CCNA Lab Guide

CCNA

Lab Guide

Cisco IOS Introduction

General Reading:-

System Architecture

Like a computer, a router has a CPU that varies in performance and capabilities depending on the router platform. Two examples of processors that Cisco uses are the Motorola 68030 and the Orion/R4600. The Cisco IOS software running in the router requires the CPU or processor to make routing and bridging decisions, maintain routing tables, and other system management functions. The CPU must have access to data in memory to make decisions or to get instructions.

There are usually four types of memory on a Cisco router:

ROM—ROM is generally the memory on a chip or multiple chips. It is available on a router's processor board. It is read-only, which means that data cannot be written to it. The initial software that runs on a Cisco router is called the bootstrap software and is usually stored in ROM. The bootstrap software is invoked when the router boots up.

Flash—Flash memory is located on a processor board SIMM but can be expanded using PCMCIA (removable) cards. Flash memory is most commonly used to store one or more Cisco IOS software images. Configuration files or system information can also be copied to Flash. On some high-end systems, Flash memory is also used to hold bootstrap software.

RAM—RAM is very fast memory that loses its information when the system is restarted. It is used in PCs to store running applications and data. On a router, RAM is used to hold IOS system tables and buffers. RAM memory is basically used for all system operational storage requirements.

NVRAM—On the router, NVRAM is used to store the startup configuration. This is the configuration file that IOS reads when the router boots up. It is extremely fast memory and is persistent across reboots.

Although CPU and memory are required components to run IOS, a router must also have various interfaces to allow packet forwarding. Interfaces are input and output connections to the router that carries data that needs to be routed or switched. The most common types of interfaces are Ethernet and serial. Similar to the driver software on a computer with parallel ports and USB ports, IOS has device drivers to support these various interface types. All Cisco routers have a console port that provides an EIA/TIA-232 asynchronous serial connection. The console port can be connected to a computer's serial connection to gain terminal access to the router. Most routers also have an auxiliary port that is very similar to the console port, but is typically used for modem connection for remote router management.

Following Output shows the console output of a new Cisco 3640 router that has just been started. Notice the processor, interface, and memory information that is listed. System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by Cisco Systems, Inc.

C3600 processor with 98304 Kbytes of main memory

Main memory is configured to 64 bit mode with parity disabled

program load complete, entry point: 0x80008000, size: 0xa8d168

Self decompressing the image :

#################################################

#################################################################### [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco Internetwork Operating System Software

IOS (tm) 3600 Software (C3640-IS-M), Version 12.2(10), RELEASE SOFTWARE (fc2)

Copyright (c) 1986-2002 by Cisco Systems, Inc.

Compiled Mon 06-May-02 23:23 by pwade

Image text-base: 0x60008930, data-base: 0x610D2000

cisco 3640 (R4700) processor (revision 0x00) with 94208K/4096K bytes of memory.

Processor board ID 17746964

R4700 CPU at 100Mhz, Implementation 33, Rev 1.0

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

5 Ethernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

DRAM configuration is 64 bits wide with parity disabled.

125K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

16384K bytes of processor board PCMCIA Slot0 flash (Read/Write)

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:

When a new router is first started, IOS runs an autoinstall process wherein the user is prompted to answer a few questions. IOS then configures the system based on the input provided. After initial setup, the configuration is most commonly modified using the command-line interface (CLI). Other ways of configuring the router include HTTP and network management applications

Cisco IOS has three command modes, each with access to different command sets:

User mode—This is the first mode a user has access to after logging into the router. The user mode can be identified by the > prompt following the router name. This mode allows the user to execute only the basic commands, such as those that show the system's status. The system cannot be configured or restarted from this mode.

Router>

Privileged mode—This mode allows users to view the system configuration, restart the system, and enter configuration mode. It also allows all the commands that are available in user mode. Privileged mode can be identified by the # prompt following the router name. The user mode enable command tells IOS that the user wants to enter privileged mode. If an enable password or enable secret password has been set, the user needs to enter the correct password or secret to be granted access to privileged mode. An enable secret password uses stronger encryption when it is stored in the configuration and, therefore, is safer. Privileged mode allows the user to do anything on the router, so it should be used with caution. To exit privileged mode, the user executes the disable command.

Router#

Configuration mode—This mode allows users to modify the running system configuration. To enter configuration mode, enter the command configure terminal from privileged mode. Configuration mode has various submodes, starting with global configuration mode, which can be identified by the (config)# prompt following the router name. As the configuration mode submodes change depending on what is being configured, the words inside the parentheses change. For example, when you enter interface configuration submode, the prompt changes to (config-if)# following the router name. To exit configuration mode, the user can enter end or press Ctrl-Z.

Router(config)#

Terminal Server

Now days it is very difficult to use console cable and access multiple devices as routers and switched which we configure are placed in datacenter, to overcome this problem we use terminal server. This is a single point of management device.

A terminal or comm server commonly provides out-of-band access for multiple devices. A terminal server is a router with multiple, low speed, asynchronous ports that are connected to other serial devices, for example, modems or console ports on routers or switches.

The terminal server allows you to use a single point to access the console ports of many devices. A terminal server eliminates the need to configure backup scenarios like modems on auxiliary ports for every device. You can also configure a single modem on the auxiliary port of the terminal server, to provide dial-up service to the other devices when network connectivity fails.

Below is the pictorial scenario which shows the working of terminal server

Task 1 Telnet to CCNA Terminal Server at IP address 172.16.50.88

Solution:

In Linux Base system such as Ubuntu go to applications then accessories and click on terminal and type “telnet 172.16.50.88”

For Windows machine go to run and type “telnet 172.16.50.88”

Task 2 After you telnet into terminal server it will ask you for username and password,

use username:student and password:student

Solution:

telnet 172.16.50.88

+--------------------------------------------------------------------+

| Following commands are available for use at privilege 0 |

| 1).Show Host |

| 2).Show Sessions |

| 3).Show Users |

| 4).Clear Line |

| 5).Disconnect |

| |

| Following CCNA Racks Can be Accessed From This Terminal :- |

| 1).CCNA-Rack1 |

| 2).CCNA-Rack2 |

| 3).CCNA-Rack3 |

| 4).CCNA-Rack4 |

| 5).CCNA-Rack5 |

| 6).CCNA-Rack6 |

| 7).CCNA-Rack7 |

| 8).CCNA-Rack8 |

| 9).CCNA-Rack9 |

| 10).CCNA-Rack10 |

+--------------------------------------------------------------------+

********************************************************************

* WELCOME TO ACIT Bangalore *

* YOU ARE CONNECTED TO CCNA-TERMINAL 88 *

********************************************************************

User Access Verification

Username: student

Password:

CCNA_Term#

Task 3 use show host commands to see the available racks.

Solution:

CCNA_Term#show host

Default domain is not set

Name/address lookup uses static mappings

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate

temp - temporary, perm - permanent

NA - Not Applicable None - Not defined

Host Port Flags Age Type Address(es)

Rack1-R1 1026 (perm, OK) 64 IP 128.0.0.2

Rack1-R3 1028 (perm, OK) 84 IP 128.0.0.2

Rack1-SW1 1029 (perm, OK) 84 IP 128.0.0.2

Rack1-SW2 1030 (perm, OK) 84 IP 128.0.0.2

..<output omitted>

Task 4 Now access device rack1-r1

Solution:

CCNA_Term#rack1-r1

Translating "rack1-r1"

Trying Rack1-R1 (128.0.0.2, 1026)... Open

% Please answer 'yes' or 'no'.

Would you like to enter the initial configuration dialog? [yes/no]:no

Press RETURN to get started!

Router>

(Note:- At this point we are in device R1 of rack1)

Task 5 Lock the session of R1 and come back to terminal server by pressing CTRL+SHIFT+6 X

Solution:

Router>

CCNA_Term#

Task 6 Now open rack1-r2, rack1-r3, rack1-sw1 and rack1-sw2

Solution:

CCNA_Term#rack1-r2




Router>

CCNA_Term#rack1-r3




Router>

CCNA_Term#rack1-sw1

Translating "rack1-sw1"

Trying Rack1-SW1 (128.0.0.2, 1029)... Open


switch>

CCNA_Term#rack1-sw2

Translating "rack1-sw2"

Trying Rack1-SW2 (128.0.0.2, 1030)... Open


switch>

Task 7 Go back to Terminal Server and check the sessions which you have opened by pressing CTRL+SHIFT+6 X

Solution:

CCNA_Term#show sessions

Conn Host Address Byte Idle Conn Name

1 rack3-r1 128.0.0.2 162 8 rack3-r1

2 rack3-r2 128.0.0.2 0 0 rack3-r2

3 rack3-r3 128.0.0.2 0 0 rack3-r3

4 rack3-sw1 128.0.0.2 39 0 rack3-sw1

* 5 rack3-sw2 128.0.0.2 0 0 rack3-sw2

(Note:- In above output you can see that we have opened 5 session. Automatically connection numbers are assigned to every session. So next time if you want to access R1 then we don’t have to press rack1-r1 again it can be simply accessed by pressing it’s current connection number i.e. 1. The Star before 5 shows the current active connection)

Task 8 on R1,R2,R3,SW1,SW2 Assign hostname R1,R2,R3,SW1,SW2 respectively

Solution:

CCNA_Term#1

[Resuming connection 1 to rack1-r1 ... ]

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#

CCNA_Term#2


Router>enable

Router#config t



R2(config)#

CCNA_Term#3


Router>enable

Router#config t



R3(config)#

CCNA_Term#4

[Resuming connection 4 to rack1-SW1 ... ]

Switch>enable

Switch#config t


Switch(config)#hostname SW1

SW1(config)#

CCNA_Term#5

[Resuming connection 5 to rack1-SW2 ... ]

Switch>enable

Switch#config t



SW2(config)#

Task 9 Go to R1 and Check the available interfaces

Solution:

On R1:

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 unassigned YES unset administratively down down




Serial1/0 unassigned YES unset administratively down down




(Note:- Above are the list of interfaces available on router R1 but it may vary as device to device)

Task 9 On R1 assign IP address 10.0.0.1 and use classful subnetmask to interface

Ethernet 0/0 and verify your configuration.

Solution:

On R1:

R1#

R1#configure terminal


R1(config)#interface ethernet 0/0

R1(config-if)#ip address 10.0.0.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

*Jul 1 00:37:53.867: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to

up

*Jul 1 00:37:54.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface

Ethernet0/0, changed state to up

R1(config)#exit

R1#

(Note:- We Can See that ―no shutdown‖ command has been issued to start the interface. After

issuing the command we can see that 2 log massages are appeared on the console, stating that link

and line-protocol changed to up.)

Verification:

On R1:

R1#



Ethernet0/0 10.0.0.1 YES manual up up




Serial1/0 unassigned YES manual administratively down down


...<output omitted>

(Note:- In verification we can see that interface status and line protocol of interface Ethernet 0/0 is

UP, also we can see that IP address which we assigned Is there, we should always consider a

important note that every UP interface of router which has ip address is assigned defines one whole

network, in this case interface Ethernet 0/0 defines the network 10.0.0.0 255.0.0.0, it can be verified

with ―show ip route‖ command, therefore we cannot give any ip from this network to any other

interface of the this router.)

R1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile,

B – BGP , D - EIGRP, EX - EIGRP external, O – OSPF

IA - OSPF inter area , N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type 2 , E1 - OSPF external type 1,

E2 - OSPF external type 2 , i - IS-IS, su - IS-IS summary,

L1 - IS-IS level-1, L2 - IS-IS level-2 ,

ia - IS-IS inter area, * - candidate default,

U - per-user static route , o - ODR,

P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/8 is directly connected, Ethernet0/0

L 10.0.0.1/32 is directly connected, Ethernet0/0

(Note:- above output is called routing table of the router. In this table router keeps the entries of

networks know to him, We can see ―C‖ as legend before network entry of 10.0.0.0/8 it shows that it

is directly connected on Ethernet 0/0, ―L‖ entry shows the local ip address of the network 10.0.0.0/8,

which we assigned to the interface int this task.)

Task 10 Check the current configuration of the router with “show running-config” command”

and save the configuration.

Verification:

R1#show running-config

Building configuration...

Current configuration : 1161 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

clock timezone IST 5 30

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip source-route

!

!

!

!

ip cef

no ipv6 traffic interface-statistics

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

redundancy

!

!

!

interface Ethernet0/0

ip address 10.0.0.1 255.0.0.0

!


no ip address

shutdown

!


no ip address

shutdown

!


no ip address

shutdown

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown


!

interface Serial1/2

no ip address

shutdown


!

interface Serial1/3

no ip address

shutdown


!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

exception data-corruption buffer truncate

end

R1#

R1#write

Building configuration...

[OK]

R1#

Task 11 Erase All the Devices and Reload

Solution:

R1#write erase

Erasing the nvram filesystem will remove all configuration files! Continue?

[confirm]

[OK]

Erase of nvram: complete

R1#

*Jul 1 01:09:36.006: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

R1#reload

Proceed with reload? [confirm]

*Jul 1 01:09:39.958: %SYS-5-RELOAD: Reload requested by console. Reload

Reason: Reload Command.

R2#write erase

Erasing the nvram filesystem will remove all configuration files! Continue?

[confirm]

[OK]

Erase of nvram: complete

R2#

*Jul 1 01:09:36.006: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram

R2#reload

Proceed with reload? [confirm]

*Jul 1 01:09:39.958: %SYS-5-RELOAD: Reload requested by console. Reload

Reason: Reload Command.

...<output omitted>

IP Routing

Need of Routing:-

Routing is the process of moving data from one network to another by forwarding packets via gateways. With IP based networks, the routing decision is based on the destination address in the IP packet's header. Routing is the process of moving a packet of data from one network to another network based on the destination IP address. The Internet uses routing to move data from your computer, across several networks, to reach a final destination, like a website. Specialized computer devices that perform this routing function are referred to as routers. Routers use the information contained in a route to make decisions about which network interface to forward a packet through in order to reach the destination address in the packet. Routers maintain a list of routes which is often referred to as a routing table.

Routers look up routes in the routing table to figure out how to move data from one network to another network. Routes are simply the signposts that tell a router which network interface to forward a packet through in order to reach the packet's intended destination

Types of Routing

There are two basic kinds of routes: static or dynamic.

1. Static Routes

Routes can be entered into a router by a person who administrates the network (the network administrator). Since these routes are entered by the administrator, and these routes don't change until the administrator changes them, they are referred to as static routes.

2. Default Routes

A default route is also referred to as the 'route of last resort'. This is the route a router uses when all other routes have been examined and none seem to be the right route to use.

3.Dynamic Routes

If the routes are learned on-the-fly from other routers, it is called a dynamically-learned route, or a dynamic route for short. Dynamic routes are learned from routing protocols.

4.Routing Protocol

A routing protocol is a standardized process by which routers learn and communicate connectivity

information, called routes, each of which which describes how to reach a destination host and

network. Routers that wish to exchange routing information must use the same routing protocol to

communicate routing information.

Routing is the process of learning all the paths through the network (routes) and using routes to forward data from one network to another. A protocol is a standardized way to perform a task. So, a routing protocol would be a standardized way of learning routes and moving data from one network to another.

Routing protocols are used by routers to dynamically learn all paths through a set of networks and forward data between the networks. Routers are specialized computer devices designed to perform routing.

5.Examples of Routing Protocols

EIGRP OSPF RIP, RIP II IS-IS BGP

Static Routing Configuration

Task 1 Assign Hostnames to Router1, Router2, Router3 R1, R2, R3 respectively.

Solution:

On Router1 :

Router>enable

Router#config

Router#configure terminal


R1(config)#

On Router2 :

Router>enable

Router#config



R2(config)#

On Router3 :

Router>enable

Router#config



R3(config)#

Task 2 Assign IP address 12.0.0.1 and subnet mask of 255.0.0.0 to interface Serial 1/0 and IP address 10.0.0.1 255.0.0.0 to interface Ethernet0/0 on R1. After you complete your configuration verify it.

Solution:

On R1 :

R1(config)#interface serial 1/0



R1(config-if)#exit

R1(config-if)#int ethernet0/0



R1(config-if)#exit

R1(config)#exit

Verification :







Serial1/0 12.0.0.1 YES manual up up




Task 3 Similarly assign ip address to R2 and R3 as per the diagram.

Solution:

On R2 :



R2(config-if)#clock rate 64000


R2(config-if)#exit








R2(config-if)#exit

R2(config)#exit

R2#

Verification:

R2#show ip int brief










On R3 :




R3(config-if)#exit




R3(config-if)#exit

R3(config)#exit

R3#

Task 4 Check Connectivity Between Directly Connected Interfaces.

Verification:

On R1:

R1#ping 12.0.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.0.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

On R2 :

R2#

R2#ping 12.0.0.1



!!!!!


R2#ping 23.0.0.3



!!!!!


R2#

On R3 :

R3#

R3#ping 23.0.0.2



!!!!!


R3#

Task 5 Save your configuration

Solution:

On R1:

R1#write

On R2:

R2#write

On R3:

R3#write

Task 6 Configure a static route from R1 so that it can reach networks 23.0.0.0/8, 20.0.0.0/8 30.0.0.0/8

Solution:

On R1:

R1#

R1#config terminal

R1(config)#ip route 20.0.0.0 255.0.0.0 12.0.0.2

R1(config)#ip route 23.0.0.0 255.0.0.0 12.0.0.2

R1(config)#ip route 30.0.0.0 255.0.0.0 12.0.0.2

Verification:

R1#

R1#show ip route

Codes: L – local, C – connected, S – static, R – RIP, M – mobile,

B – BGP, D – EIGRP, EX – EIGRP external, O – OSPF,

IA – OSPF inter area, N1 – OSPF NSSA external type 1,

N2 – OSPF NSSA external type 2 E1 – OSPF external type 1,

E2 – OSPF external type 2, i – IS-IS, su – IS-IS summary,

L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

* - candidate default, U – per-user static route o – ODR,

P – periodic downloaded static route, + - replicated route






C 12.0.0.0/8 is directly connected, Serial1/0

L 12.0.0.1/32 is directly connected, Serial1/0

S 20.0.0.0/8 [1/0] via 12.0.0.2

S 23.0.0.0/8 [1/0] via 12.0.0.2

S 30.0.0.0/8 [1/0] via 12.0.0.2

R1#

Task 7 Configure R2 so that it gets reach ability to networks 10.0.0.0/8, and 30.0.0.0/8 do not specify

next hop address to achieve this task

On R2 :

R2#


R2(config)#ip route 10.0.0.0 255.0.0.0 serial 1/0

R2(config)#ip route 30.0.0.0 255.0.0.0 serial 1/1

R2(config)#exit

R2#

Verification:

R2#

R2#show ip route



IA – OSPF inter area, N1 – OSPF NSSA external type 1,

N2 – OSPF NSSA external type 2, E1 – OSPF external type 1,

E2 – OSPF external type 2, i – IS-IS, su – IS-IS summary,

L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area,

* - candidate default, U – per-user static route

o – ODR, P – periodic downloaded static route, + - replicated

route


S 10.0.0.0/8 is directly connected, Serial1/0










S 30.0.0.0/8 is directly connected, Serial1/1

R2#

Task 8: Configure R3 in such a manner that it gets rechability to all other networks in single static

route. Do not configure any more specific static routes to achieve this task.

On R3 :

R3#


R3(config)#ip route 0.0.0.0 0.0.0.0 23.0.0.2

R3(config)#exit

R3#

Verification :

R3#

R3#show ip route



IA – OSPF inter area N1 – OSPF NSSA external type 1,

N2 – OSPF NSSA external type 2 E1 – OSPF external type 1,

E2 – OSPF external type 2 i – IS-IS, su – IS-IS summary,

L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * - candidate default,

U – per-user static route

o – ODR, P – periodic downloaded static route, + - replicated route

Gateway of last resort is 23.0.0.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 23.0.0.2




R3#

Task 9 : Ping 30.0.0.3 from R1,

Ping 10.0.0.1 and 30.0.0.3 for R2

Ping 10.0.0.1 from R3 to test end to end reachability.

R1#

R1#ping 30.0.0.3



!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24ms

R1#

R2#

R2#ping 10.0.0.1



!!!!!


R2#

R2#ping 30.0.0.3



!!!!!


R2#

R3#

R3#ping 10.0.0.1



!!!!!


R3#

Explanation:-

As we see from above output that we have got the full reachabltiy.

On R1 we have give destination network i.e 20.0.0.0,23.0.0.0 and 30.0.0.0 and their respective subnet masks and in the last part we gave the next hop address that is router to whom packet should be routed.

Here the ip route format is ―ip route <dest net> <dest subnet> <next hop address>

ip route 20.0.0.0 255.0.0.0 12.0.0.2

ip route 23.0.0.0 255.0.0.0 12.0.0.2

ip route 30.0.0.0 255.0.0.0 12.0.0.2

on R2 we have been instructed not to give next hop address so we can here give outgoing interface

ip route 10.0.0.0 255.0.0.0 serial1/0

ip route 30.0.0.0 255.0.0.0 serial1/1

On R3 we have instructed not to use any specific routes so here we are using special static route which is also called as default route. That is if router does not get any specific network in his routing table. It is going to use the default route to route the packet.

ip route 0.0.0.0 0.0.0.0 23.0.0.2

RIPv2

RIPv2 was first described in RFC 1388 and RFC 1723 (1994); the current RFC is 2453, written in November 1998. Although current environments use advanced routing protocols such as OSPF and EIGRP, there still are networks using RIP. The need to use VLSMs and other requirements prompted the definition of RIPv2.

RIPv2 improves upon RIPv1 with the ability to use VLSM, with support for route authentication, and with multicasting of route updates. RIPv2 supports CIDR. It still sends updates every 30 seconds and retains the 15-hop limit; it also uses triggered updates. RIPv2 still uses UDP port 520; the RIP process is responsible for checking the version number. It retains the loop-prevention strategies of poison reverse and counting to infinity. On Cisco routers, RIPv2 has the same administrative distance as RIPv1, which is 120. Finally, RIPv2 uses the IP address 224.0.0.9 when multicasting route updates to other RIP routers. As in RIPv1, RIPv2 will, by default, summarize IP networks at network boundaries. You can disable auto-summarization if required.

You can use RIPv2 in small networks where VLSM is required. It also works at the edge of larger networks.

RIPv2 Forwarding Information Base

RIPv2 maintains a routing table database as in Version 1. The difference is that it also keeps the subnet mask information. The following list repeats the table information of RIPv1:

IP address—IP address of the destination host or network, with subnet mask Gateway—The first gateway along the path to the destination Interface—The physical network that must be used to reach the destination Metric—A number indicating the number of hops to the destination Timer—The amount of time since the route entry was last updated

RIPv2 Design

Things to remember in designing a network with RIPv2 include that it supports VLSM within networks and CIDR for network summarization across adjacent networks. RIPv2 allows for the summarization of routes in a hierarchical network. RIPv2 is still limited to 16 hops; therefore, the network diameter cannot exceed this limit. RIPv2 multicasts its routing table every 30 seconds to the multicast IP address 224.0.0.9. RIPv2 is usually limited to accessing networks where it can interoperate with servers running routed or with non-Cisco routers. RIPv2 also appears at the edge of larger internetworks. RIPv2 further provides for route authentication.

Split Horizon:

In this example, network node A routes packets to node B in order to reach node C. The links between the nodes are distinct point-to-point links.

According to the split-horizon rule, node A does not advertise its route for C (namely A to B to C) back to B. On the surface, this seems redundant since B will never route via node A because the route costs more than the direct route from B to C. However, if the link between B and C goes down, and B had received a route from A, B could end up using that route via A. A would send the packet right back to B, creating a loop. With the split-horizon rule in place, this particular loop scenario cannot happen, improving convergence time in complex, highly-redundant environments

Poison Reverse:

Split-horizon routing with poison reverse is a variant of split-horizon route advertising in which a router actively advertises routes as unreachable over the interface over which they were learned. The effect of such an announcement is to immediately remove most looping routes before they can propagate through the network.

The main disadvantage of poison reverse is that it can significantly increase the size of routing announcements in certain fairly common network topologies.

RIPv2 Summary

The characteristics of RIPv2 follow:

Distance-vector protocol. Uses UDP port 520. Classless protocol (support for CIDR).

http://en.wikipedia.org/wiki/File:A-B-C.svg

Supports VLSMs. Metric is router hop count. Maximum hop count is 15; infinite (unreachable) routes have a metric of 16. Periodic route updates sent every 30 seconds to multicast address 224.0.0.9. 25 routes per RIP message (24 if you use authentication). Supports authentication. Implements split horizon with poison reverse. Implements triggered updates. Subnet mask included in route entry. Administrative distance for RIPv2 is 120. Used in small, flat networks or at the edge of larger networks.

RIP Configuration

Load IP Routing initials prior to starting

Task 1 Configure RIPv2 on R1 advertise it’s all network into RIP

Solution:

On R1:

R1#


R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#network 10.0.0.0


R1(config-router)#exit

R1(config)#exit

R1#

Verification:

On R1:

R1#

R1#show ip protocols

*** IP Routing is NSF aware ***

Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 27 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Redistributing: rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

Ethernet0/0 2 2

Serial1/0 2 2

Automatic network summarization is in effect

Maximum path: 4

Routing for Networks:

10.0.0.0

12.0.0.0

Routing Information Sources:

Gateway Distance Last Update

Distance: (default is 120)

R1#

Task 2 From above output we can see that R1 is doing auto-summarization so disable auto-summarization on R1

Solution:

On R1:

R1#



R1(config-router)#no auto-summary


R1(config)#exit

R1#

Verification:

R1#








Redistributing: rip



Ethernet0/0 2 2

Serial1/0 2 2

Automatic network summarization is not in effect

Maximum path: 4


10.0.0.0

12.0.0.0




R1#

Task 3 configure RIP v2 on R2 and R3 advertise all the networks and disable auto-

summarization.

Solution:

On R2:

R2#

R2#config terminal








R2(config)#exit

R2#

On R3:

R3#








R3(config)#exit

R3#

Task 4 Verify Routing tables of all 3 routers and test end-to-end connectivity.

Verification:

R1#show ip route


B – BGP D - EIGRP, EX - EIGRP external, O - OSPF,

IA - OSPF inter area N1 - OSPF NSSA external type 1,

N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,

E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary,

L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area,

* - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route,

+ - replicated route








20.0.0.0/24 is subnetted, 1 subnets

R 20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


R 23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


R 30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0

R1#

R1#ping 23.0.0.2



!!!!!


R1#ping 20.0.0.2



!!!!!


R1#ping 30.0.0.3



!!!!!


R1#

On R2:

R2#

R2#show ip route


B - BGP, D - EIGRP, EX - EIGRP external, O - OSPF,


N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1,

L2 - IS-IS level-2 , ia - IS-IS inter area,






R 10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0











R 30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1

R2#

R2#

R2#ping 10.0.0.1



!!!!!


R2#ping 30.0.0.3



!!!!!


R2#

On R3:

R3#

R3#show ip route


B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF,

IA - OSPF inter area, N1 - OSPF NSSA external type 1,


E2 - OSPF external type 2, i - IS-IS, su - IS-IS summary,

L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, + - replicated route



R 10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0


R 12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0


R 20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0







R3#

R3#

R3#ping 12.0.0.1



!!!!!


R3#ping 20.0.0.2



!!!!!


R3#ping 10.0.0.1



!!!!!


R3#

Task 5 Configure all three routers in such way that they send updates through only required

interfaces

Solution:

On R1:

R1#config terminal


R1(config-router)#passive-interface ethernet 0/0


R1(config)#exit

R1#

On R2:

R2#config terminal




R2(config)#exit

R2#

On R3:

R3#config terminal




R3(config)#exit

R3

Verification:

R1#








Redistributing: rip



Serial1/0 2 2

Automatic network summarization is not in effect

Maximum path: 4


10.0.0.0

12.0.0.0

Passive Interface(s):

Ethernet0/0



12.0.0.2 120 00:00:01


Explanation:

Task 1 is asking us to configure RIP version 2 on all the interfaces. In the router rip sub

configuration we have to advertise our interfaces with network command. We can only declare

networks in their classfull boundaries. Version 2 is to be specified as default behavior is send

version 1 updates and receive both version 1 and version 2 updates.

This configuration can be checked in show ip protocols

In configuration of task 2 we can see that by default RIP will always do auto-summarization. To

disable the auto-summarization we can give no auto-summary under RIP routing process.

Task 5 is asking us to send RIPv2 updates only out of required interface. Always remember that

RIPv2 does support classless network advertisement but we can only publish classfull networks in

RIPv2. By default all the routing protocols except BGP, Send hello packets and advertise the

networks, which we have defined by network command. In RIPv2 if we make a passive interface

then that interface is advertised but it does not send any updates. But the limitation in RIPv2 is this

interface can still receive RIP updates.

EIGRP

Implementing EIGRP

EIGRP is an advanced distance vector routing protocol developed by Cisco. EIGRP is suited for many different topologies and media. In a well-designed network, EIGRP scales well and provides extremely quick convergence times with minimal overhead. EIGRP is a popular choice for a routing protocol on Cisco devices.

Introducing EIGRP

EIGRP is a Cisco-proprietary routing protocol that combines the advantages of link-state and distance vector routing protocols. EIGRP is an advanced distance vector or hybrid routing protocol that includes the following features:

Rapid Convergence

EIGRP uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence. A router that uses EIGRP stores all available backup routes for destinations so that it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternate route.

Reduced bandwidth usage

EIGRP does not make periodic updates. Instead, it sends partial updates when the path or the metric changes for that route. When path information changes, DUAL sends an update about only that link rather than about the entire table.

Multiple network layer support

EIGRP supports AppleTalk, IP version 4 (IPv4), IP version 6 (IPv6), and Novell Internetwork Packet Exchange (IPX), which use protocol-dependent modules (PDM). PDMs are responsible for protocol requirements that are specific to the network layer.

Classless routing

Because EIGRP is a classless routing protocol, it advertises a routing mask for each destination network. The routing mask feature enables EIGRP to support discontiguous subnetworks and variable-length subnet masks (VLSM).

Less overhead

EIGRP uses multicast and unicast rather than broadcast. As a result, end stations are unaffected by routing updates and requests for topology information.

Load balancing

EIGRP supports unequal metric load balancing, which allows administrators to better distribute traffic flow in their networks.

Easy summarization

EIGRP enables administrators to create summary routes anywhere within the network rather than rely on the traditional distance vector approach of performing classful route summarization only at major network boundaries.

Each EIGRP router maintains a neighbor table. This table includes a list of directly connected EIGRP routers that have an adjacency with this router.

Each EIGRP router maintains a topology table for each routed protocol configuration. The topology table includes route entries for every destination that the router learns. EIGRP chooses the best routes to a destination from the topology table and places these routes in the routing table.

In EIGRP, the best route is called a successor route while a backup route is called the feasible successor. To determine the best route (successor) and the backup route (feasible successor) to a destination, EIGRP uses the following two parameters:

Advertised distance

The EIGRP metric for an EIGRP neighbor to reach a particular network

Feasible distance

The advertised distance for a particular network learned from an EIGRP neighbor plus the EIGRP metric to reach that neighbor

A router compares all feasible distances to reach a specific network and then selects the lowest feasible distance and places it in the routing table. The feasible distance for the chosen route becomes the EIGRP routing metric to reach that network in the routing table.

The EIGRP topology database contains all the routes that are known to each EIGRP neighbor. Routers A and B send their routing tables to Router C, whose table is displayed in Both Routers A and B have pathways to network 10.1.1.0/24, as well as to other networks that are not shown

.

Configuring and Verifying EIGRP

Use the router eigrp and network commands to create an EIGRP routing process. Note that EIGRP requires an autonomous system (AS) number. The AS number does not have to be registered as is the case when routing on the Internet with the Border Gateway Protocol (BGP) routing protocol. However, all routers within an AS must use the same AS number to exchange routing information with each other.

The network command defines a major network number to which the router is directly connected. The EIGRP routing process looks for interfaces that have an IP address that belongs to the networks that are specified with the network command and begins the EIGRP process on these interfaces.

EIGRP Command Example

Command Description

router eigrp 100 Enables the EIGRP routing process for AS 100

network 172.16.0.0 Associates network 172.16.0.0 with the EIGRP routing process

network 10.0.0.0 Associates network 10.0.0.0 with the EIGRP routing process

EIGRP sends updates out of the interfaces in networks 10.0.0.0 and 172.16.0.0. The updates include information about networks 10.0.0.0 and 172.16.0.0 and any other networks that EIGRP learns.

EIGRP automatically summarizes routes at the classful boundary. In some cases, you might not want automatic summarization to occur. For example, if you have discontiguous networks, you need to disable automatic summarization to minimize router confusion.

To disable automatic summarization, use the no auto-summary command in the EIGRP router configuration mode.

The show ip protocols command displays the parameters and current state of the active routing protocol process. This command shows the EIGRP AS number. It also displays filtering and redistribution numbers and neighbor and distance information. This also shows the networks that are currently being advertised on the router by the protocol.

Use the show ip eigrp interfaces [type number] [as-number] command to determine on which interfaces EIGRP is active, and to learn information about EIGRP that relates to those interfaces. If you specify an interface by using the type number option, only that interface is displayed. Otherwise, all interfaces on which EIGRP is running are displayed. If you specify an AS using the as-number option, only the routing process for the specified AS is displayed. Otherwise, all EIGRP processes are displayed. Exam shows the output of the show ip eigrp interfaces command.

EIGRP Summary

The characteristics of EIGRP follow:

Hybrid routing protocol (distance vector that has link-state protocol characteristics). Uses IP protocol 88. Classless protocol (supports VLSMs). Default composite metric uses bandwidth and delay. You can factor load and reliability into the metric. Sends partial route updates only when there are changes. Support for authentication. Uses DUAL for loop prevention. By default, equal-cost load balancing. Unequal-cost load balancing with the variance command. Administrative distance is 90 for EIGRP internal routes, 170 for EIGRP external routes, and 5 for

EIGRP summary routes. Potential routing protocol for the core of a network; used in large networks.

EIGRP Configuration

Load IP Routing Initials Prior to Starting

Task 1 Configure EIGRP AS 100 on R1 advertise it’s all networks into EIGRP

Solution:

On R1 :

R1#


R1(config)#router eigrp 100




R1(config)#exit

R1#

Verification:

On R1:

R1#


Routing Protocol is "eigrp 100"



Default networks flagged in outgoing updates

Default networks accepted from incoming updates

Redistributing: eigrp 100

EIGRP-IPv4 Protocol for AS(100)

Metric weight K1=1, K2=0, K3=1, K4=0, K5=0

NSF-aware route hold timer is 240

Router-ID: 12.0.0.1

Topology : 0 (base)

Active Timer: 3 min

Distance: internal 90 external 170

Maximum path: 4

Maximum hopcount 100

Maximum metric variance 1

Automatic Summarization: enabled

Maximum path: 4


10.0.0.0

12.0.0.0




R1#

Task 2 From above output we can see that R1 is doing auto-summarization so disable auto-summarization on R1

Solution:

On R1:

R1#





R1(config)#exit

R1#

Verification:

R1#












Router-ID: 12.0.0.1

Topology : 0 (base)

Active Timer: 3 min


Maximum path: 4



Automatic Summarization: disabled

Maximum path: 4


10.0.0.0

12.0.0.0




R1#

Task 4 configure EIGRP AS 100 on R2 and R3 advertise all the networks and disable auto-

summarization.

Solution:

On R2:

R2#

R2#config terminal







R2(config)#exit

R2#

On R3:

R3#







R3(config)#exit

R3#


Verification:

On R1:

R1#show ip route












D 10.0.0.0/24 is directly connected, Ethernet0/0






D 20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


D 23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


D 30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0

R1#

R1#

R1#ping 23.0.0.2



!!!!!


R1#ping 20.0.0.2



!!!!!


R1#ping 30.0.0.3



!!!!!


R1#

On R2:

R2#

R2#show ip route













D 10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0











D 30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1

R2#

R2#

R2#ping 10.0.0.1



!!!!!


R2#ping 30.0.0.3



!!!!!


R2#

On R3:

R3#

R3#show ip route











D 10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0


D 12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0


D 20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0







R3#

R3#

R3#ping 12.0.0.1



!!!!!


R3#ping 20.0.0.2



!!!!!


R3#ping 10.0.0.1



!!!!!


R3#

Task 5 Configure all three routers in such manner that they send updates through only

required interfaces

Solution:

On R1

R1#config terminal




R1(config)#exit

R1#

On R2:

R2#config terminal




R2(config)#exit

R2#

On R3:

R3#config terminal




R3(config)#exit

R3#

Verification:

On R1:

R1#













Router-ID: 12.0.0.1

Topology : 0 (base)

Active Timer: 3 min


Maximum path: 4



Automatic Summarization: disabled

Maximum path: 4


10.0.0.0

12.0.0.0


Ethernet0/0




R1#

OSPF

Background Information

OSPF protocol was developed due to a need in the internet community to introduce a high functionality non-proprietary Internal Gateway Protocol (IGP) for the TCP/IP protocol family. The discussion of the creation of a common interoperable IGP for the Internet started in 1988 and did not get formalized until 1991. At that time the OSPF Working Group requested that OSPF be considered for advancement to Draft Internet Standard.

The OSPF protocol is based on link-state technology, which is a departure from the Bellman-Ford vector based algorithms used in traditional Internet routing protocols such as RIP. OSPF has

introduced new concepts such as authentication of routing updates, Variable Length Subnet Masks (VLSM), route summarization, and so forth.

These chapters discuss the OSPF terminology, algorithm and the pros and cons of the protocol in designing the large and complicated networks of today.

OSPF versus RIP

The rapid growth and expansion of today's networks has pushed RIP to its limits. RIP has certain limitations that can cause problems in large networks:

RIP has a limit of 15 hops. A RIP network that spans more than 15 hops (15 routers) is considered unreachable.

RIP cannot handle Variable Length Subnet Masks (VLSM). Given the shortage of IP addresses and the flexibility VLSM gives in the efficient assignment of IP addresses, this is considered a major flaw.

Periodic broadcasts of the full routing table consume a large amount of bandwidth. This is a major problem with large networks especially on slow links and WAN clouds.

RIP converges slower than OSPF. In large networks convergence gets to be in the order of minutes. RIP routers go through a period of a hold-down and garbage collection and slowly time-out information that has not been received recently. This is inappropriate in large environments and could cause routing inconsistencies.

RIP has no concept of network delays and link costs. Routing decisions are based on hop counts. The path with the lowest hop count to the destination is always preferred even if the longer path has a better aggregate link bandwidth and less delays.

RIP networks are flat networks. There is no concept of areas or boundaries. With the introduction of classless routing and the intelligent use of aggregation and summarization, RIP networks seem to have fallen behind.

Some enhancements were introduced in a new version of RIP called RIP2. RIP2 addresses the issues of VLSM, authentication, and multicast routing updates. RIP2 is not a big improvement over RIP (now called RIP 1) because it still has the limitations of hop counts and slow convergence which are essential in today’s large networks.

OSPF, on the other hand, addresses most of the issues previously presented:

With OSPF, there is no limitation on the hop count. The intelligent use of VLSM is very useful in IP address allocation. OSPF uses IP multicast to send link-state updates. This ensures less processing on routers that are

not listening to OSPF packets. Also, updates are only sent in case routing changes occur instead of periodically. This ensures a better use of bandwidth.

OSPF has better convergence than RIP. This is because routing changes are propagated instantaneously and not periodically.

OSPF allows for better load balancing. OSPF allows for a logical definition of networks where routers can be divided into areas. This limits

the explosion of link state updates over the whole network. This also provides a mechanism for aggregating routes and cutting down on the unnecessary propagation of subnet information.

OSPF allows for routing authentication by using different methods of password authentication. OSPF allows for the transfer and tagging of external routes injected into an Autonomous System.

This keeps track of external routes injected by exterior protocols such as BGP.

This of course leads to more complexity in the configuration and troubleshooting of OSPF networks. Administrators that are used to the simplicity of RIP are challenged with the amount of new information they have to learn in order to keep up with OSPF networks. Also, this introduces more overhead in memory allocation and CPU utilization. Some of the routers running RIP might have to be upgraded in order to handle the overhead caused by OSPF.

What Do We Mean by Link-States?

OSPF is a link-state protocol. We could think of a link as being an interface on the router. The state of the link is a description of that interface and of its relationship to its neighboring routers. A description of the interface would include, for example, the IP address of the interface, the mask, the type of network it is connected to, the routers connected to that network and so on. The collection of all these link-states would form a link-state database.

Shortest Path First Algorithm

OSPF uses a shorted path first algorithm in order to build and calculate the shortest path to all known destinations. The shortest path is calculated with the use of the Dijkstra algorithm. The algorithm by itself is quite complicated. This is a very high level, simplified way of looking at the various steps of the algorithm:

1. Upon initialization or due to any change in routing information, a router generates a link-state advertisement. This advertisement represents the collection of all link-states on that router.

2. All routers exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers.

3. After the database of each router is completed, the router calculates a Shortest Path Tree to all destinations. The router uses the Dijkstra algorithm in order to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations form the IP routing table.

4. In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated through link-state packets, and the Dijkstra algorithm is recalculated in order to find the shortest path.

The algorithm places each router at the root of a tree and calculates the shortest path to each destination based on the cumulative cost required to reach that destination. Each router will have its own view of the topology even though all the routers will build a shortest path tree using the same link-state database. The following sections indicate what is involved in building a shortest path tree.

OSPF Cost

The cost (also called metric) of an interface in OSPF is an indication of the overhead required to send packets across a certain interface. The cost of an interface is inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a lower cost. There is more overhead (higher cost) and time delays involved in crossing a 56k serial line than crossing a 10M Ethernet line. The formula used to calculate the cost is:

Cost = 100/Bandwidth in Mbps

OSPF Configuration

Load IP Routing Intials Prior to Starting

Task 1 Configure OSPF area 0 on R1 advertise it’s all networks into OSPF use process id 100

Solution:

On R1:

R1#


R1(config)#router ospf 100

R1(config-router)#network 10.0.0.0 0.0.0.255 area 0



R1(config)#exit

R1#

Verification:

On R1:

R1#



Routing Protocol is "ospf 100"



Router ID 12.0.0.1

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Maximum path: 4


10.0.0.0 0.0.0.255 area 0

12.0.0.0 0.0.0.255 area 0




R1#

Task 2 configure OSPF area 0 on R2 and R3 advertise all the networks use process id 100

Solution:

On R2:

R2#

R2#config terminal






R2(config)#exit

R2#

On R3:

R3#






R3(config)#exit

R3#


Verification:

R1#show ip route












O 10.0.0.0/24 is directly connected, Ethernet0/0






O 20.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


O 23.0.0.0 [120/1] via 12.0.0.2, 00:00:24, Serial1/0


O 30.0.0.0 [120/2] via 12.0.0.2, 00:00:24, Serial1/0

R1#

R1#

R1#ping 23.0.0.2



!!!!!


R1#ping 20.0.0.2



!!!!!


R1#ping 30.0.0.3



!!!!!


R1#

On R2:

R2#

R2#show ip route













O 10.0.0.0 [120/1] via 12.0.0.1, 00:00:14, Serial1/0











O 30.0.0.0 [120/1] via 23.0.0.3, 00:00:27, Serial1/1

R2#

R2#

R2#ping 10.0.0.1



!!!!!


R2#ping 30.0.0.3



!!!!!


R2#

On R3:

R3#

R3#show ip route











O 10.0.0.0 [120/2] via 23.0.0.2, 00:00:06, Serial1/0


O 12.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0


O 20.0.0.0 [120/1] via 23.0.0.2, 00:00:06, Serial1/0







R3#

R3#

R3#ping 12.0.0.1



!!!!!


R3#ping 20.0.0.2



!!!!!


R3#ping 10.0.0.1



!!!!!


R3#

Task 4 Configure all three routers in such manner that they send updates through only required

interfaces

On R1

R1#config terminal




R1(config)#exit

R1#

On R2:

R2#config terminal




R2(config)#exit

R2#

On R3:

R3#config terminal




R3(config)#exit

R3#

Verification:

On R1:

R1#



Routing Protocol is "ospf 100"



Router ID 12.0.0.1

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Maximum path: 4


10.0.0.0 0.0.0.255 area 0

12.0.0.0 0.0.0.255 area 0


Ethernet0/0




R1#

Task 5 check ospf neighbors on all the router with show ip ospf neighbor.

Verification:

On R1:

R1#

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

23.0.0.2 0 FULL/- 00:00:36 12.0.0.2 Serial1/0

R1#

On R2:

R2#



30.0.0.3 0 FULL/- 00:00:38 23.0.0.3 Serial1/1

12.0.0.1 0 FULL/- 00:00:38 12.0.0.1 Serial1/0

R2#

On R3:



23.0.0.2 0 FULL/- 00:00:34 23.0.0.2 Serial1/0

R3#

Explanation:

In task 1 we have been asked to advertise network in OSPF un likely in EIGRP we give router eigrp

and AS number in EIGRP configuration. But in ospf we have to give process id. When we have to

advertise networks in ospf we have to use wild-card bits.

The best way to calculate wild-card bits for any network is to subtract subnet-mask from broadcast

address.

For e.g.

Wildcard bit for 150.1.1.0/24 will be

255.255.255.255

- 255.255.255.0

= 0.0.0.255

So if you want to advertise network 150.1.1.0/24 in ospf u can advertise with “network 1501.1.0 0.0.0.255

area 0”

Switch Introduction

Hubs vs. Switches

Prior to switches, Hubs were the standard for connecting devices on a local area network (LAN). The problem with hubs was that everything that went through them had to share the bandwidth of the link. Bandwidth was wasted because all traffic was sent to all devices, and there were a lot of collisions because the hub didn’t do anything to prevent them. A switch fixes these problems.

What do switches do?

Here are some facts about switches that you should know:

Switches work at Layer 2 of the OSI model, not Layer 1 like a hub Switches switch Ethernet frames Switches don’t look at IP address information, only Ethernet MAC addresses Switches keeps a table of all MAC addresses traversing the switch and what port they are on (this

table is called the bridge forwarding table or CAM table) Switches only sends traffic to the devices that are the destination for that traffic, saving bandwidth Each device connected to the switch gets the full bandwidth of the switch port because the switch

prevents collisions

Flooding

Now that you know that the switch has the bridge forwarding table and uses that to intelligently send traffic, a common question is, ―what if the destination MAC address for the traffic that the switch receives is not in the bridge forwarding table?‖ What does the switch do with that Ethernet frame? The answer is that the switch will flood that frame out all ports on the switch. The switch will then monitor the traffic for the response from that frame and see what device, on what port, responded to that flooded frame. That information will be put in the bridge forwarding table so that, next time, the switch won’t have to flood that traffic

Port speed & Duplex

Of particular importance when it comes to switches are port speed and duplex. The speed of a port can be set to 10Mb, 100Mb, or 1000Mb (1GB), or Auto negotiate, depending on what the switch and the connecting device offers. Most switch ports and devices use auto negotiate to find the best speed and duplex available. However, this doesn’t always work. Some devices have trouble with this and you may have to go in to the switch and hardcode the speed or duplex.

Speaking of duplex, what is duplex? Duplex is set to either half, full, or is auto negotiated. A half duplex connection is where only one device can send or receive at a time. A full duplex connection is where both devices can send and receive at the same time.

Thus, if you have a 100Mb half-duplex connection, only sending at 100Mb OR receiving at 100Mb can happen at the same time. If you have a 100Mb full duplex connection, you can effectively get 200Mb out of the link because you could be sending 100Mb and receiving 100Mb at the same time.

Have you ever wondered what a Virtual LAN (or VLAN) is or been unclear as to why you would want one? If so, I have been in your place at one time too. Since then, I have learned a lot about what a VLAN is and how it can help me. In this article, I will share that knowledge with you.

What is a LAN?

Okay, most of you already know what a LAN is but let’s give it a definition to make sure. We have to do this because, if you don’t know what a LAN is, you can’t understand what a VLAN is.

A LAN is a local area network and is defined as all devices are in the same broadcast domain. If you remember, routers stop broadcasts, switches just forward them.

What is a VLAN?

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:

You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many broadcasts? Groups of users need to be on the same broadcast domain because they are running the same

applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.

Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.

How can devices on different VLAN’s communicate?

Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.

How do I create a VLAN?

Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, is to:

Create the new VLAN’s Put each port in the proper VLAN

Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5 (Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is how you would do it:

At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5 should be able to communicate. That is because each of these is in its own VLAN. For the device on port 2 to communicate with the device on port 4, you would have to configure a trunk port to a router so that it can strip off the VLAN information, route the packet, and add back the VLAN information.

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts.

VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network.

Summary

A VLAN is a broadcast domain formed by switches Administrators must create the VLAN’s then assign what port goes in what VLAN, manually. VLAN’s provide better performance for medium and large LAN’s. All devices, by default, are in VLAN 1. A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one

VLAN. For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.

VTP

Unfortunately, if you have more than a couple of switches, configuring VLAN’s can be a real pain. To make life easier, Cisco developed VLAN Trunking Protocol (VTP). Let’s find out what VTP can do for you.

How can VTP help me?

Say that you have 20 switches in your large office building. On each of these switches, you have four VLAN’s. Without VTP, you have to create each of these four VLANs on each of these switches. With VTP, you only have to create the four VLANs once, on one switch, and all other switches learn about the four VLANs.

In other words, the job of VTP is to distribute VLAN configuration information between all the switches.

How does it work?

The job of VTP is best explained from the perspective of the VTP server. All switches, by default, are VTP servers. The VTP server is where you would create, remove, or modify VLANs.

This VTP server sends an advertisement, across the domain, every 5 minutes or whenever a change is made in the VLAN database. That advertisement contains all the different VLAN names, VLAN numbers, what switches have ports in what VLANs, and a revision number. Whenever a switch receives an update with a larger revision number than the last one it applied, it applies that revision.

Keep in mind that VTP is a Cisco proprietary protocol. So, to use VTP between your switches, you must have all Cisco switches.

VTP Modes

VTP switches can be in three different modes. Those modes are:

Server – the default where all VLAN adds, changes, and removals are allowed Client – where no changes can be made, only new revisions can be received from the VTP server

switches. Transparent – where local VLAN information can be changed but that information is not sent out to

other switches. Transparent switches also do not apply VTP advertisements from other switches but they do forward those advertisements on.

Usually, you would want a few of your core switches to be servers and all remaining remote or access layer switches to be clients. You would only make changes on the server switches and those changes would be propagated to the client switches.

What about pruning?

VTP pruning is the process of not sending IP broadcast traffic for certain VLANs to switches that do not have any ports in that VLAN. The switches that choose not to send these broadcasts know that they cannot do this because of VTP. With VTP telling them what ports the other switches have, this switch knows that they don’t have to send them broadcast packets, because they know that the other switches don’t need them.

To configure VTP, you use the vtp global configuration mode command. With this command you can specify the following:

VTP domain – the name of the VTP domain. All switches communicating with VTP in the same domain, must have the same VTP domain name.

VTP mode – either server, client, or transparent VTP password – a password to control who can and cannot receive VTP information

VTP pruning – VTP pruning is either turned on or off

Here is a sample configuration:

To see what is going on with VTP, you can use show vtp status, like this:

Summary

VTP is used to distribute VLAN configuration information between switches VTP is Cisco proprietary and can only be used on Cisco switches. By using VTP, you can also prune your VLANs, saving bandwidth The command to configure VTP is the global configuration mode command, vtp The command to check status is the privileged mode command, show vtp status

Switch Configuration

Task 1 Assign hostname R1, SW1, SW2, R2 to router1, switch1, switch2, router2 respectively.

Solution:

On Router1:

Router>

Router>enable



R1(config)#

On Router2:

Router>

Router>enable



R2(config)#

On Router3:

Router>

Router>enable



R3(config)#

On Switch1:

Switch>

Switch>enable

Switch#configure terminal


SW1(config)#

On Switch2:

Switch>

Switch>enable

Switch#configure terminal


SW2(config)#

Task 2 Assign IP address 192.168.1.1/24 to R1’s E0/0 interface.

Solution:

On R1:

R1(config)#interface Ethernet 0/0



R1(config-if)#exit

R1(config)#

Task 3 Assign IP address 192.168.1.2/24 to R2’s E0/0 interface.

Solution:

On R2:

R2(config)#interface Ethernet 0/0



R2(config-if)#exit

R2(config)#

Task 4 On SW1 configure interface Ethernet0/0 as trunk and use dot1q as trunking

encapsulation. Verify the configuration.

Solution:

On SW1:

SW1(config)#

SW1(config)#interface Ethernet 0/0

SW1(config-if)#switchport trunk encapsulation dot1q

SW1(config-if)#switchport mode trunk

SW1(config-if)#exit

SW1(config)#

Verification:

SW1#

SW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

E0/0 on 802.1q trunking 1

Port Vlans allowed on trunk

E0/0 1-4094

Port Vlans allowed and active in management domain

E0/0 1

Port Vlans in spanning tree forwarding state and not pruned

E0/0 1

SW1#

Task 5 On SW2 configure interface ethernet0/0 as trunk and use dot1q as trunking

encapsulation. Verify the configuration.

Solution:

On SW2:

SW2(config)#




SW2(config-if)#exit

SW2(config)#

Verification:

SW2#



E0/0 on 802.1q trunking 1


E0/0 1-4094


E0/0 1


E0/0 1

SW2#

Task 6 On SW1 change VTP Domain to CCNA and VTP Password to ACIT

Solution:

On SW1:

SW1(config)#

SW1(config)#vtp domain CCNA

SW1(config)#vtp password ACIT

SW1(config)#exit

SW1#

Verification:

SW1#

SW1#show vtp status

VTP Version : 3 (capable)

Configuration Revision : 0

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

VTP Operating Mode : Server

VTP Domain Name : CCNA

VTP Pruning Mode : Disabled (Operationally Disabled)

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x20 0x1D 0x95 0xF3 0x5C 0xF0 0x11 0x94

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

VTP version running : 1

SW1#

Task 7 On SW2 change VTP Domain to CCNA and VTP Password to ACIT and change VTP

mode to client

Solution:

On SW2:

SW2(config)#

SW2(config)#vtp domain CCNA

SW2(config)#vtp password ACIT

SW2(config)#vtp mode client

SW2(config)#exit

SW2#

Verification:

SW2#

SW2#show vtp status

VTP Version : 3 (capable)

Configuration Revision : 0

Maximum VLANs supported locally : 1005

Number of existing VLANs : 5

VTP Operating Mode : Client

VTP Domain Name : CCNA

VTP Pruning Mode : Disabled (Operationally Disabled)

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x20 0x1D 0x95 0xF3 0x5C 0xF0 0x11 0x94

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Local updater ID is 0.0.0.0 (no valid interface found)

VTP version running : 1

SW2#

Task 8 On SW1 create vlan 100, 200 ,300 ,400, 500 , 600 and verify that vlan information is

propagated to SW2.

Solution:

On SW1:

SW1#configure terminal

SW1(config)#vlan 100,200,300,400,500,600

SW1(config-vlan)#exit

SW1(config)#exit

SW1#

Verification:

On SW1

SW1#

SW1#show vlan

VLAN Name Status Ports

---- ------------------ --------- -------------------------------

1 default active Et0/1, Et0/2, Et0/3

100 VLAN0100 active

200 VLAN0200 active

300 VLAN0300 active

400 VLAN0400 active

500 VLAN0500 active

600 VLAN0600 active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

...<output omitted>

SW1#

On SW2:

SW2#

SW2#show vlan


---- ------------------ --------- -------------------------------


100 VLAN0100 active

200 VLAN0200 active

300 VLAN0300 active

400 VLAN0400 active

500 VLAN0500 active

600 VLAN0600 active





...<output omitted>

SW2#

Task 9 On SW1 assign vlan 100 to Ethernet 0/1 port

Solution:

On SW1:


SW1(config)#interface ethernet 0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 100

SW1(config-if)#exit

SW1(config)#exit

SW1#

Verification:

SW1#

SW1#show vlan


---- ------------------ --------- -------------------------------

1 default active Et0/2, Et0/3

100 VLAN0100 active Et0/1

200 VLAN0200 active

300 VLAN0300 active

400 VLAN0400 active

500 VLAN0500 active

600 VLAN0600 active





...<output omitted>

SW1#

Task 10 On SW2 assign vlan 100 to Ethernet 0/2 port

Verification:

On SW2:


SW2(config)#interface ethernet 0/2



SW2(config-if)#exit

SW2(config)#exit

SW2#

Verification:

SW2#

SW2#show vlan


---- ------------------ --------- -------------------------------

1 default active Et0/1, Et0/3


200 VLAN0200 active

300 VLAN0300 active

400 VLAN0400 active

500 VLAN0500 active

600 VLAN0600 active





...<output omitted>

SW2#

Task 11 Test the reachability from R1 to R2

Verification:

ON R1:

R1#

R1#ping 192.168.1.2



!!!!!


R1#

Intervlan Configuration

Note :-Load Intervlan Initials Prior to Starting

Task 1 Configure VLAN 100, 200 on SW1

Solution:

ON SW1

SW1#


SW1(config)#vlan 100,200

SW1(config-vlan)#exit

SW1(config)#exit

Verification:

ON SW1

SW1#

SW1#show vlan


---- ------------------ --------- -------------------------------


100 VLAN0100 active

200 VLAN0200 active





Task 2 On SW1 Assign VLAN 100 to interface Ethernet 0/1 and VLAN200 to interface Ethernet

0/2

Verification:

On SW1:




SW1(config-if)#exit




SW1(config-if)#exit

SW1(config)#exit

SW1#

Verification:

On SW1:

SW1#

SW1#show vlan


---- ------------------ --------- -------------------------------

1 default active Et0/3







Task 3 Configure Ethernet 0/3 Port of SW1 as DOT1Q trunk and allow VLANS 100,200 on this

trunk

Solution:

ON SW1:

SW1(config)#int ethernet0/3



SW1(config-if)#switchport trunk allowed vlan 100,200

SW1(config-if)#exit

SW1(config)#exit

SW1#

Verification:

ON SW1

SW1#



Et0/3 on 802.1q trunking 1


Et0/3 100,200


Et0/3 100,200


Et0/3 100,200

SW1#

Task 4 On R3 Create Sub-interface Numbered 100 and assign vlan 100 and give ip address

192.168.100.254/24 and check the connectivity to R1

Solution:

On R3

R3(config)#



R3(config-if)#exit

R3(config)#int ethernet 0/0.100

R3(config-subif)#encapsulation dot1Q 100

R3(config-subif)#ip address 192.168.100.254 255.255.255.0

R3(config-subif)#exit

R3(config)#exit

Verification:

R3#



Ethernet0/0 unassigned YES unset up up

Ethernet0/0.100 192.168.100.254 YES manual up up








R3#

R3#ping 192.168.100.1



!!!!!


R3

Task 5 On R3 Create Sub-interface Numbered 200 and assign vlan 200 and give ip address

192.168.200.254/24 and check the connectivity to R2

Solution:

On R3:

R3(config)#

R3(config)#int ethernet 0/0.200

R3(config-subif)#encapsulation dot1Q 200

R3(config-subif)#ip address 192.168.200.254 255.255.255.0

R3(config-subif)#exit

R3(config)#exit

Verification:

R3#



Ethernet0/0 unassigned YES unset up up










R3#

R3#ping 192.168.200.2



!!!!!


R3

Task 6 Configure RIPv2 on R1,R2,R3 on all the routers to get end-to-end connectivity and

test Rechablity between R1 and R2.

Solution:

On R1:

R1(config)#







R1(config)#

On R2:

R2(config)#







R2(config)#

On R3:

R3(config)#







R3(config)#

Verification:

On R1

R1#

R1#show ip route






L1 - IS-IS level-1, L2 - IS-IS level-2 ,ia - IS-IS inter area,







R 192.168.2.0/24 [120/2] via 192.168.100.254, 00:00:09, Ethernet0/0




R 192.168.200.0/24 [120/1] via 192.168.100.254, 00:00:09,Ethernet0/0

R1#ping 192.168.200.2



!!!!!


R1#ping 192.168.2.2



!!!!!


R1#

On R2:

R2#

R2#show ip route










R 192.168.1.0/24 [120/2] via 192.168.200.254, 00:00:08, Ethernet0/0




R 192.168.100.0/24 [120/1] via 192.168.200.254, 00:00:08,Ethernet0/0




R2#

R2#ping 192.168.100.1



!!!!!


R2#ping 192.168.1.1



!!!!!


R2#

On R3:

R3#

R3#show ip route









R 192.168.1.0/24 [120/1] via 192.168.100.1, 00:00:25,Ethernet0/0.100

R 192.168.2.0/24 [120/1] via 192.168.200.2, 00:00:15,Ethernet0/0.200


C 192.168.100.0/24 is directly connected, Ethernet0/0.100

L 192.168.100.254/32 is directly connected, Ethernet0/0.100


C 192.168.200.0/24 is directly connected, Ethernet0/0.200

L 192.168.200.254/32 is directly connected, Ethernet0/0.200

R3#ping 192.168.1.1



!!!!!


R3#

R3#ping 192.168.2.2



!!!!!


R3#

WAN

What is HDLC?

HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol. HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.

HDLC performs error correction, just like Ethernet. Cisco’s version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) won’t have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0, you’ll see that you are running HDLC. Here is an example:

What is PPP?

You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is documented in RFC 1661. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines.

The differences between PPP and HDLC are:

PPP is not proprietary when used on a Cisco router PPP has several sub-protocols that make it function. PPP is feature-rich with dial up networking features

Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:

Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors.

Multilink can bring up multiple PPP dialup links and bond them together to function as one. Authentication is supported with PAP and CHAP. These protocols take your username and

password to ensure that you are allowed access to the network you are dialing in to.

To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command, like this:

After changing the encapsulation to ppp, I typed ppp ? to list the PPP options available. There are many PPP options when compared to HDLC. The list of PPP options in the screenshot is only a partial list of what is available.

What is Frame-Relay?

Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say ―I ordered a frame-relay circuit‖. Frame relay creates a private network through a carrier’s network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier’s network. This is really just a configuration entry that a carrier makes on their frame relay switches.

Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network.

The benefits to frame-relay are:

Ability to have a single circuit that connects to the ―frame relay cloud‖ and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you don’t need as many circuits as you would if you were trying to fully-mesh your network with point to point leased lines.

Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVC’s to gain access to all remote sites.

By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection.

Some other terms you should know, concerning frame relay are:

LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCI’s are available and if there is congestion in the network.

DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network.

CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE.

DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion.

FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

PPP Configuration

Task 1 Configure hostnames R1, R2, R3 on router1 router2 and router3 respectively.

Solution:

On R1

Router>enable



R1(config)#

On R2

Router>

Router>enable



R2(config)#

On R3

Router>

Router>enable



R3(config)#

Task 2 assign encapsulation of PPP to R1 interface Serial1/0 and assign IP address of

12.0.0.1/24

Solution:

On R1


R1(config-if)#encapsulation ppp



R1(config-if)#exit

R1(config)#

Task 3 assign encapsulation of PPP to R2 interface Serial1/0 and assign IP address of

12.0.0.1/24, give clock-rate of 64000. Check connectivity between R1 and R2.

Solution:

On R2

R2(config)#interface serial1/0





R2(config-if)#exit

R2(config)#

Verification:

R2#

R2#ping 12.0.0.1



!!!!!


R2#

Task 4 Configure PPP Pap authentication between R1 and R2 use password as ACIT

Solution:

On R1:

R1(config)#

R1(config)#username R2 password ACIT

R1(config)#interface Serial1/0

R1(config-if)#ppp authentication pap

R1(config-if)#ppp pap sent-username R1 password ACIT

R1(config-if)#exit

R1(config)#

On R2:

R2(config)#

R2(config)#username R1 password ACIT

R2(config)#int serial 1/0

R2(config-if)#ppp authentication pap

R2(config-if)#ppp pap sent-username R2 password ACIT

R2(config-if)#exit

R2(config)#

Verification:

On R1

R1#

R1#show users

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

Interface User Mode Idle Peer Address

Se1/0 R2 Sync PPP 00:00:01 12.0.0.2

R1#

R1#ping 12.0.0.2



!!!!!


R1#

On R2

R2#

R2#show users


* 0 con 0 idle 00:00:00


Se1/0 R1 Sync PPP 00:00:00 12.0.0.1

R2#

R2#ping 12.0.0.1



!!!!!


R2#

Task 5 On R2 configure interface Serial1/1 with IP address of 23.0.0.2/24 and set

encapsulation to PPP, Set clock rate of 64000.

Solution:

On R2:

R2(config)#username R3 password CISCO

R2(config)#int se1/1

R2(config-if)#ip add 23.0.0.2 255.255.255.0



R2(config-if)#ppp authentication chap

R2(config-if)#ppp chap password CISCO


R2(config-if)#exit

R2(config)#

On R3:

R3(config)#username R2 password CISCO

R3(config)#int se1/0

R3(config-if)#ip add 23.0.0.3 255.255.255.0



R3(config-if)#ppp authentication chap

R3(config-if)#ppp chap password CISCO


R3(config-if)#exit

R3(config)#

Verification:

On R2

R2#

R2#show users


* 0 con 0 idle 00:00:00


Se1/0 R1 Sync PPP 00:00:00 12.0.0.1

Se1/1 R3 Sync PPP 00:00:00 23.0.0.3

R2#

R2#ping 23.0.0.3



!!!!!


R2#

On R3

R3#

R3#show users


* 0 con 0 idle 00:00:00


Se1/0 R2 Sync PPP 00:00:00 23.0.0.2

R3#

R3#ping 23.0.0.2



!!!!!


R3#

Frame-Relay Configuration

Task 1 Assign hostname FR-SWITCH to router 2 and Configure Router 2 as Frame-Relay

Switch, Use LMI-Type Cisco use DLCI 103 from R1 and Use DLCI 301 from R3.

Solution:

On Router 2

Router>enable


Router(config)#hostname FR-SWITCH

FR-SWITCH(config)#frame-relay switching

FR-SWITCH(config)#interface serial 1/0

FR-SWITCH(config-if)#encapsulation frame-relay

FR-SWITCH(config-if)#frame-relay lmi-type cisco

FR-SWITCH(config-if)#frame-relay intf-type dce

FR-SWITCH(config-if)#clock rate 64000

FR-SWITCH(config-if)#frame-relay route 103 interface serial 1/1 301

FR-SWITCH(config-if)#no sh

FR-SWITCH(config-if)#no shutdown

FR-SWITCH(config-if)#exit

FR-SWITCH(config)#

FR-SWITCH(config)#interface serial 1/1

FR-SWITCH(config-if)#encapsulation frame-relay

FR-SWITCH(config-if)#frame-relay lmi-type cisco

FR-SWITCH(config-if)#frame-relay intf-type dce

FR-SWITCH(config-if)#clock rate 64000

FR-SWITCH(config-if)#frame-relay route 301 interface serial 1/0 103

FR-SWITCH(config-if)#no shutdown

FR-SWITCH(config-if)#exit

FR-SWITCH(config)#exit

FR-SWITCH#

Task 2 On router 1 assign hostname R1 and give interface serial1/0 ip address 13.0.0.1/24,

use frame-relay as encapsulation, use frame-relay static DLCI mapping to map R3 IP

address. Use DLCI 103.

Solution:

On R1

Router>enable





R1(config-if)#encapsulation frame-relay

R1(config-if)#frame-relay map ip 13.0.0.3 103 broadcast


R1(config-if)#exit

R1(config)#exit

R1#

Task 3 On router 3 assign hostname R3 and give interface serial1/0 ip address 13.0.0.3/24,

use frame-relay as encapsulation, use frame-relay static DLCI mapping to map R1 IP

address. Use DLCI 301.

Solution:

On R3

Router>enable





R3(config-if)#encapsulation frame-relay

R3(config-if)#frame-relay map ip 13.0.0.1 301 broadcast


R3(config-if)#exit

R3(config)#exit

R3#

Verification:

On R1

R1#

R1#show frame-relay map

Serial1/0 (up): ip 13.0.0.3 dlci 103(0x67,0x1870), static,

broadcast,

CISCO, status defined, active

R1#ping 13.0.0.3



!!!!!


R1#

On R2

FR-SWITCH#

FR-SWITCH#show frame-relay route

Input Intf Input Dlci Output Intf Output Dlci Status

Serial1/0 103 Serial1/1 301 active

Serial1/1 301 Serial1/0 103 active

FR-SWITCH#

On R3

R3#

R3#show frame-relay map

Serial1/0 (up): ip 13.0.0.1 dlci 301(0x12D,0x48D0), static,

broadcast,

CISCO, status defined, active

R3#ping 13.0.0.1



!!!!!


R3#

DHCP

Configuring DHCP Server

This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). As

explained in RFC 2131, Dynamic Host Configuration Protocol, DHCP provides configuration

parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-

specific configuration parameters from a DHCP Server to a host and a mechanism for allocating

network addresses to hosts. DHCP is built on a client/server model, where designated DHCP

Server hosts allocate network addresses and deliver configuration parameters to dynamically

configured hosts.

Above shows, the basic steps that occur when a DHCP client requests an IP address from a DHCP

server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a DHCP

Server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a

domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.

DHCP Configuration

Task 1 On Router 3 assign hostname R3 and assign IP address 192.168.123.3/24 to

ethernet0/0

Solution:

On R3:

Router>

Router>enable



R3(config)#interface ethernet0/0



R3(config-if)#exit

R3(config)

Task 2 Configure R3 as DHCP Server so that R1 and R2 are automatically assigned with IP

addresses. Also configure R3 as default-gateway and DNS server for R1,R2 .

Solution:

On R3

R3(config)#ip dhcp pool ACIT

R3(dhcp-config)#network 192.168.123.0 /24

R3(dhcp-config)#default-router 192.168.123.3

R3(dhcp-config)#dns-server 192.168.123.3

R3(dhcp-config)#exit

R3(config)#

Task 3 assing hostname R1 and R2, to router1 and router2 respectivly. And configure R1

and R2 to negotiate IP address via DHCP on their Ethernet0/0 interface

Solution:

On R1

Router>enable



R1(config)#interface Ethernet0/0

R1(config-if)#ip address dhcp


R1(config-if)#exit

R1(config)#exit

R1#

On R2

Router>enable



R2(config)#interface Ethernet0/0

R2(config-if)#ip address dhcp


R2(config-if)#exit

R2(config)#exit

R2#

Verification:

On R1



Ethernet0/0 192.168.123.1 YES DHCP up up








R1#

R1#ping 192.168.123.3



!!!!!


R1#

On R2



Ethernet0/0 192.168.123.2 YES DHCP up up








R2#

R2#ping 192.168.123.3



!!!!!


R2#

On R3

R3#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address Client-ID/ Lease expiration Type

Hardware address/

User name

192.168.123.1 0063.6973.636f.2d63. Mar 02 2002 12:10 AM Automatic

3030.302e.3031.3463.

2e30.3030.302d.4661.

302f.30

192.168.123.2 0063.6973.636f.2d63. Mar 02 2002 12:12 AM Automatic

3030.312e.3031.3463.

2e30.3030.302d.4661.

302f.30

R3#ping 192.168.123.1



!!!!!


R3#ping 192.168.123.2



!!!!!


R3#

Access Control List

The Cisco Access Control List (ACL) is used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement.

Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing ACLs pertaining to TCP/IP protocol only.

ACLs for TCP/IP traffic filtering are primarily divided into two types:

Standard Access Lists, and Extended Access Lists

Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A Standard

Access List allows you to permit or deny traffic FROM specific IP addresses. The destination of the packet and the ports involved can be anything.

Standard ACL example:

access-list 10 permit 192.168.2.0 0.0.0.255

This list allows traffic from all addresses in the range 192.168.2.0 to 192.168.2.255

Note that when configuring access lists on a router, you must identify each access list uniquely by assigning either a name or a number to the protocol's access list.

There is an implicit deny added to every access list. If you entered the command: show access-list 10 The output looks like:

access-list 10 permit 192.168.2.0 0.0.0.255 access-list 10 deny any

Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic

from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699).

ACL Configuration

Load Access-List-Initials prior to starting

Task 1 Configure R3 such that network connected to R1 cannot access network 30.0.0.0/24

use standard access-list to achieve this task.

Solution:

On R3

R3#


R3(config)#access-list 3 deny 12.0.0.0 0.0.0.255

R3(config)#access-list 3 deny 10.0.0.0 0.0.0.255

R3(config)#access-list 3 permit any


R3(config-if)#ip access-group 3 in

R3(config-if)#exit

Verification:

On R1

R1#ping 30.0.0.3



U.U.U.U.U

Success rate is 0 percent (0/5)

R1#

Task 2 Configure R2 in such way that only 23.0.0.0/24 has access to telnet. Use password ACIT for telnet, do

not apply any access-list under any interfaces.

On R2

R2#

R2#config terminal

R2(config)#access-list 2 permit 23.0.0.0 0.0.0.255

R2(config)#line vty 0 4

R2(config-line)#password ACIT

R2(config-line)#access-class 2 in

R2(config-line)#exit

R2(config)#exit

R2#

Verification

On R3

R3#

R3#telnet 23.0.0.2

Trying 23.0.0.2 ... Open

User Access Verification

Password:

R2>exit

[Connection to 23.0.0.2 closed by foreign host]

On R1

R1#telnet 12.0.0.2

Trying 12.0.0.2 ...

% Connection refused by remote host

Task 3 On R1 Deny all ICMP traffic on its serial 1/0 interface. Use extended access-list to

achieve this task.

Solution:

On R1

R1#


R1(config)#access-list 101 deny icmp any any

R1(config)#access-list 101 permit ip any any


R1(config-if)#ip access-group 101 in

R1(config-if)#exit

R1(config)#exit

R1#

Verification:

On R1

R2#ping 12.0.0.1



U.U.U.U.U

Success rate is 0 percent (0/5)

R2#

CCNA Lab Guide

Documents

Transcript of CCNA Lab Guide