Ccna Lab Manual
Short Description
Ccna Lab Manual...
Description
CCNA Lab Guide
Cisco IOS Introduction General Reading:System Architecture Like a computer, a router has a CPU that varies in performance and capabilities depending on the router platform. Two examples of processors that Cisco uses are the Motorola 68030 and the Orion/R4600. The Cisco IOS software running in the router requires the CPU or processor to make routing and bridging decisions, maintain routing tables, and other system management functions. The CPU must have access to data in memory to make decisions or to get instructions. There are usually four types of memory on a Cisco router:
ROM—ROM is generally the memory on a chip or multiple chips. It is available on a router's processor board. It is read-only, which means that data cannot be written to it. The initial software that runs on a Cisco router is called the bootstrap software and is usually stored in ROM. The bootstrap software is invoked when the router boots up. Flash—Flash memory is located on a processor board SIMM but can be expanded using PCMCIA (removable) cards. Flash memory is most commonly used to store one or more Cisco IOS software images. Configuration files or system information can also be copied to Flash. On some high-end systems, Flash memory is also used to hold bootstrap software. RAM—RAM is very fast memory that loses its information when the system is restarted. It is used in PCs to store running applications and data. On a router, RAM is used to hold IOS system tables and buffers. RAM memory is basically used for all system operational storage requirements. NVRAM—On the router, NVRAM is used to store the startup configuration. This is the configuration file that IOS reads when the router boots up. It is extremely fast memory and is persistent across reboots. Although CPU and memory are required components to run IOS, a router must also have various interfaces to allow packet forwarding. Interfaces are input and output connections to the router that carries data that needs to be routed or switched. The most common types of interfaces are Ethernet and serial. Similar to the driver software on a computer with parallel ports and USB ports, IOS has device drivers to support these various interface types. All Cisco routers have a console port that provides an EIA/TIA-232 asynchronous serial connection. The console port can be connected to a computer's serial connection to gain terminal access to the router. Most routers also have an auxiliary port that is very similar to the console port, but is typically used for modem connection for remote router management. Following Output shows the console output of a new Cisco 3640 router that has just been started. Notice the processor, interface, and memory information that is listed. System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Copyright (c) 1999 by Cisco Systems, Inc. C3600 processor with 98304 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled program load complete, entry point: 0x80008000, size: 0xa8d168 Self decompressing the image : ################################################# #################################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-IS-M), Version 12.2(10), RELEASE SOFTWARE (fc2) Copyright (c) 1986-2002 by Cisco Systems, Inc. Compiled Mon 06-May-02 23:23 by pwade Image text-base: 0x60008930, data-base: 0x610D2000
cisco 3640 (R4700) processor (revision 0x00) with 94208K/4096K bytes of memory. Processor board ID 17746964 R4700 CPU at 100Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). 5 Ethernet/IEEE 802.3 interface(s) 1 Serial network interface(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 16384K bytes of processor board PCMCIA Slot0 flash (Read/Write)
--- System Configuration Dialog --Would you like to enter the initial configuration dialog? [yes/no]:
When a new router is first started, IOS runs an autoinstall process wherein the user is prompted to answer a few questions. IOS then configures the system based on the input provided. After initial setup, the configuration is most commonly modified using the command-line interface (CLI). Other ways of configuring the router include HTTP and network management applications Cisco IOS has three command modes, each with access to different command sets:
User mode—This is the first mode a user has access to after logging into the router. The user mode can be identified by the > prompt following the router name. This mode allows the user to execute only the basic commands, such as those that show the system's status. The system cannot be configured or restarted from this mode. Router>
Privileged mode—This mode allows users to view the system configuration, restart the system, and enter configuration mode. It also allows all the commands that are available in user mode. Privileged mode can be identified by the # prompt following the router name. The user mode enable command tells IOS that the user wants to enter privileged mode. If an enable password or enable secret password has been set, the user needs to enter the correct password or secret to be granted access to privileged mode. An enable secret password uses stronger encryption when it is stored in the configuration and, therefore, is safer. Privileged mode allows the user to do anything on the router, so it should be used with caution. To exit privileged mode, the user executes the disable command. Router#
Configuration mode—This mode allows users to modify the running system configuration. To enter configuration mode, enter the command configure terminal from privileged mode. Configuration mode has various submodes, starting with global configuration mode, which can be identified by the (config)# prompt following the router name. As the configuration mode submodes change depending on what is being configured, the words inside the parentheses change. For example, when you enter interface configuration submode, the prompt changes to (config-if)# following the router name. To exit configuration mode, the user can enter end or press Ctrl-Z. Router(config)#
Terminal Server Now days it is very difficult to use console cable and access multiple devices as routers and switched which we configure are placed in datacenter, to overcome this problem we use terminal server. This is a single point of management device. A terminal or comm server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches. The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure a single modem on the auxiliary port of the terminal server, to provide dial-up service to the other devices when network connectivity fails. Below is the pictorial scenario which shows the working of terminal server
Task 1 Telnet to CCNA Terminal Server at IP address 172.16.50.88 Solution: In Linux Base system such as Ubuntu go to applications then accessories and click on terminal and type “telnet 172.16.50.88” For Windows machine go to run and type “telnet 172.16.50.88”
Task 2 After you telnet into terminal server it will ask you for username and password, use username:student and password:student Solution: telnet 172.16.50.88
+--------------------------------------------------------------------+ | Following commands are available for use at privilege 0
|
| 1).Show Host
|
| 2).Show Sessions
|
| 3).Show Users
|
| 4).Clear Line
|
| 5).Disconnect
|
|
|
| Following CCNA Racks Can be Accessed From This Terminal :-
|
|
1).CCNA-Rack1
|
|
2).CCNA-Rack2
|
|
3).CCNA-Rack3
|
|
4).CCNA-Rack4
|
|
5).CCNA-Rack5
|
|
6).CCNA-Rack6
|
|
7).CCNA-Rack7
|
|
8).CCNA-Rack8
|
|
9).CCNA-Rack9
|
|
10).CCNA-Rack10
|
+--------------------------------------------------------------------+
******************************************************************** *
WELCOME TO ACIT Bangalore
*
*
YOU ARE CONNECTED TO CCNA-TERMINAL 88
*
******************************************************************** User Access Verification
Username: student Password: CCNA_Term#
Task 3 use show host commands to see the available racks. Solution: CCNA_Term#show host Default domain is not set Name/address lookup uses static mappings
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not defined
Host
Port
Flags
Rack1-R1
1026
(perm, OK) 64
IP
128.0.0.2
Rack1-R3
1028
(perm, OK) 84
IP
128.0.0.2
Rack1-SW1
1029
(perm, OK) 84
IP
128.0.0.2
Rack1-SW2
1030
(perm, OK) 84
IP
128.0.0.2
..
Task 4 Now access device rack1-r1 Solution:
Age Type
Address(es)
CCNA_Term#rack1-r1 Translating "rack1-r1" Trying Rack1-R1 (128.0.0.2, 1026)... Open % Please answer 'yes' or 'no'. Would you like to enter the initial configuration dialog? [yes/no]:no Press RETURN to get started! Router>
(Note:- At this point we are in device R1 of rack1) Task 5 Lock the session of R1 and come back to terminal server by pressing CTRL+SHIFT+6 X Solution: Router> CCNA_Term#
Task 6 Now open rack1-r2, rack1-r3, rack1-sw1 and rack1-sw2 Solution: CCNA_Term#rack1-r2 Translating "rack1-r2" Trying Rack1-R2 (128.0.0.2, 1027)... Open Press RETURN to get started! Router> CCNA_Term#rack1-r3 Translating "rack1-r3" Trying Rack1-R3 (128.0.0.2, 1028)... Open Press RETURN to get started! Router> CCNA_Term#rack1-sw1 Translating "rack1-sw1" Trying Rack1-SW1 (128.0.0.2, 1029)... Open Press RETURN to get started! switch> CCNA_Term#rack1-sw2 Translating "rack1-sw2" Trying Rack1-SW2 (128.0.0.2, 1030)... Open Press RETURN to get started! switch>
Task 7 Go back to Terminal Server and check the sessions which you have opened by pressing CTRL+SHIFT+6 X
Solution: CCNA_Term#show sessions Conn Host
*
Address
Byte
Idle Conn Name
1 rack3-r1
128.0.0.2
162
8 rack3-r1
2 rack3-r2
128.0.0.2
0
0 rack3-r2
3 rack3-r3
128.0.0.2
0
0 rack3-r3
4 rack3-sw1
128.0.0.2
39
0 rack3-sw1
5 rack3-sw2
128.0.0.2
0
0 rack3-sw2
(Note:- In above output you can see that we have opened 5 session. Automatically connection numbers are assigned to every session. So next time if you want to access R1 then we don’t have to press rack1-r1 again it can be simply accessed by pressing it’s current connection number i.e. 1. The Star before 5 shows the current active connection)
Task 8 on R1,R2,R3,SW1,SW2 Assign hostname R1,R2,R3,SW1,SW2 respectively Solution: CCNA_Term#1 [Resuming connection 1 to rack1-r1 ... ]
Router>enable Router#config t Enter configuration commands, one per line.
End with CNTL/Z.
Router(config)#hostname R1 R1(config)# CCNA_Term#2 [Resuming connection 2 to rack1-r2 ... ]
Router>enable Router#config t Enter configuration commands, one per line.
End with CNTL/Z.
Router(config)#hostname R2 R2(config)# CCNA_Term#3 [Resuming connection 3 to rack1-r3 ... ]
Router>enable Router#config t Enter configuration commands, one per line. Router(config)#hostname R3 R3(config)#
End with CNTL/Z.
CCNA_Term#4 [Resuming connection 4 to rack1-SW1 ... ]
Switch>enable Switch#config t Enter configuration commands, one per line.
End with CNTL/Z.
Switch(config)#hostname SW1 SW1(config)# CCNA_Term#5 [Resuming connection 5 to rack1-SW2 ... ]
Switch>enable Switch#config t Enter configuration commands, one per line.
End with CNTL/Z.
Switch(config)#hostname SW2 SW2(config)#
Task 9 Go to R1 and Check the available interfaces Solution: On R1: R1#show ip interface brief Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
unassigned
YES unset
administratively down down
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES unset
administratively down down
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
(Note:- Above are the list of interfaces available on router R1 but it may vary as device to device)
Task 9 On R1 assign IP address 10.0.0.1 and use classful subnetmask to interface Ethernet 0/0 and verify your configuration. Solution: On R1: R1# R1#configure terminal Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)#interface ethernet 0/0 R1(config-if)#ip address 10.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit *Jul up
1 00:37:53.867: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to
*Jul 1 00:37:54.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up R1(config)#exit R1#
(Note:- We Can See that ―no shutdown‖ command has been issued to start the interface. After issuing the command we can see that 2 log massages are appeared on the console, stating that link and line-protocol changed to up.) Verification:
On R1: R1# R1#show ip interface brief Interface
IP-Address
OK? Method
Status
Protocol
Ethernet0/0
10.0.0.1
YES manual up
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES manual administratively down down
Serial1/1
unassigned
YES unset
up
administratively down down
...
(Note:- In verification we can see that interface status and line protocol of interface Ethernet 0/0 is UP, also we can see that IP address which we assigned Is there, we should always consider a important note that every UP interface of router which has ip address is assigned defines one whole network, in this case interface Ethernet 0/0 defines the network 10.0.0.0 255.0.0.0, it can be verified with ―show ip route‖ command, therefore we cannot give any ip from this network to any other interface of the this router.)
R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP ,
D - EIGRP, EX - EIGRP external, O – OSPF
IA - OSPF inter area , N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 , E1 - OSPF external type 1, E2 - OSPF external type 2 , i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 , ia - IS-IS inter area, * - candidate default, U - per-user static route ,
o - ODR,
P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C
10.0.0.0/8 is directly connected, Ethernet0/0
L
10.0.0.1/32 is directly connected, Ethernet0/0
(Note:- above output is called routing table of the router. In this table router keeps the entries of networks know to him, We can see ―C‖ as legend before network entry of 10.0.0.0/8 it shows that it is directly connected on Ethernet 0/0, ―L‖ entry shows the local ip address of the network 10.0.0.0/8, which we assigned to the interface int this task.) Task 10 Check the current configuration of the router with “show running-config” command” and save the configuration. Verification: R1#show running-config Building configuration... Current configuration : 1161 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! !
no aaa new-model clock timezone IST 5 30 mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip source-route ! ! ! ! ip cef no ipv6 traffic interface-statistics no ipv6 cef ! multilink bundle-name authenticated ! ! ! redundancy ! ! ! interface Ethernet0/0 ip address 10.0.0.1 255.0.0.0 ! interface Ethernet0/1 no ip address shutdown ! interface Ethernet0/2 no ip address shutdown ! interface Ethernet0/3 no ip address shutdown ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1
no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ! control-plane ! ! line con 0 logging synchronous line aux 0 line vty 0 4 login ! exception data-corruption buffer truncate end R1# R1#write Building configuration... [OK] R1#
Task 11 Erase All the Devices and Reload Solution: R1#write erase Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK] Erase of nvram: complete R1# *Jul
1 01:09:36.006: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
R1#reload Proceed with reload? [confirm]
*Jul 1 01:09:39.958: %SYS-5-RELOAD: Reload requested Reason: Reload Command.
by console. Reload
R2#write erase Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete R2# *Jul
1 01:09:36.006: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
R2#reload Proceed with reload? [confirm]
*Jul 1 01:09:39.958: %SYS-5-RELOAD: Reload requested Reason: Reload Command. ...
by console. Reload
IP Routing Need of Routing:Routing is the process of moving data from one network to another by forwarding packets via gateways. With IP based networks, the routing decision is based on the destination address in the IP packet's header. Routing is the process of moving a packet of data from one network to another network based on the destination IP address. The Internet uses routing to move data from your computer, across several networks, to reach a final destination, like a website. Specialized computer devices that perform this routing function are referred to as routers. Routers use the information contained in a route to make decisions about which network interface to forward a packet through in order to reach the destination address in the packet. Routers maintain a list of routes which is often referred to as a routing table. Routers look up routes in the routing table to figure out how to move data from one network to another network. Routes are simply the signposts that tell a router which network interface to forward a packet through in order to reach the packet's intended destination Types of Routing There are two basic kinds of routes: static or dynamic. 1. Static Routes Routes can be entered into a router by a person who administrates the network (the network administrator). Since these routes are entered by the administrator, and these routes don't change until the administrator changes them, they are referred to as static routes. 2. Default Routes A default route is also referred to as the 'route of last resort'. This is the route a router uses when all other routes have been examined and none seem to be the right route to use. 3.Dynamic Routes If the routes are learned on-the-fly from other routers, it is called a dynamically-learned route, or a dynamic route for short. Dynamic routes are learned from routing protocols. 4.Routing Protocol A routing protocol is a standardized process by which routers learn and communicate connectivity information, called routes, each of which which describes how to reach a destination host and network. Routers that wish to exchange routing information must use the same routing protocol to communicate routing information.
Routing is the process of learning all the paths through the network (routes) and using routes to forward data from one network to another. A protocol is a standardized way to perform a task. So, a routing protocol would be a standardized way of learning routes and moving data from one network to another. Routing protocols are used by routers to dynamically learn all paths through a set of networks and forward data between the networks. Routers are specialized computer devices designed to perform routing. 5.Examples of Routing Protocols
EIGRP OSPF RIP, RIP II IS-IS BGP
Static Routing Configuration
Task 1 Assign Hostnames to Router1, Router2, Router3 R1, R2, R3 respectively. Solution: On Router1 : Router>enable Router#config Router#configure terminal Router(config)#hostname R1 R1(config)#
On Router2 : Router>enable Router#config Router#configure terminal Router(config)#hostname R2 R2(config)#
On Router3 : Router>enable
Router#config Router#configure terminal Router(config)#hostname R3 R3(config)#
Task 2 Assign IP address 12.0.0.1 and subnet mask of 255.0.0.0 to interface Serial 1/0 and IP address 10.0.0.1 255.0.0.0 to interface Ethernet0/0 on R1. After you complete your configuration verify it. Solution: On R1 : R1(config)#interface serial 1/0 R1(config-if)#ip address 12.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config-if)#int ethernet0/0 R1(config-if)#ip address 10.0.0.1 255.0.0.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#exit Verification : R1#show ip interface brief Interface
IP-Address
OK? Method Status
Ethernet0/0
10.0.0.1
YES manual up
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
12.0.0.1
YES manual up
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
Task 3 Similarly assign ip address to R2 and R3 as per the diagram.
Protocol up
up
Solution: On R2 : R2(config)#interface serial 1/0 R2(config-if)#ip address 12.0.0.2 255.0.0.0 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#interface serial 1/1 R2(config-if)#ip address 23.0.0.2 255.0.0.0 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config)#interface ethernet 0/0 R2(config-if)#ip address 20.0.0.2 255.0.0.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#exit R2# Verification: R2#show ip int brief Interface
IP-Address
OK? Method Status
Protocol
Ethernet0/0
20.0.0.2
YES manual up
up
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
12.0.0.2
YES manual up
up
Serial1/1
23.0.0.2
YES manual up
up
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
On R3 : R3(config)#interface serial 1/0 R3(config-if)#ip address 23.0.0.3 255.0.0.0
R3(config-if)#no shutdown R3(config-if)#exit R3(config)#interface ethernet 0/0 R3(config-if)#ip address 30.0.0.3 255.0.0.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#exit R3#
Task 4 Check Connectivity Between Directly Connected Interfaces. Verification: On R1: R1#ping 12.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms
On R2 : R2# R2#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms R2#ping 23.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#
On R3 :
R3# R3#ping 23.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R3#
Task 5 Save your configuration Solution: On R1: R1#write On R2: R2#write On R3: R3#write
Task 6 Configure a static route from R1 so that it can reach networks 23.0.0.0/8, 20.0.0.0/8 30.0.0.0/8 Solution: On R1: R1# R1#config terminal R1(config)#ip route 20.0.0.0 255.0.0.0 12.0.0.2 R1(config)#ip route 23.0.0.0 255.0.0.0 12.0.0.2 R1(config)#ip route 30.0.0.0 255.0.0.0 12.0.0.2 Verification: R1# R1#show ip route Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP, D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area, N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2 E1 – OSPF external type 1,
E2 – OSPF external type 2, i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area * - candidate default, U – per-user static route
o – ODR,
P – periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C
10.0.0.0/8 is directly connected, Ethernet0/0
L
10.0.0.1/32 is directly connected, Ethernet0/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/8 is directly connected, Serial1/0
L
12.0.0.1/32 is directly connected, Serial1/0
S
20.0.0.0/8 [1/0] via 12.0.0.2
S
23.0.0.0/8 [1/0] via 12.0.0.2
S
30.0.0.0/8 [1/0] via 12.0.0.2
R1#
Task 7 Configure R2 so that it gets reach ability to networks 10.0.0.0/8, and 30.0.0.0/8 do not specify next hop address to achieve this task On R2 : R2# R2#configure terminal R2(config)#ip route 10.0.0.0 255.0.0.0 serial 1/0 R2(config)#ip route 30.0.0.0 255.0.0.0 serial 1/1 R2(config)#exit R2# Verification: R2# R2#show ip route Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP, D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area, N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2, E1 – OSPF external type 1, E2 – OSPF external type 2, i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2,
ia – IS-IS inter area,
* - candidate default, U – per-user static route o – ODR, P – periodic downloaded static route, + - replicated route
Gateway of last resort is not set
S
10.0.0.0/8 is directly connected, Serial1/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/8 is directly connected, Serial1/0
L
12.0.0.2/32 is directly connected, Serial1/0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
20.0.0.0/8 is directly connected, Ethernet0/0
L
20.0.0.2/32 is directly connected, Ethernet0/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/8 is directly connected, Serial1/1
L
23.0.0.2/32 is directly connected, Serial1/1
S
30.0.0.0/8 is directly connected, Serial1/1
R2#
Task 8: Configure R3 in such a manner that it gets rechability to all other networks in single static route. Do not configure any more specific static routes to achieve this task. On R3 : R3# R3#configure terminal R3(config)#ip route 0.0.0.0 0.0.0.0 23.0.0.2 R3(config)#exit R3#
Verification : R3# R3#show ip route Codes: L – local, C – connected, S – static, R – RIP, M – mobile,
B – BGP,
D – EIGRP, EX – EIGRP external, O – OSPF,
IA – OSPF inter area
N1 – OSPF NSSA external type 1,
N2 – OSPF NSSA external type 2 E1 – OSPF external type 1, E2 – OSPF external type 2 i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2 ia – IS-IS inter area, * - candidate default, U – per-user static route o – ODR, P – periodic downloaded static route, + - replicated route
Gateway of last resort is 23.0.0.2 to network 0.0.0.0
S*
0.0.0.0/0 [1/0] via 23.0.0.2 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/8 is directly connected, Serial1/0
L
23.0.0.3/32 is directly connected, Serial1/0
R3#
Task 9 : Ping 30.0.0.3 from R1, Ping 10.0.0.1 and 30.0.0.3 for R2 Ping 10.0.0.1 from R3 to test end to end reachability. R1# R1#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24ms R1# R2# R2#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms R2# R2#ping 30.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/37/80 ms R2# R3# R3#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#
Explanation:As we see from above output that we have got the full reachabltiy. On R1 we have give destination network i.e 20.0.0.0,23.0.0.0 and 30.0.0.0 and their respective subnet masks and in the last part we gave the next hop address that is router to whom packet should be routed. Here the ip route format is ―ip route ip route 20.0.0.0 255.0.0.0 12.0.0.2 ip route 23.0.0.0 255.0.0.0 12.0.0.2 ip route 30.0.0.0 255.0.0.0 12.0.0.2 on R2 we have been instructed not to give next hop address so we can here give outgoing interface ip route 10.0.0.0 255.0.0.0 serial1/0 ip route 30.0.0.0 255.0.0.0 serial1/1 On R3 we have instructed not to use any specific routes so here we are using special static route which is also called as default route. That is if router does not get any specific network in his routing table. It is going to use the default route to route the packet.
ip route 0.0.0.0 0.0.0.0 23.0.0.2
RIPv2
RIPv2 was first described in RFC 1388 and RFC 1723 (1994); the current RFC is 2453, written in November 1998. Although current environments use advanced routing protocols such as OSPF and EIGRP, there still are networks using RIP. The need to use VLSMs and other requirements prompted the definition of RIPv2. RIPv2 improves upon RIPv1 with the ability to use VLSM, with support for route authentication, and with multicasting of route updates. RIPv2 supports CIDR. It still sends updates every 30 seconds and retains the 15-hop limit; it also uses triggered updates. RIPv2 still uses UDP port 520; the RIP process is responsible for checking the version number. It retains the loop-prevention strategies of poison reverse and counting to infinity. On Cisco routers, RIPv2 has the same administrative distance as RIPv1, which is 120. Finally, RIPv2 uses the IP address 224.0.0.9 when multicasting route updates to other RIP routers. As in RIPv1, RIPv2 will, by default, summarize IP networks at network boundaries. You can disable auto-summarization if required. You can use RIPv2 in small networks where VLSM is required. It also works at the edge of larger networks. RIPv2 Forwarding Information Base RIPv2 maintains a routing table database as in Version 1. The difference is that it also keeps the subnet mask information. The following list repeats the table information of RIPv1:
IP address—IP address of the destination host or network, with subnet mask Gateway—The first gateway along the path to the destination Interface—The physical network that must be used to reach the destination Metric—A number indicating the number of hops to the destination Timer—The amount of time since the route entry was last updated RIPv2 Design Things to remember in designing a network with RIPv2 include that it supports VLSM within networks and CIDR for network summarization across adjacent networks. RIPv2 allows for the summarization of routes in a hierarchical network. RIPv2 is still limited to 16 hops; therefore, the network diameter cannot exceed this limit. RIPv2 multicasts its routing table every 30 seconds to the multicast IP address 224.0.0.9. RIPv2 is usually limited to accessing networks where it can interoperate with servers running routed or with non-Cisco routers. RIPv2 also appears at the edge of larger internetworks. RIPv2 further provides for route authentication.
Split Horizon: In this example, network node A routes packets to node B in order to reach node C. The links between the nodes are distinct point-to-point links.
According to the split-horizon rule, node A does not advertise its route for C (namely A to B to C) back to B. On the surface, this seems redundant since B will never route via node A because the route costs more than the direct route from B to C. However, if the link between B and C goes down, and B had received a route from A, B could end up using that route via A. A would send the packet right back to B, creating a loop. With the split-horizon rule in place, this particular loop scenario cannot happen, improving convergence time in complex, highly-redundant environments Poison Reverse: Split-horizon routing with poison reverse is a variant of split-horizon route advertising in which a router actively advertises routes as unreachable over the interface over which they were learned. The effect of such an announcement is to immediately remove most looping routes before they can propagate through the network. The main disadvantage of poison reverse is that it can significantly increase the size of routing announcements in certain fairly common network topologies. RIPv2 Summary The characteristics of RIPv2 follow:
Distance-vector protocol. Uses UDP port 520. Classless protocol (support for CIDR).
Supports VLSMs. Metric is router hop count. Maximum hop count is 15; infinite (unreachable) routes have a metric of 16. Periodic route updates sent every 30 seconds to multicast address 224.0.0.9. 25 routes per RIP message (24 if you use authentication). Supports authentication. Implements split horizon with poison reverse. Implements triggered updates. Subnet mask included in route entry. Administrative distance for RIPv2 is 120. Used in small, flat networks or at the edge of larger networks.
RIP Configuration Load IP Routing initials prior to starting
Task 1 Configure RIPv2 on R1 advertise it’s all network into RIP Solution: On R1: R1# R1#configure terminal R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 10.0.0.0
R1(config-router)#network 12.0.0.0 R1(config-router)#exit R1(config)#exit R1#
Verification: On R1: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 27 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2 Interface
Send
Recv
Ethernet0/0
2
2
Serial1/0
2
2
Triggered RIP
Key-chain
Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0 Routing Information Sources: Gateway
Distance
Last Update
Distance: (default is 120)
R1#
Task 2 From above output we can see that R1 is doing auto-summarization so disable autosummarization on R1
Solution: On R1: R1# R1#configure terminal R1(config)#router rip R1(config-router)#no auto-summary R1(config-router)#exit R1(config)#exit R1# Verification: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2 Interface
Send
Recv
Ethernet0/0
2
2
Serial1/0
2
2
Triggered RIP
Key-chain
Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0 Routing Information Sources: Gateway
Distance
Last Update
Distance: (default is 120) R1#
Task 3 configure RIP v2 on R2 and R3 advertise all the networks and disable autosummarization.
Solution: On R2: R2# R2#config terminal R2(config)#router rip R2(config-router)#version 2 R2(config-router)#no auto-summary R2(config-router)#network 12.0.0.0 R2(config-router)#network 23.0.0.0 R2(config-router)#network 20.0.0.0 R2(config-router)#exit R2(config)#exit R2#
On R3: R3# R3#configure terminal R3(config)#router rip R3(config-router)#no auto-summary R3(config-router)#version 2 R3(config-router)#network 23.0.0.0 R3(config-router)#network 30.0.0.0 R3(config-router)#exit R3(config)#exit R3#
Task 4 Verify Routing tables of all 3 routers and test end-to-end connectivity. Verification: R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area,
* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C
10.0.0.0/24 is directly connected, Ethernet0/0
L
10.0.0.1/32 is directly connected, Ethernet0/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.1/32 is directly connected, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
R
20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 23.0.0.0/24 is subnetted, 1 subnets
R
23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 30.0.0.0/24 is subnetted, 1 subnets
R
30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0
R1#
R1#ping 23.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms R1#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms R1#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
R1#
On R2: R2# R2#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area , N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 , ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets R
10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.2/32 is directly connected, Serial1/0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
20.0.0.0/24 is directly connected, Ethernet0/0
L
20.0.0.2/32 is directly connected, Ethernet0/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/1
L
23.0.0.2/32 is directly connected, Serial1/1 30.0.0.0/24 is subnetted, 1 subnets
R
30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1
R2# R2# R2#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#
On R3: R3# R3#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2,
i - IS-IS, su - IS-IS summary,
L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area , * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets R
10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0 12.0.0.0/24 is subnetted, 1 subnets
R
12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
R
20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/0
L
23.0.0.3/32 is directly connected, Serial1/0 30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
30.0.0.0/24 is directly connected, Ethernet0/0
L
30.0.0.3/32 is directly connected, Ethernet0/0
R3# R3# R3#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms R3#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#
Task 5 Configure all three routers in such way that they send updates through only required interfaces Solution: On R1: R1#config terminal R1(config)#router rip R1(config-router)#passive-interface ethernet 0/0 R1(config-router)#exit R1(config)#exit R1#
On R2: R2#config terminal R2(config)#router rip R2(config-router)#passive-interface ethernet 0/0 R2(config-router)#exit R2(config)#exit R2#
On R3:
R3#config terminal R3(config)#router rip R3(config-router)#passive-interface ethernet 0/0 R3(config-router)#exit R3(config)#exit R3 Verification: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 2 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2 Interface
Send
Recv
Serial1/0
2
2
Triggered RIP
Key-chain
Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0 Passive Interface(s): Ethernet0/0 Routing Information Sources: Gateway 12.0.0.2
Distance 120
Last Update 00:00:01
Distance: (default is 120)
Explanation: Task 1 is asking us to configure RIP version 2 on all the interfaces. In the router rip sub configuration we have to advertise our interfaces with network command. We can only declare networks in their classfull boundaries. Version 2 is to be specified as default behavior is send version 1 updates and receive both version 1 and version 2 updates. This configuration can be checked in show ip protocols
In configuration of task 2 we can see that by default RIP will always do auto-summarization. To disable the auto-summarization we can give no auto-summary under RIP routing process. Task 5 is asking us to send RIPv2 updates only out of required interface. Always remember that RIPv2 does support classless network advertisement but we can only publish classfull networks in RIPv2. By default all the routing protocols except BGP, Send hello packets and advertise the networks, which we have defined by network command. In RIPv2 if we make a passive interface then that interface is advertised but it does not send any updates. But the limitation in RIPv2 is this interface can still receive RIP updates.
EIGRP Implementing EIGRP EIGRP is an advanced distance vector routing protocol developed by Cisco. EIGRP is suited for many different topologies and media. In a well-designed network, EIGRP scales well and provides extremely quick convergence times with minimal overhead. EIGRP is a popular choice for a routing protocol on Cisco devices. Introducing EIGRP EIGRP is a Cisco-proprietary routing protocol that combines the advantages of link-state and distance vector routing protocols. EIGRP is an advanced distance vector or hybrid routing protocol that includes the following features:
Rapid Convergence
EIGRP uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence. A router that uses EIGRP stores all available backup routes for destinations so that it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternate route.
Reduced bandwidth usage EIGRP does not make periodic updates. Instead, it sends partial updates when the path or the metric changes for that route. When path information changes, DUAL sends an update about only that link rather than about the entire table.
Multiple network layer support EIGRP supports AppleTalk, IP version 4 (IPv4), IP version 6 (IPv6), and Novell Internetwork Packet Exchange (IPX), which use protocol-dependent modules (PDM). PDMs are responsible for protocol requirements that are specific to the network layer.
Classless routing Because EIGRP is a classless routing protocol, it advertises a routing mask for each destination network. The routing mask feature enables EIGRP to support discontiguous subnetworks and variable-length subnet masks (VLSM).
Less overhead EIGRP uses multicast and unicast rather than broadcast. As a result, end stations are unaffected by routing updates and requests for topology information.
Load balancing EIGRP supports unequal metric load balancing, which allows administrators to better distribute traffic flow in their networks.
Easy summarization EIGRP enables administrators to create summary routes anywhere within the network rather than rely on the traditional distance vector approach of performing classful route summarization only at major network boundaries. Each EIGRP router maintains a neighbor table. This table includes a list of directly connected EIGRP routers that have an adjacency with this router. Each EIGRP router maintains a topology table for each routed protocol configuration. The topology table includes route entries for every destination that the router learns. EIGRP chooses the best routes to a destination from the topology table and places these routes in the routing table. In EIGRP, the best route is called a successor route while a backup route is called the feasible successor. To determine the best route (successor) and the backup route (feasible successor) to a destination, EIGRP uses the following two parameters:
Advertised distance The EIGRP metric for an EIGRP neighbor to reach a particular network
Feasible distance The advertised distance for a particular network learned from an EIGRP neighbor plus the EIGRP metric to reach that neighbor A router compares all feasible distances to reach a specific network and then selects the lowest feasible distance and places it in the routing table. The feasible distance for the chosen route becomes the EIGRP routing metric to reach that network in the routing table. The EIGRP topology database contains all the routes that are known to each EIGRP neighbor. Routers A and B send their routing tables to Router C, whose table is displayed in Both Routers A and B have pathways to network 10.1.1.0/24, as well as to other networks that are not shown
.
Configuring and Verifying EIGRP Use the router eigrp and network commands to create an EIGRP routing process. Note that EIGRP requires an autonomous system (AS) number. The AS number does not have to be registered as is the case when routing on the Internet with the Border Gateway Protocol (BGP) routing protocol. However, all routers within an AS must use the same AS number to exchange routing information with each other.
The network command defines a major network number to which the router is directly connected. The EIGRP routing process looks for interfaces that have an IP address that belongs to the networks that are specified with the network command and begins the EIGRP process on these interfaces.
EIGRP Command Example Command router eigrp 100 network 172.16.0.0 network 10.0.0.0
Description Enables the EIGRP routing process for AS 100 Associates network 172.16.0.0 with the EIGRP routing process Associates network 10.0.0.0 with the EIGRP routing process
EIGRP sends updates out of the interfaces in networks 10.0.0.0 and 172.16.0.0. The updates include information about networks 10.0.0.0 and 172.16.0.0 and any other networks that EIGRP learns. EIGRP automatically summarizes routes at the classful boundary. In some cases, you might not want automatic summarization to occur. For example, if you have discontiguous networks, you need to disable automatic summarization to minimize router confusion. To disable automatic summarization, use the no auto-summary command in the EIGRP router configuration mode. The show ip protocols command displays the parameters and current state of the active routing protocol process. This command shows the EIGRP AS number. It also displays filtering and redistribution numbers and neighbor and distance information. This also shows the networks that are currently being advertised on the router by the protocol. Use the show ip eigrp interfaces [type number] [as-number] command to determine on which interfaces EIGRP is active, and to learn information about EIGRP that relates to those interfaces. If you specify an interface by using the type number option, only that interface is displayed. Otherwise, all interfaces on which EIGRP is running are displayed. If you specify an AS using the as-number option, only the routing process for the specified AS is displayed. Otherwise, all EIGRP processes are displayed. Exam shows the output of the show ip eigrp interfaces command. EIGRP Summary The characteristics of EIGRP follow:
Hybrid routing protocol (distance vector that has link-state protocol characteristics). Uses IP protocol 88. Classless protocol (supports VLSMs). Default composite metric uses bandwidth and delay. You can factor load and reliability into the metric. Sends partial route updates only when there are changes. Support for authentication. Uses DUAL for loop prevention. By default, equal-cost load balancing. Unequal-cost load balancing with the variance command. Administrative distance is 90 for EIGRP internal routes, 170 for EIGRP external routes, and 5 for EIGRP summary routes. Potential routing protocol for the core of a network; used in large networks.
EIGRP Configuration Load IP Routing Initials Prior to Starting
Task 1 Configure EIGRP AS 100 on R1 advertise it’s all networks into EIGRP Solution: On R1 : R1# R1#configure terminal
R1(config)#router eigrp 100 R1(config-router)#network 10.0.0.0 R1(config-router)#network 12.0.0.0 R1(config-router)#exit R1(config)#exit R1#
Verification: On R1: R1# *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: eigrp 100 EIGRP-IPv4 Protocol for AS(100) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 12.0.0.1 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: enabled Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0
Routing Information Sources: Gateway
Distance
Last Update
Distance: internal 90 external 170
R1#
Task 2 From above output we can see that R1 is doing auto-summarization so disable autosummarization on R1 Solution: On R1: R1# R1#configure terminal R1(config)#router eigrp 100 R1(config-router)#no auto-summary R1(config-router)#exit R1(config)#exit R1# Verification: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: eigrp 100 EIGRP-IPv4 Protocol for AS(100) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 12.0.0.1 Topology : 0 (base)
Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: disabled Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0 Routing Information Sources: Gateway
Distance
Last Update
Distance: internal 90 external 170
R1#
Task 4 configure EIGRP AS 100 on R2 and R3 advertise all the networks and disable autosummarization. Solution: On R2: R2# R2#config terminal R2(config)#router eigrp 100 R2(config-router)#no auto-summary R2(config-router)#network 12.0.0.0 R2(config-router)#network 23.0.0.0 R2(config-router)#network 20.0.0.0 R2(config-router)#exit R2(config)#exit R2#
On R3: R3# R3#configure terminal
R3(config)#router eigrp 100 R3(config-router)#no auto-summary R3(config-router)#network 23.0.0.0 R3(config-router)#network 30.0.0.0 R3(config-router)#exit R3(config)#exit R3#
Task 5 Verify Routing tables of all 3 routers and test end-to-end connectivity. Verification: On R1: R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area,
* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks D
10.0.0.0/24 is directly connected, Ethernet0/0
L
10.0.0.1/32 is directly connected, Ethernet0/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.1/32 is directly connected, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
D
20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 23.0.0.0/24 is subnetted, 1 subnets
D
23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 30.0.0.0/24 is subnetted, 1 subnets
D R1#
30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0
R1# R1#ping 23.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms R1#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms R1#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
R1#
On R2: R2# R2#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area , N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 , ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets D
10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.2/32 is directly connected, Serial1/0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
20.0.0.0/24 is directly connected, Ethernet0/0
L
20.0.0.2/32 is directly connected, Ethernet0/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/1
L
23.0.0.2/32 is directly connected, Serial1/1 30.0.0.0/24 is subnetted, 1 subnets
D
30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1
R2# R2# R2#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#
On R3: R3# R3#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2,
i - IS-IS, su - IS-IS summary,
L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area , * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets D
10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0 12.0.0.0/24 is subnetted, 1 subnets
D
12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
D
20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/0
L
23.0.0.3/32 is directly connected, Serial1/0 30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
30.0.0.0/24 is directly connected, Ethernet0/0
L
30.0.0.3/32 is directly connected, Ethernet0/0
R3# R3# R3#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms R3#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#
Task 5 Configure all three routers in such manner that they send updates through only required interfaces Solution: On R1
R1#config terminal R1(config)#router eigrp 100 R1(config-router)#passive-interface ethernet 0/0 R1(config-router)#exit R1(config)#exit R1#
On R2: R2#config terminal R2(config)#router eigrp 100 R2(config-router)#passive-interface ethernet 0/0 R2(config-router)#exit R2(config)#exit R2#
On R3: R3#config terminal R3(config)#router eigrp 100 R3(config-router)#passive-interface ethernet 0/0 R3(config-router)#exit R3(config)#exit R3#
Verification: On R1: R1# R1#show ip protocols R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: eigrp 100 EIGRP-IPv4 Protocol for AS(100) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 12.0.0.1 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: disabled Maximum path: 4 Routing for Networks: 10.0.0.0 12.0.0.0 Passive Interface(s): Ethernet0/0 Routing Information Sources: Gateway
Distance
Last Update
Distance: internal 90 external 170
R1#
OSPF Background Information OSPF protocol was developed due to a need in the internet community to introduce a high functionality non-proprietary Internal Gateway Protocol (IGP) for the TCP/IP protocol family. The discussion of the creation of a common interoperable IGP for the Internet started in 1988 and did not get formalized until 1991. At that time the OSPF Working Group requested that OSPF be considered for advancement to Draft Internet Standard. The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has
introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth. These chapters discuss the OSPF terminology, algorithm and the pros and cons of the protocol in designing the large and complicated networks of today. OSPF versus RIP The rapid growth and expansion of today's networks has pushed RIP to its limits. RIP has certain limitations that can cause problems in large networks:
RIP has a limit of 15 hops. A RIP network that spans more than 15 hops (15 routers) is considered unreachable. RIP cannot handle Variable Length Subnet Masks (VLSM). Given the shortage of IP addresses and the flexibility VLSM gives in the efficient assignment of IP addresses, this is considered a major flaw. Periodic broadcasts of the full routing table consume a large amount of bandwidth. This is a major problem with large networks especially on slow links and WAN clouds. RIP converges slower than OSPF. In large networks convergence gets to be in the order of minutes. RIP routers go through a period of a hold-down and garbage collection and slowly time-out information that has not been received recently. This is inappropriate in large environments and could cause routing inconsistencies. RIP has no concept of network delays and link costs. Routing decisions are based on hop counts. The path with the lowest hop count to the destination is always preferred even if the longer path has a better aggregate link bandwidth and less delays. RIP networks are flat networks. There is no concept of areas or boundaries. With the introduction of classless routing and the intelligent use of aggregation and summarization, RIP networks seem to have fallen behind. Some enhancements were introduced in a new version of RIP called RIP2. RIP2 addresses the issues of VLSM, authentication, and multicast routing updates. RIP2 is not a big improvement over RIP (now called RIP 1) because it still has the limitations of hop counts and slow convergence which are essential in today’s large networks. OSPF, on the other hand, addresses most of the issues previously presented:
With OSPF, there is no limitation on the hop count. The intelligent use of VLSM is very useful in IP address allocation. OSPF uses IP multicast to send link-state updates. This ensures less processing on routers that are not listening to OSPF packets. Also, updates are only sent in case routing changes occur instead of periodically. This ensures a better use of bandwidth. OSPF has better convergence than RIP. This is because routing changes are propagated instantaneously and not periodically. OSPF allows for better load balancing. OSPF allows for a logical definition of networks where routers can be divided into areas. This limits the explosion of link state updates over the whole network. This also provides a mechanism for aggregating routes and cutting down on the unnecessary propagation of subnet information. OSPF allows for routing authentication by using different methods of password authentication. OSPF allows for the transfer and tagging of external routes injected into an Autonomous System. This keeps track of external routes injected by exterior protocols such as BGP. This of course leads to more complexity in the configuration and troubleshooting of OSPF networks. Administrators that are used to the simplicity of RIP are challenged with the amount of new information they have to learn in order to keep up with OSPF networks. Also, this introduces more overhead in memory allocation and CPU utilization. Some of the routers running RIP might have to be upgraded in order to handle the overhead caused by OSPF.
What Do We Mean by Link-States? OSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface and of its relationship to its neighboring routers. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database. Shortest Path First Algorithm OSPF uses a shorted path first algorithm in order to build and calculate the shortest path to all known destinations. The shortest path is calculated with the use of the Dijkstra algorithm. The algorithm by itself is quite complicated. This is a very high level, simplified way of looking at the various steps of the algorithm: 1. Upon initialization or due to any change in routing information, a router generates a link-state advertisement. This advertisement represents the collection of all link-states on that router. 2. All routers exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers. 3. After the database of each router is completed, the router calculates a Shortest Path Tree to all destinations. The router uses the Dijkstra algorithm in order to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations form the IP routing table. 4. In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated through link-state packets, and the Dijkstra algorithm is recalculated in order to find the shortest path. The algorithm places each router at the root of a tree and calculates the shortest path to each destination based on the cumulative cost required to reach that destination. Each router will have its own view of the topology even though all the routers will build a shortest path tree using the same link-state database. The following sections indicate what is involved in building a shortest path tree.
OSPF Cost The cost (also called metric) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved in crossing a 56k serial line than crossing a 10M Ethernet line. The formula used to calculate the cost is: Cost = 100/Bandwidth in Mbps
OSPF Configuration Load IP Routing Intials Prior to Starting
Task 1 Configure OSPF area 0 on R1 advertise it’s all networks into OSPF use process id 100 Solution: On R1:
R1# R1#configure terminal R1(config)#router ospf 100 R1(config-router)#network 10.0.0.0 0.0.0.255 area 0 R1(config-router)#network 12.0.0.0 0.0.0.255 area 0 R1(config-router)#exit R1(config)#exit R1#
Verification: On R1: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "ospf 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 12.0.0.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 10.0.0.0 0.0.0.255 area 0 12.0.0.0 0.0.0.255 area 0 Routing Information Sources: Gateway
Distance
Last Update
Distance: (default is 110)
R1#
Task 2 configure OSPF area 0 on R2 and R3 advertise all the networks use process id 100 Solution:
On R2:
R2# R2#config terminal R2(config)#router ospf 100 R2(config-router)#network 12.0.0.0 0.0.0.255 area 0 R2(config-router)#network 23.0.0.0 0.0.0.255 area 0 R2(config-router)#network 20.0.0.0 0.0.0.255 area 0 R2(config-router)#exit R2(config)#exit R2#
On R3: R3# R3#configure terminal R3(config)#router ospf 100 R3(config-router)#network 23.0.0.0 0.0.0.255 area 0 R3(config-router)#network 30.0.0.0 0.0.0.255 area 0 R3(config-router)#exit R3(config)#exit R3#
Task 3 Verify Routing tables of all 3 routers and test end-to-end connectivity. Verification: R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area,
* - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O
10.0.0.0/24 is directly connected, Ethernet0/0
L
10.0.0.1/32 is directly connected, Ethernet0/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.1/32 is directly connected, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
O
20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 23.0.0.0/24 is subnetted, 1 subnets
O
23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0 30.0.0.0/24 is subnetted, 1 subnets
O
30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0
R1# R1# R1#ping 23.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/16 ms R1#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms R1#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
R1#
On R2: R2# R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP, D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area , N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 , ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets O
10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0 12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
12.0.0.0/24 is directly connected, Serial1/0
L
12.0.0.2/32 is directly connected, Serial1/0 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
20.0.0.0/24 is directly connected, Ethernet0/0
L
20.0.0.2/32 is directly connected, Ethernet0/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/1
L
23.0.0.2/32 is directly connected, Serial1/1 30.0.0.0/24 is subnetted, 1 subnets
O
30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1
R2# R2# R2#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#
On R3: R3# R3#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2,
i - IS-IS, su - IS-IS summary,
L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area , * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets O
10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0 12.0.0.0/24 is subnetted, 1 subnets
O
12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 20.0.0.0/24 is subnetted, 1 subnets
O
20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0 23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
23.0.0.0/24 is directly connected, Serial1/0
L
23.0.0.3/32 is directly connected, Serial1/0 30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C
30.0.0.0/24 is directly connected, Ethernet0/0
L
30.0.0.3/32 is directly connected, Ethernet0/0
R3# R3# R3#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#ping 20.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms R3#ping 10.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/20 ms R3#
Task 4 Configure all three routers in such manner that they send updates through only required interfaces On R1 R1#config terminal R1(config)#router ospf 100 R1(config-router)#passive-interface ethernet 0/0 R1(config-router)#exit R1(config)#exit R1#
On R2: R2#config terminal R2(config)#router ospf 100 R2(config-router)#passive-interface ethernet 0/0 R2(config-router)#exit R2(config)#exit R2#
On R3: R3#config terminal R3(config)#router ospf 100 R3(config-router)#passive-interface ethernet 0/0
R3(config-router)#exit R3(config)#exit R3# Verification: On R1: R1# R1#show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "ospf 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 12.0.0.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 10.0.0.0 0.0.0.255 area 0 12.0.0.0 0.0.0.255 area 0 Passive Interface(s): Ethernet0/0 Routing Information Sources: Gateway
Distance
Last Update
Distance: (default is 110)
R1#
Task 5 check ospf neighbors on all the router with show ip ospf neighbor. Verification: On R1: R1# R1#show ip ospf neighbor
Neighbor ID 23.0.0.2 R1#
On R2:
Pri 0
State
Dead Time
Address
Interface
FULL/-
00:00:36
12.0.0.2
Serial1/0
R2# R2#show ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Address
Interface
30.0.0.3
0
FULL/-
00:00:38
23.0.0.3
Serial1/1
12.0.0.1
0
FULL/-
00:00:38
12.0.0.1
Serial1/0
State
Dead Time
Address
Interface
FULL/-
00:00:34
23.0.0.2
Serial1/0
R2#
On R3: R3#show ip ospf neighbor
Neighbor ID
Pri
23.0.0.2
0
R3#
Explanation: In task 1 we have been asked to advertise network in OSPF un likely in EIGRP we give router eigrp and AS number in EIGRP configuration. But in ospf we have to give process id. When we have to advertise networks in ospf we have to use wild-card bits. The best way to calculate wild-card bits for any network is to subtract subnet-mask from broadcast address. For e.g. Wildcard bit for 150.1.1.0/24 will be 255.255.255.255 - 255.255.255.0 = 0.0.0.255 So if you want to advertise network 150.1.1.0/24 in ospf u can advertise with “network 1501.1.0 0.0.0.255 area 0”
Switch Introduction
Hubs vs. Switches Prior to switches, Hubs were the standard for connecting devices on a local area network (LAN). The problem with hubs was that everything that went through them had to share the bandwidth of the link. Bandwidth was wasted because all traffic was sent to all devices, and there were a lot of collisions because the hub didn’t do anything to prevent them. A switch fixes these problems. What do switches do? Here are some facts about switches that you should know:
Switches work at Layer 2 of the OSI model, not Layer 1 like a hub Switches switch Ethernet frames Switches don’t look at IP address information, only Ethernet MAC addresses Switches keeps a table of all MAC addresses traversing the switch and what port they are on (this table is called the bridge forwarding table or CAM table) Switches only sends traffic to the devices that are the destination for that traffic, saving bandwidth Each device connected to the switch gets the full bandwidth of the switch port because the switch prevents collisions Flooding Now that you know that the switch has the bridge forwarding table and uses that to intelligently send traffic, a common question is, ―what if the destination MAC address for the traffic that the switch receives is not in the bridge forwarding table?‖ What does the switch do with that Ethernet frame? The answer is that the switch will flood that frame out all ports on the switch. The switch will then monitor the traffic for the response from that frame and see what device, on what port, responded to that flooded frame. That information will be put in the bridge forwarding table so that, next time, the switch won’t have to flood that traffic Port speed & Duplex Of particular importance when it comes to switches are port speed and duplex. The speed of a port can be set to 10Mb, 100Mb, or 1000Mb (1GB), or Auto negotiate, depending on what the switch and the connecting device offers. Most switch ports and devices use auto negotiate to find the best speed and duplex available. However, this doesn’t always work. Some devices have trouble with this and you may have to go in to the switch and hardcode the speed or duplex. Speaking of duplex, what is duplex? Duplex is set to either half, full, or is auto negotiated. A half duplex connection is where only one device can send or receive at a time. A full duplex connection is where both devices can send and receive at the same time. Thus, if you have a 100Mb half-duplex connection, only sending at 100Mb OR receiving at 100Mb can happen at the same time. If you have a 100Mb full duplex connection, you can effectively get 200Mb out of the link because you could be sending 100Mb and receiving 100Mb at the same time.
Have you ever wondered what a Virtual LAN (or VLAN) is or been unclear as to why you would want one? If so, I have been in your place at one time too. Since then, I have learned a lot about what a VLAN is and how it can help me. In this article, I will share that knowledge with you. What is a LAN? Okay, most of you already know what a LAN is but let’s give it a definition to make sure. We have to do this because, if you don’t know what a LAN is, you can’t understand what a VLAN is. A LAN is a local area network and is defined as all devices are in the same broadcast domain. If you remember, routers stop broadcasts, switches just forward them. What is a VLAN? As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain. This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain. Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN. Are VLANs required? It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.
Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another. When do I need a VLAN? You need to consider using VLAN’s in any of the following situations:
You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users. Or, just to make a single switch into multiple virtual switches. Why not just subnet my network? A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router. How can devices on different VLAN’s communicate? Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets. What is a trunk port? When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port. A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q. How do I create a VLAN? Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, is to:
Create the new VLAN’s Put each port in the proper VLAN Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5 (Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is how you would do it:
At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5 should be able to communicate. That is because each of these is in its own VLAN. For the device on port 2 to communicate with the device on port 4, you would have to configure a trunk port to a router so that it can strip off the VLAN information, route the packet, and add back the VLAN information. What do VLAN’s offer? VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts. VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network. Summary
A VLAN is a broadcast domain formed by switches Administrators must create the VLAN’s then assign what port goes in what VLAN, manually. VLAN’s provide better performance for medium and large LAN’s. All devices, by default, are in VLAN 1. A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN. For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.
VTP
Unfortunately, if you have more than a couple of switches, configuring VLAN’s can be a real pain. To make life easier, Cisco developed VLAN Trunking Protocol (VTP). Let’s find out what VTP can do for you. How can VTP help me? Say that you have 20 switches in your large office building. On each of these switches, you have four VLAN’s. Without VTP, you have to create each of these four VLANs on each of these switches. With VTP, you only have to create the four VLANs once, on one switch, and all other switches learn about the four VLANs. In other words, the job of VTP is to distribute VLAN configuration information between all the switches. How does it work? The job of VTP is best explained from the perspective of the VTP server. All switches, by default, are VTP servers. The VTP server is where you would create, remove, or modify VLANs. This VTP server sends an advertisement, across the domain, every 5 minutes or whenever a change is made in the VLAN database. That advertisement contains all the different VLAN names, VLAN numbers, what switches have ports in what VLANs, and a revision number. Whenever a switch receives an update with a larger revision number than the last one it applied, it applies that revision. Keep in mind that VTP is a Cisco proprietary protocol. So, to use VTP between your switches, you must have all Cisco switches. VTP Modes VTP switches can be in three different modes. Those modes are:
Server – the default where all VLAN adds, changes, and removals are allowed Client – where no changes can be made, only new revisions can be received from the VTP server switches. Transparent – where local VLAN information can be changed but that information is not sent out to other switches. Transparent switches also do not apply VTP advertisements from other switches but they do forward those advertisements on. Usually, you would want a few of your core switches to be servers and all remaining remote or access layer switches to be clients. You would only make changes on the server switches and those changes would be propagated to the client switches. What about pruning? VTP pruning is the process of not sending IP broadcast traffic for certain VLANs to switches that do not have any ports in that VLAN. The switches that choose not to send these broadcasts know that they cannot do this because of VTP. With VTP telling them what ports the other switches have, this switch knows that they don’t have to send them broadcast packets, because they know that the other switches don’t need them. To configure VTP, you use the vtp global configuration mode command. With this command you can specify the following:
VTP domain – the name of the VTP domain. All switches communicating with VTP in the same domain, must have the same VTP domain name. VTP mode – either server, client, or transparent VTP password – a password to control who can and cannot receive VTP information
VTP pruning – VTP pruning is either turned on or off Here is a sample configuration:
To see what is going on with VTP, you can use show vtp status, like this:
Summary
VTP is used to distribute VLAN configuration information between switches VTP is Cisco proprietary and can only be used on Cisco switches. By using VTP, you can also prune your VLANs, saving bandwidth The command to configure VTP is the global configuration mode command, vtp The command to check status is the privileged mode command, show vtp status
Switch Configuration
Task 1 Assign hostname R1, SW1, SW2, R2 to router1, switch1, switch2, router2 respectively. Solution: On Router1: Router>
Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#
On Router2: Router> Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#
On Router3: Router> Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#
On Switch1: Switch> Switch>enable Switch#configure terminal Switch(config)#hostname SW1 SW1(config)#
On Switch2: Switch> Switch>enable
Switch#configure terminal Switch(config)#hostname SW2 SW2(config)#
Task 2 Assign IP address 192.168.1.1/24 to R1’s E0/0 interface. Solution: On R1: R1(config)#interface Ethernet 0/0 R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#
Task 3 Assign IP address 192.168.1.2/24 to R2’s E0/0 interface. Solution: On R2: R2(config)#interface Ethernet 0/0 R2(config-if)#ip address 192.168.1.2 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#
Task 4 On SW1 configure interface Ethernet0/0 as trunk and use dot1q as trunking encapsulation. Verify the configuration. Solution: On SW1: SW1(config)# SW1(config)#interface Ethernet 0/0 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#exit SW1(config)#
Verification: SW1# SW1#show interfaces trunk
Port E0/0
Mode on
Encapsulation 802.1q
Status trunking
Native vlan 1
Port
Vlans allowed on trunk
E0/0
1-4094
Port
Vlans allowed and active in management domain
E0/0
1
Port
Vlans in spanning tree forwarding state and not pruned
E0/0 SW1#
1
Task 5 On SW2 configure interface ethernet0/0 as trunk and use dot1q as trunking encapsulation. Verify the configuration. Solution: On SW2: SW2(config)# SW2(config)#interface Ethernet 0/0 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#exit SW2(config)# Verification: SW2# SW2#show interfaces trunk
Port E0/0
Mode on
Encapsulation 802.1q
Status trunking
Native vlan 1
Port
Vlans allowed on trunk
E0/0
1-4094
Port
Vlans allowed and active in management domain
E0/0
1
Port
Vlans in spanning tree forwarding state and not pruned
E0/0
1
SW2#
Task 6 On SW1 change VTP Domain to CCNA and VTP Password to ACIT Solution: On SW1: SW1(config)# SW1(config)#vtp domain CCNA SW1(config)#vtp password ACIT SW1(config)#exit SW1#
Verification: SW1# SW1#show vtp status VTP Version
: 3 (capable)
Configuration Revision
: 0
Maximum VLANs supported locally : 1005 Number of existing VLANs
: 5
VTP Operating Mode
: Server
VTP Domain Name
: CCNA
VTP Pruning Mode
: Disabled (Operationally Disabled)
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x20 0x1D 0x95 0xF3 0x5C 0xF0 0x11 0x94
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found) VTP version running
: 1
SW1#
Task 7 On SW2 change VTP Domain to CCNA and VTP Password to ACIT and change VTP mode to client Solution: On SW2: SW2(config)# SW2(config)#vtp domain CCNA SW2(config)#vtp password ACIT SW2(config)#vtp mode client SW2(config)#exit SW2#
Verification: SW2# SW2#show vtp status VTP Version
: 3 (capable)
Configuration Revision
: 0
Maximum VLANs supported locally : 1005 Number of existing VLANs
: 5
VTP Operating Mode
: Client
VTP Domain Name
: CCNA
VTP Pruning Mode
: Disabled (Operationally Disabled)
VTP V2 Mode
: Disabled
VTP Traps Generation
: Disabled
MD5 digest
: 0x20 0x1D 0x95 0xF3 0x5C 0xF0 0x11 0x94
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 0.0.0.0 (no valid interface found) VTP version running
: 1
SW2#
Task 8 On SW1 create vlan 100, 200 ,300 ,400, 500 , 600 and verify that vlan information is propagated to SW2. Solution: On SW1: SW1#configure terminal SW1(config)#vlan 100,200,300,400,500,600 SW1(config-vlan)#exit SW1(config)#exit SW1# Verification: On SW1 SW1# SW1#show vlan VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
100
VLAN0100
active
200
VLAN0200
active
300
VLAN0300
active
400
VLAN0400
active
Et0/1, Et0/2, Et0/3
500
VLAN0500
active
600
VLAN0600
active
1002 fddi-default
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
...
SW1#
On SW2: SW2# SW2#show vlan VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
100
VLAN0100
active
200
VLAN0200
active
300
VLAN0300
active
400
VLAN0400
active
500
VLAN0500
active
600
VLAN0600
active
1002 fddi-default
Et0/1, Et0/2, Et0/3
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
...
SW2#
Task 9 On SW1 assign vlan 100 to Ethernet 0/1 port Solution: On SW1: SW1#configure terminal SW1(config)#interface ethernet 0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 100 SW1(config-if)#exit
SW1(config)#exit SW1# Verification: SW1# SW1#show vlan VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
Et0/2, Et0/3
100
VLAN0100
active
Et0/1
200
VLAN0200
active
300
VLAN0300
active
400
VLAN0400
active
500
VLAN0500
active
600
VLAN0600
active
1002 fddi-default
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
...
SW1#
Task 10 On SW2 assign vlan 100 to Ethernet 0/2 port Verification: On SW2: SW2#configure terminal SW2(config)#interface ethernet 0/2 SW2(config-if)#switchport mode access SW2(config-if)#switchport access vlan 100 SW2(config-if)#exit SW2(config)#exit SW2#
Verification: SW2# SW2#show vlan VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
Et0/1, Et0/3
100
VLAN0100
active
Et0/2
200
VLAN0200
active
300
VLAN0300
active
400
VLAN0400
active
500
VLAN0500
active
600
VLAN0600
active
1002 fddi-default
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
...
SW2#
Task 11 Test the reachability from R1 to R2 Verification: ON R1: R1# R1#ping 192.168.1.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#
Intervlan Configuration Note :-Load Intervlan Initials Prior to Starting
Task 1 Configure VLAN 100, 200 on SW1 Solution: ON SW1 SW1# SW1#configure terminal SW1(config)#vlan 100,200 SW1(config-vlan)#exit SW1(config)#exit
Verification: ON SW1 SW1# SW1#show vlan
VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
100
VLAN0100
active
200
VLAN0200
active
1002 fddi-default
Et0/1, Et0/2, Et0/3
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
Task 2 On SW1 Assign VLAN 100 to interface Ethernet 0/1 and VLAN200 to interface Ethernet 0/2 Verification: On SW1: SW1(config)#interface Ethernet 0/1 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 100 SW1(config-if)#exit SW1(config)#interface Ethernet 0/2 SW1(config-if)#switchport mode access SW1(config-if)#switchport access vlan 200 SW1(config-if)#exit SW1(config)#exit SW1#
Verification: On SW1: SW1# SW1#show vlan
VLAN Name
Status
Ports
---- ------------------ --------- ------------------------------1
default
active
Et0/3
100
VLAN0100
active
Et0/1
200
VLAN0200
active
Et0/2
1002 fddi-default
act/unsup
1003 token-ring-default act/unsup 1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
Task 3 Configure Ethernet 0/3 Port of SW1 as DOT1Q trunk and allow VLANS 100,200 on this trunk Solution: ON SW1: SW1(config)#int ethernet0/3 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#switchport trunk allowed vlan 100,200 SW1(config-if)#exit SW1(config)#exit SW1#
Verification: ON SW1 SW1# SW1#show interfaces trunk
Port
Mode
Encapsulation
Status
Native vlan
Et0/3
on
802.1q
trunking
1
Port
Vlans allowed on trunk
Et0/3
100,200
Port
Vlans allowed and active in management domain
Et0/3
100,200
Port
Vlans in spanning tree forwarding state and not pruned
Et0/3
100,200
SW1#
Task 4 On R3 Create Sub-interface Numbered 100 and assign vlan 100 and give ip address 192.168.100.254/24 and check the connectivity to R1 Solution: On R3 R3(config)# R3(config)#interface ethernet 0/0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)#int ethernet 0/0.100 R3(config-subif)#encapsulation dot1Q 100 R3(config-subif)#ip address 192.168.100.254 255.255.255.0 R3(config-subif)#exit R3(config)#exit
Verification: R3# R3#show ip int brief Interface
IP-Address
OK? Method Status
Ethernet0/0
unassigned
YES unset
Protocol
up
up
Ethernet0/0.100 192.168.100.254 YES manual up
up
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES unset
administratively down down
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
R3# R3#ping 192.168.100.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R3
Task 5 On R3 Create Sub-interface Numbered 200 and assign vlan 200 and give ip address 192.168.200.254/24 and check the connectivity to R2 Solution: On R3: R3(config)# R3(config)#int ethernet 0/0.200 R3(config-subif)#encapsulation dot1Q 200 R3(config-subif)#ip address 192.168.200.254 255.255.255.0 R3(config-subif)#exit R3(config)#exit
Verification: R3# R3#show ip int brief Interface
IP-Address
OK? Method Status
Ethernet0/0
unassigned
YES unset
Protocol
up
up
Ethernet0/0.100 192.168.100.254 YES manual up
up
Ethernet0/0.200 192.168.200.254 YES manual up
up
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES unset
administratively down down
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
R3# R3#ping 192.168.200.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.200.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R3
Task 6 Configure RIPv2 on R1,R2,R3 on all the routers to get end-to-end connectivity and test Rechablity between R1 and R2. Solution: On R1: R1(config)# R1(config)#router rip R1(config-router)#no auto-summary R1(config-router)#version 2 R1(config-router)#network 192.168.1.0 R1(config-router)#network 192.168.100.0 R1(config-router)#exit R1(config)#
On R2: R2(config)# R2(config)#router rip R2(config-router)#no auto-summary R2(config-router)#version 2 R2(config-router)#network 192.168.200.0 R2(config-router)#network 192.168.2.0 R2(config-router)#exit R2(config)#
On R3: R3(config)# R3(config)#router rip R3(config-router)#no auto-summary R3(config-router)#version 2 R3(config-router)#network 192.168.200.0 R3(config-router)#network 192.168.100.0 R3(config-router)#exit R3(config)#
Verification: On R1 R1# R1#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 , E1 - OSPF external type 1, E2 - OSPF external type 2 , i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ,ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C
192.168.1.0/24 is directly connected, Ethernet0/1
L
192.168.1.1/32 is directly connected, Ethernet0/1
R
192.168.2.0/24 [120/2] via 192.168.100.254, 00:00:09, Ethernet0/0 192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.100.0/24 is directly connected, Ethernet0/0
L
192.168.100.1/32 is directly connected, Ethernet0/0
R
192.168.200.0/24 [120/1] via 192.168.100.254, 00:00:09,Ethernet0/0
R1#ping 192.168.200.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.200.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R1#ping 192.168.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms R1#
On R2: R2# R2#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 , E1 - OSPF external type 1, E2 - OSPF external type 2 , i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ,ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R
192.168.1.0/24 [120/2] via 192.168.200.254, 00:00:08, Ethernet0/0 192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.2.0/24 is directly connected, Ethernet0/1
L R
192.168.2.2/32 is directly connected, Ethernet0/1 192.168.100.0/24 [120/1] via 192.168.200.254, 00:00:08,Ethernet0/0 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.200.0/24 is directly connected, Ethernet0/0
L
192.168.200.2/32 is directly connected, Ethernet0/0
R2# R2#ping 192.168.100.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/12 ms R2#ping 192.168.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R2#
On R3: R3# R3#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 , E1 - OSPF external type 1, E2 - OSPF external type 2 , i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ,ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route R
192.168.1.0/24 [120/1] via 192.168.100.1, 00:00:25,Ethernet0/0.100
R
192.168.2.0/24 [120/1] via 192.168.200.2, 00:00:15,Ethernet0/0.200 192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.100.0/24 is directly connected, Ethernet0/0.100
L
192.168.100.254/32 is directly connected, Ethernet0/0.100 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C
192.168.200.0/24 is directly connected, Ethernet0/0.200
L
192.168.200.254/32 is directly connected, Ethernet0/0.200
R3#ping 192.168.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms R3# R3#ping 192.168.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R3#
WAN What is HDLC? HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol. HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.
HDLC performs error correction, just like Ethernet. Cisco’s version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices. HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) won’t have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0, you’ll see that you are running HDLC. Here is an example:
What is PPP? You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is documented in RFC 1661. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines. The differences between PPP and HDLC are:
PPP is not proprietary when used on a Cisco router PPP has several sub-protocols that make it function. PPP is feature-rich with dial up networking features
Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:
Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors. Multilink can bring up multiple PPP dialup links and bond them together to function as one. Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to. To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:
After changing the encapsulation to ppp, I typed ppp ? to list the PPP options available. There are many PPP options when compared to HDLC. The list of PPP options in the screenshot is only a partial list of what is available. What is Frame-Relay? Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say ―I ordered a frame-relay circuit‖. Frame relay creates a private network through a carrier’s network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier’s network. This is really just a configuration entry that a carrier makes on their frame relay switches. Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network. The benefits to frame-relay are:
Ability to have a single circuit that connects to the ―frame relay cloud‖ and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don’t need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines. Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC’s to gain access to all remote sites.
By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection. Some other terms you should know, concerning frame relay are:
LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI’s are available and if there is congestion in the network. DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network. CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE. DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the framerelay network if there is congestion. FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.
PPP Configuration
Task 1 Configure hostnames R1, R2, R3 on router1 router2 and router3 respectively. Solution: On R1 Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#
On R2 Router> Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#
On R3 Router> Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#
Task 2 assign encapsulation of PPP to R1 interface Serial1/0 and assign IP address of 12.0.0.1/24 Solution: On R1 R1(config)#interface serial 1/0 R1(config-if)#encapsulation ppp R1(config-if)#ip address 12.0.0.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#
Task 3 assign encapsulation of PPP to R2 interface Serial1/0 and assign IP address of 12.0.0.1/24, give clock-rate of 64000. Check connectivity between R1 and R2. Solution: On R2 R2(config)#interface serial1/0 R2(config-if)#encapsulation ppp R2(config-if)#ip address 12.0.0.2 255.255.255.0 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#exit R2(config)# Verification: R2# R2#ping 12.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms R2#
Task 4 Configure PPP Pap authentication between R1 and R2 use password as ACIT Solution: On R1: R1(config)# R1(config)#username R2 password ACIT R1(config)#interface Serial1/0 R1(config-if)#ppp authentication pap R1(config-if)#ppp pap sent-username R1 password ACIT R1(config-if)#exit R1(config)#
On R2: R2(config)# R2(config)#username R1 password ACIT R2(config)#int serial 1/0 R2(config-if)#ppp authentication pap R2(config-if)#ppp pap sent-username R2 password ACIT R2(config-if)#exit R2(config)#
Verification: On R1 R1# R1#show users Line *
User
0 con 0
Host(s)
Idle
idle
00:00:00
Location
Interface
User
Mode
Idle
Se1/0
R2
Sync PPP
00:00:01 12.0.0.2
R1# R1#ping 12.0.0.2
Peer Address
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/16 ms R1#
On R2 R2# R2#show users Line *
User
0 con 0
Host(s)
Idle
idle
00:00:00
Location
Interface
User
Mode
Idle
Peer Address
Se1/0
R1
Sync PPP
00:00:00 12.0.0.1
R2# R2#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24 ms R2#
Task 5 On R2 configure interface Serial1/1 with IP address of 23.0.0.2/24 and set encapsulation to PPP, Set clock rate of 64000. Solution: On R2: R2(config)#username R3 password CISCO R2(config)#int se1/1 R2(config-if)#ip add 23.0.0.2 255.255.255.0 R2(config-if)#clock rate 64000 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap R2(config-if)#ppp chap password CISCO R2(config-if)#no shutdown R2(config-if)#exit
R2(config)#
On R3: R3(config)#username R2 password CISCO R3(config)#int se1/0 R3(config-if)#ip add 23.0.0.3 255.255.255.0 R3(config-if)#clock rate 64000 R3(config-if)#encapsulation ppp R3(config-if)#ppp authentication chap R3(config-if)#ppp chap password CISCO R3(config-if)#no shutdown R3(config-if)#exit R3(config)# Verification: On R2 R2# R2#show users Line *
User
0 con 0
Host(s)
Idle
idle
00:00:00
Location
Interface
User
Mode
Idle
Peer Address
Se1/0
R1
Sync PPP
00:00:00 12.0.0.1
Se1/1
R3
Sync PPP
00:00:00 23.0.0.3
R2# R2#ping 23.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24 ms R2#
On R3 R3# R3#show users
Line *
User
0 con 0
Host(s)
Idle
idle
00:00:00
Location
Interface
User
Mode
Idle
Peer Address
Se1/0
R2
Sync PPP
00:00:00 23.0.0.2
R3# R3#ping 23.0.0.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 23.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24 ms R3#
Frame-Relay Configuration
Task 1 Assign hostname FR-SWITCH to router 2 and Configure Router 2 as Frame-Relay Switch, Use LMI-Type Cisco use DLCI 103 from R1 and Use DLCI 301 from R3. Solution: On Router 2 Router>enable Router#configure terminal Router(config)#hostname FR-SWITCH FR-SWITCH(config)#frame-relay switching FR-SWITCH(config)#interface serial 1/0 FR-SWITCH(config-if)#encapsulation frame-relay FR-SWITCH(config-if)#frame-relay lmi-type cisco FR-SWITCH(config-if)#frame-relay intf-type dce FR-SWITCH(config-if)#clock rate 64000 FR-SWITCH(config-if)#frame-relay route 103 interface serial 1/1 301 FR-SWITCH(config-if)#no sh FR-SWITCH(config-if)#no shutdown FR-SWITCH(config-if)#exit FR-SWITCH(config)# FR-SWITCH(config)#interface serial 1/1 FR-SWITCH(config-if)#encapsulation frame-relay FR-SWITCH(config-if)#frame-relay lmi-type cisco FR-SWITCH(config-if)#frame-relay intf-type dce FR-SWITCH(config-if)#clock rate 64000 FR-SWITCH(config-if)#frame-relay route 301 interface serial 1/0 103
FR-SWITCH(config-if)#no shutdown FR-SWITCH(config-if)#exit FR-SWITCH(config)#exit FR-SWITCH#
Task 2 On router 1 assign hostname R1 and give interface serial1/0 ip address 13.0.0.1/24, use frame-relay as encapsulation, use frame-relay static DLCI mapping to map R3 IP address. Use DLCI 103. Solution: On R1 Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#interface serial 1/0 R1(config-if)#ip address 13.0.0.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#frame-relay map ip 13.0.0.3 103 broadcast R1(config-if)#no shutdown R1(config-if)#exit R1(config)#exit R1# Task 3 On router 3 assign hostname R3 and give interface serial1/0 ip address 13.0.0.3/24, use frame-relay as encapsulation, use frame-relay static DLCI mapping to map R1 IP address. Use DLCI 301. Solution: On R3 Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#interface serial 1/0 R3(config-if)#ip address 13.0.0.3 255.255.255.0 R3(config-if)#encapsulation frame-relay R3(config-if)#frame-relay map ip 13.0.0.1 301 broadcast
R3(config-if)#no shutdown R3(config-if)#exit R3(config)#exit R3# Verification: On R1 R1# R1#show frame-relay map Serial1/0 (up): ip 13.0.0.3 dlci 103(0x67,0x1870), static, broadcast, CISCO, status defined, active R1#ping 13.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/52/60 ms R1#
On R2 FR-SWITCH# FR-SWITCH#show frame-relay route Input Intf
Input Dlci
Output Intf
Output Dlci
Status
Serial1/0
103
Serial1/1
301
active
Serial1/1
301
Serial1/0
103
active
FR-SWITCH#
On R3 R3# R3#show frame-relay map Serial1/0 (up): ip 13.0.0.1 dlci 301(0x12D,0x48D0), static, broadcast, CISCO, status defined, active R3#ping 13.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/43/60 ms R3#
DHCP
Configuring DHCP Server This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). As explained in RFC 2131, Dynamic Host Configuration Protocol, DHCP provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering hostspecific configuration parameters from a DHCP Server to a host and a mechanism for allocating network addresses to hosts. DHCP is built on a client/server model, where designated DHCP Server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts.
Above shows, the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a DHCP Server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.
DHCP Configuration
Task 1 On Router 3 assign hostname R3 and assign IP address 192.168.123.3/24 to ethernet0/0 Solution: On R3: Router> Router>enable Router#configure terminal Router(config)#hostname R3 R3(config)#interface ethernet0/0 R3(config-if)#ip address 192.168.123.3 255.255.255.0 R3(config-if)#no shutdown R3(config-if)#exit R3(config)
Task 2 Configure R3 as DHCP Server so that R1 and R2 are automatically assigned with IP addresses. Also configure R3 as default-gateway and DNS server for R1,R2 . Solution: On R3 R3(config)#ip dhcp pool ACIT R3(dhcp-config)#network 192.168.123.0 /24 R3(dhcp-config)#default-router 192.168.123.3
R3(dhcp-config)#dns-server 192.168.123.3 R3(dhcp-config)#exit R3(config)# Task 3 assing hostname R1 and R2, to router1 and router2 respectivly. And and R2 to negotiate IP address via DHCP on their Ethernet0/0 interface Solution: On R1 Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#interface Ethernet0/0 R1(config-if)#ip address dhcp R1(config-if)#no shutdown R1(config-if)#exit R1(config)#exit R1#
On R2 Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#interface Ethernet0/0 R2(config-if)#ip address dhcp R2(config-if)#no shutdown R2(config-if)#exit R2(config)#exit R2#
configure R1
Verification: On R1 R1#show ip int brief Interface
IP-Address
OK? Method Status
Ethernet0/0
192.168.123.1
YES DHCP
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES unset
administratively down down
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
up
Protocol up
R1# R1#ping 192.168.123.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/31/48 ms R1#
On R2 R2#show ip int brief Interface
IP-Address
OK? Method Status
Ethernet0/0
192.168.123.2
YES DHCP
Ethernet0/1
unassigned
YES unset
administratively down down
Ethernet0/2
unassigned
YES unset
administratively down down
Ethernet0/3
unassigned
YES unset
administratively down down
Serial1/0
unassigned
YES unset
administratively down down
Serial1/1
unassigned
YES unset
administratively down down
Serial1/2
unassigned
YES unset
administratively down down
Serial1/3
unassigned
YES unset
administratively down down
up
Protocol up
R2# R2#ping 192.168.123.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.123.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/31/48 ms
R2#
On R3 R3#show ip dhcp binding Bindings from all pools not associated with VRF: IP address
Client-ID/
Lease expiration
Type
Hardware address/ User name 192.168.123.1
0063.6973.636f.2d63.
Mar 02 2002 12:10 AM
Automatic
Mar 02 2002 12:12 AM
Automatic
3030.302e.3031.3463. 2e30.3030.302d.4661. 302f.30 192.168.123.2
0063.6973.636f.2d63. 3030.312e.3031.3463. 2e30.3030.302d.4661. 302f.30
R3#ping 192.168.123.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.123.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/25/32 ms R3#ping 192.168.123.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.123.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/60 ms R3#
Access Control List The Cisco Access Control List (ACL) is used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement. Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing ACLs pertaining to TCP/IP protocol only. ACLs for TCP/IP traffic filtering are primarily divided into two types:
Standard Access Lists, and Extended Access Lists
Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A Standard Access List allows you to permit or deny traffic FROM specific IP addresses. The destination of the packet and the ports involved can be anything. Standard ACL example: access-list 10 permit 192.168.2.0 0.0.0.255 This list allows traffic from all addresses in the range 192.168.2.0 to 192.168.2.255 Note that when configuring access lists on a router, you must identify each access list uniquely by assigning either a name or a number to the protocol's access list. There is an implicit deny added to every access list. If you entered the command: show access-list 10 The output looks like: access-list 10 permit 192.168.2.0 0.0.0.255 access-list 10 deny any
Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699).
ACL Configuration Load Access-List-Initials prior to starting
Task 1 Configure R3 such that network connected to R1 cannot access network 30.0.0.0/24 use standard access-list to achieve this task. Solution: On R3 R3# R3#configure terminal R3(config)#access-list 3 deny 12.0.0.0 0.0.0.255 R3(config)#access-list 3 deny 10.0.0.0 0.0.0.255 R3(config)#access-list 3 permit any R3(config)#interface serial1/0 R3(config-if)#ip access-group 3 in R3(config-if)#exit Verification: On R1 R1#ping 30.0.0.3
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.3, timeout is 2 seconds: U.U.U.U.U Success rate is 0 percent (0/5) R1#
Task 2 Configure R2 in such way that only 23.0.0.0/24 has access to telnet. Use password ACIT for telnet, do not apply any access-list under any interfaces. On R2 R2# R2#config terminal R2(config)#access-list 2 permit 23.0.0.0 0.0.0.255 R2(config)#line vty 0 4 R2(config-line)#password ACIT R2(config-line)#access-class 2 in R2(config-line)#exit R2(config)#exit R2# Verification On R3 R3# R3#telnet 23.0.0.2 Trying 23.0.0.2 ... Open
User Access Verification
Password: R2>exit [Connection to 23.0.0.2 closed by foreign host]
On R1 R1#telnet 12.0.0.2 Trying 12.0.0.2 ... % Connection refused by remote host
Task 3 On R1 Deny all ICMP traffic on its serial 1/0 interface. Use extended access-list to achieve this task. Solution: On R1 R1# R1#configure terminal R1(config)#access-list 101 deny icmp any any R1(config)#access-list 101 permit ip any any R1(config)#interface serial1/0 R1(config-if)#ip access-group 101 in R1(config-if)#exit R1(config)#exit R1# Verification: On R1 R2#ping 12.0.0.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: U.U.U.U.U Success rate is 0 percent (0/5) R2#
View more...
Comments