Archives for : Ethernet

    Cisco Command Cheat Sheet

    I found a list of useful Cisco commands which I though I would post here.


    • Config# terminal editing – allows for enhanced editing commands
    • Config# terminal monitor – shows output on telnet session
    • Config# terminal ip netmask-format hexadecimal|bit-count|decimal – changes the format of subnet masks


    • Config# hostname ROUTER_NAME


    • Config# banner motd # TYPE MESSAGE HERE # – # can be substituted for any character, must start and finish the message


    • Config# description THIS IS THE SOUTH ROUTER – can be entered at the Config-if level


    • Config# clock timezone Central -6
      # clock set hh:mm:ss dd month yyyy – Example: clock set 14:13:00 25 August 2003


    • Config# config-register 0x2100 – ROM Monitor Mode
    • Config# config-register 0x2101 – ROM boot
    • Config# config-register 0x2102 – Boot from NVRAM


    • Config# boot system tftp FILENAME SERVER_IP – Example: boot system tftp 2600_ios.bin
    • Config# boot system ROM
    • Config# boot system flash – Then – Config# reload


    • Config# cdp run – Turns CDP on
    • Config# cdp holdtime 180 – Sets the time that a device remains. Default is 180
    • Config# cdp timer 30 – Sets the update timer.The default is 60
    • Config# int Ethernet 0
    • Config-if# cdp enable – Enables cdp on the interface
    • Config-if# no cdp enable – Disables CDP on the interface
    • Config# no cdp run – Turns CDP off


    • Config# ip host ROUTER_NAME INT_Address – Example: ip host lab-a
    • Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 – Example: ip host lab-a – (for e0, s0, s1)


    • Config# ip domain-lookup – Tell router to lookup domain names
    • Config# ip name-server – Location of DNS server
    • Config# ip domain-name – Domain to append to end of names


    • # clear interface Ethernet 0 – Clears counters on the specified interface
    • # clear counters – Clears all interface counters
    • # clear cdp counters – Clears CDP counters


    • Config# ip route Net_Add SN_Mask Next_Hop_Add – Example: ip route
    • Config# ip route Next_Hop_Add – Default route
    • Config# ip default-network Net_Add – Gateway LAN network


    • Config# ip routing – Enabled by default
    • Config# router rip
    • Config# router igrp 100
    • Config# interface Ethernet 0
    • Config-if# ip address
    • Config-if# no shutdown


    • Config# ipx routing
    • Config# interface Ethernet 0
    • Config# ipx maximum-paths 2 – Maximum equal metric paths used
    • Config-if# ipx network 222 encapsulation sap – Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
    • Config-if# no shutdown


    IP Standard1-99
    IP Extended100-199
    IPX Standard800-899
    IPX Extended900-999
    IPX SAP Filters1000-1099


    • Config# access-list 10 permit – allow all src ip’s on network
    • Config# access-list 10 permit host – specifies a specific host
    • Config# access-list 10 permit any – allows any address
    • Config# int Ethernet 0
    • Config-if# ip access-group 10 in – also available: out


    • Config# access-list 101 permit tcp eq telnet
      -protocols: tcp, udp, icmp, ip (no sockets then), among others
      -source then destination address
      -eq, gt, lt for comparison
      -sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
    • Config# access-list 101 deny tcp any host eq www


    • Config# access-list 101 permit ip any any
    • Config# interface Ethernet 0
    • Config-if# ip access-group 101 outIPX STANDARD:
    • Config# access-list 801 permit 233 AA3 – source network/host then destination network/host


    • Config# access-list 801 permit -1 -1 – “-1” is the same as “any” with network/host addresses
    • Config# interface Ethernet 0
    • Config-if# ipx access-group 801 outIPX EXTENDED:
    • Config# access-list 901 permit sap 4AA all 4BB all
      – Permit protocol src_add socket dest_add socket
      -“all” includes all sockets, or can use socket numbers


    • Config# access-list 901 permit any any all any all
      -Permits any protocol with any address on any socket to go anywhere
    • Config# interface Ethernet 0
    • Config-if# ipx access-group 901 inIPX SAP FILTER:
    • Config# access-list 1000 permit 4aa 3 – “3” is the service type


    • Config# access-list 1000 permit 4aa 0 – service type of “0” matches all services
    • Config# interface Ethernet 0
    • Config-if# ipx input-sap-filter 1000 – filter applied to incoming packets


    • Config-if# ipx output-sap-filter 1000 – filter applied to outgoing packets


    • Config# ip access-list standard LISTNAME
      -can be ip or ipx, standard or extended
      -followed by the permit or deny list
    • Config# permit any
    • Config-if# ip access-group LISTNAME in
      -use the list name instead of a list number
      -allows for a larger amount of access-lists


    • Config-if# encapsulation ppp
    • Config-if# ppp authentication chap pap
      -order in which they will be used
      -only attempted with the authentification listed
      -if one fails, then connection is terminated
    • Config-if# exit
    • Config# username Lab-b password 123456
      -username is the router that will be connecting to this one
      -only specified routers can connect


    • Config-if# ppp chap hostname ROUTER
    • Config-if# ppp chap password 123456
      -if this is set on all routers, then any of them can connect to any other
      -set same on all for easy configuration


    • Config# isdn switch-type basic-5ess – determined by telecom
    • Config# interface serial 0
    • Config-if# isdn spid1 2705554564 – isdn “phonenumber” of line 1
    • Config-if# isdn spid2 2705554565 – isdn “phonenumber” of line 2
    • Config-if# encapsulation PPP – or HDLC, LAPD

    DDR – 4 Steps to setting up ISDN with DDR Configure switch type

    1. Config# isdn switch-type basic-5ess – can be done at interface config

    2. Configure static routes
    Config# ip route – sends traffic destined for to
    Config# ip route bri0 – specifies how to get to network (through bri0)

    3. Configure Interface
    Config-if# ip address
    Config-if# no shutdown
    Config-if# encapsulation ppp
    Config-if# dialer-group 1 – applies dialer-list to this interface
    Config-if# dialer map ip name Lab-b 5551212
    connect to lab-b at 5551212 with ip if there is interesting traffic
    can also use “dialer string 5551212” instead if there is only one router to connect to

    4. Specify interesting traffic
    Config# dialer-list 1 ip permit any
    Config# dialer-list 1 ip list 101 – use the access-list 101 as the dialer list

    5. Other Options
    Config-if# hold-queue 75 – queue 75 packets before dialing
    Config-if# dialer load-threshold 125 either
    -load needed before second line is brought up
    -“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
    -can check by in, out, or either

    Config-if# dialer idle-timeout 180
    -determines how long to stay idle before terminating the session
    -default is 120


    • Config# interface serial 0
    • Config-if# encapsulation frame-relay – cisco by default, can change to ietf
    • Config-if# frame-relay lmi-type cisco – cisco by default, also ansi, q933a
    • Config-if# bandwidth 56
    • Config-if# interface serial 0.100 point-to-point – subinterface
    • Config-if# ip address
    • Config-if# frame-relay interface-dlci 100
      -maps the dlci to the interface
      -can add BROADCAST and/or IETF at the end
    • Config-if# interface serial 1.100 multipoint
    • Config-if# no inverse-arp – turns IARP off; good to do
    • Config-if# frame-relay map ip 48 ietf broadcast
      -maps an IP to a dlci (48 in this case)
      -required if IARP is turned off
      -ietf and broadcast are optional
    • Config-if# frame-relay map ip 54 broadcast


    • Show access-lists – all access lists on the router
    • Show cdp – cdp timer and holdtime frequency
    • Show cdp entry * – same as next
    • Show cdp neighbors detail – details of neighbor with ip add and ios version
    • Show cdp neighbors – id, local interface, holdtime, capability, platform portid
    • Show cdp interface – int’s running cdp and their encapsulation
    • Show cdp traffic – cdp packets sent and received
    • Show controllers serial 0 – DTE or DCE status
    • Show dialer – number of times dialer string has been reached, other stats
    • Show flash – files in flash
    • Show frame-relay lmi – lmi stats
    • Show frame-relay map – static and dynamic maps for PVC’s
    • Show frame-relay pvc – pvc’s and dlci’s
    • Show history – commands entered
    • Show hosts – contents of host table
    • Show int f0/26 – stats of f0/26
    • Show interface Ethernet 0 – show stats of Ethernet 0
    • Show ip – ip config of switch
    • Show ip access-lists – ip access-lists on switch
    • Show ip interface – ip config of interface
    • Show ip protocols – routing protocols and timers
    • Show ip route – Displays IP routing table
    • Show ipx access-lists – same, only ipx
    • Show ipx interfaces – RIP and SAP info being sent and received, IPX addresses
    • Show ipx route – ipx routes in the table
    • Show ipx servers – SAP table
    • Show ipx traffic – RIP and SAP info
    • Show isdn active – number with active status
    • Show isdn status – shows if SPIDs are valid, if connected
    • Show mac-address-table – contents of the dynamic table
    • Show protocols – routed protocols and net_addresses of interfaces
    • Show running-config – dram config file
    • Show sessions – connections via telnet to remote device
    • Show startup-config – nvram config file
    • Show terminal – shows history size
    • Show trunk a/b – trunk stat of port 26/27
    • Show version – ios info, uptime, address of switch
    • Show vlan – all configured vlan’s
    • Show vlan-membership – vlan assignments
    • Show vtp – vtp configs

    For Native IOS – Not CatOS


    • Config# ip address
    • Config# ip default-gateway MODE:
    • Config# interface Ethernet 0/5 – “fastethernet” for 100 Mbps ports
    • Config-if# duplex full – also, half | auto | full-flow-control


    • Config# switching-mode store-and-forward – also, fragment-free


    • Config# mac-address-table permanent aaab.000f.ffef e0/2 – only this mac will work on this port
    • Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
      -port 3 can only send data out port 2 with that mac
      -very restrictive security
    • Config-if# port secure max-mac-count 5 – allows only 5 mac addresses mapped to this port


    • Config# vlan 10 name FINANCE
    • Config# interface Ethernet 0/3
    • Config-if# vlan-membership static 10TRUNK LINKS:
    • Config-if# trunk on – also, off | auto | desirable | nonegotiate
    • Config-if# no trunk-vlan 2
      -removes vlan 2 from the trunk port
      -by default, all vlans are set on a trunk port



    • Config# delete vtp – should be done prior to adding to a network
    • Config# vtp server – the default is server, also client and transparent
    • Config# vtp domain Camp – name doesn’t matter, just so all switches use the same
    • Config# vtp password 1234 – limited security
    • Config# vtp pruning enable – limits vtp broadcasts to only switches affected
    • Config# vtp pruning disableFLASH UPGRADE:
    • Config# copy tftp:// opcode – “opcode” for ios upgrade, “nvram” for startup config


    • Config# delete nvram


    • show ip bgp – Displays entries in the BGP routing table.
    • show ip bgp injected-paths – Displays paths in the BGP routing table that were conditionally injected.
    • show ip bgp neighbors – Displays information about the TCP and BGP connections to neighbors.

    BGP Conditional Route Injection:

    Step 1 Router(config)# router bgp as-number
    -  Places the router in router configuration mode, and configures the router to run a BGP process.

    Step 2 Router(config-router)# bgp inject-map ORIGINATE exist-map LEARNED_PATH
    -  Configures the inject-map named ORIGINATE and the exist-map named LEARNED_PATH for conditional route injection.

    Step 3 Router(config-router)# exit
    -Exits router configuration mode, and enters global configuration mode.

    Step 4 Router(config)# route-map LEARNED_PATH permit sequence-number
    – Configures the route map named LEARNED_PATH.

    Step 5 Router(config-route-map)# match ip address prefix-list ROUTE
    – Specifies the aggregate route to which a more specific route will be injected.

    Step 6 Router(config-route-map# match ip route-source prefix-list ROUTE_SOURCE
    – Configures the prefix list named ROUTE_SOURCE to redistribute the source of the route.
    Note The route source is the neighbor address that is configured with the neighbor remote-as command. The tracked prefix must come from this neighbor in order for conditional route injection to occur.

    Step 7 Router(config-route-map)# exit
    – Exits route-map configuration mode, and enters global configuration mode.

    Step 8
    Router(config)# route-map ORIGINATE permit 10
    – Configures the route map named ORIGINATE.

    Step 9 Router(config-route-map)# set ip address prefix-list ORIGINATED_ROUTES
    – Specifies the routes to be injected.

    Step 10 Router(config-route-map)# set community community-attribute additive
    – Configures the community attribute of the injected routes.

    Step 11 Router(config-route-map)# exit
    – Exits route-map configuration mode, and enters global configuration mode.

    Step 12
    Router(config)# ip prefix-list ROUTE permit
    – Configures the prefix list named ROUTE to permit routes from network

    Step 13 Router(config)# ip prefix-list ORIGINATED_ROUTES permit
    – Configures the prefix list named ORIGINATED_ROUTES to permit routes from network

    Step 14 Router(config)# ip prefix-list ORIGINATED_ROUTES permit
    – Configures the prefix list named ORIGINATED_ROUTES to permit routes from network

    Step 15 Router(config)# ip prefix-list ROUTE_SOURCE permit
    – Configures the prefix list named ROUTE_SOURCE to permit routes from network
    Note The route source prefix list must be configured with a /32 mask in order for conditional route injection to occur.


    Step 1 (config)# interface ethernet0/0
    (config-if)#ip address
    (config-if)# no shutdown
    – Configure an IP address on the router’s Ethernet port, and bring up the interface. (On an existing router, you would have already done this.)

    Step 2 (config)# ip dhcp pool mypool
    – Create a DHCP IP address pool for the IP addresses you want to use.

    Step 3 (dhcp-config)# network /8
    – Specify the network and subnet for the addresses you want to use from the pool.

    Step 4 (dhcp-config)#domain-name
    – Specify the DNS domain name for the clients.

    Step 5 (dhcp-config)#dns-server
    – Specify the primary and secondary DNS servers.

    Step 6 (dhcp-config)#default-router
    – Specify the default router (i.e., default gateway).

    Step 7 (dhcp-config)#lease 7
    – Specify the lease duration for the addresses you’re using from the pool.

    Step 8 (dhcp-config)#exit
    – Exit Pool Configuration Mode.

    This takes you back to the global configuration prompt.

    Next, exclude any addresses in the pool range that you don’t want to hand out.

    For example, let’s say that you’ve decided that all IP addresses up to .100 will be for static IP devices such as servers and printers. All IP addresses above .100 will be available in the pool for DHCP clients.

    Here’s an example of how to exclude IP addresses .100 and below:

    Optional (config)#ip dhcp excluded-address

    The full DHCP reference can be found on the CISCO site.

    Common Commands and Troubleshooting

    • Set a password on the console line:
      • configure terminal
      • line console 0
      • password ‘cisco’
      • login
    • Passwords are case sensitive.
    • You must configure a password on the VTY lines, without one no one will be able to telnet to the switch/router.
    • The default mode when logging into a switch/router via telnet or SSH is user exec mode, which is indicated by the ‘>’ prompt.
    • To configure the switch/router you need to use the privileged EXEC mode. To do this you enter the enable command in user EXEC mode. The prompt is indicated with ‘#’.
    • If both enable secret and enable password are set, the enable secret will be used.
    • The enable secret is encrypted (by default) where as the enable password is in clear text.
    • In a config containing an enable secret 5 ‘hash’ the 5 refers to the level of encryption being used.
    • If no enable password/secret has been set when someone telnets to the device, they will get a ‘%No password set’ message. Someone with physical access must set the password.
    • To place all telnet users directly into enable mode:
      • configure terminal
      • line vty 0 4
      • privilege level 15
    • To put a specific user directly into privileged EXEC mode (enable mode)
      • username superman privilege 15 password louise
    • Telnet sends all data including passwords in clear text which can be intercepted.
    • SSH encrypts all data preventing an attacker from intercepting it.
    • Setting up a local user/password login database for use with telnet:
      • configure terminal
      • line vty 0 4
      • login local
      • exit
      • username telnetuser1 password secretpass
    • To set up SSH you need to create the local user database, the domain name must be specified with the ip domain-name command and a crypto key must be created with the crypto key generate rsa command. To enable SSH on the VTY lines, use the command transport input ssh.
    • If you connect two Cisco switches together and the lights don’t go amber then green, but instead stays off. A straight through cable has been used instead of a crossover cable.
    • The term ‘a switches management interface’ normally refers to VLAN1.
    • Assign a default gateway using the ip default-gateway ipaddress command.
    • You can use the command interface range fasterthernet 0/1 – 12 to select a range of interfaces to configure at once.
    • MOTD banner appears before login prompt.
    • The login banner appears before the login prompt but after the MOTD banner.
    • The banner exec appears after a successful logon.
    • line con 0 – configuring the logging synchronous on the console port stops the router from displaying messages (like an interface state change) until it detects no input from the keyboard and not other output from the router, such as a show commands output.
    • exec-timeout x y (x=minutes, y=seconds) – the default is 5 minutes. Can be disabled by setting x=0 y=0
    • Shortcut commands
      • Up Arrow – will show you the last command you entered. Control+P does the same thing.
      • Down Arrow – will bring you one command up in the command history. Control+N does the same thing.
      • CTRL+A takes the cursor to the start of the current command.
      • CTRL+E takes the cursor to the end of the current command.
      • Left arrow or CTRL+B moves backwards (towards the start) of the command one character at a time.
      • Right arrow or CTRL+P moves forwards (towards the end) of the command one character at a time.
      • CTRL+D deletes one character (the same as backspace).
      • ESC+B moves back one word in the current command.
      • ESC+F moves forward one word in the current command.
    • show history command will show the last 10 commands run by default.
    • the history size can be increased individually on the console port and on the VTY lines with the history size x command.
    • Config modes
      • config t R1<config> is the global configuration mode.
      • line vty 0 4 R1<config-line> is the line config mode.
      • interface fastethernet 0/1 R1<config-if> interface config mode.
    • Cisco Discovery Protocol (CDP) runs by default on Cisco routers and switches. It runs globally and on a per-interface level.
    • CDP discovers basic information about neighboring switches and routers.
    • On media that supports multicasts at the data link layer, CDP uses multicast frames. on other media, CDP sends a copy of the CDP update to any known data-link addresses.
    • The show cdp command shows CDP settings.
    • CDP can be disabled globally using the command no cdp run and re-enable using cdp run.
    • CDP can be disabled at an interface level using the no cdp enable command at the sub-interface level.
    • The command show cdp neighbor – lists one summary line of information about each neighbor. Including:
      • Device ID – the remote devices hostname.
      • Local Interface – the local switch/router interface connected to the remote host.
      • Holdtime – is the number of seconds the local device will retain the contents of the last CDP advertisement received from the remote host.
      • Capability – shows you the type of device the remote host is.
      • Platform – is the remote devices hardware platform.
      • Port ID – is the remote interface on the direct connection.
    • The command show cdp neighbor detail – lists one large set (approx 15 lines) of information, one set for every neighbor. Including:
      • The IOS version.
      • VTP management domain.
      • Management addresses.
    • show cdp entry name – lists the same information as the show cdp neighbors detail command, but only for the named neighbor (case sensitive).
    • show cdp – states whether CDP is enabled globally, and lists the default update and holdtime timers.
    • show cdp traffic – lists global statistics for the number of CDP advertisements sent and received.
    • show cdp interface type number – states whether CDP is enabled on each interface or a single interface if the interface is listed, and states the update and holdtime timers on those interfaces.
    • CDP should be disabled on interfaces it is not needed to limit risk of an attacker learning details about each switch or router. Use the no cdp enable interface subcommand to disable CDP and the cdp enable interface subcommand to re-enable it.
    • The command show cdp interface shows the CDP settings for every interface.
    • Interface status messages:
      • Interface status is down/down – this indicates a physical problem, most likely a loose or unplugged cable.
      • Line protocol is down, up/down – this indicates a problem at the logical level, most likely an encapsulation mismatch or a missing clock rate.
      • Administratively down – this indicates the interface has been shutdown and needs to be manually opened with the sub interface command no shutdown.
    • The command show mac-address-table shows the mac address table. show mac-address-table dynamic sows the dynamically learned entries only.
    • Most problems on a switch are caused by human error – misconfiguration.
    • The command show debugging shows all the currently running debugs.
    • undebug all – will turn all debugging off.
    • The command show vlan brief shows a switches VLAN configuration.
    • If pinging fails on a pc, there is a problem with the local PC, most likely a bad install of TCP/IP.
    • On a pc the command netstat -rn shows the pc’s routing table.
    • Additional Telnet commands:
      • show sessions shows information about each telnet session, the where command does the same thing.
      • resume x, x being the session number is used to resume a telnet session.
      • To suspend a session use the command CTRL+ALT+6.
      • To disconnect an open session use the command disconnect x, x being the session number.
    • Ping result codes:
      • !!!!! – IP connectivity to the destination is ok.
      • ….. – IP connectivity to the destination does not exist.
      • U.U.U – the local router has a route to the destination, but a downstream router does not.
    • debug ip packet – can help troubleshooting the above ping results.
    • When using traceroute or extended ping the Escape Sequence is: CTRL+SHIFT+6.
    • Extended ping can only be run from enable mode.
    • If a routing table contains multiple routes to the same destination with multiple next hops and the prefixes are different, the most specific (longest) prefix route will be used. If all of the prefix lengths are the same the Administrative Distance will be used. [AD/Metric].
    • Administrative Distance is a measure of a routes believability, with a lower AD being more believable than a route with a higher AD. AD only comes into play if the prefix lengths are the same.
    • You can set the Administrative Distance on a static route with the command ip route 150, you would do this to set a backup route if a dynamic route fails/is not available in the routing table.

    Cisco NX-OS/IOS BGP (Advanced) Comparison

    These may also assist: Undocumented Cisco Commands

    Bluetooth Wireless Specification


    This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark

    Bluetooth is an industrial specification for wireless personal area networks (PANs).

    Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.

    Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.

    The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.

    Table of contents

    * 1 About the name
    * 2 General information
    o 2.1 Embedded Bluetooth
    * 3 Features by version
    o 3.1 Bluetooth 1.0 and 1.0B
    o 3.2 Bluetooth 1.1
    o 3.3 Bluetooth 1.2
    o 3.4 Bluetooth 2.0
    * 4 Future Bluetooth uses
    * 5 Security concerns
    * 6 Bluetooth profiles
    * 7 See also
    * 8 External links

    About the name

    The system is named after a Danish king Harald Blåtand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.

    General information


    A typical Bluetooth mobile phone headset

    The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.

    Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.

    It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.

    Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.

    The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.

    A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.

    The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.

    Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.

    Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.

    The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).

    Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.

    Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.

    Embedded Bluetooth

    Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.

    Features by version

    Bluetooth 1.0 and 1.0B

    Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.

    Bluetooth 1.1

    In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.

    Bluetooth 1.2

    This version is backwards compatible with 1.1 and the major enhancements include

    • Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
    • Higher transmission speeds in practice
    • extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
    • Received Signal Strength Indicator (RSSI)
    • Host Controller Interface (HCI) support for 3-wire UART
    • HCI access to timing information for Bluetooth applications.

    Bluetooth 2.0

    This version is backwards compatible with 1.x and the major enhancements include

    • Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
    • Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
    • Enhanced Data Rate (EDR) of 2.1 Mbit/s.
    • Built-in quality of service.
    • Distributed media-access control protocols.
    • Faster response times.
    • Halved power consumption due to shorter duty cycles.

    Future Bluetooth uses

    One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.

    Security concerns

    In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

    In a subsequent experiment, Martin Herfurt from the was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.

    In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.

    This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.

    In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.

    Bluetooth uses the SAFER+ algorithm for authentication and key generation.

    Bluetooth profiles

    In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:

    • Generic Access Profile (GAP)
    • Service Discovery Application Profile (SDAP)
    • Cordless Telephony Profile (CTP)
    • Intercom Profile (IP)
    • Serial Port Profile (SPP)
    • Headset Profile (HSP)
    • Dial-up Networking Profile (DUNP)
    • Fax Profile
    • LAN Access Profile (LAP)
    • Generic Object Exchange Profile (GOEP)
    • Object Push Profile (OPP)
    • File Transfer Profile (FTP)
    • Synchronisation Profile (SP)

    This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.

    • Hands-Free Profile (HFP)
    • Human Interface Device Profile (HID)
    • Hard Copy Replacement Profile (HCRP)
    • Basic Imaging Profile (BIP)
    • Personal Area Networking Profile (PAN)
    • Basic Printing Profile (BPP)
    • Advanced Audio Distribution Profile (A2DP)
    • Audio Video Remote Control Profile (AVRCP)
    • SIM Access Profile (SAP)

    Compatibility of products with profiles can be verified on the Bluetooth Qualification website.

    See also

    External links