This is the instructor version of the study guide for Scaling Networks...
CCNA Routing and Switching Practice and Study Guide: Exercises, Activities, and Scenarios to Prepare for the ICND2 (200-101) Certification Exam Instructor’s Answer Key Allan Johnson
Cisco Press 800 East 96th Street Indianapolis, Indiana 46240 USA
instructor.indb i
3/12/14 7:51 AM
ii
CCNA Routing and Switching Practice and Study Guide
CCNA Routing and Switching Practice and Study Guide: Exercises, Activities, and Scenarios to Prepare for the ICND2 (200-101) Certification Exam Instructor’s Answer Key
Publisher Paul Boger
Allan Johnson
Executive Editor Mary Beth Ray
Associate Publisher Dave Dusthimer Business Operation Manager, Cisco Press Jan Cornelssen
Copyright© 2014 Cisco Systems, Inc. Cisco Press logo is a trademark of Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing April 2014 ISBN-13: 978-0-13-381341-8 ISBN-10: 0-13-381341-X
Warning and Disclaimer This book is designed to provide information about networking. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
Managing Editor Sandra Schroeder Senior Development Editor Christopher Cleveland Project Editor Mandie Frank Copy Editor Keith Cline Technical Editor Steve Stiles Editorial Assistant Vanessa Evans Designer Mark Shirar Composition Tricia Bronkella Proofreader Sarah Kearns
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
instructor.indb ii
3/12/14 7:51 AM
iii
Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at
[email protected] or (800) 382-3419. For government sales inquiries, please contact
[email protected]. For questions about sales outside the U.S., please contact
[email protected].
Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at
[email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance.
8
instructor.indb iii
3/12/14 7:51 AM
iv
CCNA Routing and Switching Practice and Study Guide
About the Author Allan Johnson entered the academic world in 1999 after 10 years as a business owner/operator to dedicate his efforts to his passion for teaching. He holds both an MBA and an M.Ed in Occupational Training and Development. He is an information technology instructor at Del Mar College in Corpus Christi, Texas. In 2003, Allan began to commit much of his time and energy to the CCNA Instructional Support Team, providing services to Networking Academy instructors worldwide and creating training materials. He now works full time for Cisco Networking Academy as a Learning Systems Developer.
instructor.indb iv
3/12/14 7:51 AM
v
About the Technical Reviewer Steve Stiles is a Cisco Network Academy Instructor for Rhodes State College and a Cisco Certified Instructor Trainer, having earned CCNA Security and CCNP level certifications. He was the recipient of the 2012 Outstanding Teacher of the Year by the Ohio Association of Two-Year Colleges and co-recipient for the Outstanding Faculty of the Year at Rhodes State College.
instructor.indb v
3/12/14 7:51 AM
vi
CCNA Routing and Switching Practice and Study Guide
Dedication For my wife, Becky. Without the sacrifices you made during the project, this work would not have come to fruition. Thank you providing me the comfort and resting place only you can give. —Allan Johnson
instructor.indb vi
3/12/14 7:51 AM
vii
Acknowledgments When I began to think of whom I would like to have as a technical editor for this work, Steve Stiles immediately came to mind. With his instructor and industry background, and his excellent work building activities for the new Cisco Networking Academy curriculum, he was an obvious choice. Thankfully, when Mary Beth Ray contacted him, he was willing and able to do the arduous review work necessary to make sure that you get a book that is both technically accurate and unambiguous. The Cisco Network Academy authors for the online curriculum and series of Companion Guides take the reader deeper, past the CCENT exam topics, with the ultimate goal of not only preparing the student for CCENT certification, but for more advanced college-level technology courses and degrees, as well. Thank you especially to Amy Gerrie and her team of authors— Rick Graziani, Wayne Lewis, and Bob Vachon—for their excellent treatment of the material; it is reflected throughout this book. Mary Beth Rey, Executive Editor, you amaze me with your ability to juggle multiple projects at once, steering each from beginning to end. I can always count on you to make the tough decisions. This is my seventh project with Christopher Cleveland as development editor. His dedication to perfection pays dividends in countless, unseen ways. Thank you again, Chris, for providing me with much-needed guidance and support. This book could not be a reality without your persistence.
instructor.indb vii
3/12/14 7:51 AM
viii
CCNA Routing and Switching Practice and Study Guide
Contents at a Glance Introduction
xvi
Part I: Scaling Networks Chapter 1
Introduction to Scaling Networks
1
Chapter 2
LAN Redundancy
13
Chapter 3
Link Aggregation
31
Chapter 4
Wireless LANs
Chapter 5
Adjust and Troubleshoot Single-Area OSPF
Chapter 6
Multiarea OSPF
Chapter 7
EIGRP 87
Chapter 8
EIGRP Advanced Configurations and Troubleshooting
Chapter 9
IOS Images and Licensing
41 57
77
109
127
Part II: Connecting Networks
instructor.indb viii
Chapter 10
Hierarchical Network Design
137
Chapter 11
Connecting to the WAN
Chapter 12
Point-to-Point Connections
Chapter 13
Frame Relay
Chapter 14
Network Address Translation for IPv4
Chapter 15
Broadband Solutions
Chapter 16
Securing Site-to-Site Connectivity
Chapter 17
Monitoring the Network
Chapter 18
Troubleshooting the Network
147 155
171 181
193 203
213 223
3/12/14 7:51 AM
ix
Contents Introduction
xvi
Part I: Scaling Networks Chapter 1
Introduction to Scaling Networks Implementing a Network Design
2
Hierarchical Network Design
2
Identify Scalability Terminology Selecting Network Devices
6
7
Selecting Switch Hardware
7
Selecting Router Hardware
8
Managing Devices
1
8
Basic Router Configuration Review Basic Router Verification Review
10
Basic Switch Configuration Review Basic Switch Verification Review Chapter 2
LAN Redundancy
10
11
13
Spanning-Tree Concepts
14
Draw a Redundant Topology Purpose of Spanning Tree
14
15
Spanning-Tree Operation
15
Identify the 802.1D Port Roles
17
Varieties of Spanning Tree Protocols
Comparing the STP Varieties PVST+ Operation
9
20
20
21
Rapid PVST+ Operation
22
Spanning-Tree Configuration
23
PVST+ and Rapid PVST+ Configuration First Hop Redundancy Protocols
Identify FHRP Terminology Identify the Type of FHRP
23
26
27 28
HSRP and GLBP Configuration and Verification Chapter 3
Link Aggregation
31
Link Aggregation Concepts
EtherChannel Advantages EtherChannel Operation
instructor.indb ix
28
32
32 32
3/12/14 7:51 AM
x
CCNA Routing and Switching Practice and Study Guide
Link Aggregation Configuration
Configuring EtherChannel
33
34
EtherChannel Configuration Scenario 1
34
EtherChannel Configuration Scenario 1
34
EtherChannel Configuration Scenario 1
35
Verifying and Troubleshooting EtherChannel Chapter 4
Wireless LANs
41
Wireless LAN Concepts
42
Identify Wireless Technologies
42
WLANs Components and Topologies Wireless LAN Operations
45
Wireless Media Contention Associating with an AP
48
50
Channel Management Concepts Wireless LAN Security
44
45
Label the 802.11 Frame
52
53
WLAN Security Terminology
53
Identify the WLAN Security Characteristics Wireless LAN Configuration
Troubleshooting WLAN Issues
54
55
Adjust and Troubleshoot Single-Area OSPF Advanced Single-Area OSPF Configurations
58
Single-Area OSPF Configuration Review
58
Configuring Single-Area OSPFv2 Verifying Single-Area OSPFv2 Verifying Single-Area OSPFv3
57
58
59
Configuring Single-Area OSPFv3 Identify Network Types
54
54
Configuring WLAN Routers and Clients
Chapter 5
35
59
61
62
OSPF and Multi-Access Networks
63
OSPF and Multi-Access Networks Completion Exercise DR/BDR Election Exercise
65
Redistributing an OSPF Default Route Exercise OSPFv2 Default Route Redistribution
67
OSPFv3 Default Route Redistribution
68
Fine-Tuning OSPF Interfaces
67
69
Securing OSPFv2 with MD5 Authentication
69
Troubleshooting Single-Area OSPF Implementations
OSPF Adjacency Issues
instructor.indb x
63
71
71
Identify OSPFv2 Troubleshooting Commands
71
Identify OSPFv3 Troubleshooting Commands
74
3/12/14 7:51 AM
xi
Chapter 6
Multiarea OSPF
77
Multiarea OSPF Operation
78
Multiarea OSPF Terminology and Concepts Multiarea OSPF LSA Operation
79
OSPF Routing Table and Types of Routes Configuring Multiarea OSPF
78 79
80
Configuring Multiarea OSPF
80
Configuring Route Summarization for Multiarea OSPFv2 Verifying Multiarea OSPF Chapter 7
EIGRP 87 Characteristics of EIGRP
88
Describe Basic EIGRP Features
88
Identify and Describe EIGRP Packet Types
88
Identify Elements of the EIGRP Message Formats Configuring EIGRP for IPv4
Verifying EIGRP with IPv4 Operation of EIGRP
94
97
99
EIGRP Metric Concepts
99
DUAL Concepts Exercise
100
DUAL FSM Completion Exercise Configuring EIGRP for IPv6
102
104
Comparing EIGRP for IPv4 and EIGRP for IPv6 Configuring and Verifying EIGRP for IPv6
104
105
EIGRP Advanced Configurations and Troubleshooting Advanced EIGRP Configurations
Automatic Summarization Manual Summarization
110
110
IPv4 Manual Summarization
113
IPv6 Manual Summarization
115
116
Fine-Tuning EIGRP Interfaces
118
Securing EIGRP Routing Updates Troubleshoot EIGRP
109
112
Default Route Propagation
120
121
Commands for Troubleshooting EIGRP Troubleshoot EIGRP Connectivity Issues
instructor.indb xi
89
94
Configuring EIGRP with IPv4
Chapter 8
83
85
Connectivity Issue #1
122
Connectivity Issue #2
123
Connectivity Issue #3
123
121 122
3/12/14 7:51 AM
xii
CCNA Routing and Switching Practice and Study Guide
Chapter 9
IOS Images and Licensing Managing IOS System Files
127 128
IOS Families, Trains, and Naming Conventions Backing Up Cisco IOS Images IOS Licensing
128
131
132
Software Licensing
132
License Verification and Management
133
Part II: Connecting Networks Chapter 10
Hierarchical Network Design
137
Hierarchical Network Design Overview
138
Enterprise Network Campus Design
138
Hierarchical Network Design
138
Cisco Enterprise Architecture
139
Modular Network Design
139
Cisco Enterprise Architecture Model Evolving Network Architectures
144
Cisco Enterprise Architectures
144
Emerging Network Architectures Chapter 11
Connecting to the WAN
140
144
147
WAN Technologies Overview
148
Network Types and Their Evolving WAN Needs WAN Operations and Terminology Selecting a WAN Technology
149
151
Varieties of WAN Link Connections
151
Private and Public WAN Access Options Chapter 12
Point-to-Point Connections
155
Serial Point-to-Point Overview
156
Serial Communications WAN Protocols
156 158
HDLC Configuration and Troubleshooting Troubleshooting Serial Interfaces
instructor.indb xii
159
159
160
PPP Components PPP Sessions
152
158
HDLC Encapsulation
PPP Operation
148
160
162
3/12/14 7:51 AM
xiii
Configure PPP
165
Basic PPP Configuration with Options PPP Authentication
167
PAP Configuration
168
CHAP Configuration
168
Troubleshoot WAN Connectivity
Chapter 13
Frame Relay
165
168
171
Introduction to Frame Relay
172
Frame Relay Concepts and Terminology Frame Relay Operation Configure Frame Relay
173
176
Configure Basic Frame Relay Configure Subinterfaces Troubleshoot Connectivity
Chapter 14
176
177 178
Network Address Translation for IPv4 NAT Operation
Configuring NAT
181
183
Configuring Static NAT
183
Configuring Dynamic NAT
184
Configuring Port Address Translation A Word About Port Forwarding Configuring NAT and IPv6 Troubleshooting NAT Broadband Solutions Teleworking
181
181
NAT Characteristics
Chapter 15
172
185
189
189
190 193
194
Benefits of Teleworking Costs of Teleworking
194
194
Business Requirements for Teleworker Services Comparing Broadband Solutions
Cable DSL
195
195 197
Broadband Wireless
199
Selecting Broadband Solutions Configuring xDSL Connectivity
PPPoE Overview
200
200
200
Configuring PPPoE
instructor.indb xiii
194
201
3/12/14 7:51 AM
xiv
CCNA Routing and Switching Practice and Study Guide
Chapter 16
Securing Site-to-Site Connectivity VPNs
203
204
Fundamentals of VPNs Types of VPNs
204
204
Site-to-Site GRE Tunnels
205
Fundamentals of Generic Routing Encapsulation Configuring GRE Tunnels Introducing IPsec
206
208
Internet Protocol Security IPsec Framework Remote Access
208
208
210
Remote-Access VPN Solutions IPsec Remote-Access VPNs Chapter 17
Monitoring the Network Syslog
210
211
213
214
Syslog Operation
214
Configuring Syslog SNMP
205
215
215
SNMP Operation
215
Configuring SNMP
218
NetFlow 219
NetFlow Operation
220
Configuring NetFlow Chapter 18
220
Troubleshooting the Network
223
Troubleshooting with a Systematic Approach
Network Documentation
224
224
Troubleshooting Process and Methodologies Network Troubleshooting
230
Troubleshooting Tools
231
Network Troubleshooting and IP Connectivity
instructor.indb xiv
227
232
3/12/14 7:51 AM
xv
Icons Used in This Book DSU/CSU
Router
Bridge
Hub
DSU/CSU
Catalyst Switch
Multilayer Switch
ATM Switch
ISDN/Frame Relay Switch
Communication Server
Gateway
Access Server
Command Syntax Conventions The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows:
instructor.indb xv
■
Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command).
■
Italics indicate arguments for which you supply actual values.
■
Vertical bars (|) separate alternative, mutually exclusive elements.
■
Square brackets [ ] indicate optional elements.
■
Braces { } indicate a required choice.
■
Braces within brackets [{ }] indicate a required choice within an optional element.
3/12/14 7:51 AM
xvi
CCNA Routing and Switching Practice and Study Guide
Introduction The purpose of this book is to provide you with an extra resource for studying the exam topics of the Interconnecting Cisco Networking Devices Part 2 (ICND2) exam that leads to Cisco Certified Networking Associate (CCNA) certification. This book maps to the third and fourth Cisco Networking Academy courses in the CCNA Routing and Switching curricula: Scaling Networks (SN) and Connecting Networks (CN). Ideally, the reader will have completed the first two courses: Introduction to Networks (ITN) and Routing and Switching Essentials (RSE). SN continues where RSE left off, taking the student deeper into the architecture, components, and operations of routers and switches in a large and complex network. Successfully completing this course means that you should be able to configure and troubleshoot routers and switches and resolve common issues with OSPF, EIGRP, STP, and VTP in both IPv4 and IPv6 networks. CN pulls everything from the first three courses together as the student learns the WAN technologies and network services required by converged applications in a complex network. Successfully completing this course means that you should be able to configure and troubleshoot network devices and resolve common WAN issues and implement IPsec and virtual private network (VPN) operations in a complex network. To learn more about CCNA Routing and Switching courses and to find an Academy near you, visit http://www.netacad.com. However, if you are not an Academy student but would like to benefit from the extensive authoring done for these courses, you can buy any or all of CCNA Routing and Switching Companion Guides (CG) and Lab Manuals (LM) of the Academy’s popular online curriculum. Although you will not have access to the Packet Tracer network simulator software, you will have access to the tireless work of an outstanding team of Cisco Academy instructors dedicated to providing students with comprehensive and engaging CCNA Routing and Switching preparation course material. The titles and ISBNs for the first two courses of the CCNA Routing and Switching CGs and LMs are as follows: ■
Scaling Networks Companion Guide (ISBN: 9781587133282)
■
Scaling Networks Lab Manual (ISBN: 9781587133251)
■
Connecting Networks Companion Guide (ISBN: 9781587133329)
■
Connecting Networks Lab Manual (ISBN: 9781587133312)
Goals and Methods The most important goal of this book is to help you pass the 200-101 Interconnecting Cisco Networking Devices Part 2 (ICND2) exam, which is associated with the Cisco Certified Network Associate (CCNA) certification. Passing the CCNA exam means that you have the knowledge and skills required to successfully install, operate, and troubleshoot a small branch office network. You can view the detailed exam topics any time at http://learningnetwork.cisco.com. They are divided into five broad categories:
instructor.indb xvi
■
LAN Switching Technologies
■
IP Routing Technologies
■
IP Services
■
Troubleshooting
■
WAN Technologies
3/12/14 7:51 AM
xvii
This book offers exercises that help you learn the concepts, configurations, and troubleshooting skills crucial to your success as a CCNA exam candidate. Each chapter differs slightly and includes some or all of the following types of practice: ■
Vocabulary-matching exercises
■
Concept question exercises
■
Skill-building activities and scenarios
■
Configuration scenarios
■
Troubleshooting scenarios
Audience for This Book This book’s main audience is anyone taking the CCNA Routing and Switching courses of the Cisco Networking Academy curriculum. Many Academies use this Practice Study Guide as a required tool in the course, whereas other Academies recommend the Practice Study Guide as an additional resource to prepare for class exams and the CCNA certification. The secondary audiences for this book include people taking CCNA-related classes from professional training organizations. This book can also be used for college- and university-level networking courses, and by anyone wanting to gain a detailed understanding of INCD2 routing and switching concepts.
How This Book Is Organized Because the content of the Scaling Networks Companion Guide, the Connecting Networks Companion Guide, and the online curriculum is sequential, you should work through this Practice and Study Guide in order beginning with Chapter 1. The book covers the major topic headings in the same sequence as the online curriculum. This book has 18 chapters, their names the same as the online course chapters. However, the numbering is sequential in this book, progressing from Chapter 1 to Chapter 18. The online curriculum starts over at Chapter 1 in the Connecting Networks course. Most of the configuration chapters use a single topology where appropriate. This allows for better continuity and easier understanding of routing and switching commands, operations, and outputs. However, the topology differs from the one used in the online curriculum and the Companion Guide. A different topology affords you the opportunity to practice your knowledge and skills without just simply recording the information you find in the text. Packet Tracer Activity
Note: Throughout the book, you will find references to Packet Tracer and Lab activities. These references are provided so that you can, at that point, complete those activities. The Packet Tracer activities are accessible only if you have access to the online curriculum. However, the Labs are available in the Lab Manuals previously cited.
Video Demonstration
instructor.indb xvii
3/12/14 7:51 AM
xviii
CCNA Routing and Switching Practice and Study Guide
Part I: Scaling Networks ■
Chapter 1, “Introduction to Scaling Networks”: This chapter provides vocabulary and concept exercises to reinforce your understanding of hierarchical network design and selecting hardware. You will also practice basic router and switch configuration and verification.
■
Chapter 2, “LAN Redundancy”: The exercises in this chapter cover the concepts, operations, configuration, and verification of all the current varieties of STP.
■
Chapter 3, “Link Aggregation”: This chapter’s exercises are devoted to the concepts, configuration, verification, and troubleshooting of EtherChannel.
■
Chapter 4, “Wireless LANs”: This chapter is all about wireless connectivity technologies. You will complete exercises that focus on various types of wireless and the standards for 802.11. In addition, you will complete activities focused on WLAN components, topologies, and security.
■
Chapter 5, “Adjust and Troubleshoot Single-Area OSPF”: This chapter focuses on advanced OSPF concepts, configuration, verification, and troubleshooting.
■
Chapter 6, “Multiarea OSPF”: The CCNA exam now includes multiarea OSPF. So, this chapter includes exercises covering multiarea OSPF concepts and configuration, verification, and troubleshooting.
■
Chapter 7, “EIGRP”: The exercises in this chapter are devoted to the basic concepts and configuration of Cisco’s routing protocol, EIGRP for IPv4 and IPv6.
■
Chapter 8, “EIGRP Advanced Configurations and Troubleshooting”: This chapter focuses on advanced EIGRP concepts, configuration, verification, and troubleshooting.
■
Chapter 9, “IOS Images and Licensing”: This chapter is devoted to the crucial knowledge and skills you need to manage IOS images. Exercises focus on basic IOS image concepts and management tasks.
Part II: Connecting Networks
instructor.indb xviii
■
Chapter 10, “Hierarchical Network Design”: Part II, much like Part I, starts off network design. Exercises focus on the various types of network design models and architectures.
■
Chapter 11, “Connecting to the WAN”: This chapter is a survey of all the various WAN access options and technologies that are available for connecting today’s networks. The exercises focus on differentiating between all these WAN options.
■
Chapter 12, “Point-to-Point Connections”: One of the older, and still viable, WAN options is PPP. Exercises in this chapter focus on the serial interface and then the concepts, configuration, verification, and troubleshooting of PPP with PAP and CHAP authentication.
■
Chapter 13, “Frame Relay”: Although some may consider Frame Relay obsolete, it is still a viable option in depending on your location. This chapter includes exercises covering the concepts, configuration, verification, and troubleshooting of Frame Relay.
3/12/14 7:51 AM
xix
■
Chapter 14, “Network Address Translation for IPv4”: NAT was created to provide a temporary solution to the limited address space in IPv4. Just about every router connected to the network uses NAT or forwards traffic to a NAT-enabled device for address translation. This chapter focuses on exercises to reinforce your understanding of NAT operation and characteristics. Practice activities include configuring, verifying, and troubleshooting static NAT, dynamic NAT, and PAT.
■
Chapter 15, “Broadband Solutions”: Working from home or away from a central office has largely been made possible by the advent of broadband technologies and VPNs. This exercises in this chapter help you distinguish between the various broadband offerings on the market.
■
Chapter 16, “Securing Site-to-Site Connectivity”: VPNs allow teleworkers and branch sites connect to the corporate network regardless of the underlying WAN access option. The exercises in this chapter are devoted to the concepts of the various VPN solutions, including IPsec and GRE configuration.
■
Chapter 17, “Monitoring the Network”: As a network administrator, you are more likely to be managing a network using a variety of tools rather than designing and building them. The exercises in this chapter cover three popular network monitoring tools: syslog, SNMP, and NetFlow.
■
Chapter 18, “Troubleshooting the Network”: Throughout your CCNA studies, you have practice troubleshooting skills in relation to specific technologies. This chapter reviews troubleshooting methodologies and the tools and commands you use to troubleshoot a network. Troubleshooting is a key skill to fine-tune now that you are close to taking your CCNA exam.
About the Cisco Press Website for This Book Cisco Press provides additional content that can be accessed by registering your individual book at the ciscopress.com website. Becoming a member and registering is free, and you then gain access to exclusive deals on other resources from Cisco Press. To register this book, go to http://www.ciscopress.com/bookstore/register.asp and enter the book’s ISBN located on the back cover of this book. You’ll then be prompted to log in or join ciscopress.com to continue registration. After you register the book, a link to the supplemental content will be listed on your My Registered Books page.
instructor.indb xix
3/12/14 7:51 AM
instructor.indb xx
3/12/14 7:51 AM
CHAPTER 1
Introduction to Scaling Networks
As a business grows, so does its networking requirements. To keep pace with a business’s expansion and new emerging technologies, a network must be designed to scale. A network that scales well is not only one that can handle growing traffic demands, but also one designed with the inevitable need to expand. This short chapter sets the stage for the rest of the course. This chapter covers the hierarchical network design model, the Cisco Enterprise Architecture modules, and appropriate device selections that you can use to systematically design a highly functional network.
instructor.indb 1
3/12/14 7:51 AM
2
CCNA Routing and Switching Practice and Study Guide
Implementing a Network Design An enterprise network must be designed to support the exchange of various types of network traffic, including data files, email, IP telephony, and video applications for multiple business units.
Hierarchical Network Design Users expect enterprise networks to be up 99.999 percent of the time. To provide this kind of reliability, enterprise class equipment uses redundant power supplies and has failover capabilities. Describe what failover capability means for enterprise class equipment. Failover capability refers to the ability of a device to switch from a nonfunctioning module, service, or device to a functioning one with little or no break in service. Why should a network be organized so that traffic stays local and is not propagated unnecessarily on to other portions of the network? Keeping traffic local optimizes bandwidth. Designing a network using the three-layer hierarchical design model helps optimize the network. In Figure 1-1, label the three layers of the hierarchical design model. Figure 1-1
Hierarchical Design Model Hierarchical Design Model
Internet
instructor.indb 2
Internet
3/12/14 7:51 AM
Chapter 1: Introduction to Scaling Networks
Figure 1-1a
3
Hierarchical Design Model (answer) Hierarchical Design Model
Internet
Internet
Core Layer
Distribution Layer
Access Layer
Briefly describe each layer of the hierarchical design model. The access layer provides connectivity for the users. The distribution layer is used to forward traffic from one local network to another. Finally, the core layer represents a high-speed backbone layer between dispersed networks. The Cisco Enterprise Architecture divides the network into functional components while still maintaining the core, distribution, and access layers. The primary Cisco Enterprise Architecture modules include Enterprise Campus, Enterprise Edge, Service Provider Edge, and Remote. A well-designed network not only controls traffic but also limits the size of failure domains. Briefly describe a failure domain. A failure domain is the area of a network that is impacted when a critical device or network service experiences problems.
instructor.indb 3
3/12/14 7:51 AM
4
CCNA Routing and Switching Practice and Study Guide
Use the list of modules to label the parts of the Cisco Enterprise Architecture in Figure 1-2. Modules 1 Campus Core 2 Remote Access & VPN 3 Building Distribution 4 Internet Connectivity 5 Building Access 6 Server Farm & Data Center 7 WAN Site-to-Site VPN 8 E-Commerce Figure 1-2
Cisco Enterprise Architecture
Enterprise Campus
Enterprise Edge
Service Provider Edge
Remote
Campus Infrastructure Module
Enterprise Branch ISP A
ISP B
Enterprise Teleworker
PSTN Enterprise Data Center
Network Management
instructor.indb 4
Frame Relay, ATM, MAN, ...
3/12/14 7:51 AM
Chapter 1: Introduction to Scaling Networks
Figure 1-2a
5
Cisco Enterprise Architecture (answer)
Enterprise Campus 5
Enterprise Edge
Service Provider Edge
Enterprise Branch
Campus Infrastructure Module
8
3
1
Remote
ISP A
4 ISP B
Enterprise Teleworker
2 PSTN Enterprise Data Center
6 7 Network Management
instructor.indb 5
Frame Relay, ATM, MAN, ...
3/12/14 7:51 AM
6
CCNA Routing and Switching Practice and Study Guide
Identify Scalability Terminology Match the definition on the left with the term on the right. This is a one-to-one matching exercise. Definition g. Isolates routing updates and minimizes the size of routing tables c. Cisco proprietary distance vector routing protocol f. Allows for redundant paths by eliminating switching loops h. Technique for aggregating multiple links between equipment to increase bandwidth e. Minimizes the possibility of a single point of failure
Terms a. Modular equipment b. OSPF c. EIGRP d. Wireless LANs e. Redundancy f. Spanning Tree Protocol g. Scalable Routing Protocol h. EtherChannel
a. Supports new features and devices without requiring major equipment upgrades b. Link-state routing protocol with a two-layer hierarchical design d. Increases flexibility, reduces costs, and provides mobility to users
instructor.indb 6
3/12/14 7:51 AM
Chapter 1: Introduction to Scaling Networks
7
Selecting Network Devices When designing a network, it is important to select the proper hardware to meet current network requirements and to allow for network growth. Within an enterprise network, both switches and routers play a critical role in network communication.
Selecting Switch Hardware Match the business consideration on the left with the switch feature on the right. This is a one-to-one matching exercise. Business Consideration a. Should provide continuous access to the network d. Daisy-chain switches with high-bandwidth throughput j. Refers to a switch’s ability to support the appropriate number of devices on the network h. Ability to adjust to growth of network users i. How fast the interfaces will process network data e. Important consideration in a network where there may be congested ports to servers or other areas of the network
Switch Feature a. Reliability b. Modular c. Power d. Stackable e. Frame buffers f. Cost g. Fixed configuration h. Scalability i. Port speed j. Port density
c. Provides electrical current to other device and support redundant power supplies g. Switches with preset features or options f. Depends on the number and speed of the interfaces, supported features, and expansion capability b. Switches with insertable switching line/port cards
instructor.indb 7
3/12/14 7:51 AM
8
CCNA Routing and Switching Practice and Study Guide
Packet Tracer Activity
Packet Tracer - Comparing 2960 and 3560 Switches (SN 1.2.1.7/SwN 1.1.2.5)
Selecting Router Hardware In Table 1-1, select the router category that applies to each description. Table 1-1
Identify Router Category Features
Router Description
Branch Routers
Fast performance with high security for data centers, campus, and branch networks
Network Edge Routers
Service Provider Routers
X
Simple network configuration and management for LANs and WANs
X
Optimizes services on a single platform
X
End-to-end delivery of subscriber services
X
Deliver next-generation Internet experiences across all devices and locations
X
High capacity and scalability with hierarchical quality of service Maximizes local services and ensures 24/7/365 uptime
X X
Unites campus, data center, and branch networks
X
Managing Devices A basic router or switch configuration includes the hostname for identification, passwords for security, and assignment of IP addresses to interfaces for connectivity. A router configuration also includes basic routing. In addition to configuration commands, router and switch verification commands are used to verify the operational status of the router or switch and related network functionality. Use the address scheme in Table 1-2 in the following exercises that review the most common router and switch configuration and verification commands. Table 1-2 Device
Interface
IPv4 Address
Subnet Mask
Default Gateway
R1
G0/0
172.16.1.1
255.255.255.0
N/A
S1
instructor.indb 8
Router and Switch Addressing Table
S0/0/0
172.16.3.1
255.255.255.252
N/A
S0/0/1
192.168.10.5
255.255.255.252
N/A
VLAN 1
192.168.1.5
255.255.255.0
192.168.1.1
3/12/14 7:51 AM
Chapter 1: Introduction to Scaling Networks
9
Basic Router Configuration Review Using Table 1-2 and the following requirements, record the commands, including the router prompt, to implement a basic router configuration: ■
Hostname is R1.
■
Console and Telnet line’s password is cisco.
■
Privileged EXEC password is class.
■
Banner message-of-the-day.
■
Interface addressing.
■
OSPF routing, including an appropriate router ID.
■
Save the configuration.
Router(config)# hostname R1 R1(config)# enable secret class R1(config)# line con 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# line vty 0 15 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# service password-encryption R1(config)# banner motd $ Authorized Access Only! $ R1(config)# interface GigabitEthernet0/0 R1(config-if)# ip address 172.16.1.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface Serial0/0/0 R1(config-if)# ip address 172.16.3.1 255.255.255.252 R1(config-if)# no shutdown R1(config-if)# interface Serial0/0/1 R1(config-if)# ip address 192.168.10.5 255.255.255.252 R1(config-if)# no shutdown R1(config-if)# router ospf 10 R1(config-router)# router-id 1.1.1.1 R1(config-router)# network 172.16.1.0 0.0.0.255 area 0 R1(config-router)# network 172.16.3.0 0.0.0.3 area 0 R1(config-router)# network 192.168.10.4 0.0.0.3 area 0 R1(config-router)# do copy run start
instructor.indb 9
3/12/14 7:51 AM
10
CCNA Routing and Switching Practice and Study Guide
Basic Router Verification Review In Table 1-3, record the verification command that will generate the described output. Table 1-3
Router Verification Commands
Command
Command Output
show ip route
Displays the routing table for known networks, including administrative distance, metric, and outbound interface
show ip protocols
Displays information about routing protocols, including process ID, router ID, and neighbors
show cdp neighbors
Displays information about directly connected Cisco devices
show ip interface brief
Displays all interfaces in an abbreviated format, including IP address and status
show ip ospf neighbor
Displays information about neighbors, including router ID, state, IP address, and local interface that learned of neighbor
show interfaces
Displays one or all interfaces, including status, bandwidth, and duplex type
Basic Switch Configuration Review Using Table 1-2 and the following requirements, record the commands, including the switch prompt, to implement a basic switch configuration: ■
Hostname is S1.
■
Console and Telnet line’s password is cisco.
■
Privileged EXEC password is class.
■
Banner message-of-the-day.
■
VLAN 1 interface addressing.
■
Save the configuration.
Switch(config)# hostname S1 S1(config)# enable secret class S1(config)# line con 0 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# line vty 0 15 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# service password-encryption S1(config)# banner motd $ Authorized Access Only! $ S1(config)# interface vlan 1 S1(config-if)# ip address 192.168.1.5 255.255.255.0 S1(config-if)# no shutdown S1(config-if)# ip default-gateway 192.168.1.1 S1(config-if)# do copy run start
instructor.indb 10
3/12/14 7:51 AM
Chapter 1: Introduction to Scaling Networks
11
Basic Switch Verification Review In Table 1-4, record the verification command that will generate the described output. Table 1-4
Packet Tracer Challenge
instructor.indb 11
Router Verification Commands
Command
Command Output
show cdp neighbors
Displays information about directly connected Cisco devices
show port-security address
Displays all secure MAC addresses
show mac-address-table
Displays a table of learned MAC addresses, including the port number and VLAN assigned to the port
show interfaces
Displays one or all interfaces, including status, bandwidth, and duplex type
show port-security
Displays information about maximum MAC addresses allowed, current counts, security violation count, and action to be taken
Packet Tracer - Skills Integration Challenge (SN 1.3.1.2)
3/12/14 7:51 AM
instructor.indb 12
3/12/14 7:51 AM
CHAPTER 2
LAN Redundancy
Computer networks are inextricably linked to productivity in today’s small and medium-sized businesses. Consequently, IT administrators have to implement redundancy in their hierarchical networks. When a switch connection is lost, another link needs to quickly take its place without introducing any traffic loops. This chapter investigates how Spanning Tree Protocol (STP) logically blocks physical loops in the network and how STP has evolved into a robust protocol that rapidly calculates which ports should be blocked in a VLAN-based network. In addition, the chapter briefly explores how Layer 3 redundancy is implemented through First Hop Redundancy Protocols (FHRPs).
instructor.indb 13
3/12/14 7:51 AM
14
CCNA Routing and Switching Practice and Study Guide
Spanning-Tree Concepts Redundancy increases the availability of a network topology by protecting the network from a single point of failure, such as a failed network cable or switch. STP was developed to address the issue of loops in a redundant Layer 2 design.
Draw a Redundant Topology In Figure 2-1, draw redundant links between the access, distribution, and core switches. Each access switch should have two links to the distribution layer with each link connecting to a different distribution layer switch. Each distribution layer switch should have two links to the core layer with each link connecting to a different core layer switch. Figure 2-1
Redundant Topology C1
D1
C2
D2
D3
Distribution
D4
S1
S2
S3
S4
S5
S6
PC1
PC2
PC3
PC4
PC5
PC6
Figure 2-1a
Access
Redundant Topology (answer) C1
D1
instructor.indb 14
Core
C2
D2
D3
Core
Distribution
D4
S1
S2
S3
S4
S5
S6
PC1
PC2
PC3
PC4
PC5
PC6
Access
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
15
Purpose of Spanning Tree STP prevents specific types of issues in a redundant topology like the one in Figure 2-1. Specifically, three potential issues would occur if STP was not implemented. Describe each of the following issues: ■
MAC database instability: Instability in the content of the MAC address table results from copies of the same frame being received on different ports of the switch. Data forwarding can be impaired when the switch consumes the resources that are coping with instability in the MAC address table.
■
Broadcast storms: Without some loop-avoidance process, each switch may flood broadcasts endlessly. This situation is commonly called a broadcast storm.
■
Multiple frame transmission: Multiple copies of unicast frames may be delivered to destination stations. Many protocols expect to receive only a single copy of each transmission. Multiple copies of the same frame can cause unrecoverable errors.
You should be prepared to use a topology like Figure 2-1 to explain exactly how these three issues would occur if STP was not implemented. Packet Tracer Activity
Packet Tracer - Examining a Redundant Design (SN 2.1.1.5/SwN 4.1.1.5)
Spanning-Tree Operation Because Rapid Spanning Tree Protocol (RSTP), which is documented in IEEE 802.1D-2004, supersedes the original STP documented in IEEE 802.1D-1998, all references to STP assume RSTP unless otherwise indicated. STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. A switch port is considered blocked when network traffic is prevented from entering or leaving that port. STP uses the spanning-tree algorithm (STA) to determine which switch ports on a network need to be blocking to prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as the reference point for all subsequent calculations. Switches participating in STP determine which switch has the lowest bridge ID (BID) on the network. This switch automatically becomes the root bridge. A bridge protocol data unit (BPDU) is a frame containing STP information exchanged by switches running STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The lowest BID value determines which switch is root. After the root bridge has been determined, the STA calculates the shortest path to the root bridge. If there is more than one path to choose from, STA chooses the path with the lowest path cost.
instructor.indb 15
3/12/14 7:51 AM
16
CCNA Routing and Switching Practice and Study Guide
When the STA has determined the “best” paths emanating from the root bridge, it configures the switch ports into distinct port roles. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic: ■
Root ports: Switch ports closest to the root bridge
■
Designated ports: Nonroot ports that are still permitted to forward traffic on the network
■
Alternate and backup ports: Ports in a blocking state to prevent loops
■
Disabled port: Ports that are administratively shut down
After a switch boots, it sends BPDU frames containing the switch BID and the root ID every 2 seconds. Initially, each switch identifies itself as the root bridge after boot. How would a switch determine that another switch is now the root bridge? If the root ID in the BPDU received from another switch is lower than the root ID on the receiving switch, the receiving switch updates its cached root ID information to that of the sending switch. How does the STA determine path cost? The path information is determined by summing up the individual egress port costs along the path from the respective switch to the root bridge. Record the default port costs for various link speeds in Table 2-1. Table 2-1
Port Costs
Link Speed
Cost (Revised IEEE Specification)
Cost (Previous IEEE Specification)
10 Gbps
2
1
1 Gbps
4
1
100 Mbps
19
10
10 Mbps
100
100
Although switch ports have a default port cost associated with them, the port cost is configurable. To configure the port cost of an interface, enter the spanning-tree cost value command in interface configuration mode. The range value can be between 1 and 200,000,000. Record the commands, including the switch prompt, to configure the port cost for F0/1 as 15: S2(config)# interface f0/1 S2(config-if)# spanning-tree cost 15
To verify the port and path cost to the root bridge, enter the show spanning-tree privileged EXEC mode command, as shown here: S2# show spanning-tree
VLAN0001 Spanning tree enabled protocol ieee
instructor.indb 16
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
Root ID
Priority
32769
Address
c025.5cd7.ef00
Cost
15
Port
1 (FastEthernet0/1)
Hello Time
Bridge ID
2 sec
Max Age 20 sec
Priority
32769
Address
c07b.bcc4.a980
Hello Time Aging Time
Interface
Forward Delay 15 sec
(priority 32768 sys-id-ext 1)
2 sec 15
17
Max Age 20 sec
Forward Delay 15 sec
sec
Role Sts Cost
Prio.Nbr Type
------------------- ---- --- --------- -------- -------------------------------Fa0/1
Root FWD 15
128.1
P2p
Fa0/2
Altn BLK 19
128.2
P2p
Fa0/3
Desg LIS 19
128.3
P2p
Fa0/4
Desg LIS 19
128.4
P2p
Fa0/6
Desg FWD 19
128.6
P2p
The BID field of a BPDU frame contains three separate fields: bridge priority, extended system ID, and MAC address. Of these three fields, the bridge priority is a customizable value that you can use to influence which switch becomes the root bridge. The default value for this field is 32768. Cisco enhanced its implementation of STP to include support for the extended system ID field, which contains the ID of the VLAN with which the BPDU is associated. Because using the extended system ID changes the number of bits available for the bridge priority, the customizable values can only be multiples of 4096. When two switches are configured with the same priority and have the same extended system ID, the switch with the lowest MAC address has the lower BID.
Identify the 802.1D Port Roles The topologies in the next three figures do not necessarily represent an appropriate network design. However, they provide good exercise topologies for you to practice determining the STP port roles. In Figures 2-2 through 2-4, use the priority values and MAC addresses to determine the root bridge. Then label the ports with one of the following:
instructor.indb 17
■
RP: Root Port
■
DP: Designated Port
■
AP: Alternate Port
3/12/14 7:51 AM
18
CCNA Routing and Switching Practice and Study Guide
Figure 2-2
802.1D Port Roles - Scenario 1 G1/1
G1/1 S2
S1 F0/1
F0/1
G1/2
F0/1
G1/2
F0/1 S4
S3 Device S1 S2 S3 S4
Figure 2-2a
Priority 32769 24577 32769 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
802.1D Port Roles - Scenario 1 (answer) G1/1
G1/1 RP
S1 F0/1
DP DP
DP
S2 DP
RP G1/2
RP F0/1 S4
S3 Device S1 S2 S3 S4
Figure 2-3
F0/1
G1/2
AP F0/1
Root
Priority 32769 24577 32769 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
802.1D Port Roles - Scenario 2 G1/1
G1/1 S2
S1 F0/1
F0/1
G1/2
F0/1
G1/2
F0/1 S4
S3 Device S1 S2 S3 S4
instructor.indb 18
Priority 24577 32769 32769 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
Figure 2-3a
802.1D Port Roles - Scenario 2 (answer) Root
G1/1
G1/1 DP
S1 F0/1
RP DP
DP
S2
F0/1
F0/1
G1/2
DP
RP
RP G1/2
AP F0/1 S4
S3 Device S1 S2 S3 S4
Figure 2-4
Priority 24577 32769 32769 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
802.1D Port Roles - Scenario 3 G1/1
G1/1 S2
S1 F0/1
F0/1
G1/2
F0/1
G1/2
F0/1 S4
S3 Device S1 S2 S3 S4
Figure 2-4a
Priority 32769 32769 24577 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
802.1D Port Roles - Scenario 3 (answer) G1/1
G1/1 DP
S1 F0/1
AP RP
RP
DP F0/1
S2 F0/1
G1/2
DP
RP G1/2
DP F0/1 S4
S3 Root Device S1 S2 S3 S4
instructor.indb 19
19
Priority 32769 32769 24577 32769
MAC Address 000a:0001:1111 000a:0002:2222 000a:0003:3333 000a:0004:4444
3/12/14 7:51 AM
20
CCNA Routing and Switching Practice and Study Guide
Lab – Building a Switched Network with Redundant Links (SN 2.1.2.10/SwN 4.1.2.10)
Varieties of Spanning Tree Protocols STP has been improved multiple times since its introduction in the original IEEE 802.1D specification. A network administrator should know which type to implement based on the equipment and topology needs.
Comparing the STP Varieties Identify each of the STP varieties described in the following list: ■
Multiple Spanning Tree Protocol (MSTP): This is an IEEE that maps multiple VLANs into the same spanning tree instance.
■
Rapid Spanning Tree Protocol (RSTP) or IEEE 802.1w: This is an evolution of STP that provides faster convergence than STP.
■
802.1D-2004: This is an updated version of the STP standard, incorporating IEEE 802.1w.
■
PVST+: This is a Cisco enhancement of STP that provides a separate 802.1D spanning tree instance for each VLAN configured in the network.
■
Rapid PVST+: This is a Cisco enhancement that provides a separate instance of 802.1w per VLAN.
■
STP: This is the original IEEE 802.1D version (802.1D-1998 and earlier) that provides a loop-free topology in a network with redundant links.
Complete the cells in Table 2-2 to identify each the characteristics of each STP variety. Table 2-2
STP Characteristics - Exercise 1
Protocol
Standard
Resources Needed
Convergence
Tree Calculation
STP
802.1D
Low
Slow
All VLANs
PVST+
Cisco
High
Slow
Per VLAN
RSTP
802.1w
Medium
Fast
All VLANs
Rapid PVST+
Cisco
Very high
Fast
Per VLAN
MSTP
802.1s, Cisco
Medium or high
Fast
Per instance
In Table 2-3, indicate which varieties of STP are best described by the characteristic. Some characteristics apply to more than one STP variety.
instructor.indb 20
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
Table 2-3
21
STP Characteristics - Exercise 2
Characteristic
STP
PVST+
RSTP
Rapid PVST+
MSTP
A Cisco implementation of 802.1s that provides up to 16 instances of RSTP.
X
Cisco enhancement of RSTP.
X
The default STP mode for Cisco Catalyst switches.
X
Has the highest CPU and memory requirements. Can lead to suboptimal traffic flows.
X X
X
Cisco proprietary versions of STP.
X
Cisco enhancement of STP. Provides a separate 802.1D spanning-tree instance for each VLAN.
X
There is only 1 root bridge and 1 tree.
X
Uses 1 IEEE 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs.
X
Supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. An evolution of STP that provides faster STP convergence.
X
X
X
X
X X
Maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. First version of STP to address convergence issues, but still provided only one STP instance.
MST
X
X
PVST+ Operation After a switch boots, the spanning tree is immediately determined as ports transition through five possible states and three BPDU timers on the way to convergence. Briefly describe each state:
instructor.indb 21
■
Blocking: The port is an alternate port and does not participate in frame forwarding. The port continues to process received BPDU frames to determine the location and root ID of the root bridge and what port role the switch port should assume in the final active STP topology.
■
Listening: STP has determined that the port can be selected as a root port or designated port based upon the information in the BPDU frames it has received so far. At this point, the switch port is not only receiving BPDU frames, it is also transmitting its own BPDU frames and informing adjacent switches that the switch port is preparing to participate in the active topology. The port returns to blocking state if it is determined that the port does not provide the lowest cost path to the root bridge.
3/12/14 7:51 AM
22
CCNA Routing and Switching Practice and Study Guide
■
Learning: The port prepares to participate in frame forwarding and begins to populate the MAC address table.
■
Forwarding: The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames.
■
Disabled: The Layer 2 port does not participate in spanning tree and does not forward or process frames. The switch port is administratively disabled.
Once stable, every active port in the switched network is either in the forwarding state or the blocking state. List and briefly describe the four steps PVST+ performs for each VLAN to provide a loop-free logical topology. Step 1.
Elects one root bridge: The root bridge is the switch with the lowest bridge ID.
Step 2.
Selects the root port on each nonroot bridge: STP establishes one root port on each nonroot bridge. The root port is the lowest-cost path from the nonroot bridge to the root bridge.
Step 3.
Selects the designated port on each segment: The designated port is selected on the switch that has the lowest-cost path to the root bridge.
Step 4.
The remaining ports in the switched network are alternate ports: Alternate ports normally remain in the blocking state, to logically break the loop topology.
In Table 2-4, answer the “Operation Allowed” question with “yes” or “no” for each port state. Table 2-4
Operations Allowed at Each Port State
Operation Allowed
Port State Blocking
Listening
Learning
Forwarding
Disabled
Can receive and process BPDUs
Yes
Yes
Yes
Yes
No
Can forward data frames received on interface
No
No
No
Yes
No
Can forward data frames No switched from another interface
No
No
Yes
No
Can learn MAC addresses
No
Yes
Yes
No
No
Rapid PVST+ Operation RSTP (IEEE 802.1w) is an evolution of the original 802.1D standard and is incorporated into the IEEE 802.1D-2004 standard. Rapid PVST+ is the Cisco implementation of RSTP on a perVLAN basis. What is the primary difference between Rapid PVST+ and RSTP? With Rapid PVST+, an independent instance of RSTP runs for each VLAN. Briefly describe the RSTP concept that corresponds to the PVST+ PortFast feature. RSTP identifies those ports that can be considered edge ports that are directly connected to an end device. Because edge ports are not connected to another switch, they can immediately transition to the forwarding state.
instructor.indb 22
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
23
What command implements Cisco’s version of an edge port? spanning-tree portfast In Table 2-5, indicate whether the characteristic describes PVST+, Rapid PVST+, or both. Table 2-5
Comparing PVST+ and Rapid PVST+
Characteristic
PVST+
Rapid PVST+
Cisco proprietary protocol.
Both
X
Port roles: root, designated, alternate, edge, backup.
X
CPU processing and trunk bandwidth usage is greater than with STP.
X
Ports can transition to forwarding state without relying on a timer.
X
The root bridge is determined by the lowest BID + VLAN ID + MAC. Runs a separate IEEE 802.1D STP instance for each VLAN.
X X
Possible to have load sharing with some VLANS forwarding on each trunk.
X
Sends a BPDU “hello message” every 2 seconds.
X
Spanning-Tree Configuration It is crucial to understand the impact of a default switch configuration on STP convergence and what configurations can be applied to adjust the default behavior.
PVST+ and Rapid PVST+ Configuration Complete Table 2-6 to show the default spanning-tree configuration for a Cisco Catalyst 2960 series switch. Table 2-6
Default Switch Configuration
Feature
Default Setting
Enable state
Enabled on VLAN 1
Spanning-tree mode
PVST+
Switch priority
32768
Spanning-tree port priority (configurable on a per-interface basis)
128
Spanning-tree port cost (configurable on a per-interface basis)
1000 Mbps: 4 100 Mbps: 19 10 Mbps: 100
Spanning-tree VLAN port priority (configurable on a per-VLAN basis)
instructor.indb 23
128
3/12/14 7:51 AM
24
CCNA Routing and Switching Practice and Study Guide
Feature
Default Setting
Spanning-tree VLAN port cost (configurable on a per-VLAN basis)
1000 Mbps: 4 100 Mbps: 19 10 Mbps: 100
Spanning-tree timers
Hello time: 2 seconds Forward-delay time: 15 seconds Maximum-aging time: 20 seconds Transmit hold count: 6 BPDUs
Document the two different configuration commands that you can use to configure the bridge priority value so that the switch is root for VLAN 1. Use the value 4096 when necessary: S1(config)# spanning-tree vlan 1 root primary !or S1(config)# spanning-tree vlan 1 priority 4096
Record the command to verify that the local switch is now root: S1# show spanning-tree
VLAN0001 Spanning tree enabled protocol ieee Root ID
Priority
24577
Address
000A.0033.3333
This bridge is the root Hello Time
Bridge ID
2 sec
Max Age 20 sec
Priority
24577
Address
0019.aa9e.b000
Hello Time
2 sec
Forward Delay 15 sec
(priority 24576 sys-id-ext 1)
Max Age 20 sec
Forward Delay 15 sec
Aging Time 300
Interface
Role Sts Cost
Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------Fa0/1
Desg FWD 4
128.1
Shr
Fa0/2
Desg FWD 4
128.2
Shr
Explain the purpose of the BPDU guard feature on Cisco switches. The BPDU guard feature protects the spanning tree from recalculations that might occur if a BPDU is received on an edge port because it connected to a switch.
instructor.indb 24
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
25
What command interface configuration command enables BPDU guard? spanning-tree bpduguard enable What global configuration command will configure all nontrunking ports as edge ports? spanning-tree portfast default What global configuration command will configure BPDU guard on all PortFast-enabled ports? spanning-tree portfast bpduguard default The power of PVST+ is that it can load balance across redundant links. By default, the leastfavored redundant link is not used. So, you must manually configure PVST+ to use the link. Figure 2-5 represents a small section of Figure 2-1, showing only two distribution layer switches and one access layer switch. For this example, we have attached PC2 to S1. PC1 is assigned to VLAN 15, and PC2 is assigned to VLAN 25. D1 should be the primary root for VLAN 1 and VLAN 15 and the secondary root for VLAN 25. D2 should be the primary root for VLAN 25 and the secondary root for VLAN 15. Figure 2-5
PVST+ Configuration Topology Root for VLAN 15
Root for VLAN 25
D1
D2
S1
PC1
PC2
VLAN 15
VLAN 25
Based on these requirements, document the commands to modify the default PVST+ operation on D1 and D2. D1 commands D1(config)# spanning-tree vlan 1 root primary D1(config)# spanning-tree vlan 15 root primary D1(config)# spanning-tree vlan 25 root secondary
D2 commands D2(config)# spanning-tree vlan 15 root secondary D2(config)# spanning-tree vlan 25 root primary
instructor.indb 25
3/12/14 7:51 AM
26
CCNA Routing and Switching Practice and Study Guide
Document the commands to configure all nontrunking ports on S1 as edge ports with BPDU guard enabled. S1(config)# spanning-tree portfast default S1(config)# spanning-tree portfast bpduguard default
Now, assume that you want to run rapid PVST+ on all three switches. What command is required? spanning-tree mode rapid-pvst Lab - Configuring Rapid PVST+, PortFast, and BPDU Guard (SN 2.3.2.3/SwN 4.3.2.3) Packet Tracer Activity Packet Tracer Activity
Packet Tracer - Configuring PVST+ (SN 2.3.1.5/SwN 4.3.1.5) Packet Tracer - Configuring Rapid PVST+ (SN 2.3.2.2/SwN 4.3.2.2)
First Hop Redundancy Protocols Up to this point, we’ve been reviewing STP and how to manipulate the election of root bridges and load balance across redundant links. In addition to Layer 1 and Layer 2 redundancy, a high-availability network might also implement Layer 3 redundancy by sharing the default gateway responsibility across multiple devices. Through the use of a virtual IP address, two Layer 3 devices can share the default gateway responsibility. The section reviews First Hop Redundancy Protocols (FHRPs) that provide Layer 3 redundancy.
instructor.indb 26
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
27
Identify FHRP Terminology Match the definition on the left with the terms on the right. This is a one-to-one matching exercise. Definitions
Terms
b. The ability to dynamically recover from the failure of a device acting as the default gateway
b. First-hop redundancy
h. Two or more routers sharing a single MAC and IP address
d. Redundancy rrotocol
c. A device that is part of a virtual router group assigned to the role of default gateway
f. Virtual IP address
d. Provides the mechanism for determining which router should take the active role in forwarding traffic
a. Default gateway c. Forwarding router e. Standby router g. Virtual MAC address h. Virtual router
a. A device that routes traffic destined to network segments beyond the source network segment e. A device that is part of a virtual router group assigned the role of alternate default gateway f. A Layer 3 address assigned to a protocol that shares the single address among multiple devices g. The Layer 2 address returned by ARP for an FHRP gateway
instructor.indb 27
3/12/14 7:51 AM
28
CCNA Routing and Switching Practice and Study Guide
Identify the Type of FHRP In Table 2-7, indicate whether the characteristic describes HSRP, VRRP, or GLBP. Table 2-7
FHRP Characteristics
FHRP Characteristic
HSRP
Used in a group of routers for selecting an active device and a standby device.
GLBP
X
A nonproprietary election protocol that allows several routers on a multi-access link to use the same virtual IPv4 address. Cisco-proprietary FHRP protocol designed to allow for transparent failover of a first-hop IPv4 devices.
VRRP
X X
Cisco-proprietary FHRP protocol that protects data traffic from a failed router or circuit while also allowing load sharing between a group of redundant routers.
X
One router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails.
X
HSRP and GLBP Configuration and Verification Refer to the topology in Figure 2-6. R2 has been configured for HSRP group 20, priority 120, IP address 192.168.1.20, and virtual IP address 192.168.1.1. Figure 2-6
HSRP and GLBP Configuration Topology
Core
R2 192.168.1.20
Virtual IP 192.168.1.1
R1 192.168.1.10
Example 2-1 shows the HSRP configuration for R2. Example 2-1
R2 HSRP Configuration
R2# show run interface g0/1 interface GigabitEthernet0/1 ip address 192.168.1.20 255.255.255.0 standby 20 ip 192.168.1.1 standby 20 priority 120
instructor.indb 28
3/12/14 7:51 AM
Chapter 2: LAN Redundancy
29
Using the information in Example 2-1, document the commands to configure R1 as the HSRP active router in group 20 using a priority of 210. R1(config)# interface GigabitEthernet0/1 R1(config-if)# ip address 192.168.1.10 255.255.255.0 R1(config-if)# no shutdown R1(config-if)#standby 20 ip 192.168.1.1 R1(config-if)#standby 20 priority 210
What command would generate the following output to verify the HSRP configuration? R1# show standby brief P indicates configured to preempt. | Interface
Grp
Pri P State
Active
Standby
Virtual IP
Gi0/1
20
210
local
192.168.1.20
192.168.1.1
Active
Now assume that all HSRP configurations have been removed. R2 has been configured for GLBP group 20, priority 120, IP address 192.168.1.20, and virtual IP address 192.168.1.1. Example 2-2 shows the GLBP configuration for R2. Example 2-2
R2 GLBP Configuration
R2# show run interface g0/1 interface GigabitEthernet0/1 ip address 192.168.1.20 255.255.255.0 glbp 20 ip 192.168.1.1 glbp 20 priority 120
Using the information in Example 2-2, document the commands to configure R1 to be in GLBP group 20 using a priority of 210. R1(config)# interface GigabitEthernet0/1 R1(config-if)# ip address 192.168.1.10 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# glbp 20 ip 192.168.1.1 R1(config-if)# glbp 20 priority 210
What command would generate the following output to verify the GLBP configuration? R1# show glbp GigabitEthernet0/0 - Group 20 State is Active 1 state change, last state change 00:03:05 Virtual IP address is 192.168.1.1
instructor.indb 29
3/12/14 7:51 AM
30
CCNA Routing and Switching Practice and Study Guide
Hello time 3 sec, hold time 10 sec Next hello sent in 1.792 secs Redirect time 600 sec, forwarder timeout 14400 sec Preemption disabled Active is local Standby is 192.168.1.20, priority 120 (expires in 9.024 sec) Priority 210 (configured) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: round-robin Group members: 0006.f671.db58 (192.168.1.10) local 0006.f671.eb38 (192.168.1.20) There are 2 forwarders (1 active) Forwarder 1 State is Active 1 state change, last state change 00:02:53 MAC address is 0007.b400.0a01 (default) Owner ID is 0006.f671.db58 Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100 Forwarder 2 State is Listen MAC address is 0007.b400.0a02 (learnt) Owner ID is 0006.f671.eb38 Redirection enabled, 599.040 sec remaining (maximum 600 sec) Time to live: 14399.040 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 192.168.1.20 (primary), weighting 100 (expires in 9.312 sec)
Lab - Configuring HSRP and GLBP (SN 2.4.3.4/SwN 4.4.3.4)
instructor.indb 30
3/12/14 7:51 AM
CHAPTER 3
Link Aggregation
Link aggregation is the ability to create one logical link using multiple physical links between two devices. This allows load sharing among the physical links, rather than having a STP block one or more of the links.
instructor.indb 31
3/12/14 7:51 AM
32
CCNA Routing and Switching Practice and Study Guide
Link Aggregation Concepts One of the best ways to reduce the time it takes for STP convergence is to simply avoid STP. EtherChannel is a form of link aggregation used in switched networks.
EtherChannel Advantages EtherChannel technology was originally developed by Cisco as a technique of grouping several Fast Ethernet or Gigabit Ethernet switch ports into one logical channel. List at least three advantages to using EtherChannel: ■
Most configuration tasks can be done on the EtherChannel interface instead of on each individual port.
■
EtherChannel relies on existing switch ports. No need to upgrade.
■
Load balancing takes place between links that are part of the same EtherChannel.
■
EtherChannel creates an aggregation that is seen as one logical link. Where there is only one EtherChannel link, all physical links in the EtherChannel are active because STP sees only one (logical) link.
■
EtherChannel provides redundancy because the overall link is seen as one logical connection. Assuming at least one physical link is present; the EtherChannel remains functional, even if its overall throughput decreases because of a lost link within the EtherChannel.
EtherChannel Operation You can configure EtherChannel as static or unconditional. However, there are also two protocols that can be used to configure the negotiation process: Port Aggregation Protocol (PAgP— Cisco proprietary) and Link Aggregation Control Protocol (LACP—IEEE 802.3ad). These two protocols ensure that both sides of the link have compatible configurations—same speed, duplex setting, and VLAN information. The modes for each differ slightly. For PAgP, briefly describe each of the following modes: ■
On: This mode forces the interface to channel without PAgP.
■
Desirable: The interface initiates negotiations with other interfaces by sending PAgP packets.
■
Auto: The interface responds to the PAgP packets that it receives, but does not initiate PAgP negotiation.
For LACP, briefly describe each of the following modes: ■
On: This mode forces the interface to channel without LACP.
■
Active: The interface initiates negotiations with other interfaces by sending LACP packets.
■
Passive: The interface responds to the LACP packets that it receives, but does not initiate LACP negotiation.
In Table 3-1, indicate the mode that is described.
instructor.indb 32
3/12/14 7:51 AM
Chapter 3: Link Aggregation
Table 3-1
33
PAgP and LACP Modes
Mode
PAgP and/or LACP Mode Description
Active
Initiates LACP negotiations with other interfaces.
On
Forces EtherChannel state without PAgP or LACP initiated negotiations.
Auto
Places an interface in a passive, responding state. Does not initiate PAgP negotiations.
Desirable
Actively initiates PAgP negotiations with other interfaces.
Passive
Places an interface in a passive, responding state. Does not initiate LACP negotiations.
The mode that is configured on each side of the EtherChannel link determines whether EtherChannel will be operational. In Table 3-2, two switches are using PAgP. Indicate with “yes” or “no” whether EtherChannel is established. Table 3-2
EtherChannel Negotiation Using PAgP
Switch 1 Mode
Switch 2 Mode
EtherChannel Established?
Auto
Auto
No
Auto
Desirable
Yes
On
Desirable
No
On
Off
No
Desirable
Desirable
Yes
In Table 3-3, two switches are using LACP. Indicate with “yes” or “no” whether EtherChannel is established. Table 3-3
EtherChannel Negotiation Using LACP
Switch 1 Mode
Switch 2 Mode
EtherChannel Established?
Passive
On
No
Passive
Active
Yes
On
On
Yes
Passive
Passive
No
On
Active
No
Link Aggregation Configuration EtherChannel configuration is rather straightforward once you decide on which protocol you will use. In fact, the easiest method is to just force both sides to be on.
instructor.indb 33
3/12/14 7:51 AM
34
CCNA Routing and Switching Practice and Study Guide
Configuring EtherChannel To configure EtherChannel, complete the following steps: Step 1.
Specify the interfaces that, participate in the EtherChannel group using the interface range interface command. What are the requirements for each interface before they can form an EtherChannel? All interfaces must support EtherChannel, be configured with the same speed and duplex settings, support the same VLAN or be configured as a trunk, and share the same range of allowed VLANs on trunks.
Step 2.
Create the port channel interface with the channel-group identifier mode {on | auto | desirable | active | passive} command in interface range configuration mode. The keyword on forces the port to channel without PAgP or LACP. The keywords auto and desirable enable PAgP. The keywords active and passive enable LACP.
Step 3.
The channel-group command automatically creates a port channel interface using the identifier as the number. Use the interface port-channel identifier command to configure channel-wide settings like trunking, native VLANs, or allowed VLANs.
As you can see from the configuration steps, the way you specify whether to use PAgP, LACP, or no negotiations is by configuring one keyword in the channel-group command. So, with those steps in mind, consider Figure 3-1 in each of the following configuration scenarios. Figure 3-1
EtherChannel Topology Fa0/1 S1
Fa0/2
S2
EtherChannel Configuration Scenario 1 Record the commands, including the switch prompt, to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel without negotiations. Then force the channel to trunking using native VLAN 99. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode on S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan 99
EtherChannel Configuration Scenario 1 Record the commands, including the switch prompt, to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel using PAgP. S1 should initiate the negotiations. The channel should trunk, allowing only VLANs 1, 10, and 20. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode desirable S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk allowed vlan 1,10,20
instructor.indb 34
3/12/14 7:51 AM
Chapter 3: Link Aggregation
35
EtherChannel Configuration Scenario 1 Record the commands, including the switch prompt, to configure the S1 Fa0/1 and Fa0/2 into an EtherChannel using LACP. S1 should not initiate the negotiations. The channel should trunk, allowing all VLANs. S1(config)# interface range fa0/1-2 S1(config-range-if)# channel-group 1 mode passive S1(config-range-if)# interface port-channel 1 S1(config-if)# switchport mode trunk
Lab - Configuring EtherChannel (SN 3.2.1.4/SwN 5.2.1.4) Packet Tracer Activity
Packet Tracer - Configuring EtherChannel (SN 3.2.1.3/SwN 5.2.1.3)
Verifying and Troubleshooting EtherChannel Record the commands used to display the output in Example 3-1. Example 3-1
EtherChannel Verification Commands
S1# show interface port-channel1 Port-channel1 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0cd9.96e8.8a01 (bia 0cd9.96e8.8a01) MTU 1500 bytes, BW 200000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255
S1# show etherchannel summary Flags:
D - down
P - bundled in port-channel
I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port
Number of channel-groups in use: 1 Number of aggregators:
instructor.indb 35
1
3/12/14 7:51 AM
36
CCNA Routing and Switching Practice and Study Guide
Group
Port-channel
Protocol
Ports
------+-------------+-----------+----------------------------------------------1
Po1(SU)
LACP
Fa0/1(P)
Fa0/2(P)
S1# show etherchannel port-channel Channel-group listing: ----------------------
Group: 1 ---------Port-channels in the group: ---------------------------
Port-channel: Po1
(Primary Aggregator)
------------
Age of the Port-channel Logical slot/port
= 0d:00h:25m:17s
= 2/1
Number of ports = 2
HotStandBy port = null Port state
= Port-channel Ag-Inuse
Protocol
=
Port security
= Disabled
LACP
Ports in the Port-channel:
Index
Load
Port
EC state
No of bits
------+------+------+------------------+----------0
00
Fa0/1
Active
0
0
00
Fa0/2
Active
0
Time since last port bundled:
0d:00h:05m:41s
Fa0/2
Time since last port Un-bundled: 0d:00h:05m:48s
Fa0/2
S1# show interfaces f0/1 etherchannel Port state
Channel group = 1
Mode = Active
Gcchange = -
Port-channel
= Po1
GC
Pseudo port-channel = Po1
Port index
= 0
Load = 0x00
Flags:
instructor.indb 36
= Up Mstr Assoc In-Bndl
=
-
Protocol =
LACP
S - Device is sending Slow LACPDUs
F - Device is sending fast LACPDUs.
A - Device is in active mode.
P - Device is in passive mode.
3/12/14 7:51 AM
Chapter 3: Link Aggregation
37
Local information: LACP port
Admin
Oper
Port
Port
Port
Flags
State
Priority
Key
Key
Number
State
Fa0/1
SA
bndl
32768
0x1
0x1
0x102
0x3D
Partner's information:
LACP port Port
Flags
Priority
Dev ID
Fa0/1
SA
32768
0cd9.96d2.4000
Admin
Oper
Port
Port
Age
key
Key
Number
State
4s
0x0
0x1
0x102
0x3D
Age of the port in the current state: 0d:00h:24m:59s S1#
When troubleshooting an EtherChannel issue, keep in mind the configuration restrictions for interfaces that participate in the channel. List at least four restrictions. ■
All ports must be in the same VLANs or configured as trunks.
■
Trunking mode must be the same for each side of the channel.
■
Allowed VLANs on trunks must be the same for both sides.
■
Both sides of the channel must be configured with compatible PAgP or LACP dynamic negotiation options.
■
The link speed and duplex setting must match.
Refer to the output for S1 and S2 in Example 3-2. Record the command that generated the output. Example 3-2
Troubleshooting an EtherChannel Issue
S1# show etherchannel summary Flags:
D - down
P - bundled in port-channel
I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3
S - Layer2
U - in use
f - failed to allocate aggregator
M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators:
1
Group
Ports
Port-channel
Protocol
------+-------------+-----------+----------------------------------------------1
Po1(SD)
-
Fa0/1(D)
Fa0/2(D)
S1# show run | begin interface Port-channel
instructor.indb 37
3/12/14 7:51 AM
38
CCNA Routing and Switching Practice and Study Guide
interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/2 switchport mode trunk channel-group 1 mode auto ! S 1# S2# show run | begin interface Port-channel interface Port-channel1 switchport mode trunk ! interface FastEthernet0/1 switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/2 switchport mode trunk channel-group 1 mode auto ! S2#
Explain why the EtherChannel between S1 and S2 is down. Both sides of the link are set to the PAgP auto mode, which means that the interface will listen for PAgP packets but will not initiate negotiations. Neither side initiates negotiation, so the channel is down. EtherChannel and spanning tree must interoperate. For this reason, the order in which EtherChannel-related commands are entered is important. To correct this issue, you must first remove the port channel. Otherwise, spanning-tree errors cause the associated ports to go into blocking or errdisabled state. With that in mind, what would you suggest to correct the issue shown in Example 3-2 if the requirement is to use PAgP? What commands would be required? Remove the port channel 1 interface, and then configure the interfaces to use desirable mode. This can be done on one or both switches. S1(config)# no interface Port-channel 1 S1(config)# interface range f0/1 - 2 S1(config-if-range)# channel-group 1 mode desirable
instructor.indb 38
3/12/14 7:51 AM
Chapter 3: Link Aggregation
39
S1(config-if-range)# interface Port-channel 1 S1(config-if)# switchport mode trunk S2(config)# no interface Port-channel 1 S2(config)# interface range f0/1 - 2 S2(config-if-range)# channel-group 1 mode desirable S2(config-if-range)# no shutdown S2(config-if-range)# interface Port-channel 1 S2(config-if)# switchport mode trunk
Lab - Troubleshooting EtherChannel (SN 3.2.2.4/SwN 5.2.2.4) Packet Tracer Activity
instructor.indb 39
Packet Tracer - Troubleshooting EtherChannel (SN 3.2.2.3/SwN 5.2.2.3) Packet Tracer - Skills Integration Challenge (SN 3.3.1.2/SwN 5.3.1.2)
3/12/14 7:51 AM
instructor.indb 40
3/12/14 7:51 AM
CHAPTER 4
Wireless LANs
Wireless networks are becoming increasingly ubiquitous. If you have a router at home, chances are it supports a wireless LAN (WLAN). In the work environment, WLANs provide the ability to connect from any location at any time within the campus network. WLANs use radio frequencies that present some unique design and implementation considerations. This chapter reviews WLAN technology, components, security, planning, implementation, and troubleshooting.
instructor.indb 41
3/12/14 7:51 AM
42
CCNA Routing and Switching Practice and Study Guide
Wireless LAN Concepts Wireless access can result in increased productivity and more relaxed employees. With wireless networking, employees have the flexibility to work when they want, where they want. This section reviews basic wireless concepts and components.
Identify Wireless Technologies When referring to communication networks, the term wireless encompasses a wide variety of technologies. Although the focus for the CCNA student is on WLANs, you should also be aware of the basic features of other wireless technologies and applications. In Table 4-1, indicate the wireless technology described by each feature. Table 4-1
Identify the Wireless Technology
Wireless Technology Feature
Bluetooth
Wi-Fi
WiMax
Cellular
Clear line of sight required
X
IEEE 802.16 IEEE 802.15
X X
Uses 2G, 3G, and 4G variations
X
Supports speeds up to 1 Gbps
X
Provides mobile broadband connectivity
X
Supports download speeds up to 10 Mbps
X
Supports speeds up to 5 Mbps
X
Distance transmissions of up to 300 meters
X
Requires directional dish aligned with GEO device Supports speeds up to 24 Mbps
X X
Transmission distances of up to 30 miles (50 km) Distance transmissions of up to 100 meters
Satellite
X X
Supports speeds up to 7 Gbps
X
IEEE 802.11
X
WLANs standards began in 1997 with the first 802.11 specification. Subsequent revisions have increased the speed and changed the frequency. As the standard rapidly evolved, it became important to maintain backward compatibility so that devices would still be able to connect to newer and faster access points. In Table 4-2, all the current flavors of 802.11 are listed in chronological order. For each one, indicate the maximum speed, frequency or frequencies, and with what earlier versions the specification is compatible (if any).
instructor.indb 42
3/12/14 7:51 AM
Chapter 4: Wireless LANs
Table 4-2
43
Comparing the WLAN Standards
IEEE Standard Maximum Speed
Frequency
Backward Compatibility With
802.11
2 Mbps
2.4 GHz
None
802.11a
54 Mbps
5 GHz
None
802.11b
11 Mbps
2.4 GHz
None
802.11g
54 Mbps
2.4 GHz
802.11b
802.11n
600 Mbps
2.4 GHz and 5 GHz
802.11a/b/g
802.11ac
1.3 Gbps
5 GHz
802.11a/n
802.11ad
7 Gbps
2.4 GHz, 5 GHz, and 60 GHz 802.11a/b/g/n/ac
Using your completed Table 4-2, indicate in Table 4-3 the frequencies at which each standard operates. Table 4-3
WLAN Standards and Frequencies
2.4 GHz (UHF)
5 GHz (SFH)
802.11a
802.11a
60 GHz (EHF)
X
802.11a
802.11b
X
802.11b
802.11b
802.11g
X
802.11g
802.11g
802.11n
X
802.11n
X
802.11n
802.11ac
X
802.11ac
802.11ad
X
802.11ad
802.11ac X
802.11ad
X
As a network technician, you should be aware of other wireless applications that could potentially cause problems with your WLAN implementations. In Table 4-4, indicate the frequency for each wireless application. Some applications may use more than one frequency. Table 4-4
Wireless Application Frequencies
Wireless Application
2.4 GHz (UHF)
Cellular broadband
X
5 GHz (SHF)
X
Radar landing systems GPS systems
X X
Radio astronomy Bluetooth
60 GHz (EHF)
X
X
Satellite communications
X
Microwave communications
X
In Table 4-5, indicate whether the feature describes LANs or WLANs.
instructor.indb 43
3/12/14 7:51 AM
44
CCNA Routing and Switching Practice and Study Guide
Table 4-5
Comparing LANs and WLANs
WLAN or LAN Feature
802.3 LANs
Collision detection (CSMA/CD).
X
Cables are used to interconnect devices.
X
802.11 WLANs
Additional laws and regulations in local areas may apply.
X
Allows for device mobility.
X
Signal interference is normally not a problem.
X
Collision avoidance (CSMA/CA). Connects to an Ethernet switch.
X X
Radio frequencies (RFs) are used to interconnect devices.
X
Connects to an access point.
X
Provides for better security.
X
WLANs Components and Topologies Today, all laptops, tablets, and smartphones include an integrated wireless NIC. However, desktop computers usually do not. In a home or small office network, it might not be desirable or feasible to run cabling to a desktop. In such situations, you can easily install a wireless network interface card (NIC) to provide connectivity. Wireless NICs associate (and possibly authenticate) with an access point (AP). Briefly explain the difference between an autonomous AP and controller-based AP. Autonomous APs are standalone devices configured using the Cisco CLI or a GUI. Autonomous APs are useful in situations where only a couple of APs are required in the network. A home router is a good example of an autonomous AP. Controller-based APs are serverdependent devices that require no initial configuration, but are automatically configured and managed by a WLAN controller. Two or more autonomous APs can be combined into a cluster to ease management requirements. What four conditions must be met before a cluster can be formed: ■
Clustering mode is enabled on the APs.
■
The APs joining the cluster have the same cluster name.
■
The APs are connected on the same network segment.
■
The APs use the same radio mode.
Briefly explain the two main 802.11 wireless topologies:
instructor.indb 44
■
Ad hoc mode: When two devices connect wirelessly without the aid of an infrastructure device, such as a wireless router or AP. Examples include Bluetooth and Wi-Fi Direct.
■
Infrastructure mode: When wireless clients interconnect via a wireless router or AP, such as in WLANs. APs connect to the network infrastructure using the wired distribution system (DS), such as Ethernet.
3/12/14 7:51 AM
Chapter 4: Wireless LANs
45
In Figure 4-1, label the two wireless topologies with either infrastructure mode or ad hoc mode. Figure 4-1
WLAN Topologies
The topology on the left shows an example of infrastructure mode. The topology on the right shows an example of ad hoc mode. Infrastructure mode uses two topology building blocks: a basic service set (BSS) and an extended service set (ESS). Briefly describe each and how they interrelate. A BSS consists of a single AP interconnecting all associated wireless clients. When a single BSS provides insufficient RF coverage, two or more BSSs can be joined through a common distribution system (DS) into an ESS. Lab - Investigating Wireless Implementations (SN 4.1.2.10/SwN 8.1.2.10)
Wireless LAN Operations WLAN operations have similar structures and concepts to Ethernet’s 802.3. 802.11 uses a frame format similar to 802.3, but with more fields. 802.11 uses a collision detection system similar to Ethernet’s carrier sense multiple access collision detect (CSMA/CD). However, Ethernet does not have to worry about finding, authenticating, and associating with an AP. Nor does Ethernet have to worry about managing channels on the wireless radio frequencies. This section reviews the 802.11 frame, CSMA/CA, AP association, and channel management.
Label the 802.11 Frame In Figure 4-2, label each field in the 802.11 frame.
instructor.indb 45
3/12/14 7:51 AM
46
CCNA Routing and Switching Practice and Study Guide
Figure 4-2
802.11 Frame Format
Header
Figure 4-2a
Payload
FCS
Payload
FCS
802.11 Frame Format (answer)
Header
Frame Control
Duration
Address1 Address2 Address3
Sequence Address4 Control
Power Protocol Frame Frame More More ToDS FromDS Retry ManageSecurity Reserved Version Type Subtype Fragments Data ment
instructor.indb 46
3/12/14 7:51 AM
Chapter 4: Wireless LANs
47
Match the subfield description on the left with the subfield on the right. This is a one-to-one matching exercise. Subfield Description e. Indicates whether encryption/authentication is
being used b. Identifies the frame as either a management,
control, or data frame d. Active or power-save mode status of the send-
ing device
Subfield a. Protocol version b. Frame subtype c. FromDS d. Power management e. Security
a. Specifies which 802.11 protocols is being used c. Indicates to an associated AP client that data
is exiting a DS (distributed system)
instructor.indb 47
3/12/14 7:51 AM
48
CCNA Routing and Switching Practice and Study Guide
Wireless Media Contention A wireless device operates in a half-duplex, shared media environment. So, a wireless device must also sense the carrier because multiple devices have access—carrier sense multiple access (CSMA). However, unlike half-duplex Ethernet operations, a wireless device that is sending cannot also listen for collision. Therefore, IEEE developed a collision avoidance (the CA in CSMA/CA) mechanism called the distributed coordination function (DCF). Using DCF, a wireless client transmits only if the channel is clear. All transmissions are acknowledged. Therefore, if a wireless client does not receive an acknowledgment, it assumes a collision occurred and retries after a random waiting interval. In the flowchart in Figure 4-3, label the missing steps in the CSMA/CA process. Figure 4-3
CSMA/CA Process Start
Assemble a Frame
No
Yes
No
Yes Transmit Application Data
End
instructor.indb 48
3/12/14 7:51 AM
Chapter 4: Wireless LANs
Figure 4-3a
49
CSMA/CA Process (answer) Start
Assemble a Frame
Is the Channel Idle?
No
Wait for Random Backoff Time
Yes Transmit RTS
CTS Received?
No
Yes Transmit Application Data
End
instructor.indb 49
3/12/14 7:51 AM
50
CCNA Routing and Switching Practice and Study Guide
Associating with an AP Before a wireless device can communicate over the network, it must first associate with an AP or wireless router. To do so, it must discover and authenticate with an AP. Match the definitions on the left with the association parameter on the right. This is a one-to-one matching activity. Definitions
Security Parameter
e. A unique identifier that wireless clients use to distinguish between multiple wireless networks in the same vicinity
b. Password
d. Identifies the 802.11 WLAN standards supported by the AP
d. Network mode
a. Currently standards include WEP, WPA, or WPA2
a. Security mode c. Channel settings e. SSID
c. Refers to the frequency bands being used to transmit wireless data b. Prevents intruders and other unwanted users from associating with the AP
instructor.indb 50
3/12/14 7:51 AM
Chapter 4: Wireless LANs
51
To discover and connect with an AP or wireless routers, clients use a probing process, which can either be passive or active, as shown in Figure 4-4. Label each example as either passive or active. Figure 4-4
Two Methods to Discover an AP Sender
Sender
Receiver
Beacon Frame (0x08)
Probe Request Frame (0x04)
• SSID • Supported standards • Security settings
Beacon Frame (0x08)
Receiver
• SSID • Supported standards
Probe Response Frame (0x05)
• SSID • Supported standards • Security settings
• SSID • Supported standards • Security settings
Beacon Frame (0x08) • SSID • Supported standards • Security settings
Passive mode is illustrated on the left. Active mode is illustrated on the right. Briefly explain the two authentication mechanisms: ■
Open authentication: Fundamentally a NULL authentication where the wireless client says “authenticate me” and the AP responds with “yes.” Open authentication provides wireless connectivity to any wireless device and should only be used in situations where security is of no concern.
■
Shared-key authentication: Technique is based on a key that is pre-shared between the client and the AP.
After discovering and authenticating with an AP or wireless router, the wireless device goes through an association process. Label Step 3 in Figure 4-5 with the association substeps. Figure 4-5
instructor.indb 51
The AP Association Process Step 1 (Discovery):
Step 2 (Authentication):
Listen for beacon frames to find WLAN SSIDs (passive mode)
Agree with AP to share Open authentication
or
or
Send a probe request to the AP with or without a known SSID (active mode)
Initiate Shared Key authentication process
Step 3 (Association):
1
1.
Send client’s MAC address to AP.
2.
Receive AP’s MAC address (BSSID).
3.
Receive AP’s association identifier (AID).
2 3
3/12/14 7:51 AM
52
CCNA Routing and Switching Practice and Study Guide
Channel Management Concepts In wireless implementations, a common practice is for the radio wave frequencies to be allocated as ranges. Such ranges are then split into smaller ranges called channels. Depending on the 802.11 standard, there are various ways to manage these channels. Match the channels, frequency modulation technique, or standard on the right with the definitions on the left. Definitions
Channels, Frequency Modulation, and Standards
h. Spreads the signal over larger-frequency bands; used by 802.11b, cordless phones, CDMA cellular, and GPS networks
b. 12
c. Number of channels identified in Europe for 802.11b
d. 1,5,10
e. Nonoverlapping 802.11b channels i. Rapidly switches the signal over many frequency channels; used by the original 802.11 standard, walkie-talkies, and Bluetooth g. Supports four nonoverlapping channels and channel bonding
a. 11 c. 13 e. 1,6,11 f. 802.11g g. 802.11n h. DSSS i. FHSS j. OFDM
a. Number of channels identified in North America for 802.11b j. Maximizes spectral efficiency without causing adjacent channel interference; used by 802.11a/g/n/ad
instructor.indb 52
3/12/14 7:51 AM
Chapter 4: Wireless LANs
53
Wireless LAN Security WLANs present unique security concerns because anyone within range of the AP and with the correct credentials can gain access to the network.
WLAN Security Terminology Match the definitions on the left with the WLAN security terms on the right. This is a one-to-one matching exercise. Definitions k. Wireless home router connected to the corporate network without authorization f. Attacker sends a series of “disassociate” commands to all wireless clients within a BSS g. Attacker takes advantage of the CSMA/CA contention method to monopolize the bandwidth and deny all other clients access to the AP j. The 802.11i industry standard for securing wireless networks b. An AP configured with the same SSID as a legitimate AP
WLAN Security Term a. TKIP b. Man-in-the-middle attack c. SSID cloaking d. AES e. WEP f. Spoofed disconnect attack g. CTS Flood h. WPA i. MAC address filtering j. WPA2 k. Rogue AP
a. Uses Message Integrity Check (MIC) to ensure the message has not been tampered with h. Basically WEP with TKIP encryption e. Obsolete wireless authentication method i. Manually allow or deny based on physical address c. Disable the transmission of the beacon d. Uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which allows destination hosts to recognize whether the bits have been tampered with
instructor.indb 53
3/12/14 7:51 AM
54
CCNA Routing and Switching Practice and Study Guide
Identify the WLAN Security Characteristics The best way to secure a wireless network is to use authentication and encryption systems. The two major types of authentication are open authentication and shared authentication. Open is basically no authentication. Shared-key authentication comes in three flavors: WEP, WPA, and WPA2. In Table 4-6, indicate the authentication method for each characteristic. Table 4-6
WLAN Security Characteristics
WLAN Security Characteristic
Open Authentication
Shared-Key Authentication WEP
TKIP data encryption
WPA
X
AES data encryption
X
MIC authentication No password authentication
WPA2
X X
Medium security risk
X
Shared-key authentication
X
RC4 data encryption
X
No data encryption
X
Highest security risk
X
Lowest security risk High security risk
X X
CCMP authentication
X
Wireless LAN Configuration Modern wireless routers offer a variety of features, and most are designed to be functional right out of the box with the default settings. However, it is good practice to change this initial configuration—particularly, the default administrator password—so that public known default settings cannot be used to access the wireless settings.
Configuring WLAN Routers and Clients The best way to practice configuring wireless routers is to complete the Lab and Packet Tracer activities associated with the course. You can also make sure your own home router is configured with some of the following settings:
instructor.indb 54
■
Change the administrator password.
■
Change the IP addressing assigned through DHCP to wireless clients.
■
Change the service set identification (SSID) name. However, if you disable SSID broadcasts, users will have to manually enter the SSID.
■
Enable the strongest authentication protocol supported by the wireless router: hopefully WPA2.
3/12/14 7:51 AM
Chapter 4: Wireless LANs
55
■
Enable MAC address filtering if you know the devices that will be joining the WLAN. Otherwise, you will have to manually add new devices each time someone wants to access the WLAN.
■
If desired, configure a guest network and password for guest users to access the WLAN.
If you do not have access to a wireless router, Packet Tracer, or Lab equipment, you can search the Internet for “wireless router configuration simulation.” Several wireless router manufacturers host a simulation web page where you can practice configuring their specific GUI. Lab - Configuring a Wireless Router and Client (SN 4.4.2.3/SwN 8.4.2.3) Packet Tracer Activity
Packet Tracer - Configuring Wireless LAN Access (SN 4.4.2.2/SwN 8.4.2.2)
Troubleshooting WLAN Issues Troubleshooting WLAN issues normally requires an elimination process. Start with the wireless client by checking the following: ■
Does the client have a valid IP address configuration?
■
Can the client successfully access the wired network?
■
Is the client configured with the correct security settings?
■
Is the client configured with the correct channel and SSID?
■
Is the wireless NIC driver up-to-date?
If the wireless client is operating as expected, check the following: ■
Is the AP powered on?
■
How far away is the closest AP?
■
Are other devices in the area interfering with the signal?
■
Are there any cabling or connector issues?
Finally, check the configuration of the AP to verify that it conforms to the desired specifications. Occasionally, issues with the AP software are identified and corrected by the manufacturer. So, you should regularly check to make sure that the firmware is up-to-date on the AP. Packet Tracer Challenge
instructor.indb 55
Packet Tracer - Skills Integration Challenge (SN 4.5.1.2/SwN 8.5.1.2)
3/12/14 7:51 AM
instructor.indb 56
3/12/14 7:51 AM
CHAPTER 5
Adjust and Troubleshoot Single-Area OSPF
Although we will spend a little bit of time on it, you should already know how to configure basic single-area OSPF. This chapter focuses on the concepts and configurations to fine-tune the operation of OSPF, including manipulating the designated router / backup designated router (DR/BDR) election, propagating a default router, fine-tuning Open Shortest Path First (OSPF) Protocol interfaces, and authenticating OSPF neighbors.
instructor.indb 57
3/12/14 7:51 AM
58
CCNA Routing and Switching Practice and Study Guide
Advanced Single-Area OSPF Configurations In this section, we review the concepts and configurations to fine-tune the operation of OSPFv2 and OSPFv3.
Single-Area OSPF Configuration Review The following activity may look familiar to you if you also used the CCENT Practice and Study Guide. It is repeated here so that you can get back up to speed on OSPF before we look at more advanced configurations.
Configuring Single-Area OSPFv2 Figure 5-1 shows the topology that we will use to configure OSPFv2 and OSPFv3. This first topology shows IPv4 network addresses. The IPv4 addressing scheme is in Table 5-1. Figure 5-1
OSPFv2 Topology with IPv4 Network Addresses 192.168.1.0/26
G0/0
S0/0/0
192.168.1.252/30
S0/0/1 192.168.1.248/30 S0/0/1
384 kbps
S0/0/0 DCE
192.168.1.64/26 G0/0
RTB
IPv4 Addressing Scheme for OSPFv2
Device
Interface
IPv4 Address
Subnet Mask
RTA
G0/0
192.168.1.1
255.255.255.192
S0/0/0
192.168.1.253
255.255.255.252
S0/0/1
192.168.1.245
255.255.255.252
Router ID
1.1.1.1
G0/0
192.168.1.65
255.255.255.192
S0/0/0
192.168.1.249
255.255.255.252
S0/0/1
192.168.1.246
255.255.255.252
Router ID
2.2.2.2
G0/0
192.168.1.129
255.255.255.192
S0/0/0
192.168.1.254
255.255.255.252
S0/0/1
192.168.1.250
255.255.255.252
Router ID
3.3.3.3
RTB
RTC
instructor.indb 58
192.168.1.244/30 T1
S0/0/0 DCE
RTC
Table 5-1
S0/0/1 DCE
OSPF Area 0
T1
192.168.1.128/26 G0/0
RTA
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
59
In the space provided, document the correct commands, including the router prompt, to configure the routers in Figure 5-1 with OSPFv2. Include commands to configure the router ID and disable updates on the LAN interface. RTA(config)# router ospf 1 RTA(config-router)# router-id 1.1.1.1 RTA(config-router)# network 192.168.1.0 0.0.0.63 area 0 RTA(config-router)# network 192.168.1.244 0.0.0.3 area 0 RTA(config-router)# network 192.168.1.252 0.0.0.3 area 0 RTA(config-router)# passive-interface g0/0 RTB(config)# router ospf 1 RTB(config-router)# router-id 2.2.2.2 RTB(config-router)# network 192.168.1.64 0.0.0.63 area 0 RTB(config-router)# network 192.168.1.244 0.0.0.3 area 0 RTB(config-router)# passive-interface g0/0 RTC(config)# router ospf 1 RTC(config-router)# router-id 3.3.3.3 RTC(config-router)#network 192.168.1.128 0.0.0.63 area 0 RTC(config-router)#network 192.168.1.252 0.0.0.3 area 0 RTC(config-router)# passive-interface g0/0
Verifying Single-Area OSPFv2 Fill in the missing command to complete the following sentences: The show ip ospf neighbor command can be used to verify and troubleshoot OSPF neighbor relationships. The show ip protocols command is a quick way to verify vital OSPF configuration information, including the OSPF process ID, the router ID, networks the router is advertising, the neighbors the router is receiving updates from, and the default administrative distance, which is 110 for OSPF. The show ip ospf command can also be used to examine the OSPF process ID and router ID. In addition, this command displays the OSPF area information as well as the last time the SPF algorithm was calculated. The quickest way to verify Hello and Dead intervals is to use the show ip ospf interface command. The quickest way to verify OSPF convergence is to use the show ip route command to view the routing table for each router in the topology.
Configuring Single-Area OSPFv3 Figure 5-2 shows the same topology we used for OSPFv2, but with IPv6 network addresses. Table 5-2 shows the IPv6 addressing scheme.
instructor.indb 59
3/12/14 7:51 AM
60
CCNA Routing and Switching Practice and Study Guide
Figure 5-2
OSPFv3 Topology with IPv6 Network Addresses 2001:DB8:1:1::/64
G0/0
RTA
S0/0/0
2001:DB8:F:AC::/64
OSPF Area 0
T1
2001:DB8:1:3::/64 G0/0
Device
RTA
RTB
RTC
2001:DB8:F:AB::/64 T1
S0/0/0 DCE
S0/0/1 2001:DB8:F:BC::/64
RTC
Table 5-2
S0/0/1 DCE
S0/0/1
384 kbps
S0/0/0 DCE
2001:DB8:1:2::/64 G0/0
RTB
IPv6 Addressing Scheme for OSPFv3 Interface
IPv6 Address/Prefix
G0/0
2001:DB8:1:1::1/64
S0/0/0
2001:DB8:F:AC::1/64
S0/0/1
2001:DB8:F:AB::1/64
Link-local
FE80::A
Router ID
1.1.1.1
G0/0
2001:DB8:1:2::1/64
S0/0/0
2001:DB8:F:BC::1/64
S0/0/1
2001:DB8:F:AB::2/64
Link-local
FE80::B
Router ID
2.2.2.2
G0/0
2001:DB8:1:3::1/64
S0/0/0
2001:DB8:F:AC::2/64
S0/0/1
2001:DB8:F:BC::2/64
Link-local
FE80::C
Router ID
3.3.3.3
The routers are already configured with interface addressing. Record the correct commands, including the router prompt, to configure the routers with OSPFv3. Include commands to enable IPv6 routing, configure the router ID, change the reference bandwidth to 10000, and disable updates on the LAN interface. Except for the router ID, the commands are the same for all three routers. So, you need to document only one router. RTA(config)# ipv6 unicast-routing RTA(config)# ipv6 router ospf 10 RTA(config-rtr)# router-id 1.1.1.1 RTA(config-rtr)# auto-cost reference-bandwidth 10000 RTA(config-rtr)# passive-interface g0/0
instructor.indb 60
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
61
RTA(config-rtr)# interface g0/0 RTA(config-if)# ipv6 ospf 10 area 0 RTA(config-if)# interface s0/0/0 RTA(config-if)# ipv6 ospf 10 area 0 RTA(config-if)# interface s0/0/1 RTA(config-if)# ipv6 ospf 10 area 0
Verifying Single-Area OSPFv3 Fill in the missing command to complete the following sentences: The show ipv6 ospf neighbor command can be used to verify and troubleshoot OSPF neighbor relationships. The show ipv6 protocols command is a quick way to verify vital OSPF configuration information, including the OSPF process ID, the router ID, and interfaces the router is advertising. The show ipv6 ospf command can also be used to examine the OSPF process ID and router ID. In addition, this command displays the OSPF area information as well as the last time the SPF algorithm was calculated. To view a quick summary of OSPFv3-enabled interfaces, use the show ipv6 ospf interface brief command. However, the quickest way to verify Hello and Dead intervals is to use the show ipv6 ospf interface command. The quickest way to verify OSPF convergence is to use the show ipv6 route command to view the routing table for each router in the topology. Lab - Configuring Basic Single-Area OSPFv2 (SN 5.1.1.9)
instructor.indb 61
3/12/14 7:51 AM
62
CCNA Routing and Switching Practice and Study Guide
Identify Network Types Match the definition on the left with the network type on the right. This is a one-to-one matching exercise. Definitions
Network Type
e. Connects distant OSPF networks to the backbone area
a. Broadcast multi-access b. Nonbroadcast multi-access
b. Connects multiple routers using Frame Relay
c. Point to multipoint
c. Connects multiple routers in a hub-and-spoke topology
d. Point to point e. Virtual links
d. Connects two routers directly on a single WAN network a. Connects multiple routers using Ethernet technology
instructor.indb 62
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
63
In Figure 5-3, label each network type. Figure 5-3
Network Types
Internet
R2
R1
Frame Relay
R3
R3
R3
Starting from the top and going clockwise: point to point, broadcast multi-access, nonbroadcast multi-access (NBMA), point to multipoint.
OSPF and Multi-Access Networks A multi-access network is a network with more than two devices on the same shared media. Examples of multi-access networks include Ethernet and Frame Relay. Frame Relay is a WAN technology that is discussed in a later CCNA course. The following exercises cover the concepts of multi-access networks in OSPF and the DR/BDR election process.
OSPF and Multi-Access Networks Completion Exercise Complete the missing words or phrases in the following paragraphs. On multi-access networks (networks supporting more than two routers) such as Ethernet and Frame-Relay networks, the hello protocol elects a designated router (DR) and a backup designated router (BDR). Among other things, the designated router is responsible for generating LSAs for the entire multi-access network which allows a reduction in routing update traffic. The DR, BDR, and every other router in an OSPF network sends out Hellos using 224.0.0.5 as the destination address. If a DRother (a router that is not the DR) needs to send a link-state advertisement (LSA), it will send it using 224.0.0.6 as the destination address. The DR and the BDR will receive LSAs at this address. The DR/BDR election is based on OSPF priority and OSPF router ID. By default, all OSPF routers have a priority of 1. If all OSPF routers have the same priority, the highest router ID determines the DR and BDR. If the router ID is not explicitly configured and a loopback interface is not configured, the highest IP address on an active interface at the moment of OSPF process startup is used as the router ID. In Figure 5-4, label the steps taken to elect the DR.
instructor.indb 63
3/12/14 7:51 AM
64
CCNA Routing and Switching Practice and Study Guide
Figure 5-4
Steps in the DR Election Process
Step 2a
If router values from Step 1 are exactly the same,then...
Step 1
Step 2
Step 2b
Step 2c
Step 1: Highest interface priority values. Step 2: Highest router ID. Step 2a: Highest manually configured router ID. Step 2b: Highest loopback address. Step 2c: Highest active interface IP address. Use the topology in Figure 5-5 to determine the router ID for each router, and then determine which router will be the DR, if applicable. Figure 5-5
Determine the Router ID RTF
G0/0: 10.1.19.1/24
S0/0: 209.165.201.2/27
Lo0: 192.168.10.5/32 RTA
S0/0: 10.1.16.2/30
RTB
G0/1: 10.1.10.4/24
S0/0: 10.1.16.1/30 Lo0 192.168.10.1/32
RTE
S0/0: 209.165.201.1/27
G0/0: 10.1.10.2/24
G0/1: 10.1.10.3/24 Lo0: 192.168.10.3/32
RTD
G0/0: 10.1.13.2/24
G0/1: 10.1.10.1/24 RTC
G0/0: 10.1.13.1/24
In Table 5-3, record the router ID for each router. Table 5-3
Listing of Router IDs
Device
Router ID
Router A
192.168.10.5
Router B
209.165.201.1
Router C
10.1.10.1
Router D
192.168.10.3
Router E
192.168.10.1
Router F
209.165.201.2
In Table 5-4, determine whether a DR will be elected for each network and record the DR’s hostname. If no DR is elected, indicate so with “none.”
instructor.indb 64
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
Table 5-4
65
Listing of DRs
Network
DR
209.165.201.0
None
10.1.16.0
None
10.1.13.0
Router D
10.1.10.0
Router B
Note: Configure your OSPFv2 routers with a router ID to control the DR/BDR election. With OSPFv3, you must configure a router ID.
Setting the priority on the interface is another way to control DR or BDR. In addition to configuring loopbacks, it is a good idea to configure RTA with an OSPF priority that will ensure it always wins the DR/BDR election. The syntax for configuring OSPF priority is as follows: Router(config-if)# ip ospf priority priority
Document the commands you use to configure on RTA to make sure that its priority will always win the DR/BDR election. RTA(config)# interface Fa 0/0 RTA(config-if)# ip ospf priority 2 !Any priority higher than the default of 1 will work.
DR/BDR Election Exercise In the following exercises, assume that all routers are simultaneously booted and that router priorities are set to the default. Determine the network type, if applicable, and label which router is elected as the DR and which router is elected as the BDR. Refer to Figure 5-6 and answer the following questions. Figure 5-6
DR/BDR Election Exercise 1 Topology Fa0/0 = 172.16.1.1 Lo0 = 192.168.1.4
Fa0/0 = 172.16.1.2 Lo0 = 192.168.1.3
RTA
RTB
RTC
RTD
Fa0/0 = 172.16.1.3 S0/0/0 = 192.168.5.1 Lo0 = 192.168.1.2
Fa0/0 = 172.16.1.4 S0/0/0 = 192.168.5.2 Lo0 = 192.168.1.1
What is the router ID for RTA? 192.168.1.4 What is the router ID for RTB? 192.168.1.3 What is the router ID for RTC? 192.168.1.2 What is the router ID for RTD? 192.168.1.1
instructor.indb 65
3/12/14 7:51 AM
66
CCNA Routing and Switching Practice and Study Guide
Which router will be elected DR? RTA Which router will be elected BDR? RTB Refer to Figure 5-7 and determine whether there will be a DR/BDR election. If applicable, designate which router is DR and which router is BDR. Figure 5-7
DR/BDR Election Exercise 2 Topology 172.15.1.1/30 S0/0/0
172.18.1.2/30 S0/0/1
RTA
172.15.1.2/30 S0/0/0
172.18.1.1/30 S0/0/0
RTD
RTB
Fa0/0 172.16.1.2/24
Fa0/0 172.17.1.2/24
Fa0/1 172.16.1.1/24
Fa0/0 172.17.1.1/24
RTC
Network
DR/BDR Election?
Which Router Is the DR?
Which Router Is the BDR?
172.15.1.0/30
No
N/A
N/A
172.16.1.0/24
Yes
RTC
RTD
172.17.1.0/24
Yes
RTB
RTC
172.18.1.0/30
No
N/A
N/A
Refer to Figure 5-8 and answer the following questions. Figure 5-8
DR/BDR Election Exercise 3 Topology Fa0/0 = 192.168.0.1/24 S0/0/0 = 209.165.201.2/30
RTA
S0/0/0
ISP S0/0/0 = 209.165.201.1/30
Fa0/0
OSPF Area 0 Fa0/0
Fa0/0 S0/0/0
RTC
S0/0/0
Fa0/0 = 192.168.0.3/24 S0/0/0 = 192.168.1.3/30 Lo0 = 10.1.1.1/32
instructor.indb 66
RTB Fa0/0 = 192.168.0.2/24 S0/0/0 = 192.168.1.2/30
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
67
What is the router ID for RTA? 209.165.201.2 What is the router ID for RTB? 192.168.1.2 What is the router ID for RTC? 10.1.1.1 Which router is DR for the 192.168.0.0/24 network? RTA Which router is BDR for the 192.168.0.0/24 network? RTB Now assume a priority of zero on RTA. Which router is DR for the 192.168.1.0/24 network? RTB What will happen if another router, RTD, joins the 192.168.0.0/24 network with a router ID of 209.165.201.9? Nothing. Both the DR and BDR have to go down before RTD can become the DR.
Redistributing an OSPF Default Route Exercise In some topology configurations and routing policy situations, it is desirable to have an Autonomous System Boundary Router (ASBR) redistribute a default route to the OSPF neighbors in the area. This can be quickly accomplished in both OSPFv2 and OSPFv3.
OSPFv2 Default Route Redistribution In Figure 5-9, notice that RTA is now our gateway router because it provides access outside the area. In OSPF terminology, RTA is called the Autonomous System Boundary Router (ASBR) because it connects to an external routing domain that uses a different routing policy. Figure 5-9
Propagating a Default Route in OSPFv2 192.168.1.0/26
Default Route
G0/0
S0/0/0 DCE
S0/1/0
Address Space 192.168.1.0/24
RTA S0/0/0
209.165.201.2/30 S0/0/1 DCE
RTA Propagates Default Route to RTB and RTC
192.168.1.252/30 T1
209.165.201.1/30
ISP
Static Route
192.168.1.244/30
Public Web Server
T1
209.165.202.129/30
S0/0/0 DCE
192.168.1.128/26 G0/0
RTC
OSPF Area 0 192.168.1.64/26
S0/0/1 384 kbps
S0/0/0 DCE
S0/0/1 192.168.1.248/30
G0/0
RTB
Each routing protocol handles the propagation of default routing information a little differently. For OSPF, the gateway router must be configured with two commands. First, RTA will need a static default route pointing to ISP. Document the command to configure a static default route on RTA using the exit interface argument. RTA(config)# ip route 0.0.0.0 0.0.0.0 serial 0/1/0
instructor.indb 67
3/12/14 7:51 AM
68
CCNA Routing and Switching Practice and Study Guide
Using the exit interface argument, document the command necessary to configure ISP with a static route pointing to the 192.168.1.0/24 address space. ISP(config)# ip route 192.168.1.0 255.255.255.0 serial 0/0/0
At this point, any host on the LAN attached to RTA will be able to access ISP and be able to ping the Public Web Server at 209.165.202.129. However, RTB and RTC still cannot ping outside the 192.168.1.0/24 address space. Why? Because neither router has a default route Document the command that needs to be configured on RTA to fix this problem. RTA(config)# router ospf 1 RTA(config-router)# default-information originate
OSPFv3 Default Route Redistribution Configuring OSPFv3 to propagate a default route is essentially the same tasks as you do in OSPFv2. Figure 5-10 is an IPv6 version of Figure 5-9. Figure 5-10
Propagating a Default Route in OSPFv3 2001:DB8:1:1::/64 2001:DB8:CAFE:1::F/64 Default Route
G0/0
S0/0/0 DCE
S0/1/0
Address Space 2001:DB:1::/48
RTA S0/0/0
209.165.201.2/30 S0/0/1 DCE
RTA Propagates Default Route to RTB and RTC
2001:DB8:1:AC::/64 T1
209.165.201.1/30
ISP
Static Route
2001:DB8:1:AB::/64
Public Web Server
T1
2001:DB8:CAFE:F::F/64
S0/0/0 DCE
2001:DB8:1:3::/64 G0/0
RTC
OSPF Area 0 2001:DB8:1:2::/64
S0/0/1 384 kbps
S0/0/0 DCE
S0/0/1 2001:DB8:1:BC::/64
G0/0
RTB
Document the command to configure a static default route on RTA using the exit interface argument. RTA(config)# ipv6 route ::/0 serial 0/1/0
Using the exit interface argument, document the command necessary to configure ISP with a static route pointing to the 2001:DB8:1::/48 address space. ISP(config)# ipv6 route 2001:DB8:1::/48 serial 0/0/0
Document the command that will cause RTA to propagate the default router to RTB and RTC. RTA(config)#ipv6 router ospf 1 RTA(config-rtr)#default-information originate
instructor.indb 68
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
69
Fine-Tuning OSPF Interfaces OSPF routers must use matching Hello intervals and Dead intervals on the same link. The default interval values result in efficient OSPF operation and seldom need to be modified. However, you can change them. Again, refer to Figure 5-9. Assuming that the current intervals are 10 and 40, document the commands necessary to change these OSPFv2 intervals on the link between RTB and RTC to a value four times greater than the current value. RTB(config)# interface serial 0/0/0 RTB(config-if)# ip ospf hello-interval 40 RTB(config-if)# ip ospf dead-interval 160 RTC(config)# interface serial 0/0/1 RTC(config-if)# ip ospf hello-interval 40 RTC(config-if)# ip ospf dead-interval 160
Note that it is not necessary to configure the Dead interval as long as the desired interval is four times the Hello. The IOS will automatically increase the Dead interval to four times the configured Hello interval. Now refer to Figure 5-10. Assuming that the current intervals are 10 and 40, document the commands necessary to change the OSPFv3 intervals on the link between RTB and RTC to a value four times greater than the current value. RTB(config)# interface serial 0/0/0 RTB(config-if)# ipv6 ospf hello-interval 40 RTB(config-if)# ipv6 ospf dead-interval 160 RTC(config)# interface serial 0/0/1 RTC(config-if)# ipv6 ospf hello-interval 40 RTC(config-if)# ipv6 ospf dead-interval 160
Other than the show run command, what commands can you use to verify OSPF timers on an interface for both IPv4 and IPv6? show ip ospf interface show ipv6 ospf interface
Securing OSPFv2 with MD5 Authentication Because routers are targets for network attacks, you should always configure authentication services for OSPFv2 using the strongest authentication available: MD5 (message digest algorithm 5). Assume the routers in Figure 5-11 are using MD5 authentication to exchange OSPFv2 routing updates. Briefly explain the steps in MD5 authentication as R1 sends an OSPF message to R2. Figure 5-11
OSPFv2 MD5 Authentication Between R1 and R2 S0/0/0 R1
instructor.indb 69
S0/0/1
R2
3/12/14 7:51 AM
70
CCNA Routing and Switching Practice and Study Guide
Both routers are configured with a pre-shared key. So when R1 has a message to send to R2, it combines the message with the key using MD5 to calculate a signature—known as a hash value. R1 adds the signature to the message and sends it to R2. Once received by R2, it combines the message with the key and uses MD5 to calculate the signature. If signatures match, R2 accepts the message. If not, R2 discards the message. You can configure OSPFv2 MD5 authentication globally, forcing all OSPF interfaces to use authentication. Or you can configure authentication on specific interfaces. Document the command syntax, including the router prompt, to enable OSPFv2 MD5 authentication on all interfaces. In router configuration mode: Router(config-router)# area area-id authentication message-digest
Then on each interface: Router(config-if)# ip ospf message-digest-key key md5 password
Document the command syntax including the router prompt to enable OSPFv2 MD5 authentication only on specific interfaces. On a specific interface: Router(config-if)# ip ospf message-digest-key key md5 password Router(config-if)# ip ospf authentication message-digest
Refer to Figure 5-9. Document the commands to configure RTA to use MD5 authentication globally on all OSPF interfaces. Choose your own process ID and key values. RTA(config)# router ospf 1 RTA(config-router)# area 0 authentication message-digest RTA(config-router)# interface s0/0/0 RTA(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTA(config-if)# interface s0/0/1 RTA(config-if)# ip ospf message-digest-key 1 md5 cisco123
Document the commands to configure RTB to use MD5 authentication on the serial interfaces only. Choose your own process ID and key values. RTB(config)# interface s0/0/0 RTB(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTB(config-if)# ip ospf authentication message-digest RTB(config-if)# interface s0/0/1 RTB(config-if)# ip ospf message-digest-key 1 md5 cisco123 RTB(config-if)# ip ospf authentication message-digest
What command can you use to verify OSPF MD5 authentication? show ip ospf interface Note: Cisco IOS supports a simple authentication method. However, this method sends the password in plain text. Therefore, it is not considered a best practice.
instructor.indb 70
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
71
Lab - Configuring OSPFv2 Advance Features (SN 5.1.5.8/RP 7.1.4.8) Packet Tracer Activity
Packet Tracer - Configuring OSPFv2 Advance Features (SN 5.1.5.7/RP 7.1.4.7)
Troubleshooting Single-Area OSPF Implementations Troubleshooting single-area OSPF is required skill for any network professional involved in the implementation and maintenance of an OSPF network. Solid understanding of OSPF operation and the impact of the OSPF configuration commands is essential.
OSPF Adjacency Issues A common problem in OSPF convergence is a lack of adjacency with OSPF neighbors. List at least four reasons why adjacency might fail to establish. ■
The interfaces are not on the same network.
■
OSPF network types do not match.
■
OSPF Hello or Dead timers do not match.
■
Interface to neighbor is incorrectly configured as passive.
■
There is a missing or incorrect OSPF network command (OSPFv2), or OSPF is not configured correctly on the interface (OSPFv3).
■
Authentication is misconfigured.
What are the OSPFv2 and OSPFv3 commands you use to quickly verify adjacency between OSPF routers? show ip ospf neighbors show ipv6 ospf neighbors The command will list a state for each known OSPF router. What are the seven states OSPF transitions through on its way to convergence? Down, Init, Two-Way, Exstart, Exchange, Loading, Full
Identify OSPFv2 Troubleshooting Commands The following output is from the topology shown in Figure 5-9. Indicate the command used to generate the output. RTA# show ip route ospf Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route
instructor.indb 71
3/12/14 7:51 AM
72
CCNA Routing and Switching Practice and Study Guide
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
192.168.1.0/24 is variably subnetted, 9 subnets, 3 masks O
192.168.1.64/26 [110/65] via 192.168.1.246, 00:19:35, Serial0/0/1
O
192.168.1.128/26 [110/65] via 192.168.1.254, 00:19:10, Serial0/0/0
O
192.168.1.248/30 [110/128] via 192.168.1.254, 00:19:10, Serial0/0/0 [110/128] via 192.168.1.246, 00:19:35, Serial0/0/1
RTA# show ip ospf neighbor
Neighbor ID
Pri
State
192.168.1.254
0
FULL/
192.168.1.249
0
FULL/
Dead Time
Address
Interface
-
00:00:31
192.168.1.254
Serial0/0/0
-
00:00:32
192.168.1.246
Serial0/0/1
RTA# show ip ospf interface serial 0/0/0 Serial0/0/0 is up, line protocol is up Internet Address 192.168.1.253/30, Area 0, Attached via Network Statement Process ID 1, Router ID 192.168.1.253, Network Type POINT_TO_POINT, Cost: 64 Topology-MTID
Cost
Disabled
Shutdown
0
64
no
no
Topology Name Base
Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 3/3, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 192.168.1.254 Suppress hello for 0 neighbor(s) RTA# show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.1.253 It is an autonomous system boundary router
instructor.indb 72
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
73
Redistributing External Routes from, Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 192.168.1.0 0.0.0.63 area 0 192.168.1.244 0.0.0.3 area 0 192.168.1.252 0.0.0.3 area 0 Routing Information Sources: Gateway
Distance
Last Update
192.168.1.246
110
00:18:13
192.168.1.254
110
00:17:48
Distance: (default is 110) RTA# show ip ospf Routing Process "ospf 1" with ID 192.168.1.253 Start time: 00:44:46.536, Time elapsed: 00:23:27.360 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 3101) Event-log enabled, Maximum number of events: 1000, Mode: cyclic It is an autonomous system boundary router Redistributing External Routes from, Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x003416 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled
instructor.indb 73
3/12/14 7:51 AM
74
CCNA Routing and Switching Practice and Study Guide
Reference bandwidth unit is 100 mbps Area BACKBONE(0) Number of interfaces in this area is 3 Area has no authentication SPF algorithm last executed 00:16:47.472 ago SPF algorithm executed 4 times Area ranges are Number of LSA 3. Checksum Sum 0x00E037 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Identify OSPFv3 Troubleshooting Commands The following output is from the topology shown in Figure 5-10. Indicate the command used to generate the output. RTC# show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "ND" IPv6 Routing Protocol is "ospf 1" Router ID 3.3.3.3 Number of areas: 1 normal, 0 stub, 0 nssa Interfaces (Area 0): GigabitEthernet0/0 Serial0/0/1 Serial0/0/0 Redistribution: None RTC# show ipv6 ospf neighbor
OSPFv3 Router with ID (3.3.3.3) (Process ID 1)
Neighbor ID
Pri
State
2.2.2.2
0
FULL/
1.1.1.1
0
FULL/
Dead Time
Interface ID
Interface
-
00:00:39
6
Serial0/0/1
-
00:00:31
6
Serial0/0/0
RTC# show ipv6 ospf interface serial 0/0/1 Serial0/0/1 is up, line protocol is up Link Local Address FE80::C, Interface ID 7 Area 0, Process ID 1, Instance ID 0, Router ID 3.3.3.3 Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT
instructor.indb 74
3/12/14 7:51 AM
Chapter 5: Adjust and Troubleshoot Single-Area OSPF
75
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Graceful restart helper support enabled Index 1/2/2, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 2, maximum is 4 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s) RTC# show ipv6 ospf Routing Process "ospfv3 1" with ID 3.3.3.3 Event-log enabled, Maximum number of events: 1000, Mode: cyclic Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x00B657 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Graceful restart helper support enabled Reference bandwidth unit is 100 mbps RFC1583 compatibility enabled Area BACKBONE(0) Number of interfaces in this area is 3 SPF algorithm executed 4 times Number of LSA 15. Checksum Sum 0x07E293 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 RTC#show ipv6 route ospf IPv6 Routing Table - default - 11 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, I1 - ISIS L1, I2 - ISIS L2 IA - ISIS interarea, IS - ISIS summary, D - EIGRP, EX - EIGRP external ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
instructor.indb 75
3/12/14 7:51 AM
76
CCNA Routing and Switching Practice and Study Guide
OE2 ::/0 [110/1], tag 1 via FE80::A, GigabitEthernet0/0 O
2001:DB8:1:1::/64 [110/1] via GigabitEthernet0/0, directly connected
O
2001:DB8:1:AB::/64 [110/65] via FE80::B, GigabitEthernet0/0
O
2001:DB8:2:1::/64 [110/1] via GigabitEthernet0/0, directly connected
Lab - Troubleshooting Basic Single-Area OSPFv2 and OSPFv3 (SN 5.2.3.3/RP 7.2.3.3) Lab - Troubleshooting Advanced Single-Area OSPFv2 (SN 5.2.3.4/RP 7.2.3.4) Packet Tracer Activity
instructor.indb 76
Packet Tracer - Troubleshooting Single-Area OSPFv2 (SN 5.2.2.3/RP 7.2.2.3) Packet Tracer - Skills Integration Challenge (SN 5.3.1.2/RP 7.3.1.2)
3/12/14 7:51 AM
CHAPTER 6
Multiarea OSPF
In larger network implementations, single-area OSPF can require a significant amount of CPU and memory resources. As the number of routers grows, network administrators often implement multiarea OSPF to control the size of link-state databases, routing table entries, and the number of SPF calculations. This chapter reviews the concepts and configurations for multiarea OSPFv2 and OSPFv3.
instructor.indb 77
3/12/14 7:51 AM
78
CCNA Routing and Switching Practice and Study Guide
Multiarea OSPF Operation Multiarea OSPF was specifically designed to address several issues that result from single-area OSPF growing beyond its constraints.
Multiarea OSPF Terminology and Concepts Briefly describe three issues that arise if an OSPF area becomes too big. ■
OSPF does not perform route summarization by default, so the routing table can become very large.
■
The LSDB includes every link in the area which each router must maintain, even if every link is not selected for the routing table.
■
In areas that are too large, recalculating the SFP algorithm consumes many CPU cycles.
Briefly describe the role of each of the following OSPF router types. ■
Internal router: A router with all of its interfaces in the same area
■
Backbone router: A router that belongs to backbone area which is, by convention, configured as area 0
■
Area Border Router (ABR): A router with interfaces attached to multiple OSPF areas, but not an external network
■
Autonomous System Boundary Router (ASBR): A router with at least one interface attached to an external, non-OSPF network
In Table 6-1, indicate the OSPF router type for each router in Figure 6-1. A router can be more than one type. Figure 6-1
Sample Multiarea OSPF Topology Area 1
Area 0
R1
Area 2
BB2
R2
BB3
BB1
R4 R3
BB4
External AS
instructor.indb 78
3/12/14 7:51 AM
Chapter 6: Multiarea OSPF
Table 6-1
79
Indentify the OSPF Router Type
OSPF Router Type
BB1
BB2
BB3
X
Internal router Backbone router
X
Area Border Router (ABR)
X
X
X
BB4
R1
R2
R3
R4
X
X
X
X
X
X
X X
Autonomous System Boundary Router (ASBR)
Multiarea OSPF LSA Operation Although the RFCs for OSPF specify up to 11 different LSA types, at the CCNA level we are only concerned with the first 5. In Table 6-2, indicate the name for each LSA type. Table 6-2
Most Common OSPF LSA Types
LSA Type
Description
1
Router LSA
2
Network LSA
3 and 4
Summary LSAs
5
AS External LSA
Refer to Figure 6-1. In Table 6-3, indicate which LSA type is used in each of the scenarios. Table 6-3
Determine the LSA Type
LSA Scenario
Type 1
Type 2
Type 3
Type 4
BB1 is advertising to Area 1 a link to an external autonomous system. BB1 and BB3 do not forward these LSAs into Area 0.
X X
As DR, R2 sends this LSA type to R3.
X
BB4 is advertising an external network to BB3 and BB1.
X
BB3 is advertising to Area 2 that BB4 is the ASBR. BB2 is advertising its directly connected OSPF-enabled links to BB1 and BB3.
Type 5
X X
BB2 is advertising the links in Area 0 to the routers in Area 1.
X
OSPF Routing Table and Types of Routes Because of the different LSA types with routes originating from different areas and from nonOSPF networks, the routing table uses different codes to identify the various types of routes. Refer to Example 6-1. Briefly describe each of the three OSPF route types shown.
instructor.indb 79
3/12/14 7:51 AM
80
CCNA Routing and Switching Practice and Study Guide
Example 6-1
A Sample Multiarea OSPF Routing Table
BB1# show ip route | begin Gateway Gateway of last resort is 10.0.0.1 to network 0.0.0.0
O*E2
0.0.0.0/0 [110/1] via 10.0.0.1, 00:02:16, Serial0/0/0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C
10.0.0.0/30 is directly connected, Serial0/0/0
L
10.0.0.2/32 is directly connected, Serial0/0/0
O
10.0.1.0/30 [110/128] via 10.0.0.1, 00:03:24, Serial0/0/0 172.16.0.0/16 is variably subnetted, 7 subnets, 4 masks
C
172.16.0.0/23 is directly connected, GigabitEthernet0/0
L
172.16.0.1/32 is directly connected, GigabitEthernet0/0
C
172.16.2.0/23 is directly connected, GigabitEthernet0/1
L
172.16.2.1/32 is directly connected, GigabitEthernet0/1
O
172.16.5.0/24 [110/65] via 10.0.0.1, 00:03:24, Serial0/0/0
O IA
172.16.16.0/21 [110/129] via 10.0.0.1, 00:03:24, Serial0/0/0
O IA
172.16.24.0/21 [110/129] via 10.0.0.1, 00:03:24, Serial0/0/0
BB1#
O: Indicates the router received router (type 1) and network (type 2) LSAs describing the details within an area, meaning that the route is intra-area. O IA: Indicates the router received a summary (type 3) LSA from an ABR. This is an interarea route. O*E2: Indicates the router received an AS External (type 5) LSA either from an ABR or an ASBR. This is an external route. List the steps in order that OSPF uses to calculate the best paths. 1. Calculate intra-area OSPF routes. 2. Calculate best path to interarea OSPF routes. 3. Calculate best path route to external non-OSPF networks.
Configuring Multiarea OSPF At the CCNA level, the configuration of multiarea OSPF is rather straightforward if you are already comfortable configuring single-area OSPF. This section reviews configuring and verifying multiarea OSPFv2 and OSPFv3.
Configuring Multiarea OSPF We will use the topology in Figure 6-2 and the addressing in Table 6-4 to configure a dualstack network running multiarea OSPFv2 and OSPFv3.
instructor.indb 80
3/12/14 7:51 AM
Chapter 6: Multiarea OSPF
Figure 6-2
81
Dual-Stacked Multiarea OSPF Topology Area 0 172.16.5.0/24 2001:DB8:5:1::/64
G0/0 .1 Lo0 BB2
.1 10.0.0.0/30 2001:DB8:0:E::/64
.2
Area 1
S0/0/0
Internet
.1
S0/0/0 S0/0/1
10.0.1.0/30 2001:DB8:0:F::/64
S0/0/1
BB1 .1 G0/0 G0/1 .1
172.16.0.0/23 2001:DB8:1:1::/64
209.165.201.0/30 2001:DB8:F:F::/64
Area 2
172.16.2.0/23 2001:DB8:1:2::/64
.2
BB3 .1 G0/0 G0/1 .1
172.16.16.0/21 2001:DB8:3:1::/64
172.16.24.0/21 2001:DB8:3:2::/64
Based on the addressing shown in the topology, finish documenting the addressing scheme in Table 6-4. Table 6-4
Addressing for the Dual-Stacked Multiarea OSPF Topology
Device
Interface
Addressing Information
BB1
G0/0
172.16.0.0
255.255.254.0
2001:DB8:1:1::2/64 G0/1
172.16.2.0
255.255.254.0
2001:DB8:1:2::2/64 S0/0/0
10.0.0.2
255.255.255.252
2001:DB8:0:E::2/64 Link-Local BB2
FE80::1
Router ID
1.1.1.1
G0/0
172.16.5.1
255.255.255.0
2001:DB8:5:1::1/64 S0/0/0
10.0.0.1
255.255.255.252
2001:DB8:0:E::1/64 S0/0/1
10.0.1.1
255.255.255.252
2001:DB8:0:F::1/64 Lo0
209.165.201.1
255.255.255.252
2001:DB8:F:F::1/64
instructor.indb 81
Link-Local
FE80::2
Router ID
2.2.2.2
3/12/14 7:51 AM
82
CCNA Routing and Switching Practice and Study Guide
Device
Interface
Addressing Information
BB3
G0/0
172.16.16.1
255.255.248.0
2001:DB8:3:1::2/64 G0/1
172.16.24.0
255.255.248.0
2001:DB8:3:2::2/64 S0/0/1
10.0.1.2
255.255.255.252
2001:DB8:0:F::2/64 Link-Local
FE80::3
Router ID
3.3.3.3
The only difference between configuring single-area OSPF and multiarea OSPF is assigning the area value. Recall that for OSPFv2, you configure the area as part of the network command in OSPF router configuration mode. In OSPFv3, you configure the area as part of the ipv6 ospf command in interface configuration mode. Document the OSPFv2 and OSPFv3 routing configurations for all three routers. Include default routing to the Internet with BB2 redistributing the IPv4 and IPv6 default routes to BB1 and BB2. !BB1!!!!!!!!!!!!!!!!!!! router ospf 10 router-id 1.1.1.1 network 172.16.0.0 0.0.1.255 area 1 network 172.16.2.0 0.0.1.255 area 1 network 10.0.0.0 0.0.0.3 area 0 ipv6 router ospf 10 router-id 1.1.1.1 interface g0/0 ipv6 ospf 10 area 1 interface g0/1 ipv6 ospf 10 area 1 interface s0/0/0 ipv6 ospf 10 area 0 !BB2!!!!!!!!!!!!!!!!!!! ip route 0.0.0.0 0.0.0.0 Lo0 ipv6 route ::/0 Lo0 router ospf 10 router-id 2.2.2.2 network 172.16.5.0 0.0.0.255 area 0 network 10.0.0.0 0.0.0.3 area 0 network 10.0.1.0 0.0.0.3 area 0 default-information originate ipv6 router ospf 10 router-id 2.2.2.2
instructor.indb 82
3/12/14 7:51 AM
Chapter 6: Multiarea OSPF
83
default-information originate interface g0/0 ipv6 ospf 10 area 0 interface s0/0/0 ipv6 ospf 10 area 0 interface s0/0/1 ipv6 ospf 10 area 0 !BB3!!!!!!!!!!!!!!!!!!! router ospf 10 router-id 3.3.3.3 network 172.16.16.0 0.0.7.255 area 2 network 172.16.24.0 0.0.7.255 area 2 network 10.0.1.0 0.0.0.3 area 0 ipv6 router ospf 10 router-id 3.3.3.3 interface g0/0 ipv6 ospf 10 area 2 interface g0/1 ipv6 ospf 10 area 2 interface s0/0/1 ipv6 ospf 10 area 0
Configuring Route Summarization for Multiarea OSPFv2 ABRs do not automatically summarize network addresses across area boundaries. To reduce the size of routing tables, you can manually configure ABRs and ASBRs to summarize networks so that they will then inject them into another area. In Figure 6-2, BB1 and BB3 can summarize the two LANs into one network advertisement. What is the command syntax to configure an ABR interarea summary route? Router(config-router)# area area-id range address mask
What is the summary route for the two LANs attached to BB1: Address: 172.16.0.0 Mask: 255.255.252.0 Document the command to configure BB1 with an interarea summary route. BB1(config-router)# area 1 range 172.16.0.0 255.255.252.0
What is the summary route for the two LANs attached to BB3: Address: 172.16.16.0 Mask: 255.255.240.0 Document the command to configure BB3 with an interarea summary route. BB3(config-router)# area 2 range 172.16.16.0 255.255.240.0
Your OSPF routing tables should look like the output in Example 6-2.
instructor.indb 83
3/12/14 7:51 AM
84
CCNA Routing and Switching Practice and Study Guide
Example 6-2
Multiarea OSPFv2 and OSPFv3 Routing Tables
BB1# show ip route ospf | begin Gateway Gateway of last resort is 10.0.0.1 to network 0.0.0.0
O*E2
0.0.0.0/0 [110/1] via 10.0.0.1, 00:08:36, Serial0/0/0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O
10.0.1.0/30 [110/128] via 10.0.0.1, 00:08:36, Serial0/0/0 172.16.0.0/16 is variably subnetted, 7 subnets, 5 masks
O
172.16.0.0/22 is a summary, 00:08:36, Null0
O
172.16.5.0/24 [110/65] via 10.0.0.1, 00:08:36, Serial0/0/0
O IA
172.16.16.0/20 [110/129] via 10.0.0.1, 00:04:44, Serial0/0/0
BB1# show ipv6 route ospf | begin OE2 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 OE2 ::/0 [110/1], tag 10 via FE80::2, Serial0/0/0 O
2001:DB8:0:F::/64 [110/128]
OI
2001:DB8:3:1::/64 [110/129]
via FE80::2, Serial0/0/0
via FE80::2, Serial0/0/0 OI
2001:DB8:3:2::/64 [110/129]
O
2001:DB8:5:1::/64 [110/65]
via FE80::2, Serial0/0/0
via FE80::2, Serial0/0/0 BB1# BB2# show ip route ospf | begin Gateway Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 4 subnets, 4 masks O IA
172.16.0.0/22 [110/65] via 10.0.0.2, 00:09:51, Serial0/0/0
O IA
172.16.16.0/20 [110/65] via 10.0.1.2, 00:05:59, Serial0/0/1
BB2# show ipv6 route ospf | begin OI OI
2001:DB8:1:1::/64 [110/65]
OI
2001:DB8:1:2::/64 [110/65]
2001
via FE80::1, Serial0/0/0
via FE80::1, Serial0/0/0 OI
2001:DB8:3:1::/64 [110/65]
OI
2001:DB8:3:2::/64 [110/65]
via FE80::3, Serial0/0/1
via FE80::3, Serial0/0/1 BB2# BB3# show ip route ospf | begin Gateway Gateway of last resort is 10.0.1.1 to network 0.0.0.0
instructor.indb 84
3/12/14 7:51 AM
Chapter 6: Multiarea OSPF
O*E2
85
0.0.0.0/0 [110/1] via 10.0.1.1, 00:05:31, Serial0/0/1 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O
10.0.0.0/30 [110/128] via 10.0.1.1, 00:05:31, Serial0/0/1 172.16.0.0/16 is variably subnetted, 7 subnets, 5 masks
O IA
172.16.0.0/22 [110/129] via 10.0.1.1, 00:05:31, Serial0/0/1
O
172.16.5.0/24 [110/65] via 10.0.1.1, 00:05:31, Serial0/0/1
O
172.16.16.0/20 is a summary, 00:05:31, Null0
BB3# show ipv6 route ospf | begin OE2 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 OE2 ::/0 [110/1], tag 10 via FE80::2, Serial0/0/1 O
2001:DB8:0:E::/64 [110/128] via FE80::2, Serial0/0/1
OI
2001:DB8:1:1::/64 [110/129]
OI
2001:DB8:1:2::/64 [110/129]
via FE80::2, Serial0/0/1
via FE80::2, Serial0/0/1 O
2001:DB8:5:1::/64 [110/65] via FE80::2, Serial0/0/1
BB3#
Verifying Multiarea OSPF In Table 6-5, indicate which command or commands will provide the multiarea OSPFv2 verification information. Table 6-5
Multiarea OSPFv2 Verification Commands
Verification Information
Process ID
show ip protocols
show ip ospf interface brief
X
X
X
X X
Interface Cost Router ID
X
Administrative Distance
X
Number of Areas
X
Networks from Other Areas
X X X X
All Known Routes Total Cost of Route
show ip ospf database
X
State of OSPF Interface Networks Configured
show ip route ospf
X
Verification commands for multiarea OSPFv3 are almost identical to OSPFv2. In Table 6-6, indicate which command or commands will provide the multiarea OSPFv3 verification information.
instructor.indb 85
3/12/14 7:51 AM
86
CCNA Routing and Switching Practice and Study Guide
Table 6-6
Multiarea OSPFv3 Verification Commands
Verification Information
show ipv6 protocols
show ipv6 ospf interface brief
show ipv6 route ospf
show ipv6 ospf database
X
Administrative Distance
X
All Known Routes X
Interface Cost
X
Networks from Other Areas Number of Areas
X
Process ID
X
Router ID
X
State of OSPF Interface
X
X X X
X
Total Cost of Route
X
Lab - Configuring Multiarea OSPFv2 (SN 6.2.3.8/RP 8.2.3.8) Lab - Configuring Multiarea OSPFv3 (SN 6.2.3.9/RP 8.2.3.9) Lab - Troubleshooting Multiarea OSPFv2 and OSPFv3 (SN 6.2.3.10/RP 8.2.3.10) Packet Tracer Activity
Packet Tracer - Configuring Multiarea OSPFv2 (SN 6.2.3.6/RP 8.2.3.6) Packet Tracer - Configuring Multiarea OSPFv3 (SN 6.2.3.7/RP 8.2.3.7)
instructor.indb 86
3/12/14 7:51 AM
CHAPTER 7
EIGRP
The main purpose in Cisco’s development of Enhanced Interior Gateway Routing Protocol (EIGRP) was to create a classless version of IGRP. EIGRP includes several features that are not commonly found in other distance vector routing protocols such as RIP (RIPv1 and RIPv2) and IGRP. Although EIGRP may act like a link-state routing protocol, it is still a distance vector routing protocol.
instructor.indb 87
3/12/14 7:51 AM
88
CCNA Routing and Switching Practice and Study Guide
Characteristics of EIGRP EIGRP is considered an advanced distance vector routing protocol because it has characteristics not found in other distance vector protocols like RIP and IGRP.
Describe Basic EIGRP Features A major difference between EIGRP and other distance vector protocols is the algorithm it uses to calculate the best rate. Name and briefly describe this algorithm. The Diffusing Update Algorithm (DUAL) guarantees a loop-free route and provides backup paths throughout the routing domain. These backup routes are maintain in a topology table and can be immediately installed in the routing table if the primary route fails. What protocol, unique to EIGRP, provides for the delivery of EIGRP packets to neighbors? Reliable Transport Protocol (RTP) What is meant by the statement, “EIGRP provides partial and bounded updates”? EIGRP doesn’t send periodic updates (like RIP or IGRP). Instead, EIGRP sends out a partial update if there is a change in a route or routes. Bounded means that the partial update is only sent to those routers that need it. Protocol-dependent modules (PDMs) allow EIGRP to route several different network layer protocols. List at least four functions of EIGRP’s PDMs. ■
Maintaining the neighbor and topology tables of EIGRP routers that belong to that protocol suite
■
Building and translating protocol-specific packets for DUAL
■
Interfacing DUAL to the protocol-specific routing table
■
Computing the metric and passing this information to DUAL
■
Implementing filtering and access lists
■
Performing redistribution functions to and from other routing protocols
■
Redistributing routes that are learned by other routing protocols
What are the IPv4 and IPv6 multicast addresses used by EIGRP’s RTP? IPv4 uses 224.0.0.10 and IPv6 uses FF02::A.
Identify and Describe EIGRP Packet Types Like the Open Shortest Path First (OSPF) Protocol, EIGRP relies on different types of packets to maintain its tables and establish relationships with neighbor routers. In Table 7-1, provide a brief description for each EIGRP packet type.
instructor.indb 88
3/12/14 7:51 AM
Chapter 7: EIGRP
Table 7-1
89
EIGRP Packet Types
Packet Type
Description
Hello
Used to discover other EIGRP routers in the network
Acknowledgment
Used to acknowledge the receipt of any EIGRP packet
Update
Used to convey routing information to known destinations
Query
Used to request specific information from a neighbor router
Reply
Used to respond to a query
Complete the missing elements in this exercise by filling in appropriate words or phrases. When encountered, circle whether the packet is reliable or unreliable and whether it is unicast or multicast. Hello packets: ■
(Reliable/unreliable) (unicast/multicast) sent to the address, 224.0.0.10, to discover and maintain neighbors; contains the router’s neighbor table
■
Default Hello interval depends on the bandwidth: ■
≤ 1.544 Mbps = 60 sec. Hello interval (180 holdtime)
■
> 1.544 Mbps = 5 sec. Hello interval (15 holdtime)
Update packets. Sent (reliably/unreliably), there are two types: ■
(Unicast/multicast) to new neighbor discovered; contains routing information
■
(Unicast/multicast) to all neighbors when topology changes
Query packets. Queries are (unicast/multicast) (reliably/unreliably) during route recomputation, asking neighbors for a new successor to a lost route. Reply packets. Neighbors (unicast/multicast) a reply to a query whether they have a route. Acknowledgment packets. “Dataless” (unicast/multicast) packet that acknowledges the receipt of a packet that was sent reliably. This type is actually a Hello packet with a nonzero value in the Acknowledgment field. An EIGRP router assumes that as long as it is receiving Hello packets from a neighbor, the neighbor and its routes remain viable. Holdtime tells the router the maximum time the router should wait to receive the next Hello before declaring that neighbor as unreachable. By default, this waiting period is three times the Hello interval, or 15 seconds on most networks and 180 seconds on networks with speeds of T1 or slower. If the time expires, EIGRP will declare the route as down, and DUAL will search for a new path by sending out queries.
Identify Elements of the EIGRP Message Formats Figure 7-1 shows an example of an encapsulated EIGRP message. Fill in the missing field contents.
instructor.indb 89
3/12/14 7:51 AM
90
CCNA Routing and Switching Practice and Study Guide
Figure 7-1
Encapsulated EIGRP Message
Data Link Frame Header
IP Packet Header
EIGRP Packet Header
Type/Length/Values Types
Data Link Frame MAC Source Address = Address of Sending Interface MAC Destination Address = Multicast: 01-00-5E-00-00-0A IP Packet IP Source Address = Address of Sending Interface IP Destination Address = Multicast: Protocol Field = for EIGRP EIGRP Packet Header Opcode for EIGRP Packet Type TLV Types Some Types Include: 0x0001 0x0102 0x0103
Figure 7-1a
Encapsulated EIGRP Message (answer)
Data Link Frame Header
IP Packet Header
EIGRP Packet Header
Type/Length/Values Types
Data Link Frame MAC Source Address = Address of Sending Interface MAC Destination Address = Multicast: 01-00-5E-00-00-0A IP Packet IP Source Address = Address of Sending Interface IP Destination Address = Multicast: 224.0.0.10 Protocol Field = 88 for EIGRP EIGRP Packet Header Opcode for EIGRP Packet Type AS Number TLV Types Some Types Include: 0x0001 EIGRP Parameters 0x0102 IP Internal Routes 0x0103 IP External Routes
The EIGRP packet header is included with every EIGRP packet, regardless of its type. In the IP packet header, the Protocol field is set to 88 to indicate EIGRP, and the destination address is set to the multicast 224.0.0.10. Every EIGRP message includes the header as shown in Figure 7-2. Fill in the missing field contents.
instructor.indb 90
3/12/14 7:51 AM
Chapter 7: EIGRP
Figure 7-2
91
EIGRP Packet Header Data Link Frame Header
Bit
0
IP Packet Header
EIGRP Packet Header
7 8
15 16
Type/Length/Values Types
23 24 Checksum
Version
31
Flags EIGRP Header
Sequence Ack
EIGRP Message
Figure 7-2a
Numbers TLVs
EIGRP Packet Header (answer) Data Link Frame Header
Bit
0
IP Packet Header
EIGRP Packet Header
7 8
15 16
23 24 Checksum
Opcode
Version
Type/Length/Values Types
31
Flags EIGRP Header
Sequence Ack Autonomous System
EIGRP Message
Numbers TLVs
Important fields for our discussion include the Opcode field and the Autonomous System (AS) field. Opcode specifies the EIGRP packet type, one of the following: ■
Update
■
Query
■
Reply
■
Hello
The number in the AS field is used to track multiple instances of EIGRP. Encapsulated in the EIGRP packet header is the TLV (Type/Length/Values) shown in Figure 7-3. Fill in the missing field contents. Figure 7-3
EIGRP Parameters TLV
Data Link Frame Header Bit
Values
instructor.indb 91
0
IP Packet Header
7 8 Type = 0x0001
EIGRP Packet Header 15 16
Type/Length/Values Types: EIGRP Parameters TLV 23 24 Length
31
Reserved
3/12/14 7:51 AM
92
CCNA Routing and Switching Practice and Study Guide
Figure 7-3a
EIGRP Parameters TLV (answer) Data Link Frame Header
Bit
0
Values
IP Packet Header
7 8 Type = 0x0001
EIGRP Packet Header 15 16
K1
K2
K5
Reserved
Type/Length/Values Types: EIGRP Parameters TLV 23 24 Length
K3
31 K4
Hold Time
This EIGRP parameters message includes the weights that EIGRP uses for its composite metric. By default, only bandwidth and delay are weighted. Both are equally weighted; therefore, the K1 field for bandwidth and the K3 field for delay are both set to 1. The other K values are set to 0. The holdtime is the amount of time the EIGRP neighbor receiving this message should wait before considering the advertising router to be down. Figure 7-4 shows the IP Internal message that is used to advertise EIGRP routes within an autonomous system. Fill in the missing field contents. Figure 7-4
IP Internal Routes TLV Data Link Frame Header
Bit
0
IP Packet Header
7 8 Type = 0x0102
EIGRP Packet Header 15 16
Type/Length/Values Types: IP Internal Routes TLV 23 24 Length
31
Next Hop
Values
MTU Reliability
Figure 7-4a
Reserved
IP Internal Routes TLV (answer) Data Link Frame Header
Bit
Hope Count
Load
0
IP Packet Header
7 8 Type = 0x0102
EIGRP Packet Header 15 16
Type/Length/Values Types: IP Internal Routes TLV 23 24 Length
31
Next Hop Delay Bandwidth
Values
MTU Reliability Prefix Length
instructor.indb 92
Load
Hope Count Reserved Destination
3/12/14 7:51 AM
Chapter 7: EIGRP
93
Important fields include the metric fields (Delay and Bandwidth), the subnet mask field (Prefix Length), and the Destination field. Explain how the delay value is calculated? Delay is calculated as the sum of delays from source to destination in units of 10 microseconds. Explain how the bandwidth value is determined? Bandwidth is the lowest configured bandwidth of any interface along the route. The subnet mask is specified as the prefix length or the number of network bits in the subnet mask. For example, the subnet mask 255.255.255.0 has a prefix length of 24. Figure 7-5 shows the IP External message that is used when external routes are imported into the EIGRP routing process. Notice that the bottom half of the IP External TLV includes all the fields used by the IP Internal TLV. Fill in the missing field contents. Figure 7-5
IP External Routes TLV Data Link Frame Header
Bit
0
IP Packet Header
EIGRP Packet Header
7 8 Type = 0x0103
Type/Length/Values Types: IP External Routes TLV
15 16
23 24 Length
31 Value fields used to track external source of route.
Originating Routers Originating Autonomous System Number Arbitrary Tag Values
Reserved
Ext. Protocol ID
MTU Reliability
Figure 7-5a
0
Hope Count
Load
Reserved
IP Packet Header
EIGRP Packet Header
7 8 Type = 0x0103
15 16
Type/Length/Values Types: IP External Routes TLV 23 24 Length
31
Next Hop Originating Routers Originating Autonomous System Number Arbitrary Tag External Protocol Metric Values
Reserved
Ext. Protocol ID
Flags
Delay Bandwidth MTU Reliability Prefix Length
instructor.indb 93
Same value fields used in the IP Internal TLV.
IP External Routes TLV (answer)
Data Link Frame Header Bit
Flags
Load
Hope Count Reserved Destination
Value fields used to track external source of route. Same value fields used in the IP Internal TLV.
3/12/14 7:51 AM
94
CCNA Routing and Switching Practice and Study Guide
Configuring EIGRP for IPv4 Implementing EIGRP for IPv4 is with basic configurations is straightforward. Tweaking EIGRP with more advanced settings is the topic of the next chapter.
Configuring EIGRP with IPv4 Briefly explain the purpose of the autonomous system number in EIGRP configurations. The autonomous system number functions as a process ID to help routers keep track of multiple running instances of EIGRP. It has nothing to do with the autonomous system number assigned by IANA and RIRs to ISPs for their BGP routing configurations What are the steps a Cisco router uses to choose its router ID? 1. Use the IPv4 address configured with the eigrp router-id command. 2. If the router ID is not configured, use the highest IPv4 address loopback interfaces. 3. If no loopbacks are configured, use the highest active IPv4 address of physical interfaces. What are the two main reasons for using the passive-interface command? 1. To stop unnecessary traffic from being sent out an interface where there are no other EIGRP routers. 2. To provide security to the EIGRP routing process by preventing a rogue device from injecting false or less than optimal routing information. We will use the topology in Figure 7-6 and the addressing in Table 7-2 to configure a dualstack network running EIGRP for IPv4 and IPv6. Figure 7-6
Dual-Stacked Multiarea EIGRP Topology 10.10.0.0/22 2001:DB8:1:1::/64
10.10.4.0/22 2001:DB8:1:2::/64
209.165.201.0/30 2001:DB8:F:F::/64
G0/1 G0/0 S0/0/0
10.10.8.0/23 2001:DB8:1:3::/64
Lo0 HQ
S0/0/1
172.16.1.248/30 2001:DB8:F:1::/64
172.16.1.252/30 2001:DB8:F:2::/64 768 kbps
S0/0/0
instructor.indb 94
B1 G0/1
S0/0/1
128 kbps S0/0/1
10.10.12.0/24 2001:DB8:1:5::/64
512 kbps
G0/0 10.10.10.0/23 2001:DB8:1:4::/64
Internet
S0/0/0 172.16.1.244/30 2001:DB8:F::/64
B3
G0/0 G0/1
10.10.13.0/24 2001:DB8:1:6::/64
3/12/14 7:51 AM
Chapter 7: EIGRP
Table 7-2
95
Addressing for the Dual-Stacked EIGRP Topology
Device
Interface
Addressing Information
HQ
G0/0
10.10.0.1
255.255.252.0
2001:DB8:1:1::1/64 G0/1
10.10.4.1
255.255.252.0
2001:DB8:1:2::1/64 S0/0/0
172.16.1.249
255.255.255.252
2001:DB8:F:1::1/64 S0/0/1
172.16.1.253
255.255.255.252
2001:DB8:F:2::1/64 Lo0
209.165.201.1
255.255.255.252
2001:DB8:F:F::1/64 Link-Local B1
FE80::2
Router ID
2.2.2.2
G0/0
10.10.8.1
255.255.254.0
2001:DB8:1:3::1/64 G0/1
10.10.10.1
255.255.254.0
2001:DB8:1:4::1/64 S0/0/0
172.16.1.250
255.255.255.252
2001:DB8:F:1::2/64 S0/0/1
172.16.1.245
255.255.255.252
2001:DB8:F::1/64
B3
Link-Local
FE80::1
Router ID
1.1.1.1
G0/0
10.10.12.1
255.255.255.0
2001:DB8:1:5::1/64 G0/1
10.10.13.1
255.255.255.0
2001:DB8:1:6::1/64 S0/0/0
172.16.1.246
255.255.255.252
2001:DB8:F::2/64 S0/0/1
172.16.1.254
255.255.255.252
2001:DB8:F:2::2/64 Link-Local
FE80::3
Router ID
3.3.3.3
Document the most basic routing commands you could use to configure EIGRP for IPv4. Include the commands to configure the LAN interfaces as passive. The commands for all three routers are the same, except for the router ID configuration for each router. !B1!!!!!!!!!!! router eigrp 1 eigrp router-id 1.1.1.1 network 10.0.0.0
instructor.indb 95
3/12/14 7:51 AM
96
CCNA Routing and Switching Practice and Study Guide
network 172.16.0.0 passive-interface g0/0 passive-interface g0/1 !HQ!!!!!!!!!!! router eigrp 1 eigrp router-id 2.2.2.2 network 10.0.0.0 network 172.16.0.0 passive-interface g0/0 passive-interface g0/1 !B3!!!!!!!!!!! router eigrp 1 eigrp router-id 3.3.3.3 network 10.0.0.0 network 172.16.0.0 passive-interface g0/0 passive-interface g0/1
Now, for each router, document the network commands you would configure if the policy stated that you must also configure the wildcard mask for each interface participating in the EIGRP routing domain. !B1!!!!!!!!!!! router eigrp 1 no network 10.0.0.0 no network 172.16.0.0 network 10.10.8.0 0.0.1.255 network 10.10.10.0 0.0.1.255 network 172.16.1.248 0.0.0.3 !HQ!!!!!!!!!!! router eigrp 1 no network 10.0.0.0 no network 172.16.0.0 network 10.10.0.0 0.0.3.255 network 10.10.4.0 0.0.3.255 network 172.16.1.248 0.0.0.3 network 172.16.1.252 0.0.0.3 !B3!!!!!!!!!!! router eigrp 1 no network 10.0.0.0 no network 172.16.0.0 network 10.10.12.0 0.0.0.255 network 10.10.13.0 0.0.0.255 network 172.16.1.252 0.0.0.3
instructor.indb 96
3/12/14 7:51 AM
Chapter 7: EIGRP
97
Verifying EIGRP with IPv4 Before any updates can be sent or received by EIGRP, routers must establish adjacencies with their neighbors. EIGRP routers establish adjacencies with neighbor routers by exchanging EIGRP Hello packets. Use the show ip eigrp neighbors command to view the neighbor table and verify that EIGRP has established an adjacency with its neighbors. This command enables you to verify and troubleshoot EIGRP. Example 7-1 shows the neighbor table for HQ. Example 7-1
EIGRP Neighbor Table for HQ
HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H
Address
Interface
Hold Uptime
SRTT
(sec)
(ms)
RTO
Q
Seq
Cnt Num
1
172.16.1.254
Se0/0/1
14 00:28:35
2
100
0
33
0
172.16.1.250
Se0/0/0
10 00:28:48
1
100
0
36
As with OSPF, you can use the show ip protocols command shown in Example 7-2 to verify that EIGRP is enabled. Because this configuration was done on a router with IOS 15.1, automatic summarization is disabled by default. Example 7-2
Verifying EIGRP Is Enabled on HQ
HQ# show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 2.2.2.2 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: disabled Maximum path: 4
instructor.indb 97
3/12/14 7:51 AM
98
CCNA Routing and Switching Practice and Study Guide
Routing for Networks: 10.10.0.0/22 10.10.4.0/22 172.16.1.248/30 172.16.1.252/30 Passive Interface(s): GigabitEthernet0/0 GigabitEthernet0/1 Routing Information Sources: Gateway
Distance
Last Update
172.16.1.254
90
00:29:47
172.16.1.250
90
00:29:47
Distance: internal 90 external 170
Another way to verify that EIGRP and other functions of the router are configured properly is to examine the routing tables with the show ip route command. EIGRP routes are denoted in the routing table with a D, which stands for DUAL. Example 7-3 shows output from the routing table for B1 with only the EIGRP routes shown. Also, notice that the output begins at the “Gateway of last resort is not set” statement. What command generated this output? show ip route eigrp | begin Gateway Example 7-3
B1 Routing Table with EIGRP Routes
B1# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks D
10.10.0.0/22 [90/2172416] via 172.16.1.249, 00:43:44, Serial0/0/0
D
10.10.4.0/22 [90/2172416] via 172.16.1.249, 00:43:44, Serial0/0/0
D
10.10.12.0/24 [90/2684416] via 172.16.1.249, 00:43:31, Serial0/0/0
D
10.10.13.0/24 [90/2684416] via 172.16.1.249, 00:43:31, Serial0/0/0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.252/30 [90/2681856] via 172.16.1.246, 00:00:05, Serial0/0/1
B1#
instructor.indb 98
3/12/14 7:51 AM
Chapter 7: EIGRP
99
Lab - Configuring Basic EIGRP with IPv4 (SN 7.2.2.5/RP 4.2.2.5) Packet Tracer Activity
Packet Tracer - Configuring Basic EIGRP with IPv4 (SN 7.2.2.4/RP 4.2.2.4)
Operation of EIGRP EIGRP uses the Diffusing Update Algorithm (DUAL) to select the best routes based on a composite metric. This section reviews the values of the EIGRP metric and how EIGRP performs the calculation to arrive at the metric displayed in the routing table.
EIGRP Metric Concepts List the values EIGRP uses in its composite metric to calculate the preferred path to a network: ■
Bandwidth
■
Delay
■
Reliability
■
Load
Record the formula used to calculate the default EIGRP composite metric. Default metric = [K1 * Bandwidth + K3 * Delay] * 256 What command can you use to change the default K values? Router(config-router)# metric weights tos k1 k2 k3 k4 k5
What command do you use to verify the K values used by EIGRP? show ip protocols What command enables you to verify the actual values of the EIGRP metric? show interface The bandwidth metric is displayed in Kbit (kilobits). The WIC-2T and HWIC-2T use the default value of 1,544,000 bps, which is the value for a T1 connection. The value may or may not reflect the actual physical bandwidth of the interface. If actual bandwidth of the link differs from the default value, you should modify the value. We will review modifying the bandwidth calculation to reflect actual values in the next chapter. Delay is a measure of the time it takes for a packet to traverse a route. This metric is a static value and is expressed in microseconds. Complete Table 7-3. Table 7-3
instructor.indb 99
Interface Delay Values
Media
Delay
Ethernet
1000
Fast Ethernet
100
Gigabit Ethernet
10
FDDI
100
T1 (serial default)
20,000
3/12/14 7:51 AM
100
CCNA Routing and Switching Practice and Study Guide
Media
Delay
DS0 (64 Kbps)
20,000
1024 Kbps
20,000
56 Kbps
20,000
Reliability is based on the worst value on a particular link and is computed based on keepalives. Load is based on the worst value on a particular link and is computed based on packet rates. However, because the EIGRP composite metric defaults to bandwidth and delay only, reliability and load are not normally considered in the calculation of metric.
DUAL Concepts Exercise Dual provides the following: ■
Loop-free paths
■
Loop-free backup paths which can be used immediately
■
Fast convergence
■
Minimum bandwidth usage with bounded updates
Briefly explain the term successor. A successor is a neighboring router that is used for packet forwarding and is the least-cost route to the destination network. Briefly explain what is meant by feasible distance. Feasible distance (FD) is the lowest calculated metric to reach the destination network. Examine the following output for B1’s routing table shown in Example 7-4. Example 7-4
Feasible Distance and Successors in the B1 Routing Table
B1# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks D
10.10.0.0/22 [90/2172416] via 172.16.1.249, 03:06:49, Serial0/0/0
D
10.10.4.0/22 [90/2172416] via 172.16.1.249, 03:06:49, Serial0/0/0
D
10.10.12.0/24 [90/2684416] via 172.16.1.249, 03:06:49, Serial0/0/0
D
10.10.13.0/24 [90/2684416] via 172.16.1.249, 03:06:49, Serial0/0/0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
instructor.indb 100
172.16.1.252/30 [90/2681856] via 172.16.1.249, 03:06:50, Serial0/0/0
3/12/14 7:51 AM
Chapter 7: EIGRP
101
Answer the questions that follow: What is the IP address of the successor for network 10.10.4.0/22? 172.16.1.249, which is HQ What is the feasible distance to 10.10.4.0/22? 2172416 What is the IP address of the successor for network 10.10.12.0/24? 172.16.1.249, which is HQ What is the feasible distance to 10.10.12.0/24? 2684416 Briefly explain the term feasible successor. A backup path to other routers maintained in a separate table so that DUAL does not have to be recomputed when the successor becomes unavailable. A feasible successor satisfies the feasibility condition Briefly explain feasibility condition. The feasibility condition (FC) is met when a neighbor’s reported distance (RD) to a network is less than the local router’s feasible distance to the same destination network. Briefly explain reported distance. The reported distance or advertised distance is simply an EIGRP neighbor’s feasible distance to the same destination network. The reported distance is the metric that a router reports to a neighbor about its own cost to that network. The successor, feasible distance, and any feasible successors with their reported distances are kept by a router in its EIGRP topology table or topology database. This table can be viewed using the show ip eigrp topology command, as shown in Example 7-5. Example 7-5
Successors and Feasible Successors in the B1 Topology Table
B1# show ip eigrp topology EIGRP-IPv4 Topology Table for AS(1)/ID(1.1.1.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status
P 10.10.8.0/23, 1 successors, FD is 28160 via Connected, GigabitEthernet0/0 P 172.16.1.248/30, 1 successors, FD is 2169856 via Connected, Serial0/0/0 P 172.16.1.244/30, 1 successors, FD is 3845120 via Connected, Serial0/0/1 P 10.10.12.0/24, 1 successors, FD is 2684416 via 172.16.1.249 (2684416/2172416), Serial0/0/0 via 172.16.1.246 (3847680/28160), Serial0/0/1 P 10.10.4.0/22, 1 successors, FD is 2172416 via 172.16.1.249 (2172416/28160), Serial0/0/0 P 172.16.1.252/30, 1 successors, FD is 2681856 via 172.16.1.249 (2681856/2169856), Serial0/0/0 via 172.16.1.246 (4357120/2169856), Serial0/0/1
instructor.indb 101
3/12/14 7:51 AM
102
CCNA Routing and Switching Practice and Study Guide
P 10.10.0.0/22, 1 successors, FD is 2172416 via 172.16.1.249 (2172416/28160), Serial0/0/0 P 10.10.13.0/24, 1 successors, FD is 2684416 via 172.16.1.249 (2684416/2172416), Serial0/0/0 via 172.16.1.246 (3847680/28160), Serial0/0/1 P 10.10.10.0/23, 1 successors, FD is 28160 via Connected, GigabitEthernet0/1
The topology table lists all successors and feasible successors that DUAL has calculated to destination networks. Use the partial output in Example 9-5 to answer the following questions: For route 10.10.12.0/24... What is the IP address of the successor? 172.16.1.249 What is the reported distance of the successor? 2172416 What is the feasible distance of the successor? 2684416 What is the IP address of the feasible successor? 172.16.1.246 What is the reported distance of the feasible successor? 28160 What is the feasible distance of the feasible successor? 3847680 Notice that the reported distance of the feasible successor is less than the feasible distance of the successor. What happens if an EIGRP router doesn’t have feasible successor in the topology table and the router loses connection to the successor? Then DUAL must be recomputed and neighbors queried for a possible backup route.
DUAL FSM Completion Exercise A finite state machine (FSM) is an abstract machine, not a mechanical device with moving parts. FSMs define a set of possible states that something can go through, what events cause those states, and what events result from those states. Designers use FSMs to describe how a device, computer program, or routing algorithm will react to a set of input events. Figure 7-7 is a simplified flowchart of DUAL’s FSM. Fill in the flowchart with the states EIGRP moves through when it loses connectivity with a successor. The flowchart should serve as a visual study aid to help you remember how DUAL converges on new routes.
instructor.indb 102
3/12/14 7:51 AM
Chapter 7: EIGRP
Figure 7-7
103
DUAL FSM Flowchart
Lost Connectivity to Successor
Yes
No
Yes
No
instructor.indb 103
3/12/14 7:51 AM
104
CCNA Routing and Switching Practice and Study Guide
Figure 7-7
DUAL FSM Flowchart (answer)
Lost Connectivity to Successor
Promote to Successor
Yes
Feasible Successor?
Yes
One or More New Routes?
No
Place Destination Network in Active State
Install Successor in Routing Table
Select New Successor
Query Neighbors for New Route
No
Install Feasible Successor(s), if any, in Topology Table
Remove Destination Network from Topology and Routing Tables
7.3.4.4 Packet Tracer - Investigating DUAL FSM
Configuring EIGRP for IPv6 EIGRP for IPv4 and EIGRP for IPv6 are almost identical in their operation. Configuring EIGRP for IPv6 is actually easier than IPv4. No need to configure network statements. Simply enable EIGRP for IPv6 globally, assigning a router ID. Then enable EIGRP on each interface you want to participate in the EIGRP routing process.
Comparing EIGRP for IPv4 and EIGRP for IPv6 In Table 7-4, indicate whether an EIGRP feature is associated with EIGRP for IPv4, EIGRP for IPv6, or both.
instructor.indb 104
3/12/14 7:51 AM
Chapter 7: EIGRP
Table 7-4
105
Comparing EIGRP for IPv4 and IPv6
Features
EIGRP for IPv4
Advertised IPv4 networks
EIGRP for IPv6
Both
X
Advertised IPv6 networks
X
Distance vector
X
DUAL algorithm
X
Default metric: bandwidth and delay
X
Transport protocol: RTP
X
Incremental, partial, and bounded updates
X
Neighbor discovery: Hello packets
X
224.0.0.10 multicast
X
FF02::10 multicast
X
Configuring and Verifying EIGRP for IPv6 The steps to configure EIGRP for IPv6 are as follows: Step 1.
Enable IPv6 routing.
Step 2.
Enable EIGRP for IPv6 globally and configure the router ID.
Step 3.
Enable the interfaces that are to participate in EIGRP for IPv6.
With those steps in mind, document the configurations for each router shown in Figure 7-6. Instructor Note: Although not required of the student, the IPv6 interface addressing is also including in the following scripts. !HQ!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 2.2.2.2 no shutdown interface g0/0 ipv6 address 2001:db8:1:1::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:2::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f:1::1/64 ipv6 address fe80::2 link-local
instructor.indb 105
3/12/14 7:51 AM
106
CCNA Routing and Switching Practice and Study Guide
ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f:2::1/64 ipv6 address fe80::2 link-local ipv6 eigrp 1 no shutdown int lo0 ipv6 address 2001:db8:f:f::1/64 end !B1!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 1.1.1.1 no shutdown interface g0/0 ipv6 address 2001:db8:1:3::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:4::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f:1::2/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f::1/64 ipv6 address fe80::1 link-local ipv6 eigrp 1 no shutdown end !B3!!!!!!!!!!! en conf t ipv6 unicast-routing ipv6 router eigrp 1 eigrp router-id 3.3.3.3
instructor.indb 106
3/12/14 7:51 AM
Chapter 7: EIGRP
107
no shutdown interface g0/0 ipv6 address 2001:db8:1:5::1/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface g0/1 ipv6 address 2001:db8:1:6::1/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface s0/0/0 ipv6 address 2001:db8:f::2/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown interface s0/0/1 ipv6 address 2001:db8:f:2::2/64 ipv6 address fe80::3 link-local ipv6 eigrp 1 no shutdown end
What command enables you to verify adjacency with other EIGRP routers? B1# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) H
Address
Interface
Hold Uptime
SRTT
(sec)
(ms)
RTO
Q
Seq
1
Link-local address:
Se0/0/1
11 00:14:52
1
186
0
50
Se0/0/0
12 00:14:53
1
100
0
25
Cnt Num
FE80::3 0
Link-local address: FE80::2
What command enables you to display the EIGRP parameters, including the K values, router ID, process ID, and administrative distances? B1# show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "eigrp 1" EIGRP-IPv6 Protocol for AS(1) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 1.1.1.1 Topology : 0 (base) Active Timer: 3 min
instructor.indb 107
3/12/14 7:51 AM
108
CCNA Routing and Switching Practice and Study Guide
Distance: internal 90 external 170 Maximum path: 16 Maximum hopcount 100 Maximum metric variance 1
Interfaces: Serial0/0/0 Serial0/0/1 GigabitEthernet0/0 GigabitEthernet0/1 Redistribution: None IPv6 Routing Protocol is "ND"
What command enables you to verify the EIGRP routes are installed in the routing table? B1# show ipv6 route eigrp IPv6 Routing Table - default - 14 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 D
2001:DB8:1:1::/64 [90/2172416]
D
2001:DB8:1:2::/64 [90/2172416]
via FE80::2, Serial0/0/0
via FE80::2, Serial0/0/0 D
2001:DB8:1:5::/64 [90/2684416]
D
2001:DB8:1:6::/64 [90/2684416]
via FE80::2, Serial0/0/0
via FE80::2, Serial0/0/0 D
2001:DB8:F:2::/64 [90/2681856] via FE80::2, Serial0/0/0
Lab - Configuring Basic EIGRP for IPv6 (SN 7.4.3.5/RP 4.4.3.5) Packet Tracer Activity
instructor.indb 108
Packet Tracer - Configuring Basic EIGRP with IPv6 (SN 7.4.3.4/RP 4.4.3.5)
3/12/14 7:51 AM
CHAPTER 8
EIGRP Advanced Configurations and Troubleshooting This chapter reviews the various ways you can adjust your Enhanced Interior Gateway Routing Protocol (EIGRP) implementation to provide additional capabilities and functionality. In addition, troubleshooting EIGRP is also covered.
instructor.indb 109
3/12/14 7:51 AM
110
CCNA Routing and Switching Practice and Study Guide
Advanced EIGRP Configurations Now that you are familiar with the basic configuration and verification commands for implementing EIGRP, this section focuses on ways you can tweak the implementation to improve performance, enable load balancing, and authenticate updates between EIGRP neighbors.
Automatic Summarization Before Cisco IOS 15.01(1)M and 12.2(33), automatic summarization in EIGRP was enabled by default. Briefly explain the concept of automatic summarization. Automatic summarization occurs at classful boundaries. So an EIGRP router with several subnets of a Class A, B, or C network will only advertise that network. Assume an EIGRP router is using automatic summarization. In Table 8-1, record the classful address advertised by the router for each listing of subnets. Table 8-1
Determine the Classful Networks Advertised by an EIGRP Router
Subnets
Classful Networks
10.10.10.0/24, 10.10.11.0/24, 10.10.12.0/24
10.0.0.0/8
172.16.16.0/22, 172.16.18.0/22
172.16.0.0/16
192.168.1.0/25, 192.168.1.128/25, 192.168.2.0/25, 192.168.2.128/25
192.168.1.0/24, 192.168.2.0/24
EIGRP automatic summarization should be used only if you are absolutely sure that you do not have any discontiguous subnets. For example, in Figure 8-1, the addressing scheme is discontiguous. Figure 8-1
EIGRP Automatic Summarization Topology with Discontiguous Subnets 10.10.0.0/22 HQ
172.16.1.248/30
172.16.1.252/30
10.10.8.0/23
10.10.12.0/24 B1
B3
If you enable automatic summarization on the routers, they will not advertise the specific subnets that belong to 10.0.0.0/8 across the 172.16.0.0 WAN links. Instead, they automatically summarize the subnets to 10.0.0.0/8 and advertise the classful network. But each router already has a link in the 10.0.0.0/8 address space, so the update from the neighbor is stored in the topology table. No routes to the subnets are installed. Automatic summarization is disabled by default in IOS 15 and later. What command including the router prompt will enable automatic summarization? Router(config-router)# auto-summary
instructor.indb 110
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
111
You can verify whether automatic summarization is enabled with the show ip protocols command displayed in Example 8-1 for HQ from Figure 8-1. Example 8-1
Verifying Automatic Summarization Is in Effect
HQ# show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 2.2.2.2 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: enabled 172.16.0.0/16 for Gi0/0 Summarizing 2 components with metric 2169856 10.0.0.0/8 for Se0/0/0, Se0/0/1 Summarizing 1 component with metric 28160 Maximum path: 4 Routing for Networks: 10.0.0.0 172.16.0.0 Routing Information Sources: Gateway
Distance
Last Update
172.16.1.254
90
00:01:30
172.16.1.250
90
00:01:30
Distance: internal 90 external 170
To view the entire EIGRP topology table for HQ, use the show ip eigrp topology all-links command to generate the output displayed in Example 8-2.
instructor.indb 111
3/12/14 7:51 AM
112
CCNA Routing and Switching Practice and Study Guide
Example 8-2
Viewing the Complete EIGRP Topology Table
HQ# show ip eigrp topology all-links EIGRP-IPv4 Topology Table for AS(1)/ID(2.2.2.2) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status
P 172.16.1.248/30, 1 successors, FD is 2169856, serno 2 via Connected, Serial0/0/0 P 172.16.0.0/16, 1 successors, FD is 2169856, serno 4 via Summary (2169856/0), Null0 P 10.0.0.0/8, 1 successors, FD is 28160, serno 3 via Summary (28160/0), Null0 via 172.16.1.250 (2172416/28160), Serial0/0/0 via 172.16.1.254 (2172416/28160), Serial0/0/1 P 172.16.1.252/30, 1 successors, FD is 2169856, serno 8 via Connected, Serial0/0/1 P 10.10.0.0/22, 1 successors, FD is 28160, serno 1 via Connected, GigabitEthernet0/0
You can see that HQ has a route for 10.0.0.0/8 from both B1 and B3 in its topology table. However, it also has its own summary route with a better metric. This is the route installed and used by HQ, as verified with the show ip route eigrp command displayed in Example 8-3. Example 8-3
Verifying the Summary Route Installed on HQ
HQ# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks D
10.0.0.0/8 is a summary, 00:08:42, Null0 172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D
172.16.0.0/16 is a summary, 00:09:01, Null0
Briefly explain the purpose of the Null0 interface. The Null0 interface is installed in the routing table to prevent routing loops.
Manual Summarization In EIGRP design scenarios where it is not desirable to prevent discontiguous subnets, you may still want to encourage scalable designs so that you can take advantage of EIGRP’s manual summarization. This will help reduce the size of routing tables.
instructor.indb 112
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
113
IPv4 Manual Summarization Figure 8-2 shows the same EIGRP topology we used in Chapter 7, “EIGRP.” However, now the topology shows the contracted bandwidth rates on each of the serial interfaces. We will use that information later to tune how EIGRP chooses the best route. Note: The bandwidths shown in Figure 8-2 are not realistic for today’s network implementations that require gigabit speeds across WAN links. These bandwidths are used for simplicity. Figure 8-2
Dual-Stack EIGRP Topology with Bandwidths 10.10.0.0/22 2001:DB8:1:1::/64
10.10.4.0/22 2001:DB8:1:2::/64
209.165.201.0/30 2001:DB8:F:F::/64
G0/1 G0/0 S0/0/0
10.10.8.0/23 2001:DB8:1:3::/64
Lo0 HQ
S0/0/1
172.16.1.248/30 2001:DB8:F:1::/64
172.16.1.252/30 2001:DB8:F:2::/64 768 kbps
S0/0/0 B1 G0/1
S0/0/1
128 kbps S0/0/1
10.10.12.0/24 2001:DB8:1:5::/64
512 kbps
G0/0 10.10.10.0/23 2001:DB8:1:4::/64
Internet
S0/0/0 172.16.1.244/30 2001:DB8:F::/64
B3
G0/0 G0/1
10.10.13.0/24 2001:DB8:1:6::/64
To calculate the IPv4 summary routes, use the same technique you used to calculate a IPv4 static summary routes: Step 1.
Write out the networks to be summarized in binary.
Step 2.
To find the subnet mask for summarization, start with the far-left bit.
Step 3.
Working from left to right, find all the bits that match consecutively.
Step 4.
When there is a column of bits that do not match, stop. This is the summary boundary.
Step 5.
Count the number of far-left matching bits, which in this example is 22. This number is used to determine the subnet mask for the summarized route: /22 or 255.255.252.0.
Step 6.
To find the network address for summarization, copy the matching 22 bits and add all 0 bits to the end to make 32 bits.
Once you have your summary, configure the desired interfaces with the ip summary-address eigrp command. Each interface that will send out an EIGRP update should have the command. In Figure 8-2, each router can summarizes the two local LANs into one summary route. Calculate the summary routes for each route and record the commands to configure the serial interfaces.
instructor.indb 113
3/12/14 7:51 AM
114
CCNA Routing and Switching Practice and Study Guide
HQ Summary Route: 10.10.0.0/21 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10.10.0.0 255.255.248.0
B1 Summary Route: 10.10.8.0/22 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10.10.8.0 255.255.252.0
B3 Summary Route: 10.10.12.0/23 Command to configure Serial 0/0/0 and Serial 0/0/1: ip summary-address eigrp 1 10.10.12.0 255.255.254.0
The following calculations focus on the third octet: HQ
B1
B3
00000000
00001000
00001100
LAN 2
00000100
00001010
00001101
Summary Route
10.10.0.0/21
10.10.8.0/22
10.10.12.0/23
If you are following along in a simulator or on lab equipment, your EIGRP routing tables should look like Example 8-4. Note: We have not yet configured the bandwidth values shown in Figure 8-2. Example 8-4
EIGRP Routing Tables with Manual Summarization in Effect
HQ# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks D
10.10.0.0/21 is a summary, 00:06:50, Null0
D
10.10.8.0/22 [90/2172416] via 172.16.1.250, 00:01:43, Serial0/0/0
D
10.10.12.0/23 [90/2172416] via 172.16.1.254, 00:01:13, Serial0/0/1 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.244/30 [90/2681856] via 172.16.1.254, 00:01:43, Serial0/0/1 [90/2681856] via 172.16.1.250, 00:01:43, Serial0/0/0
B1# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
instructor.indb 114
D
10.10.0.0/21 [90/2172416] via 172.16.1.249, 00:00:54, Serial0/0/0
D
10.10.8.0/22 is a summary, 00:06:21, Null0
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
D
115
10.10.12.0/23 [90/2172416] via 172.16.1.246, 00:00:54, Serial0/0/1 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.252/30 [90/2681856] via 172.16.1.249, 00:00:54, Serial0/0/0 [90/2681856] via 172.16.1.246, 00:00:54, Serial0/0/1
B3# show ip route eigrp | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 5 masks D
10.10.0.0/21 [90/2172416] via 172.16.1.253, 00:00:48, Serial0/0/1
D
10.10.8.0/22 [90/2172416] via 172.16.1.245, 00:00:48, Serial0/0/0
D
10.10.12.0/23 is a summary, 00:00:19, Null0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.248/30 [90/2681856] via 172.16.1.253, 00:00:48, Serial0/0/1 [90/2681856] via 172.16.1.245, 00:00:48, Serial0/0/0
IPv6 Manual Summarization Briefly explain why IPv6 does not support automatic summarization. Automatic summarization is based on classful addressing, which does not exist in IPv6. You can manually configure IPv6 summary routes. However, the IPv6 addressing in Figure 8-2 was not designed for summary routes. If you summarized the IPv6 LANs on any of the routers, you would be including IPv6 LANs from one or both of the other routers. For example, the summary for the IPv6 LANs on B3 would be 2001:DB8:1:4::/62. The calculation focuses on the fourth hextet since it is the one that is changing: 0000 0000 0000 0100 --> included in summary (B1 LAN) 0000 0000 0000 0101 --> B3 LAN 0000 0000 0000 0110 --> B3 LAN 0000 0000 0000 0111 --> included in a B1 summary, if configured
You can see that this summary would include the B1 IPv6 LAN, 2001:DB8:1:4::/64. But it would also include additional address space summarized by B1 if B1 also configured an IPv6 manual summary route. In fact, a summary route on B1 would include all the IPv6 LANs in the topology. Prove this using the following workspace to calculate what the IPv6 summary route would be for B1. 0000 0000 0000 0000 0000 0000 0000 0001 --> HQ LAN 0000 0000 0000 0010 --> HQ LAN 0000 0000 0000 0011 --> B1 LAN 0000 0000 0000 0100 --> B1 LAN 0000 0000 0000 0101 --> B3 LAN 0000 0000 0000 0110 --> B3 LAN 0000 0000 0000 0111
instructor.indb 115
3/12/14 7:51 AM
116
CCNA Routing and Switching Practice and Study Guide
What would be the summary route for B1? 2001:DB8:1::/61 Packet Tracer Activity
Packet Tracer - Configuring EIGRP Manual Summary Routes for IPv4 and IPv6 (SN 8.1.2.5/RP 5.1.2.5)
Default Route Propagation Propagating a default route in EIGRP requires one additional command in your EIGRP configuration. What is the command, including the router prompt, for both IPv4 and IPv6? IPv4: Router(config-router)# redistribute static
IPv6: Router(config-rtr)# redistribute static
Figure 8-2 is using a Loopback interface to simulate a connection to the Internet. Record the commands to configure an IPv4 default route, IPv6 default route, and redistribute the routes to B1 and B3. HQ(config)# ip route 0.0.0.0 0.0.0.0 Lo0 HQ(config)# ipv6 route ::/0 Lo0 HQ(config)# router eigrp 1 HQ(config-router)# redistribute static HQ(config-router)# ipv6 router eigrp 1 HQ(config-rtr)# redistribute static
If you are following along in a simulator or on lab equipment, your verification output for B1 and B3 should look like Example 8-5. Example 8-5
EIGRP Routing Tables with Default Route Propagation
B1# show ip route eigrp | begin Gateway Gateway of last resort is 172.16.1.249 to network 0.0.0.0
D*EX
0.0.0.0/0 [170/2297856] via 172.16.1.249, 00:12:58, Serial0/0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
D
10.10.0.0/21 [90/2172416] via 172.16.1.249, 06:04:19, Serial0/0/0
D
10.10.8.0/22 is a summary, 00:05:31, Null0
D
10.10.12.0/23 [90/2172416] via 172.16.1.246, 06:04:19, Serial0/0/1 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.252/30 [90/2681856] via 172.16.1.249, 06:04:19, Serial0/0/0 [90/2681856] via 172.16.1.246, 06:04:19, Serial0/0/1
B1# show ipv6 route eigrp | begin EX EX
::/0
::/0 [170/2169856] via FE80::2, Serial0/0/0
D
2001:DB8:1:1::/64 [90/2172416] via FE80::2, Serial0/0/0
instructor.indb 116
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
D
117
2001:DB8:1:2::/64 [90/2172416] via FE80::2, Serial0/0/0
D
2001:DB8:1:6::/64 [90/2172416] via FE80::3, Serial0/0/1
D
2001:DB8:F:2::/64 [90/2681856] via FE80::2, Serial0/0/0 via FE80::3, Serial0/0/1
B1# ping 209.165.201.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 209.165.201.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms B1# ping 2001:db8:f:f::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:F:F::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms B3# show ip route eigrp | begin Gateway Gateway of last resort is 172.16.1.253 to network 0.0.0.0
D*EX
0.0.0.0/0 [170/2297856] via 172.16.1.253, 00:13:32, Serial0/0/1 10.0.0.0/8 is variably subnetted, 7 subnets, 5 masks
D
10.10.0.0/21 [90/2172416] via 172.16.1.253, 06:04:52, Serial0/0/1
D
10.10.8.0/22 [90/2172416] via 172.16.1.245, 06:04:52, Serial0/0/0
D
10.10.12.0/23 is a summary, 06:05:05, Null0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.248/30 [90/2681856] via 172.16.1.253, 06:04:52, Serial0/0/1 [90/2681856] via 172.16.1.245, 06:04:52, Serial0/0/0
B3# show ipv6 route eigrp | begin EX EX
::/0 [170/2169856]
D
2001:DB8:1:1::/64 [90/2172416]
::/0
via FE80::2, Serial0/0/1
via FE80::2, Serial0/0/1 D
2001:DB8:1:2::/64 [90/2172416]
D
2001:DB8:1:4::/64 [90/2172416]
via FE80::2, Serial0/0/1
via FE80::1, Serial0/0/0 D
2001:DB8:F:1::/64 [90/2681856] via FE80::1, Serial0/0/0 via FE80::2, Serial0/0/1
B3# ping 209.165.201.1 Type escape sequence to abort.
instructor.indb 117
3/12/14 7:51 AM
118
CCNA Routing and Switching Practice and Study Guide
Sending 5, 100-byte ICMP Echos to 209.165.201.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms B3# ping 2001:db8:f:f::1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:F:F::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
8.1.3.4 Packet Tracer - Propagating a Default Route in EIGRP for IPv4 and IPv6
Fine-Tuning EIGRP Interfaces Bandwidth Utilization By default, EIGRP will use only up to 50 percent of the bandwidth of an interface for EIGRP information. This prevents the EIGRP process from overutilizing a link and not allowing enough bandwidth for the routing of normal traffic. The ip bandwidth-percent eigrp command can be used to configure the percentage of bandwidth that may be used by EIGRP on an interface. Record the full syntax for this command. Router(config-if)# ip bandwidth-percent eigrp as-number percent
This command uses the amount of configured bandwidth (or the default bandwidth) when calculating the percent that EIGRP can use. Hello Intervals and Holdtimes Hello intervals and holdtimes are configurable on a per-interface basis and do not have to match with other EIGRP routers to establish adjacencies. Record the command to configure a different Hello interval. Router(config-if)# ip hello-interval eigrp as-number seconds
If you change the Hello interval, make sure that you also change the holdtime to a value equal to or greater than the Hello interval. Otherwise, neighbor adjacency will go down after the holdtime expires and before the next Hello interval. Record the command to configure a different holdtime. Router(config-if)# ip hold-time eigrp as-number seconds
EIGRP has different default Hello intervals and holdtimes based on the type of link. Complete Table 8-2 with the default values. Table 8-2
instructor.indb 118
Default Hello Intervals and Holdtimer for EIGRP
Bandwidth
Example Link
Default Hello Interval
Default Holdtime
1.544 Mbps
Multipoint Frame Relay
60 seconds
180 seconds
Greater Than 1.544 Mbps
T1, Ethernet
5 seconds
15 seconds
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
119
Load Balancing Briefly describe equal-cost load balancing. Load balancing is the ability of a router to use all local interfaces that routes with the same metric to a destination address. By default, EIGRP uses up to four equal-cost paths to load balance traffic. You can see load balancing in effect in the routing tables shown in previous Examples 8-4 and 8-5. The reason EIGRP is load balancing is that we have not configured the actual bandwidth shown in Figure 8-2. Record the commands to configure the routers with the correct bandwidth values. HQ(config)# int s0/0/0 HQ(config-if)# bandwidth 768 HQ(config-if)# int s0/0/1 HQ(config-if)# bandwidth 512 B1(config)# int s0/0/0 B1(config-if)# bandwidth 768 B1(config-if)# int s0/0/1 B1(config-if)# bandwidth 128 B3(config)# int s0/0/0 B3(config-if)# bandwidth 128 B3(config-if)# int s0/0/1 B3(config-if)# bandwidth 512
Once the routers are properly configured with the actual bandwidth values, EIGRP recalculates the metrics and installs the best route in the routing table, as shown in Example 8-6. Notice that B1 and B3 are no longer using the 128-Kbps link to route to each other’s LANs. Instead, they are each using the faster path through HQ. Example 8-6
EIGRP Routing Tables After Bandwidth Configuration
B1# show ip route eigrp | begin Gateway Gateway of last resort is 172.16.1.249 to network 0.0.0.0
D*EX
0.0.0.0/0 [170/3973120] via 172.16.1.249, 00:05:50, Serial0/0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
D
10.10.0.0/21 [90/3847680] via 172.16.1.249, 00:05:50, Serial0/0/0
D
10.10.8.0/22 is a summary, 00:05:21, Null0
D
10.10.12.0/23 [90/6026496] via 172.16.1.249, 00:05:21, Serial0/0/0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.252/30 [90/6023936] via 172.16.1.249, 00:05:31, Serial0/0/0
B1# show ipv6 route eigrp | begin EX EX
::/0
::/0 [170/3845120] via FE80::2, Serial0/0/0
D
2001:DB8:1:1::/64 [90/3847680] via FE80::2, Serial0/0/0
instructor.indb 119
3/12/14 7:51 AM
120
CCNA Routing and Switching Practice and Study Guide
D
2001:DB8:1:2::/64 [90/3847680] via FE80::2, Serial0/0/0
D
2001:DB8:1:6::/64 [90/6026496] via FE80::2, Serial0/0/0
D
2001:DB8:F:2::/64 [90/6023936] via FE80::2, Serial0/0/0
B3# show ip route eigrp | begin Gateway Gateway of last resort is 172.16.1.253 to network 0.0.0.0
D*EX
0.0.0.0/0 [170/5639936] via 172.16.1.253, 00:05:43, Serial0/0/1 10.0.0.0/8 is variably subnetted, 7 subnets, 5 masks
D
10.10.0.0/21 [90/5514496] via 172.16.1.253, 00:05:43, Serial0/0/1
D
10.10.8.0/22 [90/6026496] via 172.16.1.253, 00:05:43, Serial0/0/1
D
10.10.12.0/23 is a summary, 00:06:11, Null0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.248/30 [90/6023936] via 172.16.1.253, 00:05:43, Serial0/0/1
B3# show ipv6 route eigrp | begin EX EX
::/0 [170/5511936]
D
2001:DB8:1:1::/64 [90/5514496]
::/0
via FE80::2, Serial0/0/1
via FE80::2, Serial0/0/1 D
2001:DB8:1:2::/64 [90/5514496]
D
2001:DB8:1:4::/64 [90/6026496]
via FE80::2, Serial0/0/1
via FE80::2, Serial0/0/1 D
2001:DB8:F:1::/64 [90/6023936] via FE80::2, Serial0/0/1
Securing EIGRP Routing Updates In most production networks, you would want to configure the EIGRP routers to authenticate updates received from neighbors. The steps to configure EIGRP with MD5 authentication are as follows: Step 1.
Create a keychain and key. Record the command syntax including the router prompt to configure a keychain and key. Router(config)# key chain name-of-chain Router(config-keychain)# key key-id Router(config-keychain-key)# key-string key-string-text
instructor.indb 120
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
Step 2.
121
Configure EIGRP authentication to use the keychain and key. Record the command syntax, including the router prompt, to configure EIGRP authentication using the keychain and key. Router(config)# interface type number Router(config-if)# ip authentication mode eigrp as-num md5 Router(config-if)# ip authentication key-chain eigrp as-num name-of-chain
Now record the commands to configure HQ to authenticate updates from B1 and B3. Assume that B1 and B3 are already configured. Use MYKEY as the keychain name, 1 as the key ID, and cisco123 as the key string. HQ(config)# key chain MYKEY HQ(config-keychain)# key 1 HQ(config-keychain-key)# key-string cisco123 HQ(config-keychain-key)# int s0/0/0 HQ(config-if)# ip authentication mode eigrp 1 md5 HQ(config-if)# ip authentication key-chain eigrp 1 MYKEY HQ(config-if)# int s0/0/1 HQ(config-if)# ip authentication mode eigrp 1 md5 HQ(config-if)# ip authentication key-chain eigrp 1 MYKEY
Use the show ip eigrp neighbors command as displayed in Example 8-7 to verify that HQ has reestablished adjacency with B1 and B3. Example 8-7
Verifying EIGRP Authentication
HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H
Address
Interface
Hold Uptime
SRTT
(sec)
(ms)
RTO
Q
Seq
Cnt Num
1
172.16.1.250
Se0/0/0
10 00:06:25
2
192
0
59
0
172.16.1.254
Se0/0/1
13 00:07:09
3
288
0
59
Lab - Configuring Advanced EIGRP for IPv4 Features (SN 8.1.5.5/RP 5.1.5.5)
Troubleshoot EIGRP This section reviews the tools and procedures to troubleshoot EIGRP issues.
Commands for Troubleshooting EIGRP In Table 8-3, the IPv4 version of the troubleshooting commands for EIGRP are listed. The same commands are available for IPv6. Indicate which command or commands you would use to answer each of the questions.
instructor.indb 121
3/12/14 7:51 AM
122
CCNA Routing and Switching Practice and Study Guide
Table 8-3
Diagnosing EIGRP Connectivity Issues
Command
Is the Neighbor Table Correct?
show ip eigrp neighbors
X
show ip interface brief
X
show ip eigrp interface
X
Is the Routing Table Correct?
show ip protocols
X
show ip route eigrp
X
Does Traffic Take the Desired Path?
X
Troubleshoot EIGRP Connectivity Issues Using the configuration for the devices in Figure 8-2 and the following command outputs diagnose the EIGRP connectivity issue and recommend a solution.
Connectivity Issue #1 HQ and B1 have not formed a neighbor adjacency. Use the output in Example 8-8 to troubleshoot the first issue. Example 8-8
Troubleshooting Command Output for Issue #1
HQ# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H
Address
Interface
0
172.16.1.254
Se0/0/1
Hold Uptime
SRTT
(sec)
(ms)
10 00:23:18
1
RTO
Q
Seq
Cnt Num 288
0
65
HQ# show ip interface brief Interface
IP-Address
OK? Method Status
Protocol
Embedded-Service-Engine0/0 unassigned
YES unset
GigabitEthernet0/0
10.10.0.1
YES manual up
administratively down down up
GigabitEthernet0/1
10.10.4.1
YES manual up
up
Serial0/0/0
172.16.1.250
YES manual up
up
Serial0/0/1
172.16.1.253
YES manual up
up
Loopback0
209.165.201.1
YES manual up
up
B1# show ip eigrp neighbors EIGRP-IPv4 Neighbors for AS(1) H
1
Address
172.16.1.246
Interface
SRTT
(sec)
(ms)
Se0/0/1
Hold Uptime
12 00:26:47
9
RTO
Q
Seq
Cnt Num 1170
0
67
B1# show ip interface brief Interface
instructor.indb 122
IP-Address
OK? Method Status
Protocol
Embedded-Service-Engine0/0 unassigned
YES unset
administratively down down
GigabitEthernet0/0
10.10.8.1
YES manual up
up
GigabitEthernet0/1
10.10.10.1
YES manual up
up
Serial0/0/0
172.16.1.250
YES manual up
up
Serial0/0/1
172.16.1.245
YES manual up
up
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
123
Problem and Solution: HQ and B1 are both using the same IP address on the 172.16.1.248/30 link. Change either one to use IP address 172.16.1.249 and the neighbor relationship will be restored.
Connectivity Issue #2 HQ and B3 have not formed a neighbor adjacency. Example 8-9 displays the output for the second issue. Example 8-9
Troubleshooting Command Output for Issue #2
HQ# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(1) H
Address
Interface
0
Link-local address:
Se0/0/0
Hold Uptime
SRTT
(sec)
(ms)
14 05:12:49
1
RTO
Q
Seq
Cnt Num 186
0
57
FE80::1 B3# show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(2)
Problem and Solution: B3 does not have EIGPR neighbors because it is configured with a different AS number than HQ. Configure B3 to use AS number 1 for its IPv6 EIGRP configuration.
Connectivity Issue #3 Although the IPv6 routes look correct, B3 is using a less-than-optimal route to reach the B1 and HQ IPv4 LANs. Use the output in Example 8-10 to troubleshoot the third issue. Example 8-10
Troubleshooting Command Output for Issue #3
HQ# show ip protocols *** IP Routing is NSF aware ***
Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: static EIGRP-IPv4 Protocol for AS(1) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 2.2.2.2 Topology : 0 (base) Active Timer: 3 min
instructor.indb 123
3/12/14 7:51 AM
124
CCNA Routing and Switching Practice and Study Guide
Distance: internal 90 external 170 Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1
Automatic Summarization: disabled Address Summarization: 10.10.0.0/21 for Se0/0/0, Se0/0/1 Summarizing 2 components with metric 28160 Maximum path: 4 Routing for Networks: 10.0.0.0 172.16.0.0 Passive Interface(s): GigabitEthernet0/0 GigabitEthernet0/1 Serial0/0/1 Routing Information Sources: Gateway
Distance
Last Update
172.16.1.254
90
00:17:55
172.16.1.250
90
00:00:41
Distance: internal 90 external 170 B3# show ip route eigrp | begin Gateway Gateway of last resort is 172.16.1.245 to network 0.0.0.0
D*EX
0.0.0.0/0 [170/21152000] via 172.16.1.245, 00:08:32, Serial0/0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 5 masks
D
10.10.0.0/21 [90/21026560] via 172.16.1.245, 00:08:32, Serial0/0/0
D
10.10.8.0/22 [90/20514560] via 172.16.1.245, 00:08:32, Serial0/0/0
D
10.10.12.0/23 is a summary, 04:39:57, Null0 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D
172.16.1.248/30 [90/21024000] via 172.16.1.245, 00:08:32, Serial0/0/0
B3# show ipv6 route eigrp | begin EX EX
::/0
::/0 [170/5511936] via FE80::2, Serial0/0/1
D
2001:DB8:1:1::/64 [90/5514496] via FE80::2, Serial0/0/1
D
2001:DB8:1:2::/64 [90/5514496] via FE80::2, Serial0/0/1
D
2001:DB8:1:4::/64 [90/6026496] via FE80::2, Serial0/0/1
D
2001:DB8:F:1::/64 [90/6023936] via FE80::2, Serial0/0/1
instructor.indb 124
3/12/14 7:51 AM
Chapter 8: EIGRP Advanced Configurations and Troubleshooting
125
Problem and Solution: The EIGRP configuration on HQ has the Serial 0/0/1 interface set to passive. Therefore, HQ and B3 have not established adjacency and HQ is not sending IPv4 routing updates to B3. Lab - Troubleshooting Basic EIGRP for IPv4 and IPv6 (SN 8.2.3.6/RP 5.2.3.6) Lab - Troubleshooting Advanced EIGRP (SN 8.2.3.7/RP 5.2.3.7) Packet Tracer Activity
instructor.indb 125
Packet Tracer - Troubleshooting EIGRP for IPv4 (SN 8.2.3.5/RP 5.2.3.5) Packet Tracer - Skills Integration Challenge (SN 8.3.1.2/RP 5.3.1.2)
3/12/14 7:51 AM
instructor.indb 126
3/12/14 7:51 AM
CHAPTER 9
IOS Images and Licensing
Network administrators are responsible for managing the routers and switches owned by the organization. This responsibility includes backing up and upgrading software images when needed. This chapter reviews basic IOS image concepts and management tasks.
instructor.indb 127
3/12/14 7:51 AM
128
CCNA Routing and Switching Practice and Study Guide
Managing IOS System Files Cisco IOS software is a sophisticated operating system that includes multiple release versions that are organized into software release families and software trains.
IOS Families, Trains, and Naming Conventions A software release family is comprised of multiple IOS software release versions. What are the three features that distinguish an IOS software release family? ■
Share the same code base
■
Apply to a related platform (for example, 1900 series routers)
■
Overlap in support coverage
What are some major software releases within the software release family? 12.3, 12.4, 15.0, and 15.1 Briefly describe a software train. New versions are created to fix bugs and add new features to an existing software family. These releases are organized into trains that may contain several releases over the life of a software family. The Cisco IOS Software 12.4 train is considered the mainline train, which receives mostly software (bug) fixes with the goal of increasing software quality. These releases are also designated as Maintenance Deployment releases (MD). A mainline train is always associated with a technology train (T train). A T train, such as 12.4T, receives the same software bug fixes as the mainline train. What else does a T train include? T trains receive new software and hardware support features. T train releases are considered Early Deployment (ED) releases. Decoding the IOS release numbering conventions will go a long way in helping you understand the various trains used in the IOS 12.4 software release family. In Figure 9-1, indicate whether the release is a mainline train or a technology train. Then fill in the blanks for each part of the IOS 12 software release numbering scheme. Releases before IOS 15 consisted of eight packages for Cisco routers. These packages were the following: Five nonpremium packages:
instructor.indb 128
■
IP Base: Entry-level Cisco IOS Software Image
■
IP Voice: Converged voice and data, VoIP, VoFR, and IP Telephony
■
Advanced Security: Security and VPN features, including Cisco IOS Firewall, IDS/IPS, IPsec, 3DES, and VPN
■
SP (Service Provider) Services: Adds SSH/SSL, ATM, VoATM, and MPLS to IP Voice
■
Enterprise Base: Includes AppleTalk, IPX, and IBM Support
3/12/14 7:51 AM
Chapter 9: IOS Images and Licensing
Figure 9-1
129
The IOS 12.4 Software Release Numbering Convention 12.4(21 a)
12.4
12.4(20) T
1
12.4T
Figure 9-1a
The IOS 12.4 Software Release Numbering Convention (answer) 12.4(21 a)
12.4
Train Number Maintenance Identifier
Mainline Train
Rebuild Identifier
12.4(20) T
1
Train Number 12.4T
Maintenance Identifier Train Identifier
T Train
Rebuild Identifier
Three premium packages: ■
Advanced Enterprise Services: Full Cisco IOS software features
■
Enterprise Services: Enterprise base and service provider services
■
Advanced IP Services: Advanced security, service provider services, and support for IPv6
How does the Cisco IOS 15.0 release model differ from the mainline and T trains of 12.4? Instead of diverging into separate trains, Cisco IOS Software 15 mainline and T will have extended maintenance release (EM release) and standard maintenance release (T release). With the new IOS release model, Cisco IOS 15 mainline releases are referred to as M trains. New releases for the T trains are available two to three times a year. EM releases are available every 16 to 20 months.
instructor.indb 129
3/12/14 7:51 AM
130
CCNA Routing and Switching Practice and Study Guide
In Figure 9-2, indicate whether the release is a mainline train or a technology train. Then fill in the blanks for each part of the IOS 15 software release numbering scheme. Figure 9-2
The IOS 15 Software Release Numbering Convention
15.0 (1) M1 15.0M
15.1 (1) T1 15.0T
Figure 9-2a
The IOS 15 Software Release Numbering Convention (answer) New Feature Release Number 15.0 (1) M1 15.0M
EM Release
Major Release Number Minor Release Number M = Extended Maintenance Release Maintenance Rebuild Number
New Feature Release Number 15.1 (1) T1 15.0T
T Release
Major Release Number Minor Release Number T = Standard Maintenance Release Maintenance Rebuild Number
Briefly explain how Services on Demand for Cisco Integrated Services Routers Generation Two (ISR G2) works. With the Services on Demand model, all features are included in one universal image shipped with all ISR G2s. The network administrator then activates feature sets using licensing keys. The IP base feature set is installed by default. What is the key difference between universalk9 and universalk9_npe IOS images? The universalk9_npe software image is provided for customers in those countries with import requirements disallowing routers with strong cryptography functionality. The npe extension to the image name stands for no payload encryption. Decode the IOS 12 image name in Table 9-1. The first one is done for you.
instructor.indb 130
3/12/14 7:51 AM
Chapter 9: IOS Images and Licensing
Table 9-1
131
Decoding IOS 12 Image Names
IOS Images
Hardware Feature Set
Train Maintenance Train Rebuild Number Release Identifier Identifier
c1841-ipbasek9-mz.124-12.bin
1841
Ipbasek9
12.4
12
M
c1841-advipservicesk9-mz.124-10b. bin
1841
Advanced 12.4 services
10
M
c3725-entbase-mz.124-6.T.bin
3725
Enterprise 12.4 base
6
T
b
Decode the IOS 15 image name in Table 9-2. The first one is done for you. Table 9-2
Decoding IOS 15 Image Names
IOS Images
Hardware Feature Set
Major Minor New Feature Maintenance Maintenance Release Release Release Release Rebuild
c1900-universalk9-mz. SPA.153-2.T.bin
1900
Universal 15
3
2
T
c2900-universalk9-mz. 2900 SPA.153-3.M.bin
Universal 15
3
3
M
c1841-advipservicesk9- 1841 mz.151-4.M6.bin
Advanced 15 services
1
4
M
6
Backing Up Cisco IOS Images To back up an IOS image to a TFTP server, complete the following steps: Step 1.
Ping the TFTP server to test connectivity.
Step 2.
Verify the TFTP server has enough memory to accept the image file. Use the show flash command to determine the size of the image.
Step 3.
Copy the image to the TFTP server using the copy source-url destination-url command.
In Figure 9-3, you are copying the image c1900-universalk9-mz.SPA.152-4.M1.bin from RTA to the TFTP server at 10.10.10.10. Record the commands, including the router prompt, to complete this task. Figure 9-3
Backing Up an IOS to a TFTP Server
RTA TFTP Server 10.10.10.10
RTA# ping 10.10.10.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
instructor.indb 131
3/12/14 7:51 AM
132
CCNA Routing and Switching Practice and Study Guide
RTA# show flash -#- --length-- -----date/time------ path 1
67998028 Nov 30 1983 00:00:00 +00:00 c1900-universalk9-mz.SPA.152-4.M1.bin
188608512 bytes available (68001792 bytes used) RTA# copy flash tftp Source filename []? c1900-universalk9-mz.SPA.152-4.M1.bin Address or name of remote host []? 10.10.10.10 Destination filename [c1900-universalk9-mz.SPA.152-4.M1.bin]? !!!!!!!!!!!!!!!!!!!!!!!!! 67998028 bytes copied in 107.928 secs (630031 bytes/sec)
RTA#
Packet Tracer Activity Video Demonstration
Packet Tracer - Using a TFTP Server to Upgrade a Cisco IOS Image (SN 9.1.2.5/RP 10.1.2.5) Video Demonstration - Managing Cisco IOS Images (SN 9.1.2.6/RP 10.1.2.6)
IOS Licensing Before Cisco IOS Software Release 15.0, your router came with the IOS already installed for the features you desired. If you wanted to upgrade the feature set, you had to order, download, and install a new version. That all changed with 15.0. Each device ships with the same universal image. You enable the features you need through the use of licensing keys.
Software Licensing The feature sets that you enable with licensing keys are called technology packages. What are the four technology packages available? IP Base Data Unified Communications (UC) Security (SEC) On which Cisco ISR G2 platforms can these licenses be used? Cisco 1900, 2900, and 3900 series routers What command enables you to view the licenses currently supported on the router? Router# show license feature
What are the three major steps to activate a new software package or feature on the router?
instructor.indb 132
Step 1.
Purchase the software package or feature to be installed.
Step 2.
Obtain a Software Activation License file from Cisco.
Step 3.
Install the license file.
3/12/14 7:51 AM
Chapter 9: IOS Images and Licensing
133
What two things are needed to obtain a license? The product activation key (PAK) and a unique device identifier (UDI) How is the UDI constructed? The UDI is a combination of the product ID (PID), the serial number (SN), and the hardware version What command displays the UDI? Router# show license udi
What command installs the license? Router# license install stored-location-url
License Verification and Management After installing a license, you must reboot the router before the technology package is active and ready to use. What two commands are used in Example 9-1 to verify the licenses installed? Example 9-1
Verifying License Installation
Router# show version | begin License Info: License Info:
License UDI:
------------------------------------------------Device#
PID
SN
------------------------------------------------*0
CISCO1941/K9
FTX163283RZ
Technology Package License Information for Module:'c1900'
----------------------------------------------------------------Technology
Technology-package
Technology-package
Current
Next reboot
Type
-----------------------------------------------------------------ipbase
ipbasek9
Permanent
security
securityk9
EvalRightToUse securityk9
ipbasek9
data
None
None
None
Configuration register is 0x2102
instructor.indb 133
3/12/14 7:51 AM
134
CCNA Routing and Switching Practice and Study Guide
Router# show license Index 1 Feature: ipbasek9 Period left: Life time License Type: Permanent License State: Active, In Use License Count: Non-Counted License Priority: Medium Index 2 Feature: securityk9 Period left: 8
weeks 1
Period Used: 2
days 0
day hour
License Type: EvalRightToUse License State: Active, In Use License Count: Non-Counted License Priority: Low Index 3 Feature: datak9 Period left: Not Activated Period Used: 0
minute
0
second
License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None
In Example 9-1, the datak9 technology package is not in use. Record the commands, including the router prompt, to accept the EULA and activate the datak9 package. Router(config)# license accept end user agreement Router(config)# license boot module c1900 technology-package securityk9
What message do you receive when activate a package? % use 'write' command to make license boot config take effect on next boot
To back up your license files, save them to flash. Record the command, including the router prompt, to save the license files to flash. Router(config)# license save flash0:R1_license_files
Complete the following steps to uninstall a license: Step 1.
Disable the technology package. Record the command, including the router prompt, to disable the datak9 technology package. Router(config)# license boot module c1900 technology-package datak9 disable
Step 2.
After reloading the router, clear the license from storage. Record the commands, including the router prompt, to clear the datak9 technology package. Router# license clear datak9 Router# configure terminal Router(config)# no license boot module c1900 technology-package datak9 disable
instructor.indb 134
3/12/14 7:51 AM
Chapter 9: IOS Images and Licensing
Packet Tracer Activity
135
Packet Tracer - EIGRP Capstone (SN 9.3.1.2/RP 10.3.1.2) Packet Tracer - OSPF Capstone (SN 9.3.1.3/RP 10.3.1.3) Packet Tracer - Skills Integration Challenge (SN 9.3.1.4/RP 10.3.1.4)
Video Demonstration
instructor.indb 135
Video Demonstration - Working with IOS 15 Image Licenses (SN 9.2.2.5/RP 10.2.2.5)
3/12/14 7:51 AM
instructor.indb 136
3/12/14 7:51 AM
CHAPTER 10
Hierarchical Network Design
Part of your job as a network administrator is understanding how to build networks that are flexible, resilient, and manageable. Even if your direct responsibilities do not include actually designing the network, you still need a firm grasp of the benefits incurred from using a systematic design approach.
instructor.indb 137
3/12/14 7:51 AM
138
CCNA Routing and Switching Practice and Study Guide
Hierarchical Network Design Overview Networks come in all sizes. The size of the network is directly proportional to the complexity of the design. However, structured engineering principles can help guide the designer in formulating a plan even for the most complex networks.
Enterprise Network Campus Design What are the three main categories of network sizes and how are they distinguished? Small network for up to 200 devices Medium-sized network for 200 to 1000 devices Large network for 1000+ devices In Table 10-1, indicate the structured engineering principle that is best described by the characteristic. Table 10-1
Structured Engineering Principles
Characteristic
Hierarchy
Modularity Resiliency
Is available to users regardless of the current conditions High-level tool for designing a reliable network
Flexibility
X X
Can be easily modified Examples include the data center and the Internet edge
X X
Hierarchical Network Design Briefly describe the three layers of the hierarchical network design. ■
Access layer: Provides workgroup/user access to the network
■
Distribution layer: Provides policy-based connectivity and controls the boundary between the access and core layers
■
Core layer: Provides fast transport between distribution switches within the enterprise campus
In Table 10-2, indicate the layer that is best described by the function Table 10-2
Hierarchical Network Layer Functions
Layer Function
Access
Distribution
Highest speed switching of the three layers
X
Policy-based security Port security
instructor.indb 138
X X
Redundancy and load balancing
X
Broadcast domain control
X
Spanning tree
Core
X
3/12/14 7:51 AM
Chapter 10: Hierarchical Network Design
Layer Function
Access
Layer 2 switching
Distribution
139
Core
X
Avoid CPU-intensive packet manipulation
X
Aggregates traffic from distribution devices
X
Aggregating LAN and WAN links
X
Briefly explain the concept of a collapsed core. Small networks and many medium-sized networks are not large enough to justify the expense and complexity of different devices at each of the three layers. A collapsed core design incorporates the distribution and core layer functions in one device. This reduces the costs of the design while still maintaining the benefits of a hierarchical design.
Cisco Enterprise Architecture Hierarchical network design is fine for campus network implementations. But the networks for many organizations span larger areas than just a campus to include teleworkers, branch sites, and data centers. These networks call for design approach where functions can be separated into modules.
Modular Network Design Briefly describe three benefits for using a modular approach to network design. Failures that occur within a module can be isolated from the remainder of the network. Network changes, upgrades, or the introduction of new services can be made in a controlled and staged fashion. When a specific module no longer has sufficient capacity or is missing a new function or service, it can be updated or replaced by another module. Security can be implemented on a modular basis. In Table 10-3, indicate which module is described by the feature. Table 10-3
Features of Modules in the Enterprise Architecture
Module Feature
AccessDistribution
Services
Provides resources necessary to employees so that they can effectively create, collaborate, and interact X X
Consists of the Internet Edge and WAN Edge
X
Provide connectivity outside the enterprise
X
Originally called the server farm
instructor.indb 139
Enterprise Edge
X
Could include wireless controls, policy gateways, and unified communications services Fundamental component of a campus design
Data Center
X
3/12/14 7:51 AM
140
CCNA Routing and Switching Practice and Study Guide
In Figure 10-1, label the modules of the Enterprise Architecture. Figure 10-1
Identify Modules of the Enterprise Architecture
Services Block
Data Center
MetroE
HDLC
Figure 10-1a Identify Modules of the Enterprise Architecture (answer)
Access
Distribution Internet Edge
Services Block
Core Data Center
WAN Edge MetroE
HDLC
Cisco Enterprise Architecture Model What are the three primary modules of the Cisco Enterprise Architecture model? Enterprise Campus Enterprise Edge Service Provider Edge
instructor.indb 140
3/12/14 7:51 AM
Chapter 10: Hierarchical Network Design
141
Which module provides connectivity to the data center, branches, and teleworkers? Service Provider Edge What are the submodules of the Enterprise Campus module? Building Access Building Distribution Campus Core Data Center What are the submodules of the Enterprise Edge module? E-Commerce Internet Connectivity Remote Access and VPN WAN Site-to-Site VPN What is the main purpose of the Service Provider Edge module? The Service Provider Edge module provides connectivity between the Enterprise Edge module and submodules of the Remote module (Branch Locations, Teleworkers, Data Center). In Table 10-4, indicate the service provider solution described. Table 10-4
Service Provider Designs
Service Provider Connectivity Solution
SingleHomed
DualHomed
Multihomed
Connections to 2 or more ISPs
DualMultihomed
X
A single connection to 1 ISP
X
Multiple connections to 2 or more ISPs
X
2 or more connections to 1 ISP
X
What are the submodules of the remote module? Enterprise Branch Enterprise Teleworker Enterprise Data Center In Table 10-5, indicate which module is best described by the function. Table 10-5
Cisco Enterprise Architecture Model Functions
Cisco Enterprise Architecture Feature
Aggregates connectivity from various functional areas.
Enterprise Campus
Enterprise Edge
Service Provider Edge
X
Allows employees to work at noncampus locations. Provides cost-effective access across large geographic areas.
instructor.indb 141
Remote
X X
3/12/14 7:51 AM
142
CCNA Routing and Switching Practice and Study Guide
Cisco Enterprise Architecture Feature
Enterprise Campus
Enterprise Edge
Service Provider Edge
Could use high-end Cisco Catalyst switches or just a ISR G2, depending on size of location.
X
Authenticates remote users and branch sites.
X
Incorporates the enterprise WAN links.
X
Uses multicast traffic and QoS to optimize network traffic.
X
Connects users with campus, server farm, and enterprise edge.
X
Mobile users connect using a local ISP. High availability through resilient hierarchical network design.
X X
Converges voice, video, and data across a single IP communications network.
X
Offsite data center to provide disaster recovery and business continuance services.
X
Devices located here include firewall and firewall routers, and network intrusion prevention systems.
X
Routes traffic into the Campus Core submodule.
X
Access management with VLANs and IPsec.
X
Supports security over Layer 2 and Layer 3 WANs. Provides internal users with secure connectivity to Internet services.
Remote
X X
In Figure 10-2, label the modules and submodules of the Cisco Enterprise Architecture model.
instructor.indb 142
3/12/14 7:51 AM
Chapter 10: Hierarchical Network Design
143
Figure 10-2 Cisco Enterprise Architecture Model
Building Distribution
Campus Infrastructure Module
E-Commerce ISP A
ISP B
Enterprise Teleworker
PSTN
WAN Site-to-site VPN Frame Relay, ATM, MAN, ...
Network Management
Figure 10-2a Cisco Enterprise Architecture Model (answer) Enterprise Campus
Enterprise Edge
Service Provider Edge
Building Access
Enterprise Branch
Campus Core
Campus Infrastructure Module
E-Commerce
Building Distribution
Remote
ISP A
Internet Connectivity ISP B
Enterprise Teleworker
Remote Access and VPN PSTN Server Farm and Data Center
Enterprise Data Center WAN Site-to-site VPN
Network Management
instructor.indb 143
Frame Relay, ATM, MAN, ...
3/12/14 7:51 AM
144
CCNA Routing and Switching Practice and Study Guide
Evolving Network Architectures Network architectures need to rapidly evolve to meet the needs of users. Traditionally, employees and students alike used devices provided by the organization. However, you more than likely currently use some type of mobile device to conduct some of your business or school work. Today’s enterprise networks should seamlessly provide services to users of all modes of access.
Cisco Enterprise Architectures What are the top trends that are impacting networks? Bring your own device (BYOD) Online collaboration Video communication Cloud computing What network architectures has Cisco introduced to address these trends? Cisco Borderless Network Architecture Collaboration Architecture Data Center/Virtualization Architecture
Emerging Network Architectures What are the two primary sets of services provided by the Cisco Borderless Network Architecture? Borderless end-point/user services Borderless network services What are the three layers of the Cisco Collaboration Architecture? Application and Devices Collaboration Services Network and Computer Infrastructure What are the three components of the Cisco Data Center/Virtualization Architecture? Cisco Unified Management Solutions Unified Fabric Solutions Unified Computing Solutions In Table 10-6, indicate the emerging network architecture described by the feature or service.
instructor.indb 144
3/12/14 7:51 AM
Chapter 10: Hierarchical Network Design
Table 10-6
Emerging Network Architectures
Emerging Network Architecture Functions and Services
Cisco Borderless Networks
Cisco Collaboration Architecture
Comprehensive set of technologies that bring together the network, computing, and storage platforms.
Any device must be able to connect securely, reliably, and seamlessly from anywhere.
X X
Portfolio of products, applications, and software development kits that provide a comprehensive solution to allow people to cooperate and contribute to the production of something. Unified approach to deliver application services to users in a highly distributed environment.
X
X
Network infrastructure and services are united via Cisco unified system services options.
instructor.indb 145
Cisco Data Center/ Virtualization Architecture
X
Applications include WebEx Meeting, WebEx Social, Cisco Jabber, and TelePresence.
Packet Tracer Challenge
145
X
Packet Tracer - Skills Integration Challenge - OSPF (CN 1.4.1.2) Packet Tracer - Skills Integration Challenge - EIGRP (CN 1.4.1.3)
3/12/14 7:51 AM
instructor.indb 146
3/12/14 7:51 AM
CHAPTER 11
Connecting to the WAN
Wide-area networks (WANs) are used to connect remote LANs together. Various technologies are used to achieve this connection. This chapter reviews WAN technologies and the many WAN services available.
instructor.indb 147
3/12/14 7:51 AM
148
CCNA Routing and Switching Practice and Study Guide
WAN Technologies Overview WAN access options differ in technology, speed, and price. Each has advantages and disadvantages. Selecting the best technology depends largely on the network design.
Network Types and Their Evolving WAN Needs The WAN needs of a network depend greatly on the size of the network. These network types run the spectrum from small offices that really only need a broadband connection to the Internet all the way up to multinational enterprises that need a variety of WAN options to satisfy local, regional, and global restrictions. In Table 11-1, indicate the network type that fits each of the descriptions. Some descriptions may apply to more than one network type. Table 11-1
Identify the Network Type
Network Description
Outsourced IT support
Small Office Network
Campus Network
Branch Network
X
Very large sized business Connectivity to the Internet
X X
Converged network and application services
X
Hundreds of employees
X
X
Home, branch, and regional offices, teleworkers, and a central office Limited number of employees
X
X
In-house IT staff and network support
X
X
Thousands of employees
instructor.indb 148
X X
Several remote, branch, and regional offices (one central office)
X
Small-sized business
X
LAN focus of operations with broadband
X
Small to medium-sized business
X
Multiple campus LANs
X
Medium-sized business
Distributed Network
X
3/12/14 7:51 AM
Chapter 11: Connecting to the WAN
149
WAN Operations and Terminology WANs operate at which layers of the OSI model? Data link (Layer 2) and physical (Layer 1) Which organizations are responsible for WAN standards? Telecommunication Industry Association and the Electronic Industries Alliance (TIA/EIA) International Organization for Standardization (ISO) Institute of Electrical and Electronics Engineers (IEEE) What are some of the Layer 2 WAN technologies? Frame Relay, Point-to-Point Protocol (PPP), MetroEthernet, VSAT, MPLS, Broadband Why is the Layer 2 address field not usually used in WAN services? WAN links are normally point to point. Therefore, there is no need for a data link layer address.
instructor.indb 149
3/12/14 7:51 AM
150
CCNA Routing and Switching Practice and Study Guide
Match the definition on the left with a term on the right. This exercise is a one-to-one matching. Definitions a. The boundary between customer equipment
and service provider equipment b. Devices inside the enterprise edge wiring
closet that are owned or leased by the organization c. Provider equipment that resides in the WAN
backbone capable of supporting routing protocols d. Digital modem used by DSL or cable Internet
service providers e. Dynamically establishes a dedicated circuit
before communication starts f. Provides an interface to connect subscribers to
a WAN link g. Splits traffic so that it can be routed over the
shared network h. Local service provider facility that connects
the CPE to the provider network
Terms g. Packet-switched network n. WAN switch b. Customer premises equipment (CPE) h. Central office (CO) o. Dialup modem p. Access server f. Data communications equipment (DCE) l. Router m. Data terminal equipment (DTE) i. Local loop j. CSU/DSU e. Circuit-switched network a. Demarcation point d. Broadband modem k. Toll network c. Core multilayer switch
i. Physical connection between the CPE to the
CO j. Required by digital leased lines to provide ter-
mination of the digital signal and convert into frames ready for transmission on the LAN k. Consists of the all-digital, long-haul commu-
nications lines, switches, routers, and other equipment in the provider network l. Customer device that provides internetwork-
ing and WAN access interface ports m. Customer device that transmits data over the
WAN link n. Multiport device that sits at the service pro-
vider edge to switch traffic o. Legacy technology device that converts digital
signals into analog signals transmitted over telephone lines p. Legacy technology device that can support
hundreds of dial-in and dial-out users
instructor.indb 150
3/12/14 7:51 AM
Chapter 11: Connecting to the WAN
151
Selecting a WAN Technology The WAN access connections your small to medium-sized business purchases could use a public or private WAN infrastructure—or a mix of both. Each type provides various WAN technologies. Understanding which WAN access connections and technologies are best suited to your situation is an important part of network design.
Varieties of WAN Link Connections Your ISP can recommend several WAN link connection options that based on your specific requirements. These options can be classified in various categories. Use the list of WAN access options to label Figure 11-1. Figure 11-1
WAN Access Options WAN
Public
Dedicated
instructor.indb 151
Internet
3/12/14 7:51 AM
152
CCNA Routing and Switching Practice and Study Guide
Figure 11-1
WAN Access Options (answer) WAN
Private
Dedicated
Public
Switched
Internet
Leased Lines
CircuitSwitched
PacketSwitched
Broadband VPN
T1/E1 T3/E3
PSTN ISDN
Metro Ethernet MPLS Frame Relay ATM
DSL Cable Wireless
Labels T1/E1/T3/E3
ATM
Switched
Frame Relay
Circuit switched
Packet switched
Metro Ethernet
Cable
Wireless
MPLS
PSTN
DSL
VPN
Private
Broadband
ISDN
Leased lines
Private and Public WAN Access Options As shown in Figure 11-1, WAN access options can first be classified as either private or public. Table 11-2 lists descriptions for various private WAN access options. Indicate which one is described. Some options are described more than once. Table 11-2
Private WAN Access Options
Private WAN Access Options
Considered the most expensive of all WAN access technologies.
Leased MPLS Ethernet ATM ISDN Lines WAN
instructor.indb 152
Dialup Frame Relay
X
Analog telephone lines are used to provide a switched WAN connection. A permanent, dedicated WAN connection which uses a T- or E-carrier system.
VSAT
X
X
3/12/14 7:51 AM
Chapter 11: Connecting to the WAN
Private WAN Access Options
Leased MPLS Ethernet ATM ISDN Lines WAN
Satellite to router communications for WAN connections. X
X
X
Connects multiple sites using virtual circuits and data-link connection identifiers. Includes MetroE, EoMPLS, and VPLS as WAN connection options.
X
Converts analog to digital signals to provide a switched WAN connection over telephone lines. A popular replacement for traditional Frame Relay and ATM WAN access technologies.
instructor.indb 153
Dialup Frame Relay
X
Delivers data using fixed 53-byte packet cells over permanent and switched virtual circuits. Service providers and short-path labeling are used for leased lines, Ethernet WANs, and Frame Relay WANs.
VSAT
153
X
X
3/12/14 7:51 AM
154
CCNA Routing and Switching Practice and Study Guide
Match the definition on the left with a public WAN access option on the right. This exercise is a one-to-one matching. Public WAN Access Options
Definitions a. Radio and directional-antenna modem WAN
access option provided to public organizations b. WAN access option that uses telephone lines
to transport data via multiplexed links c. High-speed long-distance wireless connections
through nearby special service provider towers d. Cellular radio waves WAN access option used
with smartphones and tablets e. Dish and modem-based WAN access option
d. 3G/4G Cellular f. VPN Remote c. WiMax e. Satellite Internet b. DSL h. Cable a. Municipal WiFi g. VPN site-to-site
for rural users where cable and DSL are not available f. Secure Internet-based WAN access option
used by teleworkers and extranet users g. Entire networks connected together by using
VPN routers, firewalls, and security appliances h. A shared WAN access option that transports
data using television-signal networks Lab - Researching WAN Technologies (CN 2.2.4.3)
instructor.indb 154
3/12/14 7:51 AM
CHAPTER 12
Point-to-Point Connections
Point-to-point connections are the most common type of WAN connections. These connections are also called serial or leased lines. This chapter reviews the terms, technology, and protocols used in serial connections.
instructor.indb 155
3/12/14 7:51 AM
156
CCNA Routing and Switching Practice and Study Guide
Serial Point-to-Point Overview Understanding how point-to-point serial communication across a leased line works is important to an overall understanding of how WANs function.
Serial Communications Briefly explain the difference between serial and parallel communications. In serial communications, the data is sent 1 bit at a time down one link. In parallel communications, bits are transmitted simultaneously over multiple links. What is clock skew issue in parallel communications? Clock skew is when the bits do not arrive at the same time causing synchronization issues.
instructor.indb 156
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
157
Match the serial communications definition on the left with a term on the right. This is a one-to-one matching exercise. Definitions a. Cable that allows two WAN end devices to be
directly connected together
Terms h. Physical k. DCE
b. Signals sent sequentially 1 bit after another
f. Demarc
c. A networking device that converts signals into
n. CPE
an ISP WAN circuit format d. Universal ports that have replaced both
RS-232 and parallel ports on newer PCs e. A WAN connection that interconnects two
LANs directly f. The point at the customer site where the ISP
network ends g. A technique that reassembles multiple data
transmissions h. The OSI layer where time-division multiplex-
ing (TDM) operates
i. ISDN l. DTE j. Variable m. Parallel c. CSU/DSU d. USB e. Leased line a. Null modem b. Serial g. Bit interleaving
i. A WAN technology that uses TDM j. The way that STDM divides bandwidth into
multiple slots for data transmission k. Provides a clocking signal for the WAN circuit l. LAN/WAN routers at the customer location m. Transmission signals split between multiple
wires concurrently n. The network equipment connected to the
WAN circuit at the customer location
instructor.indb 157
3/12/14 7:51 AM
158
CCNA Routing and Switching Practice and Study Guide
WAN Protocols Just like LANs, data is encapsulated into frames before transmission onto a WAN link. Various encapsulation protocols can be used to achieve the framing. In Table 12-1, indicate which protocol best fits the description. Table 12-1
WAN Encapsulation Protocols
WAN Protocol Description
HDLC
Provides connections over synchronous and asynchronous circuits
PPP
SLIP
X.25/LAPB
Frame Relay ATM
X
International standard for cell relay
X
Predecessor to Frame Relay
X
Default encapsulation on a serial link between two Cisco devices
X
Eliminates the need for error correction and flow control Forms the basis for synchronous PPP
X X
Built-in security with PAP and CHAP
X
Transfers data 53 bytes at a time so that processing can occur in hardware
X
Next-generation protocol after X.25
X
Largely replaced by PPP
X
An ITU-T standard that defines connections between a DTE and DCE
X
HDLC Encapsulation What is the major difference between the ISO 13239 HDLC standard and Cisco’s implementation of HDLC? Cisco’s implementation of HDLC uses a Protocol field to support multiple protocols. In Figure 12-1, label the fields of Cisco HDLC frame. Figure 12-1
Cisco HDLC Frame Format
Figure 12-1a Cisco HDLC Frame Format (answer)
Flag
instructor.indb 158
Address
Control
Protocol
Data
FCS
Flag
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
159
List the three different formats of the Control field. Information (I) Frame Supervisory (S) Frame Unnumbered (U) Frame
HDLC Configuration and Troubleshooting Although High-Level Data Link Control (HDLC) is the default encapsulation on Cisco synchronous serial lines, you may need to change the encapsulation back to HDLC. Record the commands, including the router prompt, to change the first serial interface on a 1900 series router to HDLC. R1# configure terminal R1(config)# interface serial 0/0/0 R1(config-if)# encapsulation hdlc
Troubleshooting Serial Interfaces Troubleshooting the cause of a serial interface issue usually begins by entering the show interface serial command. This command can return one of six possible statuses for the line. In Table 12-2, indicate what status would display for each of the conditions of the serial interface. Some statuses are used more than once. Table 12-2
Line Conditions and Status Indicators
Condition of the Serial Interface
Serial X Is Up, Line Protocol Is Up
Serial X Is Down, Line Protocol Is Down
Serial X Is Up, Line Protocol Is Down
Serial X Is Up, Line Protocol Is Up (Looped)
A high error rate has occurred due to a WAN service provider problem. X
The router configuration includes the shutdown interface configuration command.
X
Cabling is faulty or incorrect.
X X
The clockrate command is not configured on the interface.
The router is not sensing a carrier detect (CD) signal. The same random sequence number in the keepalive is returned over the link.
instructor.indb 159
Serial X Is Administratively Down, Line Protocol Is Down
X
Keepalives are not being sent by the remote router.
This is the proper status line condition.
Serial X Is Up, Line Protocol Is Down (Disabled)
X X X
3/12/14 7:51 AM
160
CCNA Routing and Switching Practice and Study Guide
What command will show whether a DTE or DCE cable is attached to the interface? show controllers Packet Tracer Activity
Packet Tracer - Troubleshooting Serial Interfaces (CN 3.1.2.7)
PPP Operation PPP encapsulation has been carefully designed to retain compatibility with most commonly used supporting hardware. PPP encapsulates data frames for transmission over Layer 2 physical links.
PPP Components Briefly described the three main components of PPP. ■
HDLC-like framing for transporting multiprotocol packets over point-to-point links
■
Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection
■
Network Control Protocols (NCPs) for establishing and configuring different network layer protocols
In Figure 12-2, fill in the missing parts of the PPP layered architecture. Figure 12-2 PPP Layered Architecture IPv4
IPv6
IPCP
IPv6CP Network Layer
PPP Data Link Layer
Physical Layer
Figure 12-2a PPP Layered Architecture (answer) IPv4
IPv6
IPCP
IPv6CP Network Layer
Network Control Protocol (NCP) PPP
instructor.indb 160
Authentication, Other Options Link Control Protocol (LCP)
Data Link Layer
Synchronous or Asynchronous Physical Media
Physical Layer
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
161
List the type of physical interfaces supported by PPP. ■
Asynchronous serial
■
Synchronous serial
■
HSSI
■
ISDN
What automatic configurations does the Link Control Protocol (LCP) provide at each end of the link? ■
Handling varying limits on packet size
■
Detecting common misconfiguration errors
■
Terminating the link
■
Determining when a link is functioning properly or when it is failing
Briefly describe how PPP uses Network Control Protocol (NCP). PPP uses NCPs to negotiate the Layer 3 protocols that will be used to carry data packets. They provide functional fields containing standardized codes to indicate the network layer protocol type that PPP encapsulates. In Table 12-3, indicate whether each characteristic describes LCP or NCP. Table 12-3
LCP and NCP Characteristics
Characteristic
LCP
Can configure authentication, compression, and error detection
X
NCP
Bring network layer protocols up and down
X
Encapsulate and negotiate options for IPv4 and IPv6
X
Negotiate and set up control options on the WAN circuit
X
Handles limits on packet size
X
Establish, configure, and test the data link connection
X
Uses standardized codes to indicate the network layer protocol
X
Determine if link is functioning properly
X
Terminate the link
X
Manage packets from several network layer protocols
X
Figure 12-3 shows the PPP frame format. Answer the following questions about the specific features and purpose of each field. Figure 12-3 PPP Frame Format Field Length, in Bytes
instructor.indb 161
1
1
1
2
Variable
2 or 4
1
Flag
Address
Control
Protocol
Data
FCS
Flag
3/12/14 7:51 AM
162
CCNA Routing and Switching Practice and Study Guide
What is the bit pattern for the Flag field? 01111110 Why is the Address field all 1s or 0xFF? On a point-to-point link, the destination node does not need to be addressed. What is the purpose of the Control field? The Control field calls for transmission of user data in an unsequenced frame, providing a connectionless link that does not require data links to be established. What is the purpose of the Protocol field? The Protocol field uses a 2-byte value to identify what network layer protocol is encapsulated in the data. What is the default size of the information stored in the Data field? 1500 bytes What does FCS stand for and what is the purpose of this field? The Frame Check Sequence field is used by the receiver to test the integrity of the frame received. If the FCS calculated by the receiver doesn’t match, the frame is silently discarded.
PPP Sessions What are the three phase for establishing a PPP session? ■
Phase 1: Link establishment and configuration negotiation
■
Phase 2: Link quality determination (optional)
■
Phase 3: Network layer protocol configuration negotiation
Figure 12-4 shows a partially labeled flowchart for the LCP link negotiation process. Complete the flowchart by properly labeling it with the provided steps. Figure 12-4 Steps in the LCP Link Negotiation Process
Sends ConfigureRequest
All options acceptable?
Yes
No Yes
All options recognized?
No Determine new negotiation parameters
instructor.indb 162
Yes
Authentication option?
No
Link is established
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
163
Figure 12-4a Steps in the LCP Link Negotiation Process (answer)
Sends ConfigureRequest
Process ConfigureRequest
All options acceptable?
Yes
Send Configure-Ack
Receive Configure-Ack
No
Send Configure-Nak
Yes
All options recognized?
Authentication Phase
Yes
Authentication option?
No Determine new negotiation parameters
Send ConfigureReject
No
Link is established
Missing Labels for Figure 12-4 ■
Send Configure-Reject
■
Receive Configure-Ack
■
Process Configure-Request
■
Send Configure-Ack
■
Authentication Phase
■
Send Configure-Nak
PPP can be configured to support optional functions, including the following: ■
Authentication using either PAP or CHAP
■
Compression using either Stacker or Predictor
■
Multilink that combines two or more channels to increase the WAN bandwidth
After the link is established, the LCP passes control to the appropriate NCP. Figure 12-5 shows the NCP process for IPv4. Complete the figure by properly labeling it with the provided phases and steps. Missing Labels for Figure 12-5
instructor.indb 163
■
IPv4 Data Transfer
■
NCP Termination
■
IPCP Configure-Request
■
IPCP Configure-Ack
■
IPCP Terminate-Request
■
LCP Maintenance
■
IPCP Terminate-Ack
■
NCP Configuration
3/12/14 7:51 AM
164
CCNA Routing and Switching Practice and Study Guide
Figure 12-5 The NCP Process
LCP Configuration
IPv4 DATA Exchange
LCP Termination
Figure 12-5a The NCP Process (answer)
LCP Configuration
IPCP Configure-Request IPCP Configure-Ack
NCP Configuration
IPv4 Data Transfer and LCP Maintenance
IPv4 DATA Exchange
IPCP Terminate-Request NCP Termination
IPCP Terminate-Ack
LCP Termination
instructor.indb 164
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
165
Configure PPP PPP is a robust WAN protocol supporting multiple physical layer and network layer implementations. In addition, PPP has many optional features the network administrator can choose to implement.
Basic PPP Configuration with Options Figure 12-6 shows the topology and Table 12-4 shows the addressing we will use for PPP configuration. Figure 12-6 PPP Topology S0/0/0
S0/0/0 RTA
.2
.1
RTB
172.16.1.0/30 2001:DB8:1:F::/64
Table 12-4 Device
Addressing Table for PPP Interface
IPv4 Address
Subnet Mask
IPv6 Address/Prefix
RTA
S0/0/0
172.16.1.1
255.255.255.252
2001:DB8:1:F::1/64 RTB
S0/0/0
172.16.1.2
255.255.255.252
2001:DB8:1:F::2/64
Assume that the router interfaces are already configured with IPv4 and IPv6 addressing. RTB is fully configured with PPP. Record the commands, including the router prompt, to configure RTA with a basic PPP configuration. RTA# configure terminal RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation ppp
RTB is configured for software compression using the Stacker compression algorithm. What happens if RTA is not configured with compression? During the LCP negotiation phase, RTA and RTB will negotiate to not use compression. Record the command, including the router prompt, to configure the same compression on RTA. RTA(config-if)# compress stac
RTB is configured to take down the link if the quality falls below 70 percent. Record the command, including the router prompt, to configure the equivalent on RTA. RTA(config-if)# ppp quality 70
In Figure 12-7, RTA and RTB are now using two serial links to transfer data. RTB is already configured with PPP multilink to load balance the traffic to RTA. Record the commands, including the router prompt, to configure the RTA multilink interface including IPv4 and IPv6 addressing and the necessary commands for the serial interfaces. Use the addressing in Table 12-4 for the multilink interface rather than Serial 0/0/0.
instructor.indb 165
3/12/14 7:51 AM
166
CCNA Routing and Switching Practice and Study Guide
Figure 12-7
PPP Multilink Topology S0/0/0
S0/0/0 RTA
S0/0/1
S0/0/1
RTB
172.16.1.0/30 2001:DB8:1:F::/64
RTA(config)# interface multilink 1 RTA(config-if)# ip address 172.16.1.1 255.255.255.252 RTA(config-if)# ipv6 address 2001:db8:1:f::1/64 RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1 RTA(config-if)# interface serial 0/0/0 RTA(config-if)# no ip address RTA(config-if)# no ipv6 address RTA(config-if)# encapsulation ppp RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1 RTA(config-if)# interface serial 0/0/1 RTA(config-if)# no ip address RTA(config-if)# no ipv6 address RTA(config-if)# encapsulation ppp RTA(config-if)# ppp multilink RTA(config-if)# ppp multilink group 1
You can verify the operation of PPP using the following show commands. Record the commands used to generate the output on RTA. RTA# show interface serial 0/0/0 Serial0/0/0 is up, line protocol is up Hardware is WIC MBRD Serial Internet address is 172.16.1.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, IPV6CP, CCP, CDPCP, loopback not set Keepalive set (10 sec)
RTA# show ppp multilink
Multilink1 Bundle name: RTA Remote Endpoint Discriminator: [1] RTB Local Endpoint Discriminator: [1] RTA
instructor.indb 166
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
167
Bundle up for 00:01:20, total bandwidth 3088, load 1/255 Receive buffer limit 24000 bytes, frag timeout 1000 ms 0/0 fragments/bytes in reassembly list 0 lost fragments, 0 reordered 0/0 discarded fragments/bytes, 0 lost received 0x2 received sequence, 0x2 sent sequence Member links: 2 active, 0 inactive (max 255, min not set) Se0/0/0, since 00:01:20 Se0/0/1, since 00:01:06 No inactive multilink interfaces
PPP Authentication Briefly explain the difference between PAP and CHAP. PAP uses a two-way process to authenticate with unencrypted plain-text passwords. CHAP uses a three-way process with an encrypted hash value generated by the MD5 algorithm. The password is never sent. PAP is not interactive. When you configure an interface with the ppp authentication pap command, the username and password are sent as one LCP data package. You are not prompted for a username. The receiving node checks the username and password combination and either accepts or rejects the connection. List three situations where PAP would be the appropriate choice for authentication. ■
A large installed base of client applications that do not support CHAP
■
Incompatibilities between different vendor implementations of CHAP
■
Situations where a plain-text password must be available to simulate a login at the remote host
Once PAP authentication is established, the link is vulnerable to attack. Why? PAP does not reauthenticate. So, a hacker can piggyback on an open connection. CHAP challenges periodically to make sure that the remote node still has a valid password. Complete the missing information in the following steps as RTA authenticates with RTB using CHAP.
instructor.indb 167
Step 1.
RTA initially negotiates the link connection using LCP with router RTB, and the two systems agree to use CHAP authentication during the PPP LCP negotiation.
Step 2.
RTB generates an ID and a random number, and sends that and its username as a CHAP challenge packet to RTA.
Step 3.
RTA uses the username of the challenger (RTB) and cross references it with its local database to find its associated password. RTA then generates a unique MD5 hash number using the RTB’s username, ID, random number, and the shared secret password.
Step 4.
RTA then sends the challenge ID, the hashed value, and its username (RTA) to RTB.
3/12/14 7:51 AM
168
CCNA Routing and Switching Practice and Study Guide
Step 5.
RTB generates its own hash value using the ID, the shared secret password, and the random number it originally sent to RTA.
Step 6.
RTB compares its hash value with the hash value sent by RTA. If the values are the same, RTB sends a link established response to RTA.
When authentication is local (no AAA/TACACS+), what is the command syntax to configure PPP authentication on an interface? Router(config-if)# ppp authentication {chap | chap pap | pap chap | pap }
Assume that both PAP and CHAP are configured with the command ppp authentication chap pap on the interface. Explain how authentication will proceed. The first method specified, CHAP, will be requested during link negotiation. If the receiving node is not configured for CHAP, the second method specified, PAP, will be used.
PAP Configuration In Figure 12-6, RTB is already configured with PAP authentication with the password cisco123. Record the commands to configure PAP on RTA. RTA(config)# username RTB password cisco123 RTA(config)# interface s0/0/0 RTA(config-if)# ppp authentication pap RTA(config-if)# ppp pap sent-username RTA password cisco123
CHAP Configuration CHAP uses one less command than PAP. Now record the commands to remove PAP and configure RTA to use CHAP authentication. RTA(config)# interface s0/0/0 RTA(config-if)# no ppp authentication pap RTA(config-if)# no ppp pap sent-username RTA password cisco123 RTA(config-if)# ppp authentication chap
Packet Tracer - Configuring PAP and CHAP Authentication (CN 3.3.2.7) Lab - Configuring Basic PPP with Authentication (CN 3.3.2.8)
Troubleshoot WAN Connectivity If you cannot ping across a PPP link and you have checked the physical and data link layer issues reviewed in the “Troubleshooting Serial Interfaces” section earlier, the issue is probably the PPP configuration. You can use the debug command to troubleshoot PPP issues using the debug ppp {parameter} syntax. Based on the descriptions in Table 12-5, fill in the corresponding parameter you would use with the debug ppp command.
instructor.indb 168
3/12/14 7:51 AM
Chapter 12: Point-to-Point Connections
Table 12-5
169
Parameters for the debug ppp Command
Parameter
Usage
error
Displays issues associated with PPP connection negotiation and operation
compression
Displays information specific to the exchange of PPP connections using MPPC
negotiation
Displays PPP packets transmitted during PPP startup
packet
Displays PPP packets being sent and received
authentication
Displays authentication protocol messages
cbcp
Displays protocol errors and statistics associated with PPP connection negotiations using MSCB
Lab - Troubleshooting Basic PPP with Authentication (CN 3.4.1.5) Packet Tracer Activity
instructor.indb 169
Packet Tracer - Troubleshooting PPP with Authentication (CN 3.4.1.4) Packet Tracer - Skills Integration Challenge (CN 3.5.1.2)
3/12/14 7:51 AM
instructor.indb 170
3/12/14 7:51 AM
CHAPTER 13
Frame Relay
Although newer services are rapidly replacing it in some locations, Frame Relay has been a popular alternative to expensive dedicated leased lines. Frame Relay provides a cost-efficient solution for WAN access between multiple sites. This chapter reviews Frame Relay technology, configuration, verification, and troubleshooting.
instructor.indb 171
3/12/14 7:51 AM
172
CCNA Routing and Switching Practice and Study Guide
Introduction to Frame Relay Frame Relay is a high-performance WAN protocol that operates at the physical and data link layers of the OSI reference model. Unlike leased lines, Frame Relay requires only a single access circuit to the Frame Relay provider to communicate with other sites connected to the same provider.
Frame Relay Concepts and Terminology Match the definition on the left with a term on the right. Terms are only used once. Definitions a. Bandwidth “borrowing” from other PVCs
when available b. Read Frame Relay was popular when com-
pared to private leased lines c. A preconfigured logical path between two
endpoints and assigned a DLCI d. A logical connection that is established
dynamically for the time needed e. The equivalent of 24 DS0 channels
Terms m. Access rate n. ANSI k. Black hole a. Bursting f. CIR b. Cost savings p. DE h. Disable
f. Guaranteed bandwidth for a specific PVC
l. DLCI
g. Downstream notification that there is conges-
r. DTE
tion on a Frame Relay switch h. Manual configuration will do this to the auto-
sensing of LMI-type feature on Cisco routers
g. FECN q. Inverse ARP j. LMI
i. Holding frame in a buffer before sending
c. PVC
j. Frame Relay extension that allows the DTE to
i. Queuing
discover the list of available DLCIs configured on the access link k. A PVC that no longer exists l. Used to identify each Frame Relay circuit
endpoint
o. Status d. SVC e. T1 s. X.25
m. Port bandwidth of the local loop n. One of the three LMI types other than cisco
and q933a o. LMI provides these updates about Frame
Relay connectivity p. Identifies the frames to be dropped in times of
congestion q. Process used by LMI to associate network
layer addresses to data link layer addresses r. The end of the Frame Relay connection that
initiates requests about the status of its Frame Relay links s. Protocol replaced by Frame Relay
instructor.indb 172
3/12/14 7:51 AM
Chapter 13: Frame Relay
173
Frame Relay Operation Frame Relay networks use permanent virtual circuits (PVCs), which uniquely define a logical path between two endpoints. Frame Relay is a more cost-effective option than leased lines for two reasons: The cost of a leased line includes the cost of a full end-to-end dedicated connection. The cost of Frame Relay includes only the cost to the local loop. Frame Relay shares bandwidth with other customers across the same physical circuit. The end of each PVC uses a number to identify it called the data link connection identifier (DLCI). What does it mean to say that these numbers are locally significant? Locally significant DLCIs means that only the local devices need to know this number. That way, the DLCI number can be reused on other equipment throughout the network. Frame Relay is statistically multiplexed, meaning that it transmits only one frame at a time, but that many logical connections can coexist on a single physical line. In Figure 13-1, label the missing fields in a standard Frame Relay frame. Figure 13-1
Fields of the Standard Frame Relay Frame 8 bits
16 bits
Variable
16 bits
8 bits
Flag
Address
Data
FCS
Flag
C/R EA
EA
Byte 1
Byte 2
Figure 13-1a Fields of the Standard Frame Relay Frame (answer) 8 bits
16 bits
Variable
16 bits
8 bits
Flag
Address
Data
FCS
Flag
DLCI
Byte 1
instructor.indb 173
C/R EA
DLCI
FECN BECN DE
EA
Byte 2
3/12/14 7:51 AM
174
CCNA Routing and Switching Practice and Study Guide
Identify and briefly describe each of the three Frame Relay topologies. Star topology: Also known as a hub-and-spoke topology with a central site connected to branch sites. All branch-to-branch communication is sent through the central (hub) site. Therefore, branch sites are only configured with one VC. Full mesh: Every node is configured with a VC to every other node in the network. However, each node usually only has one physical link to the local Frame Relay switch. Partial mesh: Nodes may have more than one VC configured to remote locations. But all nodes are not configured with all VCs, as in full mesh. This works better for larger networks where a full-mesh topology would be cost prohibitive. A router must know what remote Layer 3 address maps to the locally configured DLCI before it can send data over the link. This mapping can be achieved statically or dynamically. Briefly describe the IPv4 protocol that provides dynamic mapping. Dynamic address mapping relies on Inverse ARP to resolve a next-hop network layer IPv4 address to a local DLCI value. The Frame Relay router sends out Inverse ARP requests on its PVC to discover the protocol address of the remote device connected to the Frame Relay network. On Cisco routers, what must you do to make sure Inverse ARP is operational? Nothing; Inverse ARP is enabled by default. What is the command syntax to disable Inverse ARP? Router(config-if)# no frame-relay inverse-arp
What is the command syntax to override dynamic mapping and statically configure the map? Router(config-if)# frame-relay map protocol protocol-addressdlci [broadcast] [ietf] [cisco]
Why would you use the keyword ietf? Use the keyword ietf when connecting to a non-Cisco router. Why would you use the keyword broadcast? The keyword broadcast allows broadcast and multicast traffic to be sent over the VC, which can greatly simplify the configuration of routing protocols like OSPF. What command can you use to verify Frame Relay maps? show frame-relay map Briefly describe the Local Management Interface (LMI). LMI is an extension of Frame Relay that provides additional capabilities including the ability for DTEs to dynamically acquire information about the status of the network. LMI uses reserved DLCIs in the range from 0 to 1023 to exchange LMI messages between the DTE and DCE. What are the three LMI types supported by Cisco routers? CISCO, ANSI, Q933A With Cisco IOS software release 11.2, the LMI type does not need to be configured because it is autosensed.
instructor.indb 174
3/12/14 7:51 AM
Chapter 13: Frame Relay
175
In Figure 13-2, RTA and RTB are both configured to use Frame Relay with the IPv4 addressing and DLCIs shown. RTA has just booted up. Fully explain how RTA will dynamically learn the DLCIs from the local Frame Relay switch and then dynamically learn the IPv4 address of RTB. Figure 13-2 Frame Relay Topology
S0/0/0 10.10.10.1/30 RTA
Frame Relay
DLCI 201
S0/0/0 10.10.10.2/30
DLCI 102
RTB
PVC
After booting, RTA will autosense the LMI type used on the local loop. Then RTA will send an LMI status inquiry message to the local Frame Relay switch. The local Frame Relay switch replies to the query with all the VCs configured on the access link. This will include the DLCI 201, which the Frame Relay network has mapped internally to reach RTB. Once RTA has the DLCIs for the access link (only 201 in this example), it sends an Inverse ARP message which is forwarded by the Frame Relay network to RTB. RTB responds to the Inverse ARP message with its IPv4 address. When RTA receives the response from RTB, it will map the local DLCI 201 to the IPv4 address of RTB. From the customer’s point of view, Frame Relay is one interface configured with one or more PVCs. The rate at which data will be accepted by the local Frame Relay switch is contracted. The access rate is the actual speed of the port connected to the service provider. It is not possible to send data any faster. The committed information rate (CIR) is the rate at which the customer can send data into the Frame Relay network. All data at or below this rate is guaranteed. What does the term oversubscription mean in relation to Frame Relay? What problems can it cause? A service provider may decide to oversell an access link on the assumption that everyone that is subscribed on the link will not need to use the link for their full subscription all the time. Traffic will be dropped in situations where a link is oversubscribed and then subsequently overutilized. When the Frame Relay network is underutilized, customers can burst over their CIR at no additional cost. The committed burst size (Bc) is a negotiated rate above the CIR that the customer can use to transmit for short bursts, and represents the maximum allowed traffic under normal working conditions. When sending at a rate higher than the CIR, the Discard Eligibility (DE) bit is set to 1 in every frame so that the Frame Relay network can discard the frame if congestion is occurring. However, when there is congestion on the Frame Relay network, the switch that is experiencing congestion will begin setting the Forward Explicit Congestion Notification (FECN) bit to 1 to inform downstream devices that there is congestion on the network. It will also set the Backward Explicit Congestion Notification (BECN) bit to 1 and send a message to the source to throttle back the speed at which it is sending data. In addition, the Frame Relay switch experiencing congestion will discard every frame that has the DE bit set to 1.
instructor.indb 175
3/12/14 7:51 AM
176
CCNA Routing and Switching Practice and Study Guide
Configure Frame Relay Frame Relay connections are created by configuring customer premise equipment (CPE) routers or other devices to communicate with a service provider Frame Relay switch. The service provider configures the Frame Relay switch, which helps keep end-user configuration tasks to a minimum.
Configure Basic Frame Relay Because so many of the features of Frame Relay are enabled by default, configuration is straightforward. Assuming the interface is correctly addressed, the basic configuration is simply a matter of changing the encapsulation on the interface. In Figure 13-3, RTB is configured and ready to send traffic on the Frame Relay network. Assume RTA is already configured with IPv4 and IPv6 addressing. Record the commands, including the router prompt, to enable Frame Relay. Figure 13-3 S0/0/0 10.10.10.1/30 2001:DB8:1:F::1/64 Link Local: FE80::1 RTA
Frame Relay
S0/0/0 10.10.10.2/30 2001:DB8:1:F::2/64 Link Local: FE80::2
DLCI 201
DLCI 102
RTB
PVC RTA# configure terminal RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation frame-relay
Connectivity between RTA and RTB should now be operational for IPv4 traffic. However, in our example, IPv6 requires static mapping. You will need to map both the globally unique and link local IPv6 addresses. Because the link local address is used for multicasts, you will need to add the keyword broadcast to your frame relay map configuration. Record the commands, including the router prompt, to statically configure RTA with IPv6 frame relay maps. RTA(config)# interface s0/0/0 RTA(config-if)# frame-relay map ipv6 2001:db8:1:f::2 201 RTA(config-if)# frame-relay map ipv6 fe80::2 201 broadcast
Record the command used to generate the following output verifying the IPv4 and IPv6 maps. RTA# show frame-relay map Serial0/0/0 (up): ipv6 FE80::2 dlci 201(0xC9,0x3090), static, broadcast, CISCO, status defined, active Serial0/0/0 (up): ipv6 2001:DB8:1:F::2 dlci 201(0xC9,0x3090), static, CISCO, status defined, active Serial0/0/0 (up): ip 10.10.10.2 dlci 201(0xC9,0x3090), dynamic, broadcast, CISCO, status defined, active Packet Tracer Activity
instructor.indb 176
Packet Tracer - Configuring Static Frame Relay Maps (CN 4.2.1.4)
3/12/14 7:51 AM
Chapter 13: Frame Relay
177
Configure Subinterfaces When configuring a hub-and-spoke topology with Frame Relay, you must create subinterfaces so that each PVC can have its own Layer 3 addressing. In a Frame Relay nonbroadcast multiaccess (NBMA) topology like the one shown in Figure 13-4, this can cause reachability issues without proper configuration. Figure 13-4 Frame Relay NBMA Topology S0/0/0 10.10.10.2/30 DLCI 102 S0/0/0.201 10.10.10.1/30 DLCI 201
RTB Frame Relay NBMA
RTA S0/0/0.301 10.10.10.5/30 DLCI 301
PVC
S0/0/0 10.10.10.6/30 DLCI 103
RTC
Briefly describe the three reachability issues caused by NBMA topologies. Split horizon: This rule states that an update received on a physical interface should not be retransmitted out that same physical interface. Broadcast and multicast replication: Broadcast and multicast traffic must be replicated for each PVC that is configured on the interface. This can consume considerable bandwidth which might impact user traffic if the path already has low bandwidth. Neighbor discovery: In OSPF, the DR/BDR election must result in the hub router as DR because it is the only router that has PVCs to all other routers. What are the three ways to solve these reachability issues? One or more of the following: disable split horizon, build a full mesh topology, configure subinterfaces. In Figure 13-4, RTA is the hub router and RTB and RTC are spokes. Given the information shown in Figure 13-4, record the commands, including the router prompts, to configure RTA with Frame Relay using point-to-point subinterfaces. RTA(config)# interface serial 0/0/0 RTA(config-if)# encapsulation frame-relay RTA(config-if)# no ip address RTA(config-if)# no shutdown RTA(config-if)# exit RTA(config)# interface serial 0/0/0.201 point-to-point RTA(config-subif)# ip address 10.10.10.1 255.255.255.252 RTA(config-subif)# frame-relay interface-dlci 201 RTA(config-fr-dlci)# exit RTA(config-subif)# exit
instructor.indb 177
3/12/14 7:51 AM
178
CCNA Routing and Switching Practice and Study Guide
RTA(config)# interface serial 0/0/0.301 RTA(config-subif)# ip address 10.10.10.5 255.255.255.252 RTA(config-subif)# frame-relay interface-dlci 301 RTA(config-fr-dlci)#
Lab - Configuring Frame Relay and Subinterfaces (CN 4.2.2.7) Packet Tracer Activity
Packet Tracer - Configuring Frame Relay Point-to-Point Subinterfaces (CN 4.2.2.6)
Troubleshoot Connectivity Frame Relay is generally a reliable service. Nonetheless, sometimes the network performs at less-than-expected levels, and troubleshooting is necessary. Record the Frame Relay verification commands that generated the following output: RTA# show frame-relay pvc
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
Active
Inactive
Deleted
Static
Local
1
0
0
0
Switched
0
0
0
0
Unused
0
0
0
0
DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
input pkts 1
output pkts 1
in bytes 34
out bytes 34
dropped pkts 0
in pkts dropped 0
out pkts dropped 0
out bytes dropped 0
in FECN pkts 0
in BECN pkts 0
out FECN pkts 0
out BECN pkts 0
in DE pkts 0
out DE pkts 0
out bcast pkts 1
out bcast bytes 34
5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:02:12, last time pvc status changed 00:01:38 RTA# show frame-relay lmi
LMI Statistics for interface Serial0/0/0 (Frame Relay DTE) LMI TYPE = CISCO
instructor.indb 178
Invalid Unnumbered info 0
Invalid Prot Disc 0
Invalid dummy Call Ref 0
Invalid Msg Type 0
Invalid Status Message 0
Invalid Lock Shift 0
Invalid Information ID 0
Invalid Report IE Len 0
Invalid Report Request 0
Invalid Keep IE Len 0
Num Status Enq. Sent 14
Num Status msgs Rcvd 15
3/12/14 7:51 AM
Chapter 13: Frame Relay
Num Update Status Rcvd 0
Num Status Timeouts 0
Last Full Status Req 00:00:23
Last Full Status Rcvd 00:00:23
179
RTA# show interface serial 0/0/0 Serial0/0/0 is up, line protocol is up Hardware is WIC MBRD Serial Internet address is 10.10.10.1/30 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec) LMI enq sent
15, LMI stat recvd 16, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent LMI DLCI 1023
LMI type is CISCO
0, LMI upd sent
0
frame relay DTE
FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 1/0, interface
RTA# show frame-relay map Serial0/0/0 (up): ip 10.10.10.2 dlci 201(0xC9,0x3090), dynamic, broadcast, CISCO, status defined, active Serial0/0/0 (up): ipv6 2001:DB8:1:F::2 dlci 201(0xC9,0x3090), static, CISCO, status defined, active Serial0/0/0 (up): ipv6 FE80::2 dlci 201(0xC9,0x3090), static, broadcast, CISCO, status defined, active RTA#
In Table 13-1, indicate which command enables you to verify the described information. Some information can be verified with more than one command. Table 13-1
Frame Relay Verification Commands
Frame Relay Information Verified
show interface serial
show framerelay lmi
show framerelay pvc
Broadcast status for the PVC
X
PVC status
instructor.indb 179
X
Number of LMI status queries sent and received
X
Layer 1 and Layer 2 status information
X
LMI type
X
Invalid LMI types
show framerelay map
X
X
X X
3/12/14 7:51 AM
180
CCNA Routing and Switching Practice and Study Guide
Frame Relay Information Verified
Packet Tracer Challenge
instructor.indb 180
show interface serial
show framerelay lmi
show framerelay pvc
Number of ECN packets in and out
X
DLCI assigned to the PVC
X
The encapsulation type
X
Frame Relay DTE/DCE type
X
show framerelay map
X
Packet Tracer - Skills Integration Challenge (CN 4.4.1.2)
3/12/14 7:51 AM
CHAPTER 14
Network Address Translation for IPv4
All public IPv4 addresses that transverse the Internet must be registered with a Regional Internet Registry (RIR). Only the registered holder of a public Internet address can assign that address to a network device. With the proliferation of personal computing and the advent of the World Wide Web, it soon became obvious that 4.3 billion IPv4 addresses would not be enough. The long-term solution was to eventually be IPv6. But for the short term, several solutions were implemented by the IETF, including Network Address Translation (NAT) and RFC 1918 private IPv4 addresses.
NAT Operation There are not enough public IPv4 addresses to assign a unique address to each device connected to the Internet. Networks are commonly implemented using private IPv4 addresses.
NAT Characteristics Fill in the table with the private addresses defined by RFC 1918. Class
Address Range
CIDR Prefix
A
10.0.0.0–10.255.255.255
10.0.0.0/8
B
172.16.0.0–172.31.255.255
172.16.0.0/12
C
192.168.0.0–192.168.255.255
192.168.0.0/16
Briefly explain the following terms:
instructor.indb 181
■
Inside local address: The address of the source as seen from inside the network.
■
Inside global address: The address of source as seen from the outside network.
■
Outside global address: The address of the destination as seen from the outside network. Most often the outside local and outside global addresses are the same.
■
Outside local address: The address of the destination as seen from the inside network. Although uncommon, this address could differ from the globally routable address of the destination.
3/12/14 7:51 AM
182
CCNA Routing and Switching Practice and Study Guide
In Figure 14-1, label each type of NAT address. Figure 14-1
Identify NAT Address Types
203.0.113.11
192.168.51.5 198.51.100.2 WWW
PC1 R1 ISP
192.168.51.1
Web Server
Figure 14-1a Identify NAT Address Types (Answer) 203.0.113.11
192.168.51.5 198.51.100.2 WWW
PC1 R1 ISP
192.168.51.1
Web Server
Outside Local
Outside Global
Inside Global
Inside Local
Types and Benefits of NAT Briefly describe the three types of NAT: ■
Static address translation (static NAT): One-to-one address mapping between local and global addresses.
■
Dynamic address translation (dynamic NAT): Many-to-many address mapping between local and global addresses.
■
Port Address Translation (PAT): Many-to-one address mapping between local and global addresses. This method is also known as overloading (NAT overloading).
When is it appropriate to use static NAT? Static NAT is particularly useful for web servers or devices that must have a consistent address that is accessible from the Internet, such as a company web server. It is also useful for devices that must be accessible by authorized personnel when offsite, but not by the general public on the Internet. What is the difference between dynamic NAT and PAT? Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. PAT maps multiple private addresses to one or a few public addresses using the source port number to track connections. List and explain at least three advantages and three disadvantages to using NAT. Advantages
instructor.indb 182
■
Conserves the legally registered addressing scheme
■
Increases the flexibility of connections to the public network
3/12/14 7:51 AM
CHAPTER 14: Network Address Translation for IPv4
■
Provides consistency for internal network addressing schemes
■
Provides network security
183
Disadvantages
Packet Tracer Activity
■
Performance is degraded.
■
End-to-end functionality is degraded.
■
End-to-end IP traceability is lost.
■
Tunneling becomes more complicated.
■
Initiating TCP connections can be disrupted.
Packet Tracer - Investigating NAT Operation (RSE 11.1.2.6/WAN 5.1.2.6)
Configuring NAT Configuring NAT is straightforward if you follow a few simple steps. Static NAT and dynamic NAT configurations vary slightly. Adding PAT to a dynamic NAT is as simple as adding a keyword to the configuration.
Configuring Static NAT Use the following steps to configure static NAT: Step 1.
Create a map between the inside local IP address and the inside global IP address with the ip nat inside source static local-ip global-ip global configuration command.
Step 2.
Configure the inside interface of the LAN the device is attached to participate in NAT with the ip nat inside interface configuration command.
Step 3.
Configure the outside interface where NAT translation will occur with the ip nat outside interface configuration command.
Refer to the topology in Figure 14-2 to configure static NAT. Figure 14-2 Static NAT Configuration Topology Inside Network
Outside Network S0/0/0
S0/1/0
Internet
R2 Web Server 172.16.1.10 Static NAT Translation
Client 209.165.201.254 http://64.100.10.1
The web server uses an inside local address 172.16.1.10 that needs to be translated to the inside global address 64.100.10.1. Record the command including router prompt to configure the static translation on R2. R2(config)# ip nat inside source static 172.16.1.10 64.100.10.1
instructor.indb 183
3/12/14 7:51 AM
184
CCNA Routing and Switching Practice and Study Guide
Record the commands including router prompt to configure the inside interface. R2(config)# interface Serial0/0/0 R2(config-if)# ip nat inside
Record the commands including router prompt to configure the outside interface. R2(config)# interface Serial0/1/0 R2(config-if)# ip nat outside
Packet Tracer Activity
Packet Tracer - Configuring Static NAT (RP 11.2.1.4/WAN 5.2.1.4)
Configuring Dynamic NAT Use the following steps to configure dynamic NAT: Step 1.
Define the pool of addresses that will be used for dynamic translation using the ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} global configuration command.
Step 2.
Configure an ACL to specify which inside local addresses will be translated using a standard ACL.
Step 3.
Bind the NAT pool to the ACL with the ip nat inside source list ACL-number pool name global configuration command.
Step 4.
Configure the inside interface of the LAN the device is attached to participate in NAT with the ip nat inside interface configuration command.
Step 5.
Configure the outside interface where NAT translation will occur with the ip nat outside interface configuration command.
Refer to the topology in Figure 14-3 to configure dynamic NAT. Figure 14-3 Dynamic NAT Configuration Topology 172.16.1.0/24 PC1 Outside Network
Inside Network 172.16.1.10 S0/0/0 R1 PC2 172.16.2.10
S0/1/0
Internet
R2 NAT POOL: 64.100.10.0/30
Server
Dynamic NAT
172.16.2.0/24
The pool of available addresses is 64.100.10.0/30. Record the command including router prompt to configure the NAT pool with an appropriate name. R1(config)# ip nat pool NAT 64.100.10.0 64.100.10.3 netmask 255.255.255.252
instructor.indb 184
3/12/14 7:51 AM
CHAPTER 14: Network Address Translation for IPv4
185
The two LANs, 172.16.1.0/24 and 172.16.2.0/24, need to be translated. No other addresses are allowed. Record the command including router prompt to configure the ACL. R1(config)# access-list 1 permit 172.16.1.0 0.0.0.255 R1(config)# access-list 1 permit 172.16.2.0 0.0.0.255
Record the command including router prompt to bind the NAT pool to the ACL. R1(config)# ip nat inside source list 1 pool NAT
Record the commands including router prompt to configure the inside interface. R2(config)# interface Serial0/0/0 R2(config-if)# ip nat inside
Record the commands including router prompt to configure the outside interface. R2(config)# interface Serial0/1/0 R2(config-if)# ip nat outside
Lab - Configuring Dynamic and Static NAT (RP 11.2.2.6/WAN 5.2.2.6) Packet Tracer Activity
Packet Tracer - Configuring Dynamic NAT (RP 11.2.2.5/WAN 5.2.2.5)
Configuring Port Address Translation Configuring Port Address Translation (PAT) is just like configuring dynamic NAT except you add the keyword overload to your binding configuration: Router(config)# ip nat inside source list ACL-number pool name overload
However, a more common solution in a small business enterprise network is to simply overload the IP address on the gateway router. In fact, this is what a home router does “out of the box.” To configure NAT to overload the public IP address on an interface, use the following command: Router(config)# ip nat inside source list ACL-number interface type number overload
In this case, of course, there is no pool configuration. Refer to the topology in Figure 14-4 to configure PAT. Figure 14-4 Dynamic NAT Configuration Topology 172.16.1.0/24 PC1 Outside Network
Inside Network 172.16.1.10 S0/0/0 R1
S0/1/0
Internet
R2 Server
PC2 172.16.2.10
64.100.10.1
172.16.2.0/24
instructor.indb 185
3/12/14 7:51 AM
186
CCNA Routing and Switching Practice and Study Guide
R1 is using the public IP address 64.100.10.1 on the Serial 0/1/0 interface. Record the command including router prompt to bind the ACL you configured for dynamic NAT to the Serial 0/1/0 interface. R1(config)# ip nat inside source list 1 interface s0/1/0 overload
That’s it! The rest of the commands are the same as dynamic NAT. However, the process of translating inbound and outbound packets is a bit more involved. PAT maintains a table of inside and outside addresses mapped to port numbers to track connections between the source and destination. The series of Figures 14-5 through 14-8 illustrate the PAT process overloading an interface address. Use the options in Table 14-1 to fill in the source address (SA), destination address (DA), and corresponding port numbers as the packet travels from source to destination and back. Table 14-1
Addresses and Port Numbers
64.100.10.2
192.168.51.5
1268
209.165.201.11
1150
53
192.168.51.1
80
Figure 14-5 Hop 1: PC1 to NAT-Enabled R1 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
SA
DA
Source Port
Destination Port
1150
80
Figure 14-5a Hop1: PC1 to NAT-Enabled R1 (Answer) 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
instructor.indb 186
SA
DA
192.168.51.5
209.165.201.11
Source Port
Destination Port
1150
80
3/12/14 7:51 AM
CHAPTER 14: Network Address Translation for IPv4
187
Figure 14-6 Hop 2: NAT-Enabled R1 to Web Server 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
SA
DA
Source Port
Destination Port
1268
Figure 14-6a Hop 2: NAT-Enabled R1 to Web Server (Answer) 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
Figure 14-7
SA
DA
64.100.10.2
209.165.201.11
Source Port
Destination Port
1268
80
Hop 3: Web Server to NAT-Enable R1
192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
instructor.indb 187
SA
DA
Source Port
Destination Port
3/12/14 7:51 AM
188
CCNA Routing and Switching Practice and Study Guide
Figure 14-7a Hop 3: Web Server to NAT-Enable R1 (Answer) 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
SA
DA
209.165.201.11
64.100.10.2
Source Port
Destination Port
80
1268
Figure 14-8 Hop 4: NAT-Enabled R1 to PC1 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
SA
DA
Source Port
Destination Port
Figure 14-8a Hop 4: NAT-Enabled R1 to PC1 (Answer) 192.168.51.5
192.168.51.1
209.165.201.11
ISP
PC1
Internet
R1 64.100.10.2
Web Server
instructor.indb 188
SA
DA
209.165.201.11
192.168.51.5
Source Port
Destination Port
80
1150
3/12/14 7:51 AM
CHAPTER 14: Network Address Translation for IPv4
189
Lab - Configuring NAT Pool Overload and PAT (RP 11.2.3.7/WAN 5.2.3.7) Packet Tracer Activity
Packet Tracer - Implementing Static and Dynamic NAT (RP 11.2.3.6/WAN 5.2.3.6)
A Word About Port Forwarding Because NAT hides internal addresses, peer-to-peer connections work only from the inside out, where NAT can map outgoing requests against incoming replies. The problem is that NAT does not allow requests initiated from the outside. To resolve this problem, you can configure port forwarding to identify specific ports that can be forwarded to inside hosts. The port forwarding configuration is commonly done in a GUI. However, you can also configure port forwarding in the Cisco IOS adding the following command to your NAT configuration: Router(config)# ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable]
Packet Tracer Activity
Packet Tracer - Configuring Port Forwarding on a Linksys Router (RP 11.2.4.4/WAN 5.2.4.4)
Configuring NAT and IPv6 IPv6 includes both its own IPv6 private address space and NAT, which are implemented differently than they are for IPv4. IPv6 uses a unique local address (ULA) for communication within a local site. In Figure 14-9, label the missing parts of the IPv6 ULA address structure. Figure 14-9 IPv6 Unique Local Address Structure Bits
L
Subnet ID
PseudoRandom Algorithm
EUI-64, Random, or Manual Configuration
1 or 0
instructor.indb 189
3/12/14 7:51 AM
190
CCNA Routing and Switching Practice and Study Guide
Figure 14-9a IPv6 Unique Local Address Structure (Answer) Bits
7
1
40
16
64 /64
Prefix
L
Global ID
PseudoRandom Algorithm
FC00::/7
Subnet ID
Interface ID
EUI-64, Random, or Manual Configuration
1 or 0
ULAs are also known as local IPv6 addresses. Briefly describe three characteristics of ULAs. ■
Allow sites to be combined or privately interconnected, without creating any address conflicts or requiring renumbering of interfaces that use these prefixes
■
Independent of any ISP and can be used for communications within a site without having any Internet connectivity
■
Not routable across the Internet, but if accidentally leaked by routing or DNS, there is no conflict with other addresses
What is the main purpose of NAT for IPv6? To provide a translation mechanism between IPv6 and IPv4 networks Briefly describe the three transition strategies to move from IPv4 to IPv6. Dual stack is when the devices are running protocols associated with both the IPv4 and IPv6. Tunneling for IPV6 is the process of encapsulating an IPv6 packet inside an IPv4 packet. This allows the IPv6 packet to be transmitted over an IPv4-only network. Translation strategies include NAT-PT, which is now replaced with NAT64.
Troubleshooting NAT When there are IPv4 connectivity problems in a NAT environment, it is often difficult to determine the cause of the problem. The first step in solving the problem is to rule out NAT as the cause. Follow these steps to verify that NAT is operating as expected:
instructor.indb 190
Step 1.
Review the purpose of the NAT configuration. Is there a static NAT implementation? Are the addresses in the dynamic pool actually valid? Are the inside and outside interfaces correctly identified?
Step 2.
Verify that correct translations exist in the translation table using the show ip nat translations command.
Step 3.
Use the clear ip nat translations * and debug ip nat commands to verify that NAT is operating as expected. Check to see whether dynamic entries are re-created after they are cleared.
Step 4.
Review in detail what is happening to the packet, and verify that routers have the correct routing information to move the packet.
3/12/14 7:51 AM
CHAPTER 14: Network Address Translation for IPv4
191
Lab - Troubleshooting NAT Configurations (RP 11.3.1.5/WAN 5.3.1.5) Packet Tracer Activity
Packet Tracer - Verifying and Troubleshooting NAT Configurations (RP 11.3.1.4/WAN 5.3.1.4) Packet Tracer - Skills Integration Challenge (RP 11.4.1.2/WAN 5.4.1.2)
instructor.indb 191
3/12/14 7:51 AM
instructor.indb 192
3/12/14 7:51 AM
CHAPTER 15
Broadband Solutions
With the advent of broadband technologies like digital subscriber line (DSL) and cable, working from home has become a popular option for both employees and companies alike. Virtual private networks (VPN) allow workers to securely connect to the business from remote locations. There are several factors to consider when choosing a broadband solution. This chapter reviews DLS, cable, wireless, VPN, and the factors to consider when implementing broadband solutions.
instructor.indb 193
3/12/14 7:51 AM
194
CCNA Routing and Switching Practice and Study Guide
Teleworking Teleworking is working away from the traditional workplace by using telecommunication technologies such as broadband and VPN security.
Benefits of Teleworking The groups that benefit from teleworking include employees, employers, local governments, and communities. In Table 15-1, indicate which group primarily receives the benefit described. Table 15-1
Benefits of Teleworking
Benefit
Employer
Improves employee morale
X
Decreases recruitment and retention costs
X
Government/ Community
Reduces local infrastructure costs
X
Attracts local employment and development
X
Individual
Saving time or earning more in the same time
X
Increases available time to care for dependents
X
Reduces absenteeism levels
X
Reduces the impact of urban drift
X
Reduces costs associated with commuting
X
Can reduce regional traffic delays
X
Flexibility to deal with personal tasks Customers experience improved response times
X X
Costs of Teleworking Teleworking does have some costs, as well. List at least two costs from the employer’s perspective and two costs from the employee’s perspective. Employer It may be difficult to keep track of employee progress on work. Managers must use a different management style to oversee teleworkers. Employees Teleworkers can feel isolated working alone. Lack of technology support and services compared to colleagues that are in the office. Teleworking can have its own set of distractions like household chores or leisure pursuits like watching TV.
Business Requirements for Teleworker Services Both the teleworker and the business must meet certain minimum requirements to implement teleworking services for the organization. In Table 15-2, indicate whether the teleworker or the company is responsible for each requirement.
instructor.indb 194
3/12/14 7:51 AM
Chapter 15: Broadband Solutions
Table 15-2
195
Teleworker Services Requirements
Responsibility
Usually uses cable or DSL to access the VPN.
Teleworker
Company
X
Manages VPN authentication procedures. Uses client software for network access.
X X
Determines link aggregation and VPN termination methods. Uses network access while traveling.
X X
Maintains VPN concentrators and security appliances.
X
Comparing Broadband Solutions Depending on the location of the teleworker, connecting to the corporate network can be done in one of three ways: cable, DSL, or broadband wireless.
Cable Cable broadband uses a coaxial cable that carries radio frequency (RF) signals across the network. What portion of the electromagnetic spectrum do these signals occupy? Radio frequencies occur between 1 KHz and 1 THz on the electromagnetic spectrum. Traditionally, cable communications was one way. Modern cable systems now provide two-way communication. What three main telecommunication services are offered by today’s cable companies? Cable companies now offer digital cable TV, residential phone service, and high-speed Internet access. Two-way communications occurs downstream in the 50- to 860-MHz range and upstream in the 5- to 42-MHz range. The Data-over-Cable Service Interface Specification (DOCSIS) is the international standard developed by CableLabs that cable operators use to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. What two types of equipment are required to send digital modem signals upstream and downstream on a cable system? Cable Modem Termination System (CMTS) at the headend of the cable operator Cable Modem (CM) on the subscriber end
instructor.indb 195
3/12/14 7:51 AM
196
CCNA Routing and Switching Practice and Study Guide
Match the definition on the left with a term on the right. Terms are only used once. Definitions a. Combining both fiber-optic and coax cabling
together into a hybrid cabling infrastructure b. Defines the communications and operation
support interface that permits the addition of high-speed data transfer to a traditional cable TV system c. The direction of a signal transmission from
Terms d. CMTS b. DOCSIS c. Downstream e. Frequency a. HFC f. Upstream
the headend to subscribers d. Located in the headend (and communicates
with CMs located in subscriber homes) e. The rate at which current (voltage) cycles
(computed as the number of waves per second) f. The direction of a signal transmission from
subscribers to the headend
instructor.indb 196
3/12/14 7:51 AM
Chapter 15: Broadband Solutions
197
DSL Digital subscriber line (DSL) technology takes advantage of the additional bandwidth available in telephone networks between 3 KHz and 1 MHz. Briefly describe the two main types of DSL. Asymmetric DSL (ADSL) provides higher downstream bandwidth than upload speed. Symmetric DSL (SDSL) provides the same bandwidth in both directions. The local loop connection to the CO must be less than 3.39 miles (5.46 km). What two components are required to provide a DSL connection to the teleworker? Equipment required includes a transceiver (DSL modem), which connects the teleworker’s network to the DSL network and a DSL access multiplexer (DSLAM) located at the CO to combine individual DSL subscribers into one link to an ISP. The analog voice and ADSL signals must be separated to avoid interference. What two devices can separate the signals? There are two ways to separate ADSL from voice at the customer premises: using a microfilter or using a splitter.
instructor.indb 197
3/12/14 7:51 AM
198
CCNA Routing and Switching Practice and Study Guide
Match the definition on the left with a term on the right. Terms are only used once. Definitions a. Located at the CO, a device that combines
individual DSL connections from subscribers into one high-capacity link to an ISP b. Sometimes referred to as the DSL modem,
a device that connects the subscriber to the DSL network c. The category of DSL technology that provides
Terms c. ADSL f. DSL a. DSLAM d. Microfilter e. SDSL b. Transceiver
high-speed downstream data capacity value with a lower upstream capacity value d. Device with one end connecting to a tele-
phone device and the other end connecting to the telephony wall jack e. Category of DSL technology that provides
equal high-speed downstream and upstream data capacities f. A means of providing high-speed connections
over pre-existing installed copper wire infrastructure
instructor.indb 198
3/12/14 7:51 AM
Chapter 15: Broadband Solutions
199
Broadband Wireless Of the three broadband technologies, wireless offers the largest variety of ways to connect. Whether from your laptop or from a smartphone, urban or rural, broadband wireless has a solution. Match the definition on the left with a term on the right. Terms are only used once. Definitions a. Uses a point-to-multipoint topology to pro-
vide wireless cellular broadband access at speeds up to 1 Gbps b. Newer and faster technology for high-speed
cellular data (considered to be part of 4G) c. Cellular broadband access that gets faster with
each generation
Terms c. 3G/4G Wireless b. LTE d. Municipal WiFi f. VSAT a. WiMAX e. Wireless Internet
d. Employs a mesh network with an access
points at each node for 802.11 connections e. A general term for Internet service from a
mobile phone or any other mobile device that uses the same technology f. Two-way satellite Internet using IP multicast-
ing technology
instructor.indb 199
3/12/14 7:51 AM
200
CCNA Routing and Switching Practice and Study Guide
Selecting Broadband Solutions Ideally, a teleworker would have a fiber-optic cable directly connected to the home office. When selecting the broadband solution that is right for you, you want to consider several factors. In Table 15-3, indicate the factors for each broadband solution. Table 15-3
Broadband Solutions: Factors to Consider
Factor to Consider
Cable
DSL
Requires fiber installation directly to the home.
Fiberto-theHome
Cellular/ Mobile
Wi-Fi Mesh
X
Coverage is often an issue, bandwidth is limited, and data may not be unlimited.
X
Bit rate is limited to 2 Mbps per subscriber, cell size is 1 to 2 km (1.25 mi). Bandwidth is shared by many users, and upstream data rates are often slow. Limited bandwidth that is distance sensitive, and the upstream rate is proportionally quite small compared to downstream rate.
WiMAX Satellite
X
X
X
Expensive, limited capacity per subscriber; often provides access where no other access is possible. Most municipalities do not have a mesh network deployed; if it is available and the SOHO is in range, it is a viable option.
X
X
Configuring xDSL Connectivity The underlying data-link protocol commonly used by Internet service providers (ISPs) to send and receive data across DSL links is PPP over Ethernet (PPPoE).
PPPoE Overview For the ISP, what are the benefits of using PPP? PPP supports the ability to assign IP addresses to the remote end of the link. PPP with CHAP authentication allows the ISP to check the customer’s records to make sure that the bill is paid.
instructor.indb 200
3/12/14 7:51 AM
Chapter 15: Broadband Solutions
201
What are the three stages of evolution in teleworker connections from the home that use PPP? First there was analog dialup, which was later replaced with ISDN, which was then replaced by DSL.
Configuring PPPoE Although PPPoE configuration is beyond the scope of the course, understanding how PPPoE is implemented will help solidify your skills in configuring PPP. The two steps to configure PPPoE are as follows: Step 1.
Create a PPP tunnel using dialer interface with the following settings: ■
Encapsulation is PPP.
■
IP address is negotiated.
■
MTU size is set to 1492. Why?
To allow for the additional 8-byte PPP header, the MTU is reduced from the maximum Ethernet size of 1500 bytes to 1492.
Step 2.
■
Dialer interface is assigned a pool.
■
CHAP authentication with username and password assigned by ISP.
Enable PPPoE on the interface attached to the DSL modem and assign it as a PPPoE client using the dialer pool defined in Step 1.
You can verify the dialer interface was assigned an IP address with the show ip interface brief command. In Figure 15-1, the ISP router is already configured. Record the commands to configure the Customer router using the following CHAP information: Figure 15-1
PPPoE Configuration Topology
Internet G0/0
G0/0
Customer
ISP DSL Modem
■
Username is CustomerBob.
■
Password is Bob$connect.
DSLAM
Customer(config)# interface dialer 1 Customer(config-if)# ip address negotiated Customer(config-if)# encapsulation ppp Customer(config-if)# ip mtu 1492 Customer(config-if)# dialer pool 1
instructor.indb 201
3/12/14 7:51 AM
202
CCNA Routing and Switching Practice and Study Guide
Customer(config-if)# ppp chap hostname CustomerBob Customer(config-if)# ppp chap password Bob$connect Customer(config-if)# no shutdown Customer(config-if)# interface g0/0 Customer(config-if)# no ip address Customer(config-if)# pppoe enable Customer(config-if)# pppoe-client dial-pool-number 1 Customer(config-if)# no shutdown
If you want to configure this on lab equipment, connect two routers through a switch or with a crossover cable and use the following configuration for ISP: username CustomerBob password Bob$connect ! bba-group pppoe global virtual-template 1 ! interface GigabitEthernet0/0 no ip address pppoe enable group global no shutdown ! interface Virtual-Template1 mtu 1492 ip address 64.100.1.254 255.255.255.0 peer default ip address pool CUSTOMER_POOL ppp authentication chap callin ! ip local pool CUSTOMER_POOL 64.100.1.1 64.100.1.253
Lab - Configuring a Router as a PPPoE Client for DSL Connectivity (CN 6.3.2.3)
instructor.indb 202
3/12/14 7:51 AM
CHAPTER 16
Securing Site-to-Site Connectivity
Up to this point in our WAN discussions, we have covered access options, including leased lines, Frame Relay, cable, digital subscriber line (DSL), and wireless. Now it is time to turn our attention toward a popular solution for linking two sites or a teleworker to the corporate office. With the use of generic routing encapsulation (GRE) and IP security (IPsec), virtual private networks (VPNs) play an important role in today’s network implementations.
instructor.indb 203
3/12/14 7:51 AM
204
CCNA Routing and Switching Practice and Study Guide
VPNs With the proper implementation at that central site, VPNs provide the flexibility of having safe and secure connections regardless of the underlying access technology. This is increasingly important as more users need or want access to their corporate networks no matter their current location.
Fundamentals of VPNs VPNs are used to create a private tunnel over the Internet regardless of the WAN access option used to make the connection. Briefly describe three different scenarios in which VPNs are a viable solution. VPNs are ideal for connecting teleworkers, remote/branch offices, and business partners to the corporate network at the central site. What is the difference between VPN and secure VPN? Secure VPNs are implemented with data encryption using IPsec. To implement a VPN, a VPN gateway is needed. List three devices can serve as a VPN gateway. A router, a firewall, and Cisco’s Adaptive Security Appliance (ASA) can all serve as VPN gateways. Briefly describe four benefits to using VPNs. Cost savings: VPNs allow organizations to replace expensive dedicated WAN links or modem banks by using Internet connections to connect end users. Scalability: It is easy to add branches, partners, or users because ISP choices can be made locally. Compatibility with broadband technology: Home, branch, and mobile workers can take advantage of whatever broadband technology they are using to connect to the Internet. Security: VPNs use advanced encryption technology to secure data as it travels across the Internet.
Types of VPNs There are two main types of VPN networks. Site-to-site VPNs support connections where the two locations are permanent and contain more than one user. For example, a branch site or a business partner site most likely would benefit from a site-to-site VPN. Remote-access VPNs are best used for single user connection needs such as teleworkers and mobile users. In Table 16-1, indicate the type of VPN described by each characteristic. Table 16-1
Comparing Site-to-Site and Remote-Access VPNs
Characteristic
Remote-Access VPNs
VPN is dynamically enabled when needed.
X
Most likely uses VPN client software to establish VPN connection and encrypt data.
X
Users have no knowledge of the VPN.
instructor.indb 204
Site-to-Site VPN
X
3/12/14 7:51 AM
Chapter 16: Securing Site-to-Site Connectivity
Characteristic
Site-to-Site VPN
Connects networks together through peer VPN gateways.
Remote-Access VPNs
X
Uses a client/server model.
X
Connects teleworkers and mobile users.
X
VPN connection is static.
Packet Tracer Activity
205
X
Packet Tracer - Configuring VPNs (Optional) (CN 7.1.2.4)
Site-to-Site GRE Tunnels Generic routing encapsulation (GRE) is a site-to-site VPN tunneling protocol developed by Cisco. GRE can encapsulate a wide variety of protocol packet types inside IP tunnels.
Fundamentals of Generic Routing Encapsulation List three protocols that GRE can encapsulate. IPv4, IPv6, AppleTalk, DECnet, or IPX Figure 16-1 shows the basic fields in a GRE encapsulated packet. Figure 16-1
GRE Encapsulated Packet
IP
GRE
IP
TCP
Data
Figure 16-2 shows the topology we will use to configure GRE later in this section. Notice how the protocol packet, IP, is encapsulated with GRE, then encapsulated in an IP packet for transport across the Internet. The inside IP packet is using private addressing and the outside IP packet is using public addressing. Note: The public addressing is on the same subnet. This is uncommon on real networks. However, we are doing it here so that you can easily attach to routers and use this configuration for practice. Figure 16-2 GRE Topology 64.100.1.2/30 S0/0/0 PC1
G0/0
Tunnel RTB
10.10.2.10/24
64.100.1.1/30 S0/0/0
G0/0
10.1.1.2/30 Tunnel1
10.1.1.0/30
10.1.1.2/30 Tunnel1
RTA IPv4
10.10.1.10/24
Original Packet
IP Header
instructor.indb 205
GRE Header
Payload Packet
3/12/14 7:51 AM
206
CCNA Routing and Switching Practice and Study Guide
GRE is defined by IETF RFC 2784. In the outer IP header, 47 is used in the Protocol field to indicate that a GRE header follows. In the GRE header, a Protocol Type field specifies the OSI Layer 3 protocol that is encapsulated (IP in Figure 16-2). GRE is stateless, meaning that it does not include any flow-control mechanisms. Also, GRE does not include any security mechanisms to protect the payload. The GRE header and additional IP header creates at least 24 bytes of additional overhead for tunneled packets.
Configuring GRE Tunnels In Figure 16-2 shown earlier, assume the physical interfaces on RTA and RTB are configured and active. Also assume that RTA is already configured with a GRE tunnel and OSPF routing. To configure GRE on RTB, complete the following steps: Step 1.
Create a tunnel interface using the interface tunnel number command. The interface numbers do not have to match between RTA and RTB.
Step 2.
Configure an IP address for the tunnel interface. The two routers on the tunnel should use addresses from the same subnet. In our topology, the subnet is 10.1.1.0/30.
Step 3.
Specify the tunnel’s source IP address in the public part of the network with the tunnel source ip-address command. The IP address must match the other side’s configuration for tunnel destination ip-address. For RTB, this address is the 64.100.1.2 IP address configured on its S0/0/0 interface.
Step 4.
Specify the tunnel’s destination IP address in the public part of the network with the tunnel destination ip-address command. The IP address must match the other side’s tunnel source ip-address. For RTB, this address is the 64.100.1.1 IP address configured on RTA’s S0/0/0.
Step 5.
Configure routing to use the tunnel to advertise the private LANs at each site. Note: These steps do not include configuring the tunnel mode command because the default, GRE IP, is what is needed here. However, in the future, the GRE tunnel will most likely be IPv6.
Using these steps, record the commands including the router prompt to configure RTB with a GRE tunnel to RTA. RTB(config)# interface tunnel 1 RTB(config-if)# ip address 10.1.1.2 255.255.255.252 RTB(config-if)# tunnel source 64.100.1.2 RTB(config-if)# tunnel destination 64.100.1.1 RTB(config-if)# router ospf 1 RTB(config-router)# network 10.10.2.0 0.0.0.255 area 0 RTB(config-router)# network 10.1.1.0 0.0.0.3 area 0
A number of commands can be used to verify the GRE tunnel is operational. Of course, the ultimate test is that PC1 should now be able to ping the server attached to the RTA LAN. If connectivity fails, use the following commands to troubleshoot the issue.
instructor.indb 206
3/12/14 7:51 AM
Chapter 16: Securing Site-to-Site Connectivity
207
Record the commands and command filtering used to generate the following output. RTB# show ip ospf neighbor
Neighbor ID
State
0
FULL/
64.100.1.1
Pri
-
Dead Time
Address
Interface
00:00:34
10.1.1.1
Tunnel1
RTB# show ip interface brief | include Tunnel Tunnel1
10.1.1.2
YES manual up
up
RTB# show ip route ospf | begin Gateway Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks O
10.10.1.0/24 [110/1001] via 10.1.1.1, 00:23:49, Tunnel1
RTB# show interface Tunnel 1 Tunnel1 is up, line protocol is up Hardware is Tunnel Internet address is 10.1.1.2/30 MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 64.100.1.2, destination 64.100.1.1 Tunnel protocol/transport GRE/IP Key disabled, sequencing disabled Checksumming of packets disabled Tunnel TTL 255, Fast tunneling enabled Tunnel transport MTU 1476 bytes RTB#
In the output from the last command shown, why is the maximum transmission unit (MTU) set at 1476 bytes? The overhead for GRE is 24 bytes, which limits the encapsulated packet from the normal 1500 bytes to 1476 bytes. Lab - Configuring a Point-to-Point GRE VPN Tunnel (CN 7.2.2.5)
Packet Tracer Activity
instructor.indb 207
Packet Tracer - Configuring GRE (CN 7.2.2.3) Packet Tracer - Troubleshooting GRE (CN 7.2.2.4)
3/12/14 7:51 AM
208
CCNA Routing and Switching Practice and Study Guide
Introducing IPsec Although GRE is excellent for creating a tunnel across the Internet, it does not include any kind of security. This section reviews basic IPsec concepts. IPsec configuration is not a CCNA Routing and Switching exam topic. So, any practice you do is purely optional.
Internet Protocol Security RFC 4301, Security Architecture for the Internet Protocol, defines IP security, or simply IPsec. Briefly describe each of the four critical functions of IPsec security services. ■
Confidentiality (encryption): IPsec provides strong algorithms used to encrypt the data before it is sent across the VPN tunnel.
■
Data integrity: When data is received on the other end of the tunnel, IPsec has uses a hash to ensure that the packet has not been changed.
■
Authentication: IPsec uses Internet Key Exchange (IKE) to authenticate that the connection is made with the desired communication partner.
■
Anti-replay protection: This is the ability to detect and reject replayed packets and helps prevent spoofing. Late and duplicate packets are dropped.
IPsec Framework Encryption protects data confidentiality and integrity. Authentication ensures that the sender and receiver actually know and trust each other. Encryption What two factors impact the degree of confidentiality in an encryption algorithm? The shorter a key used in the encryption, the easier it is to hack. Therefore, longer keys (such as 256-bit) provide stronger encryption and data confidentiality. In addition, the sophistication of the algorithm impacts confidentiality. What is the main difference between symmetric and asymmetric encryption? In symmetric encryption, the source and destination use a pre-shared key, whereas in asymmetric encryption, the source and the destination use two different keys. In what scenarios are symmetric and asymmetric encryption used? Symmetric encryption is commonly used to encrypt the contents of a message, and asymmetric encryption is commonly used for digital certificates. What is the main purpose of the Diffie-Hellman (DH) algorithm? DH is a method for two parties to establish a shared secret key that will be used by encryption and hash algorithms. Hash-based Message Authentication Code (HMAC) is a mechanism for message authentication using hash functions. A keyed HMAC is a data integrity algorithm that guarantees the integrity of a message. What are the two common HMAC algorithms? MD5 and SHA
instructor.indb 208
3/12/14 7:51 AM
Chapter 16: Securing Site-to-Site Connectivity
209
Briefly describe the operation of an HMAC algorithm. A shared secret key and variable-length message are combined and run through the algorithm. The result is a hash that is appended to the original message. The receiving end reverses the process to decrypt the variable-length message. Authentication Encryption is crucial, as we have seen. However, a VPN tunnel must also authenticate the device on the other end before the path can be considered secure. Briefly describe the two main peer authentication methods. ■
PSK: A secret key that is shared between the two parties using a secure channel before it needs to be used. It is manually configured and used to authenticate at each end.
■
RSA signatures: Digital certificates are obtained from a certificate authority and then are exchanged to authenticate peers.
Figure 16-3 is a depiction of the IPsec framework with all the possible algorithm choices for each piece in the framework. Figure 16-3 IPsec Framework IPsec Framework Choices
IPsec Protocol
AH
Confidentiality
ESP
ESP + AH
DES
3DES
AES
DH5
DH...
Integrity
MD5
SHA
Authentication
PSK
RSA
Diffie-Hellman
DH1
DH2
SEAL
Briefly describe each of the following: IPsec framework protocol: The protocol used to encapsulate the full packet. Most likely, the Encapsulating Security Payload (ESP) is used. Confidentiality: The selection of an encryption algorithm to encrypt and decrypt the original message. Integrity: A hash algorithm is used to guarantee that the data has not been altered in transit. Authentication: A method is used to authenticate the two ends of a tunnel, either PSK or RSA. DH algorithm: The method in which a shared secret key is established between peers.
instructor.indb 209
3/12/14 7:51 AM
210
CCNA Routing and Switching Practice and Study Guide
Packet Tracer Activity
Packet Tracer - Configuring GRE over IPsec (Optional) (CN 7.3.2.8)
Remote Access As discussed earlier in this chapter, VPNs are an ideal remote-access solution for many reasons. Secure communications can easily be implemented, scaled, and tailored to the access rights of the individual. This section briefly reviews types of remote-access VPN solutions.
Remote-Access VPN Solutions What are the two primary methods for deploying remote-access VPNs? IPsec and SSL List three benefits or features of Cisco SSL VPN solutions. Web-based, clientless access, and complete network access without preinstalled desktop software Protection against viruses, worms, spyware, and hackers on a VPN connection by integrating network and endpoint security in the Cisco SSL VPN platform Use of a single device for both SSL VPN and IPsec VPN In Table 16-2, label the two columns with the Cisco SSL VPN solution that is best described by the statements. Table 16-2
Cisco SSL VPN Solutions
Cisco SSL VPN Solution Description
Cisco AnyConnect Secure Mobility Client with SSL
Non-corporate-managed devices are provided VPN remote access
X
Provides access to corporate resources for devices that are not managed by the corporation
X
Provides clients with a LAN-like full network access
X
Remote users establish the SSL session using a web browser
X
A client application must be installed on the end-user device
X
Requires a standalone application be installed on the end-user device
X
Access to services is limited to browser-based file-sharing resources
instructor.indb 210
Cisco Secure Mobility Clientless SSL
X
3/12/14 7:51 AM
Chapter 16: Securing Site-to-Site Connectivity
211
IPsec Remote-Access VPNs The Cisco Easy VPN solution feature offers flexibility, scalability, and ease of use for both site-to-site and remote-access IPsec VPNs. The Cisco Easy VPN solution consists of three components. Label each based on the following descriptions. ■
Cisco Easy VPN Remote: A Cisco IOS router or Cisco ASA firewall acting as a VPN client
■
Cisco VPN Client: An application supported on a PC used to access a Cisco VPN server
■
Cisco Easy VPN Server: A Cisco IOS router or Cisco ASA Firewall acting as the VPN headend device in site-to-site or remote-access VPNs
IPsec exceeds SSL in many ways. In Table 16-3, indicate whether the characteristic belongs to SSL or IPsec. Table 16-3
Comparing SSL and IPsec
Characteristic
40- to 256-bit key-length encryption.
SSL
Access to all IP-based applications. X
One- or two-way authentication.
X
Specifically configured devices can connect.
X
Shared secrets or digital certificates for authentication.
X
56 to 256-bit, key-length encryption.
instructor.indb 211
X
Any device can connect.
Web applications and file sharing.
Packet Tracer Activity
IPsec
X
X X
Packet Tracer - Skills Integration Challenge (CN 7.5.1.2)
3/12/14 7:51 AM
instructor.indb 212
3/12/14 7:51 AM
CHAPTER 17
Monitoring the Network
Most of your CCNA studies have focused on implementing networking technologies. But what if there is currently no design or implementation to do in your job as network administrator? What if the network is already up and running? Then chances are you will be responsible for monitoring the network. Over the years, several tools have evolved to help you do just that. This chapter focuses on three popular monitoring tools: Syslog, Simple Network Management Protocol (SNMP), and NetFlow.
instructor.indb 213
3/12/14 7:51 AM
214
CCNA Routing and Switching Practice and Study Guide
Syslog The most common method of accessing system messages that networking devices provide is to use a protocol called syslog.
Syslog Operation Developed in the 1980s and documented as RFC 3164, syslog used UDP port 514 to send notifications across IP networks to a syslog server. Briefly describe the three main syslog functions. ■
Gathers logging information for monitoring and troubleshooting
■
Can be configured to select the type of logging information that is captured
■
Can be configured to send captured syslog messages to a destination IP address
List the four destinations these messages can be sent to. ■
RAM (logging buffer)
■
Console line
■
Terminal line
■
Syslog server
Because you have configured many routers by now, one of the more common messages you have seen is the interface “up” and “up” message, as shown in Example 17-1. Example 17-1
Syslog Message: Interface Is “Up” and “Up”
000039: *Nov 13 15:20:39.999: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up 000040: *Nov 13 15:20:40.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
In Table 17-1, use the second line of output from Example 17-1 to provide an example of each field in the syslog message format. Table 17-1
Syslog Message Format
Field
Example
Sequence Number
000040:
Timestamp
*Nov 13 15:20:40.999:
Facility
%LINEPROTO
Severity
5
Mnemonic
UPDOWN
Description
Line protocol on Interface GigabitEthernet0/0, changed state to up
By default, the Sequence Number field is not shown. Record the command, including the router prompt, to add this field to syslog messages. Router(config)# service sequence-numbers
instructor.indb 214
3/12/14 7:51 AM
Chapter 17: Monitoring the Network
215
What are the two different methods to make sure the timestamp is accurate? Manually set the date and time using the clock command. Configure the router to get its date and time from an NTP server using the ntp server ip-address command.
Configuring Syslog Using the topology and addressing shown in Figure 17-1, record the commands including the router prompt to configure the logging service on RTA with the following requirements: ■
All logging messages should be sent to the console and to the buffer as well as the syslog server.
■
Only log messages with severity 5 or lower.
■
The source interface for logged messages should always be the G0/0 interface.
Figure 17-1
Syslog Configuration Topology G0/0 Syslog Server
RTA 10.10.10.1
10.10.10.10
RTA# configure terminal RTA(config)# logging console RTA(config)# logging buffer RTA(config)# logging 10.10.10.10 RTA(config)# logging trap 5 RTA(config)# logging source interface g0/0
What command will display the messages logged to RAM? RTA# show logging
Lab - Configuring Syslog and NTP (CN 8.1.2.6) Packet Tracer Activity
Packet Tracer - Configuring Syslog and NTP (CN 8.1.2.5)
SNMP SNMP began with a series of three RFCs back in 1988 (1065, 1066, and 1067). The SNMP name is derived from RFC 1067, A Simple Network Management Protocol. Since then, SNMP has undergone several revisions.
SNMP Operation SNMP is an application layer protocol that provides a standardized way of communicating information between SNMP agents and SNMP managers using UDP port 162. The SNMP manager is part of a network management system (NMS). The SNMP manager can collect
instructor.indb 215
3/12/14 7:51 AM
216
CCNA Routing and Switching Practice and Study Guide
information from agents using “get” messages. Each agent stores data about the device in the Management Information Base (MIB) locally so that it is ready to respond to these messages from the NMS. Agents can also be configured to forward directly to the NMS using “trap” messages. In Table 17-2, indicate the SNMP message type for each of the descriptions provided. Table 17-2
SNMP Message Type
Operation
Description
get-request
Retrieves a value from a specific variable.
get-next-request
Retrieves a value from a variable within a table. The SNMP manager does not need to know the exact variable name; a sequential search is performed to find the needed variable from within a table.
get-bulk-request
Retrieves large blocks of data, such as multiple rows in a table; only works with SNMPv2 or later.
get-response
Replies to messages sent by an NMS.
set-request
Stores a value in a specific variable.
trap
An unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred.
Although SNMPv1 is legacy, Cisco IOS supports all three versions. All versions of SNMP use SNMP managers, agents, and MIBs. In today’s networks, you will most likely encounter SNMPv3 or SNMPv2c. In Table 17-3, indicate whether the SNMP characteristic applies to SNMPv2c, SNMPv3, or both. Table 17-3
Comparing SNMPv2c and SNMPv3
Characteristic
SNMPv2c
Used for interoperability and includes message integrity
SNMPv3
X
Provides services for security models Uses community-based forms of security
X X
Includes expanded error codes with types
X
Provides services for both security models and security levels
X
Authenticates the source of management messages
X
Cannot provide encrypted management messages
Both
X
Supported by Cisco IOS software
X
In SNMPv1 and SNMPv2c, access to the MIB is controlled through the use of two types of community strings: ■
Read-only(ro): Access to MIB variables but no changes allowed
■
Read-write(rw): Access and manipulation of MIB variables allowed
Why is this type of access no longer considered best practice? Community strings are sent in plain text across the network. They are easy to intercept, read, alter, and resend. The MIB defines a variable using a MIB object ID. These IDs are derived hierarchically using the scheme shown in Figure 17-2. Label Figure 17-2 with the most common public variables.
instructor.indb 216
3/12/14 7:51 AM
Chapter 17: Monitoring the Network
Figure 17-2
217
Management Information Base Object ID Scheme
cisco (9).
local variables (2).
cisco mgmt (9).
interface group (2).
cisco flash group (10).
Management Information Base Object ID Scheme (answer) iso (1).
org (3).
dod (6).
internet (1).
private (4).
enterprises (1).
cisco (9).
instructor.indb 217
local variables (2).
cisco mgmt (9).
interface group (2).
cisco flash group (10).
3/12/14 7:51 AM
218
CCNA Routing and Switching Practice and Study Guide
Lab - Researching Network Monitoring Software (CN 8.2.1.8)
Configuring SNMP In Figure 17-3, RTA is an SNMP agent and NMS is an SNMP manager. Record the commands to configure SNMPv2 on RTA with the following requirements: ■
Use an ACL to allow NMS read-only access to the router using community string NMS_eyesonly.
■
Location is Aloha_Net and the contact is Bob Metcalfe.
■
Specify that 10.10.10.10 is the recipient of traps and explicitly configure the router to send traps.
Figure 17-3
SNMP Configuration Topology Gets G0/0
NMS
RTA 10.10.10.10
10.10.10.1 Traps
RTA(config)# ip access-list standard SNMP RTA(config-std-nacl)# permit 10.10.10.10 RTA(config-std-nacl)# exit RTA(config)# snmp-server community NMS_eyesonly ro SNMP RTA(config)# snmp-server location Aloha_Net RTA(config)# snmp-server contact Bob Metcalfe RTA(config)# snmp-server host 10.10.10.10 version 2c NMS_eyesonly RTA(config)# snmp-server enable traps
Record the commands that generate the SNMP verification output for RTA shown in Example 17-2. Example 17-2
SNMP Verification Commands
RTA# show snmp Chassis: FTX163283RZ Contact: Bob Metcalfe Location: Aloha_Net 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables
instructor.indb 218
3/12/14 7:51 AM
Chapter 17: Monitoring the Network
219
0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000) 0 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP Dispatcher: queue 0/75 (current/max), 0 dropped SNMP Engine: queue 0/1000 (current/max), 0 dropped
SNMP logging: enabled Logging to 10.10.10.10.162, 0/10, 0 sent, 0 dropped.
RTA# show snmp community
Community name: ILMI Community Index: cisco0 Community SecurityName: ILMI storage-type: read-only
active
Community name: NMS_eyesonly Community Index: cisco1 Community SecurityName: NMS_eyesonly storage-type: nonvolatile
active access-list: SNMP
Community name: NMS_eyesonly@1 Community Index: cisco2 Community SecurityName: NMS_eyesonly@1 storage-type: nonvolatile
active access-list: SNMP
NetFlow Although syslog and SNMP are powerful tools for collecting information about networking devices, owners of networks were looking for a tool to measure TCP/IP flows. So, Cisco engineers developed NetFlow, which quickly gained popularity in the marketplace.
instructor.indb 219
3/12/14 7:51 AM
220
CCNA Routing and Switching Practice and Study Guide
NetFlow Operation What is the latest version of NetFlow called? Flexible NetFlow What improvements does it make over the original version? Flexible NetFlow adds the capability to customize the traffic analysis parameters for the specific requirements of a network administrator. Briefly describe four reasons to use NetFlow. ■
Measuring who is using what network resources for what purpose
■
Accounting and charging back according to the resource utilization level
■
Using the measured information to do more effective network planning so that resource allocation and deployment is well aligned with customer requirements
■
Using the information to better structure and customize the set of available applications and services to meet user needs and customer service requirements
NetFlow is not a replacement for SNMP. Both have their purposes in network monitoring. In Table 17-4, indicate whether the characteristic describes SNMP or NetFlow. Table 17-4
Comparing SNMP and NetFlow
Characteristics
SNMP
Agents can send traps to a network management system when defined events occur.
X
Access to the MIB is controlled through community string settings.
X
NetFlow
An external server (collector) is used to record IP network monitored cache changes.
X
Interface errors, CPU usage, and memory usage are not recorded.
X
A Management Information Base (MIB) is used to record network monitored events.
X
Collects IP data to record who used network resources and for what purpose those resources were used.
X
Define a TCP/IP flow. A flow is a unidirectional stream of packets between a source and a destination. What fields in a packet are used to determine that the packet is from a different flow? Source IP address, destination IP address, source port number, destination port number, Layer 3 protocol type, ToS marking, and input logical interface
Configuring NetFlow To implement NetFlow on a router, complete the following steps:
instructor.indb 220
Step 1.
Configure NetFlow to capture inbound and outbound packets.
Step 2.
Configure where to send NetFlow data.
Step 3.
Verify NetFlow is operational.
3/12/14 7:51 AM
Chapter 17: Monitoring the Network
221
Using Figure 17-4 as a reference, record the commands configure RTA to capture and send NetFlow data from interface G0/0 to the collector using Version 9. Figure 17-4
NetFlow Configuration Topology NetFlow Collector G0/0 RTA 10.10.10.1
10.10.10.10
RTA(config)# interface g0/0 RTA(config-if)# ip flow ingress RTA(config-if)# ip flow egress RTA(config-if)# exit RTA(config)# ip flow-export destination 10.10.10.10 2055 RTA(config)# ip flow-export version 9
Record the commands that generated the NetFlow verification output on RTA shown in Example 17-3. Example 17-3
NetFlow Verification
RTA# show ip flow interface GigabitEthernet0/0 ip flow ingress ip flow egress RTA# show ip cache flow IP packet size distribution (132959 total packets): 1-32
64
96
128
160
192
224
256
288
320
352
384
416
448
480
.998 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512
544
576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 32 added 728 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 34056 bytes 1 active, 1023 inactive, 28 added, 28 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics never
instructor.indb 221
3/12/14 7:51 AM
222
CCNA Routing and Switching Practice and Study Guide
Protocol
Total
Flows
Packets Bytes
--------
Flows
/Sec
/Flow
UDP-other
13
0.0
ICMP
18
0.0
Total:
31
0.0
Packets Active(Sec) Idle(Sec)
/Pkt
/Sec
/Flow
/Flow
10225
32
37.4
17.6
15.5
1
181
0.0
0.1
15.0
4288
32
37.4
7.5
15.2
SrcIf
SrcIPaddress
DstIf
DstIPaddress
Pr SrcP DstP
Pkts
SrcIf
SrcIPaddress
DstIf
DstIPaddress
Pr SrcP DstP
Pkts
Gi0/0
10.10.10.10
Local
10.10.10.1
01 0000 0303
1
RTA# show ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1)
10.10.10.10 (2055)
Version 9 flow records 63 flows exported in 29 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures
Lab - Collecting and Analyzing NetFlow Data (CN 8.3.3.3)
instructor.indb 222
3/12/14 7:51 AM
CHAPTER 18
Troubleshooting the Network
In an ideal world, networks would never fail. But mechanical failures happen. Users of the network do unexpected things. So, issues will arise that require a network administrator’s effective troubleshooting skills—one of the most sought after skills in IT. This chapter reviews network documentation, general troubleshooting methods, and tools.
instructor.indb 223
3/12/14 7:51 AM
224
CCNA Routing and Switching Practice and Study Guide
Troubleshooting with a Systematic Approach Documentation is the starting point and is a crucial factor in the success of any troubleshooting effort. With documentation in hand, a network administrator can choose a troubleshooting method, isolate the problem, and implement a solution.
Network Documentation List three types of documentation a network administrator should have to effectively troubleshoot issues. Configuration files Physical and logical topology diagrams Baseline performance measurements List at least four pieces of information that could be included in a network device’s configuration documentation. Type of device, model designation IOS image name Device network hostname Location of the device (building, floor, room, rack, panel) Module types and in which module slot they are located Data link layer addresses Network layer addresses List at least four pieces of information that could be included in an end system’s configuration documentation. Device name (purpose) Operating system and version MAC addresses IPv4 and IPv6 addresses Subnet mask and prefix length Default gateway, DNS server, and WINS server addresses Any high-bandwidth network applications that the end system runs In Table 18-1, indicate whether the feature is part of a physical topology document or logical topology document.
instructor.indb 224
3/12/14 7:51 AM
Chapter 18: Troubleshooting the Network
Table 18-1
225
Physical and Logical Topology Features
Feature
Physical Topology
Logical Topology
WAN technologies used
X
Interface identifiers
X
Connector type
X
Device identifiers or names
X
Cable specification
X
Operating system version
X
Cabling endpoints
X
Device type
X
Data-link protocols
X
DLCI for virtual circuits
X
Site-to-site VPNs
X
Static routes
X
Cable type and identifier
X
Routing protocols
X
Connection type
X
IP address and prefix lengths
X
Model and manufacturer
X
As you learned in Chapter 17, “Monitoring the Network,” the purpose of network monitoring is to watch network performance in comparison to a predetermined baseline. What is the minimum duration for capturing data to establish a baseline? 7 days When is the best time to establish a baseline of network performance? During the hours when the network is used the most In Table 18-2, indicate which statements describe benefits of establishing a network baseline. Table 18-2
Benefits of Establishing a Network Baseline
Statements
Benefit
Enable fast transport services between campuses Investigate if the network can meet the identified policies and use requirements
X X
Combine two hierarchical design layers
instructor.indb 225
Not a Benefit
X
Locate areas of the network that are most heavily used
X
Identify the parts of the network that are least used
X
Identify where the most errors occur
X
Establish the traffic patterns and loads for a normal or average day
X
3/12/14 7:51 AM
226
CCNA Routing and Switching Practice and Study Guide
When documenting the network, it is often necessary to gather information directly from routers and switches using a variety of show commands. Match the information gathered on the left with the show command on the right. Information Gathered
Command
a. Contents of the address resolution table
e. show ip route
b. Uptime and information about device soft-
a. show arp
ware and hardware c. Detailed settings and status for device inter-
faces d. Summary of the NetFlow accounting statistics e. Contents of the routing table f. Summarized table of the up/down status of all
device interfaces
g. show vlan f. show ip interface brief h. show running-config b. show version c. show interface d. show ip cache flow
g. Summary of VLANs and access ports on a
switch h. Current configuration of the device
instructor.indb 226
3/12/14 7:51 AM
Chapter 18: Troubleshooting the Network
Packet Tracer Activity
227
Packet Tracer - Troubleshooting Challenge - Documenting the Network (CN 9.1.1.8)
Troubleshooting Process and Methodologies All troubleshooting methodologies have four stages they share in common: three stages to find and solve the problem and a final important stage after the problem is resolved. In Figure 18-1, label the four major stages in the troubleshooting process. Figure 18-1
Major Troubleshooting Stages
Stage 1:
Stage 2:
Stage 3:
No
Yes
Problem Fixed?
If it did not fix the problem or if it created another problem, undo corrective action and start again.
Stage 4:
Figure 18-1a Major Troubleshooting Stages (answer)
Stage 1: Gather Symptoms
Stage 2: Isolate the Problem
Stage 3: Implement Corrective Action
No
If it did not fix the problem or if it created another problem, undo corrective action and start again.
instructor.indb 227
Problem Fixed?
Yes
Stage 4: Document solution and save changes.
3/12/14 7:51 AM
228
CCNA Routing and Switching Practice and Study Guide
Note: The Academy curriculum does not label the last stage as Stage 4. However, that is most likely an oversight. Stage 4 is indeed the final and arguably most important stage.
The gathering symptoms stage can be broken into five steps:
instructor.indb 228
Step 1.
Gather information
Step 2.
Determine ownership
Step 3.
Narrow the scope
Step 4.
Gather symptoms from suspect devices
Step 5.
Document symptoms
3/12/14 7:51 AM
Chapter 18: Troubleshooting the Network
229
In Step 1, you will most likely use a variety of commands to progress through the process of gathering symptoms. In the following activity, match the information gathered with the testing command. Information Gathered a. Displays a summary status of all the IP
Version 6 interfaces on a device b. Shows the path a packet takes through the
networks c. Displays the IP version 6 routing table d. Connects remotely to a device by IP address
or URL e. Offers a list of options for real-time diagnos-
tics
Testing Command h. show running-config e. debug ? b. traceroute a. show ipv6 interface brief f. show protocols c. show ipv6 route g. ping d. telnet
f. Shows global and interface specific status of
Layer 3 protocols g. Sends an echo request to an address and waits
for a reply h. Shows the current configuration of the device
instructor.indb 229
3/12/14 7:51 AM
230
CCNA Routing and Switching Practice and Study Guide
In Table 18-3, identify the troubleshooting methodology described by each statement. Table 18-3
Troubleshooting Methodologies
Statements
Disadvantage is it requires you to check every device and interface
Bottom Up
Top Down
Divide Conquer
Spot the Difference
Move the Problem
X
Begins at the OSI application layer
X
Use an experienced troubleshooting guess to investigate a possible cause
X
Used for problems that likely involve software settings
X
Compare a working and nonworking situation while looking for the significant differences
X
Use when suspected problem is cabling or device failure
X
Begins at the OSI physical layer
X
Swap the problematic device with a knownworking device
X
Start with an informed guess for which OSI layer to begin troubleshooting Disadvantage is it requires you to check every network application
Shoot from the Hip
X
X
Network Troubleshooting Effective troubleshooting requires good tools and systematic approaches. The section reviews some of the tools used in today’s networks and some specific troubleshooting symptoms at various OSI layers.
instructor.indb 230
3/12/14 7:51 AM
Chapter 18: Troubleshooting the Network
231
Troubleshooting Tools A wide variety of software and hardware tools is available to make troubleshooting easier. You can use these tools to gather and analyze symptoms of network problems. Match the description on the left with the tool on the right. Description a. Online repositories of experience-based infor-
mation b. Discovers VLAN configuration, average and
peak bandwidth utilization using a portable device c. Tools that document tasks, draw network
diagrams, and establish network performance statistics d. Measures electrical values of voltage, current,
and resistance e. Tests data communication cabling for broken
Software and Hardware Tools h. Host-based protocol analyzer e. Cable tester b. Portable network analyzer c. Baseline establishment tool j. Cable analyzer i. Network Management System Tool f. Cisco IOS Embedded Packet Capture a. Knowledge Base g. Network Analysis Module d. Digital multimeter
wires, crossed wiring, and shorted connections f. Powerful troubleshooting and tracing tool that
provides traffic tracking as it flows through a router g. Provides a graphical representation of traffic
from local and remote switches and routers h. Analyzes network traffic, specifically source
and destination frames i. Includes device-level monitoring, configura-
tion, and fault management j. Tests and certifies copper and fiber cables for
different services and standards via a handheld device
instructor.indb 231
3/12/14 7:51 AM
232
CCNA Routing and Switching Practice and Study Guide
Network Troubleshooting and IP Connectivity A network administrator should be able to quickly isolate the OSI layer where an issue is most likely located. In Table 18-4, indicate the most likely layer associated with each issue. Table 18-4
Isolating the OSI Layer Where an Issue Resides
Network Problems and Issues
OSI Layers 1
2
A computer is configured with the wrong default gateway.
3
4
X
The DNS server is not configured with the correct A records. Traffic is congested on a low capacity link and frames are lost.
X X
STP loops and route flapping are generating a broadcast storm. A cable was damaged during a recent equipment install.
X X
ACLs are misconfigured and blocking all web traffic.
X
SSH error messages display unknown/untrusted certificates. The show processes cpu command displays usage way beyond the baseline.
X X
A VPN connection is not working correctly across a NAT boundary.
X
A static route is sending packets to the wrong router.
X
The routing table is missing routes and has unknown networks listed.
X
On a PPP link, one side is using the default Cisco encapsulation. SNMP messages are unable to traverse NAT.
5, 6, and 7
X X
Knowing which command to use to gather the necessary information for troubleshooting is crucial to effectively and efficiently resolving problems. All the commands you have mastered over the course of your CCNA studies are part of your troubleshooting toolkit. This next exercise only highlights a few.
instructor.indb 232
3/12/14 7:51 AM
Chapter 18: Troubleshooting the Network
233
Match the command output on the left with the command on the right. Command Output a. Displays all known destinations on a Windows
PC b. Displays all known IPv6 destinations on a
router c. Can be used to verify the transport layer d. Clears the MAC to IP address table on a PC e. Displays the MAC to IP address table for other
IPv6 devices f. Displays the known MAC addresses on a
Command e. show ipv6 neighbors h. ipconfig b. show ipv6 route c. telnet f. show mac address-table d. arp -d a. route print g. show interfaces
switch g. Displays input and output queue drops h. Displays the IP addressing information on a
Windows PC
instructor.indb 233
3/12/14 7:51 AM
234
CCNA Routing and Switching Practice and Study Guide
Note: No book or study guide will effectively teach you how to troubleshoot networks. To get proficient at it, you must practice troubleshooting on lab equipment and simulators. This practice works best with a partner or a team because (1) you can collaborate together to resolve issues and (2) you can swap roles, taking turns breaking the network while the other person or team resolves the issue. For those readers with access to the Academy curriculum, the Packet Tracer activities in this chapter are great resources for just such practice sessions with your team. But you also know enough now that you can create your own troubleshooting scenarios to try out on each other. There is no doubt that you will be asked to troubleshoot several issues on the CCNA exam. So, practice as much as you can now in preparation for the test. You might be surprised how fun and rewarding it can be. Packet Tracer Activity
Packet Tracer - Troubleshooting Enterprise Networks 1 (CN 9.2.3.12) Packet Tracer - Troubleshooting Enterprise Networks 2 (CN 9.2.3.13) Packet Tracer - Troubleshooting Enterprise Networks 3 (CN 9.2.3.14) Packet Tracer - Troubleshooting Challenge - Using Documentation to Solve Issues (CN 9.2.3.15) Packet Tracer - CCNA Skills Integration Challenge (CN 9.3.1.2)
instructor.indb 234
3/12/14 7:51 AM
instructor.indb 235
3/12/14 7:51 AM
instructor.indb 236
3/12/14 7:51 AM
