have
gotten wet and taken in a little water. Then, they are ready for more challenges. Show the students the technology,
how it is used, and why, and they will take the applications of the technology to the next level. Allowing them to
experiment with the technology helps them to develop a greater understanding. This book does just that.

ORGANIZATION OF THE TEXT

This textbook is adapted from the second edition of Networking. This third volume has been revised and reorga-
nized around the needs of advanced networking students. This book assumes that the students have been intro-
duced to the basics of computer networking. Throughout the text, the students are introduced to more advanced
computer networking concepts. This involves network infrastructure design, advanced router configuration, net-
work security, analyzing data traffic, Internet routing, and Voice over IP.

xvi
Key Pedagogical Features
• Chapter Outline, Key Terms, and Introduction at the beginning of each chapter clearly outline specific goals
for the reader. An example of these features is shown in Figure P-1.

Introduction: Chapter openers

Chapter Outline Chapter Objectives clearly outline specific goals

Chapter Outline INTRODUCTION

Introduction 4-4 Configuring Route Redistribution on
Juniper Routers JUNOS This chapter examines the steps for basic configuration of a Juniper router.
4-1 Operational Mode
The operating system There are distinct differences between the Juniper router configurations com-
4-2 Router Configuration Mode Summary
used by Juniper routers. pared to Cisco IOS; however, many of the steps and prompts are similar to
4-3 Configuring Routes on Juniper Routers Questions and Problems
Cisco router configuration, as you’ll learn. The operating system (OS) used by
Juniper routers is called JUNOS. The JUNOS software has two different com-
Objectives mand modes:

• Understand and identify the difference be- • Understand the steps for configuring the rout- • Operational mode
tween the operational and configuration er’s interface • Configuration mode
modes • Explain how to configure static, RIP, OSPF,
• Understand the basic steps for working in the and IS-IS routing
operational mode • Understand the steps for route redistribution The basic commands used in the operational mode of the JUNOS command-line
interface (CLI) are presented in Section 4-1. In this chapter, you learn about the
{master} prompt and the >, indicating you are now in the operational mode. You
Key Terms also learn about the re0 { and re1 { .. notations that are used to identify the system
configuration for the routing engines 0 and 1. In Section 4-2, the steps for config-
JUNOS Internal Ethernet interface area interface interface uring the router interface are examined. In addition, the commands for displaying
{master} transient interfaces hello-interval seconds the router interface, configuring the hostname, and assigning an IP address to an
re0 { and re1 { .. Inet dead-interval seconds interface are examined. Section 4-3 introduces route configuration featuring static,
Out of Band Management preferred set metric value RIP, OSPF, and IS-IS. Section 4-4 examines route redistribution. Juniper takes a
PIC edit routing-options set protocols isis inter- different approach when it comes to route redistribution. In the JUNOS software,
static face interface there is no redistribute command. Unlike Cisco where a route distribution is done in
multi-services card
edit protocols rip show isis adjancency a routing process, Juniper uses its routing policy to inject routing protocols.
t3/ds3 card
show rip neighbor edit policy-options
at
commit set policy-statement
oc-3
oc-12 commit and- quit top 4-1 OPERATIONAL MODE
show route export
permanent interfaces The operational mode is the first mode encountered after logging in to the Juniper
Management Ethernet show route protocol rip router. This mode allows for the following:
Interface set protocols ospf area
1. Monitoring network connectivity (for example, using the ping command)
2. Troubleshooting the router interface and network connections
3. Entry point for router configuration

The following examples demonstrate the basic commands used in the operational
mode of the JUNOS command-line interface (CLI). The connection to the Juni-
per router demonstrated in this section is being made via an SSH session (secure
telnet); however, a console serial connection can also be made directly with the
Juniper router, and this connection is used to make the initial router interface con-
figurations.

159 160 CHAPTER 4: CONFIGURING JUNIPER ROUTERS

Key Terms for this Chapter

FIGURE P-1

xvii
 • Net-Challenge Software provides a simulated, hands-on experience in configuring routers and switches.
Exercises provided in the text (see Figure P-2) and on the CD challenge readers to undertake certain router/
network configuration tasks. The challenges check the students’ ability to enter basic networking commands
and set up router function, such as configuring the interface (Ethernet and Serial) and routing protocols (that
is, static, RIPv2, OSPF, ISIS, EIGRP, BGP, and VLANs). The software has the look and feel of actually being
connected to the router’s and switch console port.

Net-Challenge exercises are found Exercises challenge readers

throughout the text where applicable to undertake certain tasks

Networking Challenge—OSPF
Use the Net-Challenge Simulator Software included with the text’s companion CD-ROM to demon-
strate that you can configure OSPF for Router A in the campus LAN (the campus LAN is shown in
Figure 3-2 and is displayed by clicking the View Topology button when the software is started). Place
the Net-Challenge CD-ROM in your computer’s drive. Open the Net-Challenge folder and click
NetChallenge V3-2.exe. When the software is running, click the Select Router Challenge button to
open a Select Router Challenge drop-down menu. Select Chapter 3—OSPF. This opens a checkbox
that can be used to verify that you have completed all the tasks:
1. Enter the privileged EXEC mode on the router.
2. Enter the router’s terminal configuration mode: Router(config).
3. Set the hostname to Router A.
4. Configure the FastEthernet0/0 interface with the following:
IP address: 10.10.20.250
Subnet mask: 255.255.255.0
5. Enable the FA0/0 interface.
6. Configure the FastEthernet0/1 interface with the following:
IP address: 10.10.200.1
Subnet mask: 255.255.255.0
7. Enable the FA0/1 interface.
8. Configure the FastEthernet0/2 interface with the following:
IP address: 10.10.100.1
Subnet mask: 255.255.255.0

FIGURE P-2

xviii
 • The textbook features and introduces how to use the Wireshark Network Protocol Analyzer. Examples of us-
ing the software to analyze data traffic are included throughout the text, as shown in Figure P-3.

Examples using the Wireshark

protocol analyzer are included
throughout the text where applicable

FTP Filtering
The following example demonstrates the process by which Wireshark filtering can
be used to isolate File Transfer Protocol (FTP) out of a large list of packets. This
can be useful for several reasons. You can use filtering rules to help us find user-
names and passwords being used to connect to the FTP servers as well as get an
idea of the kind of data that is being transferred.
Start this exercise by opening the capture file 5-A.cap in Wireshark. This is not a
huge file, but it’s a little difficult to sort through all of it just by looking. Click
Expression and scroll down until you reach FTP—File Transfer Protocol (FTP).
Click OK and the Filter for FTP is now displayed, as shown in Figure 6-30.

FIGURE 6-30 Adding the FTP filter

Click Apply, and the packet list is thinned out to 15 total packets relating to the
FTP protocol, as shown in Figure 6-31. From this, we are able to view the username
and password used to establish the FTP connection. In this case, the username and
passwords are listed in plaintext, as well as the file that was accessed. Most times, a
secure version of FTP (SFTP) will be used and this information will be encrypted.
This same rule can also be applied by using the right-click method as previously
shown.
Find a packet that is using the FTP protocol (for example, packet 44). Navigate to
the datagram field and select the FTP row. Right click -> Apply as Filter -> Se-
lected. This will generate the same results provided in Figure 6-32 that are used for
the FTP filter.

256 CHAPTER 6: ANALYZING NETWORK DATA TRAFFIC

FIGURE P-3

xix
 • Numerous worked-out examples are included in every chapter to reinforce key concepts and aid in subject
mastery, as shown in Figure P-4.

Configuring, analyzing, and Screen captures and network

troubleshooting sections guide topologies guide students
readers through advanced through different hands-on
techniques in networking activities

10.10.200.0 NET

LAN A LAN B

10.10.20.0 NET 10.10.10.0 NET

(a)

192.168.10.0 NET

LAN A LAN B
must be a
“10” network
10.10.20.0 NET 10.10.10.0 NET
(b)

FIGURE 2-11 An example of (a) a contiguous network and (b) a discontiguous network

FIGURE 11-15 The exchange of voice packets (code 41) between the two IP phones

Configuring Routes with RIP

Analyzing VoIP Telephone Call Data Packets
The first step in configuring the router for RIP is to set up the interfaces. This
This section examines the data packets that are being exchanged in a VoIP telephone
includes assigning an IP address and a subnet mask to the interface using the com-
call. The test setup for the VoIP telephone call is shown in Figure 11-16. This picture
mand ip address A.B.C.D. subnet-mask. Next, the interface is enabled using the
shows that the network consists of two VoIP telephones, two call processors, and two
no shut command. The following are the steps for configuring the FastEthernet0/1
routers. The data packets were captured using a network protocol analyzer. The com-
interface on Router A in the campus network shown previously in Figure 2-10:
puter running the protocol analyzer and the two call processors were connected to a
Router con0 is now available networking hub so that each share the Ethernet data link. This was done so that all the
Press RETURN to get started. VoIP data packets being exchanged between the telephones, the call processors, and
RouterA>en the routers could be captured at the same time with one protocol analyzer.
Password:
RouterA# conf t LAN A LAN B
192.168.10.0 169.169.3.0
Enter configuration commands, one per line. End with CNTL/Z. 192.168.10.1
Router(config)#int fa0/1
Router(config-if)#ip address 10.10.200.1 255.255.255.0
Router(config-if)#no shut FA0/0 FA0/0
Call Processor Call Processor
00:59:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface 00:e0:bb:1c:27:c9 00:0F0:8F:5D:87:40
FastEthernet1, changed state to up

VoIP VoIP
Next, enter the router’s configuration mode [Router(config)#] and input the com- Phone Phone
Hub
mand router rip to use the RIP routing protocol. The next step is to specify the Phone (# 1006) Phone (# 2010)
network that uses RIP for routing. These two steps are shown here: 00:e0:bb:1c:07:0a
Dial 62 – for accessing
00:e0:bb:1c:06:87

Router(config)#router rip an outside line

Router(config-router)#network 10.0.0.0

192.168.10.5
Protocol Analyzer

FIGURE 11-16 The test setup for the VoIP telephone call

2-3: CONFIGURING RIPV2 77 446 CHAPTER 11: VOICE OVER IP

FIGURE P-4

xx
 • Key Terms and their definitions are highlighted in the margins to foster inquisitiveness and ensure retention.
This is illustrated in Figure P-5.

Key terms are

highlighted in the
text and defined
Link State Protocols
in the margin Link State Protocol
Link state protocols establish a relationship with a neighboring router. The rout-
ers exchange LSAs to update neighbors regarding route status. The LSAs are sent
Establishes a relationship only if there is a change or loss in the network routes and the link state protocols
with a neighboring
converge to route selection quickly. This is a distinct advantage over distance vec-
router and uses route
tor protocols that exchange updated routing tables at fixed time intervals and are
advertisements to build
routing tables. slow to converge. In fact, link state routing protocols are replacing distance vector
protocols in most modern networks. Link state protocols are also called shortest-
path first protocols, based on the algorithm developed by E. W. Dijkstra. Link state
protocols use “Hello” packets to verify that communication is still established with
neighbor routers. The key issues of link state protocols are summarized as follows:
• Finds neighbors/adjacencies
• Uses route advertisements to build routing table
• Sends “Hello” packets
• Sends updates when routing changes

OSPF sends small “Hello” packets at regular time intervals to adjacent routers to
Hello Packets
verify that the link between two routers is active and the routers are communicat-
Used in the OSPF ing. If a router fails to respond to a Hello it is assumed that the link or possibly the
protocol to verify
router is down. The OSPF Hello packet captured with a network protocol analyzer
that the links are still
communicating.
is discussed in Section 3-5.

Areas OSPF uses the concept of areas to partition a large network into smaller networks.
The partition of a large
The advantage of this is that the routers have to calculate routes only for their area.
OSPF network into If a route goes down in a given area, only the routers in that area have to calculate
smaller OSPF networks. new routes. Any number between 0 and 4,294,967,295 (232 – 1) can be used; how-
ever, area 0 is reserved for the root area, which is the backbone for the network.
Backbone The backbone is the primary path for data traffic to and from destinations and
The primary path for sources in the campus network. All areas must connect to area 0, and area 0 cannot
data traffic to and from be split. The area numbers can also be expressed in IP notation—for example, area
destinations and sources
0 could be 0.0.0.0—or you can specify an area as 192.168.25.0 or in subnet nota-
in the campus network.
tion. Hence, the need for the large upper-area number (232 – 1) = 255.255.255.255
when converted to a decimal number.
OSPF allows the use of variable length subnet masks (VLSM), which enable dif-
Variable Length ferent size subnets in the network to better meet the needs of the network and more
Subnet Masks (VLSM) efficiently use the network’s limited IP address space. For example, point-to-point
Enables the use of inter-router links don’t need a large block of addresses assigned to them. Figure 3-1
subnet masks to better
illustrates an example of an inter-router link.
fit the needs of the
network, thereby
minimizing the waste FA0/0 FA0/1
of IP addresses when 10.10.250.1 10.10.250.2
interconnecting subnets.
10.10.250.0 Network address
10.10.250.3 Broadcast address
10.10.25.0 Subnet

FIGURE 3-1 An inter-router link subnetted to provide for two host IP addresses, a network
address, and a broadcast address

102 CHAPTER 3: ADVANCED ROUTER CONFIGURATION II

FIGURE P-5

xxi
 • Extensive Summaries, Questions, and Problems, as well as Critical Thinking Questions, are found at the end
of each chapter, as shown in Figure P-6.

Summary of Questions and problems Critical Thinking questions and problems

key concepts are organized by section further develop analytical skills

SUMMARY 62. OSPF multicasts are sent out as what class of address?
a. Class A
This chapter presented examples of configuring routing protocols. The network
challenge exercises provided the opportunity for the student to test her or his con- b. Class B
figuration skill prior to actually configuring a real router. The student should be c. Class C
able to configure and verify operation of the following protocols:
d. Class D
Static
RIP/RIPv2 e. Class E
OSPF 63. OSPF Hello packets are sent out every
ISIS a. 30 seconds
EIGRP
b. 90 seconds
Additionally, this chapter examined the steps for route redistribution. The last sec- c. 10 seconds
tion examined the OSPF Hello packets.
d. None of these answers are correct
64. The Router ID (RID) in OSPF Hello packets is chosen from
QUESTIONS AND PROBLEMS a. Loopback addresses
b. OSPF 16P_Router
Section 3-1
c. Highest IP address on an interface
1. OSPF is (select all that apply)
d. a and c
a. Open Shortest Path First routing protocol
e. b and c
b. An open protocol
c. Developed specifically for TCP/IP networks Critical Thinking
d. Developed specifically for IPX networks 65. You are configuring a router connection to a remote network. What protocol
would you select if there is only one network route to the remote network?
e. A distance vector protocol Explain why you selected the protocol.
f. A dynamic routing protocol 66. You are configuring the routing protocols for a small network. What routing
g. A link state protocol protocol would you select and why?
h. A high consumer of bandwidth 67. Router A and Router B are connected and both are running OSPF protocol. The
following is a sample configuration from Router A:
2. In OSPF, route updates are sent in the form of
interface FastEthernet0/0
a. Link state advertisements ip address 10.10.3.1 255.255.255.252
duplex auto
b. Exchanging routing tables every 30 seconds
speed auto
c. Exchanging routing tables every 90 seconds !
interface FastEthernet0/1
d. IETF packets ip address 10.100.1.1 255.255.255.0
3. The OSPF routing protocol uses these to verify that a link between two routers duplex auto
is active and the routers are communicating speed auto
!
a. LSAs ip route 172.16.0.0 255.255.0.0 Null 0
!
b. Hello packets router ospf 200
c. ARP messages network 10.0.0.0 0.255.255.255 area 0

d. Ping

QUESTIONS AND PROBLEMS 147 154 CHAPTER 3: ADVANCED ROUTER CONFIGURATION II

FIGURE P-6

xxii
 • An extensive Glossary is found at the end of this book and offers quick, accessible definitions to key terms
and acronyms, as well as an exhaustive Index (see Figure P-7).

Complete Glossary of terms and Exhaustive Index provides

acronyms provide quick reference quick reference

6to4 Prefix A technique that enables IPv6 hosts to Area 0 In OSPF, this is the root area and is the back- Address field (show ip eigrp neighbors command), 125
Numbers
communicate over the IPv4 Internet. bone for the network. administration (Linux), 389
3DES (Triple Data Encryption Standard), ESP, 301 Is system-config- * command, 385
802.1Q This standard defines a system of VLAN tag- Area ID Analogous to OSPF area number, and it is
6to4 prefix (IPv6 addresses), 314 security, 387
ging for Ethernet frames. used by L2 routers.
802.1Q, 18, 24-26 system-config- [tool-name] command, 385
2001:DB8::/32 Prefix This IPv6 address prefix is Areas The partition of a large OSPF network into 2001, DB8::/32 prefix and IPv6 router configuration, 324 system-config-date command, 386
reserved for documentation. This is recommended by smaller OSPF networks. system-config-network command, 388
RFC3849 to reduce the likelihood of conflict and administration commands (Linux)
confusion when using the IPv6 address in examples,
ARIN American Registry for Internet Numbers. Symbols
Allocates Internet Protocol resources, develops df command, 363
books, documentation, or even in test environments. ? (question mark), JUNOS operating system, 161
consensus-based policies, and facilitates the advance- df -kh command, 364
.int Intergovernmental domain registries is used for ment of the Internet through information and educa- history command, 364
registering organizations established by international tional outreach.
treaties between or among national governments.
A kill [PID] command, 361
ARP Address Resolution Protocol, used to map an IP kill -9 [PID] command, 361
{master} The prompt indicating you are in the address to its MAC address. AAA (Authentication, Authorization, and Accounting), 281 man command, 358-359
master routing engine mode on a Juniper router. ABR (area border routers), 112 mount command, 358, 362
arp –a The command used to view the ARP cache. access layer, 6 ps command, 358-361
A Record (Address Record) This maps a hostname to access-list 100 deny udp any any eq 161 command, ACL
ARP Broadcast Used to inform everyone on the shutdown command, 358, 364
an IP address. configuration, 273
network that it now is the owner of the IP address. shutdown -h now command, 364
AAA Authentication, Authorization, and Accounting. access-list 100 deny udp any any eq snmp command, ACL su command, 358, 362
ARP Reply A network protocol where the MAC configuration, 274
ABR Area border routers. address is returned. Tab key shortcut, 364
access-list permit ip any any command, ACL configura-
umount command, 364
Access Layer Where the networking devices in a LAN AS Autonomous System. These numbers are used by tion, 274
up arrow shortcut, 364
connect together. various routing protocols and are a collection of accounting (security), 281
advertise_connected policies, Juniper router route redis-
connected Internet Protocol (IP) routing prefixes. ACK (Acknowledgment) packets, TCP three-way hand-
Access Lists (ACL) A basic form of firewall protec- tribution, 179
Autonomous systems separate organizational networks. shakes, 230
tion used to tell a networking device who and what are advertise_isis policies, Juniper router route redistribu-
ACL (Access Lists), 270-272. See also filter lists
allowed to enter or exit a network. ASN Autonomous systems number is used to distin- tion, 179
access-list 100 deny udp any any eq 161 command, 273
guish separate networks and to prevent routing loops. advertise_rip policies, Juniper router route redistribu-
ACK Acknowledgment packet. access-list 100 deny udp any any eq snmp command, 274 tion, 179
at Asynchronous Transmission Mode (ATM) connec- access-list permit ip any any command, 274 advertise_static policies, Juniper router route redistribu-
address-family ipv6 The command used to
tion for a Juniper router. configure terminal command, 273 tion, 180
specify that IPv6 is specified.
edge routers, 273-275 advertising networks, 75
ATM Asynchronous transfer mode.
Administrative Distance (AD) A number assigned to extended ACL, 273 AES (Advance Encryption Standard)
a protocol or route to declare its reliability. Authoritative Name Server A name server that is false TCP headers, 278 ESP, 301
authorized and configured to answer DNS queries for a hosts, 277
Advertise The sharing of route information. WPA2, 291
particular domain or zone. ip access-group 100 out command, 274 AF33 (Assured Forwarding class 3), VoIP class maps, 441
AES Advance Encryption Standard. A 128-bit block
Automatic Private IP Addressing (APIPA) A IP addresses, stopping data traffic from, 277-278 AH (Authentication Headers), troubleshooting VPN tun-
data encryption technique.
self-assigned IP address in the range of 169.254.1.0– permit ip any any command, 274-276 nels, 300
AF33 Assured Forwarding class 3. Created to ensure 169.254.254.255. placement of, 274 allow-snmp term (filter lists), 279
the VoIP signaling or handshake. remote data hosts, stopping data traffic from, 277 AMI (alternate mark inversion), 38
autonomous-system [AS_Number] This command
AH Authentication Header. A security protocol used is used in JUNOS to define the BGP AS for the router. router logging, 283-285 anycast IPv6 addresses, 314
by IPsec that guarantees the authenticity of the IP show access-list 100 command, 274 AP (access points), NSEL and IS-IS, 113
B8ZS Bipolar 8 zero substitution. A data encoding show access-list command, 275-276 APIPA (Automatic Private IP Addressing), 196
packets.
format developed to improve data transmission over T1 SMB, 273-275 Area ID, IS-IS, 112
AMI Alternate mark inversion. A fundamental line circuits.
standard ACL, 273 areas (OSPF), 102, 105
coding scheme developed for transmission over T1
Backbone The primary path for data traffic to and UDP, 276 A records (Address records), DNS, 214, 218-219
circuits.
from destinations and sources in the campus network. AD (Administrative Distance), 71 ARIN (American Registry for Internet Numbers), IP ad-
Anycast Address Obtained from a list of addresses. address family ipv6 command, IPv6 Internet routing via dress assignments, 191
Backup Designated Router (BDR) The router or
BGP4+, 413
routers with lower priority.

457 473

FIGURE P-7

xxiii
Accompanying CD-ROM
The CD-ROM packaged with the text includes the captured data packets used in the text. It also includes the
Net-Challenge Software, which was developed specifically for this text.

Instructor Resources
The Instructor’s Manual to accompany A Practical Guide to Advanced Networking, (ISBN: 978-0-132-88303-0)
provides the entire book in PDF format along with instructor notes for each section within each chapter, recom-
mending key concepts that should be covered in each chapter. Solutions to all Chapter Questions and Problems
sections are also included. In addition, the instructor can also access 13 lab and lab-related exercises and a test
bank with which to generate quizzes on the material found within the student edition of the book.

xxiv
This page intentionally left blank
 NETWORK
1
CHAPTER
INFRASTRUCTURE
DESIGN
Chapter Outline
Introduction 1-4 Routed Network
1-1 Physical Network Design Summary
1-2 IP Subnet Design Questions and Problems
1-3 VLAN Network

Objectives
• Understand the purpose of the three layers • Understand the process of configuring a
of a campus network design VLAN
• Understand the issue of data flow and select- • Understand the issues of configuring the
ing the network media Layer 3 routed network
• Develop techniques for IP allocation and sub-
net design

Key Terms
core show interface status show ip interface brief (sh
distribution layer trunk port ip int br)
access layer Inter-Switch Link (ISL) no switchport
CIDR Switchport mode trunk secondary IP address
ISP switchport trunk encapsu- InterVLAN routing
intranets lation dot1q router on a stick
NAT switchport trunk encapsu- SVI
PAT lation isl DS
Overloading switchport trunk allowed CSU/DSU
vlan vlan_id AMI
supernet
show interfaces trunk B8ZS
gateway
network address Minimum Ones Density
broadcast domain
logical address HDLC
flat network
router interface PPP
VLAN (virtual LAN)
routing table WIC
port-based VLAN
subnet, NET VWIC
tag-based VLAN
multilayer switch (MLS) service-module t1
protocol-based VLAN
wire speed routing show controller t1 slot/
VLAN ID
routed network port
802.1Q
Layer 3 network ATM
static VLAN
SONET Virtual Path Connection
dynamic VLAN
WAN (VPC)
show vlan
terminal monitor (term Virtual Channel Connection
vlan database
mon) (VCC)
vlan vlan_id
terminal no monitor SVC
show vlan name vlan-name
(term no mon) VPI
interface vlan 1
VCI

3
 INTRODUCTION
The objective of this chapter is to examine the computer networking issues
that arise when planning a campus network. The term campus network applies
to any network that has multiple LANs interconnected. The LANs are typi-
cally in multiple buildings that are close to each other and interconnected
with switches and routers. This chapter looks at the planning and designs of
a simple campus network, including network design, IP subnet assignment,
VLAN configuration, and routed network configuration.
The basics of configuring the three layers of a campus LAN (core, distribu-
tion, and access) are first examined in Section 1-1. This section also ad-
dresses the important issues of data flow and selecting the proper network
media. Section 1-2 examines IP allocation and subnet design. Section 1-3
discusses the VLAN network, including a step-by-step process of how to con-
figure a VLAN, which provides an introduction to the basic switch commands
and the steps for configuring a static VLAN. Section 1-4 examines the Layer 3
routed network. This section explores the functions of the router and includes
configuration examples in different scenarios.

1-1 PHYSICAL NETWORK DESIGN

Most campus networks follow a design that has core, distribution, and access
layers. These layers, shown in Figure 1-1, can be spread out into more layers or
compacted into fewer, depending on the size of these networks. This three-layer
network structure is incorporated in campus networks to improve data handling and
routing within the network. The issues of data flow and network media are also ex-
amined in this section.

* Layer 3 switches
Switch A Switch B
Core

Router A ge-0/3/0 Router B ge-0/1/0 Router C

ge-1/2/0 ge-0/0/0 ge-0/2/0 ge-0/0/0

Distribution

fa0/1 fa0/1 fa0/0 fa0/0

segment segment

10.10.20.0 NET 10.10.10.0 NET 10.10.1.0 NET 10.10.5.0 NET

Access LAN A LAN B LAN C LAN D

Switch Switch Switch Switch

A1 A2 B1 B2 C1 C2 D1 D2

FIGURE 1-1 The core, distribution, and access layers of a campus network

4 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

Core
The network core usually contains high-end Layer 3 switches or routers. The core
Core
is the heart, or backbone, of the network. The major portion of a network’s data
traffic passes through the core. The core must be able to quickly forward data to The Backbone of the
Network
other parts of the network. Data congestion should be avoided at the core, if pos-
sible. This means that unnecessary route policies should be avoided. An example of
a route policy is traffic filtering, which limits what traffic can pass from one part of
a network to another. Keep in mind that it takes time for a router to examine each
data packet, and unnecessary route policies can slow down the network’s data
traffic.
High-end routers and Layer 3 switches are typically selected for use in the core.
Of the two, the Layer 3 switch is the best choice. A Layer 3 switch is essentially a
router that uses electronic hardware instead of software to make routing decisions.
The advantage of the Layer 3 switch is the speed at which it can make a routing de-
cision and establish a network connection.
Another alternative for networking hardware in the core is a Layer 2 switch. The
Layer 2 switch does not make any routing decisions and can quickly make network
connection decisions based on the network hardware connected to its ports. The ad-
vantage of using the Layer 2 switch in the core is cost. The disadvantage is that the
Layer 2 switch does not route data packets; however, high-speed Layer 2 switches
are more affordable than high-speed routers and Layer 3 switches.
An important design issue in a campus network and the core is redundancy. Redun-
dancy provides for a backup route or network connection in case of a link failure.
The core hardware is typically interconnected to all distribution network hardware,
as shown in Figure 1-1. The objective is to ensure that data traffic continues for the
entire network, even if a core networking device or link fails.
Each layer beyond the core breaks the network into smaller networks with the final
result being a group of networks that are capable of handling the amount of traffic
generated. The design should thus incorporate some level of redundancy.

Distribution Layer
The distribution layer in the network is the point where the individual LANs con-
nect to the campus network routers or Layer 3 switches. Routing and filtering poli- Distribution Layer
cies are more easily implemented at the distribution layer without having a negative Point where the
individual LANs connect
impact on the performance of the network data traffic. Also, the speed of the net-
together.
work data connections at the distribution layer is typically slower than at the core.
For example, connection speeds at the core should be the highest possible, such as
1 or 10 gigabits, where the data speed connections at the distribution layer could be
100 Mbps or 1 gigabit. Figure 1-1 shows the connections to the access and core lay-
ers via the router’s Ethernet interfaces.

1-1: PHYSICAL NETWORK DESIGN 5

 Access Layer
The access layer is where the networking devices in a LAN connect together. The
Access Layer network hardware used here is typically a Layer 2 switch. Remember, a switch is
Where the networking a better choice because it forwards data packets directly to destination hosts con-
devices in a LAN connect nected to its ports, and network data traffic is not forwarded to all hosts in the net-
together.
work. The exception to this is a broadcast where data packets are sent to all hosts
connected to the switch.

NOTE
Hubs are not recommended at all in modern computer networks.

Data Flow
An important networking issue is how data traffic flows in the core, distribution,
and access layers of a campus LAN. In reference to Figure 1-1, if computer A1
in LAN A sends data to computer D1 in LAN D, the data is first sent through the
switch in LAN A and then to Router A in the distribution layer. Router A then for-
wards the data to the core switches, Switch A or Switch B. Switch A or Switch B
then forwards the data to Router C. The data packet is then sent to the destination
host in LAN D.
The following are some questions often asked when setting up a network that im-
plements the core, distribution, and access layers:
• In what layer are the campus network servers (web, email, DHCP, DNS,
and so on) located? This varies for all campus networks, and there is not a
definitive answer. However, most campus network servers are located in the
access layer.
• Why not connect directly from Router A to Router C at the distribution
layer? There are network stability issues when routing large amounts of net-
work data traffic if the networks are fully or even partially meshed together.
This means that connecting routers together in the distribution layer should be
avoided.
• Where is the campus backbone located in the layers of a campus net-
work? The backbone of a campus network carries the bulk of the routed data
traffic. Based on this, the backbone of the campus network connects the dis-
tribution and the core layer networking devices.

Selecting the Media

The choices for the media used to interconnect networks in a campus network are
based on several criteria. The following is a partial list of things to consider:
• Desired data speed
• Distance for connections
• Budget

6 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

The desired data speed for the network connection is probably the first consider-
ation given when selecting the network media. Twisted-pair cable works well at 100
Mbps and 1 Gbps and is specified to support data speeds of 10-gigabit data traffic.
Fiber-optic cable supports LAN data rates up to 10 Gbps or higher. Wireless net-
works support data rates up to 200+ Mbps.
The distance consideration limits the choice of media. CAT 6/5e or better have a
distance limitation of 100 meters. Fiber-optic cable can be run for many kilometers,
depending on the electronics and optical devices used. Wireless LAN connections
can also be used to interconnect networks a few kilometers apart.
The available budget is always the final deciding factor when planning the design
for a campus LAN. If the budget allows, fiber-optic cable is probably the best
overall choice, especially in the high-speed backbone of the campus network. The
cost of fiber is continually dropping, making it more competitive with lower-cost
network media, such as twisted-pair cable. Also, fiber cable will always be able to
carry a greater amount of data traffic and can easily grow with the bandwidth re-
quirements of a network.
Twisted-pair cable is a popular choice for connecting computers in a wired LAN.
The twisted-pair technologies support bandwidths suitable for most LANs, and the
performance capabilities of twisted-pair cable is always improving.
Wireless LANs are being used to connect networking devices together in LANs
where a wired connection is not feasible or mobility is the major concern. For ex-
ample, a wireless LAN could be used to connect two LANs in a building together.
This is a cost-effective choice if there is not a cable duct to run the cable to inter-
connect the LANs or if the cost of running the cable is too high. Also, wireless con-
nections are playing an important role with mobile users within a LAN. The mobile
user can make a network connection without having to use a physical connection or
jack. For example, a wireless LAN could be used to enable network users to con-
nect their mobile computers to the campus network.

1-2 IP SUBNET DESIGN

Once the physical infrastructure for a network is in place, the next big step is to
plan and allocate IP space for the network. Take time to plan the IP subnet design,
because it is not easy to change the IP subnet assignments once they are in place.
It is crucial for a network engineer to consider three factors before coming up with
the final IP subnet design. These three factors are
1. The assigned IP address range
2. The number of subnetworks needed for the network
3. The size or the number of IP host addresses needed for the network

The final steps in designing the IP subnet is to assign an IP address to the interface
that will serve as the gateway out of each subnet.

1-2: IP SUBNET DESIGN 7

 IP Address Range
The IP address range defines the size of the IP network you can work with. In
CIDR some cases, a classless interdomain routing (CIDR) block of public IP addresses
Classless Interdomain might be allocated to the network by an ISP. For example, the block of IP address
Routing 206.206.156.0/24 could be assigned to the network. This case allocates 256 IP ad-
ISP dresses to the 206.206.156.0 network. In another case, a CIDR block of private
Internet service provider: IP addresses, like 10.10.10.0/24, could be used. In this case, 256 IP addresses are
An organization that assigned to the 10.10.10.0 network. For established networks with an IP address
provides Internet access range already in use, the network engineer generally has to work within the existing
for the public. IP address assignments. With a brand new network, the engineer has the luxury of
creating a network from scratch.
In most network situations, an IP address block will have been previously assigned
to the network for Internet use. The public IP addresses are typically obtained from
the ISP (Internet service provider). This IP block of addresses could be from Class
A, B, or C networks, as shown in Table 1-1.

TABLE 1-1 Address Range for Each Class of Network

Class Address Range

Class A 0.0.0.0 to 127.255.255.255
Class B 128.0.0.0 to 191.255.255.255
Class C 192.0.0.0 to 223.255.255.255

Intranets
Internetwork that Today, only public Class C addresses are assigned by ISPs, and most of them are
provides file and not even a full set of Class C addresses (256 IP addresses). A lot of ISPs partition
resource sharing. their allotted IP space into smaller subnets and then, in turn, provide those smaller
portions to the customers. The bottom line is the limited number of public IP ad-
NAT dresses are now a commodity on the Internet, and it is important to note that there
Network Address are fees associated with acquiring an IP range from an ISP.
Translation. A technique
used to translate an Not many institutions or businesses have the luxury of using public IP addresses
internal private IP inside their network anymore. This is because the growing number of devices being
address to a public IP used in a network exceeds the number of public IP addresses assigned to them. The
address. solution is that most networks are using private IP addresses in their internal net-
PAT work. Private addresses are IP addresses set aside for use in private intranets. An
Port Address Translation. intranet is an internal internetwork that provides file and resource sharing. Private
A port number is addresses are not valid addresses for Internet use, because they have been reserved
tracked with the client for internal use and are not routable on the Internet. However, these addresses can
computer’s private be used within a private LAN (intranet) to create the internal IP network.
address when translating
to a public address. The private IP addresses must be translated to public IP addresses using techniques
like NAT (Network Address Translation) or PAT (Port Address Translation) before
Overloading being routed over the Internet. For example, computer 1 in the home network (see
Where NAT translates the Figure 1-2) might be trying to establish a connection to an Internet website. The
home network’s private wireless router uses NAT to translate computer 1’s private IP address to the public
IP addresses to a single IP address assigned to the router. The router uses a technique called overloading,
public IP address.
where NAT translates the home network’s private IP addresses to the single public

8 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

IP address assigned by the ISP. In addition, the NAT process tracks a port number
for the connection. This technique is called Port Address Translation (PAT). The
router stores the home network’s IP address and port number in a NAT lookup ta-
ble. The port number differentiates the computer that is establishing a connection to
the Internet because the router uses the same public address for all computers. This
port number is used when a data packet is returned to the home network. This port
number identifies the computer that established the Internet connection, and the
router can deliver the data packet back to the correct computer. An example of this
conversion is provided in Figure 1-3. This example shows three data connections
originating from the home network of 192.168.0.0/24. A single 128.123.246.55 IP
address is used for the Internet connection. Port address translation is being used to
map the data packet back to the origination source. In this case, the port numbers
are 1962, 1970, and 1973.

The wireless computers (1 and 2) will use

private IP addresses that are assigned
3 by the wireless router.

to ISP
2

Wireless Router
(Access Point/Switch/
Broadband Modem)

FIGURE 1-2 An example of a home computer connecting to the ISP

192.168.0.64 128.123.246.55 : 1962

192.168.0.65 128.123.246.55 : 1970

Router
192.168.0.66 192.168.0.1 128.123.246.55 : 1973

FIGURE 1-3 This example shows the three data connections originating from the home
network of 192.168.0.0/24

Determining the Number of Subnetworks Needed for the Network

The use of private IP addresses is a viable technique for creating a large amount of
IP addresses for intranet use. Obviously, there is a big difference when designing
an IP network for a single network than there is when designing an IP network for
multiple networks. When designing an IP network for one single network, things

1-2: IP SUBNET DESIGN 9

 are quite simple. This type of configuration is typically found in the home, small of-
fice, or a small business environment where one IP subnet is allocated and only one
small router is involved.
For situations requiring multiple networks, each network must be sized accordingly.
Therefore, the subnet must be carefully designed. In addition, networks with mul-
tiple subnets require a router or multiple routers with multiple routed network in-
terfaces to interconnect the networks. For example, if the network engineer is using
private addresses and needs to design for three different networks, one possibility is
to assign 10.10.10.0/24 for the first network, 172.16.0.0/24 for the second network,
and 192.168.1.0/24 for the third network. Is this a good approach? Technically, this
can be done, but it is probably not logically sound. It makes more sense to group
these networks within the same big CIDR block. This will make it easier for a net-
work engineer to remember the IP assignments and to manage the subnets. A better
design is to assign 10.10.10.0/24 to the first network, 10.10.20.0/24 to the second
network, and 10.10.30.0/24 to the third network. All three networks are all in the
same “10” network, which makes it easier for the network engineer to track the IP
assignments. The term subnet and network are used interchangeably in multiple
network environments. The term subnet usually indicates a bigger network address
is partitioned and is assigned to smaller networks or subnets.
Another design factor that the network engineer must address is the network size.
Two questions that a good network engineer must ask are
• How many network devices must be accommodated in the network? (Current
demand)
• How many network devices must be accommodated in the future? (Future
growth)

Simply put, the IP network must be designed to accommodate the current demand,
and it must be designed to accommodate future growth. Once the size of a network
is determined, a subnet can be assigned. In the case of a single network, the design
is not too complicated. For example, if the network needs to be able to accommo-
date 150 network devices, an entire Class C address, like 192.168.1.0/24, can be
assigned to the network. This will handle the current 150 network devices and leave
enough room for growth. In this example, 104 additional IP address will be avail-
able for future growth.
When allocating IP address blocks, a table like Table 1-2 can be used to provide the
CIDR for the most common subnet masks and their corresponding number of avail-
able IP addresses.

TABLE 1-2 CIDR—Subnet Mask-IPs Conversion

CIDR Subnet Mask IPs

/16 255.255.0.0 65534
/17 255.255.128.0 32768
/18 255.255.192.0 16384

10 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

CIDR Subnet Mask IPs
/19 255.255.224.0 8192
/20 255.255.240.0 4096
/21 255.255.248.0 2048
/22 255.255.252.0 1024
/23 255.255.254.0 512
/24 255.255.255.0 256
/25 255.255.255.128 128
/26 255.255.255.192 64
/27 255.255.255.224 32
/28 255.255.255.240 16
/29 255.255.255.248 8
/30 255.255.255.252 4
/31 255.255.255.254 2
/32 255.255.255.255 1

Even with a much smaller network, like the home network, where only a handful
of network computers and peripherals are present, an entire Class C private address
is generally allocated to the home network. In fact, most home routers are precon-
figured with a private Class C address within the 192.168.0.0–192.168.0.255 range.
This technique is user friendly and easy to use and sets aside private IP addresses
for internal network use. This technique virtually guarantees that users will never
have to worry about subnetting the CIDR block.
For a bigger network that must handle more than 254 network devices, a supernet
can be deployed. A supernet is when two or more classful contiguous networks Supernet
are grouped together. The technique of supernetting was proposed in 1992 to Two or more classful
eliminate the class boundaries and make available the unused IP address space. contiguous networks are
Supernetting allows multiple networks to be specified by one subnet mask. In grouped together.
other words, the class boundary could be overcome. For example, if the network
needs to be able to accommodate 300 network devices, two Class C networks, like
192.168.0.0/24 and 192.168.1.0/24, can be grouped together to form a supernet
of 192.168.0.0/23, which can accommodate up to 510 network devices. As shown
in Table 1-2, a /23 CIDR provides 512 available IP addresses. However, one IP is
reserved for the network address and another one is reserved for the network broad-
cast address. Therefore, a /23 CIDR yields 512 – 2 = 510 usable host IP addresses.

Determining the Size or the Number of IP Host Addresses

Needed for the Network
The problem with randomly applying CIDR blocks to Class A, B, and C addresses
is that there are boundaries in each class, and these boundaries can’t be crossed. If a
boundary is crossed, the IP address maps to another subnet. For example, if a CIDR

1-2: IP SUBNET DESIGN 11

 block is expanded to include four Class C networks, all four Class C networks need
to be specified by the same CIDR subnet mask to avoid crossing boundaries. The
following example illustrates this.

Example 1-1
Figure 1-4 shows three different networks with different size requirements. The
needed capacity (number of devices) for each network is specified in the figure.
Your task is to determine the CIDR block required for each network that will
satisfy the number of expected users. You are to use Class C private IP addresses
when configuring the CIDR blocks.

Interconnect LAN B1
Capacity: 800 devices

RouterA RouterB

LAN B2
LAN A Server Network
Capacity: 300 devices No more than 80 servers

FIGURE 1-4 Three different networks

Solution:
For LAN A, a CIDR block that can handle at least 300 networking devices must
be provided. In this case, two contiguous Class C networks of 192.168.0.0/24 and
192.168.1.0/24 can be grouped together to form a 192.168.0.0/23 network. Refer-
ring to Table 1-2, a /23 CIDR with a subnet mask of 255.255.254.0 provides 512
IP addresses which more than satisfies the required 300 networking devices.

The next question is to determine what the network address is for LAN A. This can
be determined by ANDing the 255.255.254.0 subnet mask with 192.168.0.0 and
192.168.1.0.
192. 168. 0. 0 192. 168. 1. 0
255. 255. 254. 0 (/23) 255. 255. 254. 0 (/23)
192. 168. 0. 0 192. 168. 0. 0

This shows that applying the /23 [255.255.254.0] subnet mask to the specified IP
address places both in the same 192.168.0.0 network. This also means that this
CIDR block does not cross boundaries, because applying the subnet mask to each
network address places both in the same 192.168.0.0 network.

12 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

For LAN B1, the requirement is that a CIDR block that can handle 800 network
devices must be provided. According to Table 1-2, a /22 CIDR yields 1,022 usable
host IP addresses and is equivalent to grouping four Class C networks together.
Therefore, a /22 CIDR can be used.
The next decision is selecting the group of IP addresses to create the CIDR block
and decide where the IP addresses should start. Recall that the 192.168.0.0 and
192.168.1.0 networks are being used to create the LAN A CIDR block. Should
LAN B1 start from 192.168.2.0/22, which is the next contiguous space? The an-
swer is no. The 192.168.2.0/22 is still within the boundary of the 192.168.0.0/23
network. Remember, the requirement is that a CIDR block that can handle 800 net-
work devices must be provided and that boundaries cannot be crossed, and the de-
signer must be careful not to overlap the networks when assigning subnets to more
than one network. In this case, when the /22 subnet mask (255.255.252.0) is applied
to 192.168.2.0, this yields the network 192.168.0.0. The AND operation is shown:
192. 168. 2. 0
255. 255.252. 0 (/22)
192. 168. 0. 0
This happens to be the same network address as when the /23 CIDR subnet mask
(255.255.254.0) is applied to any IP within the range of 192.168.0.0-192.168.1.255,
as shown:
192. 168. 0. 0 192. 168. 1. 255
255. 255. 254. 0 (/23) 255. 255. 254. 0 (/23)
192. 168. 0. 0 192. 168. 0. 0

There is an overlap between 192.168.0.0/23 and 192.168.2.0/22. Moving to the next

contiguous Class C of 192.168.3.0/22, we still find that it’s still in the 192.168.0.0:
192.168.3.0
255.255.252.0 (/22)
192.168.0.0 is still in the same subnet.

Based on this information, the next Class C range 192.168.4.0/22 is selected. This
yields a nonoverlapping network of 192.168.4.0, so the subnet 192.168.4.0/22 is a
valid for this network:
192.168.4.0
255.255.252.0 (/22)
192.168.4.0 is not the same subnet; therefore, this is an acceptable CIDR block.

Recall that the CIDR for LANB1 is a /22 and is equivalent to grouping four Class C
networks. This means that LANB1 uses the following Class C networks:
192.168.4.0
192.168.5.0
192.168.6.0
192.168.7.0

1-2: IP SUBNET DESIGN 13

 The IP subnet design gets more complicated when designing multiple networks
with different size subnets. This generally means that the subnet mask or the CIDR
will not be uniformly assigned to every network. For example, one network might
be a /25 network or /22, while another is a /30 network.
The next requirement is that a CIDR block that can handle 800 network devices
must be tasked to assign a CIDR block to LAN B2. This LAN is a server network
that houses a fixed number of servers. The number is not expected to grow beyond
80 servers. One easy approach is to assign a /24 CIDR to this network.
This means that the next network is 192.168.8.0/24, which is the next nonoverlap-
ping CIDR block after 192.168.4.0/22. The /24 CIDR gives 254 host IP addresses,
but only 80 IP addresses are required. Another approach is to size it appropriately.
According to Table 1-2, a good CIDR to use is a /25, which allows for 126 host IP
addresses. Therefore, a network 192.168.8.0/25 can be used for this network.
Assigning a 192.168.8.0/24 CIDR, which can accommodate 254 hosts, seems like a
waste, because the network is expected to be a fixed size, and it will house no more
than 80 servers. By assigning a 192.168.8.0/25 CIDR, enough room is left for an-
other contiguous CIDR, 192.168.8.128/25. Obviously, this is a more efficient way
of managing the available IP space.
Last but not least is the interconnection shown in Figure 1-4. This is the
router-to-router link between Router A and Router B. The interconnection usually
gets the least attention, but it exists everywhere in the multiple networks environ-
ment. Nonetheless, a CIDR block has to be assigned to it. Because there are always
only two interface IP addresses involved plus the network and broadcast address,
giving an entire Class C address would definitely be a waste. Typically, a /30 CIDR
is used for this type of connection. Therefore, a CIDR block for the interconnection
between Router A and Router B can be 192.168.9.0/30. This yields two IP host ad-
dresses: one for Router A and one for Router B.
The complete subnet assignment for Example 1-1 and Figure 1-4 is provided in
Table 1-3.

TABLE 1-3 Completed Design of Subnets for Figure 1-4

Network Subnet CIDR Subnet Mask

LAN A 192.168.0.0 /23 255.255.254.0
LAN B1 192.168.4.0 /22 255.255.252.0
LAN B2 192.168.8.0 /24 or /25 255.255.255.0 or 255.255.255.128
Interconnect 192.168.9.0 /30 255.255.255.252

14 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

IP Assignment
The next task requirement is that a CIDR block that can handle 800 network de-
vices must be required to assign an IP address to each routed interface. This ad- Gateway
dress will become the gateway IP address of the subnet. The gateway describes the Describes the networking
device that enables
networking device that enables hosts in a LAN to connect to networks (and hosts)
hosts in a LAN to
outside the LAN. Figure 1-5 provides an example of the gateway. Every network
connect to networks
device within its subnet (LAN) will use this IP address as its gateway to commu- (and hosts) outside the
nicate from its local subnet to devices on other subnets. The gateway IP address is LAN.
preselected and is distributed to a network device by way of manual configuration
or dynamic assignment.

Gateway

Data Data
enter LAN exit

FIGURE 1-5 The gateway for a network

For LAN A in Example 1-1, the IP address 192.168.0.0 is already reserved as the
network address, and the IP address 192.168.0.255 is reserved as the broadcast
address. This leaves any IP address within the range 192.168.0.1–192.168.0.254
available for use for the gateway address. Choosing the gateway IP address is not
an exact science. Generally, the first IP address or the last IP address of the avail-
able range is chosen. Whatever convention is chosen, it should apply to the rest of
the subnets for the ease of management. Once the gateway IP address is chosen,
this IP address is reserved and is not to be used by any other devices in the subnet.
Otherwise, an IP conflict will be introduced. The following is an example of how
the gateway IP addresses could be assigned to the LANs in Example 1-1.
Network Gateway
LAN A 192.168.0.1
LAN B1 192.168.4.1
LAN B2 192.168.8.1

1-2: IP SUBNET DESIGN 15

 1-3 VLAN NETWORK
This section examines the function of using a switch in a VLAN within the campus
network. The terminology and steps for implementing VLANs will be presented
first. The second part examines basic Cisco switch configuration and provides an
introduction to the commands needed for configuring the VLAN. The third part of
Section 1-3 demonstrates the commands needed to set up a static VLAN. Next is a
discussion on VLAN tagging using 802.1Q. The section concludes with a look at
configuring an HP Procurve switch.
LANs are not necessarily restricted in size. A LAN can have 20 computers, 200
computers, or even more. Multiple LANs also can be interconnected to essentially
create one large LAN. For example, the first floor of a building could be set up as
one LAN, the second floor as another LAN, and the third floor another. The three
LANs in the building can be interconnected into essentially one large LAN using
switches, with the switches interconnected, as shown in Figure 1-6.
Is it bad to interconnect LANs this way? As long as switches are being used to
Broadcast Domain
interconnect the computers, the interconnected LANs have minimal impact on net-
Any broadcast sent out work performance. This is true as long as there are not too many computers in the
on the network is seen
LAN. The number of computers in the LAN is an issue, because Layer 2 switches
by all hosts in this
domain.
do not separate broadcast domains. This means that any broadcast sent out on the
network (for example, the broadcast associated with an ARP request) will be sent
to all computers in the LAN. Excessive broadcasts are a problem, because each
computer must process the broadcast to determine whether it needs to respond; this
essentially slows down the computer and the network.

Switch 3rd floor

Closet

2nd floor

1st floor

FIGURE 1-6 Three floors of a building interconnected using switches to form one large LAN

16 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

A network with multiple LANs interconnected at the Layer 2 level is called a flat
network. A flat network is where the LANs share the same broadcast domain. The Flat Network
use of a flat network should be avoided if possible for the simple reason that the A network where the
network response time is greatly affected. Flat networks can be avoided by the use LANs share the same
broadcast domain.
of virtual LANs (VLAN) or routers. Although both options can be used to separate
broadcast domains, they differ in that the VLAN operates at the OSI Layer 2, while
routers use Layer 3 networking to accomplish the task. The topic of a virtual VLAN
is discussed next.

Virtual LAN (VLAN)

Obviously, if the LANs are not connected, then each LAN is segregated only to a
switch. The broadcast domain is contained to that switch; however, this does not VLAN (Virtual LAN)
scale in a practical network, and it is not cost effective because each LAN requires A group of host
computers and servers
its own Layer 2 switches. This is where the concept of virtual LAN (VLAN) can
that are configured
help out. A VLAN is a way to have multiple LANs co-exist in the same Layer 2
as if they are in the
switch, but their traffic is segregated from each other. Even though they reside on same LAN, even if they
the same physical switch, they behave as if they are on different switches (hence, reside across routers in
the term virtual). VLAN compatible switches can communicate to each other and separate LANs.
extend the segregation of multiple LANs throughout the entire switched network. A
switch can be configured with a VLAN where a group of host computers and serv-
ers are configured as if they are in the same LAN, even if they reside across routers
in separate LANs. Each VLAN has its own broadcast domain. Hence, traffic from
one VLAN cannot pass to another VLAN. The advantage of using VLANs is the
network administrator can group computers and servers in the same VLAN based
on the organizational group (such as Sales, Engineering) even if they are not on the
same physical segment—or even the same building.
There are three types of VLANs: port-based VLANs, tag-based VLANs, and
protocol-based VLANs. The port-based VLAN is one where the host computers con- Port-Based VLAN
nected to specific ports on a switch are assigned to a specific VLAN. For example, Host computers
assume the computers connected to switch ports 2, 3, and 4 are assigned to the connected to specific
ports on a switch are
Sales VLAN 2, while the computers connected to switch ports 6, 7, and 8 are as-
assigned to a specific
signed to the Engineering VLAN 3, as shown in Figure 1-7. The switch will be con-
VLAN.
figured as a port-based VLAN so that the groups of ports [2,3,4] are assigned to the
sales VLAN while ports [6,7,8] belong to the Engineering VLAN. The devices as- Tagged-Based VLAN
signed to the same VLAN will share broadcasts for that LAN; however, computers Used VLAN ID based on
that are connected to ports not assigned to the VLAN will not share the broadcasts. 802.1Q.
For example, the computers in VLAN 2 (Sales) share the same broadcast domain Protocol-Based VLAN
and computers in VLAN 3 (Engineering) share a different broadcast domain. Connection to ports is
based on the protocol
being used.

VLAN 2 VLAN 3
Ports 2,3,4 Ports 6,7,8

FIGURE 1-7 An example of the grouping for port-based VLANs

1-3: VLAN NETWORK 17

 In tag-based VLANs, a tag is added to the Ethernet frames. This tag contains the
VLAN ID VLAN ID that is used to identify that a frame belongs to a specific VLAN. The ad-
Used to identify that dition of the VLAN ID is based on the 802.1Q specification. The 802.1Q standard
a frame belongs to a defines a system of VLAN tagging for Ethernet frames. An advantage of an 802.1Q
specific VLAN.
VLAN is that it helps contain broadcast and multicast data traffic, which helps
802.1Q minimize data congestion and improve throughput. This specification also provides
This standard defines a guidelines for a switch port to belong to more than one VLAN. Additionally, the
system of VLAN tagging tag-based VLANs can help provide better security by logically isolating and group-
for Ethernet frames. ing users.
In protocol-based VLANs, the data traffic is connected to specific ports based on
the type of protocol being used. The packet is dropped when it enters the switch if
the protocol doesn’t match any of the VLANs. For example, an IP network could be
set up for the Engineering VLAN on ports 6,7,8 and an IPX network for the Sales
VLAN on ports 2,3, and 4. The advantage of this is the data traffic for the two net-
works is separated.
There are two approaches for assigning VLAN membership:
Static VLAN
Basically, a port-based • Static VLAN: Basically a port-based VLAN. The assignments are created
VLAN. when ports are assigned to a specific VLAN.

Dynamic VLAN • Dynamic VLAN: Ports are assigned to a VLAN based on either the computer’s
MAC address or the username of the client logged onto the computer. This
Ports are assigned to a
VLAN based on either means that the system has been previously configured with the VLAN as-
the computer’s MAC signments for the computer or the username. The advantage of this is the
address or the username username and/or the computer can move to a different location, but VLAN
of the client logged onto membership will be retained.
the computer.

VLAN Configuration
This section demonstrates the steps for configuring a static VLAN. In this example,
the ports for VLAN 2 (Sales) and VLAN 3 (Engineering) will be defined. This re-
quires that VLAN memberships be defined for the required ports. The steps and the
commands will be demonstrated.
The show vlan command can be used to verify what ports have been defined for the
show vlan switch. By default, all ports are assigned to VLAN 1. An example using the show
Used to verify what vlan command is provided next.
ports have been defined
for the switch. SwitchA# show vlan

VLAN Name Status Ports

---- -------------------------- --------- ---------------------------
--
1 default active Fa0/1, Fa0/2,
Fa0/3, Fa0/4
Fa0/5,
Fa0/6, Fa0/7, Fa0/8
Fa0/9,
Fa0/10

18 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

This shows that all the FastEthernet interfaces on the switch are currently assigned
to VLAN 1, which is a default VLAN. In the next step, two additional VLANs vlan database
will be created for both Sales and Engineering. The two new VLANs will have the The command used on
VLAN ID of 2 and 3 respectively, and each VLAN will be assigned a name associ- older Cisco switches to
enter the VLAN database.
ated to it. This is accomplished by modifying the VLAN database using the vlan
database command, as shown in the next steps.
SwitchA#vlan database

SwitchA(vlan)#vlan 2 name Sales

VLAN 2 modified:
Name: Sales
SwitchA(vlan)#vlan 3 name Engineering
VLAN 3 modified:
Name: Engineering

On newer Cisco switches, users will get the following message that the command
vlan database is being deprecated:
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.

Cisco has moved away from the VLAN database-style command to an IOS global
command. Similarly to other IOS global commands, the switch must be in the con-
figuration mode (config)#. However, the concept remains the same that a VLAN
must be created for it to be activated and ready for use. The steps for creating the
VLAN on newer Cisco switches are as follows:
SwitchA# conf t
SwitchA(config)#vlan 2
SwitchA(config-vlan)#name Sales
SwitchA(config-vlan)#vlan 3
SwitchA(config-vlan)#name Engineering
SwitchA(config-vlan)#exit
SwitchA(config)#exit

To start configuring a VLAN, one must specify which VLAN needs to be config-
vlan [vlan_id]
ured using the vlan [vlan_id] command. If the specific VLAN does not exist, this
command will create the VLAN as well. As shown in the preceding example, the The IOS global command
used to create VLAN ID.
command vlan 2 is entered to configure vlan 2 and then the command name Sales
is entered to configure the name associated to the VLAN. The similar steps are
done for VLAN 3 with the name Engineering.

1-3: VLAN NETWORK 19

 The rest of the VLAN commands are almost identical in the older switches and
newer switches. The next step is used to verify that the new VLANs have been cre-
ated using the show vlan command:
Switch#show vlan

VLAN Name Status Ports

---- -------------------------- --------- ---------------------------
--
1 default active Fa0/1, Fa0/2, Fa0/3,
Fa0/4
Fa0/5, Fa0/6,
Fa0/7, Fa0/8
Fa0/9, Fa0/10
2 Sales active
3 Engineering active

This shows that both the Sales and Engineering VLANs have been created. In the
next steps, ports will be assigned to the newly created VLANs. This requires that
the configuration mode be entered and each FastEthernet interface (port) must be
assigned to the proper VLAN using the two commands switchport mode access
and switchport access vlan vlan-id. An example is presented for FastEthernet in-
terface 0/2 being assigned to VLAN 2 on a Cisco switch:
SwitchA#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchA(config)#int fa 0/2
SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport access vlan 2
SwitchA(config-if)#end

The next step is used to verify that FastEthernet 0/2 has been assigned to the Sales
VLAN (VLAN2). This can be verified using the show vlan brief command, as
shown. This command only displays the interfaces assigned to each VLAN:
SwitchA#sh vlan brief

VLAN Name Status Ports

---- ----------------------------- --------- ------------------------
---
1 default active Fa0/1, Fa0/3, Fa0/4,
Fa0/5
Fa0/6, Fa0/7,
Fa0/8, Fa0/9
Fa0/10
2 Sales active Fa0/2

The next steps are to assign ports 3 and 4 to the Sales VLAN (VLAN 2) and ports
6,7,8 to Engineering (VLAN 3). Once this is completed, the port assignments can
be verified using the show vlan command, as shown:

20 CHAPTER 1: NETWORK INFRASTRUCTURE DESIGN

Another Random Scribd Document
with Unrelated Content
 "He had fallen upon his knees on the ice."

Christlieb also shouted, in the hope of finding help; but no

answer came. All the bells were set a-ringing, whose tones, mingling
with the crashing of the ice and the gushing of the water, were the
only sounds which reached the ears of the unfortunate Christlieb,
who seemed to hear in the bells his death-knell, as his destruction
was apparently inevitable. He had fallen upon his knees on the ice,
which every moment became more the prey of the water as it
rushed on. The town, his second home, and the place of many
hopes, swam before his eyes; fainter became the sound of the bells,
and darker appeared to him every object, while he heard the most
dreadful noises in his ears. As often as the piece of ice on which he
knelt shook beneath him from some fresh concussion, he thought his
last moment had come. He pictured to himself the grief of his foster-
father, the sorrow of Malchen, and the pity which Rupel would feel
for his untimely end, and in this dreadful way. At length his senses
became dulled, and he was unconscious of the cold of the ice water,
in which he was covered up to his knees. He felt a drowsiness creep
over him, and he shut his eyes, no longer looking at the desolation
around him, until again awakened from his torpor by a new crashing
of the ice. Slowly he opened his weary eyes, and saw by the dim
morning light, which was now struggling with the darkness of night,
some dark arches suspended over the river. It was the bridge of the
city, against whose stone pillars the huge blocks of ice were dashed,
and driven back with a fearful noise. Lights were seen glimmering,
and again reflected in the rushing waters. But Christlieb saw not that
nets were placed between the pillars, in order to save any unhappy
persons who might be driven down on the ice. The sight of the
lights, however, recalled Christlieb to a sort of consciousness; for
where lights are men are not generally far distant, and some one
might perhaps yet save him. At all events, the bridge would decide
his fate as soon as the piece of ice dashed against the pillars; and
most likely it will be death, thought Christlieb The drums still were
hanging on him; and they might now be the means of saving him.
He was yet at a short distance from the bridge, and the mass of ice
was floating slowly down, so that he was enabled to take off the
drums from his person and beat an alarm, though with benumbed
fingers. He likewise exerted all his remaining strength to utter a cry,
but to no purpose, as far as he could see; for he now drove right
against one of the stone pillars; the ice broke in two, and the larger
half sunk beneath the water; the drums disappeared, and Christlieb,
whose cry of agony was unheard, followed after them. He felt the
rush of the water over his face, and a sharp pain in his side; after
which his senses forsook him, and he was unconscious of what
happened.

CHAPTER X.
THE SICK-BED.

How long Christlieb had remained unconscious, he knew not; neither

could he very well tell whether he were in this world or in another. It
seemed to him as if he were floating in mist, where huge shadows
of men were flying past him. Then his head turned round and round,
and he shut his eyes not to see anything more. Afterwards he
became, as he thought, a receiver of the dead,--a post which
certainly imagination alone could create. A large churchyard spread
itself out before him, covered with snow, above which were seen the
black crosses and stone monuments of the dead. At the entrance of
the churchyard stood the house for the reception of the dead,
where, however, Christlieb did not dwell, but hovered over it in the
air, and saw the funeral processions of those of whom he was to
take care move on to a distance. He likewise fancied that he had
received a message from his late master, begging him to return to
the tower, at the folly of which he smiled, as he knew that he was
now no longer an inhabitant of earth. He felt himself quite happy,
and had no desire to return to it again. The scene then changed,
and he fancied himself standing up to the neck amidst the chilling
ice, and making desperate efforts to reach the shore. These efforts,
however, were always rendered unavailing by the united strength of
two men and a lady, who kept him back, and pressed him seemingly
deeper into the icy water. At length, after repeated struggles to get
free, but all in vain, the blocks of ice changed themselves into bed-
posts and bedding, under the latter of which he was covered, almost
to suffocation. At another time he felt himself sitting upright in bed,
and obliged to swallow a spoonful of something tasting like camphor
or musk. Then, again, after long unconsciousness, he awoke and
looked around him with open eyes. He saw a figure lying on a sofa
at a short distance from him, with its head resting as if asleep. A
small lamp was burning behind an open book, whose dim light was
scarcely sufficient to light up the room, so as to render the objects
distinctly visible. In another corner crackled a fire, which was blazing
in a stove. Christlieb quietly left his bed, and with difficulty reached
the door of the room, from the opening of which a cool air met him.
At this moment the sleeping figure started up with a cry of horror,
seized the weak and fainting boy, and brought him back again to his
bed. When he next awoke a subdued daylight filled the apartment. A
tall man stood beside him, holding his hand; and a beautiful, though
pale, lady sat on the edge of his bed, to whom the doctor said, in a
consoling tone of voice, "Madam, he is now out of danger. The fever
has abated, and there only remains a debility and weakness quite
natural after so severe an illness. Great care, however, is still
necessary, with strict attention to all I have prescribed; for his
nervous system is much shaken, and any relapse might be serious."
Observing that the patient was awake, he said to him, "Dear
Balduin, how do you find yourself?"
Not having heard the changed name, Christlieb replied cordially,
"Thank you, I am very well."
At these words the countenance of the lady brightened up. "Do
you know me again, my dear son?" she hastily asked Christlieb,
bending over him, and looking at him with the greatest tenderness.
Christlieb gazed steadily at the unknown lady, and then shook
his head as much as to say, No; which threw the lady into a state of
great distress.
"Do not mind this," said the doctor; "it will be all right by and
by. In nervous fevers, the memory, generally speaking, suffers
most."
The lady was again comforted, and paid the greatest attention
to the various orders which the doctor gave her, previous to his
leaving, regarding the future treatment of the invalid. Meanwhile
Christlieb took a survey of the apartment, which was like a palace
compared to his former domicile. The walls were richly papered. The
curtains of the windows were of silk; and the floor was covered with
thick and elegant carpet. The furniture, tables, chairs, bed, and
other articles, were of a brown, shining wood,--the tea-cups of
painted china,--the spoons of pure silver. A beautiful embroidered
bell-rope, with a handsome gilt handle, hung close to his bed;--the
latter being somewhat softer and more elastic than his straw pallet
in the tower. When he turned his look upon himself, he perceived
that his night-dress was of the finest materials, his linen of the most
expensive kind. Of his former dress, not a remnant was to be seen,
while a splendid dressing-gown hung on the wall, and a pair of
handsome worked slippers stood near his bed,--all evidently
intended for him. Most gladly would he have asked where he was
but his courage failed him.
After the lady had returned from taking leave of the doctor, she
again sat down near the bed of the invalid, and began to knit,
regarding him, every now and then, with an expression of the
greatest affection. Christlieb felt much embarrassed. He wished
exceedingly for a glass of water, yet did not like to ask the grand-
looking lady for it. At length the latter, of her own accord, asked him
if he would not like something to drink.
With profound respect, he answered, "If you will have the
goodness, madam."
The lady immediately brought him a most refreshing drink,
which Christlieb drank up, without leaving a single drop.
"I thank you very much," said he gratefully, which brought tears
into the beautiful eyes of the lady. Afterwards she gave him a
spoonful of medicine, which he patiently swallowed, though it was
not much to his taste. He was far better pleased with the delicious
apples, which, nicely roasted, and sprinkled with sugar, and along
with a small biscuit, he was given at ten o'clock for his breakfast.
With great delight the lady saw him eat them, and never left the
room until he had fallen into a gentle sleep, from which he did not
awake until after noon. His watchful attendant was again there, and
brought him a strengthening soup, placed him right in his bed,
pushing pillows behind his back to keep him from falling, and from
getting cold. When the lady saw her charge, with a steady hand,
hold and use the spoon, and able to take the nourishing food, she
exclaimed, in joyful accents, "Oh! how much your father will be
delighted when he returns and finds you so well!"
"My father! my father!" said Christlieb, in evident confusion, and
rubbing his forehead. In a moment the remembrance of the lost
drums flashed on his memory, and he cried out, "Ah me! unfortunate
one that I am; what will my master say about the drums?" Saying
these words, as if in great distress, he let the spoon fall out of his
hand.
The lady trembled with fear, dreading, from his confused words,
that her patient was going to have a relapse. She was scarcely able
to stammer out, "My dear Balduin, compose yourself. Throw all your
cares and fears away. No one will be permitted to reproach you.
Everything is already arranged."
But poor Christlieb could not be so easily comforted; and on this
account, the sleep which he fell into towards evening was so light,
that he heard all that passed between the doctor and his supposed
mother.
"Ah!" she sighed, "my heart is torn between hope and fear, joy
and sorrow! Since his illness, Balduin seems quite changed. He is no
longer imperious, obstinate, disobedient, and discontented. He takes
his medicine without one word of complaint; and for every morsel of
bread, or draught of water, expresses thanks. Then, again, it makes
me wretched when I think that, perhaps, his mind is affected, and
that a settled form of insanity, or---- I cannot give utterance to such
horrid fears. Yet the same idea which has possession of him when
delirious from fever, seems to follow him when he is awake and
tranquil."
Christlieb did not hear what answer the doctor made, as his
sleep became deeper.
Next morning he had tea and cakes to breakfast; and he was so
hungry, that he felt as if he could eat he knew not how many rolls. A
servant helped him to put on the fine dressing-gown and slippers;
and he was supported by her to the large easy chair, in which he
rested, and enjoyed the mild rays of the sun, which likewise tempted
the little birds to chirp and sing. Beside him stood his supposed
mother, who said to him, as the servant was arranging his bed, "Do
you not then love me, Balduin?"
"Oh! very much," replied Christlieb, blushing. "You are so kind
to me, and I know not why I am thus treated."
"Do not speak to me in this way," said the lady; "but as you
used to do. You are still my son, and my only joy."
"Ah! me," replied Christlieb humbly. "I am only a poor lad, and
not worthy to be called your son."
"Speak not thus, my son," answered the lady. "It is true that by
your former conduct you have caused both your father and myself
much sorrow. When you left us, taking with you a considerable sum
of money to riot with evil companions, then, it is true, we despaired
of you. Still our affection made us hope that you might yet return to
the right path; therefore your father, accompanied by your kind
master, set off in search of you to bring you back if they found you.
How will he be surprised when he finds his lost and erring son here,
a changed and amended person! You are still our son, and now
worthy of the name. Affliction, and the nearness of a fearful death
have changed you, and given you back to yourself a new being.
From the poverty of your dress, and from what escaped you when
delirious, we have learnt how miserable you were when the money
was all spent, and when your false friends forsook you. Now you will
be able to appreciate the difference between your father's house,
and wandering about with strangers. Twice have you been taken
from us in a fearful way. Twice have you been miraculously restored
to us."
Christlieb supposed that he must be again under the influence
of the fever, and again delirious, when he heard these
incomprehensible words of the lady. He looked strangely at her, and
she seemed to regret what she had said, for she immediately
changed the subject, asking Christlieb, with the greatest solicitude, if
there was anything he would like to have, or any person he would
like to see.
Christlieb was at no loss as to what he wished for, and the
persons he most earnestly desired to behold; but this, perhaps,
would be impossible, and was too much to expect. He fell into a
reverie, and said nothing.
"Speak to me," repeated the lady kindly.
"I should like to have a violin," at length stammered out her
patient.
"A violin!" said the lady in great amazement. "Very well, you
shall have one when you are a little stronger; but at present you
would hardly be able to hold it, or to draw the bow; besides, I fear
that its harsh tones might be injurious to your nerves. Therefore you
had better wait a short time before you get it."
 The lady now assisted him back to his bed; but in doing so, he
made a gesture as if in great pain.
"Is there anything the matter with you?" asked his affectionate
nurse anxiously.
"I feel a pain in my side," replied Christlieb.
"Ah! I must have touched the part which was wounded by the
fisherman when he drew you out of the water with his hook," said
the lady.
Several days passed away, and with them Christlieb regained
strength and health, to the delight of his affectionate nurse, who
requested that he would call her mother as formerly. Christlieb
promised to do so, but often forgot his part. As the lady most
carefully abstained from all reference to past events, she had now
no longer any misgivings about her patient's state of mind; but, in
order to see whether he still remembered his lately expressed wish,
she surprised him one day by the gift of a beautiful violin.
Christlieb's eyes sparkled at the sight of it, and the lady could
not refrain from smiling when she saw the supposed Balduin take it
in his hand. She, however, looked rather more serious when she
perceived how well he seemed to know how to tune the instrument,
how master-like he used the bow, and touched the strings. Her
surprise increased every moment; and when he had played softly
and with wonderful execution the thema of Rhode's variations, it had
reached its zenith. When he had played one or two of the variations,
his fingers and his bow becoming animated and full of fire, the
amazed lady exclaimed, almost out of her senses, "Stop! you are not
my Balduin; and yet you are my son! Had I not twins, and were they
not both stolen, while only one was miraculously restored to me?
You are my Reinhold, my gentler, dearer child!" She threw her arms
around Christlieb, while the violin fell sounding from his hands on
the floor.

CHAPTER XI.
THE MISTAKE.

In the public-house of a small town, situated at the foot of a hill,

there sat four young men one sunny morning round a table, on
which were placed wine bottles, rolls of wheaten bread, and Swiss
cheese. They talked loudly and merrily, every few minutes emptying
their glasses, which were plentifully supplied with golden wine. Their
jests and laughter showed that they had rather swallowed too much
of the exciting liquid. Except the person who waited on them, there
was no one else in the room. The two principal speakers soon
observed that their fourth companion sat leaning his head on his
hand, and was lost in thought. One of them immediately bawled out,
"Is the pet of his mother dying with home-sickness, that he sits
there so miserable and whining?"
The youth who was thus addressed changed his posture, looked
up and said, with a forced smile, "I am not troubled with home-
sickness; but my purse is, in which there are now only four dollars.
When these are finished, you will be good enough to open your
treasures."
This speech made an unpleasant impression on the half-
stupified wine-bibbers. Their faces became at once grave, and, in a
most sober voice, one of them said, "Why did you not tell us this
before? Had we known that the money of which you bragged so
much was such a paltry sum, we would have thought twice about it
before we became the companions of your expedition, and brought
ourselves into disgrace with our guardians and tutors."
"Who incited me more to act as I have done than yourself,
Nicholas?" asked the other in an angry voice. "It was you who
advised me to borrow the money in the name of my father, and told
us how to obtain false passports for our journey."
"Do not scold," drawled out a third; "but rather fight at once.
When the money is done, then the comedy is ended! But you,
Balduin, you must bear the blame. Crawl back to your parents, give
them a few good words, and be our scape-goat; then the affair is
finished, which, after all, is only a caprice of genius."
"Let us drink to our scape-goat Balduin," they all laughingly
cried, raising at the same time their glasses to their lips. Balduin, to
escape their mirth and scornful jests, thrust his head out of the
window, while the others took good care that not one morsel of the
breakfast should be left.
At this moment an aged man and a young girl entered the room
in the dress of peasants. After a polite greeting, which was, however,
only returned by the person who waited, the two travellers seated
themselves on a bench near the door, and laid down their bundles.
"Bring us some bread and cheese," said the old man to the
waiter, who immediately supplied him with what he asked. "There,
Malchen, take and eat something; you will be much the better of it
after our long journey this morning." Before the maiden complied
with this request, she broke a small piece of the bread into crumbs,
and then put her hand into a little bag, from which she drew forth a
starling, who, delighted to escape from its prison, hopped about,
and picked up the bread from the table. The young peasant, stroking
the bird with her hands, said, "To-day you will see your old master.
How pleased he will be to see you again!"
"And, it is to be hoped, still better pleased to see us," said the
old man, "when he hears that we have come to live near him. I am
not anxious about you, for you have learnt to work and to be useful;
besides, town people generally prefer a servant-girl from the
country. As to myself, I am sure God will not let me want; and when
I have Christlieb again near me, I will fast gladly."
The young gentleman named Balduin now drew in his head
from the window, and sat down at the table beside the others. He
was seated with his back to the two strangers, yet in a moment they
both recognised him, and almost screamed for joy. Our friend
Kummas motioned with his hand to his companion to be quiet; and
wishing to give, as he thought, his dear Christlieb a pleasant
surprise, he advanced on tiptoe towards the table, giving the others
a hint to say nothing, and suddenly placed his hard hands over the
eyes of the sullen Balduin, saying in a feigned voice, "Who am I?"
"No nonsense!" cried Balduin, seeking to free his face from its
unwelcome covering. But Kummas held his hands firm as a vice,
repeating in tones trembling with pleasure, "Who is it?" The
supposed Christlieb, in a passion, tore away the hands of the old
man from his face, and sprang from his seat. "What do you mean by
this impertinence?" asked Balduin enraged, while Kummas took hold
of him and said, "It is your foster-father, dear Christlieb; and here is
Malchen,"----
 "And your starling, too!" continued the young girl, weeping with
joy.
The three young idlers at this broke out into a loud scornful
laugh.
"Brother dear, we congratulate you on your new relations, not
forgetting the starling. Ha! ha! ha!"
Balduin drove the old man from him with violence, and paid no
heed to Malchen. "You vagabonds," he cried, "you will pay dearly for
your insolent jest!"
Kummas stood petrified; he raised his arms, and then let them
fall down powerless. At length he found strength to say, "Christlieb!
are we really so much changed that you do not know us? I am
Kummas, this is Malchen, whose grandfather is dead, and we are
going to the town in which you live."
"Now I hope you understand!" again shouted Balduin's rude
companions. "Such a father is not found every day on the street,
neither such a smart young peasant girl."
Balduin trembled with passion. "You must have escaped from
Bedlam!" he cried; "away with you! You will get nothing from me!"
The old man could scarcely believe his ears. "No, it is
impossible," he said to himself, "that within the short space of one
year an angel could be thus changed into a demon. Christlieb!" he
continued, "dissemble no longer; you are breaking my heart with
your jokes. I have not deserved this treatment; but I need not speak
of what I have done for you, as you have always gratefully
acknowledged it."
Instead of answering, Balduin paid the reckoning, and left the
inn with his noisy companions, leaving Kummas and Malchen behind,
who both stood as if rooted to the spot.
A long pause ensued. "Is he really gone?" asked Kummas,
scarcely able to speak.
"Quite gone!" Malchen was only able to answer by a sorrowful
shake of the head.
"He has denied us, Malchen!" said the old man. "He is in
prosperity, as you may see by his dress and well-filled purse. He has
been ashamed of us before the other scholars. Alas! alas! I was not
ashamed, for his sake, to become like an old nurse." Kummas laid
down his head and wept bitterly. "See," he continued after a time,
"how soon our soap bubbles have burst! Now we may return the
way we came to our old home in the village. You will be able to get
something to do; perhaps to herd the cows or the geese; and I----
will find a grave. The ingratitude of my child will be my winding-
sheet! What could I now do with a violin? Never again shall I handle
the bow, and I will burn the instrument as I did the violincello in
which---- Christlieb was cradled." He again laid his grey head on the
table, which became wet with his burning tears.
Malchen sprang up in haste. "Father! father!" she cried, "look at
the starling." The poor bird lay with its breast bruised flat, close to
the table where the young men had been drinking. His supposed
master had accidentally put his foot on it when he had jumped up in
rage at the old man.
"Father!" said Malchen, weeping, and holding the poor little
thing by its legs, "the starling is dead!"
Kummas looked up. "It has been treated like me," he said with
indifference. "The starling is only a senseless bird; but me has my
child killed. Oh! that I, too, were dead!"
 CHAPTER XII.
THE UNEXPECTED DISCOVERY.

Some time elapsed before Kummas found himself able to resume his
journey. The bread and cheese remained untouched, which,
however, Malchen put into her basket; and the starling, yet warm,
she again placed in her bag. They went a long way without
speaking; at length Kummas broke the silence--"I now believe," said
he, "that it was Christlieb who destroyed your grandfather's nets!
Who could have thought him such a liar, unless to-day we had had
the most convincing proof of it! So it would appear there is no
knowing people; not even if we do eat a bushel of salt with them!
Who is to be trusted?"
"Trust me," said Malchen confidently.
"You!" replied Kummas, smiling in bitterness of feeling. "Why, I
would have built houses on Christlieb,"----
"And on me too, father, and bridges into the bargain," continued
Malchen. "You must not take it amiss if I say that perhaps you have
been too hasty in turning back. The wine may have affected
Christlieb; and if he had been alone he might have spoken
differently."
"'Drunken words, true words,' says the proverb," answered
Kummas; "and had I been a king, and Christlieb only a cowherd,
would I have been ashamed of him? His comrades, the young
players, are no better than we are! Am I not a musician as well as
they? If Christlieb is already so proud, what will he be when he
becomes a Paganini? It would have been my greatest joy if I could
have taken my place behind him and said,--See, I took this Paganini
out of a manger, and brought him up in a violincello!"
"He will come to his senses again," whispered Malchen, "when
he has had his own way for a time."
"No, no; he must be a demon to have acted as he has done,"
replied the much injured Kummas.
"Don't speak in this wicked way, father!" rejoined the young girl;
"have you no longer a spark of love for your Christlieb?"
The old man stood still, strove with his feelings for a few
minutes, and then said more mildly, "God forgive me! I am too
severe; and yet I mean it not in earnest. Yes, Malchen, I would
joyfully give up my life, if by so doing I could make Christlieb what
he was, although he has broken my heart."
They soon came to the town where they had rested the
previous night, and which was now all bustle and confusion,--it
being the day of the yearly fair. With difficulty the wanderers pressed
through the moving crowd. As they turned the corner of a street
close to the market-place, they met a man and his wife, the former
blind, and playing on a pipe; the latter, whose countenance was the
colour of copper and much swollen, was playing on a barrel organ,
accompanying it with her screeching voice.
Kummas started at the sight of them. "Look!" he said to
Malchen, "that miserable pair might have been sitting comfortably in
a warm house had they acted properly. The blind man was the
landlord of a small inn in the village of Toumern, where I often used
to play. His wife drank up everything, and brought herself and her
husband to begging. They are called Hicup."
 While Malchen was looking at the man and woman a scene
occurred, not at all unusual in such places and at such times. A
rather aged woman, carrying on her bent back a small raree-show,
pushed her way into the midst of the throng, where the two
wretched musicians had taken up their quarters; and here, by the
assistance of a companion who was along with her, the show was
lifted from her back, and arranged for the benefit of the idle and
curious passers by. This attracted the notice of dame Hicup, who,
seeing her domain invaded, began most furiously to abuse the
woman, when a serious quarrel took place. In the progress of the
squabble our former hostess of the nether inn was somehow or the
other enlightened in a way about her rival, which quite changed the
character of her abusive epithets. In order to be the more able for
her work, dame Hicup left her tambourine on the top of the organ,
and advanced to the show-woman with arms a-kimbo. "So you have
given up the crockery and stoneware trade!" she shouted to her
antagonist in the fine arts. "Have you not another pair of brats to
give me? I can tell you where one of the two is which you left with
me fifteen years since. He is now a beer-fiddler, and may help you to
earn your bread. He can play while you exhibit your trumpery
pictures. Bless me! is that you, Kummas? I will now confess that I
put your Christlieb in the manger at the door of the inn, from which
you took him out and carried him home. If I had known that you
were so fond of children, I would have given you the other young
one too, his brother. They were as like as two drops of water. You
may thank this woman for your foundling, and ask her where she
got them. It was easy to be seen they were not her own, the thief
that she is! Oh, you child-stealer!" she shouted to the woman with
the show, who turned pale, and quickly disappeared, leaving the
field to her victorious enemy. Seeing this, dame Hicup redoubled her
abuse and her scolding; and her shouting soon collected a mob,
from the midst of which Kummas and Malchen could scarcely make
their way out, as they thought they had heard enough to enable
them to regulate their future movements.
When Kummas had recovered from the surprise which the
conversation of the woman had caused, he turned to Malchen and
said, "Did you hear, Malchen, that Christlieb had a brother who was
his very counterpart? Might the gay-looking youngster we saw this
morning not have been he, while the real Christlieb is still in the
tower? My Christlieb had no mole on his left temple, and I think that
jackanapes had."
"Now," replied Malchen, "there can be no doubt as to the
person who let the birds of my grandfather escape, and destroyed
the nets."
"Come, then, let us retrace our steps," said Kummas, in a more
cheerful voice. "It is fortunate we were no further away. I would not
have missed the hearing of this quarrel for all the treasures in the
world." In spite of weariness, Kummas stepped briskly on, while
Malchen skipped merrily after him. Even the dead starling was for
the moment forgotten.
The quarrel of the two women had not been without important
results. The magistrates had thought it incumbent on them to
interfere, and both vagrants were taken to prison. In the course of
evidence the truth was not, however, altogether brought out, as the
old woman stoutly maintained the children to be those of her
daughter, who had been long dead; but confessed that she had left
them in the house of dame Hicup. The further examination of the
prisoners was therefore deferred until various inquiries had been
instituted, and notices of the case put into all the public papers.
Meanwhile Christlieb lay ill in the house of the director of the police
at the capital, whose owner, in company with his son's tutor, Mr.
Werter, was searching for the runaway Balduin. Kummas, followed
by Malchen, was making the best of his way towards the small town
in which dwelt the leader of the town-band, where Christlieb was
expected to be found.

CHAPTER XIII.
THE BAD RECEPTION.

Balduin and his companions had reached the same town. This
happened the very day after Christlieb had been taken to the capital,
towards which he had been driven by the memorable event of the
breaking up of the ice. The river was still here and there covered
with huge pieces of ice, while it had far overflowed its banks. The
young adventurers, with many others, stood on the edge of the
stream looking at its singular appearance.
"There must be a beautiful view from the tower up there,"
thought Balduin, as he pointed to poor Christlieb's late abode. "Who
will come with me up the long staircase, and see what is to be
seen?"
"As we have nothing better to do, we may as well all
accompany you," said one of his companions; and they quickly
walked in the direction of the cathedral. They passed a baker's shop
on their way, which another of them perceiving, exclaimed, "I am
sure the view will be seen to much more advantage if we are
provided with some cakes or biscuits. Give me the rest of your
money, Balduin; and if you will go up and find the best place for us
to have a view from, we will follow directly with something nice to
eat, and a small bottle of cordial." He gave the other two youths a
most significant wink, which they were at no loss to comprehend.
Balduin completely emptied his now scanty purse, gave all he had to
his faithless friends, and began to ascend the steps of the tower.
"Now, my good fellows, it is high time for us to beat a retreat!"
shouted the false friend to whom Balduin had given the money. "We
must go back to our tutors and make them believe that we have
repented of our doings, and left our leader Balduin, in order not to
be corrupted by his wicked society. As I said to-day already, Balduin
shall be our scape-goat; we have had a merry life this last fortnight
at his expense."
The others agreed; purchased some cakes to eat on the road,
and at once began their homeward journey.
Almost breathless, Balduin reached the top of the steps, and
rung the bell at the shut door of the stadt-musikus, which was
opened to him by the servant girl. "Bless me!" she exclaimed in
joyful surprise, "is that you, Master Christlieb? Where have you come
from? And where have you got the fine clothes? I scarce would have
known you, you are so changed. What will the master and mistress
say, who have been in such a way about their kettledrums? We were
afraid that, last night, you had been on the ice when it broke up so
suddenly, and that you were drowned."
 Balduin looked very stupid at this unexpected harangue. "I am
surely bewitched!" he muttered to himself. He turned round to
descend the steps, not in the best humour, when he was prevented
by the appearance of Mr. Dilling, Mrs. Dilling, and all the scholars,
who had heard the exclamation of the servant, and came out to see
Christlieb, and to hear what happened to him.
"Where have you the kettledrums?" asked the town musician in
a voice of thunder, looking very suspiciously at Balduin's fine dress.
"Sold, pawned, made away with, I have no doubt!" seizing as he
said this, the petrified Balduin by the neck.
"Where are the drums?" screamed the angry lady, shaking her
clenched hand in his face.
"Where are the drums?" echoed the malicious boys, delighted at
the embarrassment and distress of their companion.
"The drums!" stammered out Balduin, his lips quivering with
passion.--"What do I----?"
"Yes, the drums! the drums!" bellowed out Mr. Dilling,
accompanying his words with blows and pinches of the ear. "I will
have my drums, which cost thirty-six dollars, and twenty groschens.
I say, where are they? Where have you got these fine clothes? Are
not my drums pawned for them?"
"Let the boy speak, Mr. Dilling," said Rupel, gently.--"He may be
quite innocent. In consequence of the breaking up of the ice, he
perhaps was prevented crossing the river last night, and had to walk
all the way to the capital to cross the bridge; then to come here; and
how could he carry the heavy drums all that long way? Most likely he
has left them at the inn where the concert was."
 "But where has he got the fine clothes?" said Mr. Dilling in a less
angry tone.
"That I know not," answered Rupel; "Christlieb himself will be
able to explain it all, I am sure; only let him speak."
"Where are my drums?" asked now Mr. Dilling in a composed
voice.--"Speak, and tell me where you got these fine clothes!"
"These clothes are my own property," replied Balduin haughtily;
"and as for your drums, I know nothing about them."
Scarcely were these words uttered, when the stadt-musikus,
more enraged than ever, flew at the unfortunate speaker, and began
to beat him without mercy. In vain poor Balduin attempted to speak,
in vain he tried to defend himself. Even Rupel's remonstrances were
not listened to in the midst of the uproar.
Such treatment had the over-indulged Balduin never before
received. He was stunned, stupified, and, for the first time in his life,
afraid. Whenever he opened his lips to offer some explanation, he
was stopped by Mr. Dilling thundering out, "Silence, sir!" and raising
his hand to give him another blow. Balduin anxiously awaited the
arrival of his three companions, in the hope that they would
extricate him from his unpleasant situation; but poor Balduin waited
in vain. He seated himself in a corner of the room, weeping bitterly
from pain and anger, while the enraged master gave vent to the
remainder of his wrath in scolding words.--"I would have the rascal
arrested," he continued, after a volley of abusive epithets; "did I not
need him to-day; indeed I cannot do without him at the concert
which is to take place in the town, and at which he is to play the
oboe. Come along, we have no time to lose; evening will soon be
here, and as yet we have no rehearsal; all on account of that
worthless fellow. Make haste!"
The music-stands were immediately set up, the instruments in
the hands of the pupils, and the miserable Balduin shown where he
was to take his place. When the oboe was thrust into his hand by
one of the boys, he exclaimed, "But, indeed, I cannot----"
"Is he again daring to speak?" cried Mr. Dilling, taking hold of a
stick, and threatening to strike him.--"You are there, sir, to blow, and
not to reason."
In despair, Balduin took the instrument, and, after a few
unsuccessful attempts, raised the mouthpiece of the oboe to his lips,
and placed himself before the music-stand. The overture began, and
Balduin blew as if his cheeks would crack; when suddenly an evil
spirit seemed to have taken possession of the town musician. Purple
with rage, he sprung from his place and struck the unfortunate
player a dreadful blow on the head, saying, "What wretched playing
is that?--do you mean to make a fool of me?"
A stream of blood from Balduin's mouth was the only answer;
and the concert speedily came to an end; for Balduin fell senseless
into the arms of Rupel, who came to his aid. From the violence of
the blow the under end of the oboe had struck against the music-
stand, while the sharp point had pierced Balduin's throat.
"That is all pretence," stammered the now pale-faced master.--
"Wife, give the lad something to gargle his throat with. There is very
little the matter with him."
Balduin, however, soon showed that something serious was the
matter. He gasped for breath as if in agony, and fresh streams of
blood gushed from his mouth. His companions now all looked very
grave, and there was an end of their jests. Rupel assisted the
unhappy youth to his bed, and then went away without saying
where he was going. When Mr. Dilling (who was rather alarmed at
what had happened) missed him, he cried out, "Where has Rupel
gone to?--Does he mean to make a noise about the matter? Is he no
better than an idle chatterbox? I tell you what it is," turning to the
others, "if any of you dare to say one word of this in the town, I will
knock your heads off. I am tormented enough to-day by the loss of
an oboist. The good-for-nothing scoundrel;--he is the cause of the
whole disturbance."
The door-bell now rang. "Who is there?" asked Dilling, half out
of his wits, as he pushed aside the servant and went to open the
door himself. "What do you want?" he asked, in no gentle voice, the
two strangers who presented themselves. "My tower is no dove-cot,
and there is nothing to be had here."
"We do not want anything, sir," answered the honest Kummas;
"we only come to visit my Christlieb Fundus, the little Paganini."
"Your Christlieb?" asked Dilling in a shaking voice. "And who are
you, may I ask?"
"Christlieb is my foster-son; and, with your permission, I am the
musician Kummas, from Gelenau. This is Malchen, the child of an old
neighbour of mine who is dead; she sings like a lark. We have come
a long way to see our Christlieb; so have the kindness to tell us
where he is."
During this speech the unhappy Mr. Dilling stood as if on red-hot
coals. Collecting all his strength he then muttered, "Truly, you sent
me a fine specimen of a youth! The rascal has run away, pawned, or
sold my kettledrums, to buy himself gay clothes. But I will bring him
to the house of correction for this."
Kummas was as if struck by a second thunderbolt. He reeled
backwards, and would have fallen, had not Malchen supported him.
"Can this be true?" he said in a low voice to himself.--"Heaven have
pity on me! is he really lost?--lost beyond hope!" His head sank on
Malchen's shoulder, and he stood mute as a statue.
Warring with his feelings, Mr. Dilling looked at the old man and
his companion. He hemmed and coughed, but could not utter a
word. At length Kummas said, in a voice of sadness, "And where is
my former Christlieb, who now, it seems, neither regards God nor
me?"
"How do I know?" replied the embarrassed town musician.--"I
tell you he has ran away."
"Come, then, Malchen," said the old broken-hearted man; "I
have now nothing to seek but a grave. There, in its stillness, I will
rest my weary head; for I am desolate." With these words Kummas
turned to go away, and Malchen, weeping, led him carefully and
slowly down the steps from the tower. Dilling looked long after them
irresolute; but the fear of blame shut his mouth, and he went back
into the house, where, in his room, his wife and servant were busy
washing away the marks of the blood. Half-way down the steps,
Kummas paused to take breath near an open window. "Let me rest
here a few minutes, Malchen; the fresh air may revive me." Both
stood in silence; but without eyes for the beauty of the scene around
them. After a short time they heard the voices and footsteps of
persons ascending the staircase.
 "I pray you, doctor, do all in your power for the youth," said one
of the persons.--"He is the best player of us all."
"Which of them is it?" asked the other.
"It is Christlieb Fundus," replied the first speaker; "the best
player on the violin. Show the master that there is some cause for
alarm, so that he may not treat the matter as a trifle. I tell you, a
stab from a dagger could not be worse than one from the sharp
point of an oboe."
At the name of Christlieb, Kummas had become attentive to
what was said. A ray of hope gleamed upon him, and he raised his
head, awaiting, most anxiously, the appearance of the speakers,
who, in a moment or two afterwards, reached the place where he
was standing. He addressed them in a voice struggling with emotion.
"Kind sirs," he began, "for the love of heaven, tell me where my son
Christlieb Fundus is, and what is the matter with him? Has he really
run away? or is he sick?"
A glance at the old man was sufficient to determine Rupel to
speak the truth.
"If Christlieb is your child, then I will not disguise from you that
he has received an injury, and is lying very ill in his bed. Your arrival,
though not at the happiest time, is nevertheless fortunate."
"One word more," said Kummas, as Rupel and the doctor were
hurrying past;--"is my son really so wicked as the master affirms?"
"The Master!" repeated Rupel, surprised, for he supposed that
the two travellers were only on their way up.--"Your son has been
always good and well-behaved, and in a single day he could not
become the very reverse."
 Kummas became less sad; as he would far rather his child were
sick in body, than perverse in mind. Malchen and he soon reached
again the top of the stairs, and were not long in seeing their
favourite, whom they found already under the hands of the doctor,
and in a most dangerous state. At this moment, neither of them
thought of the mole on the left temple, nor of the fine clothes which
were strewn about the room. Kummas and Malchen attended to all
the wants of poor Balduin, who, unable to speak, could neither
thank them nor unravel the mystery. He now passed through a
severe school, which, however, became the means of his radical
cure. For three long days he was unable to swallow anything, in
consequence of his swollen throat. Afterwards, his medicine and a
little tea had to be taken in drops. He was helpless as a child, and
had it not been for his youthful strength, the care of the doctor, and
the unremitting watchfulness of the old man and Malchen, he could
not have recovered. He no longer refused their assistance, but gladly
took from the hand of Malchen any cooling draught she offered.
Their constant presence lessened the tediousness of the slow
creeping hours. How could he have remained insensible to so much
love,--to the self-denial exercised for his sake by two persons wholly
unconnected with him! When Balduin's sleepless eye, sometimes,
during the night, fell on the old man, who, overcome by sleep, was
resting on his hard bed of straw, with a thin cover over him,--when
he heard the loud regular stroke of the pendulum above his head,
sounding as it seemed a death-knell, and saw by the glimmering
light of the feeble lamp the black walls of the tower,--then came the
elegant dwelling of his father, with all its luxuries, before the eye of
his mind. He thought of his gentle mother, who had only been too
indulgent to him, and whose heart, as well as that of his affectionate
father, he had made sad by his ingratitude. He remembered the
treachery and desertion of his three companions; and, overcome by
a deep sense of his former thoughtlessness and guilt, he resolved
from henceforth, to endeavour to be quite a different character.
Remorse had touched his heart, his eyes were opened, and he
prayed to God for forgiveness,--to that God who had long, by gentle
and gracious means, sought to lead him into paths of virtue, but
who now had seen it needful to teach him by affliction and adversity.
Balduin, subdued and humbled, now enjoyed the peace which is
above all price; and his bodily health amended with that of his mind.
 CHAPTER XIV.
THE REUNION.

We often seek at a distance what is to be found quite at hand; and

so it happened with Balduin's father, the director of police, Mr. von
Winsing, who was searching for his runaway son in remote districts,
while the youth was only some miles distant from the capital. A
newspaper, which accidentally fell into his hands, made him hastily
change his route. This was the notice (already mentioned as being
inserted in the public papers) of the detention in prison of the two
vagrants, dame Hicup and the woman with the show-box, with an
account of the circumstances connected with their seizure. Only a
matter of deep interest could have induced the sorrowful father to
give up for a time the search of his son, as it was possible he might
from what he had read obtain possession of the other child so long
lost to him. When he arrived at the small town of Brixen, where the
two women were imprisoned, he immediately went to the magistrate
and made the following deposition:--
"My dear wife, in the second year of our marriage, presented
me with two boys, fine healthy twins, and as like each other as two
drops of water. Except by a very small mole on the left cheek of our
youngest born, it was almost impossible to distinguish the one from
the other. To our great joy they grew in health and strength until
they were nine months old, when they were stolen from us in a
manner as bold as it was shameless. The grown-up son of the nurse
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

ebookultra.com