Course: Network device configuration

Network Devices
Network devices are components used to connect computers or other electronic devices
together so that they can share files or resources.
Hub
A hub is basically a multiport repeater. A hub connects multiple wires coming from different branches, for
example, the connector in star topology which connects different stations. Hubs cannot filter data, so data
packets are sent to all connected devices. In other words, collision domain of all hosts connected through Hub
remains one. Also, they do not have intelligence to find out best path for data packets which leads to
inefficiencies and wastage.

Hubs can be active or passive.

Active hubs electrically amplify the signal as moves from one connected device to another.
Passive hubs allow the signal to pass from one computer to another without any change.
Switch
A switch is a multi-port bridge with a buffer and a design that can boost its efficiency (large
number of ports imply less traffic) and performance. Switch is data link layer device. Switch
can perform error checking before forwarding data that makes it very efficient as it does not
forward packets that have errors and forward good packets selectively to correct port only. In
other words, switch divides collision domain of hosts, but broadcast domain remains same.
A switch is essentially a fast bridge having additional sophistication that allows faster processing of frames.
Some of important functionalities are:
• Ports are provided with buffer
• Switch maintains a directory: #address - port#
• Each frame is forwarded after examining the #address and forwarded to the proper port#
Three possible forwarding approaches: Cut-through, Collision-free and Fullybuffered as briefly explained
below.
Cut-through: A switch forwards a frame immediately after receiving the destination address. As a
consequence, the switch forwards the frame without collision and error detection.
Collision-free: In this case, the switch forwards the frame after receiving 64 bytes, which allows detection of
collision. However, error detection is not possible because switch is yet to receive the entire frame.
1
Fully buffered: In this case, the switch forwards the frame only after receiving the entire frame. So, the switch
can detect both collision and error free frames are forwarded.
Repeater
A repeater operates at the physical layer.
Its job is to regenerate the signal over the same network before the signal becomes too weak or corrupted so
as to extend the length to which the signal can be transmitted over the same network. It passes the digital signal
bit-by-bit in both directions between the two segments.
The repeater does not isolate one segment from the other, if there is a collision on one segment, it is regenerated
on the other segment.
Important features of a repeater are as follows:
• A repeater connects different segments of a LAN
• A repeater forwards every frame it receives
• A repeater is a regenerator
• It can be used to create a single extended LAN
Bridge
A bridge operates at data link layer.
A bridge is a repeater, with add on functionality of filtering content by reading the MAC
addresses of source and destination. It is also used for interconnecting two LANs working on
the protocol. It has a single input and single output port, thus making it a 2 port device.
It links similar or dissimilar LANs, designed to store and forward frames, it is protocol independent and
transparent to the end stations.
Key features of a bridge are mentioned below:
 A bridge operates both in physical and data-link layer
 A bridge uses a table for filtering/routing
 A bridge does not change the physical (MAC) addresses in a frame
Routers
A router is a device like a switch that routes data packets based on their IP addresses.
Router is mainly a Network Layer device. Routers normally connect LANs and WANs together
and have a dynamically updating routing table based on which they make decisions on routing
the data packets. Router divide broadcast domains of hosts connected through it.
A router is used to route data packets between two networks.

2
It reads the information in each packet to tell where it is going. If it is destined for an immediate
network it has access to, it will strip the outer packet (IP packet for example), readdress the
packet to the proper Ethernet address, and transmit it on that network. If it is destined for
another network and must be sent to another router, it will re-package the outer packet to be
received by the next router and send it to the next router.
Routers do not send broadcast packets or corrupted packets. If the routing table does not indicate the proper
address of a packet, the packet is discarded.
There are two types of routers:
1. Static routers - Are configured manually and route data packets based on information in
a router table.
2. Dynamic routers - Use dynamic routing algorithms. There are two types of algorithms:
• Distance vector - Based on hop count, and periodically broadcasts the routing table
to other routers which takes more network bandwidth especially with more routers.
RIP uses distance vectoring. Does not work on WANs as well as it does on LANs?
• Link state - Routing tables are broadcast at startup and then only when they change.
The open shortest path first (OSPF) protocol uses the link state routing method to
configure routes or distance vector algorithm (DVA).
Gateway
A gateway is a network device that establishes an intelligent connection between a local
network and external networks with completely different structures i.e. it connects two
dissimilar networks. Gateways are also called protocol converters and can operate at any
network layer. A network gateway can be implemented completely in software, completely in
hardware, or as a combination of both.
Gateways will start at the lower level and strip information until it gets to the required level
and repackage the information and work its way back toward the hardware layer of the OSI
model (it can be start from network or session layer then up to the application layer)
What is network device configuration?
Network configuration is the act of initially configuring a network's operation, flow, and controls–basically,
keeping and organizing the data related to every component of your network.

3
 What is Network Configuration Management?
Network configuration management is the continual activity of controlling the installation of all network
devices' software and firmware and their configuration and maintenance. It includes finding devices, keeping track
of their setup and condition, and keeping track of their inventory.
The network configuration management database is at the heart of this procedure. The network manager will
search the database when something goes wrong and the network has to be fixed, modified, or updated so they
can decide on the best course of action. Every physical device's IP address, location, information about its software,
versions, upgrades, and default settings are all kept in the database.
A network configuration manager enables management to keep track of any changes made to device settings and how
those changes may affect the network's overall security.
Why is Network Configuration Important?
The proper network configuration can support and enhance network security, increase network stability, and
support the flow of data via a network. Additionally, using configuration tools and/or network configuration
management can offer a variety of advantages, such as:

 Automated data tracking and reporting make it possible for administrators to detect configuration
changes, potential threats, or other problems

 A quick method to implement large-scale changes, like changing all passwords at once if passwords
are hacked

 The ability to quickly restore network configuration to a previous state

 Reduced downtime as a result of improved visibility and the capacity to recognize changes immediately

 Streamlined upkeep and repair of network connections, hardware, and software

 The capacity to restart a device when it malfunctions thanks to unified configuration management

Network Configuration Manager (NCM) Functions

Functions of Network Configuration Manager (NCM) can also include the following, but are not
limited to them:

 Network Device Discovery

In network configuration management, the first step is to find your device and add it to the inventory.
It's crucial to maintain track of the hardware characteristics of your network's devices. An informative
inventory will help the network manager in doing regular audits in addition to increasing visibility into
the network equipment. The inventory provides a detailed view of the device data, including serial

4
 numbers, interface details, port configurations, and hardware details of the device, which are helpful
when preparing audit reports.

 Configuration Backup
A network operator must always be prepared for a network malfunction, and taking network backups
is the most essential step in becoming disaster-ready. A flawed modification or update can result in
issues like a network outage or security breach. Any such occurrences can be handled right away using
network configuration management (NCM) by replacing the flawed configuration with a reliable copy
from the backup.

 Configuration Change Management

It is advised that you maintain a list of your users to make it simpler to spot configuration changes. It
is essential to prevent any illegal alteration that can have a negative outcome in a network with multiple
operators. These simply lessen the likelihood that something will go wrong on the network, but they
do not completely guarantee that it won't. Configuration backups become useful in this situation. Using
Network Configuration Management (NCM), you can easily upload a reliable version of the
configuration, restore the device, and guarantee business continuity.

 Executing Complex Network Operations

Numerous network procedures that are carried out as part of NCM can occasionally be automated.
Applying the update to each device separately would be a laborious task, for example, if you needed to
change the password on all Cisco routers connected to a network. This is where configuration templates,
sometimes known as "Configlets," are useful. Using configlets, you can centrally carry out this action
across all of the devices. They also have the benefit of scheduling, which eliminates the need for the
user to be present while the operation is being carried out.

Benefits of Network Configuration Manager

The potential of network configuration management to lessen network and application downtime is one of its
main advantages.

 Auditing and Reviewing Configurations

you can't find all the information in the configuration files. They won't display any dynamic data, such as
ARP tables, interface error numbers, or CPU or memory utilization levels. However, they do provide you
with a very helpful initial snapshot. Additionally, the data is helpful for tasks like security audits. They
display the precise VPN settings, firewall rules, and IDS/IPS traffic inspection methods.

5
 Automatic Generation
we can make mass modifications using a configuration management tool, among other things. A very
helpful feature of configuration management software is this.

 Reduce Errors
the number of outages brought on by configuration errors can be greatly decreased using automated
network configuration management technologies. This is because human implementation or
documentation errors frequently cause these issues. Tools for configuration management track changes,
audit configurations, and streamline operations while automatically documenting all tool-related changes.

 Reports
reporting is the initial application. The configuration management tool can instantly display all the devices
that changed and precisely what the changes were if it compares today's backup to yesterday's backup.

 Roll Back Any Changes with Undesirable Results

Configuration management tools can roll back changes to earlier settings if an administrator makes a
change only to discover later that it led to a misconfiguration, saving time and resolving problems.

 Streamline Processes
Configuration management tools also make it possible to streamline procedures, which is another
advantage. You need tools that make it simple for you to plan backups and receive alerts when backups
fail as your network expands. You need a tool with features that lets you easily browse old and restore
backups.

What is VLAN in Computer Network?

A virtual local area network (VLAN) is a virtualized connection that connects multiple devices and network
nodes from different LANs into one logical network.
A VLAN is a switched network that is logically segmented by function, project team, or application, without
regard to the physical locations of the users.
VLANs have the same attributes as physical LANs, but you can group end stations even if they are not
physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast,
and multicast packets are forwarded and flooded only to end stations in the VLAN.

How to configure VLAN and inter VLAN in cisco switch

Example

6
 1. create the network topology
2. Create 2 VLANs on the switch: VLAN 10 and VLAN 20. You can give them custom names.
Switch#config terminal
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name IT

3. Assign switch ports to the VLANs. Remember each VLAN is viewed as separate broadcast domain.
And just before you configure, have in mind that switch ports could be either access or trunk.
 An access port is assigned to a single VLAN. These ports are configured for switch ports that
connect to devices with a normal network card, for example a PC in a network.
 A trunk port on the other hand is a port that can be connected to another switch or router. This
port can carry traffic of multiple VLANs.
So in our case, we’ll configure switch interfaces fa 0/1 through fa 0/4 as access ports to connect to our PCs.
Here, interfaces fa 0/1 and fa 0/2 are assigned to VLAN 10 while interfaces fa 0/3 and fa 0/4 are assigned
to VLAN 20.

Switch Interface fa0/5 will be configured as trunk port, as it will be used to carry traffic between the two
VLANs via the router.
Switch>enable
Switch#config terminal
Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10

Switch(config-if)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10

Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
7
 Switch(config-if)#int fa0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Worth noting: We could have configured all the above interfaces as access ports using interface range command as
shown below:
Switch(config-if)#int range fa0/1-4
Switch(config-if-range)#switchport mode access
In the above commands, we have specified an interface range and then proceeded to configure all the ports
specified as access ports.
Interface fa0/5 is configured as trunk and will be used to for inter-VLAN communication.

Switch(config)#int fa 0/5

Switch(config-if)#switchport mode trunk

The next thing is to:

4. Assign static IP addresses to the four PCs which are located in the separate VLANs. PC1 and PC2 fall
in VLAN 10 while PC3 and PC4 fall in VLAN 20.

PC1 IP address 192.168.1.10 Subnet mask 255.255.255.0 Default gateway 192.168.1.1

PC2: IP address 192.168.1.20 Subnet mask 255.255.255.0 Default gateway 192.168.1.1

PC3: IP address 192.168.2.10 Subnet mask 255.255.255.0 Default gateway 192.168.2.1

PC4: IP address 192.168.2.20 Subnet mask 255.255.255.0 Default gateway 192.168.2.1

And now it’s very clear that we treat a VLAN just like a physical LAN when assigning IP addresses.
At this point let’s try to test connectivity within VLANs and between VLANs
To test communication between hosts in the same VLAN:
Ping PC2 from PC1 both in VLAN 10. Ping test should be successful.
To test connectivity between hosts in different VLANs:
Ping PC3 in VLAN 20 from PC1 in VLAN 10. Ping here will definitely fail. Why? Because inter-VLAN
routing is not yet enabled.
Inter VLAN configuration
Inter VLAN configuration is used to create a communication between two or more VLAN
How to configure inter VLAN network
Example
Configure the switch by using the following commands

8
Switch>enable
Switch#config terminal
Switch(config)#vlan 10
Switch(config-vlan)#name IT
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name CS
Switch(config-vlan)#exit
Switch(config)#interface fa0/2
Switch(config-if)#switchport access vlan 10
Switch(config)#interface fa0/3
Switch(config-if)#switchport access vlan 20
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Configure the router by using the following commands
Router>enable
Router#config terminal
Router(config)#int fa0/0.1
Router(config-subif)#enacapsulation dot1q 10
Router(config-subif)#ip address 10.0.0.1 255.0.0.0
Router(config)#int fa0/0.2
Router(config-subif)#enacapsulation dot1q 20
Router(config-subif)#ip address 20.0.0.1 255.0.0.0
Router(config-subif)#exit
Router(config)#exit
Router(config)#int fa0/0
Router(config-if)#no shutdown
Assign the PCs graphically the appropriate IP address, subnet mask and default gateway
How to configure Switch Port Security in Packet Tracer
Switch port Security is a network security feature that associates specific MAC addresses of devices (such
as PCs) with specific interfaces on a switch. This will enable you to restrict access to a given switch
interface so that only the authorized devices can use it. If an unauthorized device is connected to the same

9
port, you can define the action that the switch will take, such as discarding the traffic, sending an alert, or
shutting down the port.

The sticky keyword instructs the switch to dynamically learn the MAC address of the currently connected
host.
Access Control List (ACL)
ACLs are a network filter utilized by routers and some switches to regulate data flowing into and out of network
interfaces. When an ACL is configured on an interface, the network device analyzes passing data, compares it
to the criteria in the ACL, and either permits or prohibits the data flow.
Types of access list
1. Standard Access Control Lists – with standard access lists, you can filter traffic only on the source IP
address of a packet. These types of access lists are not as powerful as extended access lists, but they are
less processor-intensive for the router.
Example

Let’s say that server S1 holds some important documents that need to be available only to the company’s
management. We could configure an access list on R1 to enable network access to S1 for the users from the
management network only. All other traffic going to S1 will be blocked. This way, we can ensure only
authorized users can access sensitive files on S1.

2. Extended Access Control Lists – with extended access lists, you can be more precise in your network traffic
filtering. You can evaluate the source and destination IP addresses, type of layer 3 protocol, source and destination
port, etc. Extended access lists are more complex to configure and consume more CPU time than standard access
lists, but they allow a much more granular level of control.
Example

10
In the example network above, we have used the standard access list to prevent all users from accessing server
S1. But, with that configuration, we also deny access to S2! To be more specific, we can use extended access
lists. Let’s say that we need to prevent users from accessing server S1. We could place an extended access list
on R1 to prevent users only from accessing S1 (we would use an access list to filter the IP traffic according to
the destination IP address). That way, no other traffic is forbidden, and users can still access the other server,
S2:

Difference between LAN and VLAN

LAN VLAN
All configuration only done in PC Configuration is done in both PC and the Switch
In LAN we cannot configure ports available in a switch VLAN allows you to configure each and every
port available in a switch.
Router is required to communicate between two Even without router two or more virtual network
different network can communicate. All the configuration done in
the switch is self
Hence all the data travels in the same broadcast Each VLAN has their own broadcast domain
domain, the network traffic is more hence the network traffic is low
Network cost is high Network cost is low
Network construction is simple Network construction is complex

Why should I use Access Control Lists?

The primary reason is to provide a basic level of security for the network. ACLs are not as complex and in
depth of protection as stateful firewalls, but they do provide protection on higher speed interfaces where line
rate speed is important and firewalls may be restrictive.
ACLs are also used to restrict updates for routing from network peers and can be instrumental in defining flow
control for network traffic.

11
ACLs here should be configured to restrict network peer access and can be used in conjunction with the routing
protocols to restrict updates and the extent of routes received from or sent to network peers.
You can create rules in access-list configuration mode by using the permit or deny command. The switch
allows traffic that matches the criteria in a permit rule and blocks traffic that matches the criteria in a deny rule.
You have many options for configuring the criteria that traffic must meet in order to match the rule.
Source and Destination
In each rule, you specify the source and the destination of the traffic that matches the rule. You can specify
both the source and destination as a specific host, a network or group of hosts, or any host.
Protocols
ACLs allow you to identify traffic by protocol. For your convenience, you can specify some protocols by name.
For example, in an IPv4 ACL, you can specify ICMP by name.
You can specify any protocol by number. In IPv4 ACLs, you can specify protocols by the integer that represents
the Internet protocol number. For example, you can use 115 to specify Layer 2 Tunneling Protocol (L2TP)
traffic.

Sequence Numbers
The switch supports sequence numbers for rules. Every rule that you enter receives a sequence number, either
assigned by you or assigned automatically by the switch. Sequence numbers simplify the following ACL tasks:
Adding new rules between existing rules- by specifying the sequence number, you specify where in the ACL
a new rule should be positioned. For example, if you need to insert a rule between rules numbered
100 and 110, you could assign a sequence number of 105 to the new rule.
• Removing a rule- without using a sequence number, removing a rule requires that you enter the whole rule,
as follows:
switch(config-acl)# no permit tcp 10.0.0.0/8 any
However, if the same rule had a sequence number of 101, removing the rule requires only the following
command:
switch(config-acl)# no 101
• Moving a rule- With sequence numbers, if you need to move a rule to a different position within an
ACL, you can add a second instance of the rule using the sequence number that positions it correctly, and then
you can remove the original instance of the rule. This action allows you to move the rule without disrupting
traffic.
If you enter a rule without a sequence number, the switch adds the rule to the end of the ACL and assigns a
sequence number that is 10 greater than the sequence number of the preceding rule to the rule. For example, if
the last rule in an ACL has a sequence number of 225 and you add a rule without a sequence number, the
switch assigns the sequence number 235 to the new rule.

Configuring IP ACLs
Creating an IP ACL
Procedure
12
 Command or Action Purpose
Step 1 switch# configure terminal Enters configuration mode.
Step 2 switch(config)# ip access-list name Creates the IP ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
Step2 switch(config-acl)# [sequence-number] Creates a rule in the IP ACL. You can create many
{permit|deny} protocol source destination rules. The sequence-number argument can be a whole
number between 1 and 4294967295.
Step3 switch(config-acl)# statistics (Optional) Specifies that the switch maintains global
statistics for packets matching the rules in the ACL
Step4 switch# show ip access-lists name (Optional) Displays the IP ACL configuration.
Step5 switch# copy running-config startup- (Optional) Copies the running configuration to the
config startup configuration.

The following example shows how to create an IPv4 ACL:

switch# configure terminal
switch(config)# ip access-list acl-01
switch(config-acl)# permit ip 192.168.2.0/24 any
switch(config-acl)# statistics
Changing an IP ACL
You can add and remove rules in an existing IPv4 ACL. You cannot change existing rules. Instead, to change
a rule, you can remove it and recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows, you can use
the resequence command to reassign sequence numbers.
Procedure
Command or Action Purpose
Step1 switch# configure terminal Enters configuration mode.
Step2 switch(config)# ip access-list name Enters IP ACL configuration mode for the ACL that you
specify by name.
Step3 switch(config-acl)# [sequence-number] Creates a rule in the IP ACL. Using a sequence number allows
{permit |deny} protocol source destination you to specify a position for the rule in the ACL.
Step4 switch(config-acl)# no {sequence- (Optional)
number | {permit | deny} protocol source Removes the rule that you specified from the IP ACL.
destination} The permit and deny commands support many ways of
identifying traffic.
Step5 switch(config-acl)# [no] statistics (Optional) Specifies that the switch maintains global
statistics for packets matching the rules in the ACL. The
no option stops the switch from maintaining global statistics
for the ACL.
Step6 switch# show ip access-lists name (Optional) Displays the IP ACL configuration.
Step7 switch# copy running-config (Optional) Copies the running configuration to the startup
startup-config configuration

Removing an IP ACL
You can remove an IP ACL from the switch. Before you remove an IP ACL from the switch, be sure that you
know whether the ACL is applied to an interface. The switch allows you to remove ACLs that are currently
applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL.

13
Instead, the switch considers the removed ACL to be empty. To remove an IP ACL from the switch, perform
this task:

Procedure
Command or Action Purpose
Step1 switch# configure terminal Enters configuration mode
Step2 switch(config)# no ip access-list name Removes the IP ACL that you specified by name from the
running configuration.
Step3 switch# show running-config (Optional) Displays ACL configuration. The removed IP ACL
should not appear.
Step4 switch# copy running-config startup-config (Optional) Copies the running configuration to the startup
configuration.

What is Logging with syslog usage?

Syslog is a standard for logging messages. The syslog messages are generated by our routers and our switches
to let us know about everything that has happened.
And it could be a wide range of things that have happened, from anything about to an emergency to something
that’s just a simple notification. We can configure the messages to be forwarded to various destinations i.e.
logging buffer, console line, terminal line and finally to syslog server. By default, syslog messages go to the
console line.
Router basic configuration
Routing is the method of selecting a network packet path over the Internet or between or through multiple
networks. Routing is conducted on many kinds of networks, including circuit-switched networks, such as
public switched telephone networks (PSTN), and computer networks, such as the Internet.
Example

Configure the router by using the following commands

14
Press n
Router>enable
Router#config t
Router(config)#int fa0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config)#int fa0/1
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#no shutdown
Assign the PCs graphically the appropriate IP address, subnet mask and default gateway
What is static routing?

Network administrators use static routing, or nonadaptive routing, to define a route when there is a single route
or a preferred route for traffic to reach a destination. Static routing uses small routing tables with only one
entry for each destination. It also requires less computation time than dynamic routing because each route is
preconfigured.
Because static routes are preconfigured, administrators must manually reconfigure routes to adapt to changes
in the network when they occur. Static routes are generally used in networks where administrators don't expect
any changes.

What is dynamic routing?

Dynamic routing, sometimes called adaptive routing, is more complex than static routing because it creates
more possible routes to send packets across a network. Dynamic routes are typically used in larger, fluid
networks where static routes would be cumbersome to maintain and frequently reconfigure. Because dynamic
routing is more complicated, it consumes more bandwidth than static routing.

Dynamic routing uses algorithms to compute multiple possible routes and determine the best path for traffic
to travel through the network. It uses two types of complex algorithms: distance vector protocols and link
state protocols.

Both distance vector and link state protocols create a routing table within the router that includes an entry for
each possible destination of a network, group of networks or specific subnet. Each entry specifies which
network connection to use to send out a received packet.

15
Distance vector protocols

When using a distance vector protocol -- such as Routing Information Protocol (RIP) or Interior Gateway
Routing Protocol (IGRP) -- each routing table entry specifies the number of hops to each destination. The
router sends its routing table to each directly connected router and receives the tables of the other routers in
return. Routers using distance vector protocols periodically exchange their routing tables with neighboring
routers.

Distance vector protocols have their advantages and disadvantages. Routers that use distance vector protocols
periodically send out their entire routing tables, which produces a significant load when used in a large network
and could create a security risk if the network became compromised. Because distance vector protocols
determine routes based on hop count, they can choose a slow link over a high data rate link when the hop count
is lower.

Link state protocols

Link state protocols -- such as Open Shortest Path First (OSPF) and Intermediate System to Intermediate
System (IS-IS) -- determine routes by exchanging a link state packet (LSP) with each neighboring router. Each
router constructs an LSP that contains its preconfigured identifier along with information about connected
networks and subnets. The router then sends the LSP to nearby routers. Received LSPs contain additional
information about paths to other networks and link data rates. Routers combine this information with
previously known information and store it in their routing tables.

Like distance vector protocols, link state protocols have their benefits and drawbacks. One benefit of link state
protocols is they send out updates only when there is a change in the network, in contrast to the constant load
distance vector protocols place on the network. Link state protocols can also recover more quickly and
redetermine a route when a link or router malfunctions. But these protocols are more complicated and more
difficult to configure and maintain.

Static vs. dynamic routing: Key differences

Below is an overview of some of the main differences between static routing and dynamic routing.

1. Path selection
Static routing uses a single preconfigured route to send traffic to its destination, while dynamic routing provides
multiple available routes to the destination.

2. Ability to update routes

16
Network administrators must manually reconfigure static routes in order to adjust routes. Dynamic routing
uses algorithms to automatically update with the preferred route change.

3. Routing tables
Static routing has a smaller routing table with only one entry for each destination, while dynamic routing
requires routers to send out their entire routing tables to identify route availability.

4. Use of protocols and algorithms

Static routing doesn't use protocols or complex routing algorithms. Dynamic routing uses distance vector
protocols, such as RIP and IGRP, and link state protocols, such as OSPF and IS-IS, to adjust routes.

5. Computation and bandwidth requirements

Static routing requires less compute power and bandwidth, as it only has one preconfigured route. Dynamic
routing requires more computation and bandwidth to generate multiple route possibilities.

6. Security
Static routing is more secure because it doesn't share routes across the entire network. Dynamic routing
creates more security risks because it shares complete routing tables across the network.

7. Use cases
Static routing is best used in smaller networks with fewer routers and is ideal for networks with unchanging
network architecture. Dynamic routing is well suited for larger, more complex networks that have multiple
routers, and its flexibility makes it ideal for network architectures that frequently change.

17
18